Jump to content

[Infusion Idea] BeEF XSS


Recommended Posts

Any chance making some kinda infusion that could be used to inject a BeEF XSS into websites of connected users?

I'm sure it could be done many other ways but i figured maybe if any of the infusion makers were looking for some ideas maybe a BeEF XSS Infusion where you can maybe just inject the java script and the infusion could target someone connected to the pineapple?

Guess some people might find it useless but i happen to be a big fan of BeEF and had a wild hair idea of maybe having a infusion that we could inject into connected clients not even sure if that's possible but just figured i throw a wild hair idea out their i guess anything really is possible if their is a will their is away!

Link to comment
Share on other sites

I am actually working on something like this that started as pineapple infusion but developed into much more :)

The way it works is MITMf injects javascript(xss) code into each page, and there is web script that manages clients with various xss "options" like cookie stealing, jskeylogger etc...

I've talked with and showed it to MITMf author and he likes it, and there was talk of MITMf being included in next pineapple firmware so in future it should be handy to have.

I plan on releasing this script it in month-ish.

Link to comment
Share on other sites

If you had your pineapple setup with a wifi portal page, ie: cafe login before using the internet/captive portal, for users to get to the internet, then you could easily get them hooked by inserting beef code in the portal page, since just viewing the landing page alone would be able to hook them into beef. After that you can work on further exploits to the end users machine. Beef alone doesn't do anything until after you hook the user. You could also try ettercap to insert beef code to all pages users visit, but I think the captive portal might be the easiest way to get end users hooked to beef.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...