O'Reilly logo

Kali Linux Web Penetration Testing Cookbook by Gilberto Nájera-Gutiérrez

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Exploiting XSS with BeEF

BeEF, the browser exploitation framework, is a tool that focuses on client-side attack vectors, specifically on attacking web browsers.

In this recipe, we will exploit an XSS vulnerability and use BeEF to take control of the client browser.

Getting ready

Before we start, we need to be sure that we have started the BeEF service and are capable of accessing http://127.0.0.1:3000/ui/panel (with beef/beef as login credentials).

  1. The default BeEF service in Kali Linux doesn't work so we cannot simply run beef-xss to get BeEF running, instead we need to run it from the directory in which it was installed, as shown here:
    cd /usr/share/beef-xss/
    ./beef
    
  2. Now, browse to http://127.0.0.1:3000/ui/panel and use beef as both the username and ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required