Skip to content

Geolocation

bcoles edited this page Jan 23, 2022 · 10 revisions

Introduction

BeEF has several methods to determine the hooked browser's physical location.

Table of Contents

Enabling IP Geolocation

Recent changes to the GeoLite (free geolocation database from MaxMind) service has meant that it will need to be manually downloaded and added to BeEF to enable GeoLocation functionality.

Create MaxMind Account and Download .mmdb

While the GeoLite database is free, a signup at MaxMind is still required.

After an creating account, locate the GeoLite2 City database in .mmdb format and place it in the location specified by config.yaml.

Alternatively, install geoipupdate and update /etc/GeoIP.conf:

AccountID <account id>
LicenseKey <license key>
EditionIDs GeoLite2-City

Then run geoipupdate to update the database. The default path for the database is /usr/share/GeoIP/GeoLite2-City.mmdb.

Default and Custom Installation Locations

By default, config.yaml is set to look for the MaxMind database at database: '/usr/share/GeoIP/GeoLite2-City.mmdb'. If you opt to install the database in a different location, update this path in config.yaml:

    geoip:
        enable: true
        database: '/usr/share/GeoIP/GeoLite2-City.mmdb'

Modules

Geolocation

The Geolocation module will retrieve the physical location of the hooked browser using the Phonegap API.

Get Geolocation

The Get Geolocation module will retrieve the physical location of the hooked browser using the browser Geo-location API. The user will be prompted to share their location with the hooked origin, unless the hooked origin has been white-listed previously.

Get Geolocation (Third-Party)

The Get Geolocation (Third-Party) module retrieves the physical location of the hooked browser using third-party hosted geolocation APIs.


Back

Clone this wiki locally