Saturday, March 31, 2012

RESTful API Demo

We promised you some goodies related to the RESTful API, and we're here to deliver! In this post, you'll see some practical ruby script to manipulate hooked assets. This should cover most of the basics of the API, but keep an eye out for some more advanced demos including Metasploit in the future.

Let's assume for a moment, you've already got your phish on the line. (There are so many ways to get them hooked, it didn't seem like we needed to talk about that in this article. But we'll definitely cover it. Wait and see!) We want to see how successful our phishing expedition has been, pull information about our zombies, and then play with them a bit to see what else we can get.

Tuesday, March 27, 2012

RESTful API from antisnatchor, with love

Have you ever wanted to do something with BeEF outside of the user interface? Maybe you don't have a GUI available on your pentest platform. Maybe you have a deep seated hatred of browsers that you are trying to turn into a love born of pure schadenfreude. Maybe you are just sentimental and could never give up lynx.

Well, wish no more! The new RESTful API for BeEF will let you use BeEF programmatically outside of the console. The API uses JSON for HTTP responses and HTTP POST requests that have a body. All you need is the pseudo-random token that is generated when BeEF starts. This will make sure that all the REST calls are authenticated.

So, now you can use simple scripts outside of the BeEF console to get information about hooked browsers, get logs and session information, or use command modules. For example, you can send a Metasploit module, or automate sending multiple scripts against hooked browsers for more complex attack scenarios. You can use the RESTful API to add your custom logic for a rule engine (in Ruby) that will analyze hooked browsers, then take automated action based on matching certain requirements/rules. You can even communicate with BeEF from IRB. Cool, huh?

We'll elaborate more on some fun ways to use this and other functionality in upcoming blog posts. For now, if you'd like to read more about the RESTful API, check out the Beef wiki.

Thursday, March 22, 2012

Welcome to the BeEF Blog!

Here at the BeEF Project, we've been working on a lot of things we're pretty stoked about. We've set up this blog as a platform for letting the world share our excitement and interact with us outside of the source repository.

In the coming days, we'll be posting more about what we've been up to and share our insights about where things are going. Keep an eye out for blog posts containing demos of new features, updates on project milestones, and maybe even some commentary about where BeEF fits in with current issues in Information Security.

We hope you are as excited as we are. We're looking forward to getting the word out.