Title: Advances in BeEF: RESTful API, WebSockets, XssRays


BeEF is maturing fast: new exploits are added monthly, as well as new cool features to screw your hooked browser and steal your deepest secrets. After a small introduction to BeEF for people new to the project, we'll delve into new must-have features recently added to the core. The RESTful interface is now ready to be used. Imagine you have tens (or potentially hundreds) of hooked browsers that wait for your commands: with a few Ruby scripts (or whatever language that eats JSON) we'll se how to write customized mass-actions for your victims.

WebSockets are being slowly supported by all the major browsers. Right now, we can already have fun with this real-time protocol in Chrome, Safari and Firefox. Instead of XHR polling, if websockets are enabled, we will control the hooked browser almost in real-time. This opens a huge range of new capabilities, like mimicking VNC-like features in order to control the browser. Finally, XssRays enhancements will be presented. Expect a lot of live demos.