Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,011 Commits 14 Branches 34 Tags
4a733a6f74f17ede608cbc9a544bca18ed1ea5d2
Commit Graph

651 Commits

Author SHA1 Message Date
antisnatchor
4a733a6f74 Finishing ui_abuse_ie module development. Minor fix on one animated gif remains. Tested on IE9/10 on Win7 successfully. 2014-03-13 17:37:04 +00:00
antisnatchor
d4fd537108 Continued working on ui_abuse_ie module 2014-03-12 20:58:39 +00:00
antisnatchor
14f1991542 Fixed config.yaml issue in ui_abuse_ie module. 2014-03-12 17:15:22 +00:00
antisnatchor
1c055febeb Working on new exploit module that abuses UI expectations on IE9/10 tricking the user to run a (signed) exe. Based on Rosario Valotta research. 2014-03-12 16:59:09 +00:00
Kosta Xynos
44058f0025 Remove stuck iframes and get html from page and iframes modules 2014-03-09 21:55:21 +00:00
Kosta Xynos
25550f9cfa Add Asus RT-N66U and DSL-N66U Command Execution via CSRF support 2014-03-06 16:20:44 +00:00
bcoles
32d30a8176 Remove the method from a couple of 'beef.dom.createIframe' calls 
Part of issue #969
 2014-02-28 23:49:27 +10:30
Phil Grohe
f274001a65 Revised comments on beef.dom.createIframe() to reflect removal of 'method' parameter & form submitting behavior. Updated existing function calls to beef.dom.createIframe() to remove 'method' parameter. 2014-02-22 11:57:56 -05:00
bcoles
563296f67b Add malicious FF extension (reverse shell) module 2014-01-27 08:30:37 +10:30
bcoles
d230cfa593 trivial edits for consistency 2014-01-27 07:29:00 +10:30
bcoles
2b44c9184d Add malicious FF bindshell module 2014-01-27 07:21:44 +10:30
bmantra
0e57fb0be1 Inital version of CookieJar overflow module. And minor bugfix of active fax overflow module. 2014-01-19 19:58:14 +01:00
bcoles
83ed8558b7 Add encoding type argument 'enctype' to 'createIframeXsrfForm()' 2014-01-12 02:34:24 +10:30
bcoles
e50d681a64 Add BozoCrack module 2014-01-11 23:27:13 +10:30
bcoles
1f83c2a63f Add Redis IPEC module 2014-01-08 22:22:22 +10:30
bcoles
7c977ef1aa Move 'modules/exploits/sqlitemanager_xss/' to 'modules/exploits/xss/' directory 2014-01-04 11:48:10 +10:30
bcoles
f97087c37a Change hard-coded 'hook.js' to 'beef.http.hook_file' 2014-01-04 11:33:58 +10:30
Wade Alcorn
8003f1a47f Updated the copyright year to 2014 2014-01-01 16:34:15 +10:00
bcoles
b307891364 Add 'IE MS13-069 CCaret Use-After-Free' exploit module from MSF 2013-12-30 22:53:18 +10:30
bcoles
f0d989f6e9 Update description 2013-12-30 22:48:51 +10:30
bcoles
fe37a14adc Add 'IE MS12-004 midiOutPlayNextPolyEvent Heap Overflow' exploit module from MSF 2013-12-30 10:59:25 +10:30
bcoles
bece5c1438 Add wifi_pineapple_csrf module (untested and disabled) 2013-12-30 07:58:07 +10:30
bcoles
1862870b11 Get all input fields 
Update 'Get Form Values' module to retrieve all input fields
on the hooked page - not just input fields inside of form elements.

This makes more sense.
 2013-12-30 07:19:37 +10:30
bcoles
02e6d4db11 Rescue StandardError rather than Exception 2013-12-30 06:41:07 +10:30
bmantra
94e98f2fbb 2 seconds is more than enough to send a fax :p 2013-11-29 21:25:35 +01:00
bmantra
7afa52ec99 add module for Cross-Site Faxing (XSF) 2013-11-29 21:06:36 +01:00
bmantra
d7116b8f08 add IPE with ActiveFax 5.01 2013-11-29 19:18:37 +01:00
gcatt
612d0d91bb Module Update: Fake LastPass 
Updated Firefox frame in order to look more similar to the real one.
 2013-11-04 15:41:31 +01:00
bcoles
05502a3c91 fix bug preventing loading of 'replace_video_fake_plugin' module 2013-11-04 15:52:54 +10:30
gcatt
f1df608f64 Module Update: lcamtuf Download 
Updated Adobe Flash Player URL to the current one.
 2013-10-30 18:29:44 +01:00
gcatt
9987f0781f Module Update: Fake Flash Update 
Updated the prompted picture and part of the module.
 2013-10-30 17:05:01 +01:00
bcoles
41bfb8e995 Fix bug with Unity Web Player detection 
Fix issue #910
 2013-10-17 17:54:16 +10:30
gcatt
d4c69f2bfd Module: Detect Unity Web Player 2013-10-15 15:47:47 +02:00
bcoles
8e6751611d Add beef.browser.getPageHead() and beef.browser.getPageBody() 
Update 'Get Page HTML' module to use these functions

Tested on IE6, FF22, C28

Fix issue #518
 2013-10-13 03:37:15 +10:30
bcoles
09443675cc Fix bug in fake_notification_ff module 2013-10-12 00:43:54 +10:30
bcoles
70cac51a5d Add error check for missing dropper 2013-10-11 23:14:56 +10:30
antisnatchor
050da281ac Modified Gemfile. Added missing directory for Firefox Extension dropper module. 2013-10-10 20:47:14 +01:00
antisnatchor
5dd46ffd72 From antisnatchor with love. New module: malicious Firefox Extension dropper. Based on @mihi42 FF extension. 2013-10-10 15:18:03 +01:00
antisnatchor
b280d099f8 From antisnatchor with love. New module: Signed Java Applet dropper (win only for now). 2013-10-08 17:02:02 +01:00
bmantra
fa95ac5b55 initial commit of the beef bind shellcode 2013-09-28 21:18:23 +02:00
bcoles
5942138aba Update spyder eye module 
* file error handling
* render the screenshot in the admin UI
* log screenshot filename to master logs
 2013-09-12 18:29:56 +09:30
bcoles
25aca3d291 Update 'command.js' for Spyder Eye module 2013-09-11 15:26:15 +09:30
bcoles
257a310a02 Update 'module.rb' for Spyder Eye module 2013-09-11 15:24:54 +09:30
bcoles
2420d59a72 Update 'config.yaml' for Spyder Eye module 2013-09-11 15:20:19 +09:30
Christian
3f7eec4e28 adding generic module to take screenshoots with canvas 2013-09-09 13:52:13 -05:00
Christian Frichot
1b6159ebeb New Module - Detect Internal IP with WebRTC. See Issue #929 2013-09-08 11:09:57 +08:00
bcoles
f2883e0c94 Fixed typo 
Extra 'i' from vim insert mode
 2013-08-09 13:34:24 +09:30
bcoles
21417dc3e2 Update BeEF server protocol for multiple modules to use 
`beef.http.https.enable`

Now uses the `beef.net.httpproto` value rather than a hard-coded
protocol string.

Part of issue #745
 2013-08-09 13:21:33 +09:30
Christian Frichot
7f64c94e03 New Module - Fake LastPass Dialog 2013-07-21 13:53:44 +08:00
Christian Frichot
82a70fbcd0 Detect LastPass module (except on IE) - #802 2013-07-20 13:58:20 +08:00