diff --git a/beef b/beef index d7790fc99..7d8dd55b9 100755 --- a/beef +++ b/beef @@ -243,6 +243,8 @@ BeEF::Core::Console::Banners.print_loaded_extensions BeEF::Core::Console::Banners.print_loaded_modules BeEF::Core::Console::Banners.print_network_interfaces_count BeEF::Core::Console::Banners.print_network_interfaces_routes +BeEF::Core::Console::Banners.print_http_proxy +BeEF::Core::Console::Banners.print_dns # # @note Prints the API key needed to use the RESTful API diff --git a/core/main/configuration.rb b/core/main/configuration.rb index 7a3f73735..45a9f2d66 100644 --- a/core/main/configuration.rb +++ b/core/main/configuration.rb @@ -26,7 +26,6 @@ module BeEF begin # open base config @config = load(config) - # set default value if key? does not exist @config.default = nil @@config = config rescue StandardError => e @@ -156,7 +155,7 @@ module BeEF "#{beef_proto}://#{beef_host}:#{beef_port}" end - # Returns the hool path value stored in the config file + # Returns the hook path value stored in the config file # # @return [String] hook file path def hook_file_path diff --git a/core/main/console/banners.rb b/core/main/console/banners.rb index d7749e163..d4d703928 100644 --- a/core/main/console/banners.rb +++ b/core/main/console/banners.rb @@ -134,6 +134,29 @@ module BeEF print_info "Starting WebSocketSecure server on wss://[#{config.beef_host}:#{config.get('beef.http.websocket.secure_port').to_i} [timer: #{ws_poll_timeout}]" end end + + # Print WebSocket servers + # + def print_http_proxy + config = BeEF::Core::Configuration.instance + print_info "HTTP Proxy: http://#{config.get('beef.extension.proxy.address')}:#{config.get('beef.extension.proxy.port')}" + end + + def print_dns + address = nil + port = nil + protocol = nil + + # TODO: fix the following reference - extensions/dns/api.rb + # servers, interfaces, address, port, protocol, upstream_servers = get_dns_config # get the DNS configuration + + # Print the DNS server information + unless address.nil? || port.nil? || protocol.nil? + print_info "DNS Server: #{address}:#{port} (#{protocol})" + print_more upstream_servers unless upstream_servers.empty? + end + end + end end end diff --git a/extensions/dns/api.rb b/extensions/dns/api.rb index 9722a416e..f34de49c8 100644 --- a/extensions/dns/api.rb +++ b/extensions/dns/api.rb @@ -24,8 +24,23 @@ module BeEF # # @param http_hook_server [BeEF::Core::Server] HTTP server instance def self.pre_http_start(_http_hook_server) - dns_config = BeEF::Core::Configuration.instance.get('beef.extension.dns') + servers, interfaces, address, port, protocol, upstream_servers = get_dns_config # get the DNS configuration + + # Start the DNS server dns = BeEF::Extension::Dns::Server.instance + dns.run(upstream: servers, listen: interfaces) + end + + def self.print_dns_info + servers, interfaces, address, port, protocol, upstream_servers = get_dns_config # get the DNS configuration + + # Print the DNS server information + print_info "DNS Server: #{address}:#{port} (#{protocol})" + print_more upstream_servers unless upstream_servers.empty? + end + + def self.get_dns_config + dns_config = BeEF::Core::Configuration.instance.get('beef.extension.dns') protocol = begin dns_config['protocol'].to_sym @@ -52,10 +67,7 @@ module BeEF end end - dns.run(upstream: servers, listen: interfaces) - - print_info "DNS Server: #{address}:#{port} (#{protocol})" - print_more upstream_servers unless upstream_servers.empty? + return servers, interfaces, address, port, protocol, upstream_servers end # Mounts the handler for processing DNS RESTful API requests. diff --git a/extensions/dns/dns.rb b/extensions/dns/dns.rb index c25574028..2f460a84b 100644 --- a/extensions/dns/dns.rb +++ b/extensions/dns/dns.rb @@ -15,9 +15,11 @@ module BeEF def initialize super() + logger.level = Logger::ERROR @lock = Mutex.new @database = BeEF::Core::Models::Dns::Rule @data_chunks = {} + @server_started = false end # Adds a new DNS rule. If the rule already exists, its current ID is returned. @@ -118,6 +120,7 @@ module BeEF @lock.synchronize do Thread.new do EventMachine.next_tick do + next if @server_started # Check if the server was already started upstream = options[:upstream] || nil listen = options[:listen] || nil @@ -132,6 +135,7 @@ module BeEF begin # super(:listen => listen) Thread.new { super() } + @server_started = true # Set the server started flag rescue RuntimeError => e if e.message =~ /no datagram socket/ || e.message =~ /no acceptor/ # the port is in use print_error "[DNS] Another process is already listening on port #{options[:listen]}" @@ -146,6 +150,14 @@ module BeEF end end + def stop + return unless @server_started # Check if the server was started + + # Logic to stop the Async::DNS server + puts EventMachine.stop if EventMachine.reactor_running? + @server_started = false # Reset the server started flag + end + # Entry point for processing incoming DNS requests. Attempts to find a matching rule and # sends back its associated response. # diff --git a/extensions/proxy/api.rb b/extensions/proxy/api.rb index 3f8f5e620..a5f95d7d0 100644 --- a/extensions/proxy/api.rb +++ b/extensions/proxy/api.rb @@ -18,7 +18,6 @@ module BeEF BeEF::Extension::Proxy::Proxy.new end end - print_info "HTTP Proxy: http://#{config.get('beef.extension.proxy.address')}:#{config.get('beef.extension.proxy.port')}" end def self.mount_handler(beef_server) diff --git a/extensions/qrcode/qrcode.rb b/extensions/qrcode/qrcode.rb index 1d66e0be2..e55ccd3d1 100644 --- a/extensions/qrcode/qrcode.rb +++ b/extensions/qrcode/qrcode.rb @@ -32,11 +32,7 @@ module BeEF # Retrieve the list of network interfaces from BeEF::Core::Console::Banners interfaces = BeEF::Core::Console::Banners.interfaces - # Check if the interfaces variable is nil, indicating that network interfaces are not available - if interfaces.nil? - print_error "[QR] Error: Network interfaces information is unavailable." - print_error "[QR] Error: This will be acceptable during testing." - else + if not interfaces.nil? and not interfaces.empty? # If interfaces are available, iterate over each network interface # If interfaces are available, iterate over each network interface interfaces.each do |int| # Skip the loop iteration if the interface address is '0.0.0.0' (which generally represents all IPv4 addresses on the local machine) diff --git a/spec/beef/api/auth_rate_spec.rb b/spec/beef/api/auth_rate_spec.rb index ac878b08d..4a7589882 100644 --- a/spec/beef/api/auth_rate_spec.rb +++ b/spec/beef/api/auth_rate_spec.rb @@ -1,139 +1,71 @@ -# # -# # Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net -# # Browser Exploitation Framework (BeEF) - https://beefproject.com -# # See the file 'doc/COPYING' for copying permission -# # +# +# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - https://beefproject.com +# See the file 'doc/COPYING' for copying permission +# -# RSpec.describe 'BeEF API Rate Limit' do +RSpec.describe 'BeEF API Rate Limit' do -# before(:all) do -# @config = BeEF::Core::Configuration.instance -# @config.set('beef.credentials.user', "beef") -# @config.set('beef.credentials.passwd', "beef") -# @username = @config.get('beef.credentials.user') -# @password = @config.get('beef.credentials.passwd') - -# # Load BeEF extensions and modules -# # Always load Extensions, as previous changes to the config from other tests may affect -# # whether or not this test passes. -# print_info "Loading in BeEF::Extensions" -# BeEF::Extensions.load -# sleep 2 + before(:each) do + @pid = start_beef_server_and_wait + @username = @config.get('beef.credentials.user') + @password = @config.get('beef.credentials.passwd') + end -# # Check if modules already loaded. No need to reload. -# if @config.get('beef.module').nil? -# print_info "Loading in BeEF::Modules" -# BeEF::Modules.load + after(:each) do + # Shutting down server + Process.kill("KILL", @pid) unless @pid.nil? + Process.wait(@pid) unless @pid.nil? # Ensure the process has exited and the port is released + @pid = nil + end -# sleep 2 -# else -# print_info "Modules already loaded" -# end + it 'confirm correct creds are successful' do + test_api = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', @username, @password) + expect(@config.get('beef.credentials.user')).to eq('beef') + expect(@config.get('beef.credentials.passwd')).to eq('beef') + expect(test_api.auth()[:payload]).not_to eql("401 Unauthorized") + expect(test_api.auth()[:payload]["success"]).to be(true) # valid pass should succeed + end + + it 'confirm incorrect creds are unsuccessful' do + sleep 0.5 + test_api = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', @username, "wrong_passowrd") + expect(test_api.auth()[:payload]).to eql("401 Unauthorized") # all (unless the valid is first 1 in 10 chance) + end + + it 'adheres to 9 bad passwords then 1 correct auth rate limits' do + # create api structures with bad passwords and one good + passwds = (1..9).map { |i| "bad_password"} # incorrect password + passwds.push @password # correct password + apis = passwds.map { |pswd| BeefRestClient.new('http', ATTACK_DOMAIN, '3000', @username, pswd) } -# # Grab DB file and regenerate if requested -# print_info "Loading database" -# db_file = @config.get('beef.database.file') + (0..apis.length-1).each do |i| + test_api = apis[i] + expect(test_api.auth()[:payload]).to eql("401 Unauthorized") # all (unless the valid is first 1 in 10 chance) + end + end + + it 'adheres to random bad passords and 1 correct auth rate limits' do + # create api structures with bad passwords and one good + passwds = (1..9).map { |i| "bad_password"} # incorrect password + passwds.push @password # correct password + apis = passwds.map { |pswd| BeefRestClient.new('http', ATTACK_DOMAIN, '3000', @username, pswd) } -# if BeEF::Core::Console::CommandLine.parse[:resetdb] -# print_info 'Resetting the database for BeEF.' -# File.delete(db_file) if File.exist?(db_file) -# end + apis.shuffle! # random order for next iteration + apis = apis.reverse if (apis[0].is_pass?(@password)) # prevent the first from having valid passwd -# # Load up DB and migrate if necessary -# ActiveRecord::Base.logger = nil -# OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')] -# OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file) -# # otr-activerecord require you to manually establish the connection with the following line -# #Also a check to confirm that the correct Gem version is installed to require it, likely easier for old systems. -# if Gem.loaded_specs['otr-activerecord'].version > Gem::Version.create('1.4.2') -# OTR::ActiveRecord.establish_connection! -# end - -# # Migrate (if required) -# ActiveRecord::Migration.verbose = false # silence activerecord migration stdout messages -# context = ActiveRecord::Migration.new.migration_context -# if context.needs_migration? -# ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration, context.internal_metadata).migrate -# end - -# sleep 2 - -# BeEF::Core::Migration.instance.update_db! - -# # Spawn HTTP Server -# print_info "Starting HTTP Hook Server" -# http_hook_server = BeEF::Core::Server.instance -# http_hook_server.prepare - -# # Generate a token for the server to respond with -# BeEF::Core::Crypto::api_token - -# # Initiate server start-up -# @pids = fork do -# BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) -# end -# @pid = fork do -# http_hook_server.start -# end - -# # Give the server time to start-up -# sleep 3 - -# # Try to connect 3 times -# (0..2).each do |again| -# # Authenticate to REST API & pull the token from the response -# if @response.nil? -# print_info "Try to connect: " + again.to_s -# begin -# creds = { 'username': "#{@username}", 'password': "#{@password}" }.to_json -# @response = RestClient.post "#{RESTAPI_ADMIN}/login", creds, :content_type => :json -# rescue RestClient::ServerBrokeConnection, Errno::ECONNREFUSED # likely to be starting up still -# rescue => error -# print_error error.message -# end -# print_info "Rescue: sleep for 10 and try to connect again" -# sleep 10 -# end -# end -# expect(@response) .to be_truthy # confirm the test has connected to the server -# print_info "Connection with server was successful" -# @token = JSON.parse(@response)['token'] -# end - -# after(:all) do -# print_info "Shutting down server" -# Process.kill("KILL",@pid) unless @pid.nil? -# Process.kill("KILL",@pids) unless @pid.nil? -# end - -# xit 'adheres to auth rate limits' do -# passwds = (1..9).map { |i| "broken_pass"} -# passwds.push BEEF_PASSWD -# apis = passwds.map { |pswd| BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, pswd) } -# l = apis.length -# (0..2).each do |again| # multiple sets of auth attempts -# # first pass -- apis in order, valid passwd on 9th attempt -# # subsequent passes apis shuffled -# print_info "Starting authentication attempt sequence #{again + 1}. The valid password is placed randomly among failed attempts." -# (0..50).each do |i| -# test_api = apis[i%l] -# expect(test_api.auth()[:payload]).to eql("401 Unauthorized") # all (unless the valid is first 1 in 10 chance) -# end -# # again with more time between calls -- there should be success (1st iteration) -# print_info "Initiating delayed authentication requests to test successful authentication with correct credentials." -# print_info "Delayed requests are made to simulate more realistic login attempts and verify rate limiting." -# (0..(l*2)).each do |i| -# test_api = apis[i%l] -# if (test_api.is_pass?(BEEF_PASSWD)) -# expect(test_api.auth()[:payload]["success"]).to be(true) # valid pass should succeed -# else -# expect(test_api.auth()[:payload]).to eql("401 Unauthorized") -# end -# sleep(0.5) -# end -# apis.shuffle! # new order for next iteration -# apis = apis.reverse if (apis[0].is_pass?(BEEF_PASSWD)) # prevent the first from having valid passwd -# end # multiple sets of auth attempts -# end + (0..apis.length-1).each do |i| + test_api = apis[i] + if (test_api.is_pass?(@password)) + sleep 0.5 + expect(@config.get('beef.credentials.user')).to eq('beef') + expect(@config.get('beef.credentials.passwd')).to eq('beef') + expect(test_api.auth()[:payload]).not_to eql("401 Unauthorized") + expect(test_api.auth()[:payload]["success"]).to be(true) # valid pass should succeed + else + expect(test_api.auth()[:payload]).to eql("401 Unauthorized") + end + end + end -# end +end diff --git a/spec/beef/core/main/command_spec.rb b/spec/beef/core/main/command_spec.rb index c060a26b0..e03b4336a 100644 --- a/spec/beef/core/main/command_spec.rb +++ b/spec/beef/core/main/command_spec.rb @@ -1,12 +1,13 @@ RSpec.describe 'BeEF Command class testing' do before(:each) do # Reset or re-initialise the configuration to a default state - config = File.expand_path('../../../support/assets/config_old.yaml', __dir__) - @config_instance = BeEF::Core::Configuration.new(config) + # @config_instance = BeEF::Core::Configuration.instance end it 'should return a beef configuration variable' do - BeEF::Modules.load + expect { + BeEF::Modules.load if BeEF::Core::Configuration.instance.get('beef.module').nil? + }.to_not raise_error command_mock = BeEF::Core::Command.new('test_get_variable') expect(command_mock.config.beef_host).to eq('0.0.0.0') diff --git a/spec/beef/core/main/configuration_spec.rb b/spec/beef/core/main/configuration_spec.rb index 315bb3740..caafdc88b 100644 --- a/spec/beef/core/main/configuration_spec.rb +++ b/spec/beef/core/main/configuration_spec.rb @@ -2,25 +2,29 @@ RSpec.configure do |config| end RSpec.describe 'BeEF Configuration' do - before(:context, :type => :old ) do - config = File.expand_path('../../../support/assets/config_old.yaml', __dir__) - @config_instance = BeEF::Core::Configuration.new(config) - end before(:context) do @config_instance = BeEF::Core::Configuration.instance + + @original_http_host = @config_instance.get('beef.http.host') + @original_http_port = @config_instance.get('beef.http.port') + @original_http_https = @config_instance.get('beef.http.https.enable') + @original_http_public_host = @config_instance.get('beef.http.public.host') + @original_http_public_port = @config_instance.get('beef.http.public.port') + @original_http_public_https = @config_instance.get('beef.http.public.https') + @original_http_hook_file = @config_instance.get('beef.http.hook_file') end - context 'configuration validation', :type => :old do - it 'should error when using hold public config' do - @config_instance.set('beef.http.public', 'example.com') - expect(@config_instance.validate).to eq(nil) - end - - it 'should error when using old public_port config' do - @config_instance.set('beef.http.public_port', 443) - expect(@config_instance.validate).to eq(nil) - end + after(:context) do + # Reset the configuration values + # This is important as the tests may change the configuration values + @config_instance.set('beef.http.host', @original_http_host) + @config_instance.set('beef.http.port', @original_http_port) + @config_instance.set('beef.http.https.enable', @original_http_https) + @config_instance.set('beef.http.public.host', @original_http_public_host) + @config_instance.set('beef.http.public.port', @original_http_public_port) + @config_instance.set('beef.http.public.https', @original_http_public_https) + @config_instance.set('beef.http.hook_file', @original_http_hook_file) end context 'http local host configuration values' do diff --git a/spec/beef/core/modules_spec.rb b/spec/beef/core/modules_spec.rb index f02b7a805..f9cb31937 100644 --- a/spec/beef/core/modules_spec.rb +++ b/spec/beef/core/modules_spec.rb @@ -2,7 +2,7 @@ RSpec.describe 'BeEF Modules' do it 'loaded successfully' do expect { - BeEF::Modules.load + BeEF::Modules.load if BeEF::Core::Configuration.instance.get('beef.module').nil? }.to_not raise_error modules = BeEF::Core::Configuration.instance.get('beef.module').select do |k,v| diff --git a/spec/beef/extensions/dns_spec.rb b/spec/beef/extensions/dns_spec.rb index 0881b673d..91bb1634e 100644 --- a/spec/beef/extensions/dns_spec.rb +++ b/spec/beef/extensions/dns_spec.rb @@ -11,6 +11,11 @@ RSpec.describe 'BeEF Extension DNS' do @dns = BeEF::Extension::Dns::Server.instance end + after(:all) do + # Stop the DNS server after each test case + BeEF::Extension::Dns::Server.instance.stop # this might not be needed? + end + it 'loaded configuration' do config = @config.get('beef.extension.dns') expect(config).to have_key('protocol') diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 2216e6f87..6858b3bb4 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -21,7 +21,7 @@ Dir['spec/support/*.rb'].each do |f| require f end -ENV['RACK_ENV'] ||= 'test' +ENV['RACK_ENV'] ||= 'test' # Set the environment to test ARGV.clear ## BrowserStack config @@ -34,7 +34,6 @@ class Capybara::Selenium::Driver < Capybara::Driver::Base end TASK_ID = (ENV['TASK_ID'] || 0).to_i -print_info ENV['CONFIG_FILE'] CONFIG_FILE = ENV['CONFIG_FILE'] || 'windows/win10/win10_chrome_81.config.yml' CONFIG = YAML.safe_load(File.read("./spec/support/browserstack/#{CONFIG_FILE}")) CONFIG['user'] = ENV['BROWSERSTACK_USERNAME'] || '' @@ -89,4 +88,120 @@ RSpec.configure do |config| Process.kill('KILL', server_pid) Process.kill('KILL', server_pids) end + +######################################## + +require 'socket' + + def port_available? + socket = TCPSocket.new(@host, @port) + socket.close + false # If a connection is made, the port is in use, so it's not available. + rescue Errno::ECONNREFUSED + true # If the connection is refused, the port is not in use, so it's available. + rescue Errno::EADDRNOTAVAIL + true # If the connection is refused, the port is not in use, so it's available. + end + + def configure_beef + # Reset or re-initialise the configuration to a default state + @config = BeEF::Core::Configuration.instance + + @config.set('beef.credentials.user', "beef") + @config.set('beef.credentials.passwd', "beef") + @config.set('beef.http.https.enable', false) + end + + # Load the server + def load_beef_extensions_and_modules + # Load BeEF extensions + BeEF::Extensions.load + + # Load BeEF modules only if they are not already loaded + BeEF::Modules.load if @config.get('beef.module').nil? + end + + def start_beef_server + configure_beef + @port = @config.get('beef.http.port') + @host = @config.get('beef.http.host') + @host = '127.0.0.1' + + exit unless port_available? + load_beef_extensions_and_modules + + # Grab DB file and regenerate if requested + db_file = @config.get('beef.database.file') + + if BeEF::Core::Console::CommandLine.parse[:resetdb] + File.delete(db_file) if File.exist?(db_file) + end + + # Load up DB and migrate if necessary + ActiveRecord::Base.logger = nil + OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')] + OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file) + # otr-activerecord require you to manually establish the connection with the following line + #Also a check to confirm that the correct Gem version is installed to require it, likely easier for old systems. + if Gem.loaded_specs['otr-activerecord'].version > Gem::Version.create('1.4.2') + OTR::ActiveRecord.establish_connection! + end + + # Migrate (if required) + ActiveRecord::Migration.verbose = false # silence activerecord migration stdout messages + context = ActiveRecord::Migration.new.migration_context + if context.needs_migration? + ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration, context.internal_metadata).migrate + end + BeEF::Core::Migration.instance.update_db! + + # Spawn HTTP Server + # print_info "Starting HTTP Hook Server" + http_hook_server = BeEF::Core::Server.instance + http_hook_server.prepare + + # Generate a token for the server to respond with + BeEF::Core::Crypto::api_token + + # Initiate server start-up + BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) + pid = fork do + http_hook_server.start + end + + return pid + end + + def beef_server_running?(uri_str) + begin + uri = URI.parse(uri_str) + response = Net::HTTP.get_response(uri) + response.is_a?(Net::HTTPSuccess) + rescue Errno::ECONNREFUSED + return false # Connection refused means the server is not running + rescue StandardError => e + return false # Any other error means the server is not running + end + end + + def wait_for_beef_server_to_start(uri_str, timeout: 5) + start_time = Time.now # Record the time we started + until beef_server_running?(uri_str) || (Time.now - start_time) > timeout do + sleep 0.1 # Wait a bit before checking again + end + beef_server_running?(uri_str) # Return the result of the check + end + + def start_beef_server_and_wait + pid = start_beef_server + + if wait_for_beef_server_to_start('http://localhost:3000', timeout: 3) + # print_info "Server started successfully." + else + print_error "Server failed to start within timeout." + end + + pid + end + end diff --git a/spec/support/simple_rest_client.rb b/spec/support/simple_rest_client.rb index 3d2f723ff..d09b3b6f8 100644 --- a/spec/support/simple_rest_client.rb +++ b/spec/support/simple_rest_client.rb @@ -28,6 +28,7 @@ class BeefRestClient rescue StandardError => e { success: false, payload: e.message } end + def version return { success: false, payload: 'no token' } if @token.nil?