5

I'm wondering how can BeEF do a ping request, port scan or other things that heavily rely on interacting with lower levels of the operating system (OS)?

I used to think that JavaScript cannot access OS functions and APIs. So, how does BeEF do that?

P.S: I've already read other questions but I wasn't satisfied with the answers:

Community
  • 1
Jeremy Mc
  • 59
  • 3
  • 1
    Why do you think it needs access to the lower levels of an operating system to use the network? – schroeder Oct 08 '16 at 15:26
  • 2
    A Google search for "beef ping sweep" returns: https://github.com/beefproject/beef/wiki/Module%3A-Ping-Sweep The page explains that it uses XMLHttpRequest, which is part of the browser. – schroeder Oct 08 '16 at 15:28
  • To add to what schroeder said, XMLHttp has been available to JavaScript in browsers since IE 5.5 introduced it in 1999. Also, JavaScript is frequently used to talk to APIs. WebRTC is a somewhat newer technology and offers a lot of intriguing and potentially scary possibilities. Not sure if BeEF makes use of it, though. – CrunchBangDev Nov 23 '16 at 20:53

1 Answers1

2

In BeEF, a ping is not an ICMP ping request, and a port scan does not mean a SYN scan (or any of the other common port scanning methods you'd find in nmap for instance). Instead BeEF uses standard web APIs that make layer 7 network requests (HTTP/FTP/WS) and measures the timing of these API calls to determine whether a host was up or a port open.

There are three different techniques BeEF uses for this purpose:

  • Cross-Origin XMLHttpRequests
  • HTML Image elements with onerror/onload event listeners
  • WebSockets

The ping module uses Cross-Origin XMLHttpRequests only, while the port scan module uses all three. BeEF never accesses OS-level networking functionality and cannot send ICMP ping requests or do a TCP SYN scan.

jupenur
  • 441
  • 3
  • 8