Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1920 from beefproject/browserstack

Browse Source 
BrowserStack Integration
This commit is contained in:
Jack Walker
2020-06-01 09:25:31 +10:00
committed by GitHub
parent fe2dd0ac01 753bc36218
commit 0c768ec54b
58 changed files with 3418 additions and 442 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -19,6 +19,9 @@ extensions/metasploit/msf-exploits.cache
#simplecov
coverage/
# BrowserStack
local.log
# The following lines were created by https://www.gitignore.io
### Linux ###

103
.travis.yml
View File

@@ -1,28 +1,99 @@
language: ruby
rvm:
- 2.5.3
- 2.6.0
- 2.6.3
- 2.6.5
- 2.7.0
- 2.5.3
- 2.6.0
- 2.6.3
- 2.6.5
- 2.7.0
notifications:
email:
recipients:
- wade@bindshell.net
on_success: always
on_failure: always
# safelist
on_success: always
on_failure: always
branches:
only:
- master
- browserstack
before_script:
- RUBY_VERSION=/bin/bash rvm current
- sed -i -E 's/system\((.*?)\)/""/g' /home/travis/.rvm/gems/$RUBY_VERSION/gems/browserstack-local-1.3.0/lib/browserstack/local.rb
env:
- CONFIG_FILE=osx/catalina/catalina_chrome_41.config.yml
- CONFIG_FILE=osx/catalina/catalina_chrome_59.config.yml
- CONFIG_FILE=osx/catalina/catalina_chrome_81.config.yml
- CONFIG_FILE=osx/catalina/catalina_firefox_11.config.yml
- CONFIG_FILE=osx/catalina/catalina_firefox_68esr.config.yml
- CONFIG_FILE=osx/catalina/catalina_firefox_75.config.yml
- CONFIG_FILE=osx/catalina/catalina_safari_13.config.yml
- CONFIG_FILE=osx/elcapitan/elcapitan_chrome_14.config.yml
- CONFIG_FILE=osx/elcapitan/elcapitan_chrome_81.config.yml
- CONFIG_FILE=osx/elcapitan/elcapitan_firefox_7.config.yml
- CONFIG_FILE=osx/elcapitan/elcapitan_firefox_75.config.yml
- CONFIG_FILE=osx/elcapitan/elcapitan_safari_9-1.config.yml
- CONFIG_FILE=osx/snowleopard/snowleopard_chrome_14.config.yml
- CONFIG_FILE=osx/snowleopard/snowleopard_chrome_35.config.yml
- CONFIG_FILE=osx/snowleopard/snowleopard_chrome_49.config.yml
- CONFIG_FILE=osx/snowleopard/snowleopard_firefox_7.config.yml
- CONFIG_FILE=osx/snowleopard/snowleopard_firefox_38esr.config.yml
- CONFIG_FILE=osx/snowleopard/snowleopard_firefox_42.config.yml
- CONFIG_FILE=osx/snowleopard/snowleopard_safari_5-1.config.yml
- CONFIG_FILE=windows/win10/win10_chrome_37.config.yml
- CONFIG_FILE=windows/win10/win10_chrome_59.config.yml
- CONFIG_FILE=windows/win10/win10_firefox_32.config.yml
- CONFIG_FILE=windows/win10/win10_firefox_68esr.config.yml
- CONFIG_FILE=windows/win10/win10_firefox_75.config.yml
- CONFIG_FILE=windows/win10/win10_edge_81.config.yml
- CONFIG_FILE=windows/win10/win10_ie_11.config.yml
- CONFIG_FILE=windows/win8/win8_chrome_22.config.yml
- CONFIG_FILE=windows/win8/win8_chrome_81.config.yml
- CONFIG_FILE=windows/win8/win8_firefox_32.config.yml
- CONFIG_FILE=windows/win8/win8_firefox_75.config.yml
- CONFIG_FILE=windows/win8/win8_edge_81.config.yml
- CONFIG_FILE=windows/win8/win8_ie_10.config.yml
- CONFIG_FILE=windows/xp/xp_chrome_14.config.yml
- CONFIG_FILE=windows/xp/xp_chrome_28.config.yml
- CONFIG_FILE=windows/xp/xp_chrome_43.config.yml
- CONFIG_FILE=windows/xp/xp_firefox_16.config.yml
- CONFIG_FILE=windows/xp/xp_firefox_26.config.yml
- CONFIG_FILE=windows/xp/xp_firefox_45.config.yml
- CONFIG_FILE=windows/xp/xp_ie_7.config.yml
jobs:
include:
- name: "Full Test Suite 2.5.3"
rvm: 2.5.3
env: CONFIG_FILE=windows/win10/win10_chrome_81.config.yml
script: bundle exec rspec
- name: "Full Test Suite 2.6.0"
rvm: 2.6.0
env: CONFIG_FILE=windows/win10/win10_chrome_81.config.yml
script: bundle exec rspec
- name: "Full Test Suite 2.6.3"
rvm: 2.6.3
env: CONFIG_FILE=windows/win10/win10_chrome_81.config.yml
script: bundle exec rspec
- name: "Full Test Suite 2.6.5"
rvm: 2.6.5
env: CONFIG_FILE=windows/win10/win10_chrome_81.config.yml
script: bundle exec rspec
- name: "Full Test Suite 2.7.0"
rvm: 2.7.0
env: CONFIG_FILE=windows/win10/win10_chrome_81.config.yml
script: bundle exec rspec
script:
- bundle exec rspec --tag run_on_browserstack
addons:
apt:
packages:
- libsqlite3-dev
- build-essential
- patch
- ruby-dev
- zlib1g-dev
- liblzma-dev
- libcurl4-openssl-dev
- libsqlite3-dev
- build-essential
- patch
- ruby-dev
- zlib1g-dev
- liblzma-dev
- libcurl4-openssl-dev
browserstack:
username:
secure: "Yj+a2jY56dFqJwXdU6JdSXeKhhS01CiToBoB922SXVnA2D2WclGOFiTi0YrkAS9PuOJX5AjC9eUw7VFUcp8DiLmeDGLWo8klYrWQoJOH55FmSWKjdkqDopJFYr0ZXk/ZuXzzpuMvKkCT5MGFnySXyheTW8aUj33GetJ6/sNq5BoA36jH04OE3iPgdBaFPRNDVXEIWLaLUDQsAyZsHNNYC+/cj3cxjXLHu+mbNuXsXEHgrHJ2A94EWdrdGODWL8mRtlSDNkIaYHZKCBnUlHWwCwBitLsjhzdy0YFrIGVbX96FV+C41sjPWLFjZhjAaNDuJ3FoTplbzFNvrw5oxQAAI8ZZqUwF4MRIrQbN8BLFVISX7JooQjfyrNVWvhpZWGPB4GZTN4CThrlQ7G7CJRYDVyqZ7nen6y0+osBr9DRKN+EemlVG73aNP3mXaZr6BmS1BpQJ6tlqDdLCvC5j/PdguKwvt4EmgHA8Pzn20UElV+8BPblcYGjsWplk/cxW1adW0pu2vIxskKxDKJ/ReY3l5yUpiQPZHbuMidq2ffSX0B3yALe7vx+3AvMb2Fk9yWh52EVJXPkVlLvhP7wDd22MHCemvrC2nLhkVR4MglLWs7dZKHswExlKJdWK4OSXprOStjZSA47sjF2nPdztWTpdI77SKaBcoLGR5WOV+JtcQgk="
access_key:
secure: "KHlR8NHPnoF9U1CJKgUhS1YhPSeTILI2lIu+JilQ5Xeo7rcbWg9lT2xwQQNnLYrISG1vC6OzsbkcnC/3ZnAv7jYff4iUTc3Syszs5wIhhvnhBx4qCxM+/UD78TJNQ0AuY7NOIK6OXcmwbpZrOBUojZkooEkc8bpG56nb2v7dOIafFLV+tv9xcc5DtMSfh7FavhqRFRO+PCybqOW8yWMc2NiMYy3p9jKBC3qYRqme4hx1NRrLo5BZQ+UIcO3Rf+vAjUP+3gGuhWeu2kDCvZYDnI2GN1/WacRVY2cqDPGiYlD6pHNMqU0raYKyWdK0QD4KwYpfjxBGRmwBfz8xU8KWUEZ3P11mJn+BvIt0qe3VpomR0/60/fok1BEso3nea8oENXur5G/5SOfpkPLjzd4P4f7JYnST1PeeWwpzV305wktDv9aLc+Ne9cFCaxSaaCnOk82rKDhtnktwnK7krFj1lM6oygtOD+arAytPKaURRgV2izaoophiXuLFb+9XKSkMGtJ3e+rQATonnDPaFTzouKaXSEPxZQQ2bnsp9tETAReDrYIwPHuYL778UbbBICgNk54CZSfTeRFLroRGNPb/0gPXbu6SryPnknfCMNd7ksSndVoyKsDo1plTHQJGVweP2hxR3R/9syk9Z6DU6H5H3dc/RbkkmoRPVooUtR/mZ/c="

6
Gemfile
View File

@@ -65,7 +65,7 @@ group :test do
gem 'test-unit'
gem 'test-unit-full'
gem 'rspec'
gem 'rdoc'
gem 'rdoc'
# curb gem requires curl libraries
# sudo apt-get install libcurl4-openssl-dev
gem 'curb'
@@ -82,8 +82,12 @@ group :test do
gem 'irb'
gem 'pry-byebug'
gem "websocket-client-simple", "~> 0.3.0"
gem "browserstack-local", "~> 1.3"
end
source 'https://rubygems.org'

8
Rakefile
View File

@@ -18,10 +18,10 @@ end
## RSPEC
require 'rspec/core/rake_task'
RSpec::Core::RakeTask.new(:spec)
RSpec::Core::RakeTask.new(:spec) do |task|
task.rspec_opts = ['--tag ~run_on_browserstack']
end
################################
# SSL/TLS certificate
@@ -244,4 +244,4 @@ namespace :db do
task :environment do
require_relative "beef"
end
end
end

5
core/main/client/browser.js
View File

@@ -109,7 +109,7 @@ beef.browser = {
* @example: beef.browser.isIE10()
*/
isIE10: function () {
return !!window.XMLHttpRequest && !window.chrome && !window.opera && !!document.documentMode && !window.XDomainRequest && !!window.performance && typeof navigator.msMaxTouchPoints !== "undefined";
return !!window.XMLHttpRequest && !window.chrome && !window.opera && !!document.documentMode && !!window.XDomainRequest && !!window.performance && typeof navigator.msMaxTouchPoints !== "undefined";
},
/**
@@ -127,7 +127,7 @@ beef.browser = {
* @example: beef.browser.isEdge()
*/
isEdge: function () {
return !beef.browser.isIE() && !!window.StyleMedia;
return !beef.browser.isIE() && !!window.styleMedia && (/Edg\/\d+\.\d/.test(window.navigator.userAgent) || /Edge\/\d+\.\d/.test(window.navigator.userAgent));
},
/**
@@ -2495,6 +2495,7 @@ beef.browser = {
type: function () {
return {
E: this.isEdge(), // Edge any version
C5: this.isC5(), // Chrome 5
C6: this.isC6(), // Chrome 6
C7: this.isC7(), // Chrome 7

2
core/main/constants/browsers.rb
View File

@@ -29,7 +29,7 @@ module Constants
FRIENDLY_FF_NAME = 'Firefox'
FRIENDLY_M_NAME = 'Mozilla'
FRIENDLY_IE_NAME = 'Internet Explorer'
FRIENDLY_E_NAME = 'Microsoft Edge'
FRIENDLY_E_NAME = 'MSEdge'
FRIENDLY_S_NAME = 'Safari'
FRIENDLY_EP_NAME = 'Epiphany'
FRIENDLY_K_NAME = 'Konqueror'

2117
local.log Normal file
View File

File diff suppressed because it is too large Load Diff

1
spec/beef/api/auth_rate_spec.rb
View File

@@ -16,6 +16,7 @@ RSpec.describe 'BeEF API Rate Limit' do
# Load BeEF extensions and modules
# Always load Extensions, as previous changes to the config from other tests may affect
# whether or not this test passes.
print_info "Loading in BeEF::Extensions"
BeEF::Extensions.load
sleep 2

178
spec/beef/core/main/autorun_engine/autorun_engine_spec.rb
View File

@@ -6,103 +6,129 @@
require 'rest-client'
require 'json'
require_relative '../../../../spec_helper'
require_relative '../../../../support/constants'
require_relative '../../../../support/beef_test'
RSpec.describe 'AutoRunEngine test' do
RSpec.describe 'AutoRunEngine Test', run_on_browserstack: true do
before(:all) do
@config = BeEF::Core::Configuration.instance
@config.set('beef.credentials.user', 'beef')
@config.set('beef.credentials.passwd', 'beef')
@username = @config.get('beef.credentials.user')
@password = @config.get('beef.credentials.passwd')
before(:all) do
@config = BeEF::Core::Configuration.instance
@config.set('beef.credentials.user', "beef")
@config.set('beef.credentials.passwd', "beef")
@username = @config.get('beef.credentials.user')
@password = @config.get('beef.credentials.passwd')
# Load BeEF extensions and modules
# Always load Extensions, as previous changes to the config from other tests may affect
# whether or not this test passes.
BeEF::Extensions.load
sleep 2
# Load BeEF extensions and modules
# Always load Extensions, as previous changes to the config from other tests may affect
# whether or not this test passes.
print_info 'Loading in BeEF::Extensions'
BeEF::Extensions.load
sleep 2
# Check if modules already loaded. No need to reload.
if @config.get('beef.module').nil?
print_info "Loading in BeEF::Modules"
BeEF::Modules.load
# Check if modules already loaded. No need to reload.
if @config.get('beef.module').nil?
print_info 'Loading in BeEF::Modules'
BeEF::Modules.load
sleep 2
else
print_info "Modules already loaded"
end
sleep 2
else
print_info 'Modules already loaded'
end
# Grab DB file and regenerate if requested
print_info "Loading database"
db_file = @config.get('beef.database.file')
# Grab DB file and regenerate if requested
print_info 'Loading database'
db_file = @config.get('beef.database.file')
if BeEF::Core::Console::CommandLine.parse[:resetdb]
print_info 'Resetting the database for BeEF.'
File.delete(db_file) if File.exists?(db_file)
end
if BeEF::Core::Console::CommandLine.parse[:resetdb]
print_info 'Resetting the database for BeEF.'
File.delete(db_file) if File.exist?(db_file)
end
# Load up DB and migrate if necessary
ActiveRecord::Base.logger = nil
OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file)
# Load up DB and migrate if necessary
ActiveRecord::Base.logger = nil
OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
OTR::ActiveRecord.configure_from_hash!(adapter: 'sqlite3', database: db_file)
context = ActiveRecord::Migration.new.migration_context
if context.needs_migration?
ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate
end
context = ActiveRecord::Migration.new.migration_context
ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate if context.needs_migration?
sleep 2
sleep 2
BeEF::Core::Migration.instance.update_db!
BeEF::Core::Migration.instance.update_db!
# add AutoRunEngine rule
test_rule = {"name"=>"Display an alert", "author"=>"mgeeky", "browser"=>"ALL", "browser_version"=>"ALL", "os"=>"ALL", "os_version"=>"ALL", "modules"=>[{"name"=>"alert_dialog", "condition"=>nil, "options"=>{"text"=>"You've been BeEFed ;>"}}], "execution_order"=>[0], "execution_delay"=>[0], "chain_mode"=>"sequential"}
# add AutoRunEngine rule
test_rule = { 'name' => 'Display an alert', 'author' => 'mgeeky', 'browser' => 'ALL', 'browser_version' => 'ALL', 'os' => 'ALL', 'os_version' => 'ALL', 'modules' => [{ 'name' => 'alert_dialog', 'condition' => nil, 'options' => { 'text' => "You've been BeEFed ;>" } }], 'execution_order' => [0], 'execution_delay' => [0], 'chain_mode' => 'sequential' }
BeEF::Core::AutorunEngine::RuleLoader.instance.load_directory
# are_engine.R
BeEF::Core::AutorunEngine::RuleLoader.instance.load_directory
# are_engine.R
# Spawn HTTP Server
print_info "Starting HTTP Hook Server"
http_hook_server = BeEF::Core::Server.instance
http_hook_server.prepare
# Spawn HTTP Server
print_info 'Starting HTTP Hook Server'
http_hook_server = BeEF::Core::Server.instance
http_hook_server.prepare
# Generate a token for the server to respond with
BeEF::Core::Crypto::api_token
# Generate a token for the server to respond with
@token = BeEF::Core::Crypto.api_token
# Initiate server start-up
@pids = fork do
BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
end
@pid = fork do
http_hook_server.start
end
# Initiate server start-up
@pids = fork do
BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
end
@pid = fork do
http_hook_server.start
end
# Give the server time to start-up
sleep 1
sleep 1
# Authenticate to REST API & pull the token from the response
@response = RestClient.post "#{RESTAPI_ADMIN}/login", { 'username': "#{@username}", 'password': "#{@password}" }.to_json, :content_type => :json
@token = JSON.parse(@response)['token']
end
after(:all) do
print_info "Shutting down server"
Process.kill("KILL",@pid)
Process.kill("KILL",@pids)
end
begin
@caps = CONFIG['common_caps'].merge(CONFIG['browser_caps'][TASK_ID])
@caps['name'] = self.class.description || ENV['name'] || 'no-name'
@caps['browserstack.local'] = true
@caps['browserstack.localIdentifier'] = ENV['BROWSERSTACK_LOCAL_IDENTIFIER']
it 'AutoRunEngine is working' do
print_info 'Hooking a new victim, waiting a few seconds...'
victim = BeefTest.new_victim
@driver = Selenium::WebDriver.for(:remote,
url: "http://#{CONFIG['user']}:#{CONFIG['key']}@#{CONFIG['server']}/wd/hub",
desired_capabilities: @caps)
# Hook new victim
print_info 'Hooking a new victim, waiting a few seconds...'
wait = Selenium::WebDriver::Wait.new(timeout: 30) # seconds
sleep 3
@driver.navigate.to VICTIM_URL.to_s
response = RestClient.get "#{RESTAPI_HOOKS}?token=#{@token}"
result_data = JSON.parse(response)
# Give time for browser hook to occur
sleep 3
expect(result_data['hooked-browsers']['online']).not_to be_empty
end
sleep 1 until wait.until { @driver.execute_script('return window.beef.session.get_hook_session_id().length') > 0 }
@session = @driver.execute_script('return window.beef.session.get_hook_session_id()')
rescue StandardError => e
print_info "Exception: #{e}"
print_info "Exception Class: #{e.class}"
print_info "Exception Message: #{e.message}"
print_info "Exception Stack Trace: #{e.backtrace}"
if @driver.execute_script('return window.beef.session.get_hook_session_id().length').nil?
exit 1
else
exit 0
end
end
end
after(:all) do
server_teardown(@driver, @pid, @pids)
end
it 'AutoRunEngine is working' do
expect(@session).not_to be_nil
rescue StandardError => e
print_info "Exception: #{e}"
print_info "Exception Class: #{e.class}"
print_info "Exception Message: #{e.message}"
print_info "Exception Stack Trace: #{e.backtrace}"
if @driver.execute_script('return window.beef.session.get_hook_session_id().length').nil?
exit 1
else
expect(BeEF::Filters.is_valid_hook_session_id?(@driver.execute_script('return window.beef.session.get_hook_session_id()'))).to eq true
end
end
end

199
spec/beef/core/main/handlers/browser_details_handler_spec.rb
View File

@@ -6,108 +6,143 @@
require 'rest-client'
require 'json'
require_relative '../../../../spec_helper'
require_relative '../../../../support/constants'
require_relative '../../../../support/beef_test'
RSpec.describe 'Browser details handler' do
before(:all) do
@config = BeEF::Core::Configuration.instance
@config.set('beef.credentials.user', "beef")
@config.set('beef.credentials.passwd', "beef")
@username = @config.get('beef.credentials.user')
@password = @config.get('beef.credentials.passwd')
# Load BeEF extensions and modules
# Always load Extensions, as previous changes to the config from other tests may affect
# whether or not this test passes.
BeEF::Extensions.load
sleep 2
RSpec.describe 'Browser Details Handler', run_on_browserstack: true do
before(:all) do
@config = BeEF::Core::Configuration.instance
@config.set('beef.credentials.user', 'beef')
@config.set('beef.credentials.passwd', 'beef')
@username = @config.get('beef.credentials.user')
@password = @config.get('beef.credentials.passwd')
# Check if modules already loaded. No need to reload.
if @config.get('beef.module').nil?
print_info "Loading in BeEF::Modules"
BeEF::Modules.load
# Load BeEF extensions and modules
# Always load Extensions, as previous changes to the config from other tests may affect
# whether or not this test passes.
print_info 'Loading in BeEF::Extensions'
BeEF::Extensions.load
sleep 2
else
print_info "Modules already loaded"
end
sleep 2
# Grab DB file and regenerate if requested
print_info "Loading database"
db_file = @config.get('beef.database.file')
# Check if modules already loaded. No need to reload.
if @config.get('beef.module').nil?
print_info 'Loading in BeEF::Modules'
BeEF::Modules.load
sleep 2
else
print_info 'Modules already loaded'
end
if BeEF::Core::Console::CommandLine.parse[:resetdb]
print_info 'Resetting the database for BeEF.'
File.delete(db_file) if File.exists?(db_file)
end
# Grab DB file and regenerate if requested
print_info 'Loading database'
db_file = @config.get('beef.database.file')
# Load up DB and migrate if necessary
ActiveRecord::Base.logger = nil
OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file)
if BeEF::Core::Console::CommandLine.parse[:resetdb]
print_info 'Resetting the database for BeEF.'
File.delete(db_file) if File.exist?(db_file)
end
context = ActiveRecord::Migration.new.migration_context
if context.needs_migration?
ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate
end
# Load up DB and migrate if necessary
ActiveRecord::Base.logger = nil
OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
OTR::ActiveRecord.configure_from_hash!(adapter: 'sqlite3', database: db_file)
sleep 2
context = ActiveRecord::Migration.new.migration_context
ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate if context.needs_migration?
BeEF::Core::Migration.instance.update_db!
sleep 2
# Spawn HTTP Server
print_info "Starting HTTP Hook Server"
http_hook_server = BeEF::Core::Server.instance
http_hook_server.prepare
BeEF::Core::Migration.instance.update_db!
# Generate a token for the server to respond with
BeEF::Core::Crypto::api_token
# Spawn HTTP Server
print_info 'Starting HTTP Hook Server'
http_hook_server = BeEF::Core::Server.instance
http_hook_server.prepare
# Initiate server start-up
@pids = fork do
BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
end
@pid = fork do
http_hook_server.start
end
# Generate a token for the server to respond with
@token = BeEF::Core::Crypto.api_token
# Give the server time to start-up
sleep 1
# Initiate server start-up
@pids = fork do
BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
end
@pid = fork do
http_hook_server.start
end
# Authenticate to REST API & pull the token from the response
@response = RestClient.post "#{RESTAPI_ADMIN}/login", { 'username': "#{@username}", 'password': "#{@password}" }.to_json, :content_type => :json
@token = JSON.parse(@response)['token']
# Give the server time to start-up
sleep 1
# Hook new victim
print_info 'Hooking a new victim, waiting a few seconds...'
@victim = BeefTest.new_victim
begin
@caps = CONFIG['common_caps'].merge(CONFIG['browser_caps'][TASK_ID])
@caps['name'] = self.class.description || ENV['name'] || 'no-name'
@caps['browserstack.local'] = true
@caps['browserstack.localIdentifier'] = ENV['BROWSERSTACK_LOCAL_IDENTIFIER']
sleep 3
@driver = Selenium::WebDriver.for(:remote,
url: "http://#{CONFIG['user']}:#{CONFIG['key']}@#{CONFIG['server']}/wd/hub",
desired_capabilities: @caps)
# Hook new victim
print_info 'Hooking a new victim, waiting a few seconds...'
wait = Selenium::WebDriver::Wait.new(timeout: 30) # seconds
# Identify Session ID of victim generated above
@hooks = JSON.parse(RestClient.get "#{RESTAPI_HOOKS}?token=#{@token}")
end
after(:all) do
print_info "Shutting down server"
Process.kill("KILL",@pid)
Process.kill("KILL",@pids)
end
@driver.navigate.to VICTIM_URL.to_s
it 'can successfully hook a browser' do
expect(@hooks['hooked-browsers']['online']).not_to be_empty
end
# Give time for browser hook to occur
sleep 3
it 'browser details handler working' do
session_id = @hooks['hooked-browsers']['online']['0']['session']
print_info "Getting browser details"
response = RestClient.get "#{RESTAPI_HOOKS}/#{session_id}?token=#{@token}"
details = JSON.parse(response.body)
expect(@victim.driver.browser.browser.to_s.downcase).to eql (details['browser.name.friendly'].downcase)
end
sleep 1 until wait.until { @driver.execute_script('return window.beef.session.get_hook_session_id().length') > 0 }
@session = @driver.execute_script('return window.beef.session.get_hook_session_id().length')
rescue StandardError => e
print_info "Exception: #{e}"
print_info "Exception Class: #{e.class}"
print_info "Exception Message: #{e.message}"
if @driver.execute_script('return window.beef.session.get_hook_session_id().length').nil?
exit 1
else
exit 0
end
end
end
after(:all) do
server_teardown(@driver, @pid, @pids)
end
it 'can successfully hook a browser' do
expect(@session).not_to be_nil
rescue StandardError => e
print_info "Exception: #{e}"
print_info "Exception Class: #{e.class}"
print_info "Exception Message: #{e.message}"
print_info "Exception Stack Trace: #{e.backtrace}"
if @driver.execute_script('return window.beef.session.get_hook_session_id().length').nil?
exit 1
else
expect(BeEF::Filters.is_valid_hook_session_id?(@driver.execute_script('return window.beef.session.get_hook_session_id()'))).to eq true
end
end
it 'browser details handler working' do
print_info 'Getting browser details'
hooked_browser = BeEF::Core::Models::HookedBrowser.all.first
details = JSON.parse(RestClient.get("#{RESTAPI_HOOKS}/#{hooked_browser.session}?token=#{@token}"))
browser_name = if details['browser.name.friendly'].downcase == 'internet explorer'
'internet_explorer'
else
details['browser.name.friendly'].downcase
end
expect(@driver.browser.to_s.downcase).to eq(browser_name)
rescue StandardError => e
print_info "Exception: #{e}"
print_info "Exception Class: #{e.class}"
print_info "Exception Message: #{e.message}"
print_info "Exception Stack Trace: #{e.backtrace.each { |stack| puts stack }}"
exit 0
end
end

4
spec/beef/extensions/requester_spec.rb
View File

@@ -63,10 +63,6 @@ RSpec.describe 'BeEF Extension Requester' do
response = api.auth()
@token = response[:token]
puts "authenticated. api token: #{@token}"
puts 'hooking a new victim, waiting a few seconds...'
victim = BeefTest.new_victim
sleep 3
response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}}
puts "hooks response: #{response}"

2
spec/beef/extensions/webrtc_spec.rb
View File

@@ -60,6 +60,4 @@ RSpec.describe 'BeEF Extension WebRTC' do
# expect(browsers).to_not be_nil
# expect(browsers.length).to be >= 2
# end
end

200
spec/beef/extensions/websocket_hooked_browser_spec.rb
View File

@@ -1,99 +1,131 @@
# encoding: UTF-8
#
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'rest-client'
require 'json'
require_relative '../../spec_helper'
require_relative '../../support/constants'
require_relative '../../support/beef_test'
require 'core/main/network_stack/websocket/websocket'
require 'websocket-client-simple'
RSpec.describe 'BeEF WebSockets enabled' do
RSpec.describe 'Browser hooking with Websockets', run_on_browserstack: true do
before(:all) do
@config = BeEF::Core::Configuration.instance
@cert_key = @config.get('beef.http.https.key')
@cert = @config.get('beef.http.https.cert')
@port = @config.get('beef.http.websocket.port')
@secure_port = @config.get('beef.http.websocket.secure_port')
@config.set('beef.http.websocket.secure', true)
@config.set('beef.credentials.user', 'beef')
@config.set('beef.credentials.passwd', 'beef')
@config.set('beef.http.websocket.secure', false)
@config.set('beef.http.websocket.enable', true)
#set config parameters
@config.set('beef.credentials.user', "beef")
@config.set('beef.credentials.passwd', "beef")
@username = @config.get('beef.credentials.user')
@password = @config.get('beef.credentials.passwd')
#load extensions, best practice is to reload as previous tests can potentially cause issues.
BeEF::Extensions.load
sleep 2
if @config.get('beef.module').nil?
puts "loading modules"
BeEF::Modules.load
sleep 2
end
#generate token for the api to use
BeEF::Core::Crypto::api_token
# load up DB
# Connect to DB
ActiveRecord::Base.logger = nil
OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database:'beef.db')
# Migrate (if required)
context = ActiveRecord::Migration.new.migration_context
if context.needs_migration?
puts "migrating db"
ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate
end
#start the hook server instance, for it out to track the pids for graceful closure
http_hook_server = BeEF::Core::Server.instance
http_hook_server.prepare
@pids = fork do
BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
end
@pid = fork do
http_hook_server.start
end
# wait for server to start
sleep 1
end
it 'can hook a browser with websockets' do
#prepare for the HTTP model
https = BeEF::Core::Models::Http
### hook a new victim, use rest API to send request and get the token and victim
api = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, BEEF_PASSWD)
response = api.auth()
@token = response[:token]
puts 'hooking a new victim, waiting a few seconds...'
victim = BeefTest.new_victim
@ws = BeEF::Core::Websocket::Websocket.instance
@username = @config.get('beef.credentials.user')
@password = @config.get('beef.credentials.passwd')
# Load BeEF extensions and modules
# Always load Extensions, as previous changes to the config from other tests may affect
# whether or not this test passes.
print_info 'Loading in BeEF::Extensions'
BeEF::Extensions.load
sleep 2
#Uses the response and hooked browser details to get the response
response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}}
#test for the response if errors and weirdness there
# puts "#{response} from the rest client "
hb_details = JSON.parse(response.body)
while hb_details["hooked-browsers"]["online"].empty?
# get victim session
response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}}
hb_details = JSON.parse(response.body)
puts "json: #{hb_details}"
puts "can hook a browser"
puts "online hooked browsers empty: #{hb_details["hooked-browsers"]["online"].empty?}"
# Check if modules already loaded. No need to reload.
if @config.get('beef.module').nil?
print_info 'Loading in BeEF::Modules'
BeEF::Modules.load
sleep 2
else
print_info 'Modules already loaded'
end
# Grab DB file and regenerate if requested
print_info 'Loading database'
db_file = @config.get('beef.database.file')
if BeEF::Core::Console::CommandLine.parse[:resetdb]
print_info 'Resetting the database for BeEF.'
File.delete(db_file) if File.exist?(db_file)
end
# Load up DB and migrate if necessary
ActiveRecord::Base.logger = nil
OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
OTR::ActiveRecord.configure_from_hash!(adapter: 'sqlite3', database: db_file)
context = ActiveRecord::Migration.new.migration_context
ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate if context.needs_migration?
sleep 2
BeEF::Core::Migration.instance.update_db!
# Spawn HTTP Server
print_info 'Starting HTTP Hook Server'
http_hook_server = BeEF::Core::Server.instance
http_hook_server.prepare
# Generate a token for the server to respond with
@token = BeEF::Core::Crypto.api_token
# Initiate server start-up
@pids = fork do
BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
end
@pid = fork do
http_hook_server.start
end
# Give the server time to start-up
sleep 1
begin
@caps = CONFIG['common_caps'].merge(CONFIG['browser_caps'][TASK_ID])
@caps['name'] = self.class.description || ENV['name'] || 'no-name'
@caps['browserstack.local'] = true
@caps['browserstack.localIdentifier'] = ENV['BROWSERSTACK_LOCAL_IDENTIFIER']
@driver = Selenium::WebDriver.for(:remote,
url: "http://#{CONFIG['user']}:#{CONFIG['key']}@#{CONFIG['server']}/wd/hub",
desired_capabilities: @caps)
# Hook new victim
print_info 'Hooking a new victim, waiting a few seconds...'
wait = Selenium::WebDriver::Wait.new(timeout: 30) # seconds
@driver.navigate.to VICTIM_URL.to_s
# Give time for browser hook to occur
sleep 3
sleep 1 until wait.until { @driver.execute_script('return window.beef.session.get_hook_session_id().length') > 0 }
@session = @driver.execute_script('return window.beef.session.get_hook_session_id().length')
rescue StandardError => e
print_info "Exception: #{e}"
print_info "Exception Class: #{e.class}"
print_info "Exception Message: #{e.message}"
print_info "Exception Stack Trace: #{e.backtrace}"
if @driver.execute_script('return window.beef.session.get_hook_session_id().length').nil?
exit 1
else
exit 0
end
end
#get the hooked browser details
hb_session = hb_details["hooked-browsers"]["online"]["0"]["session"]
#show the address of what is being hooked
#puts "hooked browser: #{hb_session}"
expect(hb_session).not_to be_nil
#cannot do it in the after:all
https.where(:hooked_browser_id => hb_session).delete_all
end
after(:all) do
# cleanup: delete test browser entries and session
# kill the server
@config.set('beef.http.websocket.enable', false)
Process.kill("KILL", @pid)
Process.kill("KILL", @pids)
puts "waiting for server to die.."
server_teardown(@driver, @pid, @pids)
end
it 'confirms a websocket server has been started' do
expect(@ws).to be_a_kind_of(BeEF::Core::Websocket::Websocket)
end
it 'confirms a secure websocket server has been started' do
@config.set('beef.http.websocket.secure', true)
wss = BeEF::Core::Websocket::Websocket.instance
expect(wss).to be_a_kind_of(BeEF::Core::Websocket::Websocket)
end
it 'can successfully hook a browser' do
expect(@session).not_to be_nil
rescue StandardError => e
print_info "Exception: #{e}"
print_info "Exception Class: #{e.class}"
print_info "Exception Message: #{e.message}"
print_info "Exception Stack Trace: #{e.stacktrace}"
if @driver.execute_script('return window.beef.session.get_hook_session_id().length').nil?
exit 1
else
expect(BeEF::Filters.is_valid_hook_session_id?(@driver.execute_script('return window.beef.session.get_hook_session_id()'))).to eq true
end
end
end

2
spec/beef/extensions/websocket_spec.rb
View File

@@ -3,7 +3,6 @@ require 'core/main/network_stack/websocket/websocket'
require 'websocket-client-simple'
RSpec.describe 'BeEF Extension WebSockets' do
before(:all) do
@config = BeEF::Core::Configuration.instance
@cert_key = @config.get('beef.http.https.key')
@@ -36,5 +35,4 @@ RSpec.describe 'BeEF Extension WebSockets' do
expect(client.open?).to be true
client.close
end
end

426
spec/beef/modules/debug/test_beef_debugs_spec.rb
View File

@@ -6,188 +6,284 @@
require 'rest-client'
require 'json'
require_relative '../../../spec_helper'
require_relative '../../../support/constants'
require_relative '../../../support/beef_test'
RSpec.describe 'BeEF Debug Command Modules:' do
RSpec.describe 'BeEF Debug Command Modules:', run_on_browserstack: true do
before(:all) do
# Grab config and set creds in variables for ease of access
@config = BeEF::Core::Configuration.instance
@username = @config.get('beef.credentials.user')
@password = @config.get('beef.credentials.passwd')
before(:all) do
# Grab config and set creds in variables for ease of access
@config = BeEF::Core::Configuration.instance
@username = @config.get('beef.credentials.user')
@password = @config.get('beef.credentials.passwd')
# Load BeEF extensions and modules
# Always load Extensions, as previous changes to the config from other tests may affect
# whether or not this test passes.
print_info 'Loading in BeEF::Extensions'
BeEF::Extensions.load
sleep 2
# Load BeEF extensions and modules
# Always load Extensions, as previous changes to the config from other tests may affect
# whether or not this test passes.
BeEF::Extensions.load
sleep 2
# Check if modules already loaded. No need to reload.
if @config.get('beef.module').nil?
print_info 'Loading in BeEF::Modules'
BeEF::Modules.load
# Check if modules already loaded. No need to reload.
if @config.get('beef.module').nil?
print_info "Loading in BeEF::Modules"
BeEF::Modules.load
sleep 2
else
print_info "Modules already loaded"
end
# Grab DB file and regenerate if requested
print_info "Loading database"
db_file = @config.get('beef.database.file')
if BeEF::Core::Console::CommandLine.parse[:resetdb]
print_info 'Resetting the database for BeEF.'
File.delete(db_file) if File.exists?(db_file)
end
# Load up DB and migrate if necessary
ActiveRecord::Base.logger = nil
OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file)
context = ActiveRecord::Migration.new.migration_context
if context.needs_migration?
ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate
end
sleep 2
BeEF::Core::Migration.instance.update_db!
# Spawn HTTP Server
print_info "Starting HTTP Hook Server"
http_hook_server = BeEF::Core::Server.instance
http_hook_server.prepare
# Generate a token for the server to respond with
BeEF::Core::Crypto::api_token
# Initiate server start-up
@pids = fork do
BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
end
@pid = fork do
http_hook_server.start
end
# Give the server time to start-up
sleep 1
# Authenticate to REST API & pull the token from the response
@response = RestClient.post "#{RESTAPI_ADMIN}/login", { 'username': "#{@username}", 'password': "#{@password}" }.to_json, :content_type => :json
@token = JSON.parse(@response)['token']
# Hook new victim
print_info 'Hooking a new victim, waiting a few seconds...'
@victim = BeefTest.new_victim
sleep 3
# Identify Session ID of victim generated above
@hooks = RestClient.get "#{RESTAPI_HOOKS}?token=#{@token}"
@session = JSON.parse(@hooks)['hooked-browsers']['online']['0']['session']
# Grab Command Module IDs as they can differ from machine to machine
@debug_mod_ids = JSON.parse(RestClient.get "#{RESTAPI_MODULES}?token=#{@token}")
@debug_mod_names_ids = {}
@debug_mods = @debug_mod_ids.to_a.select { |cmd_mod| cmd_mod[1]['category'] == 'Debug' }
.map do |debug_mod|
@debug_mod_names_ids[debug_mod[1]['class']] = debug_mod[0]
end
sleep 2
else
print_info 'Modules already loaded'
end
after(:all) do
print_info "Shutting down server"
Process.kill("KILL",@pid)
Process.kill("KILL",@pids)
# Grab DB file and regenerate if requested
print_info 'Loading database'
db_file = @config.get('beef.database.file')
if BeEF::Core::Console::CommandLine.parse[:resetdb]
print_info 'Resetting the database for BeEF.'
File.delete(db_file) if File.exist?(db_file)
end
it 'The Test_beef.debug() command module successfully executes' do
cmd_mod_id = @debug_mod_names_ids['Test_beef_debug']
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}",
{ "msg": "test" }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
# Load up DB and migrate if necessary
ActiveRecord::Base.logger = nil
OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
OTR::ActiveRecord.configure_from_hash!(adapter: 'sqlite3', database: db_file)
context = ActiveRecord::Migration.new.migration_context
ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate if context.needs_migration?
sleep 2
BeEF::Core::Migration.instance.update_db!
# Spawn HTTP Server
print_info 'Starting HTTP Hook Server'
http_hook_server = BeEF::Core::Server.instance
http_hook_server.prepare
# Generate a token for the server to respond with
@token = BeEF::Core::Crypto.api_token
# Initiate server start-up
@pids = fork do
BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
end
@pid = fork do
http_hook_server.start
end
it 'The Return ASCII Characters command module successfully executes' do
cmd_mod_id = @debug_mod_names_ids['Test_return_ascii_chars']
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}",
{ }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
# Give the server time to start-up
sleep 1
it 'The Return Image command module successfully executes' do
cmd_mod_id = @debug_mod_names_ids['Test_return_image']
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}",
{ }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
begin
@caps = CONFIG['common_caps'].merge(CONFIG['browser_caps'][TASK_ID])
@caps['name'] = self.class.description || ENV['name'] || 'no-name'
@caps['browserstack.local'] = true
@caps['browserstack.localIdentifier'] = ENV['BROWSERSTACK_LOCAL_IDENTIFIER']
@driver = Selenium::WebDriver.for(:remote,
url: "http://#{CONFIG['user']}:#{CONFIG['key']}@#{CONFIG['server']}/wd/hub",
desired_capabilities: @caps)
# Hook new victim
print_info 'Hooking a new victim, waiting a few seconds...'
wait = Selenium::WebDriver::Wait.new(timeout: 30) # seconds
it 'The Test HTTP Redirect command module successfully executes' do
cmd_mod_id = @debug_mod_names_ids['Test_http_redirect']
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}",
{ }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
@driver.navigate.to VICTIM_URL.to_s
it 'The Test Returning Results/Long String command module successfully executes' do
cmd_mod_id = @debug_mod_names_ids['Test_return_long_string']
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}",
{ "repeat": 20,
"repeat_string": "beef" }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
# Give time for browser hook to occur
sleep 3
it 'The Test Network Request command module successfully executes' do
cmd_mod_id = @debug_mod_names_ids['Test_network_request']
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}",
{ "scheme": "http",
"method": "GET",
"domain": "#{ATTACK_DOMAIN}",
"port": "#{@config.get('beef.http.port')}",
"path": "/hook.js",
"anchor": "anchor",
"data": "query=testquerydata",
"timeout": "10",
"dataType": "script" }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
sleep 1 until wait.until { @driver.execute_script('return window.beef.session.get_hook_session_id().length') > 0 }
it 'The Test DNS Tunnel command module successfully executes' do
cmd_mod_id = @debug_mod_names_ids['Test_dns_tunnel_client']
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}",
{ "domain": "example.com",
"data": "Lorem ipsum" }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
@session = @driver.execute_script('return window.beef.session.get_hook_session_id()')
it 'The Test CORS Request command module successfully executes' do
cmd_mod_id = @debug_mod_names_ids['Test_cors_request']
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}",
{ "method": "GET",
"url": "example.com",
"data": {
"test": "data"
}}.to_json,
content_type: :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
# Grab Command Module IDs as they can differ from machine to machine
@debug_mod_ids = JSON.parse(RestClient.get("#{RESTAPI_MODULES}?token=#{@token}"))
@debug_mod_names_ids = {}
@debug_mods = @debug_mod_ids.to_a.select { |cmd_mod| cmd_mod[1]['category'] == 'Debug' }
.map do |debug_mod|
@debug_mod_names_ids[debug_mod[1]['class']] = debug_mod[1]['id']
end
rescue StandardError => e
print_info "Exception: #{e}"
print_info "Exception Class: #{e.class}"
print_info "Exception Message: #{e.message}"
print_info "Exception Stack Trace: #{e.backtrace}"
if @driver.execute_script('return window.beef.session.get_hook_session_id().length').nil?
exit 1
else
exit 0
end
end
end
end
after(:all) do
server_teardown(@driver, @pid, @pids)
end
it 'The Test_beef.debug() command module successfully executes' do
cmd_mod_id = @debug_mod_names_ids['Test_beef_debug']
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}",
{ "msg": 'test' }.to_json,
content_type: :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq 'true'
rescue StandardError => e
print_info "Exception: #{e}"
print_info "Exception Class: #{e.class}"
print_info "Exception Message: #{e.message}"
print_info "Exception Stack Trace: #{e.backtrace}"
if @driver.execute_script('return window.beef.session.get_hook_session_id().length').nil?
exit 1
else
exit 0
end
end
it 'The Return ASCII Characters command module successfully executes' do
cmd_mod_id = @debug_mod_names_ids['Test_return_ascii_chars']
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}",
{}.to_json,
content_type: :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq 'true'
rescue StandardError => e
print_info "Exception: #{e}"
print_info "Exception Class: #{e.class}"
print_info "Exception Message: #{e.message}"
print_info "Exception Stack Trace: #{e.backtrace}"
if @driver.execute_script('return window.beef.session.get_hook_session_id().length').nil?
exit 1
else
exit 0
end
end
it 'The Return Image command module successfully executes' do
cmd_mod_id = @debug_mod_names_ids['Test_return_image']
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}",
{}.to_json,
content_type: :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq 'true'
rescue StandardError => e
print_info "Exception: #{e}"
print_info "Exception Class: #{e.class}"
print_info "Exception Message: #{e.message}"
print_info "Exception Stack Trace: #{e.backtrace}"
if @driver.execute_script('return window.beef.session.get_hook_session_id().length').nil?
exit 1
else
exit 0
end
end
it 'The Test HTTP Redirect command module successfully executes' do
cmd_mod_id = @debug_mod_names_ids['Test_http_redirect']
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}",
{}.to_json,
content_type: :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq 'true'
rescue StandardError => e
print_info "Exception: #{e}"
print_info "Exception Class: #{e.class}"
print_info "Exception Message: #{e.message}"
print_info "Exception Stack Trace: #{e.backtrace}"
if @driver.execute_script('return window.beef.session.get_hook_session_id().length').nil?
exit 1
else
exit 0
end
end
it 'The Test Returning Results/Long String command module successfully executes' do
cmd_mod_id = @debug_mod_names_ids['Test_return_long_string']
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}",
{ "repeat": 20,
"repeat_string": 'beef' }.to_json,
content_type: :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq 'true'
rescue StandardError => e
print_info "Exception: #{e}"
print_info "Exception Class: #{e.class}"
print_info "Exception Message: #{e.message}"
print_info "Exception Stack Trace: #{e.backtrace}"
print_info "Exception Message: #{e.backtrace}"
if @driver.execute_script('return window.beef.session.get_hook_session_id().length').nil?
exit 1
else
exit 0
end
end
it 'The Test Network Request command module successfully executes' do
cmd_mod_id = @debug_mod_names_ids['Test_network_request']
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}",
{ "scheme": 'http',
"method": 'GET',
"domain": ATTACK_DOMAIN.to_s,
"port": @config.get('beef.http.port').to_s,
"path": '/hook.js',
"anchor": 'anchor',
"data": 'query=testquerydata',
"timeout": '10',
"dataType": 'script' }.to_json,
content_type: :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq 'true'
rescue StandardError => e
print_info "Exception: #{e}"
print_info "Exception Class: #{e.class}"
print_info "Exception Message: #{e.message}"
print_info "Exception Stack Trace: #{e.backtrace}"
if @driver.execute_script('return window.beef.session.get_hook_session_id().length').nil?
exit 1
else
exit 0
end
end
it 'The Test DNS Tunnel command module successfully executes' do
cmd_mod_id = @debug_mod_names_ids['Test_dns_tunnel_client']
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}",
{ "domain": 'example.com',
"data": 'Lorem ipsum' }.to_json,
content_type: :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq 'true'
rescue StandardError => e
print_info "Exception: #{e}"
print_info "Exception Class: #{e.class}"
print_info "Exception Message: #{e.message}"
print_info "Exception Stack Trace: #{e.backtrace}"
if @driver.execute_script('return window.beef.session.get_hook_session_id().length').nil?
exit 1
else
exit 0
end
end
it 'The Test CORS Request command module successfully executes' do
cmd_mod_id = @debug_mod_names_ids['Test_cors_request']
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}",
{ "method": 'GET',
"url": 'example.com',
"data": {
"test": 'data'
} }.to_json,
content_type: :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq 'true'
rescue StandardError => e
print_info "Exception: #{e}"
print_info "Exception Class: #{e.class}"
print_info "Exception Message: #{e.message}"
print_info "Exception Stack Trace: #{e.backtrace}"
if @driver.execute_script('return window.beef.session.get_hook_session_id().length').nil?
exit 1
else
exit 0
end
end
end

38
spec/spec_helper.rb
View File

@@ -13,6 +13,10 @@ require 'core/bootstrap.rb'
require 'rack/test'
require 'curb'
require 'rest-client'
require 'yaml'
require 'selenium-webdriver'
require 'browserstack/local'
require 'byebug'
# Require supports
Dir['spec/support/*.rb'].each do |f|
@@ -22,6 +26,24 @@ end
ENV['RACK_ENV'] ||= 'test'
ARGV = []
## BrowserStack config
# Monkey patch to avoid reset sessions
class Capybara::Selenium::Driver < Capybara::Driver::Base
def reset!
if @browser
@browser.navigate.to('about:blank')
end
end
end
TASK_ID = (ENV['TASK_ID'] || 0).to_i
CONFIG_FILE = ENV['CONFIG_FILE'] || 'windows/win10/win10_chrome_81.config.yml'
CONFIG = YAML.safe_load(File.read("./spec/support/browserstack/#{CONFIG_FILE}"))
CONFIG['user'] = ENV['BROWSERSTACK_USERNAME'] || ''
CONFIG['key'] = ENV['BROWSERSTACK_ACCESS_KEY'] || ''
## DB config
ActiveRecord::Base.logger = nil
OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database:':memory:')
@@ -46,4 +68,20 @@ RSpec.configure do |config|
raise ActiveRecord::Rollback
end
end
def server_teardown(webdriver, server_pid, server_pids)
begin
webdriver.quit
rescue => exception
print_info "Exception: #{exception}"
print_info "Exception Class: #{exception.class}"
print_info "Exception Message: #{exception.message}"
print_info "Exception Stack Trace: #{exception.backtrace}"
exit 0
ensure
print_info "Shutting down server"
Process.kill("KILL", server_pid)
Process.kill("KILL", server_pids)
end
end
end

1
spec/support/beef_test.rb
View File

@@ -46,5 +46,4 @@ class BeefTest
victim.visit(VICTIM_URL)
victim
end
end

14
spec/support/browserstack/osx/catalina/catalina_chrome_41.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "OSX Catalina Chrome 41"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "chrome"
"browser_version": "41.0"
"os": "osx"
"os_version": "catalina"

14
spec/support/browserstack/osx/catalina/catalina_chrome_59.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "OSX Catalina Chrome 59"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "chrome"
"browser_version": "59.0"
"os": "osx"
"os_version": "catalina"

14
spec/support/browserstack/osx/catalina/catalina_chrome_81.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "OSX Catalina Chrome 81"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "chrome"
"browser_version": "81.0"
"os": "osx"
"os_version": "catalina"

14
spec/support/browserstack/osx/catalina/catalina_firefox_11.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "OSX Catalina Firefox 11"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "firefox"
"browser_version": "11.0"
"os": "osx"
"os_version": "catalina"

14
spec/support/browserstack/osx/catalina/catalina_firefox_68esr.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "OSX Catalina Firefox 68 ESR"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "firefox"
"browser_version": "68.0"
"os": "osx"
"os_version": "catalina"

14
spec/support/browserstack/osx/catalina/catalina_firefox_75.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "OSX Catalina Firefox 75"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "firefox"
"browser_version": "75.0"
"os": "osx"
"os_version": "catalina"

14
spec/support/browserstack/osx/catalina/catalina_safari_13.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "OSX Catalina Safari 13"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "safari"
"browser_version": "13.0"
"os": "osx"
"os_version": "catalina"

14
spec/support/browserstack/osx/elcapitan/elcapitan_chrome_14.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "OSX El Capitan Chrome 14"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "chrome"
"browser_version": "14.0"
"os": "osx"
"os_version": "el capitan"

14
spec/support/browserstack/osx/elcapitan/elcapitan_chrome_81.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "OSX El Capitan Chrome 81"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "chrome"
"browser_version": "81.0"
"os": "osx"
"os_version": "el capitan"

14
spec/support/browserstack/osx/elcapitan/elcapitan_firefox_7.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "OSX El Capitan Firefox 7"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "firefox"
"browser_version": "7.0"
"os": "osx"
"os_version": "el capitan"

14
spec/support/browserstack/osx/elcapitan/elcapitan_firefox_75.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "OSX El Capitan Firefox 75"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "firefox"
"browser_version": "75.0"
"os": "osx"
"os_version": "el capitan"

15
spec/support/browserstack/osx/elcapitan/elcapitan_safari_9-1.config.yml Normal file
View File

@@ -0,0 +1,15 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "OSX El Capitan Safari 9.1"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "safari"
"browser_version": "9.1"
"os": "osx"
"os_version": "el capitan"
"browserstack.selenium_version": "3.5.2"

14
spec/support/browserstack/osx/snowleopard/snowleopard_chrome_14.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "OSX Snow Leopard Chrome 14"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "chrome"
"browser_version": "14.0"
"os": "osx"
"os_version": "Snow Leopard"

14
spec/support/browserstack/osx/snowleopard/snowleopard_chrome_35.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "OSX Snow Leopard Chrome 35"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "chrome"
"browser_version": "35.0"
"os": "osx"
"os_version": "snow leopard"

14
spec/support/browserstack/osx/snowleopard/snowleopard_chrome_49.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "OSX Snow Leopard Chrome 49"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "chrome"
"browser_version": "49.0"
"os": "osx"
"os_version": "snow leopard"

14
spec/support/browserstack/osx/snowleopard/snowleopard_firefox_38esr.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "OSX Snow Leopard Firefox 38 ESR"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "firefox"
"browser_version": "38.0"
"os": "osx"
"os_version": "snow leopard"

14
spec/support/browserstack/osx/snowleopard/snowleopard_firefox_42.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "OSX Snow Leopard Firefox 42"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "firefox"
"browser_version": "42.0"
"os": "osx"
"os_version": "snow leopard"

14
spec/support/browserstack/osx/snowleopard/snowleopard_firefox_7.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "OSX Snow Leopard Firefox 7"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "firefox"
"browser_version": "7.0"
"os": "osx"
"os_version": "snow leopard"

14
spec/support/browserstack/osx/snowleopard/snowleopard_safari_5-1.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "OSX Snow Leopard Safari 5.1"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "safari"
"browser_version": "5.1"
"os": "osx"
"os_version": "snow leopard"

14
spec/support/browserstack/windows/win10/win10_chrome_37.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "Windows 10 Chrome 37"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "chrome"
"browser_version": "37.0"
"os": "windows"
"os_version": "10"

14
spec/support/browserstack/windows/win10/win10_chrome_59.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "Windows 10 Chrome 59"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "chrome"
"browser_version": "59.0"
"os": "windows"
"os_version": "10"

14
spec/support/browserstack/windows/win10/win10_chrome_81.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "Windows 10 Chrome 81"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "chrome"
"browser_version": "81.0"
"os": "windows"
"os_version": "10"

14
spec/support/browserstack/windows/win10/win10_edge_81.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "Windows 10 Edge 81"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "edge"
"browser_version": "81.0"
"os": "windows"
"os_version": "10"

14
spec/support/browserstack/windows/win10/win10_firefox_32.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "Windows 10 Firefox 32"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "firefox"
"browser_version": "32.0"
"os": "windows"
"os_version": "10"

14
spec/support/browserstack/windows/win10/win10_firefox_68esr.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "Windows 10 Firefox 68 ESR"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "firefox"
"browser_version": "68.0"
"os": "windows"
"os_version": "10"

14
spec/support/browserstack/windows/win10/win10_firefox_75.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "Windows 10 Firefox 75"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "firefox"
"browser_version": "75.0"
"os": "windows"
"os_version": "10"

14
spec/support/browserstack/windows/win10/win10_ie_11.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "Windows 10 IE 11"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "internet explorer"
"browser_version": "11.0"
"os": "windows"
"os_version": "10"

14
spec/support/browserstack/windows/win8/win8_chrome_22.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "Windows 8 Chrome 22"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "chrome"
"browser_version": "22.0"
"os": "windows"
"os_version": "8"

14
spec/support/browserstack/windows/win8/win8_chrome_81.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "Windows 8 Chrome 81"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "chrome"
"browser_version": "81.0"
"os": "windows"
"os_version": "8"

14
spec/support/browserstack/windows/win8/win8_edge_81.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "Windows 8 Edge 81"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "edge"
"browser_version": "81.0"
"os": "windows"
"os_version": "8"

14
spec/support/browserstack/windows/win8/win8_firefox_32.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "Windows 8 Firefox 32"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "firefox"
"browser_version": "32.0"
"os": "windows"
"os_version": "8"

14
spec/support/browserstack/windows/win8/win8_firefox_75.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "Windows 8 Firefox 75"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "firefox"
"browser_version": "75.0"
"os": "windows"
"os_version": "8"

14
spec/support/browserstack/windows/win8/win8_ie_10.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "Windows 8 IE 10"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "internet explorer"
"browser_version": "10.0"
"os": "windows"
"os_version": "8"

14
spec/support/browserstack/windows/xp/xp_chrome_14.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "Windows XP Chrome 14"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "chrome"
"browser_version": "14.0"
"os": "windows"
"os_version": "xp"

14
spec/support/browserstack/windows/xp/xp_chrome_28.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "Windows XP Chrome 28"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "chrome"
"browser_version": "28.0"
"os": "windows"
"os_version": "xp"

14
spec/support/browserstack/windows/xp/xp_chrome_43.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "Windows XP Chrome 43"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "chrome"
"browser_version": "43.0"
"os": "windows"
"os_version": "xp"

14
spec/support/browserstack/windows/xp/xp_firefox_16.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "Windows XP Firefox 16"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "firefox"
"browser_version": "16.0"
"os": "windows"
"os_version": "xp"

14
spec/support/browserstack/windows/xp/xp_firefox_26.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "Windows XP Firefox 26"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "firefox"
"browser_version": "26.0"
"os": "windows"
"os_version": "xp"

14
spec/support/browserstack/windows/xp/xp_firefox_45.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "Windows XP Firefox 45"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "firefox"
"browser_version": "45.0"
"os": "windows"
"os_version": "xp"

14
spec/support/browserstack/windows/xp/xp_ie_7.config.yml Normal file
View File

@@ -0,0 +1,14 @@
server: "hub-cloud.browserstack.com"
common_caps:
"build": "Windows XP IE 7"
"project": "BeEF"
"browserstack.local": true
"browserstack.video": false
browser_caps:
-
"browser": "internet explorer"
"browser_version": "7.0"
"os": "windows"
"os_version": "xp"

4
spec/support/constants.rb
View File

@@ -6,8 +6,8 @@
BEEF_TEST_DIR = "/tmp/beef-test/"
# General constants
ATTACK_DOMAIN = "127.0.0.1"
VICTIM_DOMAIN = "localhost"
ATTACK_DOMAIN = "localhost"
VICTIM_DOMAIN = "127.0.0.1"
ATTACK_URL = "http://" + ATTACK_DOMAIN + ":3000/ui/panel"
VICTIM_URL = "http://" + VICTIM_DOMAIN + ":3000/demos/basic.html"