SecurityTubeBeta Watch ... Learn ... Contribute |
 |
 |
 |
 |
 |
  |
|
Browser Exploitation Framework (BeEF)
BeEF is the browser exploitation framework. A professional tool to demonstrate the real-time impact of browser vulnerabilities. Development has focused on creating a modular structure making new module development a trivial process with the intelligence residing within BeEF. Current modules include the first public Inter-protocol Exploit, a traditional browser overflow exploit, port scanning, keylogging, clipboard theft and more. The modules are aimed to be a representative set of current browser attacks - with the notable exception of launching cross-site scripting viruses. You can download BeEF from Bindshell.net.
Though BeEF can be used to exploit computers located anywhere on the Interent (e.g. by setting up a malicious site) and on the local LAN (e.g. use a simple MITM to send the payload), I particularly feel it would be very useful in compromising computers in hotspot destinations. Here is a simple use case - A hacker can setup a Honeypot advertising a local hotspot in the vicinity such as tmobile, google-wifi or starbucks. An unsuspecting user successfully connects to this honeypot and fires his browser to check his web email. The hacker re-directs the user and serves him a malicious page using BeEF. User gets 0wned :)
Below are 2 videos about the BeEF framework: First is a simple walk through on how to get started with BeEF on Backtrack 4 and how one can detect if the victim has flash and java installed. The second video is a demo of the MS09-002 exploit using BeEF.
Though BeEF can be used to exploit computers located anywhere on the Interent (e.g. by setting up a malicious site) and on the local LAN (e.g. use a simple MITM to send the payload), I particularly feel it would be very useful in compromising computers in hotspot destinations. Here is a simple use case - A hacker can setup a Honeypot advertising a local hotspot in the vicinity such as tmobile, google-wifi or starbucks. An unsuspecting user successfully connects to this honeypot and fires his browser to check his web email. The hacker re-directs the user and serves him a malicious page using BeEF. User gets 0wned :)
Below are 2 videos about the BeEF framework: First is a simple walk through on how to get started with BeEF on Backtrack 4 and how one can detect if the victim has flash and java installed. The second video is a demo of the MS09-002 exploit using BeEF.
We hate these ADs as much as you do! Help us stay FREE and CLEAN by making a Generous Donation!
Related Videos from: Attack Platforms
.jpg) | .jpg) |  |  | .jpg) | |
You are Viewing this Video Now! | |||||
1944 views | 2555 views | 1911 views | 4793 views | 1390 views |
Author
Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net
©2007 Freak Labs |