Hacking With BeEf, The Browser Exploitation Framework is a penetration testing tool which focuses strongly on web browsers. Unlike other security frameworks, BeEF passes through the hardened network perimeters and client systems examining the web browser alone.
BeEF will hook up web browsers and use them as beachheads for launching directed command modules and further, attacks the system through the browser context.
1.Stealing Facebook Credential:
When you execute a “Pretty Theft” command to steal the facebook [Or any social media] credential:
A timed out session alert will be seen in the target’s browser, prompting them to login using their user credential.
This credential will be saved in the BeEf database, against the executed command.
2.Fake Add-On Installation:
Create a command to set a pop up alert at the Target’s browser, where malicious URLs can be added at the Plugin URL
Output at the Target’s computer
3.Fake update of Flash player:
Make a fake Flash Player update alert at the Client’s browser, and collect information through it.
Pop up window seen:
4.Exfiltrating Gmail credentials:
Setting BeEf Command to collect the gmail credentials:
A normal gmail homepage the Target would see:
BeEF has a very clean interface, by organizing attacks based on type and also by indicating if the particular attack is relevant to a browser (IE, FF, Chrome etc.). So you can just point and click on the attacks to launch.
This is one serious PenTest Tool that comes on the GUI and shows perfect output, must to be tried!
General Working of a Web Application Firewall (WAF) A Web Application Firewall (WAF) acts as…
How to Send POST Requests Using curl in Linux If you work with APIs, servers,…
If you are a Linux user, you have probably seen commands like chmod 777 while…
Vim and Vi are among the most powerful text editors in the Linux world. They…
Working with compressed files is a common task for any Linux user. Whether you are…
In the digital era, an email address can reveal much more than just a contact…