Thursday, August 9, 2012

BeEF 0.4.3.7

We've been so busy in the last months that we haven't even had the time to write a blog post with the 0.4.3.6 changes :D

Anyway, here we are with a new tasty piece of BeEF, 0.4.3.7!

Here is the breakdown of the most important changes (without mentioning bugfixes, that are always there if you look at our GIT repo history):


  • Twitter and E-mail notifications (thanks @marcwickenden): we have a new extension where you can configure an SMTP server or Twitter account in order to receive automatic notifications as soon as a new browser is hooked in BeEF;
  • HTTPS support (thanks to one of our long-term developers, Christian @xntrik Frichot): you can now start BeEF with full HTTPS support. You should use this when you want to target HTTPS applications, especially if the user is using latest Chrome/Firefox browsers: they do security checks for mixed content and prevent the hook to work in case you use HTTP;
  • new Chrome extension module (thanks Mike Haworth): now you can have screenshots of the current tab the user is in;
  • Gmail phishing and Flash Webcam modules (thanks floyd.ch): using the first module you can logout a user from Gmail, create a fake Gmail login page, then steal the the Google account credentials. With the second module, if the user clicks "Allow Webcam" from the popup created by Flash, you can get photos from his webcam at a defined time interval you can specify; 
  • Nat_pinning module (thanks Bart Leppens): you probably remember Samy's research on the topic. Well, we added this nice attack to BeEF, so you can have fun with it. 
  • The GlassFish exploit has been enhanced (again, thanks Bart), and we also added GlassFish fingerprinting to our internal network fingerprinting module.
  • Brendan @_bcoles Coles, as always, did a great job adding new modules and porting various attacks to BeEF: Spring exploit for CVE-2010-1622, lots of XSRF and some RCE modules for various embedded devices like routers and cameras (D-Link dir-615, Linksys wcv series, Cisco E2400, 3Com OfficeConnect ADSL Wireless 11g, Asmax AR-804gu). Other than that, he also added enhanced fingerprinting for various mobile devices, and the balloon dialogs for the admin web-gui. Let us know via @beefproject if you want more/different stuff in this dialog.
  • Michele @antisnatchor Orru, except from bugfixes, added the confirm_close_tab module, in order to achieve better hook persistence and annoy the user (basically the user is asked  for confirmation - in a loop - when he's closing the hooked tab). Another bunch of changes he worked on were about the AssetHandler (you can now bind/unbind raw sockets in BeEF, useful for example in the nat_pinning module to bind a socket on port 6667), the RESTful API (added a /api/modules/multi endpoint that you can now use to launch multiple modules at once to a single target) and the admin web-gui (added a JSON endpoint that enables you to call the RESTful API from ExtJS)
These 2 months were fun as always. If you want to get involved with out project, just let us know. We have tons of features to implement and we need man-power :D

Last thing to mention is the nice BlackHat 2012 presentation about BeEF in MiTM scenarios, from Steve Ocepek and Ryan Lynn (for those of you who don't remember him, Ryan developed the Metasploit integration we currently have in BeEF). Have a look at what awesome stuff they did here. For those of you who were not already using Ettercap + BeEF, you should definitely have a look at their work. Even if you used Ettercap before, they wrote a bunch of nice MiTM Ruby scripts using PacketFu that automate the whole process.

3 comments:

  1. I configured all the necessery credientials for beef notification in config.yaml (auth token, ...) but when i launched beef i couldn't go through the authentication process in the admin panel using default username/password (beef/beef), i disabled the notification once again and everything got back to normal.

    is there anaything else to configure to resolve that issue?

    ReplyDelete
  2. Log Message:
    -----------
    Fixed Twitter client to not cause errors on failed tweets allowing logins etc to continue

    Sorry about that.

    ReplyDelete
  3. (we haven't looked at e-mail yet)

    ReplyDelete