BEEF的搭建与使用

安装与搭建

beef是ruby写的，在windows下安装beef还是有些麻烦的，需要装很多东西。

源码在github googlecode等地方均有下载

http://code.google.com/p/beef/downloads/listhttps://github.com/beefproject/beef

在windows下配置ruby，推荐大家使用railsinstaller这个东西，各种环境一键安装，提醒一下这里ruby要求1.9以及以上版本。

http://railsinstaller.org/

另外还需要SQLite.dll这个下载之后放到ruby的bin目录下

http://www.sqlite.org/download.html

之后只要跑到源代码目录下，运行

bundle installruby beef

出现这种东西说明成功了，端口以及各种配置在config.yaml中配置

C:\beef\beef-master>ruby beef[16:06:09][*] Bind socket [imapeudora1] listening on [0.0.0.0:2000].[16:06:09][*] Browser Exploitation Framework (BeEF) 0.4.4.7-alpha[16:06:09]    |   Twit: @beefproject[16:06:09]    |   Site: http://beefproject.com[16:06:09]    |   Blog: http://blog.beefproject.com[16:06:09]    |_  Wiki: https://github.com/beefproject/beef/wiki[16:06:09][*] Project Creator: Wade Alcorn (@WadeAlcorn)[16:06:11][*] BeEF is loading. Wait a few seconds...[16:06:20][*] 10 extensions enabled.[16:06:20][*] 180 modules enabled.[16:06:20][*] 2 network interfaces were detected.[16:06:20][+] running on network interface: 192.168.0.102[16:06:20]    |   Hook URL: http://192.168.0.102:3000/hook.js[16:06:20]    |_  UI URL:   http://192.168.0.102:3000/ui/panel[16:06:20][+] running on network interface: 127.0.0.1[16:06:20]    |   Hook URL: http://127.0.0.1:3000/hook.js[16:06:20]    |_  UI URL:   http://127.0.0.1:3000/ui/panel[16:06:20][*] RESTful API key: 33c15454ae8fb24723c90311e064035b48f841d2[16:06:20][*] HTTP Proxy: http://127.0.0.1:6789[16:06:20][*] BeEF server started (press control+c to stop)

安装完成后，访问以下URL就可以看到登陆界面了，默认用户名密码beef beef

http://localhost:3000/ui/panel

基本功能与使用

官方提供了一个简单的例子

http://127.0.0.1:3000/demos/basic.html

里面这一句，导入了网站根目录下的hook.js,

<head><title>BeEF Basic Demo</title><script>var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '/hook.js" type="text/javascript"><\/script>';document.write(commandModuleStr);</script></head>

访问这个URL之后发现自己上线了。

Details

里面会给出上线主机的一些详细信息，其中包含cookie，支持插件，浏览器类型，系统版本等。

 Display information about the hooked browser after you've run some command modules.

Logs 

记载了上线主机的动作，仅限于lost focus   regained focus    online   offline这种。

Displays recent log entries related to this particular hooked browser.

Command

里面模块很多，很厉害的样子，其中模块是否可以使用参照这里

Each command module has a traffic light icon, which is used to indicate the following:

•  The command module works against the target and should be invisible to the user
•  The command module works against the target, but may be visible to the user
•  The command module is yet to be verified against this target
•  The command module does not work against this target

 XSSRays

不知道是做什么的，貌似鸡肋。

XssRays allows the user to check if links, forms and URI path of the page (where the browser is hooked) is vulnerable to XSS. To customize default settings of an XssRays scan, please use the XssRays tab.

Rider

可以使用被HOOK的BOWSER伪造请求。

The Rider tab allows you to submit arbitrary HTTP requests on behalf of the hooked browser. Each request sent by the Rider is recorded in the History panel. Click a history item to view the HTTP headers and HTML source of the HTTP response.