Data hosted with ♥ by Pastebin.com - Download Raw - See Original
  1. #
  2. # Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
  3. # Browser Exploitation Framework (BeEF) - http://beefproject.com
  4. # See the file 'doc/COPYING' for copying permission
  5. #
  6. # BeEF Configuration file
  7.  
  8. beef:
  9. version: '0.4.4.5-alpha'
  10. debug: false
  11.  
  12. restrictions:
  13. # subnet of browser ip addresses that can hook to the framework
  14. permitted_hooking_subnet: "0.0.0.0/0"
  15. # subnet of browser ip addresses that can connect to the UI
  16. # permitted_ui_subnet: "127.0.0.1/32"
  17. permitted_ui_subnet: "0.0.0.0/0"
  18.  
  19. http:
  20. debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
  21. host: "0.0.0.0"
  22. port: "3000"
  23. # Decrease this setting up to 1000 if you want more responsiveness when sending modules and retrieving results.
  24. # It's not advised to decrease it with tons of hooked browsers (more than 50),
  25. # because it might impact performance. Also, enable WebSockets is generally better.
  26. xhr_poll_timeout: 5000
  27. # if running behind a nat set the public ip address here
  28. #public: ""
  29. #public_port: "" # port setting is experimental
  30. # DNS
  31. dns_host: "localhost"
  32. dns_port: 53
  33. panel_path: "/ui/panel"
  34. hook_file: "/hook.js"
  35. hook_session_name: "BEEFHOOK"
  36. session_cookie_name: "BEEFSESSION"
  37.  
  38. # Allow one or multiple domains to access the RESTful API using CORS
  39. # For multiple domains use: "http://browserhacker.com, http://domain2.com"
  40. restful_api:
  41. allow_cors: false
  42. cors_allowed_domains: "http://browserhacker.com"
  43.  
  44. # Prefer WebSockets over XHR-polling when possible.
  45. websocket:
  46. enable: false
  47. secure: true # use WebSocketSecure work only on https domain and whit https support enabled in BeEF
  48. port: 61985 # WS: good success rate through proxies
  49. secure_port: 61986 # WSSecure
  50. ws_poll_timeout: 1000 # poll BeEF every second
  51.  
  52. # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
  53. web_server_imitation:
  54. enable: true
  55. type: "apache" #supported: apache, iis
  56.  
  57. # Experimental HTTPS support for the hook / admin / all other Thin managed web services
  58. https:
  59. enable: false
  60. # In production environments, be sure to use a valid certificate signed for the value
  61. # used in beef.http.dns_host (the domain name of the server where you run BeEF)
  62. key: "beef_key.pem"
  63. cert: "beef_cert.pem"
  64.  
  65. database:
  66. # For information on using other databases please read the
  67. # README.databases file
  68.  
  69. # supported DBs: sqlite, mysql, postgres
  70. # NOTE: you must change the Gemfile adding a gem require line like:
  71. # gem "dm-postgres-adapter"
  72. # or
  73. # gem "dm-mysql-adapter"
  74. # if you want to switch drivers from sqlite to postgres (or mysql).
  75. # Finally, run a 'bundle install' command and start BeEF.
  76. driver: "sqlite"
  77.  
  78. # db_file is only used for sqlite
  79. db_file: "beef.db"
  80.  
  81. # db connection information is only used for mysql/postgres
  82. db_host: "localhost"
  83. db_port: 5432
  84. db_name: "beef"
  85. db_user: "beef"
  86. db_passwd: "beef123"
  87. db_encoding: "UTF-8"
  88.  
  89. # Credentials to authenticate in BeEF. Used by both the RESTful API and the Admin_UI extension
  90. credentials:
  91. user: "beef"
  92. passwd: "beef"
  93.  
  94. # Autorun modules as soon the browser is hooked.
  95. # NOTE: only modules with target type 'working' or 'user_notify' can be run automatically.
  96. autorun:
  97. enable: true
  98. # set this to FALSE if you don't want to allow auto-run execution for modules with target->user_notify
  99. allow_user_notify: true
  100.  
  101. crypto_default_value_length: 80
  102.  
  103. # Enable client-side debugging
  104. client:
  105. debug: false
  106.  
  107. # You may override default extension configuration parameters here
  108. extension:
  109. requester:
  110. enable: true
  111. proxy:
  112. enable: true
  113. metasploit:
  114. enable: true
  115. social_engineering:
  116. enable: true
  117. evasion:
  118. enable: false
  119. console:
  120. shell:
  121. enable: false
  122. ipec:
  123. enable: true