A Mad Cow BeEF

Not the BeEF you're looking for...




Agenda

or not...




Yup BeEF!



BeEF is short for The  Browser Exploitation Framework . It is a penetration testing tool that focuses on the web browser.

Main Features



  • Information Gathering

  • Social Engineering

  • Network discovery

  • Metasploit

  • Tunneling

  • Persistence

Concept



Information Gathering






The first step is often to gather information on the remote host : 

which browser and plugins, which website hooked...




  More Information:   
https://github.com/beefproject/beef/wiki/Information-Gathering


Social Engineering




When you have hooked a browser, you can modify the whole page

 and cause different actions (redirection...), so there are a lot 

of possibilities for social engineering attacks. 




  More Information:   

https://github.com/beefproject/beef/wiki/Social-Engineering



Network Discovery





With Javascript hacks, it is possible to launch network attacks 

through a hooked browser.



  More Information:   

https://github.com/beefproject/beef/wiki/Network-discovery

Metasploit








  More Information:   

https://github.com/beefproject/beef/wiki/Metasploit

Tunneling




Tunneling Proxy will process requests via a selected 

browser session.




More Information:   

Simple Configuration



Proxy as HTTP Proxy


By default the address of the proxy is 127.0.0.1:6789

Persistence




 Try keeping a browser hooked. Yes we want this...




  More Information:   

https://github.com/beefproject/beef/wiki/Persistence

Remember







XSS is not just about getting sessions!







Demo!






❤  BeEF

Don't forget


Now you are ready to pwn some kitties!

Made with Slides.com