Cenzic 232 Patent
Paid Advertising
web application security lab

Interesting Video Of BeEF and a Rickroll

This is more amusing than anything but if you aren’t familiar with the term Rickroll you should read this first. Click on the link in the article at your own risk - it’s very very annoying. Basically it’s the same old link bomb fun that we have all come to know and love that stops the browser from closing by tons of alerts (I’ve never been sure why the webpage gets to control if the app closes or not). Anyway…

If you aren’t familiar with BeEF, Josh Abraham made a video of himself testing BeEF against himself. He shows how Rickrolls can be used against the user. We are assuming that at this point the attacker has already done everything they wanted to do against the user, and now they are content with annoying them with annoying web-pages. It’s a big video but it definitely shows the power of BeEF as an attack platform.

5 Responses to “Interesting Video Of BeEF and a Rickroll”

  1. John Says:

    Ran across this about 2-3 months ago and was going to post about it but I lost the link when I had to ctrl-alt-del Firefox. The modal dialogs really dont have a place in the modern browser and shouldn’t interfere with the user closing the tab/window.

  2. loveshell Says:

    hello
    there is a xss in https://www.google.com

    poc:https://www.google.com/accounts/ServiceLogin?service=mail&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&ltmpl=default&ltmplcache=2&passive=truel#”>alert(’xss’)&1-=1

    exploit:http://www.loveshell.net/blog/blogview.asp?logID=262

    can i have your email?you can contact me by my email :)

  3. ChrisP Says:

    Never gonna give you up … ARGH - it won’t get out of my head!

  4. David Byrne Says:

    Heh. I’ve never heard of a Rickroll before, but it is far better than clicking on some link and seeing tub-girl or goatse. I am happy to say that has never happened to me either.

  5. NA Says:

    Just remember to preview your tinyurls and other links.
    Also disabling javascript/noscript is useful.