beefproject / beef Goto Github PK

Test the attack vectors originally included in xssrays, enabling them.

Take a look at the "vectors" JS array defined at line 51 of xssrays.js.

Old vectors that I commented out must be tested and re-enabled.

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=540

Update the base of BeEF to run on Thin and Rack

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=565

When running:

[17:32:01][>] Server: mounted handler '/command/insecure_url_skype.js'
[17:32:01][>] Hard Load module: 'insecure_url_skype'
[2011-09-10 17:32:03] ERROR NoMethodError: undefined method has_key?' for ["name", "tel_num"]:Array /Users/xian/beef/nextgen/beef/core/module.rb:393:inblock (2 levels) in merge_options'
/Users/xian/beef/nextgen/beef/core/module.rb:392:in each' /Users/xian/beef/nextgen/beef/core/module.rb:392:inblock in merge_options'
/Users/xian/beef/nextgen/beef/core/module.rb:390:in each' /Users/xian/beef/nextgen/beef/core/module.rb:390:inmerge_options'
/Users/xian/beef/nextgen/beef/core/module.rb:376:in execute' /Users/xian/beef/nextgen/beef/extensions/admin_ui/controllers/modules/modules.rb:585:inattach_command_module'
/Users/xian/beef/nextgen/beef/extensions/admin_ui/classes/httpcontroller.rb:69:in call' /Users/xian/beef/nextgen/beef/extensions/admin_ui/classes/httpcontroller.rb:69:inrun'
/Users/xian/beef/nextgen/beef/extensions/admin_ui/handlers/ui.rb:48:in do_GET' /Users/xian/.rvm/rubies/ruby-1.9.2-p180/lib/ruby/1.9.1/webrick/httpservlet/abstract.rb:35:inservice'
/Users/xian/.rvm/rubies/ruby-1.9.2-p180/lib/ruby/1.9.1/webrick/httpserver.rb:111:in service' /Users/xian/.rvm/rubies/ruby-1.9.2-p180/lib/ruby/1.9.1/webrick/httpserver.rb:70:inrun'
/Users/xian/.rvm/rubies/ruby-1.9.2-p180/lib/ruby/1.9.1/webrick/server.rb:183:in `block in start_thread'
^C
[17:32:33][*] BeEF server stopped

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=495

This module was started in the lead up to the release of 0.4.1. It didn't work on IE, FF or Opera. In these instances no results were displayed in the console.

The previous attempt can be seen:
http://code.google.com/p/beef/source/detail?r=429

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=135

Add CommandModuleTarget and CommandModule unit tests

https://code.google.com/p/beef/wiki/CommandModuleTarget
https://code.google.com/p/beef/wiki/CommandModuleAPI

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=577

The BeEF::API::Command is being phased out.

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=432

I got these errors, that resulted in cpu => 50% and BeEF freeze,
when playing with Burp Scanner on two resources, using the following increased scanning engine config:

thread count: 20
retried on net failure: 2
pause before retry (millis): 500

So yes, very hazard settings.
I was hoping to get some errors, to see where things can hang.
Here we go :-)

[:39:56]←[33m[>]←[0m [PROXY] Forwarding request: host[192.168.10.128], method[GET], path[/dvwa/vulnerabilities/sqli/], urlparams[id=abcde../../../../../../../../../../windows/win.ini&Submit=Submit], body[]
[:39:56]←[33m[>]←[0m [PROXY] Forwarding request: host[192.168.10.128], method[GET], path[/dvwa/vulnerabilities/xss_r/], urlparams[name=)(sn=], body[]
[2011-06-28 10:40:06] ERROR NoMethodError: undefined method []' for nil:NilClass C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:80:inexpunge'
C:/Ruby187/lib/ruby/gems/1.8/gems/json-1.5.1-x86-mingw32/lib/json/pure/parser.rb:148:in sort_by' C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:80:ineach'
C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:80:in sort_by' C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:80:inexpunge'
C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:53:in check_packets' C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:41:ineach'
C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:41:in check_packets' C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:33:indo_GET'
C:/Ruby187/lib/ruby/1.8/webrick/httpservlet/abstract.rb:35:in __send__' C:/Ruby187/lib/ruby/1.8/webrick/httpservlet/abstract.rb:35:inservice'
C:/Ruby187/lib/ruby/1.8/webrick/httpserver.rb:104:in service' C:/Ruby187/lib/ruby/1.8/webrick/httpserver.rb:65:inrun'
C:/Ruby187/lib/ruby/1.8/webrick/server.rb:173:in start_thread' C:/Ruby187/lib/ruby/1.8/webrick/server.rb:162:instart'
C:/Ruby187/lib/ruby/1.8/webrick/server.rb:162:in start_thread' C:/Ruby187/lib/ruby/1.8/webrick/server.rb:95:instart'
C:/Ruby187/lib/ruby/1.8/webrick/server.rb:92:in each' C:/Ruby187/lib/ruby/1.8/webrick/server.rb:92:instart'
C:/Ruby187/lib/ruby/1.8/webrick/server.rb:23:in start' C:/Ruby187/lib/ruby/1.8/webrick/server.rb:82:instart'
C:/BeEF/./core/main/server.rb:101:in start' beef:64 [2011-06-28 10:40:06] ERROR NoMethodError: undefined method[]' for nil:NilClass
C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:80:in expunge' C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:80:insort_by'
C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:80:in each' C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:80:insort_by'
C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:80:in expunge' C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:53:incheck_packets'
C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:41:in each' C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:41:incheck_packets'
C:/BeEF/./core/main/network_stack/handlers/dynamicreconstruction.rb:33:in do_GET' C:/Ruby187/lib/ruby/1.8/webrick/httpservlet/abstract.rb:35:insend'
C:/Ruby187/lib/ruby/1.8/webrick/httpservlet/abstract.rb:35:in service' C:/Ruby187/lib/ruby/1.8/webrick/httpserver.rb:104:inservice'
C:/Ruby187/lib/ruby/1.8/webrick/httpserver.rb:65:in run' C:/Ruby187/lib/ruby/1.8/webrick/server.rb:173:instart_thread'
C:/Ruby187/lib/ruby/1.8/webrick/server.rb:162:in start' C:/Ruby187/lib/ruby/1.8/webrick/server.rb:162:instart_thread'
C:/Ruby187/lib/ruby/1.8/webrick/server.rb:95:in start' C:/Ruby187/lib/ruby/1.8/webrick/server.rb:92:ineach'
C:/Ruby187/lib/ruby/1.8/webrick/server.rb:92:in start' C:/Ruby187/lib/ruby/1.8/webrick/server.rb:23:instart'
C:/Ruby187/lib/ruby/1.8/webrick/server.rb:82:in start' C:/BeEF/./core/main/server.rb:101:instart'
beef:64
[:40:06]←[34m[*]←[0m [PROXY] Response for request #219 to [/dvwa/vulnerabilities/xss_r/] on domain [192.168.10.128:80] correctly processed


Google Code Issue: http://code.google.com/p/beef/issues/detail?id=358

Add Proxy Unit Tests

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=580

Implement a method to permit the admin to select multiple zombies and have the same module execute on them.

As simple example is to detect ToR on many zombies in one click. Another use will be the distributed port scanning module. In this instance, zombies will be provided a unique piece of work to perform and individual results combined to produce the total result.

In the absence of a better option, the combined result will be displayed in all zombies taking part in the execution and in the main logs. If there is a better method of displaying the results add a comment. I suspect there is.

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=71

For big data transfer sizes, ruby can halt the JavaScript response, from the last stream packet.

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=315

As per summary.

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=572

Move http://code.google.com/p/beef/source/browse/trunk/README.databases to a wiki page

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=546

Consider using:
http://whomwah.github.com/rqrcode/

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=454

Update the framework plugin detection functionality to use the 'PluginDetect' library.

http://www.pinlady.net/PluginDetect/


Google Code Issue: http://code.google.com/p/beef/issues/detail?id=421

As per the teleconf with Michele, Wade, Ben and Christian on the 30th of Nov 2011.

http://gembundler.com/

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=574

Currently the results from the Collect Links module will run past the right edge of the screen. Change this so all the links can be seen in the UI.

The attached screen shot shows the bug.


Google Code Issue: http://code.google.com/p/beef/issues/detail?id=412

http://www.lifehacker.com.au/2011/08/firefox-6-now-available/

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=442

Add module submitted by Nick Freeman.


Google Code Issue: http://code.google.com/p/beef/issues/detail?id=561

admin OS: win7
admin browser: IE9
hooked OS: win7
hooked browser: IE9
screenshot: IE9-IE9-localSettings

not working...see console log in the screenshot

admin OS: snow leopard
admin browser: FF 6.0.2
hooked OS: win7
hooked browser: IE9
screenshot: FF6-IE9-localSettings

same behavior of above.

[19:25:34][>] Server: mounted handler '/command/detect_local_settings.js'
[19:25:34][>] Hard Load module: 'detect_local_settings'
[19:25:34][>] Module 'detect_local_settings', no options method defined
[19:25:35][>] Module 'detect_local_settings', no options method defined
[19:25:35][>] Module 'detect_local_settings', no options method defined
[19:25:37][>] Server: mounted handler '/Beeffeine.class'
[19:25:37][] File
[/Users/antisnatchor/WORKS/BEEF/beeftrunk/modules/network/detect_local_settings/Beeffeine.class]
bound to url [/Beeffeine.class]
[19:25:37][] Hooked browser 192.168.84.131 has been sent instructions
from command module 'Get Network Settings'
[2011-10-02 19:26:01] ERROR /Beeffeine.class/Beeffeine.class' not found. [2011-10-02 19:26:01] ERROR/Beeffeine.class/Beeffeine.class' not found.
[2011-10-02 19:26:02] ERROR /Beeffeine.class/Beeffeine.class' not found. [2011-10-02 19:26:02] ERROR/Beeffeine.class/Beeffeine.class' not found.

I didn't tried IE8, but as far as I remember it was working. So this can
be an issue on IE9 only. Also check if the module is working IE8.

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=532

Add friendly message when running unit tests on ruby 1.8

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=543

Currently the 'Link Rewriter' allows the user to enter a jQuery selector. This should be removed and the module should simply overwrite all the links in the page with the specified URL.

Remove the 'jQuery Selector' option from the module.
Remove all references to jQuery.
Ensure the only input is the URL to use in the rewrite.

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=450

admin OS: win7
admin browser: IE9
hooked OS: win7
hooked browser: IE9
screenshot: IE9-netFingerprint

The module is working, but not all the resources are correctly detected.
The module should return 2 Apache and 1 Jboss entries, but is returning
only 1 Apache entry.
The module is correctly loading the images, as you can see in the
IE9-fingerpting (note the Jboss image that is actually not notified back
to the framework) network logs.

admin OS: win7
admin browser: IE9
hooked OS: snow leopard
hooked browser: FF 6.0.2
screenshot: firefox-netFingerprint

no problems, everything ok. detected 3/3 resources (see comments above).

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=531

The hooked browser hangs loading images (large files) via proxy. This should not occur. There should be no impact on responsiveness in the hooked browser. It is suspected that this issue originates in the network stack.

Fix this so the hooked browser does not hang and remains responsive to the user.

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=455

What steps will reproduce the problem?

1. Hook 2 browsers
2. Select the first browser from the browser tree
3. Select the second browser from the browser tree
4. Open the command modules tab on the first browser tab
5. Open the command modules tab on the second browser tab
6. Select any command module in the first browser tab
7. Select any command module in the second browser tab

What is the expected output?
It is expected that the module options will be displayed in both modules panels.

What do you see instead?
The module options are shown in one module option tab and not the other. A screen shot of the empty panel is attached.

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=437

Add functionality from the below URL:
http://kos.io/xsspwn/


Google Code Issue: http://code.google.com/p/beef/issues/detail?id=563

The JS crawler should be able to follow the links on the first hooked page, crawling to a depth = N new pages.

This would be really useful to expand the attack surface on cross-domain vulnerable links/forms that are not present on the page where the HB is already hooked.

We can issue ajax requests to all the same-domain links found in the hooked page, parse the links/forms in the response, and add them to a stack of resources to be scanned. Should work ;)


Google Code Issue: http://code.google.com/p/beef/issues/detail?id=404

Using the getSystemInfo on win vista sp2, using Chrome 15 as hooked browser, the module is working but the IP of the net interfaces is not retrieved.

check if it's a limitation of the applet on Vista or not.
see screenshot

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=557

Add a callback function to permit the alteration of parameters and variables based upon the hooked browser details.

Currently, when the command module righthand pain is displayed, it is not possible to display the hooked browser's domain in a variable setting. This is because there is no callback to the module.

Add a callback method called pre_display() to /lib/modules/command.rb. This method will be called before the configuration options of each command module is presented in the browser. The likely place this callback will be triggered is the select_command_module() function in /ui/modules/modules.rb.

It may help to refer to how the pre_send() callback works. pre_display() will be very similar.


Google Code Issue: http://code.google.com/p/beef/issues/detail?id=160

Add Requester Unit Tests


Google Code Issue: http://code.google.com/p/beef/issues/detail?id=579

Add Event Logger unit tests

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=581

What steps will reproduce the problem?

1. install ruby 1.9.2-head from rvm
2. get latest source from svn (r1424)
3. install beef with ruby install
4. run 'ruby beef'

root@bt:/pentest/web/beef# ruby beef
/usr/local/rvm/rubies/ruby-1.9.2-head/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in require': no such file to load -- windows_console_color_support (LoadError) from /usr/local/rvm/rubies/ruby-1.9.2-head/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:inrequire'
from /usr/local/rvm/gems/ruby-1.9.2-head/gems/librex-0.0.63/lib/rex/ui/text/output/stdio.rb:2:in <top (required)>' from /usr/local/rvm/rubies/ruby-1.9.2-head/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:inrequire'
from /usr/local/rvm/rubies/ruby-1.9.2-head/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in require' from /usr/local/rvm/gems/ruby-1.9.2-head/gems/librex-0.0.63/lib/rex/ui/text/output.rb:15:in<class:Output>'
from /usr/local/rvm/gems/ruby-1.9.2-head/gems/librex-0.0.63/lib/rex/ui/text/output.rb:13:in <module:Text>' from /usr/local/rvm/gems/ruby-1.9.2-head/gems/librex-0.0.63/lib/rex/ui/text/output.rb:5:in<module:Ui>'
from /usr/local/rvm/gems/ruby-1.9.2-head/gems/librex-0.0.63/lib/rex/ui/text/output.rb:4:in <module:Rex>' from /usr/local/rvm/gems/ruby-1.9.2-head/gems/librex-0.0.63/lib/rex/ui/text/output.rb:3:in<top (required)>'
from /usr/local/rvm/rubies/ruby-1.9.2-head/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in require' from /usr/local/rvm/rubies/ruby-1.9.2-head/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:inrequire'
from /usr/local/rvm/gems/ruby-1.9.2-head/gems/librex-0.0.63/lib/rex/ui/output.rb:18:in <class:Output>' from /usr/local/rvm/gems/ruby-1.9.2-head/gems/librex-0.0.63/lib/rex/ui/output.rb:12:in<module:Ui>'
from /usr/local/rvm/gems/ruby-1.9.2-head/gems/librex-0.0.63/lib/rex/ui/output.rb:4:in <module:Rex>' from /usr/local/rvm/gems/ruby-1.9.2-head/gems/librex-0.0.63/lib/rex/ui/output.rb:3:in<top (required)>'
from /usr/local/rvm/rubies/ruby-1.9.2-head/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in require' from /usr/local/rvm/rubies/ruby-1.9.2-head/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:inrequire'
from /usr/local/rvm/gems/ruby-1.9.2-head/gems/librex-0.0.63/lib/rex/ui.rb:7:in <top (required)>' from /usr/local/rvm/rubies/ruby-1.9.2-head/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:inrequire'
from /usr/local/rvm/rubies/ruby-1.9.2-head/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in require' from /pentest/web/beef/core/loader.rb:35:in<top (required)>'
from <internal:lib/rubygems/custom_require>:29:in require' from <internal:lib/rubygems/custom_require>:29:inrequire'
from beef:37:in `<main>'


Google Code Issue: http://code.google.com/p/beef/issues/detail?id=566

When the http_host is set to 0.0.0.0 the framework incorrectly tells the hooked browser that 0.0.0.0 is the ip address of the beef server. The framework should inform the server that the beef server ip address is the same as the interface the initial request came from.

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=171

Increase the number of unit tests.


Google Code Issue: http://code.google.com/p/beef/issues/detail?id=535

When checking the status of finger (79) and rpc (111) ports,
the modules enter a loop.

The issue seems to be the CORS method.

See attached screenshot.

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=554

add 2 wiki pages for the requester and xssrays extensions.


Google Code Issue: http://code.google.com/p/beef/issues/detail?id=571

[*] Issue:

Internet Explorer 9 (and maybe 8) is incorrectly reported as Internet Explorer 7 on pages containing malformed HTML.

Internet Explorer uses Compatibility Mode (Quirks Mode) for pages containing invalid markup.

The chances of a BeEF hook residing within a malformed HTML document are quite high as XSS vectors quite often break the markup.

[*] Cause:

The browser detection for Internet Explorer 8/9 in core/main/client/browser.js is as follows:

    /**
     * Returns true if IE8.
     * @example: beef.browser.isIE8()
     */
    isIE8: function() {
            $j("body").append('<!--[if IE 8]>     <div id="beefiecheck" class="ie ie8"></div>      <![endif]-->');
            return ($j('#beefiecheck').hasClass('ie8'))?true:false;
    },

    /**
     * Returns true if IE9.
     * @example: beef.browser.isIE9()
     */
    isIE9: function() {
            $j("body").append('<!--[if IE 9]>     <div id="beefiecheck" class="ie ie9"></div>      <![endif]-->');
            return ($j('#beefiecheck').hasClass('ie9'))?true:false;
    },

Unfortunately the conditional HTML comments for IE8 and IE9 are not triggered in compatibility mode resulting in isIE8() and isIE9() returning false.

[*] Fix:

This could be fixed by using detection methods similar to those used for other browsers, for example:

    /**
     * Returns true if IE8.
     * @example: beef.browser.isIE8()
     */
    isIE8: function() {
            return !!window.chrome && !!window.opera && window.navigator.userAgent.match(/MSIE 8\.0;/) != null;
    },

    /**
     * Returns true if IE9.
     * @example: beef.browser.isIE9()
     */
    isIE9: function() {
            return !!window.chrome && !!window.opera && window.navigator.userAgent.match(/MSIE 9\.0;/) != null;
    },

This approach has the added benefit of not adding HTML comments to the DOM which are quite obvious to anyone viewing the DOM in a debugger.

However if it was that simple we would have done that in the first place... I hope... Please tell me there's a good reason we didn't :(


Google Code Issue: http://code.google.com/p/beef/issues/detail?id=589

If we issue for example:
connect help
and the help option is not implemented for the command connect, there is an exception.

Handle this error gracefully.

BeEF > connect help
[-] Error while running command connect: undefined method `+' for nil:NilClass

Call stack:
C:/Ruby192/lib/ruby/1.9.1/net/http.rb:1274:in addr_port' C:/Ruby192/lib/ruby/1.9.1/net/http.rb:1209:inbegin_transport'
C:/Ruby192/lib/ruby/1.9.1/net/http.rb:1188:in transport_request' C:/Ruby192/lib/ruby/1.9.1/net/http.rb:1177:inrequest'
C:/Ruby192/lib/ruby/1.9.1/net/http.rb:419:in block in post_form' C:/Ruby192/lib/ruby/1.9.1/net/http.rb:627:instart'
C:/Ruby192/lib/ruby/1.9.1/net/http.rb:418:in post_form' C:/BeEF-things/BeEF_console/console/lib/beef/remote/session.rb:20:inauthenticate'
C:/BeEF-things/BeEF_console/console/lib/beef/ui/console/command_dispatcher/remote.rb:53:in cmd_conn ect' C:/Ruby192/lib/ruby/gems/1.9.1/gems/librex-0.0.44/lib/rex/ui/text/dispatcher_shell.rb:376:inrun_co
mmand'
C:/Ruby192/lib/ruby/gems/1.9.1/gems/librex-0.0.44/lib/rex/ui/text/dispatcher_shell.rb:338:in block in run_single' C:/Ruby192/lib/ruby/gems/1.9.1/gems/librex-0.0.44/lib/rex/ui/text/dispatcher_shell.rb:332:ineach'
C:/Ruby192/lib/ruby/gems/1.9.1/gems/librex-0.0.44/lib/rex/ui/text/dispatcher_shell.rb:332:in run_si ngle' C:/Ruby192/lib/ruby/gems/1.9.1/gems/librex-0.0.44/lib/rex/ui/text/shell.rb:199:inrun'
beefconsole.rb:65:in `<main>'

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=409

Sending a malformed HTTP request to the proxy renders it unusable.

[*] Steps to reproduce:

1. Hook a browser
2. Select it as a proxy
3. Send a malformed HTTP request to the proxy:

$ netcat 127.0.0.1 6789
GET /

[*] Output:

[11:24:06][] Using Hooked Browser with ip [xx.xx.xx.xx] as Tunneling Proxy
[11:24:29][] [PROXY] Thread started in order to process request #1 to [/] on domain [localhost:6789]
[11:24:29][!] undefined method keys' for nil:NilClass [11:24:39][!] undefined methodkeys' for nil:NilClass
[11:24:52][!] undefined method keys' for nil:NilClass [11:24:52][*] [PROXY] Thread started in order to process request #2 to [/demos/basic.html] on domain [localhost:6789] [11:25:04][!] undefined methodkeys' for nil:NilClass
[11:25:09][!] undefined method keys' for nil:NilClass [11:25:19][!] undefined methodkeys' for nil:NilClass

[*] Effect:

Once the malformed request has been received the proxy will still accept connections however won't return any results. The aforementioned error message repeats every ~10 seconds.


Google Code Issue: http://code.google.com/p/beef/issues/detail?id=429

What steps will reproduce the problem?

1. have a HB running
2. select the "requester" tab of the HB tree list
3. click on the "domain" button in the bottom bar

What is the expected output? What do you see instead?

Expected: the online HB have select boxes available

Instead: no select boxes. Or they are just wrong.


Google Code Issue: http://code.google.com/p/beef/issues/detail?id=228

These pages contain outdated information:

https://code.google.com/p/beef/wiki/CommandModuleTarget
https://code.google.com/p/beef/wiki/CommandModuleAPI


Google Code Issue: http://code.google.com/p/beef/issues/detail?id=511

Currently the 'Replace HREFs (HTTPS)' allows the user to enter a jQuery selector. This should be removed and the module should simply overwrite all the links in the page with the specified URL.

Remove the 'jQuery Selector' option from the module.
Remove all references to jQuery.
Ensure the only input is the URL to use in the rewrite.

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=560

admin OS: Win7
admin browser: C 14
hooked OS: Win7
hooked browser: IE9
browser using the tunnel: FF 6.0.2 (mac osx)
screenshot: IE9-proxy

screenshot:
there is a bug on parsing the response headers
(extensions/proxy/handlers/zombie/handler.rb), line 198 (gsub! on null
object) when using IE.

• ---> probably there is a null header, or an header value without a ":
  " space after the : header delimiter. I need to investigate more this
  (damn IE) issue.

admin OS: Win7
admin browser: IE9
hooked OS: Win7
hooked browser: C 14
browser using the tunnel: FF 7 (win7)
screenshot: Chrome-proxy

Everything works fine here (css was cached, this is why the page seems
blank). Anyway, there is still the bug that Saafan should fix (as far as
I remember) about parsing the images.

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=533

Allowing the browser to cache the http responses that retrieve the definition of a command and build the UI for it.

This should improve performance

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=232

print_error "API Path not defined for Class: "+c.to_s+" Method: "+m.to_s

to

print_error "API Path not defined for Class: "+c.to_s+" Method: "+m.to_s"

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=487

Add "Submit Bug' link to the Admin UI next to the logout option
http://code.google.com/p/beef/issues/entry

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=545

Add a function to the beefjs api (/modules/beefjs/browser.js) called hasPopups() to detect if popup windows are allowed. When the function is executed the hooked browser user must not notice.

The below code snipped was copied from: http://www.jguru.com/faq/view.jsp?EID=1157429

function IsPopupBlocker() {
var oWin = window.open("","testpopupblocker","width=100,height=50,top=5000,left=5000");
if (oWin==null || typeof(oWin)=="undefined") {
return true;
} else {
oWin.close();
return false;
}
}

if (IsPopupBlocker()) {
document.write("You HAVE A POPUP BLOCKER");
} else {
document.write("Popup blocker NOT detected.");
}

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=159

A few basic unit tests should be added to rake that checks for MSFIntegration functionality. The proposed tests are

• RPCClient::login() => token is returned correctly
• RPCClient::browser_exploits()=> returns the exploits list correction
• RPCClient::launch_autopwn() => returns no errors
  
  
  Google Code Issue: http://code.google.com/p/beef/issues/detail?id=569

After module changes in 373, the admin_ui will break.

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=374

The sink: http.content_length = request.content_length
request object does not contain the content_length (nil to integer exception).

Additionally, the code added to validate that the raw request is flawed because it's expecting request headers in a determined position.

For example, it cannot be predicted if the Host header is the first one (some browsers put other headers first): anyway the code is (wrongly) supposing this.

This is actually not working from the start as I can see from the SVN history.

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=486

http://code.google.com/p/beef/wiki/TunnelingProxy

Google Code Issue: http://code.google.com/p/beef/issues/detail?id=578