Hire writer

Browser Exploitation Using BeEF Framework

Pages: 2 (936 words)

Views: 2075

Grade: 5

Download

Abstract—The internet is the most widely used tool of thepresent century. And to access it, the most used tool is a webbrowser. It is true that all browsers are not created equal andsome browsers are more insecure than others. So, It is necessaryto have a knowledge on the browser architecture,threats and itsvulnerabilities. This paper discusses about how a browser can bea risk,and how to overcome that risk. Furthermore, the paperpractically illustrates the step by step procedure to exploit abrowser using Browser Exploitation Framework(BeEF) and alsocompares how BeEF Framework works on different Browsers.

Do not use plagiarized sources. Get your custom paper at "Browser Exploitation Using BeEF Framework" Get custom paper

NEW! Smart match with writer

Review of Related Work

From the previous studies, almost 45 percentage of peoplebrowsing the Web are not using the most secure versionof their web browser. Same as software, A web browserwith no proper security patches are vulnerable to attack orexploit. Even a fully patched web browser can sometimes bevulnerable to attack if the browser add-ons aren’t patched. The add-ons don’t update automatically along with thebrowser. BeEF is the short form for Browser Exploitation Frameworkwhich is a penetration testing tool that focuses on theweb browser. BeEF Framework is the only tool which isexclusively used to exploit web browser. With the growingconcerns about web attacks against users, not excludingmobile users, BeEF allows the professional penetration testerto assess the actual security of a target environment by usingclient-side attack vectors. Not like other security frameworks,BeEF Framework look in to the hardened network perimeterand user system, and examines how to exploit the webbrowser. BeEF can hook one or many number of webbrowsers and use them as leads for launching a web browserattack which finally results in browser exploitation.

Project Objective

The following are few of many practices a user mustenforce to avoid unwanted browser risk.

  • Keep your browser(s) updated and patched.
  • Keep your operating system updated and patched.
  • Use anti-virus and antispyware software, and keep themupdated.
  • Keep your applications, such as multi-media programs usedfor viewing videos, updated and patched, particularly if theywork with your browser.
  • Make sure your computer’s firewall is on.
  • Block pop-up windows, some of which may be maliciousand hide attacks. This may block malicious software frombeing downloaded to your computer.
  • Tighten the security settings on your browsers.
  • Consider disabling JavaScript, Java, and ActiveX controls. It is important to note that number of these tips maylimit the users from access few of the browser’s content. For example, JavaScript is used to control web pages on theclient side of the browser, server-side programs, and evenmobile applications. If you need to use JavaScript, set yourbrowser to prompt you before running scripts. Lower yoursecurity settings temporarily to have proper access, and thenreset them.

Description and Methodology of the Proposed Project

A. Description

BeEF is used to exploit a cross site scripting (XSS) flaw ina Web Browser or Web Application. The XSS flaw allows anintruder to inject BeEF project Jscript into the vulnerable webpage. In BeEF terminology, the browser that has visited thevulnerable page is “hooked or hacked”. This injected code inthe “hooked or hacked” browser then responds to commandsfrom the BeEF server. The BeEF server is a Ruby on Railsapplication that communicates with the “hooked browser”through a web-based user interface. BeEF comes with the KaliLinux.

B. Methodology

The following experiment illustrates steps that we havefollowed to show how to execute a successful web browserattack using BeEF and how important it is to have an updated. Hooking a Browser: The key to success with BeEF isto ”hook” a browser. This basically means that we need thevictim to visit a vulnerable web app or webpage. This injectedcode in the ”hooked” browser then responds to commandsfrom the BeEF server. From there, we can do a number ofmalicious things on the victim’s computer. Once the target is presented with the Web Page there browserwill be hooked and appear in the Hook Browsers section ofthe BeEF Web GUI. Now, that we have hooked the victim’s browser, we canuse numerous built-in commands that can executed from thevictim’s browser. Below are just a few examples; there aremany others. -Get Visited Domains-Get Visited URLs-Webcam-Get All Cookies-Grab Google Contacts-Screenshotwhen this command is executed, an Adobe Flash dialogbox will pop up on the screen of the user asking, ”AllowWebcam? ” If they click ”Allow,” it will begin to return picturesfrom the victim’s machine to you.

Resources

The resources which are needed to succesfully completethe project are the following- Virtual Workplace either VMWare or Virtual Box of Recentversion having both Kali Linux and Windows operatingsystems in it. Kali acts as the attacker or Intruder whereas,Windows acts as the user or client. - Enough Knowledge on HTML and CSS to create a Fakewebpage for running Phishing attack on the user. - Download and Install BeEF Framework which is used tohook and Exploit the Browser.

Contribution to the Knowledge

In this article, it is proposed that after several successfulattempts to steal credit card information or bankingpasswords, many companies are trying to step towardscloud-based browsers, a Java-free browser. A cloud-basedbrowser store no data from each session and prevent anymalware from networking with the user’s computer. One suchproduct is Authentic8’s Silo. A separate browser that executesonly after entering a password. It then executes on the cloudand calls up a list of links the user has previously entered,and can store passwords for those sites.

All code executes ontheir remote servers, providing security against malware andprivacy against tracking. we now know how threating it is for everyone to surfthe web without using proper security practices. From theexperiment, we have learned that web browser attack is abroad topic. Malicious users can execute all sort of attacksfrom XSS to Buffer Overflow if the user is not updating hissystem regularly. BeEF is a simple penetration-testing toolthat can be used by anyone to test some attacks or hacksomeone’s system, so it is necessary for everyone to keep upwith the updates and patches.

29 April 2020

Found a great essay sample but want a unique one?

Request writing assistance from a top writer in the field! Get your paper
Get to Know The Price Estimate For Your Paper
Topic
Number of pages
Email Invalid email
Write My Paper

You won’t be charged yet!

Related Topics

Internet Essays

Bitcoin Essays

Net Neutrality Essays

Internet Essays

Negative Impact of Technology Essays

Related Essays

The Use Of Internet For Entertainment Essay
3 Pages | 1274 Words
Censorship Algorithms Essay
1 Page | 566 Words
Negative Side Of The Internet: The Reasons Of Cyber Violence Essay
3 Pages | 1453 Words
Discussion On Whether Global Use Of Internet Threaten Individual Security Essay
3 Pages | 1539 Words
Misinformation On Internet Platforms An The Importance Of News Literacy Essay
2 Pages | 1001 Words
The Importance Of Skills And Professionalism In Cyber Security Essay
4 Pages | 1659 Words
The Importance Of Cybersecurity In Today’S World Essay
2 Pages | 715 Words
An Organization External Threats And Preventive Measures Essay
2 Pages | 920 Words
close
Sorry,

We are glad that you like it, but you cannot copy from our website. Just insert your email and this sample will be sent to you.

Your Email

By clicking “Send”, you agree to our Terms of service and  Privacy statement. We will occasionally send you account related emails.

close thanks-icon
Thanks!

Your essay sample has been sent.

In fact, there is a way to get an original essay! Turn to our writers and order a plagiarism-free paper.

Order now
exit-popup-close
exit-popup-image
Still can’t find what you need?

Order custom paper and save your time
for priority classes!

Order paper now