How to Install BeEF in Windows PC

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing.

First download ruby for windows from here

Install it in C: folder and make sure you select all the options. So Ruby is installed now.

After installing Ruby, you need to download the SQLite dll from here

Now extract the SQLite zip file on the Ruby193bin folder:

Now you need to download the ‘DevKit-tdm-32-4.5.2-20111229-1559-sfx.exe’ from here

Now extract the DevKit-tdm-32-4.5.2-20111229-1559-sfx.exe’ file on the C: folder

Open cmd prompt and go to ‘Devkit’ path and we need to run “ruby dk.rb init

Now we need to run “ruby dk.rb install’

Now a few other steps: – ruby dk.rb review (checks things are ok) –

gem install rdiscount –platform=ruby (you should see the message “Temporarily enhancing PATH to include DevKit…”)

Now you need to download the ‘BeEF Project from here

Now open the BeEF file ‘beefproject-beef-beef-0.4.3.7-0-g69c59bb’ and extract the files to C:beef

Open cmd prompt go to the BeEF path and type the following:

ruby install

Now type the below commands one by one

gem install bundler

bundle install

(You will see something similar to this)

Now Type “ruby beef” to start beef.

Of course you will need your Windows Firewall to allow that application 🙂

BeEF is installed successfully. Now go to http://127.0.0.1:3000/ui/panel and check if it is available

http://192.168.1.2:3000/ui/panel (beef is the user name and password)

Send the link http://192.168.1.2:3000/demos/basic.html to the victim via chat or email or any social engineering technique to the victim.

Hcon – Open Source Penetration Testing / Ethical Hacking Framework

HconSTF is Open Source Penetration Testing Framework based on different browser technologies, which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments. contains web tools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain – students, Security Professionals, web developers, manual vulnerability assessments and much more.

Features
  • Categorized and comprehensive toolset
  • Contains hundreds of tools and features and script for different tasks like SQLi, XSS,Dorks, OSINT to name a few
  • HconSTF webUI with online tools (same as the Aqua base version of HconSTF)
  • Each and every option is configured for penetration testing and Vulnerability assessments
  • Specially configured and enhanced for gaining easy & solid anonymity
  • Works for web app testing assessments specially for owasp top 10
  • Easy to use & collaborative Operating System like interface
  • Multi-Language support (feature in heavy development translators needed)

Download

Sandcat Browser – Pen-Test Oriented Web Browser

Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team, the same creators of the Syhunt Web Application Security Scanner. The Sandcat Browser is built on top of Chromium, the same engine that powers the Google Chrome browser, and uses the Lua language to provide extensions and scripting support.

Sandcat Browser includes the following pen-test oriented features:

  • Live HTTP Headers
  • Request Editor Extension
  • Fuzzer extension with multiple modes and support for filters
  • JavaScript Executor extension — allows you to load and run external JavaScript files
  • Lua Executor extension — allows you to load and run external Lua scripts
  • Syhunt Gelo
  • HTTP Brute Force, CGI Scanner scripts and more

Download

How to Hack Remote Web Browser with BeEF (Browser Exploitation Framework)

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. The Browser Exploitation Framework (BeEF) is a powerful professional security tool.

BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing. BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors.

How to Install Browser Exploitation Framework in BacTrack

First Open Your backtrack and Follow these path

Applications->Backtrack–>Exploitation Tools->Social Engineering Tools->BEEF XSS Framework->BeEF Installer

Now Beef is Successfully Install in your PC

 

How to use Browser Exploitation Framework 

Open your backtrack and Follow these path

Applications->Backtrack–>Exploitation Tools->Social Engineering Tools->BEEF XSS Framework->BeEF

Then copied the URL and launched it in the browser (this is my URL based on the IP of my virtual box machine yours will be different)

http://192.168.1.3:3000/ui/panel (beef is the user name and password)

Send the link http://192.168.1.3:3000/demos/basic.html to the victim via chat or email or any social engineering technique to the victim

Now you can get access of victim pc