Stored XSS with BeEF
The Browser Exploitation Framework (BeEF, available at http://beefproject.com) is a tool we took a look at in Penetration Testing with the Raspberry Pi, Second Edition (https://www.packtpub.com/networking-and-servers/penetration-testing-raspberry-pi-second-edition), where we discussed its general use as a honeypot or malicious web server. These same capabilities make BeEF a fantastic tool for the delivery and subsequent management of a variety of XSS attacks. What makes BeEF powerful is that it leverages a single hook script in internet browsers for its attack, and because of the XSS vulnerability in the web server, it can evade most controls employed by more paranoid or better trained victims. Short of blocking various ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access