Excluded hooking subnet #1973
Merged
Excluded hooking subnet #1973
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
Author
|
Having second thoughts about changing the word |
Contributor
|
looks great and is working for me, thanks @jackdwalker |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Category
Core Functionality
Feature/Issue Description
Q: Please give a brief summary of your feature/fix
A: Alternative PR to @icamys Added excluded_hooking_subnet config option (#1879). There was some logic that made the code a little difficult to interpret, and it did not look like the feedback was going to be addressed. I liked the feature, so made some small changes to make it slightly easier to read.
Q: Give a technical rundown of what you have changed (if applicable)
A: BeEF currently has functionality to target and only hook a specified set of subnets. This feature is similar in nature, but instead allows a user to specify a set of subnets that they wish to prevent from ever being hooked.
Test Cases
Q: Describe your test cases, what you have covered and if there are any use cases that still need addressing
A: None written. To write a test case for this we would need to add it to the list of BrowserStack tests (due to the need to somewhat bootstrap BeEF to create and environment to test in). I believe with the instability of that integration <sigh>, we should not be adding tests to it in the meantime. As each test runs 5 times, this would increase the likelihood of needing to go through and check for + rerun any false positives on every PR which is already really painful. Once that is resolved (yet another high priority task) this should be added to the myriad of other test cases that need development.
Wiki Page
If you are adding a new feature that is not easily understood without context, please draft a section to be added to the Wiki below.
To be added to Access Controls section of the Configuration Wiki page:
Permitted/Excluded Hooking Subnets
The
beef.config.restrictions.permitted_hooking_subnetandbeef.config.restrictions.excluded_hooking_subnetvalues allow granular control over the range of IPs that BeEF will hook.Both values take an array of subnets (provided as strings e.g. '0.0.0.0/0' or '::/0').
The
permitted_hooking_subnetdesignates an IP range(s) which BeEF may hook. A victim who browses to a page containing the BeEF hook, whose IP is not within this range, will not have the hook injected.On the other hand
excluded_hooking_subnetdesignates an IP range(s) which BeEF may not hook.A combination of these controls could be used to permit hooking on a /24 range, for example,
192.168.0.0/24, but specifically exclude hooking a single IP in that range, such as192.168.0.74. See the code block below for a demo of how this would look inside your configuration file: