Commit Graph

30 Commits (7dacf20fca0990a0789fbb1a9e45a4691a7d7db9)

Author SHA1 Message Date
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Joe Vennix 5d234c0e01
Pass #send in this so jsobfu is not confused. 2014-09-24 15:07:14 -05:00
Tod Beardsley 19da7d551e
Kill newline (race @wvu-r7 on this)
See PR #3453
2014-06-16 11:46:08 -05:00
Tod Beardsley 2aa26fa290
Minor spacing and word choice fixups 2014-06-16 11:40:21 -05:00
joev 8b35815ead
Move module to post/firefox/manage. 2014-06-11 15:10:22 -05:00
joev bdd86bf863 Add check for windows bug (RM#8810). 2014-06-11 15:09:52 -05:00
joev a33de66da4 Fix transparent background, add VISIBLE option. 2014-06-06 16:52:00 -05:00
joev a45a5631f5 Make window invisible. 2014-06-06 16:40:55 -05:00
joev 4a9f50bb60 Clean up some dead code. 2014-06-06 16:20:40 -05:00
joev 7c762ad42c Fix some minor bugs in webrtc stuff, inline API code. 2014-06-06 16:18:39 -05:00
joev ae3c334232 Getting closer. Still something f'd with local answerer.html. 2014-05-22 17:14:35 -05:00
joev 14b796acbf First stab at refactoring webrtc mixin. 2014-05-21 15:32:29 -05:00
joev f94d1f6546 Refactors firefox js usage into a mixin. 2014-04-24 15:09:48 -05:00
Tod Beardsley 66a50b33fd
Errant whitespace 2014-04-14 13:34:39 -05:00
joev 5f0d723588 Adds history collection module for FF privileged JS. 2014-04-14 12:27:18 -05:00
joev 1715cf4650 Add base64 to prevent potential encoding issues. 2014-04-11 17:30:04 -05:00
joev 65d267032d
Fix wrong DisclosureDate. 2014-04-11 16:17:22 -05:00
joev 197a7e556b Add password colletion post module for Firefox shells. 2014-04-11 16:15:48 -05:00
Joe Vennix b7f1cee8d3 Remove targets from post module. 2014-03-26 13:55:02 -05:00
Joe Vennix ed8bf6279b Use #run, not #exploit, for post modules. 2014-03-26 13:51:05 -05:00
Joe Vennix 6c51e0fd0d Add cookie gathering post module for FF privileged sessions. 2014-03-26 13:49:53 -05:00
William Vu 61b30e8b60
Land #2869, pre-release title/desc fixes 2014-01-13 14:29:27 -06:00
Tod Beardsley 671027a126
Pre-release title/desc fixes 2014-01-13 13:57:34 -06:00
Joe Vennix f11322b29f Oh right, msftidy. 2014-01-13 13:44:34 -06:00
Joe Vennix f78ec1eeb2 Make sure we unwrap the SecurityWrapper. 2014-01-12 10:46:23 -06:00
Joe Vennix fb1a038024 Update async API to actually be async in all cases.
This avoids zalgo. Also optionally checks the return value
of the compiled Function in XSS to allow you to use send()
or an explicit return, which is maybe more natural for
synchronous xss payloads.
2014-01-07 16:17:34 -06:00
Joe Vennix 49d1285d1b Add explicit json require. 2014-01-06 11:15:10 -06:00
Joe Vennix 723c0480ab Fix description to be accurate. 2014-01-04 19:06:01 -06:00
Joe Vennix f2f68a61aa Use shell primitives instead of resorting to
echo hacks.
2014-01-04 19:00:36 -06:00
Joe Vennix b9c46cde47 Refactor runCmd, allow js exec.
* Updates exec payload to not touch disk
* Adds XSS module that uses hiddenWindow (to avoid X-Frame-Options)
2014-01-04 08:46:57 -06:00