For detailed information about BeEF see my previous posts related to Browser exploitation framework.
Today we going to use Pretty Theft Module in BeEF to compromise the credentials of Facebook.
The pretty theft module is a phishing module that uses floating divs to create legitimate looking fake login boxes that are displayed in the browser.
Pretty theft module was originally created by Nickosaurus Hax and You can look at code here.
Currently its supports Safari, Firefox, Chrome, Opera (User is notified) browsers.
It’s a simple little module that will use a lightbox-style effect to darken the user’s browser and pop up a new div stating that their session has timed out – and that they need to reauthenticate. It also has the option to provide an image to put in the header of the div, so if you like, you can use the compromised site’s logo / favicon to make it feel a touch more authentic. Once the user has provided their user and password again, the page returns to its previous state, and you have their creds.
A potential extension for this module could be to use the collected creds to authenticate to a given login page in order to test the user’s credentials before returning them to the site.
This will have some other implications if the application doesn’t support multiple concurrent sessions, but would provide further authenticity to the user who couldn’t just enter in fake creds and be on their merry may.
If we want to try to Social Engineer them and grab their Facebook credentials we can go to the Social Engineering tab and click “Pretty Theft”. And then ‘Execute’.
Here i exploited the victims browser with XSS and executed the pretty theft command…
On the victim’s browser a pop up will appear.
Oh no! My Facebook timed out!
If the user fills in their creds and hits Log in, this appears in the BeEF control panel