16 lines
1.5 KiB
YAML
16 lines
1.5 KiB
YAML
#
|
|
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
|
|
# Browser Exploitation Framework (BeEF) - http://beefproject.com
|
|
# See the file 'doc/COPYING' for copying permission
|
|
#
|
|
beef:
|
|
module:
|
|
fake_flash_update:
|
|
enable: true
|
|
category: "Social Engineering"
|
|
name: "Fake Flash Update"
|
|
description: "Prompts the user to install an update to Adobe Flash Player.<br />The file to be delivered could be a Chrome or Firefox extension. <br /><br /> A Chrome extension has privileged access and can do a whole lot.. <ul><li>- Access all tabs and inject beef into all tabs</li><li>- Use hooked browser as a proxy to do cross domain requests</li><li>- Get all cookies including HTTPonly cookies</li></ul><br />See chrome extensions beef modules for more examples<br />See extensions/demos/flash_update_chrome_extension for extension source. <b>Note</b>: the Chrome extension delivery will work on Chrome <= 20. From Chrome 21 things changed in terms of how extensions can be loaded. See extensions/demos/flash_update_chrome_extension/manifest.json for more info and a sample extension that works on latest Chrome.<br /><br />The Firefox extension is disabling PortBanning (ports 20,21,22,25,110,143), enabling Java, overriding the UserAgent and the default home/new_tab pages.<br />See extensions/ipec/files/LinkTargetFinder dirrectory for the Firefox extension source."
|
|
authors: ["mh", "antisnatchor"]
|
|
target:
|
|
user_notify: ['ALL']
|