This document describes using the Browser Exploitation Framework (BeEF) to conduct social engineering attacks. It introduces the creators and outlines how BeEF's web cloning and mass mailing extensions can be automated through a RESTful API to conduct phishing campaigns. Demostrations are provided of cloning a webpage to intercept login credentials, creating an HTML email template, and combining the extensions to send cloned phishing links at scale. The summary emphasizes automating social engineering attacks using BeEF's client-side exploitation abilities.
3. Outline
• A Social Engineering real story
• BeEF intro
• The new BeEF Social Engineering
extension
• Having fun with the RESTful API
3
4. Social Engineering
• “Social engineering, in the context of
security, is understood to mean the
art of manipulating people into
performing actions or divulging
confidential information.” - Grandfather of all
knowledge (Wikipedia).
4
5. Our Mission...
• Tasked with gathering as many
usernames and passwords as possible
in a small amount of time
• Tried calling and pretending to be
person of authority but awareness
seemed to be higher
5
6. So...
• We heard great things about S.E.T.
• Decided to use that to clone the
website (but found some bugs and
limitations that almost made it
unusable)
6
7. Mass-Mailer
• With the help of a colleague we then
created a basic mass-mailer that used
personalization, HTML, pictures and
had the ability to spoof the domain
name (thanks to their SMTP server
settings :-)
7
12. But...
• We thought we could do it better and
integrate some awesome client-side
exploitation whilst we were at it...
12
13. Meet BeEF
• Browser Exploitation Framework
• Pioneered by Wade Alcorn in 2005
• Powerful platform for Client-side pwnage,
XSS post-exploitation and generally victim
browser security-context abuse.
• The framework allows the penetration
tester to select specific modules (in real-
time) to target each browser, and therefore
each context.
13
17. Social Eng. extension
• The idea was to have some BeEF
functionality that can be called via the
RESTful API, in order to automate:
• sending phishing emails using
templates,
• cloning webpages, harvesting
credentials
• client-side pwnage
17
20. BeEF web_cloner
• Clone a webpage and serve it on BeEF,
then automatically:
• modify the page to intercept POST
requests
• add the BeEF hook to it
• if the page can be framed, after
POST interception load the original
page on an overlay iFrame,
otherwise redirect to original page
20
21. BeEF web_cloner
• curl -H "Content-Type: application/json;
charset=UTF-8" -d '{"url":"https://
login.yahoo.com/config/login_verify2",
"mount":"/"}' -X POST http://<BeEF>/api/
seng/clone_page?
token=53921d2736116dbd86f8f7f7f10e46f1
• If you register loginyahoo.com, you can
specify a mount point of /config/
login_verify2, so the phishing url will
be (almost) the same
21
23. BeEF mass_mailer
• Do your phishing email campaigns
• get a sample email from your target
(with company footer...)
• copy the HTML content in a new BeEF
email template
• download images so they will be added
inline!
• add your malicious links/attachments
• send the mail to X targets and have fun
23
29. Combine everything FTW
• Register your phishing domain
• Point the A/MX records to a VPS where you
have an SMTP server and BeEF
• Create a BeEF RESTful API script that:
• Clone a webpage link with web_cloner
• Send X emails with that link with
mass_mailer
• Script intelligent attacks thanks to BeEF
browser detection
29
32. Thanks
• Wade to be always awesome
• The other BeEF guys: Brendan, Christian,
Ben, Saafan, Ryan, Heather
• A few new project joiners: Bart Leppens,
gallypette, Quentin Swain
• Tom Neaves for the butcher/hook images :D
32