1
#
2
# Copyright (c) 2006-2025 Wade Alcorn - [email protected]
3
# Browser Exploitation Framework (BeEF) - https://beefproject.com
4
# See the file 'doc/COPYING' for copying permission
5
#
6

7
module BeEF
8
  module Core
9
    class Configuration
10
      attr_accessor :config
11

12
      # antisnatchor: still a singleton, but implemented by hand because we want to have only one instance
13
      # of the Configuration object while having the possibility to specify a parameter to the constructor.
14
      # This is  why we don't use anymore the default Ruby implementation -> include Singleton
15
      def self.instance
16
        @@instance
17
      end
18

19
      # Loads the default configuration system
20
      # @param [String] configuration_file Configuration file to be loaded,
21
      #        by default loads $root_dir/config.yaml
22
      def initialize(config)
23
        raise TypeError, "'config' needs to be a string" unless config.is_a?(String)
24
        raise TypeError, "Configuration file '#{config}' cannot be found" unless File.exist? config
25

26
        begin
27
          # open base config
28
          @config = load(config)
29
          @config.default = nil
30
          @@config = config
31
        rescue StandardError => e
32
          print_error "Fatal Error: cannot load configuration file '#{config}' : #{e.message}"
33
          print_more e.backtrace
34
          exit(1)
35
        end
36

37
        @@instance = self
38
      end
39

40
      # Loads yaml file
41
      # @param [String] file YAML file to be loaded
42
      # @return [Hash] YAML formatted hash
43
      def load(file)
44
        return nil unless File.exist?(file)
45
        YAML.safe_load(File.binread(file))
46
      end
47

48
      #
49
      # @note balidate the configuration file
50
      #
51
      def validate
52
        if @config.empty?
53
          print_error 'Configuration file is empty'
54
          return
55
        end
56

57
        if @config['beef'].nil?
58
          print_error "Configuration file is malformed: 'beef' is nil"
59
          return
60
        end
61

62
        if @config['beef']['credentials'].nil?
63
          print_error "Configuration file is malformed: 'beef.credentials' is nil"
64
          return
65
        end
66

67
        if @config['beef']['http'].nil?
68
          print_error "Configuration file is malformed: 'beef.http' is nil"
69
          return
70
        end
71

72
        return unless validate_public_config_variable?(@config)
73

74
        # Note for developers:
75
        # The configuration path 'beef.http.public_port' is deprecated.
76
        # Use the new format for public_port variables as described in the BeEF project documentation.
77
        # Refer to the BeEF configuration guide for the web server configuration details:
78
        # https://github.com/beefproject/beef/wiki/Configuration#web-server-configuration
79
        if @config['beef']['http']['public_port']
80
          return
81
        end
82

83
        true
84
      end
85

86
      #
87
      # Returns the configuration value for the http server host
88
      # If nothing is set it should default to 0.0.0.0 (all interfaces)
89
      def local_host
90
        get('beef.http.host') || '0.0.0.0'
91
      end
92

93
      #
94
      # Returns the configuration value for the http server port
95
      # If nothing is set it should default to 3000
96
      def local_port
97
        get('beef.http.port') || '3000'
98
      end
99

100
      #
101
      # Return the local protocol
102
      # if nothing is set default to http
103
      def local_proto
104
        local_https_enabled ? 'https' : 'http'
105
      end
106

107
      #
108
      # Returns the configuration value for the local https enabled
109
      # If nothing is set it should default to false
110
      def local_https_enabled
111
        get('beef.http.https.enable') || false
112
      end
113

114
      #
115
      # Returns the configuration value for the http server host
116
      def public_host
117
        get('beef.http.public.host')
118
      end
119

120
      #
121
      # Returns the beef host which is used by external resources
122
      # e.g. hooked browsers
123
      def beef_host
124
        public_host || local_host
125
      end
126

127
      #
128
      # Returns the beef port which is used by external resource
129
      # e.g. hooked browsers
130
      def beef_port
131
        public_port || local_port
132
      end
133

134
      def public_enabled?
135
        !get('beef.http.public.host').nil?
136
      end
137

138
      #
139
      # Returns the beef protocol that is used by external resources
140
      # e.g. hooked browsers
141
      def beef_proto
142
        if public_enabled? && public_https_enabled?
143
          'https'
144
        elsif public_enabled? && !public_https_enabled?
145
          'http'
146
        elsif !public_enabled?
147
          local_proto
148
        end
149
      end
150

151
      #
152
      # Returns the beef scheme://host:port for external resources
153
      # e.g. hooked browsers
154
      def beef_url_str
155
        "#{beef_proto}://#{beef_host}:#{beef_port}"
156
      end
157

158
      # Returns the hook path value stored in the config file
159
      #
160
      # @return [String] hook file path
161
      def hook_file_path
162
        get('beef.http.hook_file') || '/hook.js'
163
      end
164

165
      # Returns the url to the hook file
166
      #
167
      # @return [String] the url string
168
      def hook_url
169
        "#{beef_url_str}#{hook_file_path}"
170
      end
171

172
      # Returns the configuration value for the http server port
173
      # If nothing is set it should default to 3000
174
      def public_port
175
        return get('beef.http.public.port') unless get('beef.http.public.port').nil?
176

177
        return '443' if public_https_enabled?
178
        return '80' unless public_host.nil?
179

180
        nil
181
      end
182

183
      #
184
      # Returns the configuration value for the local https enabled
185
      # If nothing is set it should default to false
186
      def public_https_enabled?
187
        get('beef.http.public.https') || false
188
      end
189

190
      #
191
      # Returns the value of a selected key in the configuration file.
192
      # @param [String] key Key of configuration item
193
      # @return [Hash|String] The resulting value stored against the 'key'
194
      #
195
      def get(key)
196
        subkeys = key.split('.')
197
        lastkey = subkeys.pop
198
        subhash = subkeys.inject(@config) do |hash, k|
199
          hash[k]
200
        end
201
        return nil if subhash.nil?
202

203
        subhash.key?(lastkey) ? subhash[lastkey] : nil
204
      end
205

206
      #
207
      # Sets the give key value pair to the config instance
208
      # @param [String] key The configuration key
209
      # @param value The value to be stored against the 'key'
210
      # @return [Boolean] If the store procedure was successful
211
      #
212
      def set(key, value)
213
        subkeys = key.split('.').reverse
214
        return false if subkeys.empty?
215

216
        hash = { subkeys.shift.to_s => value }
217
        subkeys.each { |v| hash = { v.to_s => hash } }
218
        @config = @config.deep_merge hash
219
        true
220
      end
221

222
      #
223
      # Clears the given key hash
224
      # @param [String] key Configuration key to be cleared
225
      # @return [Boolean] If the configuration key was cleared
226
      #
227
      def clear(key)
228
        subkeys = key.split('.')
229
        return false if subkeys.empty?
230

231
        lastkey = subkeys.pop
232
        hash = @config
233
        subkeys.each { |v| hash = hash[v] }
234
        hash.delete(lastkey).nil? ? false : true
235
      end
236

237
      #
238
      # Load extensions configurations
239
      #
240
      def load_extensions_config
241
        set('beef.extension', {})
242
        Dir.glob("#{$root_dir}/extensions/*/config.yaml") do |cf|
243
          y = load(cf)
244
          if y.nil?
245
            print_error "Unable to load extension configuration '#{cf}'"
246
            next
247
          end
248

249
          y['beef']['extension'][y['beef']['extension'].keys.first]['path'] = cf.gsub(/config\.yaml/, '').gsub(%r{#{$root_dir}/}, '')
250
          @config = y.deep_merge(@config)
251
        end
252
      end
253

254
      #
255
      # Load module configurations
256
      #
257
      def load_modules_config
258
        set('beef.module', {})
259
        # support nested sub-categories, like browser/hooked_origin/ajax_fingerprint
260
        module_configs = File.join("#{$root_dir}/modules/**", 'config.yaml')
261
        Dir.glob(module_configs) do |cf|
262
          y = load(cf)
263
          if y.nil?
264
            print_error "Unable to load module configuration '#{cf}'"
265
            next
266
          end
267

268
          y['beef']['module'][y['beef']['module'].keys.first]['path'] = cf.gsub('config.yaml', '').gsub(%r{#{$root_dir}/}, '')
269
          @config = y.deep_merge @config
270
          # API call for post module config load
271
          BeEF::API::Registrar.instance.fire(
272
            BeEF::API::Configuration,
273
            'module_configuration_load',
274
            y['beef']['module'].keys.first
275
          )
276
        end
277
      end
278

279
      private
280

281
      # Note for developers:
282
      # The configuration path 'beef.http.public' is deprecated.
283
      # Use the new format for public variables as described in the BeEF project documentation.
284
      # Refer to the BeEF configuration guide for the web server configuration details:
285
      # https://github.com/beefproject/beef/wiki/Configuration#web-server-configuration
286
      def validate_public_config_variable?(config)
287
        return true if config['beef']['http']['public'].is_a?(Hash) ||
288
                       config['beef']['http']['public'].is_a?(NilClass)
289

290
        false
291
      end
292
    end
293
  end
294
end
295

296