News‎ > ‎

New BeEf Module - pretty theft

posted Jan 19, 2012, 3:08 PM by Nickosaurus Hax
Ok, so it's not actually that new, but I've enjoyed my holidays and now it's time to get back into it. A while ago I added a new module to BeEF (the Browser Exploitation Framework) called 'pretty theft'. 

It's a simple little module that will use a lightbox-style effect to darken the user's browser and pop up a new div stating that their session has timed out - and that they need to reauthenticate. It also has the option to provide an image to put in the header of the div, so if you like, you can use the compromised site's logo / favicon to make it feel a touch more authentic. Once the user has provided their user and password again, the page returns to its previous state, and you have their creds.

A potential extension for this module could be to use the collected creds to authenticate to a given login page in order to test the user's credentials before returning them to the site. This will have some other implications if the application doesn't support multiple concurrent sessions, but would provide further authenticity to the user who couldn't just enter in fake creds and be on their merry may.