Skip to content

Postman

Jump to bottom
jcrew99 edited this page Jan 7, 2020 · 2 revisions

Introduction

BeEF'S RESTful API has a postman file and environment available for you to use! Postman allows users to very quickly and easily send requests to API endpoints. This means you can use BeEF without the graphical interface.

Installing Postman

Ubuntu

Postman is very simple to install on ubuntu, simply run:

$ snap install postman 
$ postman

Other Systems

Postman can be downloaded directly from their website: https://www.getpostman.com/downloads/.

Using Postman

Once you have Postman and BeEF installed and running, simply select File > Import and import the BeEF RESTful API json file. Once you have this opened, you should see “RESTful API” in your collections on the left. Click on this and you’ll see a list of all of the API requests available to you.

In order to execute any of these you need to import and set up your environment variables. Import the environment variables in File > Import and find the "BeEF postman environment .JSOn file". Once imported, in the top right corner, you should now see “BeEF” with a drop down arrow. Select the eye symbol next to it and you will see a variety of variables to set up. The variables you should see are:

Username and Password

In the current value section of the Username and Password fields. Enter your username and password that you set up in the config.yaml file of the BeEF directory.

Token

By sending an authentication request, you will receive back a token which is stored in your environment variables. This can also be found in the console when you run BeEF, it should look like the below:

[*] RESTful API key: a1403452cf5d552f1cf53ae0c125adfffc0acc5c

Session_id

Each browser has it’s own session ID. By sending the “Get All Hooked Browsers” request, information on the hooked browsers will be returned, including the session ID. Store the session ID of the browser you’d like to send requests to in the environment variables.

Module_id

By sending the request labelled “List All Command Modules” this will list all available modules/BeEF commands and their ID’s. Select the module you’d like to run and use the id associated with it.

Cmd_id

Each time a command is executed, it is assigned an ID. To identify the command ID, just look in the response when you execute a command. It will look like this:

{
    "success": "true",
    "command_id": "3"
}

Dnsrule_id

The DNS rule ID can be found by send a post requested labelled “List the DNS Ruleset”. This will list all created DNS rules and their associated ID’s.

User Guide

I. Introduction   |   II. Basic Utilization   |   III. Advanced Utilization   |   IV. Development   |   V. References

Community

Blog   |   Code   |   Youtube   |   Twitter

I - Starting BeEF

  1. Introducing BeEF
  2. Installation
  3. Basics
  4. Troubleshooting

II - Basic Utilization

  1. Configuration
  2. Interface
  3. Information Gathering
  4. Social Engineering
  5. Network Discovery
  6. Metasploit
  7. Tunneling
  8. XSS Rays
  9. Persistence
  10. Creating a Module
  11. Geolocation
  12. Using-BeEF-With-NGROK

III - Advanced Utilization

  1. RESTful API
  2. Autorun Rule Engine
  3. Notifications
  4. Console
  5. WebRTC Extension

IV - Development

  1. Contributing
  2. ActiveRecord
  3. Development Organization
  4. Architecture
  5. BeEF Javascript API
  6. Step By Step Module Creation
  7. Creating a New Extension
  8. BeEF Testing
  9. Browser & OS Compatibility
  10. Database Schema
  11. Development Milestones
  12. Command Module Config
  13. Command Module API

V - References

  1. FAQ
  2. Other
  3. References
  4. Modules
  5. Release Notes
Clone this wiki locally