top of page
  • Writer's pictureDiv0 Blog Editor

12th Day of Christmas: Browser Exploitation Framework (BeEF)


BeEF is a pentesting framework that focuses on the Web browser. BeEF is very powerful as it looks past the hardened network and host system, and examine exploitability directly via your system’s open window – i.e. the Web browser.


As of all the other tools we’ve discussed thus far, BeEF is readily available on Kali Linux. Nonetheless, you can acquire BeEF from its Github repository. You can find installation instructions on either its INSTALL.txt file or Wiki page.

BeEF Architecture

BeEF has 2 major components:

  • User interface that allows user to see all online and offline browsers it has hooked, and run exploits and information gathering against them; and

  • Communication server that communicates with the hooked browsers via HTTP.

Configuring & Running BeEF

All the main configurations of BeEF can be performed by modifying the config.yaml file. Some main configurations you should look at are:

  • Network limitations

  • Web server configuration

  • Extensions

If you are all set, start up your BeEF!

I’m running my ‘Web service’ from, and only allowing access to the user interface from (localhost).

If you examine the extensions section closely, you will realise you can configure BeEF to use Metasploit as well.

Browser Hooking using BeEF

BeEF simply hook onto browsers that visited the Web pages it serves. In my test setup, I got 4 hosts hooked onto my BeEF.

  1. is a Damn Vulnerable Linux machine.

  2. is a Windows XP machine with no service pack.

  3. is a Windows XP SP3 machine.

  4. is a hardened Windows 7 machine (fully patched, and Kaspersky Antivirus installed).

The user interface is pretty self-explanatory. You can check out the browser and host information of the machine BeEF has hooked.'s Browser Information's Host Information

It is also very intuitive what you can/can't do with the hooked machines.

List of things you can do to's Browser (Green=Will Work, Amber=User May Detect, Red=Won't Work):

List of things you can do to's Host Machine:

List of things you can do to

Now, testing BeEF on my hardened Windows 7 machine (FYI, my antivirus did not even make the sound):

I tried using the Webcam feature, although it asked for permission to access my Webcam, I’m sure there are definitely users out there who will click ‘allow’ without thinking too much about it. It, of course, switched on my Webcam. See that tiny light?

Defending Against BeEF

Common sense, do not visit unsolicited Web sites.


It is not possible to cover every single aspect of BeEF in one short post. However, it is definitely an amazing tool to look into for our very last episode of 12 Days of Christmas.


Shared by Emil Tan, Skipper & Co-Founder of Div0.

47 views0 comments

Recent Posts

See All


Post: Blog2_Post
bottom of page