World Library  
Flag as Inappropriate
Email this Article

BeEF

Article Id: WHEBN0024499050
Reproduction Date:

Title: BeEF  
Author: World Heritage Encyclopedia
Language: English
Subject: List of dried foods, Economy of Nicaragua, Meat, Economy of Vanuatu, Arab cuisine
Collection: Computer Security Software, Hacking (Computer Security)
Publisher: World Heritage Encyclopedia
Publication
Date:
 

BeEF

BeEF
Browser Exploitation Framework
Developer(s) Wade Alcorn and others
Stable release 0.4.5.0 / 25 April 2014 (2014-04-25)
Development status Active
Written in Ruby/JavaScript
Operating system Cross-platform
Type Security
License GPL
Website http://beefproject.com/

The Browser Exploitation Framework (BeEF) is an open-source penetration testing tool used to test and exploit web application and browser-based vulnerabilities. BeEF provides the penetration tester with practical client side attack vectors. It leverages web application and browser vulnerabilities to assess the security of a target and carry out further intrusions. This project is developed for lawful research and penetration testing. In practice, like many information security tools, Beef is used for both legitimate and unauthorized activities.

BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors.

BeEF can be used to further exploit a cross site scripting (XSS) flaw in a web application. The XSS flaw allows an attacker to inject BeEF project Javascript code into the vulnerable web page. In BeEF terminology, the browser that has visited the vulnerable page is "hooked". This injected code in the "hooked" browser then responds to commands from the BeEF server. The BeEF server is a Ruby on Rails application that communicates with the "hooked browser" through a web-based user interface. BeEF comes with the BackTrack and Kali Linux distributions.

BeEF can be extended both through the extension API, which allows changes to the way BeEF itself works, and through addition of modules, which add features with which to control "hooked" browsers.[1]

Contents

  • Commands 1
  • Notable features 2
  • External links 3
  • References 4

Commands

The commands that come with BeEF include, but are not limited to:

  • changing URLs of links on the target page.
  • redirecting the victim's browser to an arbitrary site
  • causing dialog boxes to appear and attempt to collect information from the user,
  • browser fingerprinting,
  • uploading arbitrary files from the victim's device, and
  • detecting valid sessions with selected applications such as Twitter, Facebook and GMail.

Notable features

  • BeEF's modular framework allows addition of custom browser exploitation commands.
  • The extension API allows users to change BeEF's core behavior.
  • Keystroke logging
  • Browser proxying
  • Integration with Metasploit
  • Plugin detection
  • Intranet service exploitation
  • Phonegap modules
  • Hooking through QR codes
  • Social Engineering modules spur user response such as entering sensitive data and responding to reminders to update software
  • Restful API allows control of BeEF through http requests (JSON format).

External links

  • .com//beefprojecthttp:

References

  1. ^ "Creating an Extension". 


This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and USA.gov, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for USA.gov and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
 
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
 
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.
 



Copyright © World Library Foundation. All rights reserved. eBooks from World Library are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.