Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How config HTTPS ports? Beef config payload urls which doesn't work. #3091

Open
veronicanike opened this issue May 28, 2024 · 5 comments
Open
Assignees

Comments

@veronicanike
Copy link

I use latest beef version 0.5.4.0 in docker, made with Dockerfile. Why hook_session doesn't work on 443 port by https. I have ssl cert and don't understand how it's work. I'm trying different options.

Case 1:

config.yaml

    http:
        debug: true #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
        host: "0.0.0.0"
        port: "3000"

        public:
            host: "my-domain.com" # public hostname/IP address
            port: "443" # public port (443 if the public server is using HTTPS)
            https: true # true/false

        https:
            enable: true
            # In production environments, be sure to use a valid certificate signed for the value
            # used in beef.http.public (the domain name of the server where you run BeEF)
            key: "privkey.txt"
            cert: "my-domain.crt"

payload : https://my-domain.com:3000/hook.js

Beef config payload by pass "my-domain.com:443/hook.js" but it's not correct and doesn't work. If I make payloads "my-domain.com:3000/hook.js" then Firefox download hook.js but doesn't establishment session.

3000:443gh
3000:443_firefoxhg


Case 2:

config.yaml

    http:
        debug: true #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
        host: "0.0.0.0"
        port: "443"

        public:
            host: "my-domain.com" # public hostname/IP address
            port: "443" # public port (443 if the public server is using HTTPS)
            https: true # true/false

        https:
            enable: true
            # In production environments, be sure to use a valid certificate signed for the value
            # used in beef.http.public (the domain name of the server where you run BeEF)
            key: "privkey.txt"
            cert: "my-domain.crt"

payload : https://my-domain.com:443/hook.js

If beef.http.port == 443 -> beef doesn't work, doesn't matter which port in beef.http.public,port. Always the same errors.

443:443gh


Case 3:

config.yaml
    http:
        debug: true #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
        host: "0.0.0.0"
        port: "3000"

        public:
            host: "my-domain.com" # public hostname/IP address
            port: "3000" # public port (443 if the public server is using HTTPS)
            https: true # true/false

        https:
            enable: true
            # In production environments, be sure to use a valid certificate signed for the value
            # used in beef.http.public (the domain name of the server where you run BeEF)
            key: "privkey.txt"
            cert: "my-domain.crt"

payload : https://my-domain.com:443/hook.js

3000:3000gh
3000:3000_firefoxGH

Firefox download hook.js and establishment session but it's doesn't what I would like.
And one more thing, when I added domain name, "admin_ui" doesn't work by pass "my-domain.com:3000/ui/panel". I see "Internal server error" in my browser.

@bcoles
Copy link
Collaborator

bcoles commented May 28, 2024

And one more thing, when I added domain name, "admin_ui" doesn't work by pass "my-domain.com:3000/ui/panel". I see "Internal server error" in my browser.

Set allow_reverse_proxy: true if you're using a reverse proxy.

@veronicanike
Copy link
Author

@bcoles
I don;t use reverse. The same errors if set allow_reverse_proxy: true

ERROR -- : Unexpected error while processing request: undefined method each' for nil:NilClass /usr/local/bundle/gems/rack-2.2.9/lib/rack/utils.rb:447:in initialize'
/usr/local/bundle/gems/rack-2.2.9/lib/rack/utils.rb:440:in new' /usr/local/bundle/gems/rack-2.2.9/lib/rack/utils.rb:440:in []'
/usr/local/bundle/gems/rack-2.2.9/lib/rack/common_logger.rb:39:in call' /usr/local/bundle/gems/sinatra-3.2.0/lib/sinatra/base.rb:261:in call'
/usr/local/bundle/gems/thin-1.8.2/lib/thin/connection.rb:86:in block in pre_process' /usr/local/bundle/gems/thin-1.8.2/lib/thin/connection.rb:84:in catch'
/usr/local/bundle/gems/thin-1.8.2/lib/thin/connection.rb:84:in pre_process' /usr/local/bundle/gems/thin-1.8.2/lib/thin/connection.rb:53:in process'
/usr/local/bundle/gems/thin-1.8.2/lib/thin/connection.rb:39:in receive_data' /usr/local/bundle/gems/eventmachine-1.2.7/lib/eventmachine.rb:195:in run_machine'
/usr/local/bundle/gems/eventmachine-1.2.7/lib/eventmachine.rb:195:in run' /usr/local/bundle/gems/thin-1.8.2/lib/thin/backends/base.rb:75:in start'
/usr/local/bundle/gems/thin-1.8.2/lib/thin/server.rb:162:in start' /beef/core/main/server.rb:156:in start'
/beef/beef:281:in `

'

@Sanz93
Copy link

Sanz93 commented May 29, 2024

But are you able to accest dashboard with beef when you made the changes with reverse proxy to open up with https? if yes, can you tell me how to do ? This is the 4th i install the beef program again without any sucess..

Copy link
Contributor

github-actions bot commented Jun 5, 2024

This issue as been marked as stale due to inactivity and will be closed in 7 days

@github-actions github-actions bot added the Stale Used to mark issues with inactivity label Jun 5, 2024
@stephenakq stephenakq self-assigned this Jun 6, 2024
@stephenakq stephenakq added Backlog Install and removed Stale Used to mark issues with inactivity labels Jun 6, 2024
@Binkie86
Copy link

Binkie86 commented Aug 5, 2024

#`

Details

`

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

5 participants