search

beefproject / beef

The Browser Exploitation Framework Project
https://beefproject.com
9.88k stars 2.19k forks source link

Webcam HTML5 TypeError #1662

Closed hexlax closed 2 years ago

hexlax commented 5 years ago

Environment

What version/revision of BeEF are you using? 0.4.7.0-alpha

On what version of Ruby? ruby 2.3.0p0

On what browser? Chrome Version 71.0.3578.98 (Official Build) (64-bit)

On what operating system? ubuntu 16.04 LTS

Configuration

Are you using a non-default configuration? yes (to host on HTTPS)

Have you enabled or disabled any BeEF extensions?

Summary

Unable to get webcam_html5 to function properly. The hooked victim's domain will have to be served from HTTPS origin per the requirements for GetUserMedia imposed in Chrome.

Testing this locally with a HTTPS and allowing access to the webcam when prompted, I verified that GetUserMedia is being called; however I'm now receiving this error in the victim's browser console:

Uncaught TypeError: Failed to execute 'createObjectURL' on 'URL': No function was found that matched the signature provided. at eval (eval at socket.onmessage (hook.js?_=1547657577331:1731), :4:756)

Expected Behaviour

What was the expected result? Captures a webcam picture via html5 when the user accepts camera access.

Actual Behaviour

What was the actual result? Uncaught TypeError

Steps to Reproduce

1) Hook a browser that's using a HTTPS origin 2) Execute the webcam_html5 against the hooked victim 3) Victim clicks webcam access when prompted 4) Observe error in developer console for uncaught typeerror

iWhacko commented 2 years ago

Seems to be a simple change according to this Stackoverflow issue: https://stackoverflow.com/questions/51101408/deprecation-of-createobjecturl-and-replace-with-the-new-htmlmediaelement-srcobje

Will try to test this and make a PR for this. Since I have never gotten it to work yet, is this supposed to take an image, or should it stream video?

bcoles commented 2 years ago

Since I have never gotten it to work yet, is this supposed to take an image, or should it stream video?

The module captures a single frame.

https://github.com/beefproject/beef/blob/1c395a315305e9e83a2826ece5625a5f11073703/modules/browser/webcam_html5/command.js#L29-L36

iWhacko commented 2 years ago

Ah Got it, just started to look at the code, makes sense.

iWhacko commented 2 years ago

Ok, I fixed the bug and added some event handlers.

Also I came across a "bug" where the image would not be sent back to the backend if the image was too large. For instance: My mac has a FacetimeHD camera. Converting to base64 would take too long, or the string would be too large, and no image would be shown. So I added an option in the module to choose the image size.

For now I will test some more and then make a merge request

iWhacko commented 2 years ago

created the merge request: #https://github.com/beefproject/beef/pull/2392

bcoles commented 2 years ago

Presumably this was fixed in #2392.