BeEF hacking involves hooking one or more web browsers and using them to launch command modules to attack the target system within the browser.
Once it’s been run, he will have control over their browser in various aspects. There are multiple ways he can execute this script. For example, he could set up a phishing page with the hook inside of the HTML code.
Install the BeEF Framework
A Linux OS is required to install BeEF on your local machine. You can directly install the package with the following command:
apt install beef-xss
Use the following command to start BeEF:
[22:07:06][*] BeEF is loading. Wait a few seconds... [22:07:09][*] 8 extensions enabled: [22:07:09] | Proxy [22:07:09] | Demos [22:07:09] | XSSRays [22:07:09] | Events [22:07:09] | Admin UI [22:07:09] | Social Engineering [22:07:09] | Network [22:07:09] |_ Requester [22:07:09][*] 303 modules enabled. [22:07:09][*] 1 network interfaces were detected. [22:07:09][*] running on network interface: [22:07:09] | Hook URL: http://127.0.0.1:3000/hook.js [22:07:09] |_ UI URL: http://127.0.0.1:3000/ui/panel [22:07:09][*] RESTful API key: 43f6880f37e0c0b41b1e98935862bb2cf6a63266 [22:07:09][!] [GeoIP] Could not find MaxMind GeoIP database: [22:07:09] |_ Run geoipupdate to install [22:07:09][*] HTTP Proxy: http://127.0.0.1:6789 [22:07:09][*] BeEF server started (press control+c to stop)
The two important links are:
The “UI URL” is the web interface for BeEF where you’ll be able to monitor and carry out the attacks.
You can access the BeEF web interface by typing the following URL in your web browser:
The default credentials are beef for the username and beef for the password.
After logging in successfully, you should see the “Getting Started” page with information about how BeEF works. From here you can see the hacked/hooked browsers both online and offline.
Hook the Target Browser
As you can see a new online browser has been added to the hooked browsers section.
Now that I have a hooked browser, I can execute some of the built-in modules from the “Commands” tab.
To perform a basic phishing attack, navigate to Commands > Social Engineering > Pretty Theft on the web interface of BeEF.
Click on the Execute button.
This will cause a fake Facebook session timeout page to appear on the victim webpage, asking for user credentials.
I’m going to enter some fake credentials.
As you can see “test@zyx” and “p@ssw0rd” was recorded!
BeEF is a powerful tool for exploiting web browsers, and it’s an example of why you should never click on suspicious links. Also, you should be really careful with anything that pops up in your browser.
Note: This information shall only be used to expand knowledge and not for causing malicious or damaging attacks.
Thank you for reading!