Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
beefproject
GitHub Repository: beefproject/beef
 Path: blob/master/spec/support/assets/config_old.yaml
1154 views
1
#

2
# Copyright (c) 2006-2025 Wade Alcorn - [email protected]

3
# Browser Exploitation Framework (BeEF) - https://beefproject.com

4
# See the file 'doc/COPYING' for copying permission

5
#

6
# BeEF Configuration file

7


8
beef:

9
    version: '0.5.1.0'

10
    # More verbose messages (server-side)

11
    debug: false

12
    # More verbose messages (client-side)

13
    client_debug: false

14
    # Used for generating secure tokens

15
    crypto_default_value_length: 80

16


17
    # Credentials to authenticate in BeEF.

18
    # Used by both the RESTful API and the Admin interface

19
    credentials:

20
        user:   "beef"

21
        passwd: "beef"

22


23
    # Interface / IP restrictions

24
    restrictions:

25
        # subnet of IP addresses that can hook to the framework

26
        permitted_hooking_subnet: ["0.0.0.0/0", "::/0"]

27
        # subnet of IP addresses that can connect to the admin UI

28
        #permitted_ui_subnet: ["127.0.0.1/32", "::1/128"]

29
        permitted_ui_subnet: ["0.0.0.0/0", "::/0"]

30
        # subnet of IP addresses that cannot be hooked by the framework

31
        excluded_hooking_subnet: []

32
        # slow API calls to 1 every  api_attempt_delay  seconds

33
        api_attempt_delay: "0.05"

34


35
    # HTTP server

36
    http:

37
        debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.

38
        host: "0.0.0.0"

39
        port: "3000"

40


41
        # Decrease this setting to 1,000 (ms) if you want more responsiveness

42
        #  when sending modules and retrieving results.

43
        # NOTE: A poll timeout of less than 5,000 (ms) might impact performance

44
        #  when hooking lots of browsers (50+).

45
        # Enabling WebSockets is generally better (beef.websocket.enable)

46
        xhr_poll_timeout: 1000

47


48
        # Host Name / Domain Name

49
        # If you want BeEF to be accessible via hostname or domain name (ie, DynDNS),

50
        #   set the public hostname below:

51
        #public: ""      # public hostname/IP address

52


53
        # Reverse Proxy / NAT

54
        # If you want BeEF to be accessible behind a reverse proxy or NAT,

55
        #   set both the publicly accessible hostname/IP address and port below:

56
        # NOTE: Allowing the reverse proxy will enable a vulnerability where the ui/panel can be spoofed

57
        #   by altering the X-FORWARDED-FOR ip address in the request header.

58
        allow_reverse_proxy: false

59
        #public: "example" # public hostname/IP address

60
        #public_port: "" # public port (experimental)

61


62
        # Hook

63
        hook_file: "/hook.js"

64
        hook_session_name: "BEEFHOOK"

65


66
        # Allow one or multiple origins to access the RESTful API using CORS

67
        # For multiple origins use: "http://browserhacker.com, http://domain2.com"

68
        restful_api:

69
            allow_cors: false

70
            cors_allowed_domains: "http://browserhacker.com"

71


72
        # Prefer WebSockets over XHR-polling when possible.

73
        websocket:

74
            enable: false

75
            port: 61985 # WS: good success rate through proxies

76
            # Use encrypted 'WebSocketSecure'

77
            # NOTE: works only on HTTPS domains and with HTTPS support enabled in BeEF

78
            secure: true

79
            secure_port: 61986 # WSSecure

80
            ws_poll_timeout: 5000 # poll BeEF every x second, this affects how often the browser can have a command execute on it

81
            ws_connect_timeout: 500 # useful to help fingerprinting finish before establishing the WS channel

82


83
        # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)

84
        web_server_imitation:

85
            enable: true

86
            type: "apache" # Supported: apache, iis, nginx

87
            hook_404: false # inject BeEF hook in HTTP 404 responses

88
            hook_root: false # inject BeEF hook in the server home page

89
        # Experimental HTTPS support for the hook / admin / all other Thin managed web services

90
        https:

91
            enable: false

92
            # Enabled this config setting if you're external facing uri is using https

93
            public_enabled: false

94
            # In production environments, be sure to use a valid certificate signed for the value

95
            # used in beef.http.public (the domain name of the server where you run BeEF)

96
            key: "beef_key.pem"

97
            cert: "beef_cert.pem"

98


99
    database:

100
        file: "beef.db"

101


102
    # Autorun Rule Engine

103
    autorun:

104
        # this is used when rule chain_mode type is nested-forward, needed as command results are checked via setInterval

105
        # to ensure that we can wait for async command results. The timeout is needed to prevent infinite loops or eventually

106
        # continue execution regardless of results.

107
        # If you're chaining multiple async modules, and you expect them to complete in more than 5 seconds, increase the timeout.

108
        result_poll_interval: 300

109
        result_poll_timeout: 5000

110


111
        # If the modules doesn't return status/results and timeout exceeded, continue anyway with the chain.

112
        # This is useful to call modules (nested-forward chain mode) that are not returning their status/results.

113
        continue_after_timeout: true

114


115
    # Enables DNS lookups on zombie IP addresses

116
    dns_hostname_lookup: false

117


118
    # IP Geolocation

119
    # NOTE: requires MaxMind database. Run ./updated-geoipdb to install.

120
    geoip:

121
        enable: true

122
        database: '/opt/GeoIP/GeoLite2-City.mmdb'

123


124
    # You may override default extension configuration parameters here

125
    # Note: additional experimental extensions are available in the 'extensions' directory

126
    #       and can be enabled via their respective 'config.yaml' file

127
    extension:

128
        admin_ui:

129
            enable: true

130
            base_path: "/ui"

131
        demos:

132
            enable: true

133
        events:

134
            enable: true

135
        evasion:

136
            enable: false

137
        requester:

138
            enable: true

139
        proxy:

140
            enable: true

141
        network:

142
            enable: true

143
        metasploit:

144
            enable: false

145
        social_engineering:

146
            enable: true

147
        xssrays:

148
            enable: true

149


150