Browser exploitation is a crucial component of penetration testing today. With so many attacks originating from compromised web browsers assessing a client’s true security posture means looking past just hardening the network. This is where BeEF comes in.
BeEF, short for The Browser Exploitation Framework, helps you hook victim browsers and launch attacks via the client side But traditionally, BeEF is limited to LAN connections By learning how to deploy BeEF over a WAN, you gain the ability to browser pivot across the internet.
In this guide, I’ll teach you how to set up and use BeEF framework over a WAN. With just a cloud server provider like DigitalOcean, you can start browser hacking remotely in no time. Let’s get started!
BeEF is an open source browser exploitation framework built on Ruby It leverages cross-site scripting to hook one or more web browsers as beachheads.
Once hooked, you can use the browser as a pivot point to further attack the system and exfiltrate data. Commands and modules are sent through the established beachhead connection.
Key features of BeEF include:
- Cross-platform browser support including Chrome, Firefox, IE, etc.
- Over 200 browser exploitation modules and hooks.
- Real-time browser manipulation and attack visualization.
- Bi-directional communication with hooked browsers.
- Extensible through a RESTful API.
Traditionally, BeEF is limited to attacks on the LAN as browsers connect to the BeEF server via the internal network. But with a cloud server, you can now browser pivot across WANs as well.
Setting Up Your Cloud Server for BeEF
To deploy BeEF across WANs, you need an internet-facing server to host the framework. Any VPS or cloud provider like DigitalOcean, AWS, or Linode will work.
I prefer DigitalOcean – their $100 free credit for new users lets you test BeEF at no cost. Plus, their straight-forward UI makes setup easy.
Creating Your Cloud Server
Follow these steps to create your BeEF server on DigitalOcean:
-
Sign up for a DigitalOcean account and confirm your email.
-
Once logged in, click Create > Droplets to add a new server.
-
Choose an Ubuntu 18.04 image and regular Intel/AMD plan.
-
Select the $100/mo option to leverage the free credit.
-
Give your server a name and click Create Droplet.
Within one minute your new Ubuntu cloud server will be ready to go!
Configuring the Server Security
A few quick security tweaks will help lock down your freshly spun up cloud server:
-
Update packages –
apt update && apt upgrade
-
Create a new user –
adduser beefuser
-
Grant sudo privileges –
usermod -aG sudo beefuser
-
Disable root login –
sudo nano /etc/ssh/sshd_config
(setPermitRootLogin no
) -
Restart SSH –
sudo service ssh restart
With those basics done, your server is ready for BeEF installation. Just be sure to use your new beefuser
account, not root.
Installing and Setting Up BeEF
BeEF isn’t included in Ubuntu’s main repositories. But the BeEF devs maintain a dedicated PPA that makes installing a breeze. Here’s how:
-
Install prerequisite packages –
sudo apt install git ruby ruby-dev
-
Add the BeEF PPA –
sudo apt-add-repository ppa:beefproject/beef
-
Update repos and install BeEF –
sudo apt update && sudo apt install beef-xss
-
Start BeEF –
sudo beef-xss
The BeEF console should now be running on your server at http://your_server_ip:3000/ui/panel.
Hardening BeEF Security
A few quick tweaks will tighten up BeEF’s security posture:
-
Disable authentication – Set
beef.credentials.enable
to false. -
Disable registration – Change
beef.registration.enable
to false. -
Restrict UI access – Update Allowed Networks to limit console access.
That’s the basic BeEF server setup complete. Now we need to make it accessible across WANs.
Exposing BeEF Through a Reverse Proxy
BeEF binds to localhost by default – not ideal for external access. We can expose BeEF using a reverse proxy like Nginx.
Installing and Configuring Nginx
Here are the steps to install and set up Nginx:
-
Install Nginx –
sudo apt install nginx
-
Adjust the firewall –
sudo ufw allow 'Nginx Full'
-
Back up the default config –
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak
-
Open the config file –
sudo nano /etc/nginx/sites-available/default
-
Replace the contents with:
server { listen 80; location / { proxy_pass http://127.0.0.1:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; }}
This config proxies traffic from port 80 to the BeEF UI on 3000.
-
Save and exit the file then test the syntax –
sudo nginx -t
-
Restart Nginx if no errors –
sudo systemctl restart nginx
Now when you visit your server’s public IP, you should see the BeEF login page!
Hooking Browsers Over WAN with BeEF
With your BeEF server exposed on the public internet, you can start hooking browsers remotely. There are two main approaches:
Using Social Engineering
For social engineering attacks, you can point targets to a hooked URL:
-
Set up a malicious site with XSS – can be hosted on the BeEF server.
-
Generate a one-time BeEF hook URL –
/ui/console/hook.js
. -
Send targets the URL through phishing, etc. When visited, their browser will connect to BeEF.
-
Accept new hooked browsers in the BeEF console.
Exploiting XSS Vulnerabilities
If you find a target vulnerable to XSS, directly inject a BeEF hook:
-
Generate a fresh browser hook URL.
-
Inject the hook using XSS payload of your choice.
-
Wait for their browser to appear under Hooked Browsers in BeEF.
-
Select the browser and start executing modules!
The BeEF console offers full interaction with hooked browsers no matter where they are. You can fingerprint browsers, use webcams, steal cookies, and much more.
Common Mistakes and Tips
When deploying BeEF across WANs, watch out for a few key mistakes:
-
Exposing the BeEF UI directly can lead to access by others. Use a reverse proxy like Nginx to prevent this.
-
Leaving default creds and registration enabled is a security risk – disable both.
-
Not restricting UI access via Allowed Networks means anyone can attack your server.
-
Always test your Nginx config for syntax errors before restarting the service.
-
Use ephemeral cloud servers and frequently destroy then recreate them for added privacy.
-
Avoid hosting malicious payload sites directly on your BeEF server when possible.
-
Double check all hooked URLs before sending them out for campaigns.
With these tips, you’ll avoid headaches and have BeEF hacking smoothly in no time!
Wrapping Up
Learning how to deploy BeEF over WAN unlocks new pivoting opportunities through browser exploitation. With a cloud-hosted BeEF server, you can start browser hacking remotely right away.
The framework offers a robust toolset for client side penetration testing. Just be sure to tune the configuration carefully and avoid exposing the UI.
Next time you’re assessing a client’s security posture, give BeEF a try for revealing in-depth client side weaknesses. Browser exploitation is often a blindspot that goes beyond hardening just the network perimeter.
How to use BeEF Framework over WAN
FAQ
What is my BeEF username and password?
What is BeEF XSS?
What is the BeEF tool in Linux?
Which of the following ports is used by the Browser Exploitation Framework?