User:Galaxy1033/sandbox

Browser Exploitation Framework[edit]

Browser Exploitation Framework is also know as BeEF it is penetration testing tools that is mainly designed to target web browsers.^[1] BeEF use cross-site scripting vulnerabilities to attack victims, the tool has evolved to include many practical use cases of many client side attack vectors.^[2]

How BeEF works[edit]

BeEF hooks one or more web browsers as entry point for the launching it's managed command modules. Because of having different browsers that comes with different security context, we may have unique attack vector for each one of them. A penetration tester or a hacker can select in real-time specific modules to target each browser. The framework leverage powerful APIs to provide easy of use, effectiveness and efficiency.^[3]

Architecture[edit]

BeEF currently consist of two base components when it is started: the User Interface and the Communication Server.^[4]

User Interface[edit]

This is the BeEF's control interface. Using this interface an attacker can see the hooked online and offline browsers, run different kind of exploits against them, and see if the attack result.^[4]

Communication Server (CS)[edit]

This the main part of BeEF framework, it controls and manage communication with hooked browsers using HTTP.^[4]

^ "The Browser Exploitation Framework Project".
^ B. Lundeen and J. Alves-Foss, "Practical clickjacking with BeEF," in 2012, . DOI: 10.1109/THS.2012.6459919.
^ "BeEF Wiki". GitHub.
^ ^a ^b ^c "BeEF Achitecture". GitHub.

[1] "The Browser Exploitation Framework Project".

[2] B. Lundeen and J. Alves-Foss, "Practical clickjacking with BeEF," in 2012, . DOI: 10.1109/THS.2012.6459919.

[3] "BeEF Wiki". GitHub.

[:0-4] "BeEF Achitecture". GitHub.

[1]

[2]

[3]

[4]