Path: blob/master/core/main/handlers/modules/command.rb
1154 views
#1# Copyright (c) 2006-2025 Wade Alcorn - [email protected]2# Browser Exploitation Framework (BeEF) - https://beefproject.com3# See the file 'doc/COPYING' for copying permission4#5module BeEF6module Core7module Handlers8module Modules9module Command10# Adds the command module instructions to a hooked browser's http response.11# @param [Object] command Command object12# @param [Object] hooked_browser Hooked Browser object13def add_command_instructions(command, hooked_browser)14if hooked_browser.nil?15(print_error 'hooked_browser is nil'16return)17end18if hooked_browser.session.nil?19(print_error 'hooked_browser.session is nil'20return)21end22if command.nil?23(print_error 'hooked_browser is nil'24return)25end26if command.command_module_id.nil?27(print_error 'hooked_browser.command_module_id is nil'28return)29end3031config = BeEF::Core::Configuration.instance32# @note get the command module33command_module = BeEF::Core::Models::CommandModule.where(id: command.command_module_id).first34if command_module.nil?35(print_error 'command_module is nil'36return)37end38if command_module.path.nil?39(print_error 'command_module.path is nil'40return)41end4243if command_module.path.match(/^Dynamic/)44command_module = BeEF::Modules::Commands.const_get(command_module.path.split('/').last.capitalize).new45else46key = BeEF::Module.get_key_by_database_id(command.command_module_id)47if key.nil?48(print_error "Could not find command module with ID #{command.command_module_id}"49return)50end51command_module = BeEF::Core::Command.const_get(config.get("beef.module.#{key}.class")).new(key)52end5354command_module.command_id = command.id55command_module.session_id = hooked_browser.session56command_module.build_datastore(command.data)57command_module.pre_send5859build_missing_beefjs_components(command_module.beefjs_components) unless command_module.beefjs_components.empty?6061ws = BeEF::Core::Websocket::Websocket.instance6263if config.get('beef.extension.evasion.enable')64evasion = BeEF::Extension::Evasion::Evasion.instance65@output = evasion.obfuscate(command_module.output)66else67@output = command_module.output68end6970# TODO: antisnatchor: remove this gsub crap adding some hook packing.71if config.get('beef.http.websocket.enable') && ws.getsocket(hooked_browser.session)72# content = command_module.output.gsub('//73# //74# // Copyright (c) 2006-2025 Wade Alcorn - [email protected]75# // Browser Exploitation Framework (BeEF) - https://beefproject.com76# // See the file 'doc/COPYING' for copying permission77# //78# //', "")79ws.send(@output, hooked_browser.session)80else81@body << (@output + "\n\n")82end83# @note prints the event to the console84if BeEF::Settings.console?85name = command_module.friendlyname || kclass86print_info "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has been sent instructions from command module [cid:#{command.id}, mod: #{command.command_module_id}, name:'#{name}']"87end8889# @note flag that the command has been sent to the hooked browser90command.instructions_sent = true91command.save!92end93end94end95end96end97end9899100