Hooking
Victims are hooked by causing a browser to load http://{VICTIM_SOCKET_IP}:{VICTIM_SOCKET_PORT}/hook.js. The IP and port of the socket server is configurable as described in Configuration.
If you are attempting to hook a browser over the internet you will need to use your public IP address and have the port forwarded. If you are doing this over a LAN you can use your internal IP but make sure your firewall is not configured to deny requests on that port.
An example page which has the hook included as a script tag can be loaded via http://{VICTIM_SOCKET_IP}:{VICTIM_SOCKET_PORT}/victim-example.html. There is nothing on this page other than a header, but it will allow you to explore what's possible.
When a victim is successfully hooked, you will receive a notification (assuming you allowed notifications with your browser), and you will see a victim pop up in the victims section of the admin page:
You can toggle viewing the current active pages of a victim by clicking on the victim in the victims section:
Clicking on a page will target that page for attack, as described in Attacks