Hacking Articles » Browser Hacking

How to Install BeEF in Windows PC

Raj Chandel — Wed, 07 Nov 2012 12:08:54 +0000

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing.

First download ruby for windows from here

Install it in C: folder and make sure you select all the options. So Ruby is installed now.

After installing Ruby, you need to download the SQLite dll from here

Now extract the SQLite zip file on the Ruby193bin folder:

Now you need to download the ‘DevKit-tdm-32-4.5.2-20111229-1559-sfx.exe’ from here

Now extract the DevKit-tdm-32-4.5.2-20111229-1559-sfx.exe’ file on the C: folder

Open cmd prompt and go to ‘Devkit’ path and we need to run “ruby dk.rb init

Now we need to run “ruby dk.rb install’

Now a few other steps: - ruby dk.rb review (checks things are ok) –

gem install rdiscount –platform=ruby (you should see the message “Temporarily enhancing PATH to include DevKit…”)

Now you need to download the ‘BeEF Project from here

Now open the BeEF file ‘beefproject-beef-beef-0.4.3.7-0-g69c59bb’ and extract the files to C:beef

Open cmd prompt go to the BeEF path and type the following:

ruby install

Now type the below commands one by one

gem install bundler

bundle install

(You will see something similar to this)

Now Type “ruby beef” to start beef.

Of course you will need your Windows Firewall to allow that application

BeEF is installed successfully. Now go to http://127.0.0.1:3000/ui/panel and check if it is available

http://192.168.1.2:3000/ui/panel (beef is the user name and password)

Send the link http://192.168.1.2:3000/demos/basic.html to the victim via chat or email or any social engineering technique to the victim.

Hcon – Open Source Penetration Testing / Ethical Hacking Framework

Raj Chandel — Tue, 07 Aug 2012 21:01:53 +0000

HconSTF is Open Source Penetration Testing Framework based on different browser technologies, which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments. contains web tools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain – students, Security Professionals, web developers, manual vulnerability assessments and much more.

Features

Categorized and comprehensive toolset
Contains hundreds of tools and features and script for different tasks like SQLi, XSS,Dorks, OSINT to name a few
HconSTF webUI with online tools (same as the Aqua base version of HconSTF)
Each and every option is configured for penetration testing and Vulnerability assessments
Specially configured and enhanced for gaining easy & solid anonymity
Works for web app testing assessments specially for owasp top 10
Easy to use & collaborative Operating System like interface
Multi-Language support (feature in heavy development translators needed)

Download

Sandcat Browser – Pen-Test Oriented Web Browser

Raj Chandel — Mon, 28 May 2012 17:53:23 +0000

Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team, the same creators of the Syhunt Web Application Security Scanner. The Sandcat Browser is built on top of Chromium, the same engine that powers the Google Chrome browser, and uses the Lua language to provide extensions and scripting support.

Sandcat Browser includes the following pen-test oriented features:

Live HTTP Headers
Request Editor Extension
Fuzzer extension with multiple modes and support for filters
JavaScript Executor extension — allows you to load and run external JavaScript files
Lua Executor extension — allows you to load and run external Lua scripts
Syhunt Gelo
HTTP Brute Force, CGI Scanner scripts and more

Download

How to Hack Remote Web Browser with BeEF (Browser Exploitation Framework)

Raj Chandel — Fri, 11 May 2012 20:49:30 +0000

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. The Browser Exploitation Framework (BeEF) is a powerful professional security tool.

BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing. BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors.

How to Install Browser Exploitation Framework in BacTrack

First Open Your backtrack and Follow these path

Applications->Backtrack–>Exploitation Tools->Social Engineering Tools->BEEF XSS Framework->BeEF Installer

Now Beef is Successfully Install in your PC

How to use Browser Exploitation Framework

Open your backtrack and Follow these path

Applications->Backtrack–>Exploitation Tools->Social Engineering Tools->BEEF XSS Framework->BeEF

Then copied the URL and launched it in the browser (this is my URL based on the IP of my virtual box machine yours will be different)

http://192.168.1.3:3000/ui/panel (beef is the user name and password)

Send the link http://192.168.1.3:3000/demos/basic.html to the victim via chat or email or any social engineering technique to the victim

Now you can get access of victim pc

BFT (Browser Forensic Tool )

Raj Chandel — Sun, 19 Feb 2012 13:51:09 +0000

Browser forensic tool is software that will search in all kind of browser history (even archived) in a few seconds. It will retrieve URLS and Title with the chosen keywords of all matching search.

Download

How to Check Your Browser Security

Raj Chandel — Mon, 12 Dec 2011 11:55:12 +0000

Qualys BrowserCheck

Qualys BrowserCheck is a free tool that scans your browser and its plugins to find potential vulnerabilities and security holes and help you fix them.

https://browsercheck.qualys.com/

Browser Scope

Browserscope is a community-driven project for profiling web browsers. The goals are to foster innovation by tracking browser functionality and to be a resource for web developers.

http://www.browserscope.org/security/test

Panopticlick

Panopticlick checks if your browser’s configuration is unique. The more unique your browser, the less easily it could be tracked. Web tracking is a privacy risk for users.

http://panopticlick.eff.org/

Most Useful Google Chrome Browser chrome:// Commands

Raj Chandel — Fri, 09 Dec 2011 05:50:35 +0000

chrome://flags

From here you can enable some of the experimental features that are hidden in the google Chrome browser. Please note that as mentioned on this page, since these are experimental, these might not work as expected and might cause issues. Enable these features and use it at your own risk.

chrome://dns

This displays the list of hostnames for which the browser will prefetch the DNS records.

chrome://downloads

This is also available from the Menu -> Downloads. Short cut key is Ctrl+J

chrome://extensions

This is also available from the Menu -> Tools -> Extensions

chrome://bookmarks

This is also available from the Menu -> Bookmarks -> Bookmark Manager. Short cut key is Ctrl+Shift+O

chrome://history

This is also availble from the Menu -> History. Short cut key is Ctrl+H

chrome://memory

This will redirect to “chrome://memory-redirect/”. This will display the memory used by Google chrome browser, and all other browsers running on the system (including firefox).

This also display all the process related to browser with their PID, process name, and the memory it takes.

chrome://net-internals

This displays all networking related information. Use this to capture network events generated by the browser. You can also export this data. You can view DNS host resolver cache.

One of the important feature in this feature is “Test”. If a URL failed to load, you can go to “chrome://net-internals” -> click on “Tests” tab -> type that URL which failed, and click on “Start Test”, which will do some test and report you why that URL failed.

chrome://quota-internals

This gives information about the disk space quote used by the browser, including the break down of how much space the individual websites took under temporary files.

chrome://sessions

This displays the number of sessions and magic list that are currently running.

chrome://settings

This is also available from the Menu -> Options (on Windows), and Menu -> Preferences (on Linux). From here you can control various browser related settings.

chrome://sync-internals

This gives information about the chrome sync feature, including the Sync URL used by google, and sync statistics.

Finally, to view all the available chrome:// commands, type chrome://about/ in your chrome browser URL as shown below

How to Test Website on Different Browser

Raj Chandel — Mon, 05 Dec 2011 08:22:22 +0000

Browser Shot

Browsershots makes screenshots of your web design in different browsers. It is a free open-source online service created by Johann C. Rocholl. When you submit your web address, it will be added to the job queue. A number of distributed computers will open your website in their browser.

First go to BrowserShots.org , you’ll see almost all of the available browsers are pre-selected. If you want to test all available operating systems and browser versions, simply enter your website URL into the open field and click “Submit.”

http://browsershots.org/

Gomez Cross-Browser Compatibility Test

Gomez.com offers a set of tools that it calls the “Instant Test Center” with tests including, Cross-Browser Compatibility, Multi-Browser Performance and array of speed tests.

http://www.gomez.com/cross-browser-website-compatibility-test/

Adobe Browser Lab

Adobe Browser Lab is an online service that helps ensure your web content displays as intended. Accurately preview web pages across multiple browsers and operating systems, navigate links, and use diagnostic tools to optimize websites efficiently.

https://browserlab.adobe.com/en-us/index.html#

Search Other YouTube Video Without Close Running Video

Raj Chandel — Fri, 21 Oct 2011 05:59:01 +0000

It is actually a very unique extension. As mentioned, it lets you search YouTube videos while you are watching one, and saves you the hassles of opening a new tab and missing your favorite video.

First Download YT Background Search Plugin For Google Chrome.

You would get a bar type when you install this extension and all you have do is type the video name and click on ‘BG search’ and your screen would get divided. YouTube will show all results on same page

Remotely Control Any Computer Using Chrome Remote Desktop

Raj Chandel — Mon, 17 Oct 2011 09:17:12 +0000

Chrome Remote Desktop BETA is the first installment on a capability allowing users to remotely access another computer through the Chrome browser or a Chromebook.

First Download Google Chrome Plugin Click Here
After you install Chrome Remote Desktop BETA extension
Open a new tab in your Chrome web browser then click on Chrome Remote Desktop icon (from Apps tab)
Then click on Continue button

Press the “Allow access” button at the very next page

Click on Share This Computer button, if you want to share your computer with someone or else click on access a shared computer link if you want to access someone else computer.

Now you will get onetime unique access code, which you need to share it with the respective person you want to share your computer.

Now the person’s computer want to access ask him to share unique access code with you so that you can get remote access on his computer

Now they will verify and there you go, you got access to respective person computer or vice versa