Browser Attacks Using Beef

Hello everyone..Welcome,In this Article we are going to explore the Beef indetail.Beef is an browser exploitation Framework which is used for performing browser exploitation.This is an LAN attacking tool.Now Let’s discuss more in practical.

This is a beginners guiude

Requirements:

Beef

→kali Linux(attacker)

Xerosploit

→Windows 10 PC(Victim)

Installation:

Download the git from the github.com

“git clone https://github.com/beefproject/beef.git

“cd /beef”

“bundle install”

and it will install all the gems that are required for running beef.After installing beef now download the xerosploit.

“git clone https://github.com/LionSec/xerosploit.git

“cd xerosploit”

“python install.py”

NOTE:Don’t run install.py with python3 becoz it was written in python2 it will show an error “raw-input” Is not defined.It was removed in python3..

NOTE: If Your Kali older than 2020 the beef it pre-installed in it.

Attacking:

Now let’s go to the beef directory and start the beef..

cd /beef

“./beef”

Now Open the UI URL in the browser..

Ok First thing we need to hook the victim’s browser.For we need to redirect the victims browser.For that i’m using xerosploit to hook the browser.

Copy the hook.js link from the beef.Open a terminal and create a HTML page

“nano hook.html”

Now save and open xerosploit

“xerosploit”

Now let’s scan for the victim’s IP..

“scan”

“192.168.43.42” is my victim’s private IP address.Now let’s select the ip address

Now we are going for html injection.We’ve already created a html page containg the hook.js..

So u can see i’ve done a html injection attack.So when the victim opens any http website it wil hook his browser..

As the victim opens the “learnwithprojects.in” website..

so u can see the victims ip in the online browsers…

By using beef we can perform browser attacks,phishing attacks..etc.

Creating a alert dialog..

So u can see the popup here..

The above one,personally i used to perform this attack to chat with my victim when i was bored..😅

You can also redirect the browser..By using the redirect module..We can redirect the victim’s browser to our IP address.Here i’m using default URL.

So,it is redirected to the beefproject.com…

Now let’s deface the content with our text.I’m using BeEF!..see the screenshot. below.

So this will deface all the content with our content..There is nothing in the website except BeEF!.

This module will help us to find the PUBLIC IP of the Victim..Show in the below screenshot.

There is it..The public IP..

Now let’s steal some cookies.We have a module in network..

When the victim tries to login.this module will get the cookie..

Ok we got sessionID.

This will create a popup to update the flash …

NOTE:Don’t try this.Because Flash is removed from all the browser in the beginning of this Year..Google Banned the Flash.

We can send any of our custom payloads..malicious files too…

So,This is a basic introduction about the beef .Beef is one my favourite Frameworks.we can perform fake updates to delivery our payloads with ease..we can also get the cookies..we can perform much more in the next Article..

THANK YOU…..

Follow for more stuff:

instagram:https://www.instagram.com/darkknight435/

Github:https://github.com/LetMeHackYou

PEACE….✌️

--

--

--

Ethical Hacker,Dream chaser.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Ep 53: For sale: Yelp reviews, Core Web Vitals & Local Rank, Google’s SEO training, Google in 10…

A Simple Solution for Creating Secure Passwords and Remembering Them

{UPDATE} Words in Pics Hack Free Resources Generator

Mylivn Coin Airdrop||Get $155000 Worth of Mylivn Coin(MLVC).

Avarta X fiance.vote

{UPDATE} Westy West Hack Free Resources Generator

How IIT Guwahati started its own Bug Bounty Program

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sampath Pendurthi

Sampath Pendurthi

Ethical Hacker,Dream chaser.

More from Medium

My First Forensic Analysis of An Image File.

How to keep cinnamon notification log

How to keep cinnamon notification log

Convert Veracode XML Report to Excel Report

Is spyware present in peer to peer (file sharing) applications?