Browser Exploitation Framework is a framework that that can actively run scripts on the victims browser. It works till when the target is visiting your particular page in his web browser.
Following are the steps:-
step1. Create a bootable backtrack pendrive. (refer)
Step2. After you have started the GUI. Click on applications–>backtrack–>exploitation
tools–> social engineering –> beef–>beef
This would successfully start beef on your system.
step3.You also need to start an apache server on your system so that a victim can visit the
webpage. For starting apache click on applications–>backtrack–>services–>HTTPD–>apache
start
Step4.After the server has started visit the following link:
http://127.0.0.1/beef
step5. Next click on
apply configuration(you might need to enable scripts on your browser)–>finished
step6. Now send the following link to the victims:-
http://127.0.0.1/beef/hook/example.php
(replace 127.0.0.1 with your public IP if doing exploitation remotely and private if on your
subnet. If you want to test on your PC do not change)
Step7. You should not see a list of zombies in the left sidebar this is the list of PC’s who
are on that page and hence being exploited.
step8. Now click on standard modules –>
alert dialogues
Write down an alert text in the textbox and click send now. The alert is seen on the victim’s
browser screen.
Step9. You may also try
clipboard theft
prompt dialogue
and other modules.
Step10. For modules like clipboard theft and prompt dialogue where you will recieve data. You
can see the data in the right sidebar or you may click on view –> raw data.