Recipe 15-3: Hooking Malicious Clients with BeEF
This recipe shows you how to hook malicious clients with the Browser Exploit Framework (BeEF) tool for monitoring purposes.
Ingredients
- ModSecurity
- SecContentInjection directive
- SecStreamOutBodyInspection directive
- STREAM_OUTPUT_BODY variable
- @rsub operator
- BeEF1
This final recipe demonstrates an advanced response action that is simultaneously the most interesting and most controversial one presented in this book. The response actions described thus far mainly have focused on stopping the malicious traffic itself. Although this approach has some merit, it essentially treats the symptom of the problem (the attack) rather than the problem itself (the attacker). The response action in this recipe shows you how you can use ModSecurity to inject the BeEF application into malicious client web browsers. Before we dive into the details, we should look at an overview of BeEF.
What Is BeEF?
BeEF is short for the Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF ...
Get Web Application Defender's Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
