antisnatchor
commented
11 years ago Thanks, I will have a look soon.
Closed danpopp closed 11 years ago
antisnatchor
commented
11 years ago Thanks, I will have a look soon.
antisnatchor
commented
11 years ago Btw, I guess it's just an issue with the GUI. If you use the RESTful api, you shouldn't have any issues.
danpopp
commented
11 years ago Thank you for the quick response, that makes sense. I'm mainly interested in the websockets/XHR-polling components, using them to determine if a client is online and pointed to the correct URL (for indoor digital signage/wayfinding purposes). The client endpoints are browser-only PCs with no VNC, and no way to install Nagios or other monitoring software. I am attempting to integrate this client-monitoring (and to a lesser degree the client-control) capabilities into a realtime-monitoring app (using node.js).
Do you know if there is any further documentation available on the hook.js script and the websockets/XHR-polling and how that is implemented in BeEF? I read the wiki (and the new wiki being worked on by Nibblr) but couldn't find anything.
Best regards and thanks again, Dan Popp
danpopp
commented
11 years ago It turns out not to be an issue with the GUI, as the same behavior is observed using the RESTful API (image attached). When I tested it earlier I used a PC and it worked but when I used the Kiosk I had problems. This leads me toward believing this is a one-off related to the specific browser on my client rather than a defect or problem in BeEF.
The BeEF enumeration results are attached below. Even though the browser reports it's capable of persistent storage, this is not actually true; because it's a 'desktop-in-a-browser', closing the browser is the same as logging out, shutting down, and restarting, booting up a 'new' environment each time.
I attempted forcing the user-agent so that it was detected as Safari 5, but the offline function still polled incorrectly, GUI and JSON. I also attempted disabling persistent storage by default but to no avail.
I suppose I can just manually correlate IPs in the arp table by MAC address and then drilldown/filter with that information, but that's slightly less elegant than I was hoping for.
I also wrote a simple Node.js access module for the BeEF RESTful API at https://github.com/danpopp/beef-cutter
Best regards, Dan Popp
Browser Name: UNKNOWN Browser Version: UNKNOWN Browser UA String: Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.34 (KHTML, like Gecko) Kiosk/1.0 Safari/534.34 Browser Plugins: ,Shockwave Flash,Java(TM) Plug-in 1.6.0_26 Window Size: Width: 1920, Height: 1080 Java Enabled: Yes VBScript Enabled: No Has Flash: Yes Has GoogleGears: No Has WebSockets: Yes Has ActiveX: No Session Cookies: Yes Persistent Cookies: No Category: Hooked Page (5 Items) Page Title: PWNED Page URI: http://10.10.30.100/ Page Referrer: No Referrer Hostname/IP: 10.10.30.100 Cookies: BEEFHOOK=lQ3MMqnSEyGHlqzJT084Ub800VKwtlzzVyYPigRrf0vMT6NlNjkznc0hXpS77CplULNOOBFEOgVZwuMV Category: Host (5 Items) Date: Sun Dec 30 2012 01:57:41 GMT-0500 (EST) OS Name: Linux Hardware: Unknown System Platform: Linux i686 Screen Size: Width: 1920, Height: 1080, Colour Depth: 24
danpopp
commented
11 years ago This issue is unfortunately not resolvable on the embedded device without implementing another method of client recognition that doesn't involve cookies (ie. MAC address). This will unfortunately only function on LANs, and may be unreliable yielding false positives in the presence of switches, routers, and other intermediary network devices. For my purposes, page URI and IP alone should be sufficient, since I only really require up/down. Hope I didn't waste too much of your time. But I will post any MAC address correlation modules I code when I eventually do.
Thank you, Dan Popp
antisnatchor
commented
11 years ago Make sense to me ;) Thanks for investigating the issue, and let me know when you will commit that stuff, if you need any help.
danpopp
commented
11 years ago I've already written the arp grepping components, but they are in node.js (link in above thread). It will not be difficult to duplicate in Ruby, but it's going to require a place in the sqlite DB to store the value, and some other minor architectural changes to facilitate. I'm not yet familiar enough with the BeEF source tree to be confident I can implement that on my own without breaking something. I am continuing to explore and lurking in the IRC room if you want to give a shout.
Best regards, Dan Popp
antisnatchor
commented
11 years ago Make sense, experiment with your clone, and send me an email or ping me on gtalk (antisnatchor@gmail.com). I'm not too connected via IRC/gtalk to be honest, but I usually reply to emails promptly.
I tested using both the latest version from github and the version available for download on beefproject.com.
When a browser goes offline it correctly disappears from the online browser list, and appears on the offline list, however; when the browser comes back online it shows up in the online list (as it's supposed to) but it does not disappear from the offline list.
Multiple disconnects/reconnects result in a growing defunct offline list, while the online list continues to function properly.
The setup I have implemented in the lab hosts the BeEF hook.js on the same LAN, embedded in an Internet-hosted site (http://example.com/index.html) using <[script type="text/javascript" src="http://10.10.30.100:3000/hook.js"]> <[/script]>.
I have confirmed the issue is still present when embedding the hook.js on a LAN-hosted site (http://10.10.30.100/index.html). And when running it off a HTML file locally or on a USB key. The target browser is Safari/webkit, but the problem persists in FF as well. I have not confirmed in IE, Opera, or Chrome.
BeEF is running on a Debian amd64 box using RVM with Ruby 1.9.3-p194 installed.
Best regards, Dan Popp