-
Notifications
You must be signed in to change notification settings - Fork 2.2k
Information Gathering
So now, you have BeEF up and running, and you have hooked your first browser. You might be wondering what the next step is.
Your first step will often be to perform reconnaissance on the remote host. Which browser and plugins do they have running? Which website have you hooked?
This page will provide some information on how you may begin to go about this process.
When a browser is hooked, BeEF will automatically gather several pieces of information on the hooked browser:
- Browser Name and Version
- Browser User Agent
- Plugins (including Java, ActiveX, VBS, Flash...)
- Windows Size
Default information on the hooked browser gathered by BeEF:
You can then use different plugins to gather more detailed information on the browsers:
- The module Browser Fingerprinting uses a number of custom URLs to identify the hooked browser. It can also be useful if the user changes their user agent.
- You can complete the list of plugins with the modules Detect Firebug, Detect Popup Blocker, Detect Google Desktop, Detect Unsafe ActiveX...
Example Result from the Browser Fingerprinting Module:
By using several modules, you can also gather information on the system of the hooked browser:
- Internet Explorer has permissions that allow system software detection (see Detect Softwares) and even registry keys (please note that attempting to use the registry keys module will prompt the user with an authorization message).
- If the browser authorizes Java, the Get Internal IP module allows BeEF to detect the IP address of the system (don't worry, more fun network tricks with the will be described later)
- The Get System Info module can gather additional information on the system from a Java Applet including: Operating System details, Java JVM info, IP addresses, Processor/Memory specs, and more.
- It is also possible to retrieve the location of the user by using the Geolocation API or by using a trick requesting Google maps.
- The default Javascript API allows access to data stored in the clipboard.
Result of Get System Info Module:
A hooked browser allows BeEF to discover information on the behaviour of the user:
- Utilising some Javascript tricks, it is possible to detect if the browser has already visited a given URL or a given domain.
- The Detect Social Networks module can identify if the user of the hooked browser has a current session on Facebook, Twitter, or Gmail.
- The Detect TOR module can identify if the user of the hooked browser is currently using TOR.
- Configuration
- Interface
- Information Gathering
- Social Engineering
- Network Discovery
- Metasploit
- Tunneling
- XSS Rays
- Persistence
- Creating a Module
- Geolocation
- Using-BeEF-With-NGROK