It is increasingly important for enterprises to thoroughly educate employees on the dangers of using Web browsers. Employees should be aware of acceptable use policies and Internet access security processes. With LUCY you are already able to perform phishing attack simulations and tell if users click on a potential phishing link. But how can an organization determine whether the user's browser is configured using safe settings? If the user accesses the link from a corporate PC, you might be able to answer this question. But what if the user accesses the corporate email from his private workstation or mobile device? One answer is the Browser Exploitation Framework (BeEF), a security testing framework that helps companies deliver effective user awareness training surrounding these issues.
BeEF is short for The Browser Exploitation Framework. By using techniques similar to common drive-by Malware, testers can assess the security of a target’s internal environment, bypassing the hardened perimeter. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEf can be used to “safely” expose Web and browser-based vulnerabilities like cross-site scripting (XSS) using client-side attack vectors. If a user clicks on a link that BeEf put there, it will hook the user's browser into the BeEF server which is now also part of LUCY. The tool can also issue commands to the browser, such as redirection, changing URLs, generating dialogue boxes and more. It has the ability to run Malware on the hooked browser IP address and use it as a launching point to infiltrate other computers on the same network, effectively spreading the Malware. With the integration of BeEf into LUCY, companies can now answer two main questions: Would an employee fall for a phishing attack? And if they do, would their browser security settings have prevented more damage from browser exploitation type Malware?
As BeEF is running in the background of a phishing landing page it only will work in scenario's, where a landing page which the user can access, is activated.
To enable BeEF go into the Base Settings of the campaign, select the scenario in which you want to activate BeEF and then go to scenario settings. At the bottom you will find a checkbox “BeEF Information Gathering” which you need to activate.
After LUCY 3.1 you will have the possibility to activate each single BeEF information Gathering module on its own.