In recent days, hackers can hack your phone with just one message. All your data can be stolen with just one click. Everything can be managed with just one tool. The tool's name is BeEF.
BeEF(Browser Exploitation Framework)
The Browser Exploitation Framework, or BeEF for short, is a penetration testing tool designed for testing and attacking web browsers. Using BeEF, we can fingerprint web browsers, profile users, and attack the browser to further our access to target systems.In this blog, we cover the following topics:
- Hooking browsers
- Fingerprinting with BeEF
- Browser exploitation
- Automating attacks
Setting Up BeEF
The BeEF comes pre-installed with Kali Linux. If you are in another Linux Environment just follow these steps:
mrdev@kali:~# git clone https://github.com/beefproject/beef.git
mrdev@kali:~# cd beef
mrdev@kali:~/beef# bundle install
mrdev@kali:~/beef# ./beef --> To Run BeEF
Configure username & Password
To run BeEF, it is important to configure the user name and password. Run the following command:
mrdev@kali:~# cd /usr/share/beef-xss
mrdev@kali:~# nano config.yaml
From Here you have to change the username and password.
To save hit CTRL + X and hit Enter. Now run beef:
Using the BeEF Console
To run browser exploitation Framework menu > System services > beef start.
Now that BeEF is running, the next step is to launch a browser to access the admin console.
Using the URL from the last lab, we can start our Iceweasel browser and visit
http://127.0.0.1:3000/ui/panel. This should redirect the browser to the authentication
page for BeEF with the login box.
The credentials for BeEF are “mrdev” for the username and “beef” for the
password. Once these are entered, the BeEF console should be displayed with the
default right pane containing the “Getting Started” information.
Hooking Browsers
To really explore BeEF,
we need to have a browser hooked. To Hook the browser you need to follow a few steps:
1. Create a new HTML/CSS page.
2. In at head tag you have to paste the script from the terminal. Watch my YouTube video to learn more.
3. Send the HTML file to the Apache folder and start the Apache server using the following command:
mrdev@kali:~# sudo mv hack.html /var/www/html
mrdev@kali:~# service apache2 start
Watch the video till the end You will find out your answer.