A Mad Cow BeEF

Not the BeEF you're looking for...




Agenda

or not...




Yup BeEF!



BeEF is short for The  Browser Exploitation Framework . It is a penetration testing tool that focuses on the web browser.

Main Features



  • Information Gathering

  • Social Engineering

  • Network discovery

  • Metasploit

  • Tunneling

  • Persistence

Concept



Information Gathering






The first step is often to gather information on the remote host : 

which browser and plugins, which website hooked...




  More Information:   


Social Engineering




When you have hooked a browser, you can modify the whole page

 and cause different actions (redirection...), so there are a lot 

of possibilities for social engineering attacks. 




  More Information:   



Network Discovery





With Javascript hacks, it is possible to launch network attacks 

through a hooked browser.



  More Information:   

Metasploit








Tunneling




Tunneling Proxy will process requests via a selected 

browser session.




More Information:   


Simple Configuration



Proxy as HTTP Proxy


By default the address of the proxy is 127.0.0.1:6789

Persistence




 Try keeping a browser hooked. Yes we want this...




  More Information:   

Remember







XSS is not just about getting sessions!







Demo!






❤  BeEF

Don't forget


Now you are ready to pwn some kitties!

A Mad Cow BeEF

By Renato Rodrigues

A Mad Cow BeEF

Simple Overview for the BeEF Tool - Betfair Security Champions Event @OPO (17/04/2014)

  • 1,314
Loading comments...

More from Renato Rodrigues