O'Reilly logo

Mastering Kali Linux for Web Penetration Testing by Michael McPhee

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Stored XSS with BeEF

The Browser Exploitation Framework (BeEF, available at http://beefproject.com) is a tool we took a look at in Penetration Testing with the Raspberry Pi, Second Edition (https://www.packtpub.com/networking-and-servers/penetration-testing-raspberry-pi-second-edition)where we discussed its general use as a honeypot or malicious web server. These same capabilities make BeEF a fantastic tool for the delivery and subsequent management of a variety of XSS attacks. What makes BeEF powerful is that it leverages a single hook script in internet browsers for its attack, and because of the XSS vulnerability in the web server, it can evade most controls employed by more paranoid or better trained victims. Short of blocking various ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required