复制笔记
Official website: http://beefproject.com/
Getting Started
Welcome to BeEF!
Before being able to fully explore the framework you will have to 'hook' a browser. To begin with you can point a browser towards the basic demo page here, or the advanced version here.
If you want to hook ANY page (for debugging reasons of course), drag the following bookmarklet link into your browser's bookmark bar, then simply click the shortcut on another page: Hook Me!
After a browser is hooked into the framework they will appear in the 'Hooked Browsers' panel on the left. Hooked browsers will appear in either an online or offline state, depending on how recently they have polled the framework.
Hooked Browsers
To interact with a hooked browser simply left-click it, a new tab will appear. Each hooked browser tab has a number of sub-tabs, described below:
Details: Display information about the hooked browser after you've run some command modules.
Logs: Displays recent log entries related to this particular hooked browser.
Commands: This tab is where modules can be executed against the hooked browser. This is where most of the BeEF functionality resides. Most command modules consist of Javascript code that is executed against the selected Hooked Browser. Command modules are able to perform any actions that can be achieved through Javascript: for example they may gather information about the Hooked Browser, manipulate the DOM or perform other activities such as exploiting vulnerabilities within the local network of the Hooked Browser.
Each command module has a traffic light icon, which is used to indicate the following:
The command module works against the target and should be invisible to the user
The command module works against the target, but may be visible to the user
The command module is yet to be verified against this target
The command module does not work against this target
XssRays: The XssRays tab allows the user to check if links, forms and URI path of the page (where the browser is hooked) is vulnerable to XSS.
Proxy: The Proxy tab allows you to submit arbitrary HTTP requests on behalf of the hooked browser. Each request sent by the Proxy is recorded in the History panel. Click a history item to view the HTTP headers and HTML source of the HTTP response.
Network: The Network tab allows you to interact with hosts on the local network(s) of the hooked browser.
IPEC: Send commands to the victims systems using Inter-Protocol Exploitation/Communication (IPEC)
WebRTC: Send commands to the victims systems via a zombie specified as the primary WebRTC caller.
You can also right-click a hooked browser to open a context-menu with additional functionality:
Tunneling Proxy: The Proxy allows you to use a hooked browser as a proxy. Simply right-click a browser from the Hooked Browsers tree to the left and select "Use as Proxy". The proxy runs on localhost port 6789 by default. Each request sent through the Proxy is recorded in the History panel in the Proxy tab. Click a history item to view the HTTP response headers and response body.
XssRays: XssRays allows the user to check if links, forms and URI path of the page (where the browser is hooked) is vulnerable to XSS. To customize default settings of an XssRays scan, please use the XssRays tab.
Learn More
To learn more about how BeEF works please review the wiki:
Architecture of the BeEF System: https://github.com/beefproject/beef/wiki/Architecture
Tunneling Proxy: https://github.com/beefproject/beef/wiki/Tunneling-Proxy
XssRays Integration: https://github.com/beefproject/beef/wiki/XssRays-Integration
Network Discovery: https://github.com/beefproject/beef/wiki/Network-Discovery
Writing your own modules: https://github.com/beefproject/beef/wiki/Command-Module-API
开始
欢迎来到牛肉!
在能够完全探索这个框架之前,你必须“挂钩”一个浏览器。首先,您可以将浏览器指向这里的基本演示页面,或这里的高级版本。
如果您想要钩住任何页面(当然是为了调试的原因),将下面的bookmarklet链接拖到您浏览器的书签栏中,然后简单地单击另一个页面上的快捷方式:钩住我!
当一个浏览器被钩入框架后,它们将出现在左边的“钩住浏览器”面板中。挂钩浏览器将以在线或离线状态出现,这取决于它们最近查询框架的时间。
钩状的浏览器
与钩状浏览器交互时,只需左键单击它,就会出现一个新标签。每个钩状的浏览器标签有许多子标签,描述如下:
详细信息:在运行了一些命令模块后显示有关钩住的浏览器的信息。
日志:显示与此特定挂钩浏览器相关的最近日志条目。
命令:这个标签是模块可以在钩住的浏览器上执行的地方。这是大多数BeEF功能所在的地方。大多数命令模块由Javascript代码组成,可在选定的挂钩浏览器上执行。命令模块可以执行任何可以通过Javascript实现的操作:例如,它们可以收集关于钩住浏览器的信息,操纵DOM或执行其他活动,比如利用钩住浏览器本地网络中的漏洞。
每个指令模块都有一个红绿灯图标,用于指示如下:
指令模块对抗目标,应该是不可见的用户
指令模块针对目标工作,但可能对用户可见
指令舱还没有针对这个目标进行验证
指令舱对这个目标无效
XssRays: XssRays选项卡允许用户检查页面(浏览器连接的地方)的链接、表单和URI路径是否容易受到XSS的攻击。
代理:代理选项卡允许您代表钩住的浏览器提交任意的HTTP请求。代理发送的每个请求都记录在历史记录面板中。单击历史记录项以查看HTTP响应的HTTP头和HTML源。
网络:网络选项卡允许您与钩状浏览器的本地网络上的主机交互。
IPEC:使用协议间开发/通信(IPEC)向受害者系统发送命令
WebRTC:通过指定为主要WebRTC调用者的僵尸向受害者系统发送命令。
你也可以右击一个钩状浏览器来打开一个附加功能的上下文菜单:
隧道代理:代理允许您使用挂钩浏览器作为代理。只需从左边的钩状浏览器树中右键单击一个浏览器,然后选择“Use as Proxy”。默认情况下,代理在本地主机端口6789上运行。通过代理发送的每个请求都记录在Proxy选项卡的历史记录面板中。单击历史记录项以查看HTTP响应头和响应体。
XssRays: XssRays允许用户检查页面(浏览器连接的地方)的链接、表单和URI路径是否容易受到XSS的攻击。要自定义XssRays扫描的默认设置,请使用XssRays选项卡。
了解更多
想了解更多牛肉是如何起作用的,请查看wiki:
BeEF系统架构:https://github.com/beefproject/beef/wiki/Architecture
隧道代理:https://github.com/beefproject/beef/wiki/Tunneling-Proxy
XssRays集成:https://github.com/beefproject/beef/wiki/XssRays-Integration
网络发现:https://github.com/beefproject/beef/wiki/Network-Discovery
编写自己的模块:https://github.com/beefproject/beef/wiki/Command-Module-API
浙公网安备 33010602011771号