diff --git a/extensions/social_engineering/extension.rb b/extensions/social_engineering/extension.rb index 9b14498af..20f04a756 100644 --- a/extensions/social_engineering/extension.rb +++ b/extensions/social_engineering/extension.rb @@ -34,9 +34,23 @@ module Extension end end +# Handlers require 'extensions/social_engineering/web_cloner/web_cloner' require 'extensions/social_engineering/web_cloner/interceptor' require 'extensions/social_engineering/mass_mailer/mass_mailer' + +# Models +require 'extensions/social_engineering/models/web_cloner' +require 'extensions/social_engineering/models/interceptor' +#require 'extensions/social_engineering/models/mass_mailer' + +# RESTful api endpoints require 'extensions/social_engineering/rest/socialengineering' + + + + + + diff --git a/extensions/social_engineering/models/interceptor.rb b/extensions/social_engineering/models/interceptor.rb new file mode 100644 index 000000000..9a72cf64d --- /dev/null +++ b/extensions/social_engineering/models/interceptor.rb @@ -0,0 +1,35 @@ +# +# Copyright 2012 Wade Alcorn wade@bindshell.net +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +module BeEF + module Core + module Models + class Interceptor + + include DataMapper::Resource + + storage_names[:default] = 'extension_seng_interceptor' + + property :id, Serial + + property :post_data, Text, :lazy => false + + belongs_to :webcloner + + end + + end + end +end diff --git a/extensions/social_engineering/models/web_cloner.rb b/extensions/social_engineering/models/web_cloner.rb new file mode 100644 index 000000000..2c4a0903c --- /dev/null +++ b/extensions/social_engineering/models/web_cloner.rb @@ -0,0 +1,36 @@ +# +# Copyright 2012 Wade Alcorn wade@bindshell.net +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +module BeEF + module Core + module Models + class Webcloner + + include DataMapper::Resource + + storage_names[:default] = 'extension_seng_webcloner' + + property :id, Serial + + property :uri, Text, :lazy => false + property :mount, Text, :lazy => false + + has n, :extension_seng_interceptor, 'Interceptor' + + end + + end + end +end diff --git a/extensions/social_engineering/rest/socialengineering.rb b/extensions/social_engineering/rest/socialengineering.rb index fe11469b8..fcb1c408b 100644 --- a/extensions/social_engineering/rest/socialengineering.rb +++ b/extensions/social_engineering/rest/socialengineering.rb @@ -43,7 +43,7 @@ module BeEF if uri != nil && mount != nil if (uri =~ URI::regexp).nil? #invalid URI - "Invalid URI" + print_error "Invalid URI" halt 401 end diff --git a/extensions/social_engineering/web_cloner/interceptor.rb b/extensions/social_engineering/web_cloner/interceptor.rb index 3cf6551d3..d8d19dfaa 100644 --- a/extensions/social_engineering/web_cloner/interceptor.rb +++ b/extensions/social_engineering/web_cloner/interceptor.rb @@ -27,9 +27,7 @@ module BeEF get "/" do print_info "GET request" print_info "Referer: #{request.referer}" - file = File.open(settings.file_path,'r') - cloned_page = file.read - file.close + cloned_page = settings.cloned_page cloned_page end @@ -41,6 +39,12 @@ module BeEF print_info "Intercepted data:" print_info data + interceptor_db = BeEF::Core::Models::Interceptor.new( + :webcloner_id => settings.db_entry.id, + :post_data => data + ) + interceptor_db.save + if settings.frameable print_info "Page can be framed :-) Loading original URL into iFrame..." "\n" diff --git a/extensions/social_engineering/web_cloner/web_cloner.rb b/extensions/social_engineering/web_cloner/web_cloner.rb index 13c799ded..1e3c68205 100644 --- a/extensions/social_engineering/web_cloner/web_cloner.rb +++ b/extensions/social_engineering/web_cloner/web_cloner.rb @@ -74,10 +74,11 @@ module BeEF frameable = is_frameable(url) interceptor = BeEF::Extension::SocialEngineering::Interceptor - interceptor.set :file_path, file_path interceptor.set :redirect_to, url interceptor.set :frameable, frameable interceptor.set :beef_hook, @beef_hook + interceptor.set :cloned_page, get_page_content(file_path) + interceptor.set :db_entry, persist_page(url,mount) @http_server.mount("#{mount}", interceptor.new) print_info "Mounting cloned page on URL [#{mount}]" @@ -114,6 +115,22 @@ module BeEF result end + def get_page_content(file_path) + file = File.open(file_path,'r') + cloned_page = file.read + file.close + cloned_page + end + + def persist_page(uri, mount) + webcloner_db = BeEF::Core::Models::Webcloner.new( + :uri => uri, + :mount => mount + ) + webcloner_db.save + webcloner_db + end + end end end