-
Notifications
You must be signed in to change notification settings - Fork 2.2k
Information Gathering
Nbblrr edited this page Dec 20, 2012
·
23 revisions
Now, you have BeEF installed and launched, you have hooked your first browser. What's the next step ?
The first step is often to gather information on the remote host : which browser and plugins, which website hooked...
When a browser is hooked, BeEF automatically gather several pieces of information on the hooked browser :
- Browser name and version
- Browser User Agent
- Plugins (including Java, ActiveX, VBS, Flash...)
- Windows size
Default information on the hooked browser gathered by BeEF :
You can then use different plugins to gather more detailed information on the browsers :
- The module Browser Fingerprinting uses custom url to identify the browser. It can be usefull if the user has changed its user agent.
- You can complete the list of plugins with the modules Detect Firebug, Detect popup blocker, Detect Google Desktop, Detect unsafe ActiveX...
Result of the browser fingerprinting module :
By using several modules, you can also gather information on the system of the hooked browser :
- Internet Explorer has permissive restrictions allowing to detect softwares installed (module Detect Softwares) and even registry keys (caution, in this case the user will be prompted with an authorization message).
- If the browsers authorize Java, the module Get Internal IP allows to detect the IP address of the system (funnier tricks with the network will be described later)
- The module Get System Info uses also a Java Applet to gather detailed information on the system : operating system details, Java JVM details, IP addresses, amount of memory...
- It is also possible to retrieve the location of the user whether by using the geolocation API or by using a trick requesting Google maps.
- The default javscript API allows of course, to get the data stored in the clipboard.
Result of Get System Info module :
The hooked browser also allows to discover several information on the behaviour of the user :
- By using javascript tricks, it is possible to detect if the browser has already visited a given URL or a given domain.
- Two modules can be used to know if the user is logged on social networks, and if the user uses TOR.
- Configuration
- Interface
- Information Gathering
- Social Engineering
- Network Discovery
- Metasploit
- Tunneling
- XSS Rays
- Persistence
- Creating a Module
- Geolocation
- Using-BeEF-With-NGROK