Setting up BeEF-XSS with Zrok for Browser Exploitation

BeEF-XSS is a powerful browser exploitation framework that focuses on the web browser as the main entry point. In this tutorial, we'll explore how to use Zrok to create a secure tunnel, eliminating the need for port forwarding.


  1. Download Zrok:

    Go to and download the free zrok tool

  2. Invite Yourself to Zrok:

    Invite yourself to zrok by running the zrok invite command:

    $ ./zrok invite

    The zrok invite command presents a small form that allows you to enter (and then confirm) your email address. Tabbing to the [ Submit ] button will send the request to your configured zrok service.

    Next, check the email where you sent the invite. You should receive a message asking you to click a link to create your zrok account. When you click that link, you will be brought to a web page that will allow you to set a password for your new account.

  3. Enabling Your zrok Environment

    When your zrok account was created, the service generated a secret token that identifies and authenticates in a single step.

    Use the zrok enable command to enable your account with a single step

    $ ./zrok enable [token]

  4. Check status zrok Environment

    Run a zrok status command, you will see the details of your environment:

    $ ./zrok status

    If everything is OK we can now set up BeEF.

  5. Download and Configure BeEF:

    Download BeEF and configure it using the config.yaml file.

  6. Tunnel Traffic to BeEF Server:

    Use Zrok to tunnel traffic to your BeEF server (default port is 3000):

    $ zrok

  7. Access BeEF Admin Interface:

    Zrok will provide a publicly accessible forwarded tunnel URL. Start BeEF and ensure you can access the admin interface using this URL, for example: https://your.zrok.url/ui/panel.

  8. Configure BeEF for Zrok:

    In the config.yaml file, update the beef.http.public:* properties:

      host: your.zrok.url (without https://)
      port: 443 (or 80 for HTTP)
      https: true
      allow_reverse_proxy: true

  9. Restart BeEF-XSS:

    Restart BeEF-XSS, and it should now show your Zrok URL for accessing the admin panel: *

Congratulations! You've successfully set up BeEF-XSS with Zrok, allowing you to hook browsers without the need for port forwarding. Happy hacking responsibly!

Using Zrok with BeEf-XSS

We use cookies to improve your experience. By using our site, you agree to our Privacy Policy.