Has this already been patched by Vegan extension for Chrome.

A new BeEF exploration script to circumvent the anti-BeEF Vegan extension for Google Chrome: https://github.com/beefproject/beef/commit/4413cde1875f9b328d5b8669a595deee1fdfd220
Has this already been patched?

polonus

P.S. This was news: http://www.theregister.co.uk/2015/06/26/vegan_chrome_extension_to_defeat_beef/

D

Testing with WebRTC extension in Chrome, code credits Christian Frichot (3 days old)
Firefox code changed for Chrome and Chrome API, run in Tampermonkey.
Interesting results as Vegan does not protect all.
BeEF is becoming a growing concern in my view,
Malware Script Detector v.0.2b detects all BeEF injection attampt and blocks accordingly.

polonus

Check for http://website/3000/ui/panel (dork)
you will get a page not found but also that site.
Example - BeEF …

   "error": {
      "message": "An access token is required to request this resource.",
      "type": "OAuthException",
      "code": 104
   }
}]/code] -> ?welcome  :o or continue to the frontpage of website..
resulting in  

var googletag = googletag || {};
googletag.cmd = googletag.cmd || ;
(function() {
var gads = document.createElement(‘script’);
gads.async = true;
gads.type = ‘text/javascript’;
var useSSL = ‘https:’ == document.location.protocol;
gads.src = (useSSL ? ‘https:’ : ‘http:’) +
//www.googletagservices.com/tag/js/gpt.js’;
var node = document.getElementsByTagName(‘script’)[0];
node.parentNode.insertBefore(gads, node);
})();

googletag.cmd.push(function() {
googletag.defineSlot(‘/51960304/banner_header’, [468, 60], ‘div-gpt-ad-1369080985555-0’).addService(googletag.pubads());
googletag.defineSlot(‘/51960304/leaderboard_frontpage’, [728, 90], ‘div-gpt-ad-1369080985555-1’).addService(googletag.pubads());
googletag.defineSlot(‘/51960304/leaderboard_generic’, [728, 90], ‘div-gpt-ad-1427107760956-0’).addService(googletag.pubads());
googletag.defineSlot(‘/51960304/rectangle_detail’, [336, 280], ‘div-gpt-ad-1369080985555-3’).addService(googletag.pubads());
googletag.defineSlot(‘/51960304/square_sidebar’, [250, 250], ‘div-gpt-ad-1369088001681-0’).addService(googletag.pubads());
googletag.pubads().collapseEmptyDivs();
googletag.pubads().enableSingleRequest();
googletag.enableServices();
});

 Read: https://stackoverflow.com/questions/19329560/how-do-i-target-which-ads-id-like-to-refresh-with-gpt

polonus

Interesting shodan search results: https://www.shodan.io/search?query=ui%2Fpanel
and https://www.shodan.io/search?query=hook.js → htxp://198.58.127.172:5000/
→ htxp://www.gameserverdirectory.com/server/198.58.127.172:26901/banners.php
http://domain-kb.com/www/floorschedules.com etc.

polonus