Hijacking browsers with BeEF

Web Heist

© Lead Image © kanokpol prasankhamphaibun, 123RF.com

© Lead Image © kanokpol prasankhamphaibun, 123RF.com

Article from Issue 288/2024
Author(s):

Bits of JavaScript from a malicious website can put your browser in a trance. A tool called BeEF encapsulates that power in a most diabolical way, providing yet another reason to avoid unknown links and keep your browser up to date.

Web browsers have become so ubiquitous that they are installed on almost every Internet-connected device with a user interface. Because of this popularity, browsers are a very attractive target for attackers.

A 2023 article on the Dark Reading website [1] discusses a study by Spin.AI. The study analyzed around 300,000 browser extensions for several browsers that use Chromium under the bonnet, such as Google Chrome and Microsoft Edge. A staggering 51 percent of the extensions presented a high risk to users. The study apparently found that the "extensions all had the ability to capture sensitive data from enterprise apps, run malicious JavaScript, and surreptitiously send protected data including banking details and login credentials to external parties."

The complexity of modern browsers increases their attack surface greatly, and the threats that their developers must counter should not be underestimated. For a number of years, both Firefox and Google Chrome have made use of sophisticated sandboxing techniques to provide a number of isolation advantages [2].

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Beef up Firefox Privacy Features
    more »
  • Forensics in Freiburg

    A former intrusion specialist is training a gathering of European law enforcement agents in how the bad guys work on the Internet. Contributing editor Markus Feilner stops in for a lesson in attack techniques.

    more »
  • Web Security Dojo

    Protecting your own websites from attack either costs a lot of money or requires a lot of expertise. Web Security Dojo helps you learn to think like an expert.

    more »
  • Workspace: Collabtive and Kimai

    Whether you are developing software, writing articles, or doing something else, a decent project management and time tracking application can help make your daily computing less stressful and your business more efficient. In this article, we take a look at two such tools: Collabtive and Kimai.

    more »
  • On the DVD: BackTrack 5 R

    This issue’s DVD comes with the BackTrack 5 R1 [1][2][3] pen test distribution. BackTrack provides a great collection of pen testing and security auditing tools. You can boot into BackTrack Live from the DVD or install BackTrack permanently on your hard disk.

    more »
comments powered by Disqus