beef copy

BeEF - The Browser Exploitation Framework

Official website: http://beefproject.com/

Getting Started

Welcome to BeEF!

Before being able to fully explore the framework you will have to 'hook' a browser. To begin with you can point a browser towards the basic demo page here, or the advanced version here.

If you want to hook ANY page (for debugging reasons of course), drag the following bookmarklet link into your browser's bookmark bar, then simply click the shortcut on another page: Hook Me!

After a browser is hooked into the framework they will appear in the 'Hooked Browsers' panel on the left. Hooked browsers will appear in either an online or offline state, depending on how recently they have polled the framework.

Hooked Browsers

To interact with a hooked browser simply left-click it, a new tab will appear. Each hooked browser tab has a number of sub-tabs, described below:

Details: Display information about the hooked browser after you've run some command modules.
Logs: Displays recent log entries related to this particular hooked browser.
Commands: This tab is where modules can be executed against the hooked browser. This is where most of the BeEF functionality resides. Most command modules consist of Javascript code that is executed against the selected Hooked Browser. Command modules are able to perform any actions that can be achieved through Javascript: for example they may gather information about the Hooked Browser, manipulate the DOM or perform other activities such as exploiting vulnerabilities within the local network of the Hooked Browser.

Each command module has a traffic light icon, which is used to indicate the following:
    The command module works against the target and should be invisible to the user
    The command module works against the target, but may be visible to the user
    The command module is yet to be verified against this target
    The command module does not work against this target

XssRays: The XssRays tab allows the user to check if links, forms and URI path of the page (where the browser is hooked) is vulnerable to XSS.
Proxy: The Proxy tab allows you to submit arbitrary HTTP requests on behalf of the hooked browser. Each request sent by the Proxy is recorded in the History panel. Click a history item to view the HTTP headers and HTML source of the HTTP response.
Network: The Network tab allows you to interact with hosts on the local network(s) of the hooked browser.
IPEC: Send commands to the victims systems using Inter-Protocol Exploitation/Communication (IPEC)
WebRTC: Send commands to the victims systems via a zombie specified as the primary WebRTC caller.

You can also right-click a hooked browser to open a context-menu with additional functionality:

Tunneling Proxy: The Proxy allows you to use a hooked browser as a proxy. Simply right-click a browser from the Hooked Browsers tree to the left and select "Use as Proxy". The proxy runs on localhost port 6789 by default. Each request sent through the Proxy is recorded in the History panel in the Proxy tab. Click a history item to view the HTTP response headers and response body.
XssRays: XssRays allows the user to check if links, forms and URI path of the page (where the browser is hooked) is vulnerable to XSS. To customize default settings of an XssRays scan, please use the XssRays tab.

Learn More

To learn more about how BeEF works please review the wiki:

Architecture of the BeEF System: https://github.com/beefproject/beef/wiki/Architecture
Tunneling Proxy: https://github.com/beefproject/beef/wiki/Tunneling-Proxy
XssRays Integration: https://github.com/beefproject/beef/wiki/XssRays-Integration
Network Discovery: https://github.com/beefproject/beef/wiki/Network-Discovery
Writing your own modules: https://github.com/beefproject/beef/wiki/Command-Module-API