Collaborate Disseminate
I’m using BeEF and want the Autorun Engine (ARE) to trigger rules every time a browser is hooked, even for already-hooked zombies (e.g., on page refresh). Currently, rules only run once per session.
Which lines in autorun_engine.rb should … Continue reading How to Configure BeEF Autorun Engine to Trigger Rules on Every Zombie Hook
Can the hijacked browser’s history and saved information be viewed?
Is it possible to create a backdoor in the browser? In other words, can it be secretly redirected to any site or downloaded and opened any file without the knowledge of t… Continue reading How can the Beef Tool be used? [closed]
Can the hijacked browser’s history and saved information be viewed?
Is it possible to create a backdoor in the browser? In other words, can it be secretly redirected to any site or downloaded and opened any file without the knowledge of t… Continue reading How can the Beef Tool be used? [closed]
The scenario is:
I am running a test webpage with apache2 with the beef hook embedded on a kali box (VM)
My router has a port forward set to the IP address of the VM and forwarding to the port on which apache is hosting the page.
The rou… Continue reading Beef-xss Webhooks & Port Forwarding / NAT [closed]
I manually edited config.yaml to add my local network IP to permitted_hooking_subnet and 127.0.0.1/32 to permitted_ui_subnet but when I run beef-xss it would change localhost address to my IP.
And I’m set up TCP ports 61985 and 61986 to tr… Continue reading Beef localhost address don’t change [closed]
Is it possible to run the tool called BeEF to do penetration testing on real domains like example.com? As far as I know, BeEF can only be used within localhost.
I can only test my site for XSS on the real domain because of the database run… Continue reading Can BeEF also work in public?
"Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use… Continue reading How to reliably detect Browser Exploitation Attacks with BeEF and other JavaScript hooking packages?
if a user’s browser gets hooked how can the user unhook his/her browser? (does clearing cookies/cache or deleting the browser data/cache help?)
How can a user know whether his/her browser is infected/hooked?
After hooking an android brows… Continue reading Few questions related to browser exploitation framework [closed]
In the BeEF framework, in the commands > social engineering > fake notification bar, BeEF bypasses the browser’s pop up blocker, and the victim’s browser pop up does not block.
Does anyone know the code that BeEF uses for this?
… Continue reading The way that BeEF bypasses pop up blockers [closed]
I recently discovered BeEF with which someone can gain access to another PC through XSS.
I was wondering if antivirus software can detect when a PC get’s hooked to BeEF.. An online search doesn’t give a clear answer.
Am I safe from being… Continue reading Can antivirus software detect if your PC is hooked to BeEF?