BeEF is a security auditing tool used by penetration testers to assess the security posture, and discover vulnerabilities, of systems and networks. It allows you to hook a client browser and exploit it. Hooking is the process of getting a victim to click on a web page that contains JavaScript code. The JavaScript code is then processed by the victim's web browser and binds the browser to the BeEF server on Kali Linux.

For this exercise, we'll be using the following topology:

Let's start using BeEF to exploit XSS vulnerabilities:

1. To open BeEF, go to Applications | 08 – Exploitation Tools | beef xss framework. The BeEF service will start and display the following details to access the BeEF interface:

WEB UI and hook URLs are important. The JavaScript hook is usually embedded into a web page that is sent to the victim. Once accessed, the JavaScript will execute on the victim's browser and create a hook to the BeEF server. The IP address used in the hook script is the IP address of the BeEF server. In our lab, it is the Kali Linux (attacker) machine.

2. The web browser will automatically open to the BeEF login portal. If it does not open, use http://127.0.0.1:3000/ui/panel:

The username is beef and you will have set the password when initially starting BeEF.

3. Start the Apache web service on Kali Linux:

service apache2 start

4. Edit the web page located in the web server directory.

cd /var/www/html
nano index.html

5. Insert the code within the head of the HTML page as shown here:

The IP address belongs to the Kali Linux machine that is running the BeEF server.

6. On your Windows machine, open the web browser and insert the IP address of the Kali Linux machine:

7. Head back over to your Kali Linux machine. You now have a hooked browser. Click on the hooked browser:

8. Click on the Commands tab. Here, you'll be able to execute actions on the victim's web browser. Let's display a notification on the client's side.

9. Click on the Commands tab | Social Engineering | Fake Notification Bar:

The column on the far right will display a description of the attack. When you're ready, click on Execute to launch it.

10. Now, head on over to the Windows machine. You'll see that a fake notification bar appears in the web browser:

BeEF allows you to perform client-side attacks on the victim's browser interface.

In this section, we have covered various methods and techniques used to discover XSS vulnerabilities on a target, and we have performed XSS exploitation using BeEF. In the next section, we'll perform automatic web vulnerability scanning.