Hacking With BeEF- Fake Flash Update, Add-ons Installation, Stealing Facebook & Gmail Credentials

Hacking With BeEf, The Browser Exploitation Framework is a penetration testing tool which focuses strongly on web browsers. Unlike other security frameworks, BeEF passes through the hardened network perimeters and client systems examining the web browser alone.

How BeEf work?

BeEF will hook up web browsers and use them as beachheads for launching directed command modules and further, attacks the system through the browser context.

Let’s see more about these:

1.Stealing Facebook Credential:

When you execute a “Pretty Theft” command to steal the facebook [Or any social media] credential:

A timed out session alert will be seen in the target’s browser, prompting them to login using their user credential.

This credential will be saved in the BeEf database, against the executed command.

2.Fake Add-On Installation:

Create a command to set a pop up alert at the Target’s browser, where malicious URLs can be added at the Plugin URL

Output at the Target’s computer

3.Fake update of Flash player:

Make a fake Flash Player update alert at the Client’s browser, and collect information through it.

Pop up window seen:

4.Exfiltrating Gmail credentials:

Setting BeEf Command to collect the gmail credentials:

A normal gmail homepage the Target would see:

BeEF has a very clean interface, by organizing attacks based on type and also by indicating if the particular attack is relevant to a browser (IE, FF, Chrome etc.). So you can just point and click on the attacks to launch.

This is one serious PenTest Tool that comes on the GUI and shows perfect output, must to be tried!