Monday, June 4, 2012

BeEF 0.4.3.5

So, here we are with a fresh new BeEF release!

For those who want to know more about our development lifecycle, have a look here.

Obviously, with an Open Source project, it's a bit difficult to commit (well push, we're using Git at the end) the same amount of code/time every month, so it's normal to have months with more new features and addressed issues.

Last month's release (0.4.3.5) was full of new code added to the repo. I will cover the main changes.



We added experimental support to WebSockets as an alternative communication channel. The server-side handlers are event-based for performance reasons, and right now it works smoothly in Chrome/Safari and Firefox latest versions. To give it a try, modify beef.http.websocket.enable to true in the main config.yaml file. Using WebSockets the communication is much faster, especially when dealing with large requests (Tunneling Proxy) or an high number of command modules. The WebSockets work is a joint effort between Graziano Felline and Michele. The experimental branch was presented and demo'ed for the first time at AthCon 2012, together with the RESTful API. Have a look at antisnatchor blog for more information.

Antisnatchor (there are rumors in the BeEF dev team that he has a time-machine, and won't release its secrets :-)) added experimental support to Obfuscation. Disabled by default, enable the extension at beef.extension.evasion.enable at the end of the main config.yaml file if you want to play with it. The purpose of the extension is to reduce the likelihood that the BeEF hook will be detected by RegEx'es and Layer 7 filters. Obviously a manual analysis (a la sla.ckers) will reveal the goodness, but still the extension enables you to combine and chain multiple techniques as you most like it. Right now, when enabled, the main hook file and the code sent with modules is scrambled (random string substitution), minified and base64'ed. The extension is ready to accept new obfuscation techniques, have a look at the code here.

Brendan was very helpful with testing and module coding as always. He added a couple of XSRF modules for the Huawei SmartAX MT880 router and the Dlink DCS series camera, and updated the Deface Web Page module to change the page title and favicon. He added the first BeEF clickjacking module that can be used as a template for more specific attacks: an invisible iframe follows the mouse cursor. Right now, this works in Firefox and Chrome, but not yet in Internet Explorer. The code is here. Finally, he also added Cross-Site Printing (XSP) module which allows you to print to printers with port 9100 open. By default, this prints BeEF ASCII art.

Mike also committed awesome modules this time. Thanks to him, our social engineering modules are growing. He developed a module that prompts the user to install a fake Flash player update which is really a malicious Chrome extension (code). This is very nice because the extension can issue CrossDomain requests, have access to tabs, and be the launch point for other modules: Inject BeEF in all tabs, steal Google contacts, or a new one Mike added recently to steal all cookies from all tabs, including those marked with the HttpOnly flag (code).

Christian Frichot ruined his mind implementing some recursive code to enable nested module sub-categories, both in the module definition and in the admin UI. His work was really great and now for example we have the Exploit category, with general exploits and then Router and Camera sub-categories. He also added the Mobile Safari iOS 5.1 Address Bar Spoofing module, thats works great for non-patched versions.

Bart Leppens, a new recruit, added a few nice modules like the Glassfish WAR upload through XSRF (originally discovered by @malerisch, here), the frame sniffing module using LeakyFrame by Paul Stone, and a Netgear GS108T managed switch XSRF module.

Last, but not least because is pretty cool, the Heretic Clippy code has been integrated in BeEF by Nick Freeman and Denis Andzakovic: have fun tricking an IE victim to download what you want through this module :D

That's all for this release. Thanks again to everyone who contributed, and let us know if you have some cool code/feature you want to add to BeEF.

Last update, if you're around in Bochum, Germany don't miss @antisnatchor presentating at HackPra the 20th of June, and the 6th of July in Lisboa, Portugal at Just4Meeting.

2 comments:

  1. yep , BeEf starting to be a pretty nice tool :)

    ReplyDelete