Ha, fun to see this again! Back before everything was HTTPS, it was fun to use the Browser Exploitation Framework (https://beefproject.com) which had a script included that did this. Though in those cases I wasn't in control of the gateway, so ARP spoofing was required to get other devices to route through me. - Source: Hacker News / about 1 month ago
For example IOS WebKit has a bunch of vulnerabilities announced recently. And one of those could be used via the Browser Exploitation Framework to install malware on your phone with you just clicking the link. Source: 5 months ago
Motivation is a key part, so those attacks are more theoretical than practically dangerous, however there is a class of attacks that's based on the fact that your browser can make arbitrary network connections, so unprivileged javascript can be used for some scans of your local network - for example, your router's internally accessible admin page or some vulnerability in a printer accessible in local network, as... Source: 10 months ago
This is something that kind of annoys me; there's even a /r/rails sub-reddit specifically for Ruby on Rails stuff. Understandably Rails helped put Ruby on the map. Before Rails, Ruby was just another fringe language. Rails became massively popular, helped many startups quickly build their Web 2.0 sites, and become successful companies (ex: GitHub, LinkedIn, AirBnB, etc). Like others have said, "Rails is where the... Source: 12 months ago
If you can open any webpage there then I would recommend using BeEF https://beefproject.com/. Source: about 1 year ago
Take a look at BeEF framework - https://beefproject.com/ that's pretty much all the things you can do from a browser. Source: over 1 year ago
Third-party registry: In this case, one of the methods could be social engineering, using tools like BeeF to create a specific phishing or fake page to get the login credentials and change the image to a new one with a known and exploitable vulnerability and wait for the deployment. One more thing is this is not magic or 100% successful. If the company scans the images in the deployment, it could be detected! - Source: dev.to / over 1 year ago
Later when you finally decide to educate yourself you could look at some tools such as https://beefproject.com/ to get an idea of what can happen just by clicking a link. Source: over 1 year ago
Guess again, https://beefproject.com. Source: over 1 year ago
And also u can hook their browser and connect them to your botnet. (or you can rickroll them) If you have a linux machine you can use BeEF. Source: almost 2 years ago
Maybe he means something like this. Source: about 2 years ago
I don't know much about it other than what I picked up in a Levelonetechs video, but look into the beef project since you do a little website development and the vector will be in the browser anyway. Source: over 2 years ago
a great example of what someone can do using JavaScript and browser exploitation is the Browser Exploitation Framework (BeEF - https://beefproject.com/). Source: over 2 years ago
Do you know an article comparing BeEF to other products?
Suggest a link to a post with product alternatives.
This is an informative page about BeEF. You can review and discuss the product here. The primary details have not been verified within the last quarter, and they might be outdated. If you think we are missing something, please use the means on this page to comment or suggest changes. All reviews and comments are highly encouranged and appreciated as they help everyone in the community to make an informed choice. Please always be kind and objective when evaluating a product and sharing your opinion.