Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
beefproject
GitHub Repository: beefproject/beef
 Path: blob/master/extensions/admin_ui/api/handler.rb
1154 views
1
#

2
# Copyright (c) 2006-2025 Wade Alcorn - [email protected]

3
# Browser Exploitation Framework (BeEF) - https://beefproject.com

4
# See the file 'doc/COPYING' for copying permission

5
#

6
module BeEF

7
  module Extension

8
    module AdminUI

9
      module API

10
        #

11
        # We use this module to register all the http handler for the Administrator UI

12
        #

13
        module Handler

14
          require 'uglifier'

15


16
          BeEF::API::Registrar.instance.register(BeEF::Extension::AdminUI::API::Handler, BeEF::API::Server, 'mount_handler')

17


18
          def self.evaluate_and_minify(content, params)

19
            begin

20
              erubis = Erubis::FastEruby.new(content)

21
              evaluated = erubis.evaluate(params)

22
            rescue => e

23
              print_error("[Admin UI] Evaluating with Eruby failed: #{e.message}")

24
              return

25
            end

26


27
            print_debug "[AdminUI] Minifying JavaScript (#{evaluated.size} bytes)"

28


29
            opts = {

30
              output: {

31
                comments: :none

32
              },

33
              compress: {

34
                dead_code: true

35
              },

36
              harmony: true

37
            }

38


39
            begin

40
              minified = Uglifier.compile(evaluated, opts)

41
            rescue StandardError => e

42
              print_warning "[AdminUI] Error: Could not minify '#{name}' JavaScript file: #{e.message}"

43
              print_more "[AdminUI] Ensure nodejs is installed and `node' is in `$PATH` !"

44
              return evaluated

45
            end

46


47
            print_debug "[AdminUI] Minified #{evaluated.size} bytes to #{minified.size} bytes"

48


49
            return minified

50
          end

51


52
          def self.write_minified_js(name, content)

53
            temp_file = File.new("#{File.dirname(__FILE__)}/../media/javascript-min/#{File.basename(name)}", 'w+')

54
            File.write(temp_file, content)

55
          end

56


57
          def self.build_javascript_ui

58
            # NOTE: order counts! make sure you know what you're doing if you add files

59
            esapi = %w[

60
              esapi/Class.create.js

61
              esapi/jquery-3.3.1.min.js

62
              esapi/jquery-encoder-0.1.0.js

63
            ]

64


65
            ux = %w[

66
              ui/common/beef_common.js

67
              ux/PagingStore.js

68
              ux/StatusBar.js

69
              ux/TabCloseMenu.js

70
            ]

71


72
            panel = %w[

73
              ui/panel/common.js

74
              ui/panel/PanelStatusBar.js

75
              ui/panel/tabs/ZombieTabDetails.js

76
              ui/panel/tabs/ZombieTabLogs.js

77
              ui/panel/tabs/ZombieTabCommands.js

78
              ui/panel/tabs/ZombieTabRider.js

79
              ui/panel/tabs/ZombieTabXssRays.js

80
              ui/panel/PanelViewer.js

81
              ui/panel/LogsDataGrid.js

82
              ui/panel/BrowserDetailsDataGrid.js

83
              ui/panel/ZombieDataGrid.js

84
              ui/panel/MainPanel.js

85
              ui/panel/ZombieTab.js

86
              ui/panel/ZombieTabs.js

87
              ui/panel/zombiesTreeList.js

88
              ui/panel/ZombiesMgr.js

89
              ui/panel/tabs/ZombieTabNetwork.js

90
              ui/panel/tabs/ZombieTabRTC.js

91
              ui/panel/Logout.js

92
              ui/panel/WelcomeTab.js

93
              ui/panel/AutoRunTab.js

94
              ui/panel/AutoRunRuleForm.js

95
              ui/panel/AutoRunModuleForm.js

96
              ui/panel/ModuleSearching.js

97
            ]

98


99
            global_js = esapi + ux + panel

100


101
            admin_ui_js = ''

102
            global_js.each do |file_name|

103
              admin_ui_js << ("#{File.binread("#{File.dirname(__FILE__)}/../media/javascript/#{file_name}")}\n\n")

104
            end

105


106
            config = BeEF::Core::Configuration.instance

107
            bp = config.get 'beef.extension.admin_ui.base_path'

108


109
            # if more dynamic variables are needed in JavaScript files

110
            # add them here in the following Hash

111
            params = {

112
              'base_path' => bp

113
            }

114


115
            # process all JavaScript files, evaluating them with Erubis

116
            print_debug '[AdminUI] Initializing admin panel ...'

117


118
            web_ui_all = evaluate_and_minify(admin_ui_js, params)

119
            unless web_ui_all

120
              raise StandardError, "[AdminUI] evaluate_and_minify JavaScript failed: web_ui_all JavaScript is empty"

121
            end

122
            write_minified_js('web_ui_all.js', web_ui_all)

123


124
            auth_js_file = "#{File.binread("#{File.dirname(__FILE__)}/../media/javascript/ui/authentication.js")}\n\n"

125
            web_ui_auth = evaluate_and_minify(auth_js_file, params)

126
            unless web_ui_auth

127
              raise StandardError, "[AdminUI] evaluate_and_minify JavaScript failed: web_ui_auth JavaScript is empty"

128
            end

129
            write_minified_js('web_ui_auth.js', web_ui_auth)

130
          rescue => e

131
            raise StandardError, "Building Admin UI JavaScript failed: #{e.message}"

132
          end

133


134
          #

135
          # This function gets called automatically by the server.

136
          #

137
          def self.mount_handler(beef_server)

138
            config = BeEF::Core::Configuration.instance

139


140
            # Web UI base path, like http://beef_domain/<bp>/panel

141
            bp = config.get 'beef.extension.admin_ui.base_path'

142


143
            # registers the http controllers used by BeEF core (authentication, logs, modules and panel)

144
            Dir["#{$root_dir}/extensions/admin_ui/controllers/**/*.rb"].sort.each do |http_module|

145
              require http_module

146
              mod_name = File.basename http_module, '.rb'

147
              beef_server.mount("#{bp}/#{mod_name}", BeEF::Extension::AdminUI::Handlers::UI.new(mod_name))

148
            end

149


150
            # mount the media folder where we store static files (javascript, css, images, audio) for the admin ui

151
            media_dir = "#{File.dirname(__FILE__)}/../media/"

152
            beef_server.mount("#{bp}/media", Rack::File.new(media_dir))

153


154
            # If we're not imitating a web server, mount the favicon to /favicon.ico

155
            # NOTE: this appears to be broken

156
            unless config.get('beef.http.web_server_imitation.enable')

157
              BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind(

158
                "/extensions/admin_ui/media/images/#{config.get('beef.extension.admin_ui.favicon_file_name')}",

159
                '/favicon.ico',

160
                'ico'

161
              )

162
            end

163


164
            build_javascript_ui

165
          rescue => e

166
            print_error("[Admin UI] Could not mount URL route handlers: #{e.message}")

167
            print_more(e.backtrace)

168
            exit(1)

169
          end

170
        end

171
      end

172
    end

173
  end

174
end

175


176