What is BeEF?
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exportability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
BeEF is a security tool, allowing a penetration tester or system administrator additional attack vectors when assessing the posture of a target
beefproject.com
Now that we know a little about the BeEF project we can start exploiting browsers before we start I will list the required software we will be using.
Installing BeEF
#apt-get update
#apt-get install beef-xss
Requirements
Kali Linux or other Linux OS
BeEF (The Browser Exploitation Framework)
BeEF comes pre-installed in various pentesting operating systems such as Kali Linux, Parrot OS, BlackArch, Backbox, Cyborg OS in this tutorial I will be using Kali Linux there no difference weather you use Kali Linux or Parrot the tutorial will still take the same steps.
You can find BeEF in Kali Linux applications menu.
“Applications” -> “Kali Linux” -> “System Services” -> “BeEF” -> “beef start.”
Or from a new terminal we can start BeEF’ using the following commands.
# cd /usr/share/beef-xss
#./beef
Screenshot-from-2017-05-29-23-32-16.png
Shows BeEF Framework running on 2 Interfaces Locally. (It does not matter what interface you use as long as your hook Payload is correctly configured).
Accessing BeEF Web GUI
To access BeEF server open up any web browser and access localhost (127.0.0.1). BeEF runs a web server at port 3000. We can access BeEFS Web GUI from the following URL.
http://localhost:3000/ui/authentication
The default credentials for beEF are both “beef” username “beef” and password “beef”.
Screenshot-from-2017-05-29-23-36-21.png
BeEF Login Web GUI
Once you have logged into BeEF Web GUI you can see a section on the left “Hooked Browsers” Online Browsers and Offline Browsers. This section shows victims hooked status.
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exportability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
BeEF - The Browser Exploitation Framework Project
BeEF is a security tool, allowing a penetration tester or system administrator additional attack vectors when assessing the posture of a target
Now that we know a little about the BeEF project we can start exploiting browsers before we start I will list the required software we will be using.
Installing BeEF
#apt-get update
#apt-get install beef-xss
Requirements
Kali Linux or other Linux OS
BeEF (The Browser Exploitation Framework)
BeEF comes pre-installed in various pentesting operating systems such as Kali Linux, Parrot OS, BlackArch, Backbox, Cyborg OS in this tutorial I will be using Kali Linux there no difference weather you use Kali Linux or Parrot the tutorial will still take the same steps.
You can find BeEF in Kali Linux applications menu.
“Applications” -> “Kali Linux” -> “System Services” -> “BeEF” -> “beef start.”
Or from a new terminal we can start BeEF’ using the following commands.
# cd /usr/share/beef-xss
#./beef
Screenshot-from-2017-05-29-23-32-16.png
Shows BeEF Framework running on 2 Interfaces Locally. (It does not matter what interface you use as long as your hook Payload is correctly configured).
Accessing BeEF Web GUI
To access BeEF server open up any web browser and access localhost (127.0.0.1). BeEF runs a web server at port 3000. We can access BeEFS Web GUI from the following URL.
http://localhost:3000/ui/authentication
The default credentials for beEF are both “beef” username “beef” and password “beef”.
Screenshot-from-2017-05-29-23-36-21.png
BeEF Login Web GUI
Once you have logged into BeEF Web GUI you can see a section on the left “Hooked Browsers” Online Browsers and Offline Browsers. This section shows victims hooked status.