search

beefproject / beef

The Browser Exploitation Framework Project
https://beefproject.com
9.86k stars 2.18k forks source link

Beef Using Ngrok, Keep recieving the 500 Internal Server Error through ngrok http 3000. #1625

Closed matthematt closed 6 years ago

matthematt commented 6 years ago

Here are some of my files, please let me know if you see anything incorrect that could potentially be causing this error. I am trying to get ngrok to work over WAN, it seems to loads on other wifi connections. But I don't get the hook IP in my UI.

  1. cd usr/share/beef-xss/config.yaml: #

    Copyright (c) 2006-2018 Wade Alcorn - wade@bindshell.net

    Browser Exploitation Framework (BeEF) - http://beefproject.com

    See the file 'doc/COPYING' for copying permission

    #

    BeEF Configuration file

beef: version: '0.4.7.0-alpha'

More verbose messages (server-side)

debug: false
# More verbose messages (client-side)
client_debug: false
# Used for generating secure tokens
crypto_default_value_length: 80

# Credentials to authenticate in BeEF.
# Used by both the RESTful API and the Admin interface
credentials:
    user:   "beef"
    passwd: "beef"

# Interface / IP restrictions
restrictions:
    # subnet of IP addresses that can hook to the framework
    permitted_hooking_subnet: "0.0.0.0/0"
    # subnet of IP addresses that can connect to the admin UI
    #permitted_ui_subnet: "127.0.0.1/32"
    permitted_ui_subnet: "0.0.0.0/0"
    # slow API calls to 1 every  api_attempt_delay  seconds
    api_attempt_delay: "0.05"

# HTTP server
http:
    debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
    host: "0.0.0.0"
    port: "3000"

    # Decrease this setting to 1,000 (ms) if you want more responsiveness
    #  when sending modules and retrieving results.
    # NOTE: A poll timeout of less than 5,000 (ms) might impact performance
    #  when hooking lots of browsers (50+).
    # Enabling WebSockets is generally better (beef.websocket.enable)
    xhr_poll_timeout: 1000

    # Host Name / Domain Name
    # If you want BeEF to be accessible via hostname or domain name (ie, DynDNS),
    #   set the public hostname below:
    #public: ""      # public hostname/IP address

    # Reverse Proxy / NAT
    # If you want BeEF to be accessible behind a reverse proxy or NAT,
    #   set both the publicly accessible hostname/IP address and port below:
    public: "http://1bc24309.ngrok.io"      # public hostname/IP address
    public_port: "80" # public port (experimental)

    # Web Admin user interface URI
    web_ui_basepath: "/ui"

    # Hook
    hook_file: "/hook.js"
    hook_session_name: "BEEFHOOK"
    session_cookie_name: "BEEFSESSION"

    # Allow one or multiple origins to access the RESTful API using CORS
    # For multiple origins use: "http://browserhacker.com, http://domain2.com"
    restful_api:
        allow_cors: false
        cors_allowed_domains: "http://browserhacker.com"

    # Prefer WebSockets over XHR-polling when possible.
    websocket:
        enable: false
        port: 61985 # WS: good success rate through proxies
        # Use encrypted 'WebSocketSecure'
        # NOTE: works only on HTTPS domains and with HTTPS support enabled in BeEF
        secure: true
        secure_port: 61986 # WSSecure
        ws_poll_timeout: 1000 # poll BeEF every second
        ws_connect_timeout: 500 # useful to help fingerprinting finish before establishing the WS channel

    # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
    web_server_imitation:
        enable: true
        type: "apache" # Supported: apache, iis, nginx
        hook_404: false # inject BeEF hook in HTTP 404 responses
        hook_root: false # inject BeEF hook in the server home page
    # Experimental HTTPS support for the hook / admin / all other Thin managed web services
    https:
        enable: false
        # In production environments, be sure to use a valid certificate signed for the value
        # used in beef.http.public (the domain name of the server where you run BeEF)
        key: "beef_key.pem"
        cert: "beef_cert.pem"

database:
    # For information on using other databases please read the
    # README.databases file

    # supported DBs: sqlite, mysql, postgres
    # NOTE: you must change the Gemfile adding a gem require line like:
    #   gem "dm-postgres-adapter"
    # or
    #   gem "dm-mysql-adapter"
    # if you want to switch drivers from sqlite to postgres (or mysql).
    # Finally, run a 'bundle install' command and start BeEF.
    driver: "sqlite"

    # db_file is only used for sqlite
    db_file: "beef.db"

    # db connection information is only used for mysql/postgres
    db_host: "10.0.2.15"
    db_port: 3306
    db_name: "beef"
    db_user: "beef"
    db_passwd: "beef"
    db_encoding: "UTF-8"

# Autorun Rule Engine
autorun:
    # this is used when rule chain_mode type is nested-forward, needed as command results are checked via setInterval
    # to ensure that we can wait for async command results. The timeout is needed to prevent infinite loops or eventually
    # continue execution regardless of results.
    # If you're chaining multiple async modules, and you expect them to complete in more than 5 seconds, increase the timeout.
    result_poll_interval: 300
    result_poll_timeout: 5000

    # If the modules doesn't return status/results and timeout exceeded, continue anyway with the chain.
    # This is useful to call modules (nested-forward chain mode) that are not returning their status/results.
    continue_after_timeout: true

# Enables DNS lookups on zombie IP addresses
dns_hostname_lookup: false

# IP Geolocation
# NOTE: requires MaxMind database:
#   curl -O http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
#   gunzip GeoLiteCity.dat.gz && mkdir /opt/GeoIP && mv GeoLiteCity.dat /opt/GeoIP
geoip:
    enable: false
    database: '/opt/GeoIP/GeoLiteCity.dat'

# Integration with PhishingFrenzy
# If enabled BeEF will try to get the UID parameter value from the hooked URI, as this is used by PhishingFrenzy
# to uniquely identify the victims. In this way you can easily associate phishing emails with hooked browser.
integration:
    phishing_frenzy:
        enable: false

# You may override default extension configuration parameters here
# Note: additional experimental extensions are available in the 'extensions' directory
#       and can be enabled via their respective 'config.yaml' file
extension:
    admin_ui:
        enable: true
    demos:
        enable: true
    events:
        enable: true
    evasion:
        enable: false
    requester:
        enable: true
    proxy:
        enable: true
    network:
        enable: true
    metasploit:
        enable: true
    social_engineering:
        enable: true
    xssrays:
        enable: true
  1. cd usr/share/beef-xss/extensions/metasploit/config.yaml:

#

Copyright (c) 2006-2018 Wade Alcorn - wade@bindshell.net

Browser Exploitation Framework (BeEF) - http://beefproject.com

See the file 'doc/COPYING' for copying permission

#

Enable MSF integration by changing beef.extension.metasploit.enable

to true in BeEF's main config.yaml file.

#

Ensure you load the msgrpc interface in Metasploit before starting BeEF:

msf > load msgrpc ServerHost=127.0.0.1 Pass=abc123 SSL=y

#

Ensure that the IP address supplied to Metasploit with the 'ServerHost'

parameter is the same IP address as specified in beef.extension.metasploit.host

#

Ensure that the IP address specified in beef.extension.metasploit.callback_host

is the publicly accessible IP address for victim connections to Metasploit.

beef: extension: metasploit: name: 'Metasploit' enable: false

Metasploit msgrpc connection options

        host: "10.0.2.15"
        port: 55552
        user: "msf"
        pass: "abc123"
        uri: '/api'
        ssl: true
        ssl_version: 'TLS1'
        ssl_verify: true
        # Public connect back host IP address for victim connections to Metasploit
        callback_host: "10.0.2.15"
        # URIPATH from Metasploit Browser AutoPwn server module
        autopwn_url: "autopwn"
        # Start msfrpcd automatically with BeEF
        auto_msfrpcd: false
        auto_msfrpcd_timeout: 120
        msf_path: [
          {os: 'osx', path: '/opt/local/msf/'},
          {os: 'livecd', path: '/opt/metasploit-framework/'},
          {os: 'bt5r3', path: '/opt/metasploit/msf3/'},
          {os: 'bt5', path: '/opt/framework3/msf3/'},
          {os: 'backbox', path: '/opt/backbox/msf/'},
          {os: 'kali', path: '/usr/share/metasploit-framework/'},
          {os: 'pentoo', path: '/usr/lib/metasploit'},
          {os: 'custom', path: ''}
        ]
  1. ./beef -x [17:37:45][] Browser Exploitation Framework (BeEF) 0.4.7.0-alpha [17:37:45] | Twit: @beefproject [17:37:45] | Site: https://beefproject.com [17:37:45] | Blog: http://blog.beefproject.com [17:37:45] |_ Wiki: https://github.com/beefproject/beef/wiki [17:37:45][] Project Creator: Wade Alcorn (@WadeAlcorn) [17:37:45][] Connecting to Metasploit on 10.0.2.15:55552 [17:37:45][!] API Fire Error: authentication failed in {:owner=>BeEF::Extension::Metasploit::API::MetasploitHooks, :id=>22}.post_soft_load() [17:37:45][] Resetting the database for BeEF. [17:37:45][] BeEF is loading. Wait a few seconds... [17:37:51][] 9 extensions enabled. [17:37:51][] 302 modules enabled. [17:37:51][] 2 network interfaces were detected. [17:37:51][] running on network interface: 127.0.0.1 [17:37:51] | Hook URL: http://127.0.0.1:3000/hook.js [17:37:51] |_ UI URL: http://127.0.0.1:3000/ui/panel [17:37:51][] running on network interface: 10.0.2.15 [17:37:51] | Hook URL: http://10.0.2.15:3000/hook.js [17:37:51] | UI URL: http://10.0.2.15:3000/ui/panel [17:37:51][*] Public: [17:37:51] | Hook URL: http://http://1bc24309.ngrok.io:80/hook.js [17:37:51] | UI URL: http://http://1bc24309.ngrok.io:80/ui/panel [17:37:51][!] Warning: Default username and weak password in use! [17:37:51] |_ New password for this instance: 19facc27ec4dccbcd337ad680639f81b [17:37:51][] RESTful API key: 24026bab709aa70ed5200e932e03b9116c9dd3c9 [17:37:51][] HTTP Proxy: http://127.0.0.1:6789 [17:37:51][*] BeEF server started (press control+c to stop)
matthematt commented 6 years ago

Also changed cd usr/share/beef-xss/extensions/demos/html/butcher/index.html:

LIONSEC

LIONSEC

then created a hook.js file in the same directory with the my ngrok.io/hook.js code inside of it.
matthematt commented 6 years ago

That didn't seem to work either, maybe I messed up somewhere?

Also using the git clone version of beef Also my beef is updated.

bcoles commented 6 years ago

Eliminate ngrok from the equation. Does BeEF work locally?

I am trying to get ngrok to work over WAN, it seems to loads on other wifi connections. But I don't get the hook IP in my UI.

What does that mean?

Hook URL: http://http://1bc24309.ngrok.io:80/hook.js

That's not a valid URL. Presumable you set public in config.yaml to http://1bc24309.ngrok.io. That's incorrect. That's a URL. The public property expects a hostname.