Verify first that your issue/request has not been posted previously:

Ensure you're using the latest version of BeEF.

Environment

What version/revision of BeEF are you using? 0.4.7.0-alpha

On what version of Ruby? 1:2.3.3 On what browser?

On what operating system?

Configuration

Are you using a non-default configuration?

Have you enabled or disabled any BeEF extensions?

Summary

I'm trying to integrate beef-xss and metasploit but I get this error = API Fire Error: authentication failed in {:owner=>BeEF::Extension::Metasploit::API::MetasploitHooks, :id=>20}.post_soft_load()

the config.yal are #

Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net

Browser Exploitation Framework (BeEF) - http://beefproject.com

See the file 'doc/COPYING' for copying permission

BeEF Configuration file

beef: version: '0.4.7.0-alpha'

More verbose messages (server-side)

debug: false
# More verbose messages (client-side)
client_debug: false
# Used for generating secure tokens
crypto_default_value_length: 80

# Interface / IP restrictions
restrictions:
    # subnet of IP addresses that can hook to the framework
    permitted_hooking_subnet: "0.0.0.0/0"
    # subnet of IP addresses that can connect to the admin UI
    #permitted_ui_subnet: "127.0.0.1/32"
    permitted_ui_subnet: "0.0.0.0/0"

# HTTP server
http:
    debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
    host: "0.0.0.0"
    port: "3000"

    # Decrease this setting to 1,000 (ms) if you want more responsiveness
    #  when sending modules and retrieving results.
    # NOTE: A poll timeout of less than 5,000 (ms) might impact performance
    #  when hooking lots of browsers (50+).
    # Enabling WebSockets is generally better (beef.websocket.enable)
    xhr_poll_timeout: 1000

    # Reverse Proxy / NAT
    # If BeEF is running behind a reverse proxy or NAT
    #  set the public hostname and port here
    #public: ""      # public hostname/IP address
    #public_port: "" # experimental

    # DNS
    dns_host: "79.21.173.84"
    dns_port: 53

    # Web Admin user interface URI
    web_ui_basepath: "/ui"

    # Hook
    hook_file: "/hook.js"
    hook_session_name: "BEEFHOOK"
    session_cookie_name: "BEEFSESSION"

    # Allow one or multiple origins to access the RESTful API using CORS
    # For multiple origins use: "http://browserhacker.com, http://domain2.com"
    restful_api:
        allow_cors: false
        cors_allowed_domains: "http://browserhacker.com"

    # Prefer WebSockets over XHR-polling when possible.
    websocket:
        enable: false
        port: 61985 # WS: good success rate through proxies
        # Use encrypted 'WebSocketSecure'
        # NOTE: works only on HTTPS domains and with HTTPS support enabled in BeEF
        secure: true
        secure_port: 61986 # WSSecure
        ws_poll_timeout: 1000 # poll BeEF every second

    # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
    web_server_imitation:
        enable: true
        type: "apache" # Supported: apache, iis, nginx
        hook_404: false # inject BeEF hook in HTTP 404 responses
        hook_root: false # inject BeEF hook in the server home page
    # Experimental HTTPS support for the hook / admin / all other Thin managed web services
    https:
        enable: false
        # In production environments, be sure to use a valid certificate signed for the value
        # used in beef.http.dns_host (the domain name of the server where you run BeEF)
        key: "beef_key.pem"
        cert: "beef_cert.pem"

database:
    # For information on using other databases please read the
    # README.databases file

    # supported DBs: sqlite, mysql, postgres
    # NOTE: you must change the Gemfile adding a gem require line like:
    #   gem "dm-postgres-adapter"
    # or
    #   gem "dm-mysql-adapter"
    # if you want to switch drivers from sqlite to postgres (or mysql).
    # Finally, run a 'bundle install' command and start BeEF.
    driver: "sqlite"

    # db_file is only used for sqlite
    db_file: "db/beef.db"

    # db connection information is only used for mysql/postgres
    db_host: "79.21.173.84"
    db_port: 3306
    db_name: "beef"
    db_user: "beef"
    db_passwd: "beef"
    db_encoding: "UTF-8"

# Credentials to authenticate in BeEF.
# Used by both the RESTful API and the Admin_UI extension
credentials:
    user:   "beef"
    passwd: "beef"

# Autorun Rule Engine
autorun:
    # this is used when rule chain_mode type is nested-forward, needed as command results are checked via setInterval
    # to ensure that we can wait for async command results. The timeout is needed to prevent infinite loops or eventually
    # continue execution regardless of results.
    # If you're chaining multiple async modules, and you expect them to complete in more than 5 seconds, increase the timeout.
    result_poll_interval: 300
    result_poll_timeout: 5000

    # If the modules doesn't return status/results and timeout exceeded, continue anyway with the chain.
    # This is useful to call modules (nested-forward chain mode) that are not returning their status/results.
    continue_after_timeout: true

# Enables DNS lookups on zombie IP addresses
dns_hostname_lookup: false

# IP Geolocation
# NOTE: requires MaxMind database:
#   curl -O http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
#   gunzip GeoLiteCity.dat.gz && mkdir /opt/GeoIP && mv GeoLiteCity.dat /opt/GeoIP
geoip:
    enable: false
    database: '/opt/GeoIP/GeoLiteCity.dat'

# Integration with PhishingFrenzy
# If enabled BeEF will try to get the UID parameter value from the hooked URI, as this is used by PhishingFrenzy
# to uniquely identify the victims. In this way you can easily associate phishing emails with hooked browser.
integration:
    phishing_frenzy:
        enable: false

# You may override default extension configuration parameters here
extension:
    requester:
        enable: true
    proxy:
        enable: true
        key: "beef_key.pem"
        cert: "beef_cert.pem"
    metasploit:
        enable: true
    social_engineering:
        enable: true
    evasion:
        enable: false
    console:
         shell:
            enable: false
    ipec:
        enable: true
    # this is still experimental..
    # Disable it in kali because it doesn't work with the current
    # version of ruby-rubydns (older version is required by beef-xss)
    dns:
        enable: false
    # this is still experimental..
    dns_rebinding:
        enable: false

and

Please note that the ServerHost parameter must have the same value of host and callback_host variables here below.

Also always use the IP of your machine where MSF is listening.

beef: extension: metasploit: name: 'Metasploit' enable: true host: "79.21.173.84" port: 55552 user: "msf" pass: "abc123" uri: '/api'

if you need "ssl: true" make sure you start msfrpcd with "SSL=y", like:

        # load msgrpc ServerHost=IP Pass=abc123 SSL=y
        ssl: true
        ssl_version: 'TLSv1'
        ssl_verify: true
        callback_host: "79.21.173.84"
        autopwn_url: "autopwn"
        auto_msfrpcd: false
        auto_msfrpcd_timeout: 120
        msf_path: [ 
          {os: 'osx', path: '/opt/local/msf/'},
          {os: 'livecd', path: '/opt/metasploit-framework/'},
          {os: 'bt5r3', path: '/opt/metasploit/msf3/'},
          {os: 'bt5', path: '/opt/framework3/msf3/'},
          {os: 'backbox', path: '/opt/backbox/msf/'},
          {os: 'kali', path: '/usr/share/metasploit-framework/'},
          {os: 'pentoo', path: '/usr/lib/metasploit'},
          {os: 'win', path: 'c:\\metasploit-framework\\'},
          {os: 'custom', path: '/usr/share/metasploit-framework/'}
        ]

please help

beefproject / beef

API Fire Error: authentication failed in {:owner=>BeEF::Extension::Metasploit::API::MetasploitHooks, :id=>20}.post_soft_load() #1438