Tuesday, June 24, 2014

Kali (formerly Backtrack) Linux & BeEF

Today's post is contributed by Ben Waugh (@bw_z).

BeEF is preinstalled on Kali linux distributions, allowing you to quickly use BeEF as part of your security testing toolkit.

 Running BeEF in Kali

Kali packages BeEF within the beef-xss service which can either be started from the command line, or the pre-populated menu item under Kali-Linux > Exploitation Tools > BeEF-XSS Framework. We don't recommend starting BeEF directly in Kali (using ruby beef) as this will not load BeEF with the required prerequisites.
You can start BeEF from the command line with; service beef-xss start

Stopping BeEF in Kali

Unfortunately, as the Kali GUI doesn't present the user with the ability to stop BeEF easily you have to stop the service manually by running: service beef-xss stop

Keeping Up to Date

To eliminate known issues and bugs, it's important to keep Kali and BeEF packages up to date. You can update both through the package manger by running apt-get update; apt-get upgrade

Known Issues

There are a small number of known issues running BeEF under the Kali distribution.

The most frequently encountered issue occurs when Kali loads the BeEF Admin GUI in your web browser when you start BeEF. We have found that the Firefox page often loads before BeEF has finished starting resulting in a 'server not found' error. You should be able to reload the page after a few moments to resolve the issue.


Also, we are currently aware of issues with some dependancies and ARM architectures. This has now been fixed, you can update to a working version by running apt-get update; apt-get upgrade 

Have any issues with Kali BeEF or suggestions? Please let us know on Twitter at @beefproject or on github!

11 comments:

  1. Thank you for the post as I have just discovered BeEF. I just wanted to clarify the following with Kali:

    service beef-xss start == good
    menu_path --> beef == good

    /usr/share/beef-xss# ./beef == not good?

    If this is true I have a couple of questions.

    1. How can I clear out the BeEF database? Usually done with beef -x
    2. How can I drop into a command shell vice GUI? (Actually when I enable the shell in the config file it breaks the gui)

    Any pointers are appreciated.

    ReplyDelete
  2. The integration with metasploit is not working properly. I can see all the exploits under metasploit menu on Kali web interface but when I run an exploit I cannot see any job in msfconsole.

    ReplyDelete
    Replies
    1. Do you have solution for this problem. I'm still having it July 2015. Seems to be related to the version of ruby. Kali ships eith ruby-1.9.3. The current ruby is ruby-2.2.2.

      Delete
    2. Actually not. I just use metaploit modules manually and forgot the integration.

      Delete
  3. Visit for great iOS android source code . you can also sell your app templates or code here "
    mobile app development and keep working on freedom251

    ReplyDelete
  4. Beef intergration with Kali not working. API fire error. As you saying using beef /usr/share/beef-xss# ./beef == not good?

    ReplyDelete
  5. Great Information sharing .. I am very happy to read this article .. thanks for giving us go through info.Fantastic nice. I appreciate this post.custom clothing

    ReplyDelete
  6. You have posted a extremely detail document. I go through all of your article and I actually really like it, I understand your point of view.
    * Boy names starting with T

    ReplyDelete

  7. Thanks for such interesting and terrific post.
    Really useful and helpful information. I’ve twitted your blog.Virtual Edge

    ReplyDelete
  8. Hellos craze for acting started in lofty college, during by happen he walked by the tragedy Costa Calida group also saw the undergraduates acting love poultrys.

    ReplyDelete
  9. I blog frequently and I really thank Murcia you for your information. The article bee removal in tucson az has truly peaked my interest. I will book mark your blog and keep checking for new information about once per week. I opted in for your RSS feed too

    ReplyDelete