Browser Exploitation Framework Project – BeEF
Introduction
The Browser Exploitation Framework (BeEF) is a powerful professional security tool. It is a penetration testing tool that focuses on the web browser.
BeEF: The Browser Exploitation Framework
Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. By using techniques similar to common drive-by malware, testers can assess the security of a target’s internal environment, bypassing the hardened perimeter.
The Browser Exploitation Framework contains numerous command modules that employ BeEF’s powerful API, which represents the heart of BeEF’s effectiveness and efficiency.
BeEF comes pre-installed in various pentesting operating systems such as:
- Kali Linux, Parrot OS, BlackArch, Backbox, Cyborg OS, etc.
Extensions & Features:
- Web UI
- Console UI
- Metasploit Integration
- XSSRays
- Modular structure
- BeEF JavaScript Object
Module Features:
- Interprocess communications & exploitation
- History gathering and intelligence
- Network recon
- Host information gathering
- Browser plugin detection
- Persistence
- Exploits
Requirements
- Operating System: Mac OSX 10.5.0 or higher / modern Linux
- Ruby 2.3 or newer
- SQLite 3.x
- Node.js 6 or newer
- The gems listed in the Gemfile: https://github.com/beefproject/beef/blob/master/Gemfile
- brew install selenium-server-standalone: https://github.com/shvets/selenium
Prerequisites
Since BeEF requires Ruby 2.3+, make sure you install the latest stable version. Ruby installation process depends on your OS.
Redhat/Fedora:
$ sudo yum install ruby ruby-devel
Debian, and other distributions using Debian style packaging:
$ sudo apt-get install ruby-dev
Ubuntu:
$ sudo apt-get install ruby-all-dev
If your OS package manager doesn’t support Ruby 2.3+, for the latest version you can add the brightbox ppa repository:
$ sudo apt-add-repository -y ppa:brightbox/ruby-ng
rbenv or rvmto to manager your Ruby versions.BeEF Install
Download the latest version:
$ wget https://github.com/beefproject/beef/archive/master.zip
Or simply clone it from Github repository:
$ git clone https://github.com/beefproject/beef
Once you installed suitable Ruby version, you can install BeEF as follows:
$ ./install
Usage
To start BeEF, just run:
$ ./beef
Try to keep BeEF up to date. If you installed it through Github repository, for update simply run the following:
$ git pull
Jump to UI panel on http://localhost:3000/ui/authentication
Configuration
Configure BeEF in the main config file config.yaml. First of all, change credentials for the Web UI. Old default credentials:
credentials: username=beef passwd=beef
If you don’t change the password, BeEF will generate a new random password for you, which you’ll see in terminal when you start the framework:
$ ./beef [15:39:59][*] Browser Exploitation Framework (BeEF) 0.4.7.0-alpha [15:39:59] | Twit: @beefproject [15:39:59] | Site: https://beefproject.com [15:39:59] | Blog: http://blog.beefproject.com [15:39:59] |_ Wiki: https://github.com/beefproject/beef/wiki [15:39:59][*] Project Creator: Wade Alcorn (@WadeAlcorn) [15:39:59][*] BeEF is loading. Wait a few seconds... [15:40:04][*] 8 extensions enabled. [15:40:04][*] 302 modules enabled. [15:40:04][*] 2 network interfaces were detected. [15:40:04][*] running on network interface: 127.0.0.1 [15:40:04] | Hook URL: http://127.0.0.1:3000/hook.js [15:40:04] |_ UI URL: http://127.0.0.1:3000/ui/panel [15:40:04][*] running on network interface: 192.168.1.3 [15:40:04] | Hook URL: http://192.168.1.3:3000/hook.js [15:40:04] |_ UI URL: http://192.168.1.3:3000/ui/panel [15:40:04][!] Warning: Default username and weak password in use! [15:40:04] |_ New password for this instance: af0c38cb69023b0f828fcdcbcc911e33 [15:40:04][*] RESTful API key: 5dfcc5f7f74485df44cf442a6c557404fee8edfc [15:40:04][*] HTTP Proxy: http://127.0.0.1:6789 [15:40:04][*] BeEF server started (press control+c to stop)
Available Modules
Browser
- Browser Fingerprinting
- Detect: Firebug, Popup block, Unsafe ActiveX
- Get Visited Domains
- Detect Visited URL
- Play Sound
- Unhook
- Webcam
- Get Firefox/Chrome Extensions
- Detect MS Office Version
Hooked Domain
- AJAX Fingerprint
- Alert Dialog
- Deface Web Page
- Get Cookie, Local Storage, Page HTML, Page Links
- Get Session Storage, Stored Credentials
- Replace HREFs (HTTPS)(TEL)
- Create Alert Dialog
- Create Prompt Dialog
- Redirect Browser(Rickroll, iFrame)
- Replace Content (Deface)
- Replace Videos
- iOS Address Bar Spoofing
Local Host
- Windows Mail Client DoS
- ActiveX Command Execution
- Java Payload
- Safari Launch App
Chrome Extensions
- Execute On Tab
- Get All Cookies
- Grab Google Contacts
- Inject BeEF
- Screenshot
- Send Gvoice SMS
Debug
- Return Ascii Chars
- Test Network Request
- Test Returning Results
Exploits
- ColdFusion Directory Traversal Exploit
- GlassFish WAR Upload XSRF
- Jboss 6.0.0M1 JMX Deploy Exploit
- Spring Framework Malicious Jar Exploit
- VTiger CRM Upload Exploit
- Zenoss 3.2.1 Add User CSRF
- Zenoss 3.2.1 Daemon CSRF
- boastMachine 3.1 Add User CSRF
Persistence
- Man-In-The-Browser
- Confirm Close Tab
- Create Foreground iFrame
- Create Pop Under
Metasploit
Router
- 3COM OfficeConnect Command Execution
- Asmax AR-804gu Command Execution
- BT Home Hub CSRF
- Cisco E2400 CSRF
- Comtrend CT-5367 CSRF
- Comtrend CT 5624 CSRF
- D-Link DIR-615 Password Wipe
- D-Link DSL500T CSRF
- Huawei SmartAX MT880 CSRF
- Linksys
BEFSR41CSRF,WRT54GCSRF,WRT54G2CSRF - Virgin Superhub CSRF
XSS
- AlienVault OSSIM 3.1 XSS
- Cisco Collaboration Server 5 XSS
- Serendipity <= 1.1.1 Add User CSRF
Social Engineering
- Autocomplete Theft
- Clickjacking
- Clippy
- Fake Evernote Web Clipper Login
- Fake Flash Update, Fake LastPass
- Google Phishing
- Lcamtuf Download
- Fake Notification Bar(Chrome, FF, IE)
- Pretty Theft
- Simple Hijacker
- TabNabbing
See full list of available BeEF modules here.
