Hello there!🙋️ If you are a hacking enthusiast🕵️♂️, you probably know about BeEF (Browser Exploitation Framework)🕸️. Many of you are asking me how you can use this tool on Android📱. Truly, I also faced problems learning BeEF(Browser Exploitation Framework) when I didn’t have a laptop💻, but now I know how we can use BeEF(Browser Exploitation Framework).
I am writing this article on how you can use BeEF(Browser Exploitation Framework) on your Android device without rooting it🤖. In this article, we will see practically how we can install BeEF(Browser Exploitation Framework) on an Android device.
BeEF (Browser Exploitation Framework) is a Web browser forced penetration testing tool🛡️ that is used to perform attacks in target browsers🎯.
What BeEF is?🤨
BeEF stands for The Browser Exploitation Framework 🕸️. It is a penetration testing tool 🛡️ that focuses on the web browser 🌐. BeEF(Browser Exploitation Framework) allows professional penetration testers to assess the actual security posture of a target environment by using client-side attack vectors 🔓. It is designed to enable penetration testers to launch client-side XSS attacks 💥 against target browsers 🎯 or victims 🧍. BeEF(Browser Exploitation Framework) hooks one or more web browsers and uses them as beachheads for launching directed command modules and further attacks against the system ⚙️ from within the browser context 💻. BeEF’s administration user interface provides a console for executing commands and modules ⌨️. Learn (full)
|Storage 0.1 to 0.3 GB
Step 1: Install & Setup Termux
To install BeEF(Browser Exploitation Framework), first we have to install the termux application from Fdroid (do not install termux from the Play Store because the Play Store does not have the latest version).
Step 1: After installing Termux, we have to give storage permission to our application. Run the below command to give storage permission
Step 2: After giving storage permission to termux, we have to update and upgrade our termux. Update and upgrade your termux by executing the following command:
$ apt update && apt upgrade
Step 3: After that, we have to install git and wget so that you can clone the kali nethunter repository on your termux. install git and wget by executing the following command.
$ yes | pkg up
$ apt install git && apt install wget
Step 4: Now we have to install the dependencies that are required to run BeEF(Browser Exploitation Framework: curl, wget, libyaml, libxslt, bison, espeak, ruby, python, and nodejs. You can install all these dependencies by executing the below command.
$ pkg install curl wget libyaml libxslt bison espeak ruby python nodejs
Step 5: We installed all the dependencies that are required to run BeEF. Now we need to clone the github repo of BeEF. Clone the git repo by executing the below command, and the tool will take a maximum of 25 seconds to clone the file.
$ git clone https://github.com/hacklivly/BeEF_in_Termux.git
Step 6: After cloning the file, we need to install an essential file and add it to the cow’s genfile, but cow’s genfile does not work in termux, so we have to install it manually. To install it manually, run the below command and wait for 20–40 seconds.
$ gem install nokogiri -- --use-system-libraries
Step 7: Now go to the BeEF folder by executing the below command.
$ cd beef
Step 8: If you follow the official BeEF installation command, which says to run ./install after installing BeEF to install tools and require packages, then it will not work in termux, so we created a bash file for automating this work and installing all required packages and tools automatically by just executing the file.
Install our github file by executing the below command:
$ git clone https://github.com/spcilvly/BeEF_in_Termux.git
Then go to the BeEF_in_Termux directory.
$ cd BeEF_in_Termux
Now have to run the dependencies installation. To run the BeEF dependencies installer, execute the below command:
$ bash BeEF.sh or ./BeEF.sh
Step 9: Now we need to install Ruby and Nano so that we can make some changes to the install for running BeEE on Android. This is an essential process. Execute the given command to install Ruby and Nano.
$ apt install ruby && apt install nano
Step 10: Now we have to edit install file, to open the install file in editor mode, execute the following command:
$ nano install
In the install file, we have to delete all sudo, check_os, and check_ruby_version. After deleting these files, press ctrl + x & ctrl +y and hit enter.
Explanation: We deleted all sudo, check_os, and check_rub_version lines. When we execute the install file, it will not check root permission, check_os, or check_ruby_version. Because of that, our BeEF install file runs successfully without root permission and installs BeEF without any errors.
Now we have to install BeEF from the install file. Run the command bash install to install BeEF.
$ bash install or ./install
It will take 20 to 25 minutes to install the BeEF. Keep waiting.
Step 11: After installing BeEF (Browser Exploitation Framework, we now have to change the default username and password of BeEF. Our default username and password are saved in the config.yaml file. To change the default username and password, first we have to open the config.yaml file in editor mode. To open the config.yaml file in editor mode, execute the following command:
$ nano config.yaml
After changing the password, press ctrl + x and ctrl +y and hit enter. To save that password
Congratulations! Your BeEF has been successfully installed in Termux without rooting your device.
Step 12: Now you just have to run coammmd
./beef for starting your BeEF.
$ bash beef or ./beef
Now it will start running on your termux, and it will show you a panel that includes many links, like a hook link, a UI link, and many more. To access the beef panel, you just have to copy the UI URL, paste it into any web browser, and hit enter. In my case, the UI URL is http://127.0.0.1:3000/ui/panel.
Note that you will see two UI urls at different locations; both are using port 3000, but both are not the same. One, which is using 127.0.0.1, means the local host. can be accessible on the same device, while the other, which starts at 192.168, means the IPv4 IP can be accessible on any device using the URL.
Then you will see the BeEF login screen. Just input your login ID and password, and hit login.
If you have basic knowledge about IP and you recognize that 127 stands for localhost IP.
To stop the BeEF service, just press ctrl + c and hit enter.
We have installed the most powerful tool, Browser Exploitation Framework (BeEF), on our Android device.