Skip to content

Social Engineering

Jump to bottom
Jack Walker edited this page Jan 3, 2020 · 22 revisions

Introduction

Once BeEF has hooked a browser, it can modify and/or send content directly to the viewport or other open tabs. This functionality allows you to craft and perform sophisticated social engineering attacks.

Table of Contents

Ask for Credentials

Simple attacks are often the most efficient ones. BeEF comes with several command modules that present the target with familiar interfaces requesting credentials:

  • The Pretty Theft module prints a simple message to the user requiring login and password, explaining that the session has timed out. It has a number of presets that imitate popular social network/marketplace themes.
  • The Simple Hijacker module allows you to load a number of common pop-ups when a user clicks any link on their current page. Pop-up templates include certificate warnings, standard alert style prompts, and credit card payment forms.
  • Clippy is a module that create a small browser assistant which propose browser updates.
A Pretty Theft Pop-up Template:

Redirect to Another Page

A number BeEF modules exist that allow you to redirect to external pages:

  • The Redirect Browser module can redirect the hooked page to any other page.
    • Please note that a spontaneous redirect without any action from the user may cause them to immediately close the zombie.
    • To avoid losing the zombie from BeEF, the Redirect Browser (iFrame) sub-module will create a full viewport iFrame which redirects to the specified URL.
  • The TabNabbing module will detect when the user loses focus on the current tab and modify it in the background. When the user comes back to the tab, they will be viewing a full viewport iFrame containing the contents of the specified URL.

Chrome/Firefox Extensions

Using BeEF it is possible to get a user to install a malicious browser extension:

Fake Flash Update Pop-up:

Clickjacking

BeEF contains a module that enables clickjacking attacks in a hooked browser:

  • The Clickjacking module will create an iFrame which follows the users cursor around the page, displaying the content at the specified URL.

Information Gathering | Network Discovery

User Guide

I. Introduction   |   II. Basic Utilization   |   III. Advanced Utilization   |   IV. Development   |   V. References

Community

Blog   |   Code   |   Youtube   |   Twitter

I - Starting BeEF

  1. Introducing BeEF
  2. Installation
  3. Basics
  4. Troubleshooting

II - Basic Utilization

  1. Configuration
  2. Interface
  3. Information Gathering
  4. Social Engineering
  5. Network Discovery
  6. Metasploit
  7. Tunneling
  8. XSS Rays
  9. Persistence
  10. Creating a Module
  11. Geolocation
  12. Using-BeEF-With-NGROK

III - Advanced Utilization

  1. RESTful API
  2. Autorun Rule Engine
  3. Notifications
  4. Console
  5. WebRTC Extension

IV - Development

  1. Contributing
  2. ActiveRecord
  3. Development Organization
  4. Architecture
  5. BeEF Javascript API
  6. Step By Step Module Creation
  7. Creating a New Extension
  8. BeEF Testing
  9. Browser & OS Compatibility
  10. Database Schema
  11. Development Milestones
  12. Command Module Config
  13. Command Module API

V - References

  1. FAQ
  2. Other
  3. References
  4. Modules
  5. Release Notes
Clone this wiki locally