DoS attacks servers, flooding them with requests to the point they can no longer respond. Browsers through, present another attack vector.
The Browser Exploitation Framework (BeEF) is penetration testing tool that targets the browser. It goes beyond the webserver and its associated security defences and aims to attack the browser directly to see whether it can be hijacked and used as point to launch further attacks.
From a pentester's viewpoint, it is probably the next set tests to try, after attempting a DoS and DDoS attack.
For the next example, make sure you have a vulnerable copy of Windows installed - check with your teacher. We are going to use the javavacript fille
hook.js on an html page which is going to be detected by BeEF on Kali Linux machine from which we are going to launch further attacks.
Download some code for creating your own html file. Code
The situation we've used in slightely artificial in that we hard coded the
hook.js file into the structure of the web page. In real life, we might spoof the site with a button containing a suitable tempting image which tricks the user into installing the file.
The BeEF program detects the click and tells the pentester that they are ready to begin a series of attacks. Try a few yourself, not forgetting the key which tells you which work and are undetectable, those that work but can be detected, those which haven't been tested and those that won't.
Unlike Metasploit, the payloads or hacks are seaprated out into different categories based on the operating system. Instead they are orientated towards browsers and different applications.
Moving onto the next level we combine the use of BeEF to hook into a browser to establish a persistent link between the attack computer and target and then use Metasploit to create a payload to open a meterpreter session so the computer is pwned.