Monday, September 3, 2012

BeEF - Browser Exploitation Framework




BeEF is the Browser Exploitation Framework. The BeEF is an powerful security Framework. It Mainly focuses on the browser based exploits.



If you want to see the real exploitaiton with the XSS(Cross Site Scripting) the beef can be good one. By using Beef we can see what we can do with the XSS Vulnerability.

How to start with BEEF

In Backtrack Beef is already there but before that you have to install it once

Applications --> Backtrack --> Exploitation Tools --> Social Engineering Tools --> Beef XSS Framework --> Beef installer

You will be getting this screen



Applications --> Backtrack --> Exploitation Tools --> Social Engineering Tools --> Beef XSS Framework --> Beef

Dont close this terminal place like that only




The default username/password is beef/beef

Copy the UI URL and paste that in the Attacker Browser

and we will get an beef authentication page




the username and password is beef/beef

After login we will get this page




For checking

http://192.168.0.107:3000/demos/basic.html

Just place this in another tab



and see in the hooked browser section

after that we will get all the details of the hooked browser and we can execute the scripts



In the next article we will see how to exploit the XSS Vulnerability using BeEF Framework

More information on BeEF

http://www.bindshell.net/tools/beef.html

http://beefproject.com/


1 comments:

Kwonka Bomera said...

nice tut but i have a question is their are way like to mux beef with metasploit and obatain a meterpreter shell