Have you ever wanted to do something with BeEF outside of the user interface? Maybe you don't have a GUI available on your pentest platform. Maybe you have a deep seated hatred of browsers that you are trying to turn into a love born of pure schadenfreude. Maybe you are just sentimental and could never give up lynx.
Well, wish no more! The new RESTful API for BeEF will let you use BeEF programmatically outside of the console. The API uses JSON for HTTP responses and HTTP POST requests that have a body. All you need is the pseudo-random token that is generated when BeEF starts. This will make sure that all the REST calls are authenticated.
So, now you can use simple scripts outside of the BeEF console to get information about hooked browsers, get logs and session information, or use command modules. For example, you can send a Metasploit module, or automate sending multiple scripts against hooked browsers for more complex attack scenarios. You can use the RESTful API to add your custom logic for a rule engine (in Ruby) that will analyze hooked browsers, then take automated action based on matching certain requirements/rules. You can even communicate with BeEF from IRB. Cool, huh?
We'll elaborate more on some fun ways to use this and other functionality in upcoming blog posts. For now, if you'd like to read more about the RESTful API, check out the Beef wiki.