Browser Hacking with Beef-Xss

What is Beef-xss Framework??

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploit ability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
credits to https://beefproject.com/

so in other words we can use this to hack a browser with a link.

DISCLAIMER

I am testing this on my own network make sure you have the consent of the owner before testing.

Now to start

To send the link you must have the right ports open on  your router.

moving on, open terminal and type service apache2 start
Browser Hacking with Beef-Xss 1

now we type ifconfig for our local host.

Browser Hacking with Beef-Xss 2

so my local host is 192.168.8.107 nice one so once we have the local host we need to start beef if you are using Kail it’s already installed. If  you’re using another OS that beef isn’t installed on use this command and install it by going into the dir git clone https://github.com/beefproject/beef.git as I’m on Kail I don’t have to install it, and I wont be showing you how  to install it sorry that’s for a post some other time so let’s get back to this. Now we clear the terminal just type clear and then we type beef-xss
Browser Hacking with Beef-Xss 3
this will now open Firefox and load the login for beef.
Browser Hacking with Beef-Xss 4
now we are going to change the url to our local host so we can login, so my local host is 192.168.107
Browser Hacking with Beef-Xss 5
Username: beef Password: beef
Browser Hacking with Beef-Xss 6
now that you’re logged in there’s a few thing’s you need to know it will be displayed on the main page so make sure to read it.
Browser Hacking with Beef-Xss 7
now we get the page to send to the victim in this case my self coz I’m a loner lol.
So we need to go down to
Browser Hacking with Beef-Xss 8
and click on one of the links, one is a basic page another is more advanced with credit card logger. I do not advise you to use this!!
Default example of pages;
Basic
Browser Hacking with Beef-Xss 9
Advanced
Browser Hacking with Beef-Xss 10

once you click on the link you will see the left hand side of the screen show a list with your local host this tells you the browser is hooked, click it
Browser Hacking with Beef-Xss 11
it will give you this menu you will have to click command, click on the command you wanna send to the browser
Browser Hacking with Beef-Xss 12

remember from the starting page on beef green means it will be invisible to target, amber  means may be visible to target and silver or white wont work, also red means wont work.

I hope you like this any questions feel free to comment below!!

pentester
Hi im the laughing man im a pentester and the owner of Hacking a rise

Leave a Reply