How it works...
In this recipe, we used the src property of the script tag to call an external JavaScript file; in this case, the hook to our BeEF server.
This hook.js file communicates with the server, executes the commands, and returns the responses so that the attacker can see them; it prints nothing in the client's browser so the victim will generally never know that his or her browser has been compromised.
After making the victim execute our hook script, we used the persistence module Man-in-the-Browser to make the browser execute an AJAX request every time the user clicks a link to the same domain, so that this request keeps the hook and also loads the new page.
We also saw that BeEF's log keeps a record of every action the user performs ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access