-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WebSocket] Error: Must be GET request #2768
Comments
The issue is most likely due to your changes to the code base. |
The changes I made to the cookies just made it so you don't need to login with a username/password. |
Presumably your changes do not set the user logged in, thus never creating a session with an associated
beef/extensions/admin_ui/classes/session.rb Lines 22 to 29 in bcd0865
|
Ok quick update. I reverted the changes back to default and did more debugging and it looks like in the session.rb @ip and @id are returning nil. |
Think I found the issue. In the session.rb, the @ip and request.ip don't match, which is causing the log out.
Could you explain what these to variables are and how I can fix the issue |
What are you trying to do? Also, exposing BeEF to the Internet without requiring a username and password is not a smart move. |
Nevermind just found out that I needed to enable allow_reverse_proxy to fix the @ip != request.ip |
More errors appeared upon fixing that inside the extensions/events/handler.rb regarding def parse(event)
|
|
Thanks for the patch. Fixed most of my issues. I'll come back if i need more help! |
Hey man I was doing more testing and got pretty far. I'm at the issue where I'm getting the following error on repeat:
This occurs after I send a command to a client. The command will get executed by the client but the client can't send back any info. So things like overwriting the html body work, like the rick roll, but everything else is broken. |
Please stop changing the issue and issue name. It makes this thread useless to everyone else. I suggest disabling web sockets. Line 78 in a5d08d7
|
I already had WebSockets disabled. To avoid confusion i'll just post my config below
|
Are you still modifying the BeEF source or have you reverted your changes? Those errors should only ever be raised when websockets are enabled: |
Idk why but I copied and pasted the WebSocket.rb and everything works now. I don't recall ever making changes but I guess I did. Anyway thanks for your help again this seemed to fix the issue. |
If you make changes to the configuration file (ie, if websockets were enabled then you disable them) the changes won't be applied to browsers which are already hooked. The hooked page will need to be refreshed. |
Turns out I lied and the error still keeps occurring, however, it seems I can execute like 2 commands before it occurs. Any idea what the problem could be? Edit: I should also mention that on the client side, the error happens when it's trying to make a request to:
|
There is nowhere near enough information here to diagnose your issue. You have changed you story multiple times. Please complete the issue template. Please provide debug output. Do you see any debug output printed to terminal when BeEF starts stating that websockets are enabled? Are you absolutely certain that you have not enabled websockets and that all hooked pages have been reloaded after disabling web sockets? The websocket errors should only ever occur when the websocket handler is executed. |
You should also mention that you were trying to get BeEF running on a cloud based platform running in Docker. That is important context. |
Definitely a bug. BeEF decides to initialize the WebSocket server every time it receives a connect back for some idiotic reason. Here's a temporary workaround: diff --git a/core/main/network_stack/websocket/websocket.rb b/core/main/network_stack/websocket/websocket.rb
index 65fa3680..997faa8c 100644
--- a/core/main/network_stack/websocket/websocket.rb
+++ b/core/main/network_stack/websocket/websocket.rb
@@ -24,6 +24,8 @@ module BeEF
MOUNTS = BeEF::Core::Server.instance.mounts
def initialize
+ return unless @@config.get('beef.websocket.enable')
+
secure = @@config.get('beef.http.websocket.secure')
# @note Start a WSS server socket |
First Steps
Configuration
Steps to Reproduce
Debugging Message
Nonce Incorrect
Nonce Incorrect
I keep getting this debug message when I try and use a command. I was wondering if you could help and also tell me how the commands in ruby work. (e.g how they flow in code)
Also should mention I was debugging and found out that events under extensions/events/handler.rb return the following error
The text was updated successfully, but these errors were encountered: