BeEF

Session Hijacking using MitM built into Kali

Beef framework

cd /user/share/beef-xss
./beef

this will start the framework

In the example the interface panel was

http://127.0.2.4:3000

open a web browser and navigate there

http://127.0.2.4:3000/ui/panel

username and password: beef

beef

currently, folders are empty

You want to use the 'advanced version here' link

visit this in another browser

  • you see the beef

  • then you have been compromised

  • this should show in the online browser tab

Viewing the details and attacks

  • Click on the target

  • Current Browser - details in the main panel

  • Commands - tab has all the things to exploit

  • Browser > Hooked domain

Examples

  • Click on eg 'Get Cookie' and then 'Execute'

  • Get page html - execute - then see all html code

  • Replace hrefs = replace all https with http for session downgrade

PreviousGoldeneyeNextHijack with cookies

Last updated