Disclaimer - For educational purpose only.
Overview of this blog:
- What's BeEF
- How to setup it
- How to do port forwarding to use BeEF over WAN
Browser Exploitation Framework (BeEF) is a web application attack tool that can be used to launch attacks against web applications.
Within the BeEF tool, we can use capture tab to capture the cookies and the session ids. we can also use the phishing tab to phish the user and to steal the session ids. we can get the session ids from the browser and we can also get the session ids from the server. we can also use the proxy tab to get the session ids from the server.
Now if someone get our session id its really dangerous as hacker can get our data associated to that session which can include
passwords. So, that's the thing and many time you don't even know which link is hooked with BeEF.
Hooking a Browser
BeEF hook is a JavaScript file, used to latch on to a target’s browser to exploit it while acting as a C&C i.e. Command-and-Control [C&C] between it and the attacker. This is what is meant by a “hook” in the context of using BeEF. Once a web browser is hooked by BeEF, you can proceed to inject further payloads and begin with post-exploitation.
To get ready with beef
-make sure to update and upgrade your ubuntu packages with
sudo apt-get update -y; sudo apt-get upgrade -y
then install ruby and ruby-dev that are two dependencies for beef
sudo apt install ruby ruby-dev
if you don't have git installed, install it as well
sudo apt install git
now the next thing you have to do is to clone the beef repository from github
git clone https://github.com/beefproject/beef
once you have clone that then switch to beef directory by
cd beef
then install beef by
sudo ./install
now if you try to start beef you will get this
so here we have to change the default beef credentials that's a necessary step
nano config.yaml
and change username to something different like test in my case
now boot up the beef
sudo ./beef
and open your web browser and go to
127.0.0.1:3000/ui/authentication
now you get the login screen here enter your beef credentials that you edited in config.yaml
Now your setup is ready if you are getting this screen
now we are ready to do some hacking🔥🔥
but hold on the thing is that beef that we setup now only works on our local machine, how we can hack someone out of our local network for that we have to do Port Forwarding to take BeEF over WAN.
Now for the port forwarding, first download ngrok
ngrok download link
Follow all the step, auth token etc etc everything
when you are complete with that, type a command in your shell
ngrok http 3000
and you will see something like this
now go to your beef folder and edit config.yaml file
You will see a public section, uncomment all of that public section and edit it like this
now in host you have to fill this stuff according to your ngrok screen
and fill other fields as it is to the previous picture include port and https.
You have to restart your beef after this process.
Now when you restart your beef you see
now, we use yellow one url for the login purpose and red one url for hooking other browser....about which I will tell you in our next blog so stay tuned......
You can learn about this more through:
Follow us on Twitter
https://twitter.com/hacker_ware
By
Deeshant Gupta
From HackerWare Team
Top comments (2)
Nice article..very informative!
Thanks Richa.... can you pls follow our twitter page. We highly appreciate if you do that
twitter.com/hacker_ware