Beef page being Marked as Suspicious :/
ArtisticMental opened this issue · 11 comments
- BeEF Version: BeEF 0.5.4.0
- Browser Details (e.g. Chrome v81.0):
- Operating System (Windows 11 / Linux
Configuration
- Have you made any changes to your BeEF configuration? Yes
- Have you enabled or disabled any BeEF extensions? No
Hello, thanks to everyone who responds and would like to help me out :)
I am currently trying to test beef and the Copied HTML Code looks nothing like the original site.
On top of that the USL is being marked as Suspicious.
The only line that was modified in the HTML script was the hook like.
Please offer some assistance and help with these issues! :)
What is the "Copied HTML Code" ?
The BeEF hook is written in JavaScript. You can include the BeEF hook in any HTML content using <script> HTML tags.
If your URL is marked as suspicious, it it likely due to the host/domain name. Is the URL still considered suspicious when you remove the <script> tag?
What is the "Copied HTML Code" ?
The BeEF hook is written in JavaScript. You can include the BeEF hook in any HTML content using
<script>HTML tags.If your URL is marked as suspicious, it it likely due to the host/domain name. Is the URL still considered suspicious when you remove the
<script>tag?
Thanks for your response! :)
The HTML Code is of course very long. It's just the direct copy of a sites landing page.
URL - view-source:https://www.facebook.com/login/
So after saving this to my computer
when I open it it opens fine, but after adding my hook it then looks nothing like the original page.
Not to mention when I connect it to beef with the Nano GNU text editor is when the page is flagged as suspicious.
but after adding my hook it then looks nothing like the original page.
How are you adding the hook? Are there any errors in browser console?
Not to mention when I connect it to beef with the Nano GNU text editor is when the page is flagged as suspicious.
What is flagging the page as malicious? Your web browser?
@bcoles at the top of the Script right after
Just as so
with my URL for the HTTP part of course.
Then when I link it to my Linode and navigate to my domain
my browsers mark it as suspicious
I'm afraid this will happen if someone else were to click it as well :(
Then when I link it to my Linode and navigate to my domain
I'm not sure what this means, but if the Linode URL is not marked as suspicious until you add the BeEF hook then you will need to figure out why it is flagged as suspicious.
The BEEFHOOK cookie (hook_session_name) is a bit of a giveaway. You could try changing it to something else.
Thanks:
Can you confirm that the step required for this development is about the same. People mainly use Kali for BeEF,They typically have something like Linode, they have a domain, & they use the source code from a copied site?
Not sure what to change it to.
@bcoles could the CPU also be effecting the site's performance?
@bcoles could the CPU also be effecting the site's performance?
Yes, A CPU can affect website performance. Modern websites are unnecessarily crammed full of JavaScript and associated spyware.
In BeEF, you can limit the required processing power (and network bandwidth) by increasing the default hook polling duration from1 second (1000ms) to something more reasonable.
Thanks: Can you confirm that the step required for this development is about the same. People mainly use Kali for BeEF,They typically have something like Linode, they have a domain, & they use the source code from a copied site?
Historically, the BeEF hook would be inserted into a website using reflected/DOM/stored XSS.
I do not know what the usual scenario these days. The feedback this project receives from struggling newbies far outweighs the feedback from competent users. Most of these users are using BeEF on Kali, yes. Historically, using a VPS and a domain is a common approach - especially for HTTPS.
Adding the hook to a phishing page can be useful for analytics and key logging, but may also increase detection.
BeEF includes website cloner functionality which is similar to your use case (clone website, insert JS hook), although it has not been updated for a long time.
Thanks man. I'll keep at it 👌🏻
This issue as been marked as stale due to inactivity and will be closed in 7 days