Friday, July 5, 2013

A funny issue on BeEF keylogger spotted by Mario

Mario Heiderich, a good friend of mine, spotted a cool issue with the BeEF keylogger. He went “Armin Meiwes” on our favourite open source bovine. He found XSS in BeEF using <svg/onload=blah>. Well-done!

The BeEF team encourages security researchers to help out wherever possible. As such, we are announcing a BeEF bug bounty program. Each bug will receive a kilogram of Minotaur rump (depending upon supply ;-). Contact us if you would like to help out. We want to hear from you!

We're publishing the writeup about the bug Mario found and we're addressing how we fixed it in today's blog post.

To demonstrate, enter the data into the demo hook demo page:
XSS Screenshot
And the final result was:

Returned data
I've added the ability to do context-aware output escaping of data coming from the hooked browser to the BeEF web admin UI jQuery-encoder. It's an awesome and very easy-to-use JavaScript library.

If you search in the BeEF JavaScript code, you can spot multiple instances of $jEncoder.encoder.encodeForHTML(your_untrusted_output). In this case, the issue is that the data coming from the BeEF keylogger was first mangled by this.formatTitle, and then the output was escaped.

Have a look at the patch (lines 57 to 59):

XSS Patch source
Regarding exploitability, I would imagine the following attack:
  • An attacker prepares a website vulnerable to XSS, ready to be exploited with the BeEF hook.
  • The website also includes a piece of JavaScript that monitors the window object for a new global variable called BeEF.
  • When the BeEF variable is found, it's sufficient to use the functionality available in our logger.js (/beef/core/main/client/logger.js) to issue an XHR back to the /event handler, with properly formatted data including the XSS vector. 
This bug was fixed within 3 hours of notification. Update and cover your BeEF!



  1. I like your post about "A funny issue on BeEF keylogger spotted by Mario" very nice post. It is very help full.I do appreciate about this post & this blog ... :)
    vulnerability assessment
    penetration testing

  2. funny indeed, thanks for this post, but i usually use this keylogger.

  3. Keylogger
    The best keylogger for Windows 10 (32bit and 64bit)

  4. Thank you for this interesting post! I want to tell you about this spy app for android I didn't expect it is something unusual. But when I downloaded it, I saw it has so many interesting functions. I haven't seen keylogger better than this one.

  5. Have you ever checked out some of these spy applications, I mean spyera and others

  6. Downloading this spy app can help you go through all the stuff your husband does on his phone. Please, look at this article if you really want to spy.

  7. I wanted to know the email password of my girl. So I installed an android keylogger on her smartphone. Maybe it's not fair. But I'll not deceive ourselves. Cuz, I have a feeling of dignity.

  8. Hellos craze for acting Second home started in lofty college, during by happen he walked by the tragedy group also saw the undergraduates acting love poultrys

  9. The first time I saw this website, I was immediately attracted to zoom. Moreover, all mortgage & tax arrears the information is in my opinion quite interesting and intriguing. I hope you also visit my website and pass judgment on Costa Calida my website. Thanks.

  10. There's no doubt that sometimes students have lots of things to do. U Write My Essay makes their life much more easier by writing a perfect essays for them.

  11. hello yes o like it and agreed with you After reading this blog Second home i am very strong and clear in this topic and
    second mortgage canada explanation also very clear in this blog so easy to understand

  12. Yes, I've seen some discussions on that issues. Check this entry, guys, don't ignore your other users, that don't post on this blog.

  13. I have read you post, Great work you really did it very well. Keep working like this and sharing informative posts like
    this one. keep it up. I'm waiting for your next post...
    burnaby real estate

  14. Great tips I have noted all in my diary I'll use your all tips as you mentioned I really like your article I was searching on this topic as I'm working on this topics can see my work but yours is too good I personally appreciate you for this. Keep working like this.t shirt design vancouver

  15. Hi, Great.. Tutorial is just awesome..It is really helpful for a newbie like me.. I am a regular follower of your blog. Really very informative post you shared here.
    Kindly keep blogging. If anyone wants to become a Front end developer learn from javascript and jquery training in chennai .
    or learn thru Javascript Training in Chennai.
    Nowadays JavaScript has tons of job opportunities on various vertical industry. javascript and jquery training in chennai

  16. It looks funny but It was a serious matter, And solved in two weeks. It take time and efforts of professionals as we can see ١٠ أسباب تدفعك إلى الاستثمار في جورجيا there. It was a good experience to solve this funny issue...

  17. Can I Learn this from basics... I want to learn this and can you tell me how can I do this? And How I can get proprepandfulfillment from the basics of these things...

  18. Here is the best essay writing blog Find us at the writers guide conference!

  19. Get OFF HostGator when you use this exclusive hostgator coupons code

  20. Evaluating your vehicle's worth will enable you to guarantee that you can get the most extreme sum conceivable on your auto value. When you utilize the KBB valuation as a benchmark, you can precisely evaluate the assessed estimating for your utilized auto. auto title loans near me chicago