bcoles
commented
4 years ago The module returns the credentials to BeEF. It does not log you into Facebook.
Closed martinssssssss closed 4 years ago
bcoles
commented
4 years ago The module returns the credentials to BeEF. It does not log you into Facebook.
martinssssssss
commented
4 years ago the problem is that when I click on the "log pop-up" nothing happens it's just pop-up it's frozen, I guess it's some kind of Facebook protection
bcoles
commented
4 years ago the problem is that when I click on the "log pop-up" nothing happens it's just pop-up it's frozen, I guess it's some kind of Facebook protection
There is nothing in your screenshot that shows log pop-up. Do you mean the Log In button ? When you click this button the popup should go away and the username and password should be sent to BeEF.
If that is not happening then something is wrong; however, it is unlikely to be a Facebook protection mechanism. Perhaps the browser developer console will offer some hints as to what is going wrong.
martinssssssss
commented
4 years ago That's right, I mean the login button is frozen, I can't send the credentials to BeEF. I tried with different browsers but the same thing happens, I only have this problem on the Facebook pages, for that reason I think it's some kind of Facebook protection
bcoles
commented
4 years ago That's right, I mean the login button is frozen, I can't send the credentials to BeEF. I tried with different browsers but the same thing happens, I only have this problem on the Facebook pages, for that reason I think it's some kind of Facebook protection
It is unlikely to be some sort of Facebook protection. The browser development console might offer some hints, like JavaScript errors.
Also, what do you mean by Facebook pages? Are you exploiting a XSS in Facebook or MitM or fake Facebook page ?
martinssssssss
commented
4 years ago It's a fake facebook page. More precisely this problem occurs when I am not logged in to Facebook, as you can see in the picture
bcoles
commented
4 years ago It's a fake facebook page. More precisely this problem occurs when I am not logged in to Facebook, as you can see in the picture
It should not make a difference if you're logged in.
What errors do you get in the web browser console?
martinssssssss
commented
4 years ago 
These are the errors that occur when I click on the login button
bcoles
commented
4 years ago Looks like its failing on document.body.lastChild. This code only appears in the checker() function, which contains some logic to check if the log in button was pressed, and whether the username and password fields were blank. It is a bug.
jackdwalker
commented
4 years ago @bcoles - I believe I've fixed this error. The checker function was trying to access the DOM element with ID 'buttonpress'. It was trying to access it from the document.body.lastChild object instead of directly from document. document.body.lastChild does not have the .getElementById method, which was causing the error. It works for me locally now.
@martinssssssss - could you please pull my Pretty theft empty credentials error branch and test it to see if it fixes your issues? If that PR has been closed by the time you see this please just git pull origin master and let me know how you go :)
bcoles
commented
4 years ago Thanks @jackdwalker
That makes sense. Can you also take a look at the simple_hijacker module? This module uses similar code, and a cursory review of the JavaScript source code indicated that a similar issue may be present.
jackdwalker
commented
4 years ago @bcoles - no worries. I did have a brief glance at that and didn't see an exact reference to document.body.lastChild.getElementById, but I'll take a look over the other functions called on document.body.lastChild to make sure they're all working as intended.
jackdwalker
commented
4 years ago @bcoles - nope it's all good :)
martinssssssss
commented
4 years ago Hello, I fixed the Java script as you told me and now this message appears "incorrect username or password"
jackdwalker
commented
4 years ago @martinssssssss - just to clarify, you get the pop-up ('Please enter a valid username and password') when you enter credentials, AND when you don't enter credentials?
On my end I only get that pop-up now if I don't enter credentials. If I enter valid credentials the pop-up disappears. This is the expected behaviour for this module.
This module will not actually log someone into Facebook, it is designed to simply socially engineer a target into supplying their credentials.
martinssssssss
commented
4 years ago @martinssssssss - just to clarify, you get the pop-up ('Please enter a valid username and password') when you enter credentials, AND when you don't enter credentials?
On my end I only get that pop-up now if I don't enter credentials. If I enter valid credentials the pop-up disappears. This is the expected behaviour for this module.
This module will not actually log someone into Facebook, it is designed to simply socially engineer a target into supplying their credentials.
yes, of course, first I enter my data and then I press the login button and this message appears. Jack, of course, is just about stealing data, not logging into Facebook :)
Hello, can anyone tell me why I don't log in when I click on a pop-up?