phishing-frenzy
phishing-frenzy copied to clipboard
pentestgeek
BeEF integration from @antisnatchor with love
I wrote a new page in the reports area that queries BeEF via RESTful API. Make sure you enable geolocation in BeEF, as well as PhishingFrenzy integration (I've added a new config option to the main config.yaml). In the campaign 'phishing options' category, you will also see a new 'BeEF RESTful API key', which is needed to call BeEF.
Other than a world offline map showing hooked browsers and online/offline browser detail tables, I've also added a nice feature to correlate the hooked browser with the victim email (based on the UID). I've also fixed the BeEF tag injection code, which now replaces rather than adding the script at the start of the file.
I'm not done working on this, will send more code in the coming weeks, for example an 'auto-refresh' feature to fetch data from BeEF every 5 seconds. Right now you can easily achieve that with a manual refresh :-)
It's all dynamic now ;-) I've fixed that in more recent commits, I'm not the best with commenting commits :D just merge the code in a testing environment and try it out buddy.
So I tested this out and ran into a couple observations.
When testing the hooked browser map with Google chrome you will run into cross origin issues as seen in the screenshot below. What do you think is the best approach to handle this?
The next observation was a JSON parsing issue that I was getting when trying to browse the hooked browsers map. It is weird because it looks like my JSON repsonse was a 200 OK with proper looking JSON. Perhaps you can notice something I'm missing.
Also we need to find a way for sync_with_beef to fail more gracefully. For example, here is what happens when the beef service is no longer running and a user attempt to download the Excel file from reports.
To prevent SOP issues you need to allow PF origin in BeEF. Modify 'cors_allowed_domains' and 'allow_cors' variables in the main BeEF config.yaml according to your setup. For a quick test 'allow_cors':true, and 'cors_allowed_domains':'*'
But I suggest you to whitelist only a specific origin rather than using a wildcard for security reasons ;-)
And yep I agree about synch_with_beef. I was in a rush coding, this features isn't finished yet, that's why I haven't sent you a pull request with this code yet ;-)
Check this: https://github.com/antisnatchor/phishing-frenzy/commit/72e3556a1cd24d6de22eae3ac4d4f8391ceac12b I've fixed the exceptions when synching with BeEF is the server isn't reachable.
Haven't forgot about this @antisnatchor. Thanks for being patient here. I'll keep you posted when I get around to testing this again. Excited!
@antisnatchor thanks for the updates man, just a heads up that I have taken this PR and created a new branch located here: https://github.com/pentestgeek/phishing-frenzy/tree/antisnatchor-beef-love
This new branch includes a lot of changes due to the master branch changing so much with the recent upgrade to rails4. I'm really impressed with the features that this PR has now that I'm able to get most of it working. I think we have a little more polishing to do but we are getting close.
Following up here @antisnatchor I see you've added some additional commits, is this ready to be reviewed again?
Poke @antisnatchor to prevent the logging of beefhook something like below works, syntax might be a little off as its off the top of my head:
SetEnvIf "(^/BEEFHOOK.js)|(^/dh\.+$)" nolog
CustomLog /var/log/apache2/access.log Combined env=!nolog
Thanks @Meatballs1 I will add that ;-) sorry for not being so active here, but at the same time when you see more commits related to this pull request I guess you should have a look and finally merge it.
I maintain my PF fork so the code changes are usually pretty much stable as I use it in production.