Hello hackers ,
Till now we have discussed many concepts which can save ourselves from the Black Hat Hackers but Do you all know that somebody could also hack in to our browser through Browser Hijacking ? Now Let us understand the concept of Browser Hijacking.In simple words we can say it is changing the settings of the web browser.
Hijacking means making modifications without the permission’s of authentic user.In Browser Hijacking we can replace any of the page with our own page.Today we will perform Browser Hijacking with the help of “Browser Exploitation Framework” or BeEF.It is the tool which you will find by default in Kali Linux.
BeEF is a framework which you guys will find very similar to Metasploit but the only difference between the two is that the BeEF can only be used for Browser Hijacking.It is a tool which is very versatile and can be used to launch several other attacks too.
Wade Alcorn and some other developers developed the BeEF framework in order to explore the vulnerability in the web browser. It is developed on Ruby on Rails .It is also a excellent framework for testing other injection attacks.
In Kali Linux it can be initiated as a service and then it can be accessed via web browser. Switch on Kali and Go to :-
Applications >>Kali Linux >>System Services >> BeEF >> beef start.
Now we will access the BeEF via our web browser on the local host 127.0.0.1 at port 3000.We need to go to the below web address to access the authentication page :-
“beef” is the default username and password.
Now we are on the logged in page and are ready to to start the process of browser hijacking .
Now we have reached the local browser and on the left you can see 127.0.0.1 . While on the right Getting started is being displayed.
Now you have to click on the local browser and more choices will be opened to the right , details of all the browser will be available to the right.I am using the Iceweasel browser in Kali , on the right it is showing the Firefox which is correct as Iceweasel is a part of Firefox network.
It is also displaying other information like the version the Linux , platform, components of OS , etc that can be used later on for hacking web applications.
Now we need to “Hook” the specific browser.Let me help you understand that what is meant by “Browser Hooking ” , It is the prime step followed in the Browser Hijacking because we want our victim to visit a malicious page.Then the hooked browser will make the reverse connection to the server of BeEF and we would take the full control over the victim’s computer.
In the below screenshot , Internet Explorer has been hooked in the Wi-Fi network. IP is 192.168.89.191.
Till now we have successfully hooked the browser of the victim and what we will do next is executing the commands in the victim’s browser.There are so many commands available but the most used are :-
The below screenshot shows that I selected the webcam command for execution in the victim’s desktop.Most of the People are interested in this command .When the command is executed a pop up will appear on the screen “Allow Webcam ?” .Now if I click on “yes” then all the pictures from the webcam will be sent to the attacker.
Now this is the stage which purely depends on the imagination of the attacker.You have to think the weak points which might lure the victim and he would be forced to click that button.Frame the button like “You won a cash prize of so and so amount ” and click to grab the amount.These type of messages might force the victim to click.
Once we are done with browser hijacking then there are million possibilities of stealing information.Now if we want the Cookies of the browser then we have to click “Chrome Extensions” and then move to “Get all Cookies” .
Now we have to click on “Execute” button that is present on the bottom right side of the screen.Once we have the cookies of the victim’s browser then we can gain access to all the websites the victim has browsed.
This completes the Guide to the most powerful and extraordinary tool in Kali Linux.This is not only the tool for browser attacks but also for OS attacks.
If you like the guide then do share it among your friends and if you have any queries then comment us below.
CEO and Founder at Mighty Shouts.
*Enter your best email, we'll send this case study directly to email.
** Don't worry. We never spam or share your information with anybody.