The Browser Exploitation Framework (a.k.a. BeEF) is a structured code base for attacking web browsers. BeEF can attack any browser, but the OS, browser type, settings, plugins, and version will all have an effect on what attacks it can execute. BeEF runs as a server; when we hook a browser, it connects back to the BeEF server. From there, we can execute commands against it. In this chapter, we will cover the following recipes:
- Hooking the browser with BeEF
- Collecting information with BeEF
- Creating a persistent connection with BeEF
- Integrating BeEF and Metasploit
- Using the BeEF autorule engine