Exploiting XSS with BeEF

BeEF, the browser exploitation framework, is a tool that focuses on client-side attack vectors, specifically on attacking web browsers.

In this recipe, we will exploit an XSS vulnerability and use BeEF to take control of the client browser.

Getting ready

Before we start, we need to be sure that we have started the BeEF service and are capable of accessing (with beef/beef as login credentials).

  1. The default BeEF service in Kali Linux doesn't work so we cannot simply run beef-xss to get BeEF running, instead we need to run it from the directory in which it was installed, as shown here:
    cd /usr/share/beef-xss/
  2. Now, browse to and use beef as both the username and ...

Get Kali Linux Web Penetration Testing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.