Burpsuite-Parser
view release on metacpan or search on metacpan
t/test1.xml view on Meta::CPAN
<!ELEMENT requestresponse (request?, response?)>
<!ELEMENT request (#PCDATA)>
<!ELEMENT response (#PCDATA)>
]>
<issues burpVersion="1.2.17" exportTime="Mon Oct 12 07:27:01 PDT 2009">
<issue>
<serialNumber>7417499774799336448</serialNumber>
<type>3145984</type>
<name>Cleartext submission of password</name>
<host>http://192.168.163.128</host>
<path><![CDATA[/beef/]]></path>
<location><![CDATA[/beef/]]></location>
<severity>High</severity>
<confidence>Certain</confidence>
<issueBackground><![CDATA[Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP...
<remediationBackground><![CDATA[The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechan...
<issueDetail><![CDATA[The page contains a form with the following action URL, which is submitted over clear-text HTTP:<ul><li>http://192.168.163.128<wbr>/beef/</li></ul>The form contains the following password field:<ul><li>passwd</li></ul>]]></i...
<requestresponse>
<request><![CDATA[GET /beef/ HTTP/1.1
Host: 192.168.163.128
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
]]></request>
<response><![CDATA[HTTP/1.1 200 OK
Date: Mon, 12 Oct 2009 14:26:53 GMT
Server: Apache/2.2.9 (Ubuntu) PHP/5.2.6-bt0 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
X-Powered-By: PHP/5.2.6-bt0
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3194
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<link rel="stylesheet" type="text/css" href="css/firefox/menu.css"> <link rel="stylesheet" type="text/css" href="css/firefox/style.css">
<title>Browser Exploit Framework</title>
<link rel="icon" href="favicon.ico" type="image/x-icon">
<script src="js/prototype.js" type="text/javascript"></script>
<script src="js/scriptaculous.js" type="text/javascript"></script>
<script src="js/common.js" type="text/javascript"></script>
<script>
// ---[ BEEF_ERROR
function beef_error(error_string) {
new Effect.Shake('beef_icon');
alert(error_string);
}
// ---[ SUBMIT_CONFIG
function submit_config(config, passwd) {
new Ajax.Updater('config_results', 'submit_config.php?config=' + config + '&passwd=' + passwd, {asynchronous:true});
}
</script>
</head>
<body>
<!-- SIDEBAR -->
<div id="sidebar">
<!-- BEEF HEADER - LINK AND IMAGE-->
<div id="header">
<center><a href=http://www.bindshell.net/tools/beef/>Browser Exploitation Framework</a></center>
<h1><div id="beef_icon"><img src="images/beef.gif" onclick="new Effect.Shake('sidebar');"></div> BeEF</h1>
</div>
<!-- Security -->
<div id="sidebar_autorun">
<div id="header" onclick="new Effect.Pulsate('zombiesdyn');">
<h2>Security</h2>
</div>
<div id="content">
<!-- DYNAMIC ZOMBIE SECTION -->
<div id="autorun_dyn">BeEF has no security by design <br><br></div>
<div id="autorun_dyn">Default password is <b>BeEFConfigPass</b> <br><br></div>
<div id="autorun_dyn">Edit 'pw.php' in BeEF root to alter the password</div>
</div>
</div>
<!-- INSTALL -->
<div id="sidebar_autorun">
<div id="header" onclick="new Effect.Pulsate('zombiesdyn');">
<!--<h2>Installation</h2>-->
</div>
<div id="content">
<!-- DYNAMIC ZOMBIE SECTION -->
<!-- <div id="autorun_dyn">BeEF has not been installed</div> -->
</div>
</div>
</div>
<!-- MAIN RIGHT SECTION -->
<div id="main">
<div id="page">
<div id="module_header">BeEF Configuration</div>
<br>
<div id="module_subsection">
<form name="configform">
<div id="module_subsection_header">Connection (IP Address or URL)</div>
This is the location that the zombies will connect to (do not include the hook directory). This must match the 'ServerName' value in your http.conf for the modules to work.
<input type="text" name="url" value="http://192.168.163.128/beef/" autocomplete="off"/>
BeEF configuration password
<input type="password" name="passwd" value="BeEFConfigPass" autocomplete="off"/>
<input class="button" type="button" value="Apply Config" onClick="javascript:submit_config(configform.url.value, configform.passwd.value)"/>
<br>Clicking 'Apply Configuration' will remove/replace these configuration files
</form>
</div>
<div id='config_results'></div>
</div>
t/test1.xml view on Meta::CPAN
]]></request>
<response><![CDATA[HTTP/1.1 200 OK
Date: Mon, 12 Oct 2009 14:27:18 GMT
Server: Apache/2.2.9 (Ubuntu) PHP/5.2.6-bt0 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
Last-Modified: Tue, 01 Sep 2009 00:55:10 GMT
ETag: "40d86-af4-472799a2b9780"
Accept-Ranges: bytes
Content-Length: 2804
Connection: close
Content-Type: application/javascript
// Javascript for BeefSploit modules
// By Ryan Linn (sussurro@happypacket.net)
// Excuse the mess, we are remodeling
var exploit_delay = 1000;
// --[ MSF GET EXPLOIT LIST
// get the list of exploits
function msf_get_exploit_list() {
url = 'action=getexploits';
msf_request(url, 'exploits', msf_get_payload_list);
}
// --[ MSF GET PAYLOAD LIST
// get relevant payload list
function msf_get_payload_list() {
url = 'action=getpayloads&exploit=' + $('exploit').value;
msf_request(url, 'payloads', msf_get_options);
}
// --[ MSG GET OPTIONS
// get relevant options for exploit and payload
function msf_get_options() {
url = 'action=getoptions&exploit=' + $('exploit').value + "&payload=" + $('payload').value;
msf_request(url, 'options', null);
}
// --[ MSF REQUEST
// generic request for msf data and actions
function msf_request(param_string, update_div, on_success_function) {
new Ajax.Request('msf.php?' + param_string,
{
method:'get',
onSuccess: function(transport){
// update div
if( (update_div != undefined) && (update_div != null) ) {
$(update_div).innerHTML = transport.responseText;
}
// onsuccess fuction
if( (on_success_function != undefined) && (on_success_function != null) ) {
on_success_function(transport.responseText);
}
},
asynchronous:true
});
}
// --[ MSF EXPLOIT
// after a delay direct selected zombies to the exploit
function msf_exploit(responseText)
{
window.setTimeout('Element.Methods.construct_code("' + responseText + '")', exploit_delay);
}
function msf_callAuxiliary() {
opts = form_to_params();
url = 'action=auxiliary&' + opts;
msf_request(url, null, msf_exploit);
}
function msf_smb_challenge_capture() {
opts = form_to_params();
url = 'action=smbchallengecapture&' + opts;
msf_request(url, null, msf_exploit);
}
function msf_browser_autopwn() {
opts = form_to_params();
url = 'action=browserautopwn&' + opts;
msf_request(url, null, msf_exploit);
}
function msf_execute_module() {
opts = form_to_params();
url = 'action=exploit&' + opts;
msf_request(url, null, msf_exploit);
}
// --[ FORM TO PARAMS
// convert the form to a URL params string and return it
function form_to_params() {
var opts = "";
for(i = 0; i < document.myform.elements.length; i++) {
if(document.myform.elements[i].name != "" && document.myform.elements[i].value != "") {
if(document.myform.elements[i].type == "checkbox" && document.myform.elements[i].checked == false) {
continue;
}
if(i > 0 ) {
opts = opts + "&";
}
opts = opts + document.myform.elements[i].name + "=";
t/test1.xml view on Meta::CPAN
<a href="world2.gif"><img class="blackico" src="world2.gif"
/><img class="whiteico" src="world2.gif" /> world2.gif</a>
<br /><a href="world2.png"><img class="blackico" src="world2.png"
/><img class="whiteico" src="world2.png" /> world2.png</a></td>
</tr>
<tr><td colspan="4">These can represent 3D worlds or other 3D formats.</td>
</tr>
</table>
</body>
</html>
]]></response>
</requestresponse>
</issue>
<issue>
<serialNumber>6496989181971731456</serialNumber>
<type>6291968</type>
<name>Email addresses disclosed</name>
<host>http://192.168.163.128</host>
<path><![CDATA[/beef/js/module.js]]></path>
<location><![CDATA[/beef/js/module.js]]></location>
<severity>Information</severity>
<confidence>Certain</confidence>
<issueBackground><![CDATA[The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as w...
<remediationBackground><![CDATA[You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.c...
<issueDetail><![CDATA[The following email address was disclosed in the response:<ul><li>wade@bindshell.net</li></ul>]]></issueDetail>
<requestresponse>
<request><![CDATA[GET /beef/js/module.js HTTP/1.1
Host: 192.168.163.128
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://192.168.163.128/beef/js/
]]></request>
<response><![CDATA[HTTP/1.1 200 OK
Date: Mon, 12 Oct 2009 14:27:18 GMT
Server: Apache/2.2.9 (Ubuntu) PHP/5.2.6-bt0 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
Last-Modified: Sat, 28 Feb 2009 22:45:27 GMT
ETag: "40d85-2e7-4640257776fc0"
Accept-Ranges: bytes
Content-Length: 743
Connection: close
Content-Type: application/javascript
// Copyright (c) 2006-2009, Wade Alcorn
// All Rights Reserved
// wade@bindshell.net - http://www.bindshell.net
// --[ ZOMBIELIST CLASS
var Module = Class.create();
Module.prototype = {
initialize: function(frequency) {
this.version = '0.1',
this.authors = 'Wade Alcorn <wade@bindshell.net>',
this.frequency = frequency,
this.id = 0;
},
heartbeat: function() {
new Ajax.Updater('module_results_section', 'get_module_details.php?action=get&result_id=' + this.id, {asynchronous:true});
},
delete_results: function() {
new Ajax.Updater('module_results_section', 'get_module_details.php?action=delete&result_id=' + this.id, {asynchronous:true});
this.heartbeat();
},
set_results_id: function(id) {
this.id = id;
}
}
]]></response>
</requestresponse>
</issue>
<issue>
<serialNumber>8456529549904184320</serialNumber>
<type>6291968</type>
<name>Email addresses disclosed</name>
<host>http://192.168.163.128</host>
<path><![CDATA[/beef/js/zombie.js]]></path>
<location><![CDATA[/beef/js/zombie.js]]></location>
<severity>Information</severity>
<confidence>Certain</confidence>
<issueBackground><![CDATA[The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as w...
<remediationBackground><![CDATA[You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.c...
<issueDetail><![CDATA[The following email addresses were disclosed in the response:<ul><li>beef.20.alfa@spamgourmet<wbr>.com</li><li>wade@bindshell.net</li></ul>]]></issueDetail>
<requestresponse>
<request><![CDATA[GET /beef/js/zombie.js HTTP/1.1
Host: 192.168.163.128
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://192.168.163.128/beef/js/
]]></request>
<response><![CDATA[HTTP/1.1 200 OK
Date: Mon, 12 Oct 2009 14:27:18 GMT
Server: Apache/2.2.9 (Ubuntu) PHP/5.2.6-bt0 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
Last-Modified: Thu, 03 Sep 2009 00:35:36 GMT
ETag: "40d8a-194d-472a18fe08600"
Accept-Ranges: bytes
Content-Length: 6477
Connection: close
Content-Type: application/javascript
// Copyright (c) 2006-2009, Wade Alcorn
// All Rights Reserved
// wade@bindshell.net - http://www.bindshell.net
function update_zombie_div(div, id, detail) {
new Ajax.Updater(div, 'get_zombie_details.php?zombie=' + id + '&detail=' + detail, {asynchronous:true});
}
// --[ ZOMBIE CLASS
var Zombie = Class.create();
Zombie.prototype = {
initialize: function(id, frequency) {
this.version = '0.1',
this.authors = 'Wade Alcorn <wade@bindshell.net>, Alexios Fakos <beef.20.alfa@spamgourmet.com>',
this.frequency = frequency,
this.id = id,
this.ip = '',
this.agent_image = '',
this.os_image = ''
},
create_button: function(highlighted) {
},
get_results: function() {
update_zombie_div('zombie_results_data', this.id, 'results');
},
get_keylog: function() {
update_zombie_div('keylog_data', this.id, 'keylog');
},
get_static_data: function() {
update_zombie_div('os_data', this.id, 'os');
update_zombie_div('browser_data', this.id, 'browser');
update_zombie_div('screen_data', this.id, 'screen');
update_zombie_div('cookie_data', this.id, 'cookie');
update_zombie_div('content_data', this.id, 'content');
update_zombie_div('loc_data', this.id, 'loc');
update_zombie_div('keylog_data', this.id, 'keylog');
update_zombie_div('zombie_results_data', this.id, 'results');
},
set_id: function(zombie) {
this.id = zombie;
this.get_static_data();
this.get_results();
this.get_keylog();
element = Builder.node('div',{id:'zombie_header'},[
Builder.node('img',{src:'/beef/images/' + this.agent_image,border:"0",height:"16",width:"16"}),
Builder.node('img',{src:'/beef/images/' + this.os_image,border:"0",height:"16",width:"16"}),
" " + this.ip
]);
$('zombie_icons').innerHTML = "";
$('zombie_icons').appendChild(element);
},
heartbeat: function() {
this.get_results();
this.get_keylog();
}
}
// --[ ZOMBIELIST CLASS
var ZombieList = Class.create();
ZombieList.prototype = {
initialize: function(frequency) {
this.version = '0.1',
this.authors = 'Wade Alcorn <wade@bindshell.net>, Alexios Fakos <beef.20.alfa@spamgourmet.com>',
this.frequency = frequency,
this.zombies = new Array();
this.selected_zombies = new Array();
this.zombie_data = new Array();
this.zombie_ids = new Array();
this.new_zombies = new Array();
this.expired_zombies = new Array();
this.current_zombie = 'none';
this.zombie = new Zombie(this.current_zombie, this.frequency);
},
update: function() {
var x = new Ajax.Request(
'get_zombie_details.php?zombie=all&detail=list',
{
method: 'get',
asynchronous: false,
evalScripts: false,
// parameters: 'func=' + func + '&zombie=' + this.zombie
}
);
var raw_zom_id_str = x.transport.responseText;
if(raw_zom_id_str.match(/none/)) {
$('zombiesdyn').innerHTML = "No Zombies Available";
return;
} else if (this.zombie_ids.length == 0) {
$('zombiesdyn').innerHTML = "";
}
zom_id_arr = raw_zom_id_str.split(',');
this.new_zombies = diff(zom_id_arr, this.zombie_ids);
this.expired_zombies = diff(this.zombie_ids, zom_id_arr);
this.expired_zombies = this.expired_zombies.unique();
this.zombie_ids = this.zombies.concat(zom_id_arr);
this.zombie_ids = this.zombie_ids.unique();
for(var i = 0; i < this.new_zombies.length; i++) {
this.add(this.new_zombies[i]);
}
for(var i = 0; i < this.expired_zombies.length; i++) {
$('zombiesdyn').removeChild(this.zombie_data[this.expired_zombies[i]]['button_element']);
}
},
add: function(zombie_id) {
this.zombie_data[zombie_id] = new Array();
var x = new Ajax.Request(
'get_zombie_details.php?zombie=' + zombie_id + '&detail=metadata',
{
method: 'get',
asynchronous: false,
evalScripts: false,
}
);
var raw_zom_id_str = x.transport.responseText;
zombie_details_arr = raw_zom_id_str.split(',');
this.zombie_data[zombie_id]['ip'] = zombie_details_arr[0];
this.zombie_data[zombie_id]['agent_image'] = zombie_details_arr[1];
this.zombie_data[zombie_id]['os_image'] = zombie_details_arr[2];
element = Builder.node('div',{id:'zombies'},[
Builder.node('a',{href:"javascript:select_zombie('" + zombie_id + "')"},[
Builder.node('img',{src:'/beef/images/' + this.zombie_data[zombie_id]['agent_image'],align:"top",border:"0",height:"12",width:"12"}),
Builder.node('img',{src:'/beef/images/' + this.zombie_data[zombie_id]['os_image'],align:"top",border:"0",height:"12",width:"12"}),
Builder.node('div',{id:'zombietext'},[this.zombie_data[zombie_id]['ip']]),
]),
]);
this.zombie_data[zombie_id]['button_element'] = element;
$('zombiesdyn').appendChild(element);
},
highlight_button: function(zombie_id) {
this.zombie_data[zombie_id]['button_element'].style.backgroundColor='#CCCCCC'
},
unhighlight_button: function(zombie_id) {
this.zombie_data[zombie_id]['button_element'].style.backgroundColor='#FFFFFF'
},
select_zombie: function(zombie_id) {
if(this.selected_zombies.indexOf(zombie_id) < 0) {
this.selected_zombies.push(zombie_id);
this.highlight_button(zombie_id);
} else {
this.selected_zombies.splice(this.selected_zombies.indexOf(zombie_id),1);
this.unhighlight_button(zombie_id);
}
},
send_code: function(code) {
if(!this.selected_zombies.length) {
beef_error('No Zombie Selected. Select zombie(s) in the sidebar');
}
// this is a work-around for a bug in Ajax.Updater - it doens't like '==' in a get param
if(decode64(code).length%3 == 1) {
tmp_code = decode64(code);
tmp_code += ";";
code = encode64(tmp_code);
}
this.selected_zombies.each( function(id) {
var params = 'data='+code;
new Ajax.Updater('module_status', 'send_cmds.php?action=cmd&zombie=' + id, {method:'post',parameters:params,asynchronous:false});
});
},
heartbeat: function() {
this.update();
this.zombie.heartbeat();
// update menu
update_zombie_div('zombie_menu', 'none', 'menu');
},
set_current_zombie: function(zombie_id) {
this.current_zombie = zombie_id;
this.zombie.ip = this.zombie_data[zombie_id]['ip'];
this.zombie.agent_image = this.zombie_data[zombie_id]['agent_image'];
this.zombie.os_image = this.zombie_data[zombie_id]['os_image'];
this.zombie.set_id(zombie_id);
},
get_html_buttons: function() {
update_zombie_div('zombiesdyn', this.current_zombie, 'buttons');
},
clear_current_zombie_results: function() {
update_zombie_div('zombie_results_data', this.current_zombie, 'deleteresults');
}
}
]]></response>
</requestresponse>
</issue>
<issue>
<serialNumber>3008796635926752256</serialNumber>
<type>8389120</type>
<name>HTML does not specify charset</name>
<host>http://192.168.163.128</host>
<path><![CDATA[/icons/README.html]]></path>
<location><![CDATA[/icons/README.html]]></location>
<severity>Information</severity>
<confidence>Certain</confidence>
<issueBackground><![CDATA[If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority...
<remediationBackground><![CDATA[For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example <b>charset=ISO-8859-1</b>.]]></remed...
<requestresponse>
<request><![CDATA[GET /icons/README.html HTTP/1.1
Host: 192.168.163.128
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://192.168.163.128/icons/
]]></request>
<response><![CDATA[HTTP/1.1 200 OK
Date: Mon, 12 Oct 2009 14:27:19 GMT
Server: Apache/2.2.9 (Ubuntu) PHP/5.2.6-bt0 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
Last-Modified: Tue, 28 Aug 2007 10:48:10 GMT
ETag: "30688-8cd9-438c0358aae80"
Accept-Ranges: bytes
Content-Length: 36057
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
t/test1.xml view on Meta::CPAN
</table>
</body>
</html>
]]></response>
</requestresponse>
</issue>
<issue>
<serialNumber>2712758913220520960</serialNumber>
<type>8389120</type>
<name>HTML does not specify charset</name>
<host>http://192.168.163.128</host>
<path><![CDATA[/beef/]]></path>
<location><![CDATA[/beef/]]></location>
<severity>Information</severity>
<confidence>Certain</confidence>
<issueBackground><![CDATA[If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority...
<remediationBackground><![CDATA[For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example <b>charset=ISO-8859-1</b>.]]></remed...
<requestresponse>
<request><![CDATA[GET /beef/ HTTP/1.1
Host: 192.168.163.128
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
]]></request>
<response><![CDATA[HTTP/1.1 200 OK
Date: Mon, 12 Oct 2009 14:26:53 GMT
Server: Apache/2.2.9 (Ubuntu) PHP/5.2.6-bt0 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
X-Powered-By: PHP/5.2.6-bt0
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3194
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<link rel="stylesheet" type="text/css" href="css/firefox/menu.css"> <link rel="stylesheet" type="text/css" href="css/firefox/style.css">
<title>Browser Exploit Framework</title>
<link rel="icon" href="favicon.ico" type="image/x-icon">
<script src="js/prototype.js" type="text/javascript"></script>
<script src="js/scriptaculous.js" type="text/javascript"></script>
<script src="js/common.js" type="text/javascript"></script>
<script>
// ---[ BEEF_ERROR
function beef_error(error_string) {
new Effect.Shake('beef_icon');
alert(error_string);
}
// ---[ SUBMIT_CONFIG
function submit_config(config, passwd) {
new Ajax.Updater('config_results', 'submit_config.php?config=' + config + '&passwd=' + passwd, {asynchronous:true});
}
</script>
</head>
<body>
<!-- SIDEBAR -->
<div id="sidebar">
<!-- BEEF HEADER - LINK AND IMAGE-->
<div id="header">
<center><a href=http://www.bindshell.net/tools/beef/>Browser Exploitation Framework</a></center>
<h1><div id="beef_icon"><img src="images/beef.gif" onclick="new Effect.Shake('sidebar');"></div> BeEF</h1>
</div>
<!-- Security -->
<div id="sidebar_autorun">
<div id="header" onclick="new Effect.Pulsate('zombiesdyn');">
<h2>Security</h2>
</div>
<div id="content">
<!-- DYNAMIC ZOMBIE SECTION -->
<div id="autorun_dyn">BeEF has no security by design <br><br></div>
<div id="autorun_dyn">Default password is <b>BeEFConfigPass</b> <br><br></div>
<div id="autorun_dyn">Edit 'pw.php' in BeEF root to alter the password</div>
</div>
</div>
<!-- INSTALL -->
<div id="sidebar_autorun">
<div id="header" onclick="new Effect.Pulsate('zombiesdyn');">
<!--<h2>Installation</h2>-->
</div>
<div id="content">
<!-- DYNAMIC ZOMBIE SECTION -->
<!-- <div id="autorun_dyn">BeEF has not been installed</div> -->
</div>
</div>
</div>
<!-- MAIN RIGHT SECTION -->
<div id="main">
<div id="page">
<div id="module_header">BeEF Configuration</div>
<br>
<div id="module_subsection">
<form name="configform">
<div id="module_subsection_header">Connection (IP Address or URL)</div>
This is the location that the zombies will connect to (do not include the hook directory). This must match the 'ServerName' value in your http.conf for the modules to work.
<input type="text" name="url" value="http://192.168.163.128/beef/" autocomplete="off"/>
BeEF configuration password
<input type="password" name="passwd" value="BeEFConfigPass" autocomplete="off"/>
<input class="button" type="button" value="Apply Config" onClick="javascript:submit_config(configform.url.value, configform.passwd.value)"/>
<br>Clicking 'Apply Configuration' will remove/replace these configuration files
</form>
</div>
<div id='config_results'></div>
</div>
t/test1.xml view on Meta::CPAN
var $R = function(start, end, exclusive) {
return new ObjectRange(start, end, exclusive);
}
var Ajax = {
getTransport: function() {
return Try.these(
function() {return new XMLHttpRequest()},
function() {return new ActiveXObject('Msxml2.XMLHTTP')},
function() {return new ActiveXObject('Microsoft.XMLHTTP')}
) || false;
},
activeRequestCount: 0
}
Ajax.Responders = {
responders: [],
_each: function(iterator) {
this.responders._each(iterator);
},
register: function(responderToAdd) {
if (!this.include(responderToAdd))
this.responders.push(responderToAdd);
},
unregister: function(responderToRemove) {
this.responders = this.responders.without(responderToRemove);
},
dispatch: function(callback, request, transport, json) {
this.each(function(responder) {
if (responder[callback] && typeof responder[callback] == 'function') {
try {
responder[callback].apply(responder, [request, transport, json]);
} catch (e) {}
}
});
}
};
Object.extend(Ajax.Responders, Enumerable);
Ajax.Responders.register({
onCreate: function() {
Ajax.activeRequestCount++;
},
onComplete: function() {
Ajax.activeRequestCount--;
}
});
Ajax.Base = function() {};
Ajax.Base.prototype = {
setOptions: function(options) {
this.options = {
method: 'post',
asynchronous: true,
contentType: 'application/x-www-form-urlencoded',
parameters: ''
}
Object.extend(this.options, options || {});
},
responseIsSuccess: function() {
return this.transport.status == undefined
|| this.transport.status == 0
|| (this.transport.status >= 200 && this.transport.status < 300);
},
responseIsFailure: function() {
return !this.responseIsSuccess();
}
}
Ajax.Request = Class.create();
Ajax.Request.Events =
['Uninitialized', 'Loading', 'Loaded', 'Interactive', 'Complete'];
Ajax.Request.prototype = Object.extend(new Ajax.Base(), {
initialize: function(url, options) {
this.transport = Ajax.getTransport();
this.setOptions(options);
this.request(url);
},
request: function(url) {
var parameters = this.options.parameters || '';
if (parameters.length > 0) parameters += '&_=';
try {
this.url = url;
if (this.options.method == 'get' && parameters.length > 0)
this.url += (this.url.match(/\?/) ? '&' : '?') + parameters;
Ajax.Responders.dispatch('onCreate', this, this.transport);
this.transport.open(this.options.method, this.url,
this.options.asynchronous);
if (this.options.asynchronous) {
this.transport.onreadystatechange = this.onStateChange.bind(this);
setTimeout((function() {this.respondToReadyState(1)}).bind(this), 10);
}
this.setRequestHeaders();
var body = this.options.postBody ? this.options.postBody : parameters;
this.transport.send(this.options.method == 'post' ? body : null);
} catch (e) {
this.dispatchException(e);
}
},
setRequestHeaders: function() {
var requestHeaders =
['X-Requested-With', 'XMLHttpRequest',
'X-Prototype-Version', Prototype.Version,
'Accept', 'text/javascript, text/html, application/xml, text/xml, */*'];
if (this.options.method == 'post') {
requestHeaders.push('Content-type', this.options.contentType);
/* Force "Connection: close" for Mozilla browsers to work around
* a bug where XMLHttpReqeuest sends an incorrect Content-length
* header. See Mozilla Bugzilla #246651.
*/
if (this.transport.overrideMimeType)
requestHeaders.push('Connection', 'close');
}
if (this.options.requestHeaders)
requestHeaders.push.apply(requestHeaders, this.options.requestHeaders);
for (var i = 0; i < requestHeaders.length; i += 2)
this.transport.setRequestHeader(requestHeaders[i], requestHeaders[i+1]);
},
onStateChange: function() {
var readyState = this.transport.readyState;
if (readyState != 1)
this.respondToReadyState(this.transport.readyState);
},
header: function(name) {
try {
return this.transport.getResponseHeader(name);
} catch (e) {}
},
evalJSON: function() {
try {
return eval('(' + this.header('X-JSON') + ')');
} catch (e) {}
},
evalResponse: function() {
try {
return eval(this.transport.responseText);
} catch (e) {
t/test1.xml view on Meta::CPAN
}
}
// Safari returns margins on body which is incorrect if the child is absolutely
// positioned. For performance reasons, redefine Position.cumulativeOffset for
// KHTML/WebKit only.
if (/Konqueror|Safari|KHTML/.test(navigator.userAgent)) {
Position.cumulativeOffset = function(element) {
var valueT = 0, valueL = 0;
do {
valueT += element.offsetTop || 0;
valueL += element.offsetLeft || 0;
if (element.offsetParent == document.body)
if (Element.getStyle(element, 'position') == 'absolute') break;
element = element.offsetParent;
} while (element);
return [valueL, valueT];
}
}]]></response>
</requestresponse>
</issue>
<issue>
<serialNumber>9184077798214964224</serialNumber>
<type>6291968</type>
<name>Email addresses disclosed</name>
<host>http://192.168.163.128</host>
<path><![CDATA[/beef/js/log.js]]></path>
<location><![CDATA[/beef/js/log.js]]></location>
<severity>Information</severity>
<confidence>Certain</confidence>
<issueBackground><![CDATA[The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as w...
<remediationBackground><![CDATA[You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.c...
<issueDetail><![CDATA[The following email address was disclosed in the response:<ul><li>wade@bindshell.net</li></ul>]]></issueDetail>
<requestresponse>
<request><![CDATA[GET /beef/js/log.js HTTP/1.1
Host: 192.168.163.128
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://192.168.163.128/beef/js/
]]></request>
<response><![CDATA[HTTP/1.1 200 OK
Date: Mon, 12 Oct 2009 14:27:18 GMT
Server: Apache/2.2.9 (Ubuntu) PHP/5.2.6-bt0 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
Last-Modified: Mon, 29 Jun 2009 01:07:50 GMT
ETag: "40d84-30e-46d7251a04580"
Accept-Ranges: bytes
Content-Length: 782
Connection: close
Content-Type: application/javascript
// Copyright (c) 2006-2009, Wade Alcorn
// All Rights Reserved
// wade@bindshell.net - http://www.bindshell.net
function refreshlog() {
new Ajax.Updater('logdata', 'logcontrol.php?action=refresh', {asynchronous:true});
update_log_div('logdyn', 'summary');
}
function clearlog() {
new Ajax.Updater('logdata', 'logcontrol.php?action=clear', {asynchronous:false});
refreshlog();
}
function update_log_div(div, action) {
new Ajax.Updater(div, 'logcontrol.php?action=' + action, {asynchronous:true});
}
// --[ LOG CLASS
var Log = Class.create();
Log.prototype = {
initialize: function(frequency) {
this.version = '0.1',
this.authors = 'Wade Alcorn <wade@bindshell.net>',
this.frequency = frequency
},
heartbeat: function() {
update_log_div('logdyn', 'summary');
}
}]]></response>
</requestresponse>
</issue>
<issue>
<serialNumber>7092083938873869312</serialNumber>
<type>6291968</type>
<name>Email addresses disclosed</name>
<host>http://192.168.163.128</host>
<path><![CDATA[/icons/README]]></path>
<location><![CDATA[/icons/README]]></location>
<severity>Information</severity>
<confidence>Certain</confidence>
<issueBackground><![CDATA[The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as w...
<remediationBackground><![CDATA[You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.c...
<issueDetail><![CDATA[The following email addresses were disclosed in the response:<ul><li>kevinh@kevcom.com</li><li>mike@hyperreal.org</li></ul>]]></issueDetail>
<requestresponse>
<request><![CDATA[GET /icons/README HTTP/1.1
Host: 192.168.163.128
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://192.168.163.128/icons/
]]></request>
<response><![CDATA[HTTP/1.1 200 OK
Date: Mon, 12 Oct 2009 14:27:19 GMT
Server: Apache/2.2.9 (Ubuntu) PHP/5.2.6-bt0 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
Last-Modified: Tue, 28 Aug 2007 10:48:10 GMT
ETag: "30687-13f4-438c0358aae80"
Accept-Ranges: bytes
Content-Length: 5108
Connection: close
Content-Type: text/plain
Public Domain Icons
These icons were originally made for Mosaic for X and have been
included in the NCSA httpd and Apache server distributions in the
past. They are in the public domain and may be freely included in any
application. The originals were done by Kevin Hughes (kevinh@kevcom.com).
Andy Polyakov tuned the icon colors and added a few new images.
If you'd like to contribute additions to this set, contact the httpd
documentation project <http://httpd.apache.org/docs-project/>.
Almost all of these icons are 20x22 pixels in size. There are
t/test1.xml view on Meta::CPAN
<tr><td valign="top"><img src="/icons/back.gif" alt="[DIR]"></td><td><a href="/beef/css/">Parent Directory</a></td><td> </td><td align="right"> - </td></tr>
<tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="menu.css">menu.css</a></td><td align="right">28-Jun-2009 21:07 </td><td align="right">1.4K</td></tr>
<tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="style.css">style.css</a></td><td align="right">30-Jun-2009 11:29 </td><td align="right">7.0K</td></tr>
<tr><th colspan="5"><hr></th></tr>
</table>
<address>Apache/2.2.9 (Ubuntu) PHP/5.2.6-bt0 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0 Server at 192.168.163.128 Port 80</address>
</body></html>
]]></response>
</requestresponse>
</issue>
<issue>
<serialNumber>7984601278301537280</serialNumber>
<type>6291968</type>
<name>Email addresses disclosed</name>
<host>http://192.168.163.128</host>
<path><![CDATA[/beef/js/autorun.js]]></path>
<location><![CDATA[/beef/js/autorun.js]]></location>
<severity>Information</severity>
<confidence>Certain</confidence>
<issueBackground><![CDATA[The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as w...
<remediationBackground><![CDATA[You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.c...
<issueDetail><![CDATA[The following email address was disclosed in the response:<ul><li>wade@bindshell.net</li></ul>]]></issueDetail>
<requestresponse>
<request><![CDATA[GET /beef/js/autorun.js HTTP/1.1
Host: 192.168.163.128
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://192.168.163.128/beef/js/
]]></request>
<response><![CDATA[HTTP/1.1 200 OK
Date: Mon, 12 Oct 2009 14:27:18 GMT
Server: Apache/2.2.9 (Ubuntu) PHP/5.2.6-bt0 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
Last-Modified: Wed, 02 Sep 2009 02:37:28 GMT
ETag: "40d7e-41a-4728f25dd6a00"
Accept-Ranges: bytes
Content-Length: 1050
Connection: close
Content-Type: application/javascript
// Copyright (c) 2006-2009, Wade Alcorn
// All Rights Reserved
// wade@bindshell.net - http://www.bindshell.net
// --[ AUTORUN CLASS
var Autorun = Class.create();
Autorun.prototype = {
initialize: function() {
this.version = '0.1',
this.authors = 'Wade Alcorn <wade@bindshell.net>',
this.enabled = false,
this.module = '',
this.code = ''
},
// params: string to be displayed in sidebar, base64 encode code
enable: function(module_name, code) {
this.code = code;
var params = 'data='+code;
new Ajax.Updater('module_status', 'send_cmds.php?action=autorun', {method:'post',parameters:params,asynchronous:false});
this.enabled = true;
this.module = module_name;
$('autorun_dyn').innerHTML = this.module + ' Module Enabled';
},
disable: function() {
var params = 'data=disable';
new Ajax.Updater('module_status', 'send_cmds.php?action=autorun', {method:'post',parameters:params,asynchronous:false});
this.enabled = false;
this.module = '';
this.status = 'Disabled';
$('autorun_dyn').innerHTML = this.status;
}
}]]></response>
</requestresponse>
</issue>
<issue>
<serialNumber>4408084536896053248</serialNumber>
<type>4195072</type>
<name>Password field submitted using GET method</name>
<host>http://192.168.163.128</host>
<path><![CDATA[/beef/]]></path>
<location><![CDATA[/beef/]]></location>
<severity>Low</severity>
<confidence>Certain</confidence>
<issueBackground><![CDATA[The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's brow...
<remediationBackground><![CDATA[All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as <b>method="POST"</b>. It may also be necessary to modify the corresponding serv...
<issueDetail><![CDATA[The page contains a form with the following action URL, which is submitted using the GET method:<ul><li>http://192.168.163.128<wbr>/beef/</li></ul>The form contains the following password field:<ul><li>passwd</li></ul>]]></i...
<requestresponse>
<request><![CDATA[GET /beef/ HTTP/1.1
Host: 192.168.163.128
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
]]></request>
<response><![CDATA[HTTP/1.1 200 OK
Date: Mon, 12 Oct 2009 14:26:53 GMT
Server: Apache/2.2.9 (Ubuntu) PHP/5.2.6-bt0 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
X-Powered-By: PHP/5.2.6-bt0
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3194
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<link rel="stylesheet" type="text/css" href="css/firefox/menu.css"> <link rel="stylesheet" type="text/css" href="css/firefox/style.css">
<title>Browser Exploit Framework</title>
<link rel="icon" href="favicon.ico" type="image/x-icon">
<script src="js/prototype.js" type="text/javascript"></script>
<script src="js/scriptaculous.js" type="text/javascript"></script>
<script src="js/common.js" type="text/javascript"></script>
<script>
// ---[ BEEF_ERROR
function beef_error(error_string) {
new Effect.Shake('beef_icon');
alert(error_string);
}
// ---[ SUBMIT_CONFIG
function submit_config(config, passwd) {
new Ajax.Updater('config_results', 'submit_config.php?config=' + config + '&passwd=' + passwd, {asynchronous:true});
}
</script>
</head>
<body>
<!-- SIDEBAR -->
<div id="sidebar">
<!-- BEEF HEADER - LINK AND IMAGE-->
<div id="header">
<center><a href=http://www.bindshell.net/tools/beef/>Browser Exploitation Framework</a></center>
<h1><div id="beef_icon"><img src="images/beef.gif" onclick="new Effect.Shake('sidebar');"></div> BeEF</h1>
</div>
<!-- Security -->
<div id="sidebar_autorun">
<div id="header" onclick="new Effect.Pulsate('zombiesdyn');">
<h2>Security</h2>
</div>
<div id="content">
<!-- DYNAMIC ZOMBIE SECTION -->
<div id="autorun_dyn">BeEF has no security by design <br><br></div>
<div id="autorun_dyn">Default password is <b>BeEFConfigPass</b> <br><br></div>
<div id="autorun_dyn">Edit 'pw.php' in BeEF root to alter the password</div>
</div>
</div>
<!-- INSTALL -->
<div id="sidebar_autorun">
<div id="header" onclick="new Effect.Pulsate('zombiesdyn');">
<!--<h2>Installation</h2>-->
</div>
<div id="content">
<!-- DYNAMIC ZOMBIE SECTION -->
<!-- <div id="autorun_dyn">BeEF has not been installed</div> -->
</div>
</div>
</div>
<!-- MAIN RIGHT SECTION -->
<div id="main">
<div id="page">
<div id="module_header">BeEF Configuration</div>
<br>
<div id="module_subsection">
<form name="configform">
<div id="module_subsection_header">Connection (IP Address or URL)</div>
This is the location that the zombies will connect to (do not include the hook directory). This must match the 'ServerName' value in your http.conf for the modules to work.
<input type="text" name="url" value="http://192.168.163.128/beef/" autocomplete="off"/>
BeEF configuration password
<input type="password" name="passwd" value="BeEFConfigPass" autocomplete="off"/>
<input class="button" type="button" value="Apply Config" onClick="javascript:submit_config(configform.url.value, configform.passwd.value)"/>
<br>Clicking 'Apply Configuration' will remove/replace these configuration files
</form>
</div>
<div id='config_results'></div>
</div>
( run in 0.723 second using v1.01-cache-2.11-cpan-75ffa21a3d4 )