Learn how to install and Configure BeEF On Ubuntu 20.04 LTS. BeEF, the Browser Exploitation Framework is a powerful penetration testing tool that focuses on the web browser. To use this tool, buy your own Linux VPS and enjoy VPS Hosting with Bitcoin and Instant Setup in Eldernode. The main effect of this utility is when it allows a professional penetration tester access to the actual security posture of a target environment by using client-side attack vectors.
Table of Contents
Tutorial Configure BeEF On Ubuntu 20.04 LTS
Join with this article to see the way of BeEF configuration. It is possible to customize the settings.
What Are The BeEF Extensions and Features:
- Web UI
- Console UI
- Metasploit Integration
- XSSRays
- Modular structure
- BeEF JavaScript Object
- Support for CSRF
- Steal session information
What Are The BeEF Module Features?
The BeEF program connects one or more web browsers to the program to launch direct command modules. Each browser is likely to be on a different security platform, and each context may offer a unique set of attack vectors. This framework allows the penetration tester to select specific modules (in real-time). Here are some of its Module Features:
- 1- Interprocess communications and exploitation
- 2- History gathering and intelligence
- 3- Network recon
- 4- Host information gathering
- 5- Browser plugin detection
- 6- Persistence
- 7- Exploit
How to Install and Configure BeEF On Ubuntu 20.04
Since BeEF is installed By default in Kali distribution, it has settings that will work properly for you without any case. The Beef program is ready to use by default on Kali Linux and BackTrack.
But if for any particular reason you want to change the BeEF configuration settings, first, change credentials for the Web UI. Old default credentials:
credentials: username=beef passwd=beefIn case you do not change the password, a new random password would be generated by BeEF and you can view this in the terminal when you start the framework.
BeEF is located in the /usr/share/beef-xss/ directory and it is not integrated with the Metasploit framework. Have a look at the following steps to integrate BeEF.
Step 1: To be able to read the following, you need to edit the main configuration file located at /usr/share/beef-xss/config.yaml
metasploit: enable:trueStep 2: Next, you need to edit the lines of the host, callback_host, and os ‘custom’, path to include your IP address and the location for the Metasploit framework. Also, edit the file located at /usr/share/beef-xss/extensions/metasploit/config.yml
Step 3: And finally it is time to start sfconsole, and load the msgrpc module
How To Solve ERROR: invalid username or password
By default, log in and passwords are beef/beef, but once you faced the message of ERROR: invalid username or password, it means that credentials may not work. So, you can edit the /opt/beef/config.yaml configuration file to change the password.
How To Update BeEF
While you are using BeEF from the Github repository, you can update it easily by running the following commands:
cd beefgit pullvim Gemfile
Conclusion
In this article, you learned How To Configure BeEF On Ubuntu 20.04 LTS. Use this powerful tool to test your system security and prevent cyberattacks. In case you are interested to learn more, read our article on How to install Armitage on Debian 10.
Thank you. How should we connect to the browser which is running the script?
First, you need to check if you are log in to the BeEF user interface or not.
The URL may have been given to you while starting, it could be as below:
http:// 127.0.0.1:3000/ui/panel
Does BeEF install ruby by default? I faced an issue with xmlrpc client.
Yes it is. To solve this problem BeEF should know that it needs this Gem. The modified file is:
rm Gemfile.lock
And also you can remove the lock file, run the following command and press Y to remove it.
sudo nano Gemfile
How to start using BeEF?
Follow the below path to use BeEF:
Go to the directory > Run the BeEF > Open a browser to open the link > Modify the configuration file to change the host IP to the IP of your physical machine
How can BeEF be harmful?
While you are using BeEF in Linux environment it is not harmful. But using in windows based Linux emulator needs to uninstall the antivirus that cause to be harmfull.
Is the version of 2.5 necessary? My system does not support it.
Yes it supports ruby 2.5 or higher, but to fix your issue, you can add the bright box PPA repository to get the latest version of Ruby by running the command below:
sudo apt-add-repository -y ppa:brightbox/ruby-ng