project beef

XSSSQL Injection

Beef Brower Exploitation

BEef is an exploitation tool that is primarily used to compromise victims, through links, allowing the author of the link to subject their victim to attacks.

An Investigation into the Browser Exploitation Frameworks and uses.

Server

Apache2

OS

Kali Linux

Completion Date

Exploring the Capabilities of BEef

Running on: Kali Linux within Oracle VirtualBox, BEef on Apache2.

I used BEef, which stands for Browser Exploitation Framework, for testing purposes. It's a tool that can be used for malicious purposes such as hacking, attacking websites, stealing information, and infecting systems with malware. I infected a browser on my alternate device by running the BEef program and injecting a JS link into a webpage. Once the infected page is opened on any device, the BEef control panel connected can show all hooked devices, including information such as IP address, platform accessed from, operating system and hardware details.

To be able to hook a browser over the internet, I connected my link through an Apache2 HTTP server, which allowed me to completely compromise my alternate device. Once I clicked on the link I sent myself, the device was hooked, and even if the browser was closed, the machine would stay subject to my attacks. The BEef program had many different types of attacks available, including browser exploits, which allowed me to access a device's hardware such as sound or webcam. Additionally, there were social engineering exploits such as redirected webpages, including a clone of Google's page, which allowed a gateway between the device, sending any keyboard actions to my device through the Apache2 server, this could be in the form of usernames, emails and passwords.