How to use Browser Exploitation Framework?


Browser Exploitation Framework is a framework that that can actively run scripts on the victims browser. It works till when the target is visiting your particular page in his web browser.

Following are the steps:-

step1. Create a bootable backtrack pendrive. (refer)

Step2. After you have started the GUI. Click on applications–>backtrack–>exploitation

tools–> social engineering –> beef–>beef
This would successfully start beef on your system.

step3.You also need to start an apache server on your system so that a victim can visit the

webpage. For starting apache click on applications–>backtrack–>services–>HTTPD–>apache


Step4.After the server has started visit the following link:

step5. Next click on
apply configuration(you might need to enable scripts on your browser)–>finished

step6. Now send the following link to the victims:-
(replace with your public IP if doing exploitation remotely and private if on your

subnet. If you want to test on your PC do not change)

Step7. You should not see a list of zombies in the left sidebar this is the list of PC’s who

are on that page and hence being exploited.

step8. Now click on standard modules –>
alert dialogues
Write down an alert text in the textbox and click send now. The alert is seen on the victim’s

browser screen.
Step9. You may also try
clipboard theft
prompt dialogue
and other modules.

Step10. For modules like clipboard theft and prompt dialogue where you will recieve data. You

can see the data in the right sidebar or you may click on view –> raw data.


Please enter your comment!
Please enter your name here