New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Where is hook.js? #978

Closed
resetter opened this Issue Mar 11, 2014 · 3 comments

Comments

Projects
None yet
4 participants
@resetter

resetter commented Mar 11, 2014

Hi.
Just noticed that Norton360 is picking up the hook.js, so I wanted to find it and obfuscate it, but I can't seem to find the file. Where is it stored in Kali?

@pgrohe

This comment has been minimized.

Contributor

pgrohe commented Mar 11, 2014

Hi there,

Disclaimer - I'm still pretty new to the codebase.

The hook.js is built dynamically server side depending on the config
options for beef.

The files in question that you want to look at are:

core/main/handlers/hookedbrowsers.rb - Line 50 - call to build_beefjs!()
core/main/handlers/modules/beefjs.rb - Line 16 - definition of
build_beefjs!()

As I understand it build_beefjs!() dynamically puts together 'hook.js' in
response to the requests from the hooked browsers (requests generated by the

<script> tag in the page they originally navigated too, were injected with, etc...). The "body" variable in the build_beefjs!() function is used to build up the actual response string to the user's request for 'foo.com/hook.js'. I believe the web app framework plumbing code takes whatever is in that variable and sends it as the response. There is no one static file named 'hook.js' as far as I'm aware. It's built up out of smaller components depending on the configurations set for the BeEF server. On Tue, Mar 11, 2014 at 11:41 AM, resetter notifications@github.com wrote: > Hi. > Just noticed that Norton360 is picking up the hook.js, so I wanted to find > it and obfuscate it, but I can't seem to find the file. Where is it stored > in Kali? > > ## > > Reply to this email directly or view it on GitHubhttps://github.com//issues/978 > .
@antisnatchor

This comment has been minimized.

Collaborator

antisnatchor commented Mar 12, 2014

@pgrohe is right.

Btw @resetter , quite a while ago I've started working on an Evasion extension. Is already in BeEF, just enable it in the main config.yaml file and have a look at the existing obfuscation mechanisms, or simply add your own ones and chain them as we you want.

@freeartde

This comment has been minimized.

freeartde commented Apr 25, 2018

http://your__ip:3000/hook.js
type it in your brownser and the code will be appears in your screen
copy paste and recode..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment