BeEF is installed by default in Kali distribution. It is located in the /usr/share/beef-xss/ directory. By default, it is not integrated with the Metasploit framework. To integrate BeEF, you will need to perform the following steps:
- Edit the main configuration file located at /usr/share/beef-xss/config.yaml to read the following:
metasploit: enable:true
- Edit the file located at /usr/share/beef-xss/extensions/metasploit/config.yml. You need to edit the host, callback_host, and os 'custom', path lines to include your IP address and the location for the Metasploit framework. A correctly edited config.yml file is shown in the following screenshot:
- Start msfconsole, and load the msgrpc module, as shown in the following screenshot. Make sure that you include the password as well:
- Start BeEF using the following commands:
root@kali:~# cd /usr/share/beef-xss/ root@kali:/usr/share/beef-xss/~# ./beef
- Confirm startup by reviewing the messages generated during program launch. They should indicate that Successful connection with Metasploit occurred, which will be accompanied with an indication that Metasploit exploits have been loaded. A successful program launch is shown in the following screenshot:
When you restart BeEF, use the -x switch to reset the database.
In this example, the BeEF server is running on 192.168.213.128 and the hook URL (the one that we want the target to activate) is 192.168.213.128:3000/hook.js.
Most of the administration and management of BeEF is done via the web interface. To access the control panel, go to http://<IP Address>:3000/ui/panel.
The default login credentials are Username:beef and Password:beef, as shown in the following screenshot, unless these were changed in config.yaml:
