search

beefproject / beef

The Browser Exploitation Framework Project
https://beefproject.com
9.73k stars 2.16k forks source link

BeeF only able to hook the local page but not the page hosted on public #1588

Closed exrienz closed 5 years ago

exrienz commented 6 years ago

What version/revision of BeEF are you using? BeeF 0.4.7.0

On what version of Ruby? ruby 2.3.1p112

On what browser? Mozilla Firefox

On what operating system? Ubuntu 16

Configuration

Have you enabled or disabled any BeEF extensions? Yes, the proxy

Summary

Please provide a summary of the issue. I host the Beef Framework on the cloud server (for social engineering penetration testing). When i open the local HTML file (not even hosted on any web server), the BeeF immediately able to hook the session. So I tried to upload the HTML file inside my cloud webserver and called the uploaded page, no browser hooking occured. Tested with several webserver also.

Expected Behaviour

What was the expected result? The HTML file uploaded to the web server was able to be hooked by the BeeF framework

Actual Behaviour

What was the actual result? Nothing, BeeF cant even detect it

zarat commented 6 years ago

How do you include the beef js file? Are you using 127.0.0.1 or any local ip? If thats the case, you have to use the server's public ip instead.

exrienz commented 6 years ago

#

Copyright (c) 2006-2018 Wade Alcorn - wade@bindshell.net

Browser Exploitation Framework (BeEF) - http://beefproject.com

See the file 'doc/COPYING' for copying permission

#

BeEF Configuration file

beef: version: '0.4.7.0-alpha'

More verbose messages (server-side)

debug: false
# More verbose messages (client-side)
client_debug: false
# Used for generating secure tokens
crypto_default_value_length: 80

# Credentials to authenticate in BeEF.
# Used by both the RESTful API and the Admin interface
credentials:
    user:   "beef"
    passwd: "secret" 

# Interface / IP restrictions
restrictions:
    # subnet of IP addresses that can hook to the framework
    permitted_hooking_subnet: "0.0.0.0/0"
    # subnet of IP addresses that can connect to the admin UI
    #permitted_ui_subnet: "127.0.0.1/32"
    permitted_ui_subnet: "0.0.0.0/0"
    # slow API calls to 1 every  api_attempt_delay  seconds
    api_attempt_delay: "0.05"

# HTTP server
http:
    debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
    host: "0.0.0.0"
    port: "3000"

    # Decrease this setting to 1,000 (ms) if you want more responsiveness        #  when sending modules and retrieving results.
    # NOTE: A poll timeout of less than 5,000 (ms) might impact performance
    #  when hooking lots of browsers (50+).
    # Enabling WebSockets is generally better (beef.websocket.enable)
    xhr_poll_timeout: 1000

    # Host Name / Domain Name
    # If you want BeEF to be accessible via hostname or domain name (ie, DynDNS),
    #   set the public hostname below:
    public: "ecerde.com"      # public hostname/IP address

    # Reverse Proxy / NAT
    # If you want BeEF to be accessible behind a reverse proxy or NAT,
    #   set both the publicly accessible hostname/IP address and port below:
    #public: ""      # public hostname/IP address
    #public_port: "" # public port (experimental)

    # Web Admin user interface URI
    web_ui_basepath: "/ui"

    # Hook
    hook_file: "/hook.js"
    hook_session_name: "BEEFHOOK"
    session_cookie_name: "BEEFSESSION"

    # Allow one or multiple origins to access the RESTful API using CORS
    # For multiple origins use: "http://browserhacker.com, http://domain2.com"
    restful_api:
        allow_cors: false
        cors_allowed_domains: "http://browserhacker.com"

    # Prefer WebSockets over XHR-polling when possible.
    websocket:
        enable: false
        port: 61985 # WS: good success rate through proxies
        # Use encrypted 'WebSocketSecure'
        # NOTE: works only on HTTPS domains and with HTTPS support enabled in BeEF
        secure: true
        secure_port: 61986 # WSSecure
        ws_poll_timeout: 1000 # poll BeEF every second
        ws_connect_timeout: 500 # useful to help fingerprinting finish before establishing the WS channel

    # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
    web_server_imitation:
        enable: true
        type: "apache" # Supported: apache, iis, nginx
        hook_404: false # inject BeEF hook in HTTP 404 responses
        hook_root: false # inject BeEF hook in the server home page
    # Experimental HTTPS support for the hook / admin / all other Thin managed web services
    https:
        enable: false
        # In production environments, be sure to use a valid certificate signed for the value
        # used in beef.http.public (the domain name of the server where you run BeEF)
        key: "beef_key.pem"
        cert: "beef_cert.pem"

database:
    # For information on using other databases please read the
    # README.databases file

    # supported DBs: sqlite, mysql, postgres
    # NOTE: you must change the Gemfile adding a gem require line like:
    #   gem "dm-postgres-adapter"
    # or
    #   gem "dm-mysql-adapter"
    # if you want to switch drivers from sqlite to postgres (or mysql).
    # Finally, run a 'bundle install' command and start BeEF.
    driver: "sqlite"

    # db_file is only used for sqlite
    db_file: "beef.db"

    # db connection information is only used for mysql/postgres
    db_host: "localhost"
    db_port: 3306
    db_name: "beef"
    db_user: "beef"
    db_passwd: "beef"
    db_encoding: "UTF-8"

# Autorun Rule Engine
autorun:
    # this is used when rule chain_mode type is nested-forward, needed as command results are checked via setInterval
    # to ensure that we can wait for async command results. The timeout is needed to prevent infinite loops or eventually
    # continue execution regardless of results.
    # If you're chaining multiple async modules, and you expect them to complete in more than 5 seconds, increase the timeout.
    result_poll_interval: 300
    result_poll_timeout: 5000

    # If the modules doesn't return status/results and timeout exceeded, continue anyway with the chain.
    # This is useful to call modules (nested-forward chain mode) that are not returning their status/results.
    continue_after_timeout: true

# Enables DNS lookups on zombie IP addresses
dns_hostname_lookup: false

# IP Geolocation
# NOTE: requires MaxMind database:
#   curl -O http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
#   gunzip GeoLiteCity.dat.gz && mkdir /opt/GeoIP && mv GeoLiteCity.dat /opt/GeoIP
geoip:
    enable: false
    database: '/opt/GeoIP/GeoLiteCity.dat'

# Integration with PhishingFrenzy
# If enabled BeEF will try to get the UID parameter value from the hooked URI, as this is used by PhishingFrenzy
# to uniquely identify the victims. In this way you can easily associate phishing emails with hooked browser.
integration:
    phishing_frenzy:
        enable: true

# You may override default extension configuration parameters here
# Note: additional experimental extensions are available in the 'extensions' directory
#       and can be enabled via their respective 'config.yaml' file
extension:
    admin_ui:
        enable: true
    demos:
        enable: true
    events:
        enable: true
    evasion:
        enable: false
    requester:
        enable: true
    proxy:
        enable: false
    network:
        enable: true
    metasploit:
        enable: false
    social_engineering:
        enable: true
    xssrays:
        enable: true

Here is my config.. I can access fine the beef or hook ks file from public network.. But just didnt manage to grab any session..

sammy305 commented 6 years ago

Having the same problem here ...

bcoles commented 6 years ago

Need more info.

It's most likely a networking issue. Firewall, routes, etc.