Settings
Log out
In this session we are going to see a combo of two different topics.
As we already learnt to exploit a website with XSS, now we are upgrading our attack with another tool that was built-in with Kali Linux. So, what I have done here is, I found a xss vulnerability in a website and inserted a script that can divert the victim to someother maliious website. In this case, I have started BeEF framework which is used to exploit the browser of the victim by sending browser commands.Once the victim opens the webpage that was already infected with our xss script, the attacker in the network can manipulate the victim's browser by sending malicious commands to the browser and exploit it.
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors.
Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser.
BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.