Thank you, means a lot!

@@HoxFramework bro do you have you paid cources or any other for beginners hacker KZbin does not allow such content

@@jaihindjaibharat4431 KZbin does allow such content - you just need to know what to look for. I've learned a big chunk of my knowledge from youtube/udemy/tryhackme/cybrary -all for free I dont have my own courses... I always tell my viewers it would be odd if i did since i usually share information for free and you can find anything you want to know on internet, so i cant recommend any specific course (but i did list some sites up) Hope that helps

Thank you so much man! It means a lot. Im trying my best to provide good content as well as explainations - thats why i answer all of the comments and questions on discord - in hopes to make you guys understand more every time you visit :D

Bro my JavaScript is injected but beef is not showing online browser it show only when I open Apache html page please any views 😊

This video is a sort-of-a reupload since yt took it down so i had to re-edit it and change some things for it to be back. Sorry I havent uploaded in some time (college reasons) ,but I've scheduled the next video to go public next week, as well as im editing one video rn. Tho the one im editing isnt about cybersecurity, but the one that will be released next week is. Thank you for your excitement! I hope you enjoy my content. Plus, Im giving away 3 more copies of the Hacknet game on steam - if you want one you can contact me on discord (just send me your steam name or something cause i have to add you as a friend to give it away)

@@HoxFramework I'll be looking forward to watching your new upcoming videos, I really enjoy your content and i don't really play games anymore tho so yea good luck to others with the giveaway :)

@@5entience626 Understandable, neither do I, but i have two steam accounts from before and some balance on them so i thought of giving something small away to people who might enjoy it - so hacknet came to my mind. Thank you for your support!

ikr

i think beef index is at another port -or if you are talking about index.html you cloned from somewhere and you dont see that ?

i just open the link that it provides when opening the site to the beef index page@@HoxFramework

Had the same problem. Just change the port no from beef config, and it worked great. Also restart the apache service just in case

If you are using Brave you need to turn off the shield.

Your website isnt a browser im not sure what you are asking

make sure to escalate on your victim - im not sure why other devices cant open that url then - doesnt seem right

@@HoxFramework Thank you for replying. I tried fixing something else, apparently bundle and the gem files weren't installed properly, plus I used ngrok to help me, but when I opened the URL in other devices, it popped out javascript instead. Do you think something went wrong in the nano files?

@ nano is a file editor - like notepad - you mean config files? probably

@ Ah yes, the config files, sorry..

The tool in question is "neofetch" You can also use a less colorful version "superfetch" if you prefer simplicity. Or you can make it completely colorful by combining neofetch and lolcat :) Thanks a bunch!

​@@HoxFramework Will surely check them out. Thanks a lot man, appreciate your hard work and knowledge. SO GLAD I FOUND YOUR CHANNEL.

I watch videos at 3x speed this one was possible only with 1.8

Hello could you make a video going deeper in this topic i really liked it its my 3rd time watching it!

@@rayzenyoutube_ Thanks man! Sadly I dont think ill be doing more of these (mitm vids)

@@HoxFramework ohhh why so? Because ngl after every youtube video i've watched this one is the most helpfull. Do you know some website or courses that i maybe could take to learn this?

if you are using WSL there are a lot of cons to that - what distro are u using? Is it fully updated? You can try this github.com/beefproject/beef/wiki/Installation#installation

using a virtual machine is not very good i recommend you to switch to full linux

You have to make your virtual box settings on network manager choose option bridge adaptor and then you would be able to aces the url locally on your network

thanks man it means a lot you could let the victim to download your malware and infect their machine (fake plugin example could help there) or do you mean persist it in the browser even after reset?

@@HoxFramework I mean persist on the browser

@@chetangiri211 While the browser is open yes, after its turned off im not sure, havent tried it

@@HoxFramework would you mind trying it on Android? It would be huge support ❤️❤️

@@chetangiri211 I dont plan on doing another Beef-XSS video since i've done two already, but i can add it to my list and consider doing it some time later if you want

Are you testing the commands on yourself? Test it on yourself first, see if that works - maybe your victim disconnects from the tab. I mentioned that (initially) beef works only on that tab the victim is on - in combination with bettercap this can be more efficient, but the best way would be to use beef to auto-spread in any way you can (there are some commands that can help you with this, you should find a way to auto-run them)

@@HoxFramework thanks for the response man I finally got it sorted and yes I was testing it in myself

@@ggquack8176 Glad to hear that bro

are you on the same network with the phone? What do you mean bunch of code ?

Something might have happened to your SystemD or something requires it and you dont have it (which is less likely) It has nothing to do (it seems) with the programs - but what it could be is that one of the software requires a system with SystemD - so if you are on (for example) arch system without systemD you wont be able to run it But again i dont think that SHOULD be the case, so try googling it and let me know how it goes

Ok so arp spoofing causes this. But how do I fix this?

Alright so I have to enable port forwarding. Makes sense. Will do this tomorrow.

@@blockyscript6798 Bettercap is a MITM tool , enabling port forwarding doesnt get your NIC out of monitor mode Have two adapters - thats the solution (two NICs)

@@HoxFramework Thanks for the reply. I will try that at some point. It's been a while since I did this tutorial

If you wanna go outside your network you'd have to use something like ngrok or whatever ideally a paid hosting server or if you wanna stay more hidden noip or smthn That being said please keep things legal.

@@HoxFramework thanks for the information ℹ️

@@HoxFramework hey i know this was years ago but do you need to do port forwarding to send this to other networks?

@@O8JECT bettercap doesnt work on other networks as far as i know its a mitm-kinda tool Beef on the other hand - i assume so

what it says and are you in a virtual machine ?

Im not sure why that happens? What do you mean "enter" it ? the local urL ?

I think its impossible to hook https actually...

​@@PinguimHacker it is possible and as easy as https i myself created web hook and phishing instagram page that still works until now

it is possible and as easy as https i myself created web hook and phishing instagram page that still works until now

javascript executes in the browser, if you get a shell - then yes probably you are on a user-level

@@HoxFramework what do you mean if i get a shell?

I've added that idea to the list of videos, but its not in the top 10 so it might wait a bunch

I used it with Blackeye and they blocked my account in ngrok 😢 haha

@@andresarredondo2762 why did they block your account

The only thing more realistic than this would be hosting it worldwide Doing that is a no-no according to the law If you mean just locally tho then it should be as simple as allowing your VM to take part in your real network I assumed most people knew linux and networking pretty well before going into these kinds of vids- not saying you dont, just saying some things were implied. ((I know you'd say thats not a great way to teach but to be fair i cant cover everything - nor can i remember everything xD)) Either way I am sorry about the misunderstanding, I'll try to be more clear in the future videos - I do make them longer now in order to cover more than just the topic, to go into detail more... Also if you still need help let me know. I dont mean to discourage anyone from learning. Apologies, again

Same

If the person leaves the browser tab (where they got hooked) (and if you didnt hook them further) then it will go offline as i mentioned some browsers (especially if updated) will prevent some of Beef's actions So internet explorer might be considered as older, but i've shown that it CAN work on firefox and chrome you just have to be lucky and the victim has to be unlucky or have an older version of the browser or just visit http sites where your hook is and not get interrupted by their browser defending them

@@HoxFramework Ok thank you.

@@HoxFrameworkhow do you hook them further?

@@BelkEpizy I mentioned in the video that there are SOME persistence methods but its probably not gonna be perfect tbh if you want real persistence your best bet is probably to compromise the pc legally.

- Cause bettercap mitm-s and beef hooks - it will, you gotta know some networking. If someone is in your internal network you will be able to hook them. If they are outside then you need some sort of a bridge - like maybe ngrok to your website which has the hook inside - Just answered that up there. But to be fair you DO have to keep it legal, i dont support illegal activities. Bettercap is not needed if you are going worldwide - only in your internal network if you wanna hook others - You dont have to modify the hook url since it can be in website's code. It refers to a JS file - Its not an exploit, but yes more or less everything can be traced - if u used a DDNS service of sorts and signed up for it with a VPN then maybe you'd be safe but even then its questionable what kinda results would you have and what kinda info would you be able to extract - again, KEEP IT LEGAL.

@@HoxFramework thank you sir

@@HoxFramework So im using an Alpha adapter, i installed drivers and everything its working fine. but im trying to connect to my wifi network so i can test out beef on my desktop as host. But when i try to connect to wifi it doesnt work and just freezes my kali pretty much. (ex. im unable to view iwconfig or ifconfig (anything) if you can help any way that would be awesome:) ty

@@rush1119 Thats really odd behaviour, it definitely shouldnt happen. Are using the latest version of kali ? Can you run any other commands at all? Did you forward the Adapter to the VM (if you are using one)? Thats really odd i gotta admit

@@HoxFramework not sure what you mean by forwarding the adapter. -i plugged it in the laptop installed drivers -and updated && upgraded. -run it as usb where the device tab is.. -it works to sniff nearby wifi but when i go to connect to one it just gives me a loading wheel where it displays internet on kali.. im trying to connect to my home wifi so i can be on the same network to use my desktop as a lab

You'll see it in the list of victims on beef

Something seems to be wrong with your systemd - which is used by the system to (long story short) organize a bunch of stuff and make a bunch of stuff possible - id honestly recommend you to reinstall kali (or whatever distro ur running) cause thats (unironically) the easiest way Are you using WSL ? Cause on WSL this is a common issue GeoIP database shouldnt be a problem - to be honest if you get the IP you can just use free ip location lookups online

try going to the root at first by typing cd / and then retry

You arent on kali probably or you dont have apache2 installed -or it serves frontend from a different directory

Oh snap! I didnt even notice that! I actually used my microphone and it should have been centered which is odd - i even recorded 2 more videos with that microphone ... But its not a problem, I have an idea which i think should work to fix that problem! So thank you so much for pointing this out! Also if you want a free copy of "Hacknet" game on Steam you can contact me on Discord - im currently giving away 3 more copies. Anyways thanks a lot man

@@HoxFramework No problem bro, I don't really play games, but would love to know if there is a trick or something! Love your videos

@@PratyakshaBeri Thanks a lot man

2 options: follow this answer: askubuntu[[.]]com/questions/1379425/system-has-not-been-booted-with-systemd-as-init-system-pid-1-cant-operate (remove [[ ]]) OR Run your kali from a virtualbox VM (since im assuming you are running WSL) (or you could just reinstall your kali - which id recommend, your error seems to be tied to systemd or similar - without it system works poorly and it doesnt seem to start right on your system

I found the fix. Just dont run the beef from beef-xss . Go to the beef installed location and do ./beef . It resolves.

Free is always better hehe Hope you enjoyed the video

@@HoxFramework it depends, If paying I am able to save my time, I prefer to pay. Because looking for free good quality contents requires at least our time ( time=money) . I enjoyed a lot your video :)

​@@giusepperandazzo91 i absolutely understand - what i like applying is (and this isnt for everyone, some people might dislike this) speeding up youtube videos So in case they are trashy i wasted a lot less time But in case they are good i learned something longer in a really short time

@@giusepperandazzo91 but what i meant with my first comment was Linux (compared to win for example) xD

im not sure what you are saying Check if you arp spoof works at all for your network - does it capture HTTP packets (Not https, http!) - you can check with wireshark after running bettercap and arpspoof in it Im not sure about the browsing history, i think it could be possible but i havent tried

Also When I put my Script code into my website and I upload to my website, the actually website loads while the script doesn’t inject and doesn’t pop up on beef

Yes because beef is hosted on your localhost from what I know, you can try accessing via your internal ip maybe since the listening is acting like a server probably - but keep in mind that the machines should be on the same network

probably because you are using your local IP

try the default beef password or try reinstalling

run: service apache2 status to see if its running

Beef is by default on the localhost - if you wanna make sure it works on apache you need your hook on the apache server's site (var www html thing i mentioned in the video) I dont understand what you mean with the exe if you want to inject an exe using scripts from beef first you need to establish a beef hook Let me know if that helps!

Thats odd - i havent faced an issue like that There can be two fixes - if its beef's fault then just reinstall it (trust me thats the easiest way) However what could also happen is you didnt navigate to beef instead you navigated to some blank page - make sure its the beef URL (but since im assuming that isnt the case ill go ahead and recommend a reinstall) Also Perhaps you mean when entering a different IP ? Like if you are going wider than locally? Maybe that could be the case Reply with more info if this doesnt help

Kali Linux

@@HoxFramework Thanks, I will create a vm!

there are ways, i dont exactly remember - i think they are even built in the beef-xss But if they aren't you can just code them yourself, since injecting custom js is allowed

Havent tried, probably requires some port forwarding or a DDNS or whatever But bettercap is focused on your network anyway so this doesnt make much sense, unless you wanna run beef on its own

Yes i ve been trying to run beef on its own​@@HoxFramework

MITM is mostly for your own network. thats what its made for. Its really really unlikely you'll go above that - it would mean you'd have to be able to arp spoof your ISP or whatever -good luck with that- what i mean to say is this wont work As far as beef xss goes that might be aplicable to someone outside of your network id say - but i never tried that because its illegal and pentests dont require me to do that kind of testing-

Hhahahhahah some people seem to like it but either way in newer vids there is no keyboard sounds :)

beef xss and beef are the same thing yes, i just say "beef" cause i dont wanna have to say xss every time

make a html page and in it put script tags, make sure that the victim can access beef - thats why you dont reference 127.0.0.1 or localhost -noone can reach that but you You need to make sure you beef resources can be reachable Meaning if the victim is in the same network put your internal IP and beef hook's port and location I mentioned all of this in the video tho im not sure what doesnt work for you specifically and what you have done about it

@@HoxFramework I have the script in the head tag of the website, but it isn't hooking any connections

@@veroxsity2336 than either your IP is wrong or the site cant reach that IP

bettercap works within your network but beef - probably idk

@@HoxFramework nvm I deployed beef using ngork and I pasted the beef script into the custom domain and I hooked my friend

@@belkYT Do keep in mind that thats illegal, i hope you had permission from your friend

@@HoxFramework It doesnt even really hack your web browser, all it does is "hack" the tab that youre on. The worst thing that it does is setting up a phishing site that someone can fall for, and steal all info relating to your device including your IP Address. It is really only damaging if youre injecting the script into websites, maybe via XSS (Cross-site scripting). Also Man in the middle attacks where youre injecting the script onto every website for the person, and stealing all the cookies. But thats it, it doesn't do a whole lot of damage lol. All you have to do is simply exit out of the tab.

@@HoxFramework It doesnt even really hack your web browser, all it does is "hack" the tab that youre on. The worst thing that it does is setting up a phishing site that someone can fall for, and steal all info relating to your device including your lP Address. But thats it, it doesn't do a whole lot of damage lol. All you have to do is simply exit out of the tab.

huh, are you using WSL? a bunch of ppl have problems with WSL If you arent, then just make sure to visit beef's panel from the machine you ran the command from, since it runs only on localhost - meaning its visible only to your machine (which you can change ofcourse)

I think, this was a while ago

You can unhook the browser from the beef interface (website on 127.0.0.1) - its a simple click, not sure where but you can easily figure that out (maybe right-click the victim's ip and see whats there) As for will the files stay - what do you mean - if you downloaded something from victim PC - yes.

you can try entering it manually or do you mean the site wont load? are you entering on a correct port and host?

Im not exactly sure what you are saying - what do you mean "puts me in another website" and "it doesnt show" ?

maybe your VM's network settings arent well set up, or you didnt provide the right interface when running bettercap

BEEF has ways of hooking the machine further, you could hook it to other tabs there is even a function for that - i mentioned this in the video Also what you could do is start bettercap for every http website and just inject the JS script that connects beef with it - that helps you can also pop up a warning box if the victim attempts to quit the browser You could also automate things with The Autorun Rule Engine (ARE) (github[.]com/beefproject/beef/wiki/Autorun-Rule-Engine) I hope this helps

There seems to be something off with your installation. Are you sure you are visiting the right port?

@@HoxFramework im pretty sure

Before it sends the link it says „system has not been booted with systemd as unit system (pid 1) can’t operate. Failed to connect to bus: host is down

Ignore the random quotes

@@random0619 are you using non-debian based systems? Like the ones that dont have systemd and also are u using WSL ?

I've said it in the video Its either by visiting the site that has the hook injected - or the same thing but with some mitm

I dont think you can As far as https traffic monitoring goes look up mitmproxy

@@HoxFramework I figured out a way to be honest to create the https hook but what do you mean hox I know what mitmproxy is but how would I sslstrip using mitmproxy whaaaaat that’s possible

@@jimgrayson4828 If you install a certificate on the victim's pc you should technically be able to monitor https traffic without ssl stripping Thats what mitmproxy is most useful for

@@HoxFramework how would I do that in transparent mode though

@@jimgrayson4828 Transparent mode? What do you mean

Your kali password? I think you can change it on boot (www.javatpoint.com/kali-linux-root-password-reset) As for reinstalling beef i assume you can do it using apt apt-get remove beef-xss you can also do purge

i think its "beef" with password "beef"

Hey man Im not sure i never needed to change the password but i've just googled it: the username/password are set in the config.yaml file. Check for the line with 'credentials:' on it. sudo nano /usr/share/beef-xss/config.yaml (or something similar) Thanks!

Check with an antivrirus, look at your incomming/outgoing connections and see if anything was installed on that date Depends on what kinda link, cant tell Try contacting your national CERT too

@@HoxFramework it's a shorten url 😭 please tell me, can he get full access of my phone ?

@@HoxFramework what can he install on my device ? js files ? how could they run automatically ?

@@HoxFrameworkplease how can i look to my incoming/outgoing connections and see if anything was installed on that date ?

@@z2.060 I cant tell you that since i dont know what kind of URL is he using. Hypothetically he could if you downloaded something - if you just visited a URL it should be fine if you leave it soon enough, again - depending on whats on it. There is a wide range

what do you mean

I dont like wasting people's time Most of my viewers already know half the stuff - they are just here for the other half So i make sure to say what i have to without taking any breaks :)

beef and beef are default creds, you must have changed them you can change the password (if i remember correctly) in /usr/share/beef-xss (or wherever your beef-xss is) inside config.yaml - there you should see Credentials

what

The network you are in - im using my adapter meaning whoever is in my network (You could specify a custom victim as well if you wanted to) The idea of this is to be an advanced MITM attack

what

thank you very much man!!

Yeah that means you arent using SystemD - which is usually behind most debian-based systems im assuming u've modified your kali not to use systemD?=

I mentioned all of that in the video I didnt mention going worldwide with this But good of you to point out, thanks

im not sure what you mean by "internet"

What isnt working for you?

var is a folder /var/www/html are all folders you need to copy a file into the html folder which is inside www, which is inside var You are gonna have to know the basics of basics of using linux in order to do stuff like this

probably but the setup would be a pain in the a$$, unless u mean VMs

What

nemoj govorit okolo xD

Linux is recommended Everything is just easier

it means you need to install beef Find a tutorial online and follow it From what i've gathered you can probably install it with apt Older distroes came with beef pre-installed.

cd /usr/share/beef-xss

Legendary move bro, respect.

Sorry to hear that bro, but you can slow down the vid with the playback speed button tho I usually talk faster :/

Hes just slow in his brain its really simple​@@HoxFramework

You havent set up something right check your IPs and ports, the settings of your "app" also make sure the victim is in the same network as you are

You didnt set up your VM's network settings right, try bridging your adapter :)

@@HoxFramework I bridged my adapter and it does not work

@@davidvideos1359 Something must have went wrong, but in the end all you need is your attacker machine to be in the same network as victim machines - so try some combinations I even used an external adapter that i passed trough as an USB - then used it to connect to my own wifi or you can ping your machines to see if they get pinged Hope that helps

@@HoxFramework So im using an Alpha adapter, i installed drivers and everything its working fine. but im trying to connect to my wifi network so i can test out beef on my desktop as host. But when i try to connect to wifi it doesnt work and just freezes my kali pretty much. (ex. im unable to view iwconfig or ifconfig (anything) if you can help any way that would be awesome:) ty

I talked about that in my other bettercap video (about SSL striping and more) you might find that fun short answer is: sometimes,not often

Hvala! Mislim da imas na beefu opciju da ti se migrira na ostale tabove od žrtve pa to što prije stisneš I takve neke funkcije pokreći - probaj što prije uploadat neki .exe, ne valja ni previše beefu vjerovat :) A ako ti neda da okines skripte to ti je isto normalno nekad ak je content sec policy dobro uspostavljen s beefom prakticki nemos nista jbga Sve ovisi jel Ali isprobaj si uvijek prvo na svojoj mašini i chainaj si par funkcija ako mozes