Monday, January 26, 2015

Hooked-Browser Meshed-Networks with WebRTC (Kiwicon 2014) - Part 2

In Part 1, we introduced you to BeEF's WebRTC extension as a solution for avoiding tracking of post-exploitation communication back to our BeEF server. In this post, we'll talk more about how this can be used during penetration testing. This will include further information about the extension and usage details for the console and RESTful API.

Tuesday, January 6, 2015

Hooked-Browser Meshed-Networks with WebRTC (Kiwicon 2014) - Part 1

Hi All, @xntrik here from sunny Australia. I hope you’ve all had a good New Year's and are ready to kick browser hacking into high gear for 2015. I had a thought that inspired me, and I wanted to share it here.

What if, to avoid tracking our post-exploitation communication back to our BeEF server, we were able to hook a bunch of browsers within an organisation, and make them talk to each other, instead of talking to our BeEF server? Perhaps we could keep one as the data channel (controlling peer)?

The answer is WebRTC. I recently had an amazing opportunity to present this at Kiwicon 2014, and I was keen to get the code into BeEF. This blog post provides a brief summary of WebRTC and how it works. Since there's quite a bit of ground to cover, this will be the first of a two part series.