Beef already comes with a set of predefined modules like keylogging, send the user to another site... and it can interact with metasploit to deliver a exploit directly to the hooked browser.
To get a browser hooked we will need to make it load, somehow, the beef hooking script which is: http://ip:3000/hook.js
for testing/demo pruposes you can use http://127.0.0.1:3000/demos/basic.html, but the real potential of this is exploiting XSS flaws, this is what it looks like when a browser is hooked into beef:
When can now select the hooked browser to view some information about it, we can also now launch a module or we can just send raw javascript if we choose to:
The browser details |
The available modules |
The version available on backtrack 5 is 0.4.2.7, while the lastest version at the time of this writing is 0.4.2.8.
Project site: http://beefproject.com/
That's it for now, until next time!
No comments:
Post a Comment