Release: 0.5.3.0 (#2169)

* Fix #1851 - Command/request(s) sent to zombie 'undefined' bug (#1963)

* Provided correct context in locationHashChanged() to have data necessary for the nested function calls to act as intended.

* rubocop cleanup (#2170)

* version up (#2172)

Co-authored-by: Jack Walker <46417690+jackdwalker@users.noreply.github.com>
Co-authored-by: Isaac Powell <36595182+DeezyE@users.noreply.github.com>

.github/ISSUE_TEMPLATE.md

@@ -5,7 +5,7 @@ Verify first that your issue/request has not been posted previously:
 * https://github.com/beefproject/beef/issues
 * https://github.com/beefproject/beef/wiki/FAQ
 
-Ensure you're using the [latest version of BeEF](https://github.com/beefproject/beef/releases/tag/v0.5.2.0).
+Ensure you're using the [latest version of BeEF](https://github.com/beefproject/beef/releases/tag/v0.5.3.0).
 
 Please do your best to provide as much information as possible. It will help substantially if you can enable and provide debugging logs with your issue. Instructions for enabling debugging logs are below:
 

VERSION

@@ -4,4 +4,4 @@
 # See the file 'doc/COPYING' for copying permission
 #
 
-0.5.2.0
+0.5.3.0

config.yaml

@@ -6,7 +6,7 @@
 # BeEF Configuration file
 
 beef:
-    version: '0.5.2.0'
+    version: '0.5.3.0'
     # More verbose messages (server-side)
     debug: false
     # More verbose messages (client-side)

core/api.rb

@@ -24,28 +24,28 @@ def initialize
       # Register timed API calls to an owner
       #
       # @param [Class] owner the owner of the API hook
-      # @param [Class] c the API class the owner would like to hook into
+      # @param [Class] cla the API class the owner would like to hook into
       # @param [String] method the method of the class the owner would like to execute
       # @param [Array] params an array of parameters that need to be matched before the owner will be called
       #
-      def register(owner, c, method, params = [])
-        unless verify_api_path(c, method)
-          print_error "API Registrar: Attempted to register non-existant API method #{c} :#{method}"
+      def register(owner, cla, method, params = [])
+        unless verify_api_path(cla, method)
+          print_error "API Registrar: Attempted to register non-existant API method #{cla} :#{method}"
           return
         end
 
-        if registered?(owner, c, method, params)
-          print_debug "API Registrar: Attempting to re-register API call #{c} :#{method}"
+        if registered?(owner, cla, method, params)
+          print_debug "API Registrar: Attempting to re-register API call #{cla} :#{method}"
           return
         end
 
         id = @count
         @registry << {
-          'id'     => id,
-          'owner'  => owner,
-          'class'  => c,
-          'method' => method,
-          'params' => params
+          'id': id,
+          'owner': owner,
+          'class': cla,
+          'method': method,
+          'params': params
         }
         @count += 1
 
@@ -56,18 +56,19 @@ def register(owner, c, method, params = [])
       # Tests whether the owner is registered for an API hook
       #
       # @param [Class] owner the owner of the API hook
-      # @param [Class] c the API class
+      # @param [Class] cla the API class
       # @param [String] method the method of the class
       # @param [Array] params an array of parameters that need to be matched
       #
       # @return [Boolean] whether or not the owner is registered
       #
-      def registered?(owner, c, method, params = [])
+      def registered?(owner, cla, method, params = [])
         @registry.each do |r|
           next unless r['owner'] == owner
-          next unless r['class'] == c
+          next unless r['class'] == cla
           next unless r['method'] == method
           next unless is_matched_params? r, params
+
           return true
         end
         false
@@ -76,17 +77,18 @@ def registered?(owner, c, method, params = [])
       #
       # Match a timed API call to determine if an API.fire() is required
       #
-      # @param [Class] c the target API class
+      # @param [Class] cla the target API class
       # @param [String] method the method of the target API class
       # @param [Array] params an array of parameters that need to be matched
       #
       # @return [Boolean] whether or not the arguments match an entry in the API registry
       #
-      def matched?(c, method, params = [])
+      def matched?(cla, method, params = [])
         @registry.each do |r|
-          next unless r['class'] == c
+          next unless r['class'] == cla
           next unless r['method'] == method
           next unless is_matched_params? r, params
+
           return true
         end
         false
@@ -98,24 +100,25 @@ def matched?(c, method, params = [])
       # @param [Integer] id the ID of the API hook
       #
       def unregister(id)
-        @registry.delete_if {|r| r['id'] == id }
+        @registry.delete_if { |r| r['id'] == id }
       end
 
       #
       # Retrieves all the owners and ID's of an API hook
-      # @param [Class] c the target API class
+      # @param [Class] cla the target API class
       # @param [String] method the method of the target API class
       # @param [Array] params an array of parameters that need to be matched
       #
       # @return [Array] an array of hashes consisting of two keys :owner and :id
       #
-      def get_owners(c, method, params = [])
+      def get_owners(cla, method, params = [])
         owners = []
         @registry.each do |r|
-          next unless r['class'] == c
+          next unless r['class'] == cla
           next unless r['method'] == method
           next unless is_matched_params? r, params
-          owners << { :owner => r['owner'], :id => r['id'] }
+
+          owners << { owner: r['owner'], id: r['id'] }
         end
         owners
       end
@@ -126,23 +129,23 @@ def get_owners(c, method, params = [])
       #
       # @note This is a security precaution
       #
-      # @param [Class] c the target API class to verify
-      # @param [String] m the target method to verify
+      # @param [Class] cla the target API class to verify
+      # @param [String] met the target method to verify
       #
-      def verify_api_path(c, m)
-        (c.const_defined?('API_PATHS') && c.const_get('API_PATHS').key?(m))
+      def verify_api_path(cla, met)
+        (cla.const_defined?('API_PATHS') && cla.const_get('API_PATHS').key?(met))
       end
 
       #
       # Retrieves the registered symbol reference for an API hook
       #
-      # @param [Class] c the target API class to verify
-      # @param [String] m the target method to verify
+      # @param [Class] cla the target API class to verify
+      # @param [String] met the target method to verify
       #
       # @return [Symbol] the API path
       #
-      def get_api_path(c, m)
-        verify_api_path(c, m) ? c.const_get('API_PATHS')[m] : nil
+      def get_api_path(cla, met)
+        verify_api_path(cla, met) ? cla.const_get('API_PATHS')[met] : nil
       end
 
       #
@@ -171,32 +174,32 @@ def is_matched_params?(reg, params)
       #
       # Fires all owners registered to this API hook
       #
-      # @param [Class] c the target API class
-      # @param [String] m the target API method
+      # @param [Class] cla the target API class
+      # @param [String] met the target API method
       # @param [Array] *args parameters passed for the API call
       #
       # @return [Hash, NilClass] returns either a Hash of :api_id and :data
       #         if the owners return data, otherwise NilClass
       #
-      def fire(c, m, *args)
-        mods = get_owners(c, m, args)
+      def fire(cla, met, *args)
+        mods = get_owners(cla, met, args)
         return nil unless mods.length.positive?
 
-        unless verify_api_path(c, m) && c.ancestors[0].to_s > 'BeEF::API'
-          print_error "API Path not defined for Class: #{c} method:#{method}"
+        unless verify_api_path(cla, met) && cla.ancestors[0].to_s > 'BeEF::API'
+          print_error "API Path not defined for Class: #{cla} method:#{method}"
           return []
         end
 
         data = []
-        method = get_api_path(c, m)
+        method = get_api_path(cla, met)
         mods.each do |mod|
           begin
             # Only used for API Development (very verbose)
             # print_info "API: #{mod} fired #{method}"
 
             result = mod[:owner].method(method).call(*args)
             unless result.nil?
-              data << { :api_id => mod[:id], :data => result }
+              data << { api_id: mod[:id], data: result }
             end
           rescue => e
             print_error "API Fire Error: #{e.message} in #{mod}.#{method}()"
@@ -214,7 +217,7 @@ def fire(c, m, *args)
 require 'core/api/extension'
 require 'core/api/extensions'
 require 'core/api/main/migration'
-require 'core/api/main/network_stack/assethandler.rb'
+require 'core/api/main/network_stack/assethandler'
 require 'core/api/main/server'
 require 'core/api/main/server/hook'
 require 'core/api/main/configuration'

extensions/admin_ui/media/javascript/ui/panel/PanelViewer.js

@@ -91,11 +91,13 @@ function locationHashChanged() {
 
   if (id === null) return;
 
+  var zombie = Object.values(beefwui.hooked_browsers).find(hb => hb.session === id);
+
   id = id.replace(/[^a-z0-9]/gi, '');
   console.log("Loading hooked browser with ID: " + id);
   mainPanel.remove(mainPanel.getComponent('current-browser'));
   if(!mainPanel.getComponent('current-browser')) {
-    mainPanel.add(new ZombieTab({session: id}));
+    mainPanel.add(new ZombieTab(zombie));
   }
 
   mainPanel.activate(mainPanel.getComponent('current-browser'));

package.json

@@ -1,6 +1,6 @@
 {
     "name": "BeEF",
-    "version": "0.5.2.0",
+    "version": "0.5.3.0",
     "description": "The Browser Exploitation Framework Project",
     "scripts": {
         "docs": "./node_modules/.bin/jsdoc -c conf.json"