1
#
2
# Copyright (c) 2006-2025 Wade Alcorn - [email protected]
3
# Browser Exploitation Framework (BeEF) - https://beefproject.com
4
# See the file 'doc/COPYING' for copying permission
5
#
6
module BeEF
7
  module Extension
8
    module Evasion
9
      class Whitespace
10
        include Singleton
11

12
        def need_bootstrap?
13
          true
14
        end
15

16
        def get_bootstrap
17
          # the decode function is in plain text - called IE-spacer - because trolling is always a good idea
18
          "//Dirty IE6 whitespace bug hack
19
if (typeof IE_spacer === 'function') {} else {
20
function IE_spacer(css_space) {
21
  var spacer = '';
22
  for(y = 0; y < css_space.length/8; y++)
23
  {
24
    v = 0;
25
    for(x = 0; x < 8; x++)
26
    {
27
      if(css_space.charCodeAt(x+(y*8)) > 9)
28
      {
29
        v++;
30
      }
31
      if(x != 7)
32
      {
33
        v = v << 1;
34
      }
35
    }
36
    spacer += String.fromCharCode(v);
37
  }return spacer;
38
}}"
39
        end
40

41
        def execute(input, _config)
42
          size = input.length
43
          encoded = encode(input)
44
          var_name = BeEF::Core::Crypto.random_alphanum_string(3)
45
          input = "var #{var_name}=\"#{encoded}\";[].constructor.constructor(IE_spacer(#{var_name}))();"
46
          print_debug "[OBFUSCATION - WHITESPACE] #{size} bytes of Javascript code has been Whitespaced"
47
          input
48
        end
49

50
        def encode(input)
51
          output = input.unpack('B*')
52
          output.to_s.gsub(/[\["01\]]/, '[' => '', '"' => '', ']' => '', '0' => "\t", '1' => ' ')
53
        end
54
      end
55
    end
56
  end
57
end
58

59