Wednesday, June 8, 2016

Mapping your LAN from a web browser: Introducing the Network extension for BeEF

Today's blog post brought to you by Brendan Coles:

How many tabs do you have open in your browser right now? For how long have they been open - more than 10 minutes? Any one of them could have mapped your local networks and launched exploits against your outdated or misconfigured software.

From the BeEF laboratory comes a new extension for BeEF - the Network extension. Tying together many of the existing network discovery modules[1] to assist with mapping and exploiting hosts on a hooked browser's local area networks, this extension adds a RESTful interface and adds a pretty interface to the web UI for interacting with a zombie's local networks.

Network Map of BeEF attack. BeEF outside the firewall, hooked browser behind the firewall among multiple other hosts.
Network Map of BeEF attack