Hooked-browser network with BeEF and Google Drive

D. N. Kolegov; O. V. Broslavsky; N. E. Oleksov

Geodesic

Parcourir par

Hooked-browser network with BeEF and Google Drive

D. N. Kolegov ; O. V. Broslavsky ; N. E. Oleksov

Prikladnaâ diskretnaâ matematika, no. 4 (2015), pp. 72-76.

Voir la notice de l'article provenant de la source Math-Net.Ru

Résumé

At the present time, Browser Exploitation Framework (BeEF) supports experimental WebRTC-based mechanism for implementing a hooked browser meshed-network. The main purpose of this solution is to avoid tracking post-exploitation communication back to BeEF command and control server. We propose an alternate method to provide more anonymity and undetectability for BeEF hooked browser communications. The main idea is to use covert channel communications over known and popular cloud web services, for example Google Drive, by using it as shared resources between BeEF server and hooked browsers. In this case, there is no direct communication between BeEF server and hooked browsers, all of them communicate only with Google API servers. The implementation is based on Google Drive file system primitives and its API. We consider practical issues of this implementation and show how this can be implemented in BeEF.

Keywords: computer security, HTTP, covert channels, web application security, web browsers security, botnets.

@article{PDM_2015_4_a5,
     author = {D. N. Kolegov and O. V. Broslavsky and N. E. Oleksov},
     title = {Hooked-browser network with {BeEF} and {Google} {Drive}},
     journal = {Prikladna\^a diskretna\^a matematika},
     pages = {72--76},
     publisher = {mathdoc},
     number = {4},
     year = {2015},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/PDM_2015_4_a5/}
}

TY  - JOUR
AU  - D. N. Kolegov
AU  - O. V. Broslavsky
AU  - N. E. Oleksov
TI  - Hooked-browser network with BeEF and Google Drive
JO  - Prikladnaâ diskretnaâ matematika
PY  - 2015
SP  - 72
EP  - 76
IS  - 4
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/PDM_2015_4_a5/
LA  - ru
ID  - PDM_2015_4_a5
ER  -

%0 Journal Article
%A D. N. Kolegov
%A O. V. Broslavsky
%A N. E. Oleksov
%T Hooked-browser network with BeEF and Google Drive
%J Prikladnaâ diskretnaâ matematika
%D 2015
%P 72-76
%N 4
%I mathdoc
%U http://geodesic.mathdoc.fr/item/PDM_2015_4_a5/
%G ru
%F PDM_2015_4_a5

D. N. Kolegov; O. V. Broslavsky; N. E. Oleksov. Hooked-browser network with BeEF and Google Drive. Prikladnaâ diskretnaâ matematika, no. 4 (2015), pp. 72-76. http://geodesic.mathdoc.fr/item/PDM_2015_4_a5/

Bibliographie
Cité par

[1] The Browser Exploitation Framework Project, http://beefproject.com/

[2] Alkorn W., Frichot C., Orru M., The Browser Hacker's Handbook, John Wiley Sons, Indianapolis, 2014, 648 pp.

[3] Hooked-Browser Meshed-Networks with WebRTC, http://blog.beefproject.com/2015/01/hooked-browser-meshed-networks-with.html

[4] The Gcat Project, https://github.com/byt3bl33d3r/gcat

[5] The Twittor Project, https://github.com/PaulSec/twittor