Skip to content

Release Notes

Isaac Powell edited this page Sep 12, 2021 · 7 revisions

This section is dedicated to a more verbose release notes.

0.5.2.0

Core - Fixed public hook url configuration settings (#1785)

As mentioned in #1785 there is currently a bug that prevents BeEF from hooking browsers when the BeEF hook (public) URL is different from the BeEF host (local) URL ((ie, behind a reverse proxy, or when used via services such as ngrok, or when using port forwarding from a border gateway)

To resolve this issue the PR completely decouples the local host settings from the public settings. This means that if a user sets anything in the public section within the configuration.

        # If BeEF is running behind a reverse proxy or NAT
        #  set the public hostname and port here & protocol
        public:
            host: "example.com"
            port: "3000"
            https: true/false

It will automatically use these values when referencing the hook (public) URL. These values can be seen in the Configuration object used through the application.

Beef Host

      #
       # Returns the beef host which is used by external resources
       # e.g. hooked browsers
       def beef_host
         public_host || local_host
       end

Beef Port

      #
       # Returns the beef port which is used by external resource
       # e.g. hooked browsers
       def beef_port
         public_port || local_port
       end

Beef protocol (http/https)

#
       # Returns the beef protocol that is used by external resources
       # e.g. hooked browsers
       def beef_proto
         if public_enabled? && public_https_enabled? then
           return 'https'
         elsif public_enabled? && !public_https_enabled?
           return 'http'
         elsif !public_enabled?
           return local_proto
         end
       end

A contributor can now new some new configuration values that will reference the full hooking url

      #
       # Returns the beef scheme://host:port for external resources
       # e.g. hooked browsers
       def beef_url_str
         "#{beef_proto}://#{beef_host}:#{beef_port}"
       end

      # Returns the url to the hook file
       #
       # @return [String] the url string
       def hook_url
         "#{beef_url_str}#{hook_file_path}"
       end

These new configuration getters can be used through the code base reducing the code repetition found through the code base

     @configuration = BeEF::Core::Configuration.instance
     beef_proto = @configuration.get("beef.http.https.enable") == true ? "https" : "http";
     beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
     beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port")
     beef_hook = @configuration.get("beef.http.hook_file")
     hook_url = "#{beef_proto}://#{beef_host}:#{beef_port}/#{beef_hook}"

Can now simply be the following

    @config.hook_url

The most common issue that would be raised due to this bug was when a users was trying to implement ngrok. Ngrok would use the https protocol and if the user did not setup the beef local host using https it would cause mixed content errors preventing browser hooking.

With the net configuration items, the user can now have a https proxy that redirects to a http local host, please see the new setup instructions for ngrok here

Usability - ./beef now includes user prompt to pull the latest repo and update BeEF.

The automatic pull and update prompt will timeout after 5 seconds and skip the update process. Found in ./beef as shown:

if BeEF::Core::Console::CommandLine.parse[:update_disabled] == false
  if BeEF::Core::Console::CommandLine.parse[:update_auto] == true
  print "Pulling latest BeEF repository and updating"
  `git pull && bundle`  
  else
    begin
      answer = Timeout::timeout(5) do
        print "Would you like to check and download the latest BeEF update? y/n: " 
        response = gets
        `git pull && bundle` if response.strip == 'y' 
      end
      rescue Timeout::Error
        puts "\nUpdate Skipped with input timeout"
      end
  end
end

Additionally there are 2 flags to allow update auto ('-ua') and update disabled ('-ud') added to the commandline.rb startup options as shown below:

              opts.on('-ud', '--update_disabled', 'Skips update') do 
                @options[:update_disabled] = true
              end

              opts.on('-ua', '--update_auto', 'Automatic update with no prompt') do 
                @options[:update_auto] = true
              end

Fixed - Cannot delete offline hook browsers (#2044)

Extension: Admin UI

Currently there is a defect if an offline zombie exists and you try to delete it in the tree list view, it will not delete. This was due to the existing code not referencing the correct variable for online/offline hooked browser

Screen Shot 2021-09-12 at 8 59 09 am

  var hb_id = this.contextNode.id.split('zombie-online-')[1];
  var hb_id_off = this.contextNode.id.split('zombie-offline-')[1];

The code used to delete the zombie referenced the hb_id

  var token = beefwui.get_rest_token();
  if (!confirm('Are you sure you want to delete zombie [id: ' + hb_id + '] ?\nWarning: this will remove all zombie related data, including logs and command results!')) {
     //commands_statusbar.update_fail('Cancelled');
    return;
  }
     
  //commands_statusbar.update_sending('Removing zombie [id: ' + hb_id + '] ...');
  var url = "/api/hooks/" + escape(hb_id) + "/delete?token=" + token;
  Ext.Ajax.request({
    url: url,
    method: 'GET'
  });

To make sure the delete for both online/offline will work the following code could be used. Splits the id by - and references the last substring which contains the ID.

  var hb_id = this.contextNode.id.split('-')[2];
Clone this wiki locally