Xss platform BeEF notes (1)

Introduction

BeEF is currently the most popular web framework attack platform in Europe and the United States. Its full name is the Browser exploitation framework project. It integrates a lot of good payload and can be further infiltrated through metasploit.

I have known this platform for a long time, but I have never been tossing it. Some time ago, I worked with the mad guy and said that today I am waiting for a moment to get involved. =

 

0 × 01 set up the installation environment

The system I use is kali. The software update source is shown below.

Deb http://security.kali.org/kali-security kali/updates main contrib non-free
Deb http://http.kali.org/kali kali main non-free contrib
Deb-src http://http.kali.org/kali kali main non-free contrib
Deb http://security.kali.org/kali-security kali/updates main contrib non-free

Different systems may have different update sources.

Apt-get install ruby1.9.3apt-get install libssl-dev libsqlite3-dev sqliteapt-get install g ++ (usually you already have)

0 × 02 install BeEF

Git clone https://github.com/beefproject/beef (clone the latest beef code) gem install bundlerbundle installcat config. yaml | grep driver:./beef

IfBundler: GemfileNotFoundIf an error is reported, find a suitable version of gem and install it manually (I don't understand ruby either... So do not repeat it)

0 × 03 start BeEF

Access: http: // localhost: 3000/ui/authentication

Both the user name and password are beef

Can be modified in config. yaml

0 × 04 configure BeEF and metasploit

The em-websocket module may be missing when cloning.

Type gem install em-websocket

When you execute./BeefIn the main directory of msf, A beef. rc file is generated.

Content is

load msgrpc ServerHost=127.0.0.1 Pass=abc123

The IP address is the IP address of your metasploit host, and the password is set between two software. Then, modify the host configuration in the beef home directory. The key configuration here is the IP address of the host that is reconnected after the metasploit attack.

Run./beef/extensions/metasploit/config. yaml

Finally, configure the files in the beef directory.

Vim/beef/config. yaml

Change all metasploit to true.

Then start msf and hook it to beef ~

0 × 05 coming soon

BeEF's basic attack methods

Platform payload Introduction

Er... Because BeEF is also the first time I use it. Let's wait for me to explore it in detail ~