The WebSockets command and control channel was added more than 10 years ago. Very little maintenance has been performed. There is significant room for improvement and many bugs. It is effectively unusable in its current state.
There are also many TODOs:
|
# This will happen if you reset BeEF database (./beef -x), |
|
# and existing zombies try to connect. These zombies will be ignored, |
|
# as they are unknown and presumed invalid. |
|
# |
|
# @todo: consider fixing this. add zombies instead of ignoring them |
|
# and report "Hooked browser X appears to have come back online" |
|
if hooked_browser.nil? |
|
# print_error "Could not find zombie with ID #{msg_hash['alive']}" |
|
next |
|
end |
|
# @todo antisnatchor: |
|
# @todo - re-use the pre_hook_send callback mechanisms to have a generic check for multipl extensions |
|
# Check if new forged requests need to be sent (Requester/TunnelingProxy) |
|
if @@config.get('beef.extension.requester.loaded') |
|
dhook = BeEF::Extension::Requester::API::Hook.new |
|
dhook.requester_run(hooked_browser, '') |
|
end |
|
/** |
|
* Polling mechanism, to notify the BeEF server that the browser is still hooked, |
|
* and the WebSocket channel still alive. |
|
* todo: there is probably a more efficient way to do this. Double-check WebSocket API. |
|
*/ |
|
alive: function (){ |
|
try { |
|
if (beef.logger.running) { |
|
beef.logger.queue(); |
|
} |
|
} catch(err){} |
|
|
|
beef.net.flush(); |
|
|
|
beef.websocket.send('{"alive":"'+beef.session.get_hook_session_id()+'"}'); |
|
setTimeout("beef.websocket.alive()", parseInt(beef.websocket.ws_poll_timeout)); |
|
} |
