Certain browser details are considered as invalid #3051
Comments
|
Thank you for bringing this to our attention. The image has been removed because it contained a routable IP address, but the discussion can continue with the image omitted. Could you clarify if the issue pertains to the console message "browser: UNKNOWN -121.0.0.0"? |
|
You can also join our Discord for assistance with this issue. Here's the link: https://discord.gg/ugmKmHarKc |
Well, the messages I want to get rid off are the ones with the following structure:
And also, as a consecuence of them, the one you mentioned:
|
|
Thank you for pointing this out. We'll look into that bug. |
|
Hi @jme418 , I'm investigating this and will try to reproduce it. Are you still experiencing the issue? |
|
I have reproduced the issue on Ubuntu 24.04.1 LTS (64-bit) with Firefox 130.0 (64-bit) and Chrome 129.0.6668.58 (Official Build) (64-bit) as the victim browser. I've got the below regardless of whether metasploit is integrated or not. The only condition needed for this, is for the victim browser not to be in the 'hooked register' as it happens at the initial hooking stage. If the browser is hooked, then goes offline, then is hooked again the issue does not happen. 
When printing out @DaTa['results'] during the hooking phase, i can see "browser.name"=>"UNKNOWN" |
|
Investigating is_valid_browsername conditions in core>main>handlers>browserdetails.rb and core>filters>browser.rb Also, looking at how the data is collected in core>main>client>browser.js |
|
Added fix for version and renamed the PR. |
|
Trying to reproduce the plugins issue. |
|
Thanks for your help! I'm sorry I couldn't get back to you sooner to answer your questions, it's been a busy week for me. Let me know if you need anything. |
|
All good, @jme418, as you can see I have invalid name and version fix in the PR already. It's pending for the approval and merge. I've also setup myself an android VM for the first time and managed to reproduce the invalid plugin issue on Chrome there. [17:32:33][!] [Browser Details] Invalid browser plugins returned from the hook browser's initial connection. I'm looking now how to fix it. |
|
When printing out and comparing the plugin details with other browsers, seems that Android browser either doesn't have any or it gets somewhere removed on the way. Investigating further. [20:31:01][] BROWSER PLUGIN: [] |
It is probably empty. Browser details, such as name and plugins, are validated with filters ( |
|
According to my investigation, it appears that mobile browsers do not support plugins. I'll adjust the code in browserdetails.rb and browser.rb to account for this scenario. |
|
I believe this is now resolved, waiting for merge. |
|
@jme418 before I proceed to close the ticket, could you kindly confirm if the issue has been resolved and if the recent fix has been merged into the main branch? |
|
Hi @stephenakq , the PR is currently addressing just the invalid version and plugins issues. Since we can't use userAgent to confirm browser name, i had to remove that part and couldn't find an alternative yet. The PR is not merged yet, I'm waiting for that. |
|
Added fix for FF browser name into the PR. |
|
#3149 has all the fixes, waiting for it to be merged. |
|
Hi @jme418 , could you please confirm your issue is now resolved? Thanks |
First Steps
BeEF Version: 0.5.4.0
Ruby Version: ruby 3.1.2p20 (2022-04-12 revision 4491bb740a) [x86_64-linux-gnu]
Browser Details (e.g. Chrome v81.0): Causing problems with all I've tried (FF - 115.8.0esr, O - 108.0.5067.29, C - 123.0.6312.86, 123.0.6312.58, 121.0.6167.178)
Operating System: Linux, Windows and Android
Configuration
Steps to Reproduce
I did the installation guided by this page: https://null-byte.wonderhowto.com/how-to/hack-web-browsers-with-beef-control-webcams-phish-for-credentials-more-0159961/
and all it's looking great, with metasploit exploits correctly loaded.
[removed]
Something strange I can see is that the plugins one appears only when accessing via Android.
The text was updated successfully, but these errors were encountered: