One of my favorite features of BeEF is the ability to use the victim as a proxy to send forged requests on behalf of the user:
- It's as simple as right-clicking the hooked victim to use as a proxy, navigating to the Rider tab, and using the Forge Request option, as seen in the following screenshots:
- Copy a known HTTP request to forge through the victim's browser, such as creating or changing an admin user's password, as seen in the following screenshot:
- View the forged response in the History tab:
- When the forged request is double-clicked, another tab will open with the path of the forged request and the HTTP response will be shown, as illustrated in the following screenshot:
In this recipe, we demonstrated how to discover vulnerable XSS parameters, reviewed encoding considerations, dissected JavaScript code, discussed usage of basic XSS payloads, and exploited a cross-site scripting vulnerability with a BeEF hook. When BeEF is hooking a victim, there are a number of possibilities and exploitation techniques to be used.