Skip to content

Social Engineering

Jump to bottom
Nbblrr edited this page Jan 2, 2013 · 22 revisions

When you have hooked a browser, you can modify the whole page and cause different actions (redirection...), so there are a lot of possibilities for social engineering attacks. This page will try to sum them up.

Ask for crendentials

Simplest attacks are often the most efficient ones, so you can just ask for it to the user with different modules :

  • The Pretty Theft module prints a simple message to the user for requiring login and password and explaining that the session has timed out
  • The Simple Hijacker module proposes several social engineering templates and prompt them to the user when he will click on a link on the page.
  • Clippy is a module that create a small browser assistant which propose browser updates.

Redirect to another page

You may also uses BeEF modules to redirect to external pages :

  • By using the basic rediret browser module, you can redirect the hooked page to any other page. Note that it may be weird for the user to be redirect and that you will loose the zombie. To avoid loosing the browser from BeEF, you can also use the rediction module with iframe which will open a 100% iframe to the given url.
  • You can also use the great tabnabbing module : this module detect when the user loose focus on the current tab and modify the whole page to load the given URL in an iframe at this time. When the use comes back to the tab, he will directly see the new web page.

Chrome/Firefox extensions

By requiring the user to install a fake flash update, it is possible to install a malicious Firefox/Chrome extension. Once installed this extension can communicate directly with BeEF and have access to much more information than code in the hooked browser.

By using Chrome extensiosn module, it is thus possible to use the malicious extension to :

Other

  • There is also a nice clickjacking module which allow custom clickjacking attack by giving the URL and offset on the target page :

Previous | Next

User Guide

I. Introduction   |   II. Basic Utilization   |   III. Advanced Utilization   |   IV. Development   |   V. References

Community

Blog   |   Code   |   Youtube   |   Twitter

I - Starting BeEF

  1. Introducing BeEF
  2. Installation
  3. Basics
  4. Troubleshooting

II - Basic Utilization

  1. Configuration
  2. Interface
  3. Information Gathering
  4. Social Engineering
  5. Network Discovery
  6. Metasploit
  7. Tunneling
  8. XSS Rays
  9. Persistence
  10. Creating a Module
  11. Geolocation
  12. Using-BeEF-With-NGROK

III - Advanced Utilization

  1. RESTful API
  2. Autorun Rule Engine
  3. Notifications
  4. Console
  5. WebRTC Extension

IV - Development

  1. Contributing
  2. ActiveRecord
  3. Development Organization
  4. Architecture
  5. BeEF Javascript API
  6. Step By Step Module Creation
  7. Creating a New Extension
  8. BeEF Testing
  9. Browser & OS Compatibility
  10. Database Schema
  11. Development Milestones
  12. Command Module Config
  13. Command Module API

V - References

  1. FAQ
  2. Other
  3. References
  4. Modules
  5. Release Notes
Clone this wiki locally