search

beefproject / beef

The Browser Exploitation Framework Project
https://beefproject.com
9.71k stars 2.15k forks source link

Certain browser details are considered as invalid #3051

Open jme418 opened 5 months ago

jme418 commented 5 months ago

First Steps

BeEF Version: 0.5.4.0 Ruby Version: ruby 3.1.2p20 (2022-04-12 revision 4491bb740a) [x86_64-linux-gnu] Browser Details (e.g. Chrome v81.0): Causing problems with all I've tried (FF - 115.8.0esr, O - 108.0.5067.29, C - 123.0.6312.86, 123.0.6312.58, 121.0.6167.178) Operating System: Linux, Windows and Android

Configuration

  1. Have you made any changes to your BeEF configuration? Yes.
  2. Have you enabled or disabled any BeEF extensions? Yes, Metasploit one but I do not remember if anyone else, I've been using BeEF for a while.

Steps to Reproduce

I did the installation guided by this page: https://null-byte.wonderhowto.com/how-to/hack-web-browsers-with-beef-control-webcams-phish-for-credentials-more-0159961/

  1. I always start with this commands secuence:
msfconsole
load msgrpc ServerHost=127.0.0.1 User=msf Pass=kali SSL=y
sudo netstat -tuln | grep LISTEN
sudo ./beef

and all it's looking great, with metasploit exploits correctly loaded.

  1. Then I do the one for the ngrok tunnel and no problems here.
  2. It is now, when accessing an infected domain, where the mentioned in the title issue appears. I get this type of messages:

[removed]

Something strange I can see is that the plugins one appears only when accessing via Android.

stephenakq commented 5 months ago

Thank you for bringing this to our attention.

The image has been removed because it contained a routable IP address, but the discussion can continue with the image omitted. Could you clarify if the issue pertains to the console message "browser: UNKNOWN -121.0.0.0"?

stephenakq commented 5 months ago

You can also join our Discord for assistance with this issue. Here's the link: https://discord.gg/ugmKmHarKc

jme418 commented 5 months ago

Thank you for bringing this to our attention.

The image has been removed because it contained a routable IP address, but the discussion can continue with the image omitted. Could you clarify if the issue pertains to the console message "browser: UNKNOWN -121.0.0.0"?

Well, the messages I want to get rid off are the ones with the following structure:

[!] Browser Details Invalid browser name/versions/plugins from the hook browser's initial connection.

And also, as a consecuence of them, the one you mentioned:

browser: UNKNOWN -121.0.0.0

stephenakq commented 5 months ago

Thank you for pointing this out. We'll look into that bug.

zinduolis commented 2 days ago

Hi @jme418 , I'm investigating this and will try to reproduce it. Are you still experiencing the issue?

zinduolis commented 5 hours ago

I have reproduced the issue on Ubuntu 24.04.1 LTS (64-bit) with Firefox 130.0 (64-bit) as the victim browser. This was with metasploit plugin enabled.

Screenshot 2024-09-20 at 6 52 31 pm
zinduolis commented 5 hours ago

When starting beef without metasploit integration, the message about invalid browser doesn't come up, only the 'Hooked browser' one once a module is executed. Example in the screenshot below is with 'Fake Notification Bar' module.

Screenshot 2024-09-20 at 7 08 15 pm