Course info
Nov 6, 2019
1h 46m

Cross-site scripting (XSS) vulnerabilities can be seen as a small issue that allows an attacker to display dialog boxes and at worst steal cookies. BeEF allows us to demonstrate its importance by using XSS to demonstrate a wide variety of attacks, making it clear just how important it is to fix. In this course, Getting Started with BeEF, you will gain the ability to use BeEF to highlight how XSS can be used to highlight some of the possible effects of the vulnerability. First, you will learn about the types of XSS and how to use BeEF with the vulnerability. Next, you will discover how to maintain persistence on a machine that has been connected to our BeEF server. Finally, you will explore how to automate BeEF to allow vulnerabilities to be exploited without manual intervention. When you are finished with this course, you will have the skills and knowledge to use BeEF in a penetration test to highlight the extent to which XSS can be used against anyone who visits the affected website.

About the author
About the author

Gavin is passionate about security and has an extensive background in software development in regulated environments. He currently works in a Red Team at a FTSE 100 company.

More from the author
Secure Coding: Preventing Broken Access Control
1h 57m
Apr 24, 2020
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone, my name is Gavin Johnson-Lynn, and welcome to my course, Getting Started with BeEF. I've previously worked in software development for a number of years, and I'm currently an offensive security specialist, BeEF is a penetration testing tool that contains over 200 ready-made commands that can be run against browsers connected to a vulnerable website. Available commands range from simple social engineering attacks to scanning client networks and even executing code on a client machine. In this course, we're going to look at when and how to use BeEF against a website which contains a cross-site scripting vulnerability. Some of the major topics that we'll cover include getting familiar with the BeEF service and interface, sending commands through a remote browser, understanding how BeEF communicates and runs commands, extending client persistence, and finally, automating the BeEF service. By the end of this course, you'll know how to use BeEF to prove the existence of cross-site scripting in a vulnerable website and show how that vulnerability could be leveraged to further endanger the website's users. Before beginning the course, you should have a basic knowledge of HTML and JavaScript and understand how they come together to make a web page work. I hope you'll join me on this journey to learn browser exploitation with the Getting Started with BeEF course, at Pluralsight.