Hijacking a user's browser with beef

BeEF（ The Browser Exploitation Framework） By Wade Alcorn( Wade · Alcon ) stay 2006 Started in , It is still under maintenance . By ruby Language development framework for browser attacks .

The process of execution , Like this malicious pop-up ：

zombie（ Corpse ） The victim browser .zombie Be being hook（ Hook up ） Of , If the browser accesses a tick （ from js To write ） The page of , Will be hook, The linked browser will execute the initial code and return some information , next zombie Every once in a while Time （ The default is 1 second ） Will go to BeEF Server sends a request , Ask if there is new code to execute .BeEF The server itself It's like a Web application , Divided into front end UI, Back end . The front end will poll the back end for new data to be updated , At the same time, the front end can also send instructions to the back end , BeEF Holders can log in through a browser BeEF Back office management UI.

Click application launch beef , If not, input at the terminal beef-xss install