Namespace: dom

dom

Provides functionality to manipulate the DOM.

Source:

Methods

(static) attachApplet(id:, code:, codebase:, archive:, params:)

Attach an applet to the DOM, using the best approach for differet browsers (object/applet/embed). example usage in the code, using a JAR archive (recommended and faster): beef.dom.attachApplet('appletId', 'appletName', 'SuperMario3D.class', null, 'http://127.0.0.1:3000/ui/media/images/target.jar', [{'param1':'1', 'param2':'2'}]); example usage in the code, using codebase: beef.dom.attachApplet('appletId', 'appletName', 'SuperMario3D', 'http://127.0.0.1:3000/', null, null);

Parameters:
Name Type Description
id: String

reference identifier to the applet.
code: String

name of the class to be loaded. For example, beef.class.
codebase: String

the URL of the codebase (usually used when loading a single class for an unsigned applet).
archive: String

the jar that contains the code.
params: String

an array of additional params that the applet except.
Source:

(static) createElement(type, attributes) → {Array}

Creates a new element but does not append it to the DOM.

Parameters:
Name Type Description
type String

the name of the element.
attributes Array

the attributes of that element.
Source:
Returns:

the created element.

Type
Array

(static) createForm(params:, append:) → {Object}

Create a form element with the specified parameters, appending it to the DOM if append == true

Parameters:
Name Type Description
params: Hash

params to be applied to the form element
append: Boolean

automatically append the form to the body
Source:
Returns:

a form object

Type
Object

(static) createIframe(type:, params:, styles:, a) → {Object}

Create an iFrame element and prepend to document body. URI passed via 'src' property of function's 'params' parameter is assigned to created iframe tag's src attribute resulting in GET request to that URI. example usage in the code: beef.dom.createIframe('fullscreen', {'src':$j(this).attr('href')}, {}, null);

Parameters:
Name Type Description
type: String

can be 'hidden' or 'fullScreen'. defaults to normal
params: Hash

list of params that will be sent in request.
styles: Hash

css styling attributes, these are merged with the defaults specified in the type parameter
a function

callback function to fire once the iFrame has loaded
Source:
Returns:

the inserted iFrame

Type
Object

(static) createIframeIpecForm(rhost:, rport:, commands:)

Create an invisible iFrame with a form inside, and POST the form in plain-text. Used for inter-protocol exploitation.

Parameters:
Name Type Description
rhost: String

remote host ip/domain
rport: String

remote port
commands: String

protocol commands to be executed by the remote host:port service
Source:

(static) createIframeXsrfForm(action:, method:, enctype:, inputs:)

Create an invisible iFrame with a form inside, and submit it. Useful for XSRF attacks delivered via POST requests.

Parameters:
Name Type Description
action: String

the form action attribute, where the request will be sent.
method: String

HTTP method, usually POST.
enctype: String

form encoding type
inputs: Array

an array of inputs to be added to the form (type, name, value). example: [{'type':'hidden', 'name':'1', 'value':''} , {'type':'hidden', 'name':'2', 'value':'3'}]
Source:

(static) createInvisibleIframe() → {array}

Creates an invisible iframe on the hook browser's page.

Source:
Returns:

the iframe.

Type
array

(static) detachApplet(id:)

Given an id, remove the applet from the DOM.

Parameters:
Name Type Description
id: String

reference identifier to the applet.
Source:

(static) generateID(prefix) → {String}

Generates a random ID for HTML elements

Parameters:
Name Type Description
prefix String

a custom prefix before the random id. defaults to "beef-"
Source:
Returns:

generated id

Type
String

(static) getHighestZindex(whether) → {Integer|Hash}

Returns the highest current z-index

Parameters:
Name Type Description
whether Boolean

to return an associative array with the height AND the ID of the element
Source:
Returns:

  • Highest z-index in the DOM OR

    Type
    Integer

  • A hash with the height and the ID of the highest element in the DOM {'height': INT, 'elem': STRING}

    Type
    Hash

Get links of the current page.

Source:
Returns:

array of URLs.

(static) getLocation()

Get the location of the current page.

Source:
Returns:

the location.

(static) grayOut(vis:, options:)

Load a full screen div that is black, or, transparent

Parameters:
Name Type Description
vis: Boolean

whether or not you want the screen dimmer enabled or not
options: Hash

a collection of options to customise how the div is configured, as follows: opacity:0-100 // Lower number = less grayout higher = more of a blackout // By default this is 70 zindex: # // HTML elements with a higher zindex appear on top of the gray out // By default this will use beef.dom.getHighestZindex to always go to the top bgcolor: (#xxxxxx) // Standard RGB Hex color code // By default this is #000000
Source:

(static) isDOMElement(the) → {boolean}

Tests if the object is a DOM element.

Parameters:
Name Type Description
the Object

DOM element.
Source:
Returns:

true if the object is a DOM element.

Type
boolean

(static) parseAppletParams(an) → {String}

Given an array of objects (key/value), return a string of param tags ready to append in applet/object/embed

Parameters:
Name Type Description
an Array

array of params for the applet, ex.: [{'argc':'5', 'arg0':'ReverseTCP'}]
Source:
Returns:

the parameters as a string ready to append to applet/embed/object tags (ex.: ).

Type
String

(static) persistentIframe()

Load the link (href value) in an overlay foreground iFrame. The BeEF hook continues to run in background. NOTE: if the target link is returning X-Frame-Options deny/same-origin or uses Framebusting techniques, this will not work.

Source:

(static) removeElement(el)

Removes element from the DOM.

Parameters:
Name Type Description
el Object

the target element to be removed.
Source:

(static) removeStylesheets()

Remove all external and internal stylesheets from the current page - sometimes prior to socially engineering, or, re-writing a document this is useful.

Source:

Rewrites all links matched by selector to url, also rebinds the click method to simply return true

Parameters:
Name Type Description
url: String

the url to be rewritten
selector: String

the jquery selector statement to use, defaults to all a tags.
Source:
Returns:

the amount of links found in the DOM and rewritten.

Type
Number

(static) rewriteLinksClickEvents(url:, selector:) → {Number}

Rewrites all links matched by selector to url, leveraging Bilawal Hameed's hidden click event overwriting. http://bilaw.al/2013/03/17/hacking-the-a-tag-in-100-characters.html

Parameters:
Name Type Description
url: String

the url to be rewritten
selector: String

the jquery selector statement to use, defaults to all a tags.
Source:
Returns:

the amount of links found in the DOM and rewritten.

Type
Number

(static) rewriteLinksProtocol(old_protocol:, new_protocol:, selector:) → {Number}

Parse all links in the page matched by the selector, replacing old_protocol with new_protocol (ex.:https with http)

Parameters:
Name Type Description
old_protocol: String

the old link protocol to be rewritten
new_protocol: String

the new link protocol to be written
selector: String

the jquery selector statement to use, defaults to all a tags.
Source:
Returns:

the amount of links found in the DOM and rewritten.

Type
Number

Parse all links in the page matched by the selector, replacing all telephone urls ('tel' protocol handler) with a new telephone number

Parameters:
Name Type Description
new_number: String

the new link telephone number to be written
selector: String

the jquery selector statement to use, defaults to all a tags.
Source:
Returns:

the amount of links found in the DOM and rewritten.

Type
Number