A new extension is available to detect and combat BeEF (Browser Exploit Framework Attacks) when installed on the Chrome browser. Brian Wallace, an engineer and security researcher in an advanced research team at Cylance (a cybersecurity firm), developed and released the Chrome extension that’s aptly named Vegan.
The availability of the extension was made public with a simple tweet posted by Wallace, saying:
I found it weird that I couldn't find a working method to avoid BeEF hooks in my browser…so I made one. http://t.co/h4o4clbk3M
— bwall (@botnet_hunter) June 25, 2015
BeEF and its usage
BeEF or The Browser Exploitation Framework is a frequently used penetrating testing tool that targets browsers. It is used by security researchers, white-hat hackers, penetration testers and attackers. Popular for its multifunctional control panel, it allows the user to deploy remote attacks to a browser and helps with the stealing/siphoning of browser and user data.
- The BeEF tool is open-source and is used to test and exploit browser-based vulnerabilities as well as exploiting web applications.
- It’s important to note that the BeEF is legitimately by white-hat hackers and security researchers. Inversely, it’s also used by malicious hackers and attackers for illegal hacking and data-breaches.
Vegan, a capable open-source BeEF blocker
In a blog entry, Wallace adds that Vegan is open source and proof of concept. He acknowledges that while the extension can detect and block attacks, it cannot simply stop attacks outright.
This is due to the fact that the extension at its genesis is built on a Snort rule that’s truncated. In other words, with a little ingenuity and hacking prowess, it can be bypassed. The Snort rule looks for clients using HTTP to communicate with remote servers also on HTTP while helping to detect BeEF intrusions that runs with a default configuration. The rule also spots instances of BeEF trying to communicate with the browser over an unencrypted HTTP connection.
The rule can be bypassed by an attacker by modifying the default configuration file by changing the name of the cookie that’s used by Vegan.
“From the BeEF configuration file, we can see that we can change not only this cookie name, but quite a few other values, including other cookie names,” Wallace adds.
Despite the nature of the tool, Wallace, a security researcher by profession is a fan of BeEF.
“[BeEF] is a useful tool for offensive security researchers looking to test out attacks against browsers, as well as further gaining access during penetration testing. While this tool is well known, any protections against it are not,” noted Wallace.
Vegan can be downloaded and installed onto your Chrome browser, here.