-
Notifications
You must be signed in to change notification settings - Fork 2.2k
Geolocation
BeEF has several methods to determine the hooked browser's physical location.
Recent changes to the GeoLite (free geolocation database from MaxMind) service has meant that it will need to be manually downloaded and added to BeEF to enable GeoLocation functionality.
While the GeoLite database is free, a signup at MaxMind is still required. After creating account, locate the GeoLite2 City database in .mmdb format and place it in the location specified by config.yaml
By default, config.yaml is set to look for the MaxMind database at database: '/usr/share/GeoIP/GeoLite2-City.mmdb'.
If you opt to install the database in a different location, update this path in config.yaml:
geoip:
enable: true
database: '/usr/share/GeoIP/GeoLite2-City.mmdb'The Geolocation module will retrieve the physical location of the hooked browser using the Phonegap API.
The Get Geolocation module will retrieve the physical location of the hooked browser using the Geo-location API. The user will be prompted to share their location with the hooked origin, unless the hooked origin has been white-listed previously.
The Get Physical Location module will retrieve Geo-location information based on the neighbouring wireless access points using commands encapsulated within a self-signed Java Applet. The user will be prompted to run the Java applet.
The details will include:
- GPS Coordinates details
- Street Address details
If the victim machine has a firewall that monitors outgoing connections (Zonealarm, LittleSnitch, etc), calls to Google maps will be alerted.
Note that modern Java (as of Java 7u51) will outright refuse to execute self-signed Java applets unless they're added to the exception list.
- Configuration
- Interface
- Information Gathering
- Social Engineering
- Network Discovery
- Metasploit
- Tunneling
- XSS Rays
- Persistence
- Creating a Module
- Geolocation
- Using-BeEF-With-NGROK