CentOS Install beef do XSS platform

When it comes to the xss platform, most people are using the source code of xsser.me. Although the platform built by the source code of xsser.me is easy to use, it is not powerful enough. For example, it cannot be used with Metasploit for further intrusion testing.

This deployment of the mail server is roughly divided into three steps:

Install GEM
Install and configure beEF
test
>>Install GEM

Step 1 »Install rvm.
Import key

curl -sSL https://rvm.io/mpapis.asc | gpg2 --import
Install rvm

curl -L get.rvm.io | bash -s stable
Start rvm

source /etc/profile.d/rvm.sh
Required software for the installation environment

rvm requirements
yum install -y gcc-c++ patch readline readline-devel zlib zlib-devel libyaml-devel libffi-devel openssl-devel make bzip2 autoconf automake libtool bison iconv-devel
Step 2 »Install ruby.

It is because the version of yum when gem and ruby are installed is too old to be used in beEF.

First go to the official website to find the latest version of ruby, which is now 2.3.1
https://www.ruby-lang.org/en/downloads/

Install ruby.

rvm install 2.2.2
rvm use 2.2.2 --default
Step 3 »Install GEM.

rvm rubygems current
The next step is purely because of our great wall, replacing the official rubygems.org with ruby.taobao.org.

gem sources --remove https://rubygems.org/
gem sources -a https://ruby.taobao.org/
See if there is only one ruby source of taobao.

gem sources -l
>>Install beEF

Step 1 »Install the bundler.

gem install bundler
Step 2 »Install git.

yum install git -y
Step 3 »Install beEF.
Looking for a folder to put beEF files, I created the beEF folder under WWW and put it here.

cd /var/www/beEF/
git clone git://github.com/beefproject/beef.git
cd beef
bundle install
Here may prompt that many packages are not installed. You can directly gem install package name package name package name ............. until the package name is not reported wrong... (here it is estimated that there are more than ten minutes)
You will use the for loop here to report errors. Look at the package installation package. Some packages need to be set to -v "x.x.x" version.

bundle install

gem install package name -v "x.x.x" package name -v "x.x.x" package name -v "x.x.x" ............. package name -v "x.x.x"
At this point, beEF installation is complete.

Start beEF

./beef
>>Test

According to the startup information, visit http://127.0.0.1:3000/ui/panel and http://192.168.1.2:3000/ui/panel, and the account password can be beef.

The js addresses for insertion are at http://127.0.0.1:3000/hook.js and http://192.168.1.2:3000/hook.js

>>Domain name analysis

After the test is completed, the domain name A record is resolved to the external IP

>>Set beEF

vi /var/www/beEF/config.yaml
The domain name is set as follows
# HTTP server

http:

debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.

host: "domain name"

port: "80"
BEEFCOOKIE name (change own cookie)
# Hook

hook_file: "/hook.js"

hook_session_name: "BEEFHOOK"

session_cookie_name: "BEEFSESSION"
Set beEF username and password
# Credentials to authenticate in BeEF.

# Used by both the RESTful API and the Admin_UI extension

credentials:

user: "beef"

passwd: "beef123"
CentOS installs beEF as XSS platform