Header Ads

Header ADS

Ethical Hacking free courses: Episode 0 5; Browser Hack (Practical 01)

June 03, 2021 0

Ethical Hacking free courses: Episode 5; Browser Hack (Practical 01)


 It is important to use a browser to browse the web , because the browser is the tool that connects you to the web. You can think of a browser as a portal that connects your computer to any website in the world, requests a server, and loads data from the server. Keeping the browser safe is very important, so of course keep the browser updated regularly, and refrain from using erroneous extensions. But even then, the browser can be easily hacked, and to be honest, you do not need to take any action here, which means that it is possible to attack your browser by just clicking the site link without going to any site. And unfortunately many antiviruses can't detect it.

In this part of Ethical Hacking Free course I will discuss about browser hacking. Today we will discuss how to hack a browser, what information can a hacker steal through this hack? How can you stay free from this hack. So let's not talk too much.

What is a browser hack and how?


Browser hacking is a very dangerous method, these hacks are done through Beef attack. If you want to attack Beef, you must have Kali Linux installed on your computer [the next step will show the complete instructions for installing Kali Linux! ]. This attack is not possible without Kali Linux. These attacks are done by a hacker who creates a web page and puts a JavaScript file in the middle of it, you will only visit that link once. Bus you have no more work, you have been hacked. Now whatever you do in your browser, the hacker will be able to monitor it from his PC.

The only thing that works here is that there is a tool in Kali Linux called Beef and it is named after Beef Attack. With that tool, the hacker payload created JavaScript, along with a panel for it. So that the hacker can monitor everything from that panel. That panel is graphical, so the hacker creates an Html file on the web server and attaches the payload JavaScript to it. This time he sent the link to the victim and the victim went to that link but did not get anything. This time he turned around but he didn't understand anything, in fact he had no idea that he had been hacked. As soon as the information goes to the hacker, then the hacker gets control of your browser. And this is how the browser is hacked. This article is very important to avoid this: How to know if it is safe without clicking the malicious link?

Is it possible to get information by hacking the browser?


What information can a hacker get from your browser by hacking the browser? Now the question is, isn't it, brother? In fact, you see the hacker hacked to take the information, right? But here too hackers get a lot of information. It is possible to control everything in a browser by hacking the browser. Whether you use Chrome or Firefox all browsers can steal this information. Below is what information is hacked through browser hacking;
  • Hook sites or sites saved in the browser. Hackers will get a list of the sites you have browsed.
  • Cookies may be stolen. This means that if you are logged in to a site in the browser, all sessions will be stolen. Hackers do not have to login to the site with a new password. Suppose you are logged in to Facebook, your Facebook ID will be auto-logged on the computer of the hacker.
  • You will get a list of common software installed on your computer. For example, if you use Microsoft Office, you will be hacked, the hacker will understand that you are using Microsoft Office, maybe there is an error in your version, and will attack in the same way.
  • There is an extension called LastPass from which data can be stolen. It is better to say that the most popular password manager now is LastPass, so everyone understands how risky it is. Although it contains encrypted data, it is also possible to decrypt it.
  • All information can be stolen from your browser's toolbar and bookmarks.
  • You can turn your webcam on or off.
  • Moreover, the biggest thing is that it can take you to phishing sites or other sites by forwarding the site, again it can force you to download payload on your computer again and again. This means that with the browser you will want to type the address to Google, but go to the hacker's fake site, and your browser will invite new malware to the computer.
  • This may force you to login fakely, as if you are running Facebook, this time popup login option is up, saying re-login at the end of your session. You will login to the pop-up login option without understanding anything. And diameter, the password is gone, so of course it is very important to turn on two-factor verification. The hacker will not be able to login your ID even after stealing your password.

There are many things that can be done that cannot be done through my writing. It is not possible to show its busy use in practice, then it will be a complete black hat hacking. Below I will teach you how to do this attack. But you must use it ethically, you must not attack anyone, you must take permission. Now here is another question, what is the use of an ethical hacker knowing about such a hack attack? Look, you're a security specialist, which means you have to be the father of Blackhat too. You may have to carry out such an attack to check the security of the computer browser or to see if the internet security software is working properly. But of course it cannot be run against anyone.

How to Beef Attack?

There are two steps to Beef Attack, first you need to configure your local system and second you need to hook the browser you want to hack. The trick is to install a tracking device in that browser, which will always be able to reach you with all the details. BeEF is basically a buildin tool for Linux, so you don't need to download or install it anew.

Start beef

The Beef tool has a graphical interface through which you can monitor everything. So first you have to get your system ready. So let's take a look at what we feel about this attack.
  • Of course a computer or raspberry pie
  • Ink Linux operating system
  • All ports on your internet connection and network must be open (scanning ports that have been opened will be discussed in detail in the next section).
  • Keep a cool head, and focus on the task at hand.

Now it's your turn to run the Beef tool on your computer and configure it. There are two ways you can run a beef tool. Since this is an application, so  “Applications” -> “Kali Linux” -> “System Services” -> “BeEF” -> “beef start.”  - Once here, the beef tool will run. If you want, you can open the Linux terminal and   enter the command "cd / usr / share / beef-xss
./beef" to run the beef tool.


By running Beef Tool, all the necessary services will be run on your computer and your control panel will also be created. You will need to access your Control Panel using any browser on your local host (127.0.01). The Beef Control Panel opens at 3000 ports. So type the following address in the browser to enter the panel.

http: // localhost: 3000 / ui / authentication

Then a login page will open and you need to login to the panel. By default the username and password is "beef" - as soon as you enter the diameter credentials you will be able to access this power tool and hack any web browser. The interface shown in the screenshot below is an image of my local host, and here is a list of your hacked browsers.


Browser hooking

The main purpose of this tool is that you must hook the victim's browser. This means that a code has to be loaded into the browser so that the browser can send all the information to you. Usually you have to install the hook code on a web server, maybe on your own website or any website that you have to control. Now you have to enter your victim on that site, you have to enter him in your link using social engineering, now just open the affected site and the hook code will be injected in the browser.

Beef Hook is basically a JavaScript file, usually called "hook.js". Future tutorials will show you how to create a hook file, and how to inject a hook file into Victim's browser in different ways. Then I will explain in detail, how you can add this Java file to the webpage. In the screenshot below I hooked up a computer browser on my local network, you can see it is Internet Explorer 7 running on the old Windows XP OS.


So once you are able to successfully hook someone's browser, you will have to run many types of malicious activity. There are many types of commands to run and a lot of information to grab. If you look at the screenshot below, you will understand how much can be done with a hooked browser. However, all these detailed tutorials will come in the next episodes, because there are still many things to be clarified. You have to give a good idea about the port. You need to learn how to inject files on a web server, starting with installing Linux and discussing the basic interface. You can call this post just a demo post, from which you will get an idea, in fact, you will learn from this course what kind of advanced subject to learn later and practical. However, this subject must be taught 100%, but a little patience.


How to keep your browser free from hackers?


Let's move on to our real business, which means that as an ethical hacker you must have knowledge of how to carry out any attack, similarly you must have a clear knowledge of what to do to prevent that attack. Although this attack is capable of doing all sorts of horrible things, but it is absolutely normal to prevent. And this type of security has been discussed a lot on all the sites of Sabuj Bangla TV.

First of all, you must always keep your internet browser and any internet tool updated to the latest version. You need to keep your operating system up-to-date at all times, to show that you can't turn off Windows Update because you are reluctant to spend data, otherwise you are trying to figure out what the consequences might be.


Of course, don't install unfamiliar and unfamiliar browser extensions, just download the extension from the official website. You need to use ad blocker, it will not run malicious scripts. And the most important step here is, of course, do not save your passwords in the browser. Because it will be easier to get them, it would be better to use LastPass  Password Manager , because it has all the data encrypted — and lastly you must use VPN , it will never get the real IP address of your computer hacker, it will have temp IP, from which He will be disconnected next time.   


Hopefully, you have got the complete idea of ​​hacking web browsers from this complete article and some of the issues are shown here in practice. Browser hooking will be taught in the next episode, but there is much more to learn before that, which will be discussed in more detail in the next episode. Since this is an ethical hacking course, the issues must be used for ethical purposes, the system must be given security, it is not our job to hack anyone. In the next episode, I will come up with something more extraordinary, until then everyone will be fine. So many thanks so far today for bothering to read this post to the end.

Hope everybody on this site also had a great day.  Stay  well, stay healthy, stay safe with Sobuz  Bangla  TV . Thanks. God bless you.  

Green  Bangla  TV YouTube Channel Link : -

https://www.youtube.com/c/SobuzBanglaTV2019  


Tags:

No comments

Subscribe to: Post Comments ( Atom )
Powered by Blogger.