[Solved] Beef question

You mentioned in this course when you used beef on kali linux, you inject hook.js inside a web page then after the victim opened the link you got the fingerprint information, after that you could send some fake update to the victim browser.
I am wondering how this could happen without reverse shell code , i mean hook.js is javascript file there is no way to create reverse tcp connection.

This example is via social engineering. You present something (In this example an update). They run the update. This executes the shell code. I show this is the browser hacking demo lecture.

maybe my question was no clear Enough , i meant how we can send fake update to the victim browser, i am asking this question because in V1 course you said the router by default will block any inbound request, so basically if i am not on the same network i will be unable to send this fake update, right???

The client downloads the fake update over http because he is shown a fake update option. Your not sending anything so no inbound. They are downloading everything so they are pulling it.