beef抓包简析

搭建完了beef就想简答的抓下包分析下

 这是第一个包,追踪它

返回demo页面,并发现其中的脚本

window.location.protocol表示协议http, window.location.host代表主机加端口号,红线的意思是调用http://主机:3000/hook.js

继续跟踪数据流,发现浏览器get请求了hook.js

继续跟踪数据流

返回hook.js

这里是hook.js的代码

内容挺多的。。。看不懂

接着跟踪数据包,发现请求了提交了参数

到hook.js 里搜索dh,找到他的功能

/*!
 * @literal object: beef.net
 *
 * Provides basic networking functions,                                         提供基础的网络功能
 * like beef.net.request and beef.net.forgeRequest,                             像beef.net.request和beef.net.forgetRequest
 * used by BeEF command modules and the Requester extension,                    被beef命令模块和扩展请求使用
 * as well as beef.net.send which is used to return commands                    返回命令
 * to BeEF server-side components.                                              beef的服务器端组件
 *
 * Also, it contains the core methods used by the XHR-polling                   
 * mechanism (flush, queue)
 */
beef.net = {

    host: "192.168.170.132",
    port: "3000",
    hook: "/hook.js",
    httpproto: "http",
    handler: '/dh',
    chop: 500,
    pad: 30, //this is the amount of padding for extra params such as pc, pid and sid
    sid_count: 0,
    cmd_queue: [],

继续跟踪,

在hook.js 里搜索BEEFHOOK

/*!
 * @literal object: beef.session                                          
 *
 * Provides basic session functions.                   提供基础的session功能
 */
beef.session = {
    
    hook_session_id_length: 80,
    hook_session_id_chars: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",    
    ec: new evercookie(),
    beefhook: "BEEFHOOK",
    
    /**
     * Gets a string which will be used to identify the hooked browser session
     * 
     * @example: var hook_session_id = beef.session.get_hook_session_id();
     */
      get_hook_session_id: function() {
        // check if the browser is already known to the framework
        var id = this.ec.evercookie_cookie(beef.session.beefhook);
        if (typeof id == 'undefined') {
            var id = this.ec.evercookie_userdata(beef.session.beefhook);
        }
        if (typeof id == 'undefined') {
            var id = this.ec.evercookie_window(beef.session.beefhook);
        }
        
        // if the browser is not known create a hook session id and set it
        if ((typeof id == 'undefined') || (id == null)) {
            id = this.gen_hook_session_id();
            this.set_hook_session_id(id);
        }
        
        // return the hooked browser session identifier
        return id;
    },

之后的包就是在不断请求重复后两个

随便玩一个功能

 

效果:

 查看数据包

在某次请求hook.js后发生变化

相应的包

可以看到我填写的攻击参数

 

posted @ 2017-10-12 10:56  红刃  阅读(907)  评论(0)    收藏  举报