BeEF Framework: Overview and Basics

BeEF stands for The Browser Exploitation Framework. It is a penetration testing tool focusing on the web browser.

BeEF works on the principle of hooking. BeEF hooks one or more web browsers and uses them as beachheads for launching command modules and attacks to get control of the target.

There are many ways to implement BeEF, notably being:

  • Injection of code (need to be MITM)
  • Using XSS Exploit
  • Social Engineering

Kali Linux comes preinstalled with the BeEF framework. Search ‘BeEF’ in all applications and you’ll find three-

  • BeEF Start: To start the Framework
  • BeEF Stop: To stop the Framework
  • BeEF XSS framework

Open BeEF start. You are prompted to set a password. Once set, press enter, and you will be redirected to the BeEF website on your browser.

Enter your credentials. The default username is beef.

Under hooked browsers, the Online Browsers will contain the browsers you are currently hooking.
While the Offline Browsers will show all the browsers which you had hooked previously.

Now, to hook the browsers you have to make it execute a particular javascript code. The code syntax is already provided in your terminal where you just ran BeEF.

To check if it works, type /var/www/html in the file manager. Open index.html with any text editor of your choice. Paste the above code.

Return to the terminal and execute the following: 
#service apache2 start

Now, whenever a machine connects to this ip address via a browser, BeEF will catch it. Here through my virtual machine, I have searched for this ip address in my browser.

As you can see, the address of my Virtual machine which just connected to my Kali’s address, is now shown under ‘Online Browsers’.

Now there are a variety of options offered by BeEF for us to use:


Here the details of the browser hooked and information about the host machine are shown.


This tab shows all the commands which have taken place on the hooked browser recently.


This tab can be used to configure and use the hooked browser as a proxy.


Shows whether the hooked browser has any sort of XSS vulnerabilities.


Shows a graphical overview of the current network. 


This tab provides all the commands which you can now execute on the hooked browsers. From giving fake login prompts to injecting javascript codes, there is a sea of possibilities under this tab.

This was a basic overview of BeEF and its capabilities. Once you manage to hook a browser, the possibilities are endless for the post connection phase!

Also, do note that after using BeEF, make sure to open ‘BeEF stop’, which you’ll find under all applications.

Connect with me on LinkedIn