Attempted hook from out of target range browser (#{request.ip}) rejected

[ghost]

Verify first that your issue/request has not been posted previously:

• https://github.com/beefproject/beef/issues
• https://github.com/beefproject/beef/wiki/FAQ

Ensure you're using the latest version of BeEF.

Environment

What version/revision of BeEF are you using? beef-xss is already the newest version (0.4.7.0-0kali4).

On what version of Ruby? ruby is already the newest version (1:2.3.3)

On what operating system? kali linux

i want to hook browser over the internet but i see that i have to do port forwarding but connect my phone usb tethering so i was unable to do port forwarding so i use ngrok command "./ngrok http 3000" and data forwarded to the ngrok url but when i try to hook my phone browser the page was open but in ngrok it was showing /hook.js 500 internal error and in beef panel "Attempted hook from out of target range browser (xxx:20xx:1xxx:bxx6:bcxxx:9xxx:xxxx:xxx) rejected what is problem

[bcoles]

Looks like beef.restrictions.permitted_hooking_subnet doesn't support IPv6.

You can get around this issue by commenting out lines 32 - 37 in core/main/handlers/hookedbrowsers.rb

[ghost]

already done this thing and "GET /hook.js 200 OK" in ngrok was good but online browser dont list that devise may be some mistake in config.ymal sir can tell
#

Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net

Browser Exploitation Framework (BeEF) - http://beefproject.com

See the file 'doc/COPYING' for copying permission

#

BeEF Configuration file

beef: version: '0.4.7.0-alpha'

More verbose messages (server-side)

debug: false
# More verbose messages (client-side)
client_debug: false
# Used for generating secure tokens
crypto_default_value_length: 80

# Interface / IP restrictions
restrictions:
    # subnet of IP addresses that can hook to the framework
    permitted_hooking_subnet: "0.0.0.0/0"
    # subnet of IP addresses that can connect to the admin UI
    #permitted_ui_subnet: "127.0.0.1/32"
    permitted_ui_subnet: "0.0.0.0/0"

# HTTP server
http:
    debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
    host: "0.0.0.0"
    port: "3000"

    # Decrease this setting to 1,000 (ms) if you want more responsiveness
    #  when sending modules and retrieving results.
    # NOTE: A poll timeout of less than 5,000 (ms) might impact performance
    #  when hooking lots of browsers (50+).
    # Enabling WebSockets is generally better (beef.websocket.enable)
    xhr_poll_timeout: 1000

    # Reverse Proxy / NAT
    # If BeEF is running behind a reverse proxy or NAT
    #  set the public hostname and port here
    #public: ""      # public hostname/IP address
    #public_port: "" # experimental

    # DNS
    dns_host: "localhost"
    dns_port: 53

    # Web Admin user interface URI
    web_ui_basepath: "/ui"

    # Hook
    hook_file: "/hook.js"
    hook_session_name: "BEEFHOOK"
    session_cookie_name: "BEEFSESSION"

    # Allow one or multiple origins to access the RESTful API using CORS
    # For multiple origins use: "http://browserhacker.com, http://domain2.com"
    restful_api:
        allow_cors: false
        cors_allowed_domains: "http://browserhacker.com"

    # Prefer WebSockets over XHR-polling when possible.
    websocket:
        enable: false
        port: 61985 # WS: good success rate through proxies
        # Use encrypted 'WebSocketSecure'
        # NOTE: works only on HTTPS domains and with HTTPS support enabled in BeEF
        secure: true
        secure_port: 61986 # WSSecure
        ws_poll_timeout: 1000 # poll BeEF every second

    # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
    web_server_imitation:
        enable: true
        type: "apache" # Supported: apache, iis, nginx
        hook_404: false # inject BeEF hook in HTTP 404 responses
        hook_root: false # inject BeEF hook in the server home page
    # Experimental HTTPS support for the hook / admin / all other Thin managed web services
    https:
        enable: false
        # In production environments, be sure to use a valid certificate signed for the value
        # used in beef.http.dns_host (the domain name of the server where you run BeEF)
        key: "beef_key.pem"
        cert: "beef_cert.pem"

database:
    # For information on using other databases please read the
    # README.databases file

    # supported DBs: sqlite, mysql, postgres
    # NOTE: you must change the Gemfile adding a gem require line like:
    #   gem "dm-postgres-adapter"
    # or
    #   gem "dm-mysql-adapter"
    # if you want to switch drivers from sqlite to postgres (or mysql).
    # Finally, run a 'bundle install' command and start BeEF.
    driver: "sqlite"

    # db_file is only used for sqlite
    db_file: "db/beef.db"

    # db connection information is only used for mysql/postgres
    db_host: "localhost"
    db_port: 3306
    db_name: "beef"
    db_user: "beef"
    db_passwd: "beef"
    db_encoding: "UTF-8"

# Credentials to authenticate in BeEF.
# Used by both the RESTful API and the Admin_UI extension
credentials:
    user:   "hacked"
    passwd: "hacked"

# Autorun Rule Engine
autorun:
    # this is used when rule chain_mode type is nested-forward, needed as command results are checked via setInterval
    # to ensure that we can wait for async command results. The timeout is needed to prevent infinite loops or eventually
    # continue execution regardless of results.
    # If you're chaining multiple async modules, and you expect them to complete in more than 5 seconds, increase the timeout.
    result_poll_interval: 300
    result_poll_timeout: 5000

    # If the modules doesn't return status/results and timeout exceeded, continue anyway with the chain.
    # This is useful to call modules (nested-forward chain mode) that are not returning their status/results.
    continue_after_timeout: true

# Enables DNS lookups on zombie IP addresses
dns_hostname_lookup: false

# IP Geolocation
# NOTE: requires MaxMind database:
#   curl -O http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
#   gunzip GeoLiteCity.dat.gz && mkdir /opt/GeoIP && mv GeoLiteCity.dat /opt/GeoIP
geoip:
    enable: false
    database: '/opt/GeoIP/GeoLiteCity.dat'

# Integration with PhishingFrenzy
# If enabled BeEF will try to get the UID parameter value from the hooked URI, as this is used by PhishingFrenzy
# to uniquely identify the victims. In this way you can easily associate phishing emails with hooked browser.
integration:
    phishing_frenzy:
        enable: false

# You may override default extension configuration parameters here
extension:
    requester:
        enable: true
    proxy:
        enable: true
        key: "beef_key.pem"
        cert: "beef_cert.pem"
    metasploit:
        enable: false
    social_engineering:
        enable: true
    evasion:
        enable: false
    console:
         shell:
            enable: false
    ipec:
        enable: true
    # this is still experimental..
    # Disable it in kali because it doesn't work with the current
    # version of ruby-rubydns (older version is required by beef-xss)
    dns:
        enable: false
    # this is still experimental..
    dns_rebinding:
        enable: false

[basinas13]

Same problem here as kanudivay..

After forwarding port on ngrok (./ngrok http 3000)

Tried to change those variables in the configuration file mentioned above:

# If BeEF is running behind a reverse proxy or NAT
#  set the public hostname and port here
#public: ""      # public hostname/IP address
#public_port: "" # experimental

Inserted into the "public" field my ngrok address (http://xxxxxxx.ngrok.io) and "3000" into the "public_port" field. Removed quotes and hash tags.

Although ngrok is responding to my test browser (GET /hook.js), i see no browser in beef.

Any suggestion?

[ghost]

i have solved the issue i think the problem was with ngrok i think it was unable to do port forwarding at 3000 so first go to /usr/share/beef-xss/config.yaml

HTTP server

http: debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace. host: "0.0.0.0" port: "3000" change 3000 to 80

HTTP server

http: debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace. host: "0.0.0.0" port: "80" and forward ngrok to http 80 thats all

[bcoles]

Thanks @kanudivay

@basinas13 did this work for you?

[basinas13]

Yes, I forwarded port 80 with ngrok and works fine.

Thank you for your help.

[MayankSrivastava94]

@basinas13 basinas13 please explain how u used beef with ngrok

[basinas13]

After installing and authenticating ngrok (see ngrok website for instructions), type in the shell:

./ngrok http 80 (so as to forward the relevant port)

Then find the "config.yaml" file which is located at "usr/share/beef-xss/config.yaml".

After you open it "leafpad config.yaml", you have to change the "port" value from "3000" which is the default, to "80" as you can see in the previous comments. Save the changes.

You start beef and log into the main interface. Now the hook url that you have to send should be like that: "http://xxxxxxx.ngrok.io/demos/butcher/index" or any other link, as long as you type the ngrok address in the beginning (you can see the address in the ngrok window)

That should work on PC browsers and mobile phones on Wi-fi (not on 3g/4g mobiles as far as i know)

[datr1xa]

hey guys, i had the same problem and i had the same idea so switch the port 3000 to port 80 but now i have a new the error. the terminal show me the UI URL: http://127.0.0.1:80/ui/panel BUT if i put the link in the browser i get "NOT FOUND The requested URL /ui/panel was not found on this server (the browser transform the 127.0.0.1:80/ui/panel in 127.0.0.1/ui/panel)" i think is isnt the problem.

i dont know why he open the ui panel, if i switch the port 3000 to 80 maybe any1 solved the problem, thanks guys!

[devanshot]

The beef-xss service is unable to connect on ports other than 3000. Ngrok is doing the forwarding but beef is not showing hooked browsers over WAN . hey @basinas13 and @bcoles can you help me with this?