What is Beef-xss Framework??
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploit ability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
credits to https://beefproject.com/
so in other words we can use this to hack a browser with a link.
DISCLAIMER
I am testing this on my own network make sure you have the consent of the owner before testing.
Now to start
To send the link you must have the right ports open on your router.
moving on, open terminal and type service apache2 start 
now we type ifconfig for our local host.
so my local host is 192.168.8.107 nice one so once we have the local host we need to start beef if you are using Kail it’s already installed. If you’re using another OS that beef isn’t installed on use this command and install it by going into the dir git clone https://github.com/beefproject/beef.git as I’m on Kail I don’t have to install it, and I wont be showing you how to install it sorry that’s for a post some other time so let’s get back to this. Now we clear the terminal just type clear and then we type beef-xss
this will now open Firefox and load the login for beef.
now we are going to change the url to our local host so we can login, so my local host is 192.168.107
Username: beef Password: beef
now that you’re logged in there’s a few thing’s you need to know it will be displayed on the main page so make sure to read it.
now we get the page to send to the victim in this case my self coz I’m a loner lol.
So we need to go down to
and click on one of the links, one is a basic page another is more advanced with credit card logger. I do not advise you to use this!!
Default example of pages;
Basic
Advanced
once you click on the link you will see the left hand side of the screen show a list with your local host this tells you the browser is hooked, click it
it will give you this menu you will have to click command, click on the command you wanna send to the browser
remember from the starting page on beef green means it will be invisible to target, amber means may be visible to target and silver or white wont work, also red means wont work.
I hope you like this any questions feel free to comment below!!
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.