Professional Documents
Culture Documents
T h u r s d a y, M a r c h 2 9 , 2 0 1 2 Pages
Its purpose is primarily for Security Awareness Training. It is a great tool (website)
to show the impact of a single seemingly innocent vulnerability - reflective or About Me
persistent cross-site scripting - caused by a lack of input validation and/or output
escaping. Stephanie Tan
About BeEF
Excerpt from http://beefproject.com/ : Blog Archive
► 2014 (1)
BeEF is a Security Tool The Browser Exploitation Framework (BeEF) ► 2013 (2)
is a powerful professional security tool. BeEF is pioneering techniques
▼ 2012 (1)
that provide the experienced penetration tester with practical client
▼ March (1)
side attack vectors.
Installing and Running BeEF
Unlike other security frameworks, BeEF focuses on leveraging on Linux
browser vulnerabilities to assess the security posture of a target. This
► 2011 (1)
project is developed solely for lawful research and penetration testing.
► 2010 (5)
BeEF hooks one or more web browsers as beachheads for the
launching of directed command modules. Each browser is likely to be
within a different security context, and each context may provide a set
of unique attack vectors.
Download the latest version of git (you can go the website to wget http://git-core.googlecode.com
find out if there is a version newer than what i have here) /files/git-1.7.9.5.tar.gz
[root@server
ruby-1.9.3-p125]#
Verify the installation was successful
ruby -v
by checking the version number
ruby 1.9.3p125
(2012-02-16 revision
34643) [x86_64-
linux]
Go to wherever you
installed beef (e.g. cd /root/beef/)
/root/beef)
gem install bundler
bundle install
Configure BeEF
Configure BeEF to run on port 80 and also start directly from the server
you have it installed on. Otherwise, you have to enter http://server
/ui/authentication thus making it easier to access the site.
Note: I could not get the path to access beef reduced from http://server
/ui/authentication to http://server/ -- perhaps this is an issue with the
version of BeEF I installed with
vi /root/beef/config.yaml
http:
debug: false #Thin::Logging.debug,
very verbose. Prints also full
exception stack trace.
host: "0.0.0.0"
port: "80" <-----CHANGED
Modify the
# if running behind a nat set the
configuration file.
public ip address here
Change port: "3000"
#public: ""
to "80"
dns: "localhost"
panel_path: "/ui/panel" <-----I'D LIKE
TO CHANGE THIS BUT IT ISN'T
TAKING EFFECT
hook_file: "/hook.js"
hook_session_name: "BEEFHOOK"
session_cookie_name:
"BEEFSESSION"
1 comment:
Reply
Powered by Blogger.