SHARE
TWEET

BeeF Framework

AnonymousDelta Oct 15th, 2019 212 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. Synex
  3. Browser Exploitation Framework: BeEF
  4. CyberPunk » Exploitation Tools
  5.  
  6.  
  7.  
  8.  
  9. Browser Exploitation Framework
  10. The Browser Exploitation Framework (BeEF) is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing.
  11.  
  12. Browser Exploitation Framework: BeEF Browser Exploitation Framework: BeEF
  13.  
  14. BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors. The framework allows the penetration tester to select specific modules (in real-time) to target each browser, and therefore each context.
  15.  
  16. The framework contains numerous command modules that employ BeEF’s simple and powerful API. This API is at the heart of the framework’s effectiveness and efficiency. It abstracts complexity and facilitates quick development of custom modules.
  17.  
  18.  
  19. BeEF can be used to further exploit a cross site scripting (XSS) flaw in a web application. The XSS flaw allows an attacker to inject BeEF project Javascript code into the vulnerable web page. In BeEF terminology, the browser that has visited the vulnerable page is “hooked”. This injected code in the “hooked” browser then responds to commands from the BeEF server. The BeEF server is a Ruby on Rails application that communicates with the “hooked browser” through a web-based user interface. BeEF comes with the Kali Linux
  20.  
  21. Browser Exploitation Framework: BeEF Wiki
  22.  
  23.  
  24.  
  25. Requirements
  26. OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
  27. Ruby 1.9.2 or higher
  28. SQLite 3.x
  29. The gems listed in the Gemfile: https://github.com/beefproject/beef/blob/master/Gemfile
  30.  
  31.  
  32.  
  33.  
  34. Browser Exploitation Framework: BeEF installation guide
  35.  
  36.  
  37.  
  38. Commands
  39. The commands that come with BeEF include, but are not limited to:
  40.  
  41. changing URLs of links on the target page.
  42. redirecting the victim’s browser to an arbitrary site
  43. causing dialog boxes to appear and attempt to collect information from the user,
  44. browser fingerprinting,
  45. uploading arbitrary files from the victim’s device, and
  46. detecting valid sessions with selected applications such as Twitter, Facebook and GMail.
  47.  
  48.  
  49. Notable features
  50. BeEF’s modular framework allows addition of custom browser exploitation commands.
  51. The extension API allows users to change BeEF’s core behavior.
  52. Keystroke logging
  53. Browser proxying
  54. Integration with Metasploit
  55. Plugin detection
  56. Intranet service exploitation
  57. Phonegap modules
  58. Hooking through QR codes
  59. Social Engineering modules spur user response such as entering sensitive data and responding to reminders to update software
  60. Restful API allows control of BeEF through http requests (JSON format).
  61.  
  62.  
  63. Source && Download
  64.  
  65. Browser Exploitation Framework: BeEF download
  66.  
  67. Positives
  68. Very clean interface. API. 'Point and Click' Attacks. It is a great attack tool as practically any browser that loads the hook script will get hooked
  69.  
  70. Negatives
  71. BeEF is expecting that all web browsers have javascript enabled
  72.  
  73.  
  74.  
  75. RATE HERE
  76. Ease Of Use
  77. 64%
  78. Features
  79. 63%
  80. Value
  81. 66%
  82. Overall Rating
  83. 67%
  84. Bottom Line
  85. It can be used as a serious Pen Test tool. In most cases, when you demonstrate an XSS to a client (assuming you're a pen tester) it does not have that much of an impact when you show them a silly pop up. On the other hand, if you demonstrate XSS using BeEF, now that will give them a scare.
  86.  
  87. 65%
  88. 10 RATINGS
  89. OWND
  90. 33%
  91. COOL
  92. 33%
  93. NICE
  94. 22%
  95. WHAT ?
  96. 11%
  97. MEH
  98. 0%
  99. ZZZZZZZ
  100. 0%
  101. RAGE
  102. 0%
  103. You may also like:
  104. Exploitation ToolsPost Exploitation
  105.  
  106.  
  107. NSA Software Reverse Engineering Framework: Ghidra
  108.  
  109.  
  110. Graphical User Interface for Metasploit Meterpreter and Session Handler: Kage
  111.  
  112.  
  113. Kernel-Mode Rootkit Hunter: Tyton
  114.  
  115.  
  116. Tools for capturing and analyzing keyboard input paired with microphone capture
  117.  
  118.  
  119. Powershell Script for Enumerating Vulnerable DCOM Applications: DCOMrade
  120.  
  121.  
  122. Automatic SQL injection and database takeover tool: sqlmap
  123.  
  124.  
  125.  
  126.  
  127.  
  128. Do you want to write for CyberPunk? If you have an interesting and intelligent topic you think we would like to publish, send it to admin@n0where.net. Tools should use "TOOL" subject. Articles [ Hackers Perspective, I hack3r, Hacker History, Hacker Today ], Overviews & Insights, PWN, phreakers and REST use subject HACK (We do require that any submission was NOT previously printed or available online). Letters to the editor ? Subject: "LETTER".
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top