Beef
De Linuxmemo.
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
Sommaire |
[modifier] Install
git clone https://github.com/beefproject/beef beef cd beef vim Gemfile et ajoutez le support postgres - gem "dm-postgres-adapter" vim /etc/postgresql/9.1/main/pg_hba.conf - local all all trust bundle install ./beef
[modifier] Configuration
vim config.yaml
- Extensions should be enabled.
- The metasploit extension should be configured by modifying the config.yml
vim extensions/metasploit/config.yml
The host and callback_host parameters which should have the IP address of the host.
- For enabling RPC communication, the following command should be launched in metasploit console (on met la console en écoute rpc):
load msgrpc ServerHost=127.0.0.1 Pass=abc123 [*] MSGRPC Service: 127.0.0.1:55552 [*] MSGRPC Username: msf [*] MSGRPC Password: abc123 [*] Successfully loaded plugin: msgrpc
- lancement de Beef (qui se connect a la console metasploit en rpc)
./beef [14:39:54][*] Bind socket [imapeudora1] listening on [0.0.0.0:2000]. [14:39:54][*] Browser Exploitation Framework (BeEF) 0.4.4.5-alpha [14:39:54] | Twit: @beefproject [14:39:54] | Site: http://beefproject.com [14:39:54] | Blog: http://blog.beefproject.com [14:39:54] |_ Wiki: https://github.com/beefproject/beef/wiki [14:39:54][*] Project Creator: Wade Alcorn (@WadeAlcorn) [14:39:55][*] Successful connection with Metasploit. [14:39:55][*] Loaded 233 Metasploit exploits.
[modifier] interface
http://127.0.0.1:3000/ui/panel
login(default): beef/beef
[modifier] Automatisation
Chaque module est configurable indépendamment.
vim extensions/nom_module/config.yml sous "enable: true" ajouter "autorun: true"
- Attention, lors de l'édition des config.yml, il ne faut pas mettre de tabulation mais des espaces avant les directives.
