Now your command will look something like this. Installing addressable (2.2.8) BeEF is short for The Browser Exploitation Framework. # git clone https://github.com/beefproject/beef.git [ 9:13:53][*] BeEF server started (press control+c to stop) . BeEF: The Browser Exploitation Framework Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. [ 9:13:53] | Proxy Now, that’s it we are ready! Step 9: Now, paste the script to the URL. [ 9:13:53] | Admin UI We can see this tab represented in the picture below: Here we can execute modules against a web browser. The basic file structure is like below: [plain] beef: module: [module_name]: enable: true Installing eventmachine (0.12.10) with native extensions The Browser Exploitation Framework (BeEF) is a powerful penetration testing tool that provides users with the opportunity to assess the real security position of an environment by utilizing client-side attack vectors. BeEF: The Browser Exploitation Framework Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. Installing erubis (2.7.0) However, in the real world, you will have to use port forwarding using static IP. And the URL will also not look suspicious. Installing json (1.7.5) with native extensions So now let us see how we can hook victims to BeEF using stored XSS. Installing msgpack (0.4.7) with native extensions BeEF provides an API that we can use to write our own module to attack the target web browser. Installing dm-do-adapter (1.2.0) Amid growing concerns about web … Installing ansi (1.4.3) [ 9:13:42] | Version 0.4.3.7-alpha So let's start by firing up Kali and cooking a bit of BeEF. [/bash]. BeEF focuses on leveraging browser vulnerabilities … Using the Browser Exploitation Framework. First, we must download and install the … Now, you can send the URL to the victim or you can just wait for people to browse the website. Enter the previous script in the text box. [/bash]. Installing twitter (3.6.0) This examples also automatically hooks the web browser into the BeEF framework, so no additional steps are required. # bundle install Your bundle is complete! [ 9:13:53] | Events [ 9:13:42] |_ Run ‘git pull’ to update to the latest revision. Abstract I will use BeEF (Browser Exploitation Framework) in Kali Linux to demonstrate a pen test against Mozilla’s Firefox browser in a Windows XP VM. There are two demo pages currently available in the BeEF framework and are presented below: When the web page on the above picture loads, our web browser is already hooked into the BeEF framework and we can execute modules against it. He knows a great deal about programming languages, as he can write in couple of dozen of them. BeEF uses JavaScript and hence it is easier for us to inject codes to the XSS vulnerable pages and that code will be and the code will get executed every time any user tries to reach the page. [/bash], [plain] The Browser Exploitation Framework (BeEF) is a powerful professional security tool. [/bash]. We can see that BeEF is up and running correctly: it’s running on all found network interfaces, so it is accessible from everywhere (not only localhost). From the BeEF output, we can see that the user interface panel is accessible on the URI: http://10.1.1.2:3000/ui/panel. In this part we’ve installed the prerequisites for BeEF framework and BeEF itself. This launches the XSS vulnerability discovery on the web page. [ 9:13:53][+] running on network interface: 127.0.0.1 BeEF can penetrate one or more browsers, and then command those browsers to launch ancillary code designed to carry out further attacks. We also discussed how the BeEF framework should be used and what it can do. Installing thin (1.4.1) with native extensions [ 9:13:42] | Website http://beefproject.com