How To Use Browser Exploitation Framework

SHARE:


The Browser Exploitation Framework (BeEF) is a penetration testing tool written in Ruby and designed to both showcase browser weaknesses as well as perform attacks both on and through the web browser. BeEF consists of a server application that manages the connected clients, known as “zombies”, and JavaScript “hooks” which run in the browser of target hosts.

Traditionally, the JavaScript hook is injected by the attacker into HTML code either through an attack such as Cross Site Scripting (XSS) or SQL Injection. Once the hook is processed by the browser, it beacons back home to the BeEF server, and will process JavaScript based commands sent from the BeEF server to the client.

The commands sent to the browser are triggered through modules running within the BeEF server. These modules send commands that do everything from fingerprinting browsers and plug-ins to allowing the attacker to proxy web traffic through the browser. Additional modules exist to perform tasks such as network scanning, browser keystroke logging, and cross protocol exploitation where HTTP requests can be sent to non-HTTP services with exploit payloads that will execute and return shells back to an attacker.

In backtrack Beef  has been installed.But it`s not latest version , so you have to clone git repository for latest installation.

git clone https://github.com/beefproject/beef.git
cd beef
gem install bundler
bundle install
./beef


beef

Open user interface URL in brwoser & enter username & password which is beef. On the right side you can see getting started text & log.


beef

Now what you have to do is just send link http://your I.P:3000/demos/butcher/index.html or http://your I.p.:3000/demos/basic.html to victim
You can also put it in iframe and make some fake website & send link of fake website to victim like Metasploit Browser Exploitation method.
As soon as victim click on your link ; you can see victim I.P. on online browser in left side of panel.
Now click on I.P. & then command tab on righ side . There is list of command which you can execute on victim browser as long as he has open our link in his browser.
Here you can see three section module tree ; result history & details about module .
Select module & click on execute button & then view command result in module history.
There is lots of module available ; you can test it one by one & find some intresting info about victim.But our main requirement is victim should keep open our link.

COMMENTS

Name

11th,2,12th,20,12th Chemistry,5,12th Computer Science,7,12th Physics,1,5th Sem CSE,1,AAI ATC,2,Android,18,Banking,1,Blogger,41,Books,5,BTech,17,CBSE,22,CSE,4,ECE,3,Electronics,1,English,2,ESE,1,Ethical Hacking,61,Exams,5,Games,9,GATE,1,GATE ECE,1,Government Jobs,1,GS,1,How To,27,IBPS PO,1,Information,52,Internet,24,IPU,8,JEE,8,JEE Mains,8,Jobs,1,Linux,65,News,18,Notes,23,Physics,3,Placement,10,PO,1,Poetry,3,RRB,1,SEO,11,Softwares,38,SSC,2,SSC CGL,1,SSC GS,2,Tips and Tricks,46,UPSC,1,Windows,46,
ltr
item
SolutionRider- One Stop Solution for Notes, Exams Prep, Jobs & Technical Blogs.: How To Use Browser Exploitation Framework
How To Use Browser Exploitation Framework
The Browser Exploitation Framework (BeEF) is a penetration testing tool written in Ruby and designed to both showcase browser weaknesses as well as perform attacks both on and through the web browser. BeEF consists of a server application that manages the connected clients, known as “zombies”, and JavaScript “hooks” which run in the browser of target hosts. Traditionally, the JavaScript hook is injected by the attacker into HTML code either through an attack such as Cross Site Scripting (XSS) or SQL Injection. Once the hook is processed by the browser, it beacons back home to the BeEF server, and will process JavaScript based commands sent from the BeEF server to the client. The commands sent to the browser are triggered through modules running within the BeEF server. These modules send commands that do everything from fingerprinting browsers and plug-ins to allowing the attacker to proxy web traffic through the browser. Additional modules exist to perform tasks such as network scanning, browser keystroke logging, and cross protocol exploitation where HTTP requests can be sent to non-HTTP services with exploit payloads that will execute and return shells back to an attacker. In backtrack Beef has been installed.But it`s not latest version , so you have to clone git repository for latest installation. git clone https://github.com/beefproject/beef.git cd beef gem install bundler bundle install ./beef beef Open user interface URL in brwoser & enter username & password which is beef. On the right side you can see getting started text & log. beef Now what you have to do is just send link http://your I.P:3000/demos/butcher/index.html or http://your I.p.:3000/demos/basic.html to victim You can also put it in iframe and make some fake website & send link of fake website to victim like Metasploit Browser Exploitation method. As soon as victim click on your link ; you can see victim I.P. on online browser in left side of panel. Now click on I.P. & then command tab on righ side . There is list of command which you can execute on victim browser as long as he has open our link in his browser. Here you can see three section module tree ; result history & details about module . Select module & click on execute button & then view command result in module history. There is lots of module available ; you can test it one by one & find some intresting info about victim.But our main requirement is victim should keep open our link.
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6LPfGLK20xcgG1GKiJudQHEjjyb66aZX2NDVkgAG44SXyjC1yNM1GvuFAsy0mvNSCAS94QkKXz7Rf_SjqA3It-UPJbCK26q2auc4xGqnmlmWEULcdRPFccGwh8Z4z2humC9YxrhyOjllm/s640/beef.jpeg
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6LPfGLK20xcgG1GKiJudQHEjjyb66aZX2NDVkgAG44SXyjC1yNM1GvuFAsy0mvNSCAS94QkKXz7Rf_SjqA3It-UPJbCK26q2auc4xGqnmlmWEULcdRPFccGwh8Z4z2humC9YxrhyOjllm/s72-c/beef.jpeg
SolutionRider- One Stop Solution for Notes, Exams Prep, Jobs & Technical Blogs.
https://thesolutionrider.blogspot.com/2017/10/how-to-use-browser-exploitation.html
https://thesolutionrider.blogspot.com/
https://thesolutionrider.blogspot.com/
https://thesolutionrider.blogspot.com/2017/10/how-to-use-browser-exploitation.html
true
6820083649286484786
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy