[Infusion Idea] BeEF XSS

[ZaraByte]

Any chance making some kinda infusion that could be used to inject a BeEF XSS into websites of connected users?

I'm sure it could be done many other ways but i figured maybe if any of the infusion makers were looking for some ideas maybe a BeEF XSS Infusion where you can maybe just inject the java script and the infusion could target someone connected to the pineapple?

Guess some people might find it useless but i happen to be a big fan of BeEF and had a wild hair idea of maybe having a infusion that we could inject into connected clients not even sure if that's possible but just figured i throw a wild hair idea out their i guess anything really is possible if their is a will their is away!

[IvanDoe]

I am actually working on something like this that started as pineapple infusion but developed into much more :)

The way it works is MITMf injects javascript(xss) code into each page, and there is web script that manages clients with various xss "options" like cookie stealing, jskeylogger etc...

I've talked with and showed it to MITMf author and he likes it, and there was talk of MITMf being included in next pineapple firmware so in future it should be handy to have.

I plan on releasing this script it in month-ish.

[digip]

If you had your pineapple setup with a wifi portal page, ie: cafe login before using the internet/captive portal, for users to get to the internet, then you could easily get them hooked by inserting beef code in the portal page, since just viewing the landing page alone would be able to hook them into beef. After that you can work on further exploits to the end users machine. Beef alone doesn't do anything until after you hook the user. You could also try ettercap to insert beef code to all pages users visit, but I think the captive portal might be the easiest way to get end users hooked to beef.