Segnalo l'esistenza di questo interessante progetto chiamato BeEF ^[1].

Dalla homepage del progetto:

BeEF is the browser exploitation framework. A professional tool to demonstrate the real-time impact of browser vulnerabilities. Development has focused on creating a modular structure making new module development a trivial process with the intelligence residing within BeEF.

Current modules include the first public Inter-protocol Exploit, a traditional browser overflow exploit, port scanning, keylogging, clipboard theft and more. The modules are aimed to be a representative set of current browser attacks - with the notable exception of launching cross-site scripting viruses.

Un video dimostrativo può essere reperito al seguente url:

http://v2s.org/~jabra/bt3-beef.avi ^[2]

In due parole si tratta di un framework modulare che mira a dimostrare e sfruttare l'impatto delle vulnerabilità legate ai web browser.

Autore

Mirko Iodice
mirko -at- notageek (.dot) it