Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
beefproject
GitHub Repository: beefproject/beef
 Path: blob/master/modules/social_engineering/clickjacking/module.rb
1872 views
1
#

2
# Copyright (c) 2006-2026 Wade Alcorn - [email protected]

3
# Browser Exploitation Framework (BeEF) - https://beefproject.com

4
# See the file 'doc/COPYING' for copying permission

5
#

6


7
class Clickjacking < BeEF::Core::Command

8
  def self.options

9
    @configuration = BeEF::Core::Configuration.instance

10
    proto = @configuration.beef_proto

11
    beef_host = @configuration.beef_host

12
    beef_port = @configuration.beef_port

13
    base_host = "#{proto}://#{beef_host}:#{beef_port}"

14


15
    uri = "#{base_host}/demos/clickjacking/clickjack_victim.html"

16


17
    [

18
      { 'name' => 'iFrameSrc', 'ui_label' => 'iFrame Src', 'type' => 'textarea', 'value' => uri, 'width' => '400px', 'height' => '50px' },

19
      { 'name' => 'iFrameSecurityZone', 'ui_label' => 'Security restricted (IE)', 'type' => 'checkbox' },

20
      { 'name' => 'iFrameSandbox', 'ui_label' => 'Sandbox', 'type' => 'checkbox' },

21
      { 'name' => 'iFrameVisibility', 'ui_label' => 'Show Attack', 'type' => 'checkbox', 'checked' => 'checked' },

22
      { 'name' => 'clickDelay', 'ui_label' => 'Click Delay (ms)', 'value' => '300', 'width' => '100px' },

23
      { 'name' => 'iFrameWidth', 'ui_label' => 'iFrame Width', 'value' => '16', 'width' => '100px' },

24
      { 'name' => 'iFrameHeight', 'ui_label' => 'iFrame Height', 'value' => '10', 'width' => '100px' },

25


26
      { 'name' => 'Click_1', 'type' => 'label', 'html' => '~~~~~~~~~~ CLICK 1' },

27
      { 'name' => 'clickaction_1', 'ui_label' => 'JS', 'type' => 'textarea', 'value' => '$("#overlay1").data("overlay").close();', 'width' => '400px', 'height' => '50px' },

28
      { 'name' => 'iFrameLeft_1', 'ui_label' => 'X-pos', 'value' => '20', 'width' => '100px' },

29
      { 'name' => 'iFrameTop_1', 'ui_label' => 'Y-pos', 'value' => '55', 'width' => '100px' },

30


31
      { 'name' => 'Click_2', 'type' => 'label', 'html' => '~~~~~~~~~~ CLICK 2' },

32
      { 'name' => 'clickaction_2', 'ui_label' => 'JS', 'type' => 'textarea', 'value' => '$(".more-quotes").trigger("click");', 'width' => '400px', 'height' => '50px' },

33
      { 'name' => 'iFrameLeft_2', 'ui_label' => 'X-pos', 'value' => '20', 'width' => '100px' },

34
      { 'name' => 'iFrameTop_2', 'ui_label' => 'Y-pos', 'value' => '135', 'width' => '100px' },

35


36
      { 'name' => 'Click_3', 'type' => 'label', 'html' => '~~~~~~~~~~ CLICK 3' },

37
      { 'name' => 'clickaction_3', 'ui_label' => 'JS', 'type' => 'textarea', 'value' => 'void(0)', 'width' => '400px', 'height' => '50px' },

38
      { 'name' => 'iFrameLeft_3', 'ui_label' => 'X-pos', 'value' => '-', 'width' => '100px' },

39
      { 'name' => 'iFrameTop_3', 'ui_label' => 'Y-pos', 'value' => '-', 'width' => '100px' },

40


41
      { 'name' => 'Click_4', 'type' => 'label', 'html' => '~~~~~~~~~~ CLICK 4' },

42
      { 'name' => 'clickaction_4', 'ui_label' => 'JS', 'type' => 'textarea', 'value' => 'void(0)', 'width' => '400px', 'height' => '50px' },

43
      { 'name' => 'iFrameLeft_4', 'ui_label' => 'X-pos', 'value' => '-', 'width' => '100px' },

44
      { 'name' => 'iFrameTop_4', 'ui_label' => 'Y-pos', 'value' => '-', 'width' => '100px' },

45


46
      { 'name' => 'Click_5', 'type' => 'label', 'html' => '~~~~~~~~~~ CLICK 5' },

47
      { 'name' => 'clickaction_5', 'ui_label' => 'JS', 'type' => 'textarea', 'value' => 'void(0)', 'width' => '400px', 'height' => '50px' },

48
      { 'name' => 'iFrameLeft_5', 'ui_label' => 'X-pos', 'value' => '-', 'width' => '100px' },

49
      { 'name' => 'iFrameTop_5', 'ui_label' => 'Y-pos', 'value' => '-', 'width' => '100px' },

50


51
      { 'name' => 'Click_6', 'type' => 'label', 'html' => '~~~~~~~~~~ CLICK 5' },

52
      { 'name' => 'clickaction_6', 'ui_label' => 'JS', 'type' => 'textarea', 'value' => 'void(0)', 'width' => '400px', 'height' => '50px' },

53
      { 'name' => 'iFrameLeft_6', 'ui_label' => 'X-pos', 'value' => '-', 'width' => '100px' },

54
      { 'name' => 'iFrameTop_6', 'ui_label' => 'Y-pos', 'value' => '-', 'width' => '100px' },

55


56
      { 'name' => 'Click_7', 'type' => 'label', 'html' => '~~~~~~~~~~ CLICK 7' },

57
      { 'name' => 'clickaction_7', 'ui_label' => 'JS', 'type' => 'textarea', 'value' => 'void(0)', 'width' => '400px', 'height' => '50px' },

58
      { 'name' => 'iFrameLeft_7', 'ui_label' => 'X-pos', 'value' => '-', 'width' => '100px' },

59
      { 'name' => 'iFrameTop_7', 'ui_label' => 'Y-pos', 'value' => '-', 'width' => '100px' },

60


61
      { 'name' => 'Click_8', 'type' => 'label', 'html' => '~~~~~~~~~~ CLICK 8' },

62
      { 'name' => 'clickaction_8', 'ui_label' => 'JS', 'type' => 'textarea', 'value' => 'void(0)', 'width' => '400px', 'height' => '50px' },

63
      { 'name' => 'iFrameLeft_8', 'ui_label' => 'X-pos', 'value' => '-', 'width' => '100px' },

64
      { 'name' => 'iFrameTop_8', 'ui_label' => 'Y-pos', 'value' => '-', 'width' => '100px' }

65


66
    ]

67
  end

68


69
  def post_execute

70
    save({ 'clickjack' => @datastore['clickjack'] })

71
  end

72
end

73


74