Settings and automatization in Ui.

[hastalamuerte]

Hello, thank for you great framework! And thank everybody who contribute and etc.

1. Is it possible to add all options and settings (from yml) in UI (control panel) ? It will be much user friendly .

2. The second question - can you plz add one Automatization module/yep again in UI. Set a different auto rules for new hooked browsers. I see it looks like some templates with checked payloads/commands/modules with order configure + If look deeper it can be detailed with rules and switches wich depends at browser and os of hooked person. If its chrome rule will turn off all firefox matched plugins. Or if module 1 succes /have response, start module 2. If no start module 3. Etc..

/But at first it will be more than ok just choose in UI modules to auto execute when new (?) hooked browser online.

Thx best regards. Glad that beef still have updates!

Upd1. In wiki i found that auto rules and browser detect and much more is allready implement in Beef framework. Its what exactly need that tool. Plz add it to UI.

[bcoles]

The second question - can you plz add one Automatization module/yep again in UI.

I presume you're referring to the old system where each module had a checkbox which you could tick/untick within the UI without restarting BeEF.

The new autorun rules engine is far more flexible. It is unfortunate that the new system is not as easy to use.

There are REST API endpoints to manage autorun rules if someone wants to wire them up to the UI:

https://github.com/beefproject/beef/blob/master/core/main/rest/handlers/autorun_engine.rb

[hastalamuerte]

Thanks for answer.

If it more flexible maybe rules can be changed without restart beef panel. and using without crafting some other API software. If i only be more good in coding - ok , but my level just simple python scripts , yet.
In one whitehat community one of the biggest for one big country. there was talks about beef. It was called useles without automatisation by admin of that public with reasons.### Most of people still dont know that it functional allready ON . And its bad

If it will be not hard work for a team plz add that in UI . PLZ ) Maybe checkboxes is not best idea, idk. Sorry i was not so close with beef yet

In settings / options , config, on off beef modules , etc In auto - set auto on/off(order?) payloads,exploits etc.

Here is some auto third party modules, but honestly its better to use all in one place. In official beef repo. https://github.com/ssooking/AutoBeef 2017!) https://github.com/youhacker55/BeefAuto - its easy ngrok setup and some other features

[github-actions[bot]]

This issue as been marked as stale due to inactivity and will be closed in 7 days

[github-actions[bot]]

This issue as been marked as stale due to inactivity and will be closed in 7 days

[hastalamuerte]

Hello , is there some movements? I so want to use a Beef framework, but its still hard to without automatization in easy way (at least simple scripts for simple cookie, session auto stealing). Plz improve it.

[hastalamuerte]

It will have a new life , if it will be implemented. For shure. All web is full of xss, but it useless, without such helper as a beef!

https://github.com/shadow-workers/shadow-workers here is a thing that have such automatisation, but. I need BEEF)

[bcoles]

Simplifying the shortcomings of the existing autorun rules engine has been discussed internally for years since the ARE was introduced.

So far there is no interest to work on this task.

[bcoles]

But sad that you dont hear arguments wich where sayed before.

Improving/simplifying the autorun rules engine is a good idea. No one is interested in implementing it.

[0xbad53c]

Perhaps this can fulfill some needs. I wrote a simple Python wrapper script to execute BeEF modules on all currently online zombie browsers: https://github.com/0xbad53c/CattleStorm

@hastalamuerte @bcoles

[bcoles]

Perhaps this can fulfill some needs. I wrote a simple Python wrapper script to execute BeEF modules on all currently online zombie browsers:

Unfortunately this has the same issue as the historical approach in that it requires BeEF clients to poll before executing commands. Hooks may be short lived.

Ideally the ARE should be simplified to be easier to use. This issue (#1968) needs to be fixed first. Fixed in #2782.

[github-actions[bot]]

This issue as been marked as stale due to inactivity and will be closed in 7 days

[github-actions[bot]]

This issue as been marked as stale due to inactivity and will be closed in 7 days

[LauchieHarvey]

Hello! Thanks for all of your contribution to the project @bcoles & @wadealcorn. I would like to help out with this issue if you think it's possible & worthwhile. My general thoughts are:

1. Add an "Auto Run" or "Runbook" tab in the same place that @hastalamuerte suggested. After looking at the source code I think I'd do this via the extensions/admin_ui/media/JavaScript/UI/panel/MainPanel.js file.
2. Build forms to enable CRUD actions on ARE flows. Is the REST API spec in the wiki page 3.2 (Auto Run Engine) the one that I should be referencing? If so, is it up to date?
3. Allow the user to see (and select from) the list of predefined ARE flows in the arerules directory.
4. Allow the user to choose between Nested Forward or Sequential Chaining. I'd most likely start by just implementing one and then maybe add the other later.

I'd love to get your suggestions about this before I get started. This will be my first time contributing to this project (and to any ruby project for that matter).

[stephenakq]

Thank you for offering to help.

Your plan sounds good, especially starting with the "Auto Run" tab and building out CRUD actions for ARE flows. The best first step is checking the REST API spec in the wiki page 3.2 to ensure it's up to date and functional before proceeding.

Welcome to the project

[LauchieHarvey]

The PR is here: #3031 It doesn't address the settings changes, just the Auto Run UI implementation.