A Mad Cow BeEF
Not the BeEF you're looking for...
Agenda
or not...
Yup BeEF!
BeEF is short for The
Browser Exploitation Framework
. It is a penetration testing tool that focuses on the web browser.
Main Features
-
Information Gathering
-
Social Engineering
-
Network discovery
-
Metasploit
-
Tunneling
-
Persistence
Concept
Information Gathering
The first step is often to gather information on the remote host :
which browser and plugins, which website hooked...
More Information:
Social Engineering
When you have hooked a browser, you can modify the whole page
and cause different actions (redirection...), so there are a lot
of possibilities for social engineering attacks.
More Information:
Network Discovery
With Javascript hacks, it is possible to launch network attacks
through a hooked browser.
More Information:
Metasploit
Tunneling
Tunneling Proxy will process requests via a selected
browser session.
More Information:
Simple Configuration
Proxy as HTTP Proxy
By default the address of the proxy is 127.0.0.1:6789
Persistence
Try keeping a browser hooked. Yes we want this...
More Information:
Remember
XSS is not just about getting sessions!
Demo!
❤ BeEF
Don't forget
Now you are ready to pwn some kitties!
A Mad Cow BeEF
By Renato Rodrigues
A Mad Cow BeEF
Simple Overview for the BeEF Tool - Betfair Security Champions Event @OPO (17/04/2014)
