BeEF Framework: Overview and Basics

BeEF stands for The Browser Exploitation Framework. It is a penetration testing tool focusing on the web browser.

BeEF works on the principle of hooking. BeEF hooks one or more web browsers and uses them as beachheads for launching command modules and attacks to get control of the target.

There are many ways to implement BeEF, notably being:

  • Injection of code (need to be MITM)
  • Using XSS Exploit
  • Social Engineering

Kali Linux comes preinstalled with the BeEF framework. Search ‘BeEF’ in all applications and you’ll find three-

  • BeEF Start: To start the Framework
  • BeEF Stop: To stop the Framework
  • BeEF XSS framework

Open BeEF start. You are prompted to set a password. Once set, press enter, and you will be redirected to the BeEF website on your browser.

Enter your credentials. The default username is beef.

Under hooked browsers, the Online Browsers will contain the browsers you are currently hooking.
While the Offline Browsers will show all the browsers which you had hooked previously.

Now, to hook the browsers you have to make it execute a particular javascript code. The code syntax is already provided in your terminal where you just ran BeEF.

To check if it works, type /var/www/html in the file manager. Open index.html with any text editor of your choice. Paste the above code.

Return to the terminal and execute the following: 
#service apache2 start

Now, whenever a machine connects to this ip address via a browser, BeEF will catch it. Here through my virtual machine, I have searched for this ip address in my browser.

As you can see, the address of my Virtual machine which just connected to my Kali’s address, is now shown under ‘Online Browsers’.

Now there are a variety of options offered by BeEF for us to use:


Here the details of the browser hooked and information about the host machine are shown.


This tab shows all the commands which have taken place on the hooked browser recently.


This tab can be used to configure and use the hooked browser as a proxy.


Shows whether the hooked browser has any sort of XSS vulnerabilities.


Shows a graphical overview of the current network. 


This tab provides all the commands which you can now execute on the hooked browsers. From giving fake login prompts to injecting javascript codes, there is a sea of possibilities under this tab.

This was a basic overview of BeEF and its capabilities. Once you manage to hook a browser, the possibilities are endless for the post connection phase!

Also, do note that after using BeEF, make sure to open ‘BeEF stop’, which you’ll find under all applications.

Connect with me on LinkedIn


  1. Mega Clean is designed to get rid of as many toxins as possible while also replenishing lost vitamins and minerals for better health. This strong drink is usually taken for detoxing from THC by diluting it. Mega Clean contains vitamins and herbs that help to balance electrolytes and specific gravity in diluted urine. This is a liquid herbal supplement that helps the urinary, circulatory, and digestive systems remove dangerous pollutants. It is a healthy way to purify your body while also getting the essential vitamins and minerals. Half-fill the Mega Clean bottle with water, give it a good shake and drink. Allow 15 minutes for the process to complete, and your odds of passing the test will increase by large margins. Passing a drug test with drug detox beverages like the Mega Clean detox is all about staying as clear of toxins as possible before the test. Each hour of sleep lowers the toxin level in the body, and the Mega Clean solution handles the rest. The immunoassay (ELISA) test is followed by the GC-MS test. The first inch and half of a strand of hair are screened for the test. This test works slower than the urine test and might also end up showing false positives.A blood test for weed can be highly effective, as long the authorities have the right equipment for it. Your blood starts storing traces of THC right after smoking weed.This test produces accurate and quick results but is rarely used by companies looking to hire you as it would throw up positive results only if you’ve just recently consumed weed.Q: What is the best way to detox before a drug test?A: There is no single foolproof trick that will ensure the best results every time.