beefproject / beef Goto Github PK
View Code? Open in Web Editor NEWThe Browser Exploitation Framework Project
Home Page: https://beefproject.com
The Browser Exploitation Framework Project
Home Page: https://beefproject.com
add 2 wiki pages for the requester and xssrays extensions.
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=571
Add a function to the beefjs api (/modules/beefjs/browser.js) called hasPopups() to detect if popup windows are allowed. When the function is executed the hooked browser user must not notice.
The below code snipped was copied from: http://www.jguru.com/faq/view.jsp?EID=1157429
function IsPopupBlocker() {
var oWin = window.open("","testpopupblocker","width=100,height=50,top=5000,left=5000");
if (oWin==null || typeof(oWin)=="undefined") {
return true;
} else {
oWin.close();
return false;
}
}
if (IsPopupBlocker()) {
document.write("You HAVE A POPUP BLOCKER");
} else {
document.write("Popup blocker NOT detected.");
}
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=159
The sink: http.content_length = request.content_length
request object does not contain the content_length (nil to integer exception).
Additionally, the code added to validate that the raw request is flawed because it's expecting request headers in a determined position.
For example, it cannot be predicted if the Host header is the first one (some browsers put other headers first): anyway the code is (wrongly) supposing this.
This is actually not working from the start as I can see from the SVN history.
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=486
Move http://code.google.com/p/beef/source/browse/trunk/README.databases to a wiki page
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=546
Currently the 'Link Rewriter' allows the user to enter a jQuery selector. This should be removed and the module should simply overwrite all the links in the page with the specified URL.
Remove the 'jQuery Selector' option from the module.
Remove all references to jQuery.
Ensure the only input is the URL to use in the rewrite.
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=450
Add functionality from the below URL:
http://kos.io/xsspwn/
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=563
Add friendly message when running unit tests on ruby 1.8
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=543
Implement a method to permit the admin to select multiple zombies and have the same module execute on them.
As simple example is to detect ToR on many zombies in one click. Another use will be the distributed port scanning module. In this instance, zombies will be provided a unique piece of work to perform and individual results combined to produce the total result.
In the absence of a better option, the combined result will be displayed in all zombies taking part in the execution and in the main logs. If there is a better method of displaying the results add a comment. I suspect there is.
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=71
These pages contain outdated information:
https://code.google.com/p/beef/wiki/CommandModuleTarget
https://code.google.com/p/beef/wiki/CommandModuleAPI
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=511
Currently the 'Replace HREFs (HTTPS)' allows the user to enter a jQuery selector. This should be removed and the module should simply overwrite all the links in the page with the specified URL.
Remove the 'jQuery Selector' option from the module.
Remove all references to jQuery.
Ensure the only input is the URL to use in the rewrite.
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=560
Currently the results from the Collect Links module will run past the right edge of the screen. Change this so all the links can be seen in the UI.
The attached screen shot shows the bug.
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=412
What steps will reproduce the problem?
What is the expected output? What do you see instead?
Expected: the online HB have select boxes available
Instead: no select boxes. Or they are just wrong.
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=228
The JS crawler should be able to follow the links on the first hooked page, crawling to a depth = N new pages.
This would be really useful to expand the attack surface on cross-domain vulnerable links/forms that are not present on the page where the HB is already hooked.
We can issue ajax requests to all the same-domain links found in the hooked page, parse the links/forms in the response, and add them to a stack of resources to be scanned. Should work ;)
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=404
When running:
[17:32:01][>] Server: mounted handler '/command/insecure_url_skype.js'
[17:32:01][>] Hard Load module: 'insecure_url_skype'
[2011-09-10 17:32:03] ERROR NoMethodError: undefined method has_key?' for ["name", "tel_num"]:Array /Users/xian/beef/nextgen/beef/core/module.rb:393:in
block (2 levels) in merge_options'
/Users/xian/beef/nextgen/beef/core/module.rb:392:in each' /Users/xian/beef/nextgen/beef/core/module.rb:392:in
block in merge_options'
/Users/xian/beef/nextgen/beef/core/module.rb:390:in each' /Users/xian/beef/nextgen/beef/core/module.rb:390:in
merge_options'
/Users/xian/beef/nextgen/beef/core/module.rb:376:in execute' /Users/xian/beef/nextgen/beef/extensions/admin_ui/controllers/modules/modules.rb:585:in
attach_command_module'
/Users/xian/beef/nextgen/beef/extensions/admin_ui/classes/httpcontroller.rb:69:in call' /Users/xian/beef/nextgen/beef/extensions/admin_ui/classes/httpcontroller.rb:69:in
run'
/Users/xian/beef/nextgen/beef/extensions/admin_ui/handlers/ui.rb:48:in do_GET' /Users/xian/.rvm/rubies/ruby-1.9.2-p180/lib/ruby/1.9.1/webrick/httpservlet/abstract.rb:35:in
service'
/Users/xian/.rvm/rubies/ruby-1.9.2-p180/lib/ruby/1.9.1/webrick/httpserver.rb:111:in service' /Users/xian/.rvm/rubies/ruby-1.9.2-p180/lib/ruby/1.9.1/webrick/httpserver.rb:70:in
run'
/Users/xian/.rvm/rubies/ruby-1.9.2-p180/lib/ruby/1.9.1/webrick/server.rb:183:in `block in start_thread'
^C
[17:32:33][*] BeEF server stopped
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=495
The BeEF::API::Command is being phased out.
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=432
Using the getSystemInfo on win vista sp2, using Chrome 15 as hooked browser, the module is working but the IP of the net interfaces is not retrieved.
check if it's a limitation of the applet on Vista or not.
see screenshot
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=557
Add CommandModuleTarget and CommandModule unit tests
https://code.google.com/p/beef/wiki/CommandModuleTarget
https://code.google.com/p/beef/wiki/CommandModuleAPI
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=577
admin OS: win7
admin browser: IE9
hooked OS: win7
hooked browser: IE9
screenshot: IE9-IE9-localSettings
not working...see console log in the screenshot
admin OS: snow leopard
admin browser: FF 6.0.2
hooked OS: win7
hooked browser: IE9
screenshot: FF6-IE9-localSettings
same behavior of above.
[19:25:34][>] Server: mounted handler '/command/detect_local_settings.js'
[19:25:34][>] Hard Load module: 'detect_local_settings'
[19:25:34][>] Module 'detect_local_settings', no options method defined
[19:25:35][>] Module 'detect_local_settings', no options method defined
[19:25:35][>] Module 'detect_local_settings', no options method defined
[19:25:37][>] Server: mounted handler '/Beeffeine.class'
[19:25:37][] File
[/Users/antisnatchor/WORKS/BEEF/beeftrunk/modules/network/detect_local_settings/Beeffeine.class]
bound to url [/Beeffeine.class]
[19:25:37][] Hooked browser 192.168.84.131 has been sent instructions
from command module 'Get Network Settings'
[2011-10-02 19:26:01] ERROR /Beeffeine.class/Beeffeine.class' not found. [2011-10-02 19:26:01] ERROR
/Beeffeine.class/Beeffeine.class' not found.
[2011-10-02 19:26:02] ERROR /Beeffeine.class/Beeffeine.class' not found. [2011-10-02 19:26:02] ERROR
/Beeffeine.class/Beeffeine.class' not found.
I didn't tried IE8, but as far as I remember it was working. So this can
be an issue on IE9 only. Also check if the module is working IE8.
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=532
A few basic unit tests should be added to rake that checks for MSFIntegration functionality. The proposed tests are
Test the attack vectors originally included in xssrays, enabling them.
Take a look at the "vectors" JS array defined at line 51 of xssrays.js.
Old vectors that I commented out must be tested and re-enabled.
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=540
Add Requester Unit Tests
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=579
Consider using:
http://whomwah.github.com/rqrcode/
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=454
What steps will reproduce the problem?
What is the expected output?
It is expected that the module options will be displayed in both modules panels.
What do you see instead?
The module options are shown in one module option tab and not the other. A screen shot of the empty panel is attached.
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=437
admin OS: Win7
admin browser: C 14
hooked OS: Win7
hooked browser: IE9
browser using the tunnel: FF 6.0.2 (mac osx)
screenshot: IE9-proxy
screenshot:
there is a bug on parsing the response headers
(extensions/proxy/handlers/zombie/handler.rb), line 198 (gsub! on null
object) when using IE.
admin OS: Win7
admin browser: IE9
hooked OS: Win7
hooked browser: C 14
browser using the tunnel: FF 7 (win7)
screenshot: Chrome-proxy
Everything works fine here (css was cached, this is why the page seems
blank). Anyway, there is still the bug that Saafan should fix (as far as
I remember) about parsing the images.
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=533
The hooked browser hangs loading images (large files) via proxy. This should not occur. There should be no impact on responsiveness in the hooked browser. It is suspected that this issue originates in the network stack.
Fix this so the hooked browser does not hang and remains responsive to the user.
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=455
Update the framework plugin detection functionality to use the 'PluginDetect' library.
http://www.pinlady.net/PluginDetect/
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=421
Update the base of BeEF to run on Thin and Rack
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=565
[*] Issue:
Internet Explorer 9 (and maybe 8) is incorrectly reported as Internet Explorer 7 on pages containing malformed HTML.
Internet Explorer uses Compatibility Mode (Quirks Mode) for pages containing invalid markup.
The chances of a BeEF hook residing within a malformed HTML document are quite high as XSS vectors quite often break the markup.
[*] Cause:
The browser detection for Internet Explorer 8/9 in core/main/client/browser.js is as follows:
/**
* Returns true if IE8.
* @example: beef.browser.isIE8()
*/
isIE8: function() {
$j("body").append('<!--[if IE 8]> <div id="beefiecheck" class="ie ie8"></div> <![endif]-->');
return ($j('#beefiecheck').hasClass('ie8'))?true:false;
},
/**
* Returns true if IE9.
* @example: beef.browser.isIE9()
*/
isIE9: function() {
$j("body").append('<!--[if IE 9]> <div id="beefiecheck" class="ie ie9"></div> <![endif]-->');
return ($j('#beefiecheck').hasClass('ie9'))?true:false;
},
Unfortunately the conditional HTML comments for IE8 and IE9 are not triggered in compatibility mode resulting in isIE8() and isIE9() returning false.
[*] Fix:
This could be fixed by using detection methods similar to those used for other browsers, for example:
/**
* Returns true if IE8.
* @example: beef.browser.isIE8()
*/
isIE8: function() {
return !!window.chrome && !!window.opera && window.navigator.userAgent.match(/MSIE 8\.0;/) != null;
},
/**
* Returns true if IE9.
* @example: beef.browser.isIE9()
*/
isIE9: function() {
return !!window.chrome && !!window.opera && window.navigator.userAgent.match(/MSIE 9\.0;/) != null;
},
This approach has the added benefit of not adding HTML comments to the DOM which are quite obvious to anyone viewing the DOM in a debugger.
However if it was that simple we would have done that in the first place... I hope... Please tell me there's a good reason we didn't :(
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=589
Add a callback function to permit the alteration of parameters and variables based upon the hooked browser details.
Currently, when the command module righthand pain is displayed, it is not possible to display the hooked browser's domain in a variable setting. This is because there is no callback to the module.
Add a callback method called pre_display() to /lib/modules/command.rb. This method will be called before the configuration options of each command module is presented in the browser. The likely place this callback will be triggered is the select_command_module() function in /ui/modules/modules.rb.
It may help to refer to how the pre_send() callback works. pre_display() will be very similar.
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=160
Add module submitted by Nick Freeman.
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=561
Increase the number of unit tests.
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=535
print_error "API Path not defined for Class: "+c.to_s+" Method: "+m.to_s
to
print_error "API Path not defined for Class: "+c.to_s+" Method: "+m.to_s"
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=487
After module changes in 373, the admin_ui will break.
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=374
What steps will reproduce the problem?
root@bt:/pentest/web/beef# ruby beef
/usr/local/rvm/rubies/ruby-1.9.2-head/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in require': no such file to load -- windows_console_color_support (LoadError) from /usr/local/rvm/rubies/ruby-1.9.2-head/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in
require'
from /usr/local/rvm/gems/ruby-1.9.2-head/gems/librex-0.0.63/lib/rex/ui/text/output/stdio.rb:2:in <top (required)>' from /usr/local/rvm/rubies/ruby-1.9.2-head/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in
require'
from /usr/local/rvm/rubies/ruby-1.9.2-head/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in require' from /usr/local/rvm/gems/ruby-1.9.2-head/gems/librex-0.0.63/lib/rex/ui/text/output.rb:15:in
<class:Output>'
from /usr/local/rvm/gems/ruby-1.9.2-head/gems/librex-0.0.63/lib/rex/ui/text/output.rb:13:in <module:Text>' from /usr/local/rvm/gems/ruby-1.9.2-head/gems/librex-0.0.63/lib/rex/ui/text/output.rb:5:in
<module:Ui>'
from /usr/local/rvm/gems/ruby-1.9.2-head/gems/librex-0.0.63/lib/rex/ui/text/output.rb:4:in <module:Rex>' from /usr/local/rvm/gems/ruby-1.9.2-head/gems/librex-0.0.63/lib/rex/ui/text/output.rb:3:in
<top (required)>'
from /usr/local/rvm/rubies/ruby-1.9.2-head/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in require' from /usr/local/rvm/rubies/ruby-1.9.2-head/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in
require'
from /usr/local/rvm/gems/ruby-1.9.2-head/gems/librex-0.0.63/lib/rex/ui/output.rb:18:in <class:Output>' from /usr/local/rvm/gems/ruby-1.9.2-head/gems/librex-0.0.63/lib/rex/ui/output.rb:12:in
<module:Ui>'
from /usr/local/rvm/gems/ruby-1.9.2-head/gems/librex-0.0.63/lib/rex/ui/output.rb:4:in <module:Rex>' from /usr/local/rvm/gems/ruby-1.9.2-head/gems/librex-0.0.63/lib/rex/ui/output.rb:3:in
<top (required)>'
from /usr/local/rvm/rubies/ruby-1.9.2-head/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in require' from /usr/local/rvm/rubies/ruby-1.9.2-head/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in
require'
from /usr/local/rvm/gems/ruby-1.9.2-head/gems/librex-0.0.63/lib/rex/ui.rb:7:in <top (required)>' from /usr/local/rvm/rubies/ruby-1.9.2-head/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in
require'
from /usr/local/rvm/rubies/ruby-1.9.2-head/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in require' from /pentest/web/beef/core/loader.rb:35:in
<top (required)>'
from <internal:lib/rubygems/custom_require>:29:in require' from <internal:lib/rubygems/custom_require>:29:in
require'
from beef:37:in `<main>'
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=566
I got these errors, that resulted in cpu => 50% and BeEF freeze,
when playing with Burp Scanner on two resources, using the following increased scanning engine config:
thread count: 20
retried on net failure: 2
pause before retry (millis): 500
So yes, very hazard settings.
I was hoping to get some errors, to see where things can hang.
Here we go :-)
[:39:56]←[33m[>]←[0m [PROXY] Forwarding request: host[192.168.10.128], method[GET], path[/dvwa/vulnerabilities/sqli/], urlparams[id=abcde../../../../../../../../../../windows/win.ini&Submit=Submit], body[]
[:39:56]←[33m[>]←[0m [PROXY] Forwarding request: host[192.168.10.128], method[GET], path[/dvwa/vulnerabilities/xss_r/], urlparams[name=)(sn=], body[]
[2011-06-28 10:40:06] ERROR NoMethodError: undefined method []' for nil:NilClass C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:80:in
expunge'
C:/Ruby187/lib/ruby/gems/1.8/gems/json-1.5.1-x86-mingw32/lib/json/pure/parser.rb:148:in sort_by' C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:80:in
each'
C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:80:in sort_by' C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:80:in
expunge'
C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:53:in check_packets' C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:41:in
each'
C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:41:in check_packets' C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:33:in
do_GET'
C:/Ruby187/lib/ruby/1.8/webrick/httpservlet/abstract.rb:35:in __send__' C:/Ruby187/lib/ruby/1.8/webrick/httpservlet/abstract.rb:35:in
service'
C:/Ruby187/lib/ruby/1.8/webrick/httpserver.rb:104:in service' C:/Ruby187/lib/ruby/1.8/webrick/httpserver.rb:65:in
run'
C:/Ruby187/lib/ruby/1.8/webrick/server.rb:173:in start_thread' C:/Ruby187/lib/ruby/1.8/webrick/server.rb:162:in
start'
C:/Ruby187/lib/ruby/1.8/webrick/server.rb:162:in start_thread' C:/Ruby187/lib/ruby/1.8/webrick/server.rb:95:in
start'
C:/Ruby187/lib/ruby/1.8/webrick/server.rb:92:in each' C:/Ruby187/lib/ruby/1.8/webrick/server.rb:92:in
start'
C:/Ruby187/lib/ruby/1.8/webrick/server.rb:23:in start' C:/Ruby187/lib/ruby/1.8/webrick/server.rb:82:in
start'
C:/BeEF/./core/main/server.rb:101:in start' beef:64 [2011-06-28 10:40:06] ERROR NoMethodError: undefined method
[]' for nil:NilClass
C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:80:in expunge' C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:80:in
sort_by'
C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:80:in each' C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:80:in
sort_by'
C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:80:in expunge' C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:53:in
check_packets'
C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:41:in each' C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:41:in
check_packets'
C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:33:in do_GET' C:/Ruby187/lib/ruby/1.8/webrick/httpservlet/abstract.rb:35:in
send'
C:/Ruby187/lib/ruby/1.8/webrick/httpservlet/abstract.rb:35:in service' C:/Ruby187/lib/ruby/1.8/webrick/httpserver.rb:104:in
service'
C:/Ruby187/lib/ruby/1.8/webrick/httpserver.rb:65:in run' C:/Ruby187/lib/ruby/1.8/webrick/server.rb:173:in
start_thread'
C:/Ruby187/lib/ruby/1.8/webrick/server.rb:162:in start' C:/Ruby187/lib/ruby/1.8/webrick/server.rb:162:in
start_thread'
C:/Ruby187/lib/ruby/1.8/webrick/server.rb:95:in start' C:/Ruby187/lib/ruby/1.8/webrick/server.rb:92:in
each'
C:/Ruby187/lib/ruby/1.8/webrick/server.rb:92:in start' C:/Ruby187/lib/ruby/1.8/webrick/server.rb:23:in
start'
C:/Ruby187/lib/ruby/1.8/webrick/server.rb:82:in start' C:/BeEF/./core/main/server.rb:101:in
start'
beef:64
[:40:06]←[34m[*]←[0m [PROXY] Response for request #219 to [/dvwa/vulnerabilities/xss_r/] on domain [192.168.10.128:80] correctly processed
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=358
If we issue for example:
connect help
and the help option is not implemented for the command connect, there is an exception.
Handle this error gracefully.
BeEF > connect help
[-] Error while running command connect: undefined method `+' for nil:NilClass
Call stack:
C:/Ruby192/lib/ruby/1.9.1/net/http.rb:1274:in addr_port' C:/Ruby192/lib/ruby/1.9.1/net/http.rb:1209:in
begin_transport'
C:/Ruby192/lib/ruby/1.9.1/net/http.rb:1188:in transport_request' C:/Ruby192/lib/ruby/1.9.1/net/http.rb:1177:in
request'
C:/Ruby192/lib/ruby/1.9.1/net/http.rb:419:in block in post_form' C:/Ruby192/lib/ruby/1.9.1/net/http.rb:627:in
start'
C:/Ruby192/lib/ruby/1.9.1/net/http.rb:418:in post_form' C:/BeEF-things/BeEF_console/console/lib/beef/remote/session.rb:20:in
authenticate'
C:/BeEF-things/BeEF_console/console/lib/beef/ui/console/command_dispatcher/remote.rb:53:in cmd_conn ect' C:/Ruby192/lib/ruby/gems/1.9.1/gems/librex-0.0.44/lib/rex/ui/text/dispatcher_shell.rb:376:in
run_co
mmand'
C:/Ruby192/lib/ruby/gems/1.9.1/gems/librex-0.0.44/lib/rex/ui/text/dispatcher_shell.rb:338:in block in run_single' C:/Ruby192/lib/ruby/gems/1.9.1/gems/librex-0.0.44/lib/rex/ui/text/dispatcher_shell.rb:332:in
each'
C:/Ruby192/lib/ruby/gems/1.9.1/gems/librex-0.0.44/lib/rex/ui/text/dispatcher_shell.rb:332:in run_si ngle' C:/Ruby192/lib/ruby/gems/1.9.1/gems/librex-0.0.44/lib/rex/ui/text/shell.rb:199:in
run'
beefconsole.rb:65:in `<main>'
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=409
As per summary.
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=572
admin OS: win7
admin browser: IE9
hooked OS: win7
hooked browser: IE9
screenshot: IE9-netFingerprint
The module is working, but not all the resources are correctly detected.
The module should return 2 Apache and 1 Jboss entries, but is returning
only 1 Apache entry.
The module is correctly loading the images, as you can see in the
IE9-fingerpting (note the Jboss image that is actually not notified back
to the framework) network logs.
admin OS: win7
admin browser: IE9
hooked OS: snow leopard
hooked browser: FF 6.0.2
screenshot: firefox-netFingerprint
no problems, everything ok. detected 3/3 resources (see comments above).
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=531
Add Proxy Unit Tests
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=580
When the http_host is set to 0.0.0.0 the framework incorrectly tells the hooked browser that 0.0.0.0 is the ip address of the beef server. The framework should inform the server that the beef server ip address is the same as the interface the initial request came from.
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=171
As per the teleconf with Michele, Wade, Ben and Christian on the 30th of Nov 2011.
http://gembundler.com/
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=574
When checking the status of finger (79) and rpc (111) ports,
the modules enter a loop.
The issue seems to be the CORS method.
See attached screenshot.
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=554
Add Event Logger unit tests
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=581
Sending a malformed HTTP request to the proxy renders it unusable.
[*] Steps to reproduce:
$ netcat 127.0.0.1 6789
GET /
[*] Output:
[11:24:06][] Using Hooked Browser with ip [xx.xx.xx.xx] as Tunneling Proxy
[11:24:29][] [PROXY] Thread started in order to process request #1 to [/] on domain [localhost:6789]
[11:24:29][!] undefined method keys' for nil:NilClass [11:24:39][!] undefined method
keys' for nil:NilClass
[11:24:52][!] undefined method keys' for nil:NilClass [11:24:52][*] [PROXY] Thread started in order to process request #2 to [/demos/basic.html] on domain [localhost:6789] [11:25:04][!] undefined method
keys' for nil:NilClass
[11:25:09][!] undefined method keys' for nil:NilClass [11:25:19][!] undefined method
keys' for nil:NilClass
[*] Effect:
Once the malformed request has been received the proxy will still accept connections however won't return any results. The aforementioned error message repeats every ~10 seconds.
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=429
Add "Submit Bug' link to the Admin UI next to the logout option
http://code.google.com/p/beef/issues/entry
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=545
For big data transfer sizes, ruby can halt the JavaScript response, from the last stream packet.
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=315
Allowing the browser to cache the http responses that retrieve the definition of a command and build the UI for it.
This should improve performance
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=232
This module was started in the lead up to the release of 0.4.1. It didn't work on IE, FF or Opera. In these instances no results were displayed in the console.
The previous attempt can be seen:
http://code.google.com/p/beef/source/detail?r=429
Google Code Issue: http://code.google.com/p/beef/issues/detail?id=135
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.