Skip to content

Persistence

Jump to bottom
Isaac Powell edited this page Mar 17, 2022 · 15 revisions

Introduction

A recent discussion on persistence: https://github.com/beefproject/beef/issues/2318

BeEF has several modules that have been developed to help maintain persistence on hooked browsers.

The modules can be found here:

Note (2022)

Most of the information on this page is wrong and outdated. Current status of persistence modules:

  • confirm_close_tab - still worked last i checked; but not as effective as it used to be.
  • hijack_opener - works, but requires specific conditions.
  • iframe_above - not sure; and requires user interaction.
  • invisible_htmlfile_activex - nice bug, but only ever worked in IE11. now patched.
  • jsonp_service_worker - not sure; and dependent on the web site exposing JSONP.
  • man_in_the_browser - patched many years ago. never worked in IE.
  • popunder_window - browsers now block popups by default; however, this module still works if the users clicks somewhere on the page.
  • popunder_window_ie - nice bug, but only ever worked in IE11. now patched.

Table of Contents

Old School Module

The Old School module will create a pop-up window underneath the victim's browser. This window will open an empty BeEF page. An old school technique but it still works!

Dirty Module

The Dirty module will ask the user to confirm that they want to close this tab again and again and again. Dirty!

Stealth Module

The Stealth module will rewrite all the links on the web-page causing them to load the target URL in a 100% foreground iFrame. This means that the victim sees the page they were expecting to be redirected to, but the URL still does not change!

Clean Module

The Clean module launches a "man-in-the-browser" hack. It listens for and handles any click on a link.

For links within same domain, Clean will make an AJAX request and load the new page instead of the old one and then add the page into the browser's history. There will be no visible difference to the victim. The page will load in the typical fashion but the browser is still hooked.

The Same Origin Policy prevents this behaviour on other domains, so in the event that the victim navigates to a domain that is not within the same domain, Clean will open the requested web-page in a new tab.

XSS Rays | BeEF RESTful API

User Guide

I. Introduction   |   II. Basic Utilization   |   III. Advanced Utilization   |   IV. Development   |   V. References

Community

Blog   |   Code   |   Youtube   |   Twitter

I - Starting BeEF

  1. Introducing BeEF
  2. Installation
  3. Basics
  4. Troubleshooting

II - Basic Utilization

  1. Configuration
  2. Interface
  3. Information Gathering
  4. Social Engineering
  5. Network Discovery
  6. Metasploit
  7. Tunneling
  8. XSS Rays
  9. Persistence
  10. Creating a Module
  11. Geolocation
  12. Using-BeEF-With-NGROK

III - Advanced Utilization

  1. RESTful API
  2. Autorun Rule Engine
  3. Notifications
  4. Console
  5. WebRTC Extension

IV - Development

  1. Contributing
  2. ActiveRecord
  3. Development Organization
  4. Architecture
  5. BeEF Javascript API
  6. Step By Step Module Creation
  7. Creating a New Extension
  8. BeEF Testing
  9. Browser & OS Compatibility
  10. Database Schema
  11. Development Milestones
  12. Command Module Config
  13. Command Module API

V - References

  1. FAQ
  2. Other
  3. References
  4. Modules
  5. Release Notes
Clone this wiki locally