Jump to content
virusz

BeEF - Browser exploitation framework

By virusz, in Programe hacking

Recommended Posts

virusz Rookie

virusz

Posted
Posted

BeEF is a browser exploitation framework. This tool will demonstrate the collecting of zombie browsers and browser vulnerabilities in real-time. It provides a command and control interface which facilitates the targeting of individual or groups of zombie browsers.

Enhancements in the latest version include:

* Integration with Metasploit via XMLRPC

* Mozilla extension exploitation support

* New browser functionality detection modules

* Tiered logging for module actions and results

Screen:

zombiedetails-medium.png

+

http://www.bindshell.net/tools/beef/screenshots/autopwn.png

BeEF provides an easily integratable framework that demonstrates the impact of browser and Cross-site Scripting issues in real-time. Development has focused on creating a modular framework. This has made module development a very quick and simple process. Current modules include metasploit, port scanning, keylogging, TOR detection and more.

------------------

Install

Standard

Standard Install Instructions

* Extract the BeEF tar file to the webroot

* Check BeEF directory permissions and ownership of BeEF directories and files

* Open a browser and connect to http://beefsite/beef/

o Follow install instructions

BackTrack

BackTrack Install Instructions

Set ServerName

Edit ServerName in '/usr/local/apache/conf/httpd.conf'.

* ServerName <your domain/IP>

Extract BeEF to HTTP Server

* cp beef-v*.tgz /usr/local/apache/htdocs

* cd /usr/local/apache/htdocs

* tar xzvf beef-v*.tgz

Setup BeEF from Browser

* Browse to http://<your domain/IP>/beef/

* Follow Instructions

* Click 'Finished'

Verifying Install

Use a browser to connect to 'http://beefsite/beef/hook/example.php'. Now a zombie will appear in the zombie section of the BeEF UI.

After a zombie has connected, select the 'alert' module. Enter an 'Alert String' and click send. Now check the target browser and you will see that an alert dialog box is shown.

------------------------------------------------------------------------------------

Video:

NTLM Challenge Credential Theft with BeEF and Metasploit on Vimeo

Executing Browser AutoPWN Through BeEF on Vimeo

Upgrading BeEF in Samurai WTF on Vimeo

--------------------------

Download: http://www.bindshell.net/tools/beef/beef-latest.tar.gz

Homepage: BindShell.Net: BeEF

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...