Browser Exploitation Framework Project – BeEF

Last Release: 05/05/2019     Last Commit: 08/30/2019

Browser Exploitation Framework Project – BeEF

Introduction

The Browser Exploitation Framework (BeEF) is a powerful professional security tool. It is a penetration testing tool that focuses on the web browser.

BeEF - The Browser Exploitation Framework Project

BeEF: The Browser Exploitation Framework

Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. By using techniques similar to common drive-by malware, testers can assess the security of a target’s internal environment, bypassing the hardened perimeter.

The Browser Exploitation Framework contains numerous command modules that employ BeEF’s  powerful API, which represents the heart of BeEF’s effectiveness and efficiency.

BeEF comes pre-installed in various pentesting operating systems such as:

Extensions & Features:

  • Web UI
  • Console UI
  • Metasploit Integration
  • XSSRays
  • Modular structure
  • BeEF JavaScript Object

Module Features:

  • Interprocess communications & exploitation
  • History gathering and intelligence
  • Network recon
  • Host information gathering
  • Browser plugin detection
  • Persistence
  • Exploits

Requirements

Prerequisites

Since BeEF requires Ruby 2.3+, make sure you install the latest stable version. Ruby installation process depends on your OS.

Redhat/Fedora:

$ sudo yum install ruby ruby-devel

Debian, and other distributions using Debian style packaging:

$ sudo apt-get install ruby-dev

Ubuntu:

$ sudo apt-get install ruby-all-dev

If your OS package manager doesn’t support Ruby 2.3+, for the latest version you can add the brightbox ppa repository:

$ sudo apt-add-repository -y ppa:brightbox/ruby-ng
Alternative: use a Ruby environment manager such as rbenv or rvmto to manager your Ruby versions.

BeEF Install

Download the latest version:

$ wget https://github.com/beefproject/beef/archive/master.zip

Or simply clone it from Github repository:

$ git clone https://github.com/beefproject/beef

Once you installed suitable Ruby version, you can install BeEF as follows:

$ ./install

BeEF Installation

Usage

To start BeEF, just run:

$ ./beef

Try to keep BeEF up to date. If you installed it through Github repository, for update simply run the following:

$ git pull

Jump to UI panel on http://localhost:3000/ui/authentication

BeEF UI

Configuration

Configure BeEF in the main config file config.yaml. First of all, change credentials for the Web UI. Old default credentials:

credentials:
   username=beef 
   passwd=beef

If you don’t change the password,  BeEF will generate a new random password for you, which you’ll see in terminal when you start the framework:

$ ./beef

[15:39:59][*] Browser Exploitation Framework (BeEF) 0.4.7.0-alpha
[15:39:59] | Twit: @beefproject
[15:39:59] | Site: https://beefproject.com
[15:39:59] | Blog: http://blog.beefproject.com
[15:39:59] |_ Wiki: https://github.com/beefproject/beef/wiki
[15:39:59][*] Project Creator: Wade Alcorn (@WadeAlcorn)
[15:39:59][*] BeEF is loading. Wait a few seconds...
[15:40:04][*] 8 extensions enabled.
[15:40:04][*] 302 modules enabled.
[15:40:04][*] 2 network interfaces were detected.
[15:40:04][*] running on network interface: 127.0.0.1
[15:40:04] | Hook URL: http://127.0.0.1:3000/hook.js
[15:40:04] |_ UI URL: http://127.0.0.1:3000/ui/panel
[15:40:04][*] running on network interface: 192.168.1.3
[15:40:04] | Hook URL: http://192.168.1.3:3000/hook.js
[15:40:04] |_ UI URL: http://192.168.1.3:3000/ui/panel
[15:40:04][!] Warning: Default username and weak password in use!
[15:40:04] |_ New password for this instance: af0c38cb69023b0f828fcdcbcc911e33 [15:40:04][*] RESTful API key: 5dfcc5f7f74485df44cf442a6c557404fee8edfc [15:40:04][*] HTTP Proxy: http://127.0.0.1:6789 [15:40:04][*] BeEF server started (press control+c to stop)

Available Modules

Browser

  • Browser Fingerprinting
  • Detect: Firebug, Popup block, Unsafe ActiveX
  • Get Visited Domains
  • Detect Visited URL
  • Play Sound
  • Unhook
  • Webcam
  • Get Firefox/Chrome Extensions
  • Detect MS Office Version

Hooked Domain

  • AJAX Fingerprint
  • Alert Dialog
  • Deface Web Page
  • Get Cookie, Local Storage, Page HTML, Page Links
  • Get Session Storage, Stored Credentials
  • Replace HREFs (HTTPS)(TEL)
  • Create Alert Dialog
  • Create Prompt Dialog
  • Redirect Browser(Rickroll, iFrame)
  • Replace Content (Deface)
  • Replace Videos
  • iOS Address Bar Spoofing

Local Host

  • Windows Mail Client DoS
  • ActiveX Command Execution
  • Java Payload
  • Safari Launch App

Chrome Extensions

  • Execute On Tab
  • Get All Cookies
  • Grab Google Contacts
  • Inject BeEF
  • Screenshot
  • Send Gvoice SMS

Debug

  • Return Ascii Chars
  • Test Network Request
  • Test Returning Results

Exploits

  • ColdFusion Directory Traversal Exploit
  • GlassFish WAR Upload XSRF
  • Jboss 6.0.0M1 JMX Deploy Exploit
  • Spring Framework Malicious Jar Exploit
  • VTiger CRM Upload Exploit
  • Zenoss 3.2.1 Add User CSRF
  • Zenoss 3.2.1 Daemon CSRF
  • boastMachine 3.1 Add User CSRF

Persistence

  • Man-In-The-Browser
  • Confirm Close Tab
  • Create Foreground iFrame
  • Create Pop Under

Metasploit

Router

  • 3COM OfficeConnect Command Execution
  • Asmax AR-804gu Command Execution
  • BT Home Hub CSRF
  • Cisco E2400 CSRF
  • Comtrend CT-5367 CSRF
  • Comtrend CT 5624 CSRF
  • D-Link DIR-615 Password Wipe
  • D-Link DSL500T CSRF
  • Huawei SmartAX MT880 CSRF
  • Linksys BEFSR41 CSRF, WRT54G CSRF, WRT54G2 CSRF
  • Virgin Superhub CSRF

XSS

  • AlienVault OSSIM 3.1 XSS
  • Cisco Collaboration Server 5 XSS
  • Serendipity <= 1.1.1 Add User CSRF

Social Engineering

  • Autocomplete Theft
  • Clickjacking
  • Clippy
  • Fake Evernote Web Clipper Login
  • Fake Flash Update, Fake LastPass
  • Google Phishing
  • Lcamtuf Download
  • Fake Notification Bar(Chrome, FF, IE)
  • Pretty Theft
  • Simple Hijacker
  • TabNabbing

See full list of available BeEF modules here.

Documentation Box
Download Box