BeEF (Browser Exploitation Framework) Beta Released

Security: Submitted by Wade on 24-Aug-06 at 07:13pm

BeEF the browser exploitation framework has been released. The current version is beta and still a work in progress but it should be easy to install.

Its purposes in life is to provide an easily integratable framework to demonstrate the impact of browser and cross-site scripting issues in real-time. The modular structure has focused on making module development a trivial process with the intelligence existing within BeEF.

HTTP Penetration Suite

Security: Submitted by Wade on 02-Aug-06 at 07:56pm

Attacks from browsers are increasing in sophistication and researchers are focusing more resources in this area. Recently, a javascript port scanner was published that was based on a SPI Dynamics paper. The scanner is entirely encapsulated within the web browser.

It doesn’t take an Einstein to start linking web application attack vectors. In the “Inter-browser Communication” (IBC) blog I illustrated one basic method to maintain indirect real-time control over a browser (including data transfer). Using IBC it possible to load tools (in real-time) such as a port scanner to the controlled browser and retrieve the results. Following this logic, an entire HTTP Suite can be developed to attack internal networks using the browser as an unsuspecting proxy. Not to mention the extra dimensions that XSS viruses add.