BeEF
AlexandraLacatus
5,702 views
15 slides
Dec 20, 2013
Slide 1 of 15
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
About This Presentation
Initial assessment presentation about the Browser Exploitation Framework
Slide Content
Overview
What is BeEF
Installation and requirements
How it works
Case studies & examples
Advantages
2 Software Security, FCS Iasi, 2013-2014
What is BeEF
Installation and requirements
How it works
Case studies & examples
Advantages
2 Software Security, FCS Iasi, 2013-2014
What is BeEF?
http://beefproject.com/
Software Security, FCS Iasi, 2013-20143
open-source penetration testing tool used
to test and exploit web application and
browser-based vunerabilities.
Main developer: Wade Alcorn, security
expert
Last stable release: 0.4.4.7 / August 2013
http://beefproject.com/
Software Security, FCS Iasi, 2013-20143
open-source penetration testing tool used
to test and exploit web application and
browser-based vunerabilities.
Main developer: Wade Alcorn, security
expert
Last stable release: 0.4.4.7 / August 2013
Installation and requirements
Software Security, FCS Iasi, 2013-20144
OSX 10.5.0 or higher, Modern Linux,
Windows XP or higher
Ruby 1.9.2 RVM or higher
SQLite 3.x
A list of ruby gems [...]
Software Security, FCS Iasi, 2013-20144
OSX 10.5.0 or higher, Modern Linux,
Windows XP or higher
Ruby 1.9.2 RVM or higher
SQLite 3.x
A list of ruby gems [...]
How it works
Software Security, FCS Iasi, 2013-20145
BeEF uses a javascript file hook.js that will
hook one or more browsers and will use
them for launching directed command
modules and further attacks against the
system though a open door: the web
browser context
Uses a web interface to manage and send
commands (attacks) to the browser
zombies
Software Security, FCS Iasi, 2013-20145
BeEF uses a javascript file hook.js that will
hook one or more browsers and will use
them for launching directed command
modules and further attacks against the
system though a open door: the web
browser context
Uses a web interface to manage and send
commands (attacks) to the browser
zombies
BeEF Architecture
[3]
Software Security, FCS Iasi, 2013-20146
[3]
Software Security, FCS Iasi, 2013-20146
BeEF Features
Software Security, FCS Iasi, 2013-20147
The official page lists 128 modules (exploits)
Modular framework, can be easily extended
with custom browser exploitation commands
Provides RESTFul API that allows to control
BeEF throuth HTTp requests (in JSON format)
Can be configured to be integrated with
Metasploit
Software Security, FCS Iasi, 2013-20147
The official page lists 128 modules (exploits)
Modular framework, can be easily extended
with custom browser exploitation commands
Provides RESTFul API that allows to control
BeEF throuth HTTp requests (in JSON format)
Can be configured to be integrated with
Metasploit
BeEF Commands
Software Security, FCS Iasi, 2013-20148
Modify the target's page html content (all the
content, or alter only the hrefs)
redirect the victim's browser to an arbitrary
site
generate dialog boxes/ fake notifications /
request missing plugin installation as a context
for placing and executing malicious code
browser fingerprinting, detect plugins (ActiveX,
Java, Flash, etc.)
detect valid sessions of applications such as
Twitter, Facebook and GMail.
Software Security, FCS Iasi, 2013-20148
Modify the target's page html content (all the
content, or alter only the hrefs)
redirect the victim's browser to an arbitrary
site
generate dialog boxes/ fake notifications /
request missing plugin installation as a context
for placing and executing malicious code
browser fingerprinting, detect plugins (ActiveX,
Java, Flash, etc.)
detect valid sessions of applications such as
Twitter, Facebook and GMail.
Ex 1 - Malicious code injection
Software Security, FCS Iasi, 2013-20149
Fake Notification Bar (e.g. Firefox)
Displays a fake notification bar at the top of the
screen. If the user clicks the notification they will
be prompted to download a malicious Firefox
extension (by default).
Raw Javascript
Sends the code to the selected hooked browsers
where it will be executed. Code is run inside an
anonymous function and the return value is
passed to the framework. Multiline scripts are
allowed, no special encoding is required.
Software Security, FCS Iasi, 2013-20149
Fake Notification Bar (e.g. Firefox)
Displays a fake notification bar at the top of the
screen. If the user clicks the notification they will
be prompted to download a malicious Firefox
extension (by default).
Raw Javascript
Sends the code to the selected hooked browsers
where it will be executed. Code is run inside an
anonymous function and the return value is
passed to the framework. Multiline scripts are
allowed, no special encoding is required.
Ex 2 - Web page defacement
Software Security, FCS Iasi, 2013-201410
Replace content (Deface webpage)
Overwrite the page, title and shortcut icon on the
hooked page.
Replace HREFs
Rewrite all the href attributes of all matched links.
TabNabbing
This module redirects to the specified URL after
the tab has been inactive for a specified amount
of time.
Software Security, FCS Iasi, 2013-201410
Replace content (Deface webpage)
Overwrite the page, title and shortcut icon on the
hooked page.
Replace HREFs
Rewrite all the href attributes of all matched links.
TabNabbing
This module redirects to the specified URL after
the tab has been inactive for a specified amount
of time.
Ex 3 - Keystroke Logging
Software Security, FCS Iasi, 2013-201411
iFrame Event Logger
Creates a 100% by 100% iFrame overlay with
event logging.
Fake LastPass
Displays a fake LastPass user dialog which will log
all the user's key strokes.
Software Security, FCS Iasi, 2013-201411
iFrame Event Logger
Creates a 100% by 100% iFrame overlay with
event logging.
Fake LastPass
Displays a fake LastPass user dialog which will log
all the user's key strokes.
Ex 4 – Exporing the network
Software Security, FCS Iasi, 2013-201412
Detect Social Networks
This module will detect if the Hooked Browser is
currently authenticated to GMail, Facebook and
Twitter. (specify detection timeout)
Network / Port Scanner
Scan ports in a given hostname, using
WebSockets, CORS and img tags. It uses the
three methods to avoid blocked ports or Same
Origin Policy.
Software Security, FCS Iasi, 2013-201412
Detect Social Networks
This module will detect if the Hooked Browser is
currently authenticated to GMail, Facebook and
Twitter. (specify detection timeout)
Network / Port Scanner
Scan ports in a given hostname, using
WebSockets, CORS and img tags. It uses the
three methods to avoid blocked ports or Same
Origin Policy.
Ex 5 – Browser fingerprinting
Software Security, FCS Iasi, 2013-201413
Spider Eye
Creates a snapshot of the victim's window
Detect Firebug
Detect Silverlight
Detect Windows Media Player
Detect ActiveX
Detect toolbars
Etc..
Software Security, FCS Iasi, 2013-201413
Spider Eye
Creates a snapshot of the victim's window
Detect Firebug
Detect Silverlight
Detect Windows Media Player
Detect ActiveX
Detect toolbars
Etc..
Metasploit / w3af / BeEF
Software Security, FCS Iasi, 2013-201414
Metasploit w3af BeEF
Language Perl → Ruby Python Ruby
Supported
OS
cross-platform cross-platform cross-platform
Pen-testing
target
network Web applications browser
$
Open source +
paid
Open source Open source
Firewall
Software Security, FCS Iasi, 2013-201414
Metasploit w3af BeEF
Language Perl → Ruby Python Ruby
Supported
OS
cross-platform cross-platform cross-platform
Pen-testing
target
network Web applications browser
$
Open source +
paid
Open source Open source
Firewall
Bibliography
[1] BeEF project main page: http://beefproject.com/
[2] BeEF project Github page:
https://github.com/beefproject/beef
[3] BeEF achitecture diagram:
https://github.com/beefproject/beef/wiki/Architecture
[1] BeEF project main page: http://beefproject.com/
[2] BeEF project Github page:
https://github.com/beefproject/beef
[3] BeEF achitecture diagram:
https://github.com/beefproject/beef/wiki/Architecture
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 5,702
- Slides 15
- Age 4365 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views