Home » Hacking & Cybercrime, Malware, Security, Technology

BeEF: The Browser Exploit Framework

Author: Michael Gregg 12 April 2012 5,860 views No Comments
Tags: ,

While many security professionals have used the Metasploit Framework, there is another exploit framework that you should review. It is known as BeEF. BeEF is a powerful exploit framework that is focused on leveraging browser vulnerabilities to assess the security posture of a target. Just as many penetration testers use proxies such as Burp and Paros, BeEF takes this a step further by directly targeting the browser.

You can think of browser exploitation as a method of taking advantage of vulnerabilities in the browser software to modify specific settings without the knowledge of the end user. The BeEF exploit framework allows penetration testers to select specific modules to target each browser in a one-two-three approach. First, a target is selected. After selecting a target, the user can load a specific module used for attack. The ‘Load Modules’ area shows what modules are available for use and, once selected, allows the code to be sent to the targeted browser. Once the module is loaded, the vulnerability can be exploited.

As an example, one module is used to target the way Apple computers insecurely handle URL schemes when initiating a Skype outbound call. If successful, BeEF will initiate a Skype call without the end user’s permission. While this is just one example of BeEF, it demonstrates the power of the tool and how it can be used by security professionals and penetration testers to test for client side vulnerabilities. Other modules include browser overflows, cross site scripting, keylogging, and clipboard theft.

I hope you will consider checking out this great piece of software. You can learn more by visiting the project page at or by reviewing the wiki.

Related Posts
Securing Cyberspace: Are You Ready?
Five Tips to Help Secure Your Web Browser
Insider vs. Outsider Threats

Related Courses
Certified Ethical Hacker v7
Cybersecurity Foundations
Foundstone Ultimate Hacking

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.