From e1ed67b5d363dafc503613474182b4b9ec13d626 Mon Sep 17 00:00:00 2001
From: bcoles <bcoles@gmail.com>
Date: Sat, 1 Apr 2023 04:21:36 +1100
Subject: [PATCH] config: add comments for public connect-back settings (#2778)

---
 config.yaml                          | 33 ++++++++++++++--------------
 core/main/handlers/hookedbrowsers.rb | 11 ++--------
 2 files changed, 18 insertions(+), 26 deletions(-)

diff --git a/config.yaml b/config.yaml
index 2b7b39113..400790d2f 100644
--- a/config.yaml
+++ b/config.yaml
@@ -45,22 +45,23 @@ beef:
         # Enabling WebSockets is generally better (beef.websocket.enable)
         xhr_poll_timeout: 1000
 
-        # Host Name / Domain Name
-        # If you want BeEF to be accessible via hostname or domain name (ie, DynDNS),
-        # These settings will be used to create a public facing URL
-        # This public facing URL will be used for all hook related calls
-        # set the public setting below:
-        # public:
-        #     host: "" # public hostname/IP address
-        #     port: "" # public port will default to 80 if no https 443 if https 
-                      # and local if not set but there is a public host
-        #     https: false # true/false
+        # Public Domain Name / Reverse Proxy / Port Forwarding
+        #
+        # In order for the client-side BeEF JavaScript hook to be able to connect to BeEF,
+        # the hook JavaScript needs to be generated with the correct connect-back details.
+        #
+        # If you're using a public domain name, reverse proxy, or port forwarding you must
+        # configure the public-facing connection details here.
 
-        # Reverse Proxy / NAT
-        # If you want BeEF to be accessible behind a reverse proxy or NAT,
-        #   set both the publicly accessible hostname/IP address and port below:
-        # NOTE: Allowing the reverse proxy will enable a vulnerability where the ui/panel can be spoofed
-        #   by altering the X-FORWARDED-FOR ip address in the request header.
+        #public:
+        #    host: "beef.local" # public hostname/IP address
+        #    port: "443" # public port (443 if the public server is using HTTPS)
+        #    https: false # true/false
+
+        # If using any reverse proxy you should also set allow_reverse_proxy to true below.
+        # Note that this causes the BeEF server to trust the X-Forwarded-For HTTP header.
+        # If the BeEF server is directly accessible, clients can spoof their connecting
+        # IP address using this header to bypass the IP address permissions/exclusions.
         allow_reverse_proxy: false
 
         # Hook
@@ -93,8 +94,6 @@ beef:
         # Experimental HTTPS support for the hook / admin / all other Thin managed web services
         https:
             enable: false
-            # Enabled this config setting if you're external facing uri is using https
-            public_enabled: false
             # In production environments, be sure to use a valid certificate signed for the value
             # used in beef.http.public (the domain name of the server where you run BeEF)
             key: "beef_key.pem"
diff --git a/core/main/handlers/hookedbrowsers.rb b/core/main/handlers/hookedbrowsers.rb
index cc614581b..6bc27706d 100644
--- a/core/main/handlers/hookedbrowsers.rb
+++ b/core/main/handlers/hookedbrowsers.rb
@@ -22,6 +22,7 @@ module BeEF
         def confirm_browser_user_agent(user_agent)
           browser_type = user_agent.split(' ').last # selecting just name/version of browser
           # does the browser already exist in the legacy database / object? Return true if yes
+          # browser and therefore which version of the hook file to generate and use
           BeEF::Core::Models::LegacyBrowserUserAgents.user_agents.each do |ua_string|
             return true if ua_string.include? browser_type
           end
@@ -90,7 +91,7 @@ module BeEF
             hooked_browser.lastseen = Time.new.to_i
 
             # @note Check for a change in zombie IP and log an event
-            if config.get('beef.http.use_x_forward_for') == true
+            if config.get('beef.http.allow_reverse_proxy') == true
               if hooked_browser.ip != request.env['HTTP_X_FORWARDED_FOR']
                 BeEF::Core::Logger.instance.register('Zombie', "IP address has changed from #{hooked_browser.ip} to #{request.env['HTTP_X_FORWARDED_FOR']}", hooked_browser.id.to_s)
                 hooked_browser.ip = request.env['HTTP_X_FORWARDED_FOR']
@@ -139,14 +140,6 @@ module BeEF
             # @note is a known browser so send instructions
           end
 
-          # check for string within array of strings
-          def check_for_string(string, array)
-            array.each do |item|
-              return true if item.include? string
-            end
-            false
-          end
-
           # @note set response headers and body
           headers  'Pragma' => 'no-cache',
                    'Cache-Control' => 'no-cache',