beefproject/beef

Certain browser details are considered as invalid

Open

#3,051 opened on Mar 31, 2024

View on GitHub
 (21 comments) (0 reactions) (2 assignees)JavaScript (8,637 stars) (1,992 forks)batch import
Good First IssueMedium

Description

First Steps

BeEF Version: 0.5.4.0 Ruby Version: ruby 3.1.2p20 (2022-04-12 revision 4491bb740a) [x86_64-linux-gnu] Browser Details (e.g. Chrome v81.0): Causing problems with all I've tried (FF - 115.8.0esr, O - 108.0.5067.29, C - 123.0.6312.86, 123.0.6312.58, 121.0.6167.178) Operating System: Linux, Windows and Android

Configuration

  1. Have you made any changes to your BeEF configuration? Yes.
  2. Have you enabled or disabled any BeEF extensions? Yes, Metasploit one but I do not remember if anyone else, I've been using BeEF for a while.

Steps to Reproduce

I did the installation guided by this page: https://null-byte.wonderhowto.com/how-to/hack-web-browsers-with-beef-control-webcams-phish-for-credentials-more-0159961/

  1. I always start with this commands secuence:
msfconsole
load msgrpc ServerHost=127.0.0.1 User=msf Pass=kali SSL=y
sudo netstat -tuln | grep LISTEN
sudo ./beef

and all it's looking great, with metasploit exploits correctly loaded.

  1. Then I do the one for the ngrok tunnel and no problems here.
  2. It is now, when accessing an infected domain, where the mentioned in the title issue appears. I get this type of messages:

[removed]

Something strange I can see is that the plugins one appears only when accessing via Android.

Contributor guide

Tech stack
rubyjavascript
Domain
securitybackend
Issue type
bug
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-2 days
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
active
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
mostly clear
Prerequisites
Basic Ruby knowledgeUnderstanding of HTTP user agent parsing
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
45
Research direction
Investigate the browser validation logic in BeEF, likely in the core models related to browser object creation. Look at how the framework parses user agent strings and which versions are considered valid. The issue may require updating regular expressions or version comparison methods to accept newer browser versions. Check recent comments on the issue for any maintainer hints about the exact files affected.