Introduction
BeEF is currently the most popular web framework attack platform in Europe and the United States. Its full name is the Browser exploitation framework project. It integrates a lot of good payload and can be further infiltrated through metasploit.
I have known this platform for a long time, but I have never been tossing it. Some time ago, I worked with the mad guy and said that today I am waiting for a moment to get involved. =
0 × 01 set up the installation environment
The system I use is kali. The software update source is shown below.
Deb http://security.kali.org/kali-security kali/updates main contrib non-free
Deb http://http.kali.org/kali kali main non-free contrib
Deb-src http://http.kali.org/kali kali main non-free contrib
Deb http://security.kali.org/kali-security kali/updates main contrib non-free
Different systems may have different update sources.
Apt-get install ruby1.9.3apt-get install libssl-dev libsqlite3-dev sqliteapt-get install g ++ (usually you already have)
0 × 02 install BeEF
Git clone https://github.com/beefproject/beef (clone the latest beef code) gem install bundlerbundle installcat config. yaml | grep driver:./beef
IfBundler: GemfileNotFoundIf an error is reported, find a suitable version of gem and install it manually (I don't understand ruby either... So do not repeat it)
0 × 03 start BeEF
Access: http: // localhost: 3000/ui/authentication
Both the user name and password are beef
Can be modified in config. yaml
0 × 04 configure BeEF and metasploit
The em-websocket module may be missing when cloning.
Type gem install em-websocket
When you execute./BeefIn the main directory of msf, A beef. rc file is generated.
Content is
load msgrpc ServerHost=127.0.0.1 Pass=abc123
The IP address is the IP address of your metasploit host, and the password is set between two software. Then, modify the host configuration in the beef home directory. The key configuration here is the IP address of the host that is reconnected after the metasploit attack.
Run./beef/extensions/metasploit/config. yaml
Finally, configure the files in the beef directory.
Vim/beef/config. yaml
Change all metasploit to true.
Then start msf and hook it to beef ~
0 × 05 coming soon
BeEF's basic attack methods
Platform payload Introduction
Er... Because BeEF is also the first time I use it. Let's wait for me to explore it in detail ~