begood Posted March 12, 2010 Report Posted March 12, 2010 BeEF is the browser exploitation framework. A professional tool to demonstrate the real-time impact of browser vulnerabilities. Development has focused on creating a modular structure making new module development a trivial process with the intelligence residing within BeEF. Current modules include the first public Inter-protocol Exploit, a traditional browser overflow exploit, port scanning, keylogging, clipboard theft and more. The modules are aimed to be a representative set of current browser attacks - with the notable exception of launching cross-site scripting viruses. You can download BeEF from Bindshell.net.Though BeEF can be used to exploit computers located anywhere on the Interent (e.g. by setting up a malicious site) and on the local LAN (e.g. use a simple MITM to send the payload), I particularly feel it would be very useful in compromising computers in hotspot destinations. Here is a simple use case - A hacker can setup a Honeypot advertising a local hotspot in the vicinity such as tmobile, google-wifi or starbucks. An unsuspecting user successfully connects to this honeypot and fires his browser to check his web email. The hacker re-directs the user and serves him a malicious page using BeEF. User gets 0wned Below are 2 videos about the BeEF framework: First is a simple walk through on how to get started with BeEF on Backtrack 4 and how one can detect if the victim has flash and java installed. The second video is a demo of the MS09-002 exploit using BeEF.Browser Exploitation Framework (BeEF) Tutorial Quote
