The BeEF (Browser Exploitation Framework) is an XSS exploitation tool that promises to take over a victim's browser session as a part of the exploitation. BeEF contains different types of modules and payloads, which will be covered in this section.
BeEF comes preinstalled in Kali Linux 2.0 and we'll use the same. Otherwise you can download BeEF from the project's website at https://beefproject.com/.
Starting up BeEF is pretty straightforward; it can be launched from Kali's Application menu, under Exploitation Tools as shown in following image:
Once BeEF is launched; the BeEF control panel interface becomes accessible at http://127.0.0.1:3000/ui/authentication
.
The default username/password for login are beef
and beef
. The interface looks like the following:
After the login, the following default page is displayed:
The hook (exploitation payload) of BeEF is available at http://0.0.0.0:3000/hook.js
.
Now we can use the JavaScript hook of BeEF in any XSS vulnerability...