Jump to content

Best way to inject Beef´s hook.js ?


BeNe
 Share

Recommended Posts

Hello,

i use the Nano in combination with my Nexus Nethunter device which is running beef on it. So i´m searching the best way to inject the hook.js. I tested the Pineapple´s Landingpage (because this is the perfect place for such a script) but it breaks the normal web surfing since only the landingpage is coming up and nothing else if i enable the landinpage. Is this normal ? If so, is there a way to add a redirect to the original url the client requested after the hook ?

There was a module for the MarkV ("beef helper" and later the MiTM Module) but only for the old Fimrware Version.

How do you inject the Beef´s hook.js on the pineapple ?

Thanks for any hint´s :smile:

 

 

Link to comment
Share on other sites

I´m still looking for a smart way to inject the hook.js in every http website!

I tried some options on my Nethunter device (since there is no tool on the Nano itsself) with "mitmf" but it doesn´t work at all. Because the networf interface for the mobile options "rmnet0" doesn´t have a MAC-Address.So an arp spoof won´t work.I tested the dns spoof, but the client connects to the pineapple and the dns server is the pineapple itself no dns requests are spoofed behind the pineapple on the nethunter device. I tested also the responder module on the nano with a small modification for the HTMLtoInject part...but it was also not useable.

Last ideas:

Change the DHCP Server on the pineapple -> set the nethunter device as dns-server to fire up mitmf with dns spoof and inject the hook.js this way.

Does anybody know where i can find the old MKv Modules (beef helpfer and mitm) to check how they worked ?

Thanks!

Link to comment
Share on other sites

  • 2 weeks later...

I would use evil portal which allows them to be able to re-direct to the desired page after performing an action such as accept.  Since beef unhooks after they leave your page I would setup a landing page which requires them to first click on a terms of use link which opens a modal window keeping them on the same page.  Then only after that will the continue button appear.  That helps keep them on the page for a bit longer to give you some time to use your hook.  You can also make the button delay 15 seconds or so after the link has been clicked before it appears again giving you some more time. 

As far as being able to hook all HTTP sites I would look at editing packets as they go and include your code in that.  Not the easiest thing but not sure of another way.

Link to comment
Share on other sites

Thanks for the great link computa.  I agree though everything should really be done on a separate computer.  The nano should really only be used for getting the clients on your network and then the separate computer should do all the hard work.  The nano is great for minor things like evil portal or things like that.

Link to comment
Share on other sites

Yeah all those wifi recon, beacon replay and access point creation things work like a charm with the nano. i am wondering why people want mitm/ettercap functionality directly on their pineapple because if a client is connected to your device you are allready MiTM, right? No need for arp spoofing the routes any more. With this ip.tables hack mentioned in the linked blog post @ evilsocket.net you can fully benefit of the power of your kali. My tests with bettercap and the integrated proxy, dns and sslstrip functionality were successful and reliable. We need a list of all ports that should get redirected to use all sniffing parsers of bettercap (FTP, Teamviewer, MySql, Irc, FTP, WhatsApp...)

Link to comment
Share on other sites

I´m going to setup my Nano with my Nethunter Device (OnePlus One / Nexus 7) to stay mobile :wink: Should have enough power to mitm some clients.

I can privide more infos when i´m done. Still have some problems with bettercap on it.

Link to comment
Share on other sites

  • 4 years later...

I try something similar, you can use DNS spoofing  it acts like a race condition, it responds but the real dns register is faster, you can block with ip tables the response of real server by domain, and let the dnsspoofing module responds, this doesn't work in the moment you have to wait that cache of dns user timeout a send another dns query, takes some minutes

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...