Gary Jones
Gary Jones
BeEFPhishingApache2WiresharkCybersecurity

BeEF Hooking to Capture Browser Information

BeEF Hooking to Capture Browser Information
0 views
3 min read
#BeEF#Phishing#Apache2#Wireshark#Cybersecurity
Table Of Content

BeEF Hooking to Capture Browser Information

Situation:

This project focused on using the Browser Exploitation Framework (BeEF) to capture browser information by exploiting user interactions. The task was prompted by a social engineering campaign where Nuri Numismatist, a stamp and coin enthusiast, was baited into visiting a site at kali.pr0b3.com. The goal was to hook Nuri’s browser using BeEF and extract useful information.

Obstacles:

  1. Unknown URL:
    • Identifying the exact web page Nuri was attempting to access required network traffic monitoring.
  2. BeEF Configuration:
    • Setting up the framework and ensuring the hook script integrated properly with the created web page.
  3. Web Server Setup:
    • Configuring Apache2 to host the crafted web page with minimal prior knowledge.

Actions Taken:

  1. Network Monitoring:
    • Enabled Apache2 and used Wireshark with name resolution options turned on.
    • Captured and analyzed GET requests, identifying the target URL: kali.pr0b3.com/coins/collection.html.
  2. Web Server Setup:
    • Created a coins directory in /var/www/html.
    • Developed a simple collection.html page, embedding an external link to the BeEF hook script.
    • Confirmed the web page functionality by accessing it locally and ensuring the hook executed.
  3. BeEF Hooking:
    • Started BeEF and logged into its UI.
    • Verified that the hook URL was linked to 172.24.0.10, the same host as Nuri’s target.
    • Monitored the BeEF interface to confirm that Nuri’s browser was successfully hooked, visible under the Zombies tab.
  4. Data Extraction:
    • Collected browser information from Nuri’s session.
    • Captured a potential administrative session token mentioned during initial briefings.

Results:

  1. Successful Browser Hooking:
    • The BeEF UI displayed Nuri’s hooked browser, confirming the campaign’s success.
  2. Data Captured:
    • Browser metadata and an administrative session token were extracted.
  3. Vulnerability Identified:
    • User susceptibility to phishing and insecure web interactions were confirmed.

Tool Purpose Overview:

Apache2:

  • Hosted the crafted webpage (collection.html) that executed the BeEF hook script.

Wireshark:

  • Monitored network traffic to identify Nuri’s web requests.

BeEF:

  • Captured browser information and maintained the hook for potential exploitation.

Recommendations:

  1. User Awareness Training:
    • Educate employees on recognizing phishing attempts, especially in niche interest groups.
  2. Secure Web Practices:
    • Encourage users to avoid interacting with unverified external links and domains.
  3. Incident Response:
    • Investigate and mitigate any potential threats posed by the extracted session token.
  4. System Hardening:
    • Employ stricter security protocols for internal users to prevent successful browser hooking attacks.

View PDF Document