The Browser Exploit Framework (BeEF) Project is extremely popular with application pentesters as it is a powerful tool for demonstrating the impacts of leveraging XSS vulnerabilities to achieve wider compromise into an organization. What if, however, we flipped the BeEF use-case around and instead put it in the hands of web application defenders? By using the open source ModSecurity WAF, we can dynamically hook web attackers with BeEF and monitor their activities and initiate various counter-meseasures.
