Detect and correct XSS flaws with Beef

beef
beef

Dernière mise à jour: 17 mai 2024

Most developers, when shown an XSS flaw with a JavaScript pop-up like "hack" or "hello", do not impress them... and they respond that JavaScript is secure, and that it runs on the client side.
So since I don't have time to code with JavaScript to show you that the XSS flaw is dangerous, I'm going to demonstrate it with the Beef tool, a Web 2.0 operating framework coded in PHP & JavaScript.

Beef is a powerful professional security tool, unlike other security tools, beef focuses on exploiting vulnerabilities on the browser (client) side to assess the security level of a target. Thanks to Beef, and its xss attack vector, it is possible to transform a victim into a zombie.

What can we do with beef?

  • Information retrieval
  • Theft of cookies (obviously)
  • Keylogger
  • List of sites / domains visited
  • Browser fingerprint (OS, plugins, etc.)
  • Webcam!

Architecture Beef

architecture_beefWhen a user runs BeEF, two components are opened: the user interface and the communication server (CRC). These two elements are the basic components of Beef.

User interface
This is the beef usage control interface. From there, a user can view victims who are online and offline, run exploits against them, and see the results.

Communications Server
The Communication Server (CS) is the component that communicates via HTTP with infected browsers.

Equipment installation

Beef is available under Linux with the Kali distribution Linux. If you have a computer running Windows so I advise you before going further to install a distribution Linux (like kali Linux) on a virtual machine. Just download VMware and an image of Kali Linux. Beef is already pre-installed on it. Here is how to install kali Linux on a machine Windows with VMware.

However you can install beef on Windows, for this see: http://code.google.com/p/beef/wiki/Windowsinstall
To install it on another distribution Linux or OSX – see: http://code.google.com/p/beef/wiki/Install

How to use Beef?

To start, launch the beef server in Backtrack. To do this, go to the menu:
Application -> backtrack-> Application -> Exploitation tools -> Social Engineering Tools -> Beef XSS Framwork-> Beef

beef_backtrack

The server will start in a few seconds then you will have a window with information on the links used for the web interface as well as the script that you must inject into vulnerable pages.

beef_url

In the example above, you can see, there are multiple network interfaces. You can now access the administration interface (web interface) using these URLs.
In my case, the administration interface is: http://192.168.230.128:3000/ui/panel and the script to inject is: http://192.168.230.128:3000/hook.js
After launching the admin page, you will have an authentication page. Log in to the Beef server using the default credentials (beef/beef).

beef_login

Once connected, you will have a page divided into 4 parts:

beef_panel

  • Zombie part: this is where your connected victims are
  • Command part: in this part contains a number of commands that can be executed on the target with a colored indicator about their, relative safety. this is the most powerful part of Beef framework.
  • Result party: the results of the executed commands will be listed here.
  • Party description: here you will have the description of each order.

It now remains to inject the hook.js into a vulnerable forum or simply a web application that contains a XSS flaw.
However you can test beef locally using the beef demo page: http://127.0.0.1:3000/demos/basic.html

beef_hook

After the browser infection, you should see a target added to the left of the administration panel.
Finally, select this browser to display information on the target, so you can launch commands to have the last sites visited or to place a keylogger or to start the target's camera.

How to protect yourself?

  • Updating browsers and plugins is the first rule!
  • Install a firewall on your machine
  • Install an Anti XSS on your browser such as “Noscript”. It only allows the execution of JavaScript scripts on trusted domains of your choice. It prevents the exploitation of XSS or CSRF vulnerabilities without loss of functionality.

Conclusion

Beef is an easy to use and very practical tool. Thanks to beef, advanced XSS attacks become easy to perform.
I hope I was able to convince you that the impact of an XSS flaw is terrible and that with a tool like beef, you can transform a simple XSS flaw into a very dangerous vulnerability.
And before I forget… Consider sharing this article by clicking on the social network buttons. It will give me great pleasure! 🙂