BeEF v0.4.3.3 Released

The Browser Exploitation Framework (BeEF) is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors.

Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing.

BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors.

Changelog v0.4.3.3

  • The much anticipated RESTful API we’ve been blogging about
  • QRCode extension (curiosity fed the BeEF!)
  • Load configurations at the command line with a new -c function, as you requested, @_sid77
  • History extraction from IE and Firefox.

Read about it in this prior blog post.

QRCode extension
This module will generate a BeEF hook QRCode, so that you can hook nosy smartphone users with posters or other social engineering tactics. Devious devious! If you’re lucky, you can check out Christian at this month’s OWASP AppSec APAC where he’ll be speaking about BeEF. Maybe he’ll include some tasty bits about this.

The -c command line option
This will load a different master config.yaml file, that will be automatically ignored by GIT. We saw a bunch of people asking for this on Twitter, so we added it.

History Extraction
You should be able to see what sites have been visited if your zombies are using something IE or Firefox. We’re working on support for Chrome and Opera, too. But, note, some of the privacy settings in Chrome may still prevent this from working, but where there is not specific blocking software or settings in place, this should get the history data accurately.

Other Stuff
Youtube keeps adding geo restrictions. But, BeEF is never going to give you up, never going to let you down.

More information: here

Download BeEF v0.4.3.3

MaxiSoler @maxisoler