The Browser Exploitation Framework (BeEF)
BeEF is an exploitation tool that focuses on a specific client-side application, the webbrowser.BeEF
allows an attacker to inject a JavaScript code into a vulnerable HTML code using an attack such as XSS or SQL injection. This exploit code is known as hook. A compromise is achieved when the hook is executed by the browser. The browser (zombie) connects back to the BeEF application, which serves JavaScript commands or modules to the browser.
BeEF's modules perform tasks such as the following:
- Fingerprinting and the reconnaissance of compromised browsers. It can also be used as a platform to assess the presence of exploits and their behavior under different browsers.
Note
Note that BeEF allows us to hook multiple browsers on the same client, as well as multiple clients across a domain, and then manage them during the exploitation and post exploitation phases.
- Fingerprinting the target host, including the presence of virtual machines.
- Detecting software on...