forked from beefproject/beef
-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.yaml
104 lines (90 loc) · 3.65 KB
/
config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
#
# Copyright (c) 2006-2012 Wade Alcorn - [email protected]
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
# BeEF Configuration file
beef:
version: '0.4.3.9-alpha'
debug: false
restrictions:
# subnet of browser ip addresses that can hook to the framework
permitted_hooking_subnet: "0.0.0.0/0"
# subnet of browser ip addresses that can connect to the UI
# permitted_ui_subnet: "127.0.0.1/32"
permitted_ui_subnet: "0.0.0.0/0"
http:
debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
host: "0.0.0.0"
port: "3000"
# Decrease this setting up to 1000 if you want more responsiveness when sending modules and retrieving results.
# It's not advised to decrease it with tons of hooked browsers (more than 50),
# because it might impact performance. Also, enable WebSockets is generally better.
xhr_poll_timeout: 5000
# if running behind a nat set the public ip address here
#public: ""
#public_port: "" # port setting is experimental
dns: "localhost"
panel_path: "/ui/panel"
hook_file: "/hook.js"
hook_session_name: "BEEFHOOK"
session_cookie_name: "BEEFSESSION"
# Prefer WebSockets over XHR-polling when possible.
websocket:
enable: false
secure: true # use WebSocketSecure work only on https domain and whit https support enabled in BeEF
port: 61985 # WS: good success rate through proxies
secure_port: 61986 # WSSecure
ws_poll_timeout: 1000 # poll BeEF every second
# Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
web_server_imitation:
enable: false
type: "apache" #supported: apache, iis
# Experimental HTTPS support for the hook / admin / all other Thin managed web services
https:
enable: false
# In production environments, be sure to use a valid certificate signed for the value
# used in beef.http.dns (the domain name of the server where you run BeEF)
key: "beef_key.pem"
cert: "beef_cert.pem"
database:
# For information on using other databases please read the
# README.databases file
# supported DBs: sqlite, mysql, postgres
driver: "sqlite"
# db_file is only used for sqlite
db_file: "beef.db"
# db connection information is only used for mysql/postgres
db_host: "localhost"
db_name: "beef"
db_user: "beef"
db_passwd: "beef123"
db_encoding: "UTF-8"
# Credentials to authenticate in BeEF. Used by both the RESTful API and the Admin_UI extension
credentials:
user: "beef"
passwd: "beef"
# Autorun modules as soon the browser is hooked.
# NOTE: only modules with target type 'working' or 'user_notify' can be run automatically.
autorun:
enable: true
# set this to FALSE if you don't want to allow auto-run execution for modules with target->user_notify
allow_user_notify: true
crypto_default_value_length: 80
# You may override default extension configuration parameters here
extension:
requester:
enable: true
proxy:
enable: true
metasploit:
enable: false
social_engineering:
enable: true
evasion:
enable: false
console:
shell:
enable: false
ipec:
enable: true