Professor: Yasir Malik

INCS-745

Intrusion Detection and Hacker Exploits

Project Proposal

Project Team:

1) Surya Vijay Kumar Regani – 1242661

2) Subrahmanya Varma Dantuluri - 1229359

Project Title: BeEF: The Browser Exploitation Framework

Problem Statement: When any client machine is connected to any public network, it’s possible for an

Attacker to make use of victim’s browser vulnerabilities to access user ids, passwords, Webcam, and

tempt to download malicious software.

Objective: Browser vulnerabilities can be exploited by malicious software to manipulate the expected

behavior of a browser by using BeEF tool for phishing attacks

Methodology: BeEF is a method of taking advantage of vulnerabilities in the browser software to

modify specific settings without knowledge of the end user. It is an testing tool designed to enable

penetration testers to launch client side attacks against target browsers

• Firstly, a target is selected.

• Targeted user can be hooked by accessing a customized URL and continue to see typical web

traffic, while an attacker has access to the user's session.

• Once the module is loaded, the vulnerability can be exploited.

BeEF bypasses network security appliances and host based anti-virus applications by targeting the

vulnerabilities found in common browsers such as internet explorer, google chrome and Firefox.

Project Deliverables:

• Client side exploitation which uses web based applications

• Hooking browser

• Exploits using vulnerability of browser

• Tempting victim to download malicious payloads when prompted

• Complete access of victims machine

Learning Experience: when connected to any public network:

• Make sure to have updated antivirus installed

• Not to click on any links and downloads when prompted

*Courtesy – Definition and content inspired from web