Monday, August 13, 2012

Happy Hooking! - BeEF autorun and Twitter notify

Today's post is contributed by Ryan Linn.

In previous posts, we’ve looked at both how to use BeEF in a real world pen test, as well as how to use the REST API to automate common tasks in BeEF. In this post, we’re going to take a look at how to use the REST API to auto-run multiple modules at one time, and set up Twitter notification.

Why would we want to do this? In the Real World series, we looked at number of modules that can be helpful when profiling browsers. But, what if we want to run them automatically so we don’t have to point and click for each new hooked zombie? By default, BeEF allows for a single module to be auto-run. But, we can auto-run a number of different modules, and even customize them for specific browsers using the REST API.

Now we can easily manage more zombies coming in at a time from a social engineering campaign. Also, we have ensured that we have maximized the information we can get from the browser regardless how long a browser is hooked!

Thursday, August 9, 2012

BeEF 0.4.3.7

We've been so busy in the last months that we haven't even had the time to write a blog post with the 0.4.3.6 changes :D

Anyway, here we are with a new tasty piece of BeEF, 0.4.3.7!

Here is the breakdown of the most important changes (without mentioning bugfixes, that are always there if you look at our GIT repo history):