UPDATE: BeEF 0.4.3.6!

[DarkyAngel]

Recently, an updated version – BeEF version 0.4.3.6 – has was made available to us!

“BeEF, the Browser Exploitation Framework is a professional security tool provided for lawful research and testing purposes. It allows the experienced penetration tester or system administrator additional attack vectors when assessing the posture of a target. The user of BeEF will control which browser will launch which exploit and at which target. BeEF hooks one or more web browsers as beachheads for the launching of directed exploits in real-time. Each browser is likely to be within a different security context. This provides additional vectors that can be exploited by security professionals. BeEF provides an easily integratable framework that demonstrates the impact of browser and Cross-site Scripting issues in real-time. Development has focused on creating a modular framework. This has made module development a very quick and simple process. Current modules include Metasploit, port scanning, keylogging, TOR detection and more.“

Changes made to BeEF 0.4.3.6:

• Twitter and E-mail notifications (thanks @marcwickenden): we have a new extension where you can configure an SMTP server or Twitter account in order to receive automatic notifications as soon as a new browser is hooked in BeEF;
  
• HTTPS support (thanks to one of our long-term developers, Christian @xntrik Frichot): you can now start BeEF with full HTTPS support. You should use this when you want to target HTTPS applications, especially if the user is using latest Chrome/Firefox browsers: they do security checks for mixed content and prevent the hook to work in case you use HTTP;
  
• New Chrome extension module (thanks Mike Haworth): now you can have screenshots of the current tab the user is in;
  
• Gmail phishing and Flash Webcam modules (thanks floyd.ch): using the first module you can logout a user from Gmail, create a fake Gmail login page, then steal the the Google account credentials. With the second module, if the user clicks “Allow Webcam” from the popup created by Flash, you can get photos from his webcam at a defined time interval you can specify;
  
• Nat_pinning module (thanks Bart Leppens): you probably remember Samy’s research on the topic. Well, we added this nice attack to BeEF, so you can have fun with it.
  
• The GlassFish exploit has been enhanced (again, thanks Bart), and we also added GlassFish fingerprinting to our internal network fingerprinting module.
  
• Brendan @_bcoles Coles, as always, did a great job adding new modules and porting various attacks to BeEF: Spring exploit for CVE-2010-1622, lots of XSRF and some RCE modules for various embedded devices like routers and cameras (D-Link dir-615, Linksys wcv series, Cisco E2400, 3Com OfficeConnect ADSL Wireless 11g, Asmax AR-804gu). Other than that, he also added enhanced fingerprinting for various mobile devices, and the balloon dialogs for the admin web-gui. Let @beefproject know if you want more/different stuff in this dialog.
  
• Michele @antisnatchor Orru, except from bugfixes, added the confirm_close_tab module, in order to achieve better hook persistence and annoy the user (basically the user is asked for confirmation - in a loop - when he’s closing the hooked tab). Another bunch of changes he worked on were about the AssetHandler (you can now bind/unbind raw sockets in BeEF, useful for example in the nat_pinning module to bind a socket on port 6667), the RESTful API (added a /api/modules/multi endpoint that you can now use to launch multiple modules at once to a single target) and the admin web-gui (added a JSON endpoint that enables you to call the RESTful API from ExtJS)
  

Download BeEF:

BeEF 0.4.3.6 - beef-0.4.3.6.zip

Sursa