Automating Beef – A beef tool is a pre-installed tool on a Linux device. It can usually be run on a local server but in this post, we are going to look at how to get target information by hosting the beef tool on Ngrok instead of running it on a localhost.
What is the beef tool?
BeEF, the Browser Exploitation Framework, is a testing tool designed to enable penetration testers to launch client-side attacks against target browsers. By using techniques similar to common drive-by malware, testers can assess the security of a target’s internal environment, bypassing the hardened perimeter.
The tool we are going to use for browser exploitation is beefauto. Using this tool we can fully control our target browser and we can also know if the target has saved their password in the browser.
How to install Automating beef auto?
If you want to install this tool on Termux you need to have your android phone rooted, and if you run this tool on Linux it can only be run with the help of the Linux root terminal.
To download this beefauto tool on your device, run the following command on your terminal.
git clone https://github.com/swagkarna/BeefAuto.git 
After downloading the beefauto tool you need to change your terminal to the tool directory to access the tool’s executable file so run the following command.
cd BeefAuto 
Now, this beefauto tool needs a few modules to help to run on your device so you can install all the modules you need by running the following command in your terminal.
sudo pip3 install -r requirements.txt 
After installing the requirements, execute the following command on your terminal to install the beef tool.
sudo bash install.sh How works Automating beef auto tool?
After first activating this tool on your device this tool will first ask for ngrok authtoken then log in to your ngrok account and paste your authtoken into the terminal.
sudo bash install.sh 
After installing the ngrok authtoken you need to run the beefauto tool and first run the ngrok tool so execute the following command.
sudo ngrok start -all 
After running the ngrok tool open a new tab in your terminal and type the following command in it. Doing so will allow the beefauto tool to install the password while the beefauto tool is running and the password you can install must be at least 6 characters.
sudo python3 main.py 
After you run the beefauto tool you will see four options that select your target convince. I have selected the 2nd option.
After you select payload you will get two links 1) beefauto tool dashboard link 2) send to your target link. first open the dashboard link in your browser and login the username beef password you gave while installing this tool.
Now send the phishing link to your target and your target will appear in the image below after clicking on the link you sent.
Once your target has clicked on the link you sent, go to your beefauto dashboard and click on your target ip address under the text “online browser” and then click on the command under current browser. Now you can see a lot of commands options in which you can use whatever you want to know your target information.
There are a number of commands in this command area that you can use to complete control of your target device.
How to prevent automating beef attack?
Hackers usually use this automating beef tool to hack the general public by sending a link, so you can protect yourself from this hacking even if you do not click on any link.
We can easily find this kind of phishing link. Before you click on the suspicious link, you can copy it and paste it on emailveritas.com to find out.
If you click on the phishing link, you should close that browser tab immediately and restart your phone or computer, as this will disconnect the hacked session from your device.
Conclusion
I hope this post was very helpful to you and I want to share this post with your friends too. If you have any doubts about this post you can ask me through the command section.
Post a Comment