The PHP version has been discontinued for various reasons:
- It wasn't easy to extend from a core perspective.
- When adding new modules, code was duplicated; you had to copy and paste a lot of code from previous modules, then add maybe 3 lines of Javascript as the new code, resulting in an anti-patterns.
- There was no decent API.
- IMHO PHP sucks for many reasons: it's got a ton of security issues, like Sendmail; it's not a true OO language, and programming with objects makes life easier. Ruby instead is OO, and the new BeEF heavily relies on that.
The new BeEF Ruby development started around mid-2010, with Wade's first post announcing it in October 2010. Rewriting BeEF from scratch was in Wade's to-do list for quite some time. It required a bunch of developers and a good language.
Ruby was the choice, for many reasons:
- It's fully Object Oriented, flexible and easy to code.
- It does not require an external web server to run, so you have maximum flexibility with Ruby-written application servers. Features like the Tunneling Proxy would have been difficult to implement with Apache + PHP.
Lets be honest. Until 6 months ago, BeEF Ruby was experimental and unstable. It was using WebRick, the default application server that comes with Ruby (without additional gems). WebRick is not thread-safe. That's why mutexes were used in class constructors. LOL, don't blame me :-). Add to it sqlite, another piece of software that isn't thread-safe, and bam...we had to have XHR-polling (that's basically the communication channel we currently use) every 8-10 seconds.
So yeah, BeEF was damn slow and we had complaints over twitter, email, and so on. To add to the grief, BackTrack and other pentesting distros were still including the old PHP BeEF. This is now no longer true, read this if you are upgrading to BackTrack5-r2, or just use BT5-r2 to enjoy BeEF.
In November 2011, we had a programming sprint. We rewrote parts of the BeEF core to replace WebRick and custom "servlets" (for those of you coming from a JEE background, like me, this will sound familiar) with Thin, Rack, and recently Sinatra.
The performance advantages were massive, and all the concurrency and lock errors we had with sqlite went magically away :-) Thin is using Mongrel's parser and Event Machine, so it's handling tons of requests faster and consuming less resources because it's a state machine.
Rack and Sinatra really help you code your web application easier, faster and more securely. Take a look at the code of the RESTful API for an example.
Having this new powerful core, we could change the XHR-polling to execute every second, so 10 times faster than before :D Also, now BeEF can be easily used with tens (or more) of hooked browsers without the need to worry too much about performance.
Other big differences with the old PHP BeEF are the modularity and extensibility of the framework. We have command modules and extensions, so code duplication is minimized.
You write an extension, if you need to add a fairly tightly coupled functionality into the core, with the ability to switch it on or off when starting the framework. Tunneling Proxy, XssRays, and even the Admin User Interface are currently extensions.
You write a module when you need to add a new attack/exploit to be launched through BeEF. Basically anything you want to do in Javascript, HTML, Java, (insert arbitrary browser acceptable language) can be done through a command module.
There are also currently three APIs:
- one API is internal to the core, used by extensions and modules;
- the RESTful API we already discussed in previous blog posts, used to expose framework functionality externally;
- and the Javascript API, with many useful helper methods to create invisible or overlay iframes, send requests, attach applets, manipulated the DOM in various ways, etc..
The old PHP BeEF lacked API support completely.
Last, but not least, we use an agile development process with unit and functional testing, including continuous integration. Writing tests is boring and sometimes more difficult than the code they are supposed to test, but they are effective at spotting errors and changes that break the core or modules. We are constantly adding new tests. Expect a cool blog post in the next week about this topic.
All the modules that were present in the PHP version, including the Metasploit integration, have been ported (when possible, some of them were old and not working in recent browsers).
So next time I will hear someone saying "mate, I'm still using the PHP version" I will scream :D No, seriously, give the Ruby BeEF a try by cloning or forking it from github. You will not be disappointed.
Hi, Where can I download the latest version of PHP?
ReplyDeleteThanks!
Great article.you shared very informative post. I like your blog. Thank you so much for sharing.
ReplyDeleteweb designing courses in chennai
PHP is very widely used for web development. Being open source, it can be easily customized. Businesses can implement PHP in a number of creative ways.For more information: php
ReplyDeleteI am a student of development. i am learning the HTML . After HTML i will startramps PHP . DO you help in html course?
ReplyDeleteKite Projects provides the best and cheap Bespoke Stainless Steel Handrails and Stainless Steel Ladders Provider in Uk. Call us now 01962 886290 to get information TRAIN WALKWAY
ReplyDelete
ReplyDeleteThanks for posting this useful content, Good to know about new things here, Let me share this, . CCNA training in pune
Before asking the question How To Remove Spoolsv.exe Virus? Ask yourselves if you even know Hairstyle 2017 for man what the Spoolsv.exe is. Only when you’ve a clear understanding of it can you decide if you want it to be on your system or not, isn’t it?
ReplyDeleteAfter reading this blog i am very strong and clear in this topic and explanation also very clear in this blog so easy to understand
ReplyDeletephp training institute in chennai tambaram | php training and placements
Thanks for posting this useful content, unique vintage Good to know about new things here, Let me share this, .
ReplyDeleteReally nice one.. Thanks sweatshirts canada for sharing this type of useful content..
ReplyDeleteThis is a really good idea and I've been running BeEF on a Amazon Linux AMI for a week Second home or so. Inevitably I lose the SSH terminal sometimes so I can no longer monitor the beef activity. More serious than that, How do I gently stop beef from a new terminal window without leaving a whole bunch of stuff hanging. 'kill beef' causes a whole bunch of problems :(
ReplyDeleteJual Obat Aborsi
ReplyDeleteObat Aborsi
Obat Penggugur Kandungan
Jual Obat Cytotec
Jual Obat Aborsi Ampuh
Jual Obat Aborsi Asli Tuntas
Cara Menggugurkan Kandungan Janin
Obat Aborsi Asli Aman
Obat Aborsi Cytotec
Jual Obat Cytotec
Jual Cytotec Asli
Jual Cytotec
Klinik Obat Aborsi
Jual Obat Aborsi Cytotec
Jual Obat Aborsi Asli Ampuh
Obat Aborsi Asli
Obat Aborsi
Jual Obat Aborsi Asli Manjur
Obat Penggugur Kandungan Ampuh
Jual Obat Aborsi Online
Jual Obat Aborsi Asli Aman
Obat Penggugur Janin
Jual Obat Aborsi Kandungan
Obat Aborsi kandungan
Jual Obat Aborsi Kandungan Asli
Obat Aborsi Cytotec Asli
Jual Obat Aborsi Cytotec Ampuh
Obat Penggugur Kandungan Asli
Jual Obat Cytotec
Jual Obat Cytotec Asli
Jual Cytotec
Klinik Aborsi Aman
Jual Obat Aborsi Asli
Jual Obat Aborsi
Jual Obat Aborsi Asli
Jual Obat Aborsi Asli Ampuh
Jual Obat Aborsi Asli Tuntas
Jual Obat Aborsi Asli Manjur
Obat Penggugur Kandungan Aman
Obat Aborsi
Jual Obat Aborsi Cytotec Asli
Obat Aborsi Asli
Klinik Aborsi
Jual Obat Aborsi Ampuh
Jual Obat Aborsi Cytotec Ampuh
Jual Obat Aborsi Cytotec Asli
Jual Obat Aborsi Tuntas
Jual Obat Aborsi
Obat Aborsi Ampuh
Obat Aborsi
Obat Aborsi Asli Ampuh
Obat Aborsi Penggugur Kandungan
"Nice and good article.. it is very useful for me to learn and understand easily.. thanks for sharing your valuable information and time.. please keep updating.php jobs in hyderabad.
ReplyDelete"