-
Notifications
You must be signed in to change notification settings - Fork 2.2k
Persistence
A recent discussion on persistence: https://github.com/beefproject/beef/issues/2318
BeEF has several modules that have been developed to help maintain persistence on hooked browsers.
The modules can be found here:
Note (2022)
Most of the information on this page is wrong and outdated. Current status of persistence modules:
- confirm_close_tab - still worked last i checked; but not as effective as it used to be.
- hijack_opener - works, but requires specific conditions.
- iframe_above - not sure; and requires user interaction.
- invisible_htmlfile_activex - nice bug, but only ever worked in IE11. now patched.
- jsonp_service_worker - not sure; and dependent on the web site exposing JSONP.
- man_in_the_browser - patched many years ago. never worked in IE.
- popunder_window - browsers now block popups by default; however, this module still works if the users clicks somewhere on the page.
- popunder_window_ie - nice bug, but only ever worked in IE11. now patched.
The Old School module will create a pop-up window underneath the victim's browser. This window will open an empty BeEF page. An old school technique but it still works!
The Dirty module will ask the user to confirm that they want to close this tab again and again and again. Dirty!
The Stealth module will rewrite all the links on the web-page causing them to load the target URL in a 100% foreground iFrame. This means that the victim sees the page they were expecting to be redirected to, but the URL still does not change!
The Clean module launches a "man-in-the-browser" hack. It listens for and handles any click on a link.
For links within same domain, Clean will make an AJAX request and load the new page instead of the old one and then add the page into the browser's history. There will be no visible difference to the victim. The page will load in the typical fashion but the browser is still hooked.
The Same Origin Policy prevents this behaviour on other domains, so in the event that the victim navigates to a domain that is not within the same domain, Clean will open the requested web-page in a new tab.
- Configuration
- Interface
- Information Gathering
- Social Engineering
- Network Discovery
- Metasploit
- Tunneling
- XSS Rays
- Persistence
- Creating a Module
- Geolocation
- Using-BeEF-With-NGROK