Beef Browser Exploitation

Exploring the Capabilities of BEef

I used BEef, which stands for Browser Exploitation Framework, for browser testing purposes. It's a tool that can be used for malicious purposes such as hacking, attacking websites, stealing information and infecting systems with malware. I infected a browser on my alternate device by running the BEef program and injecting the beef JavaScript Hook link into a webpage clone. The reason for cloning a website was to further test the ability to hide the link on a seemingly safe website. Once the infected page was opened on my alternate device, the BEef control panel connected showed all hooked devices, including information such as IP address, platform accessed from, operating system and hardware details.

To be able to hook a browser over the internet, I connected my link through an Apache2 HTTP server (This required port forwarding), which allowed me to completely compromise my alternate device. Once I clicked on the link I sent myself, the device was hooked, and even if the browser was closed, the machine would stay subject to my attacks (If Man in the Browser exploit was active). The BEef program had many different types of attacks available, including browser exploits, which allowed me to access a device's hardware such as sound or webcam. Additionally, there were social engineering exploits such as redirected webpages, including a clone of Google's page, which allowed a gateway between the device, sending any keyboard actions to my device through the Apache2 server, this could be in the form of usernames, emails and passwords.

Below are images of the stages contained in this browser exploitation testing.