How To: BeEF - the Browser Exploitation Framework Project OVER WAN

BeEF - the Browser Exploitation Framework Project OVER WAN

How to BeEF - the Browser Exploitation Framework Project OVER WAN

Hello all

Just thought id share how ive managed to get beef working over the internet.

Step 1: All Needed Ports Forwarded

First things first, you need to make sure you have these ports forwarded on your router. On mine it shows in the advance settings NAT >

< Port Forwarding.

then i can add all the ports i need for beef to work.

Add These Ports 3000, 5432, 55552, 53, 80

Step 2: Add the Ip into Beef config.yaml

now once you have forwarded your ports correctly you can move onto the kali 2.0 machine. open up a terminal and type

root@kali:~# cd /usr/share/beef-xss/
root@kali:/usr/share/beef-xss# leafpad config.yaml

this should now open up the beef config file as so.
dnshost "your public ip" put your public ip in here

db_host "Your Public Ip"_

now close and save that file.

Step 3: Metasploit Config.yaml

now once that is saved and closed you should still see

Root@Kali:~# /Usr/Share/Beef-Xss
Type Cd Extensions/Metasploit/

then while in there type leafpad config.yaml

And where i have put !!your ip here!! on the picture above^ put your public ip

Host " Your Public Ip"
callback_host "Yourpublicip"_

and also make sure when you do its only numbers , no http://

now save this file and close.

now when you load beef framework up again.

Replace Your Public Ip Before >>> :3000/Ui/Authentication
Replace [Http:// ]
with Your Public Ip

>>>>> [Http:// ]
>>>>> XX.XXX.XXX.XXX:3000/Ui/Authentication

thats it.
Beef should now be setup to use your public ip for connections back.

you should also look into setting up ddns these seem ok and free.

Thanks, RapiD


Nice explanation, however I would like to point out that NoIP's managed DNS service isn't a safety barrier for anyone. Whoever decides to take this to a black hat level, I warn you that if an investigation occurs, NoIP will freely hand your IP address over to the authorities. This is a friendly notice.


just like TRT said. dont be stupid with this.

Yes i fully agree TRT i should have stated that this is for testing on networks you have permission on. the only reason i wanted this to work over WAN is i had full permission from the owners of networks. and to show the dangers too them.

Thanks for the heads up

i have now second thoughts on this post? should i remove it?

if im using whonix gateway?
it will be the same process?

Bien expliquer
J'ai deux questions
1) on dois installer noip dans kali ?
2) tu nous dis d'ouvrir quel que ports mais on les ouvres avec l'IP de ifconfig ou cele de route -n gateway


did everything, not working for me over WAN, instead of forwarding each port, i set my local ip to dmz, all port are opened, yet not working

All ports are opened, I have changed the config.yaml, I have Installed no-ip, but still doesn't work for me. What could be the reason for this?

I have set my public ip to dmz too and still doesn't work.

can someone help clear this issue?


O'wise RAPID, Thanks for the guide. Would you think using the "noip hostname" in place of the public Ip a good practice, since it points to the public ip already. Once again I appreciate so much...

where should i point the port? if my local and beef address is, should i point the port forward to it? sorry newbie.

Share Your Thoughts

  • Hot
  • Latest