From 32543c6f33a2cd9ed83d49d138ceb4c5b8109988 Mon Sep 17 00:00:00 2001 From: Stephen Date: Wed, 20 Mar 2024 04:11:39 +1000 Subject: [PATCH] refactor starting beef server --- spec/beef/api/auth_rate_spec.rb | 250 ++++++++++++++++---------------- 1 file changed, 127 insertions(+), 123 deletions(-) diff --git a/spec/beef/api/auth_rate_spec.rb b/spec/beef/api/auth_rate_spec.rb index ac878b08d..896b47996 100644 --- a/spec/beef/api/auth_rate_spec.rb +++ b/spec/beef/api/auth_rate_spec.rb @@ -1,139 +1,143 @@ -# # -# # Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net -# # Browser Exploitation Framework (BeEF) - https://beefproject.com -# # See the file 'doc/COPYING' for copying permission -# # +# +# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - https://beefproject.com +# See the file 'doc/COPYING' for copying permission +# -# RSpec.describe 'BeEF API Rate Limit' do +require 'net/http' +require 'uri' -# before(:all) do -# @config = BeEF::Core::Configuration.instance -# @config.set('beef.credentials.user', "beef") -# @config.set('beef.credentials.passwd', "beef") -# @username = @config.get('beef.credentials.user') -# @password = @config.get('beef.credentials.passwd') +RSpec.describe 'BeEF API Rate Limit' do + + def start_beef_server + @config = BeEF::Core::Configuration.instance + @config.set('beef.credentials.user', "beef") + @config.set('beef.credentials.passwd', "beef") + @username = @config.get('beef.credentials.user') + @password = @config.get('beef.credentials.passwd') -# # Load BeEF extensions and modules -# # Always load Extensions, as previous changes to the config from other tests may affect -# # whether or not this test passes. -# print_info "Loading in BeEF::Extensions" -# BeEF::Extensions.load -# sleep 2 + # Load BeEF extensions + # Always load Extensions, as previous changes to the config from other tests may affect + # whether or not this test passes. + BeEF::Extensions.load -# # Check if modules already loaded. No need to reload. -# if @config.get('beef.module').nil? -# print_info "Loading in BeEF::Modules" -# BeEF::Modules.load + # Load BeEF modules + # Check if modules already loaded. No need to reload. + if @config.get('beef.module').nil? + BeEF::Modules.load + else + print_info "Modules already loaded" + end -# sleep 2 -# else -# print_info "Modules already loaded" -# end + # Grab DB file and regenerate if requested + db_file = @config.get('beef.database.file') -# # Grab DB file and regenerate if requested -# print_info "Loading database" -# db_file = @config.get('beef.database.file') + if BeEF::Core::Console::CommandLine.parse[:resetdb] + File.delete(db_file) if File.exist?(db_file) + end -# if BeEF::Core::Console::CommandLine.parse[:resetdb] -# print_info 'Resetting the database for BeEF.' -# File.delete(db_file) if File.exist?(db_file) -# end + # Load up DB and migrate if necessary + ActiveRecord::Base.logger = nil + OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')] + OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file) + # otr-activerecord require you to manually establish the connection with the following line + #Also a check to confirm that the correct Gem version is installed to require it, likely easier for old systems. + if Gem.loaded_specs['otr-activerecord'].version > Gem::Version.create('1.4.2') + OTR::ActiveRecord.establish_connection! + end -# # Load up DB and migrate if necessary -# ActiveRecord::Base.logger = nil -# OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')] -# OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file) -# # otr-activerecord require you to manually establish the connection with the following line -# #Also a check to confirm that the correct Gem version is installed to require it, likely easier for old systems. -# if Gem.loaded_specs['otr-activerecord'].version > Gem::Version.create('1.4.2') -# OTR::ActiveRecord.establish_connection! -# end + # Migrate (if required) + ActiveRecord::Migration.verbose = false # silence activerecord migration stdout messages + context = ActiveRecord::Migration.new.migration_context + if context.needs_migration? + ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration, context.internal_metadata).migrate + end + BeEF::Core::Migration.instance.update_db! -# # Migrate (if required) -# ActiveRecord::Migration.verbose = false # silence activerecord migration stdout messages -# context = ActiveRecord::Migration.new.migration_context -# if context.needs_migration? -# ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration, context.internal_metadata).migrate -# end + # Spawn HTTP Server + # print_info "Starting HTTP Hook Server" + http_hook_server = BeEF::Core::Server.instance + http_hook_server.prepare -# sleep 2 + # Generate a token for the server to respond with + BeEF::Core::Crypto::api_token -# BeEF::Core::Migration.instance.update_db! + # Initiate server start-up + BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) + pid = fork do + http_hook_server.start + end -# # Spawn HTTP Server -# print_info "Starting HTTP Hook Server" -# http_hook_server = BeEF::Core::Server.instance -# http_hook_server.prepare + return pid + end -# # Generate a token for the server to respond with -# BeEF::Core::Crypto::api_token + def beef_server_running?(uri_str) + uri = URI.parse(uri_str) + response = Net::HTTP.get_response(uri) + response.is_a?(Net::HTTPSuccess) + rescue + false + end + + def wait_for_beef_server_to_start(uri_str, timeout: 30) + start_time = Time.now + + until beef_server_running?(uri_str) || (Time.now - start_time) > timeout do + sleep 0.1 + end + + beef_server_running?(uri_str) + end + + def start_beef_server_and_wait + pid = start_beef_server + + if wait_for_beef_server_to_start('http://localhost:3000', timeout: 30) + # print_info "Server started successfully." + else + print_info "Server failed to start within timeout." + end + + pid + end + + before(:all) do + @pid = start_beef_server_and_wait + end -# # Initiate server start-up -# @pids = fork do -# BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) -# end -# @pid = fork do -# http_hook_server.start -# end - -# # Give the server time to start-up -# sleep 3 - -# # Try to connect 3 times -# (0..2).each do |again| -# # Authenticate to REST API & pull the token from the response -# if @response.nil? -# print_info "Try to connect: " + again.to_s -# begin -# creds = { 'username': "#{@username}", 'password': "#{@password}" }.to_json -# @response = RestClient.post "#{RESTAPI_ADMIN}/login", creds, :content_type => :json -# rescue RestClient::ServerBrokeConnection, Errno::ECONNREFUSED # likely to be starting up still -# rescue => error -# print_error error.message -# end -# print_info "Rescue: sleep for 10 and try to connect again" -# sleep 10 -# end -# end -# expect(@response) .to be_truthy # confirm the test has connected to the server -# print_info "Connection with server was successful" -# @token = JSON.parse(@response)['token'] -# end - -# after(:all) do -# print_info "Shutting down server" -# Process.kill("KILL",@pid) unless @pid.nil? -# Process.kill("KILL",@pids) unless @pid.nil? -# end + after(:all) do + print_info "Shutting down server" + Process.kill("KILL",@pid) unless @pid.nil? + end -# xit 'adheres to auth rate limits' do -# passwds = (1..9).map { |i| "broken_pass"} -# passwds.push BEEF_PASSWD -# apis = passwds.map { |pswd| BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, pswd) } -# l = apis.length -# (0..2).each do |again| # multiple sets of auth attempts -# # first pass -- apis in order, valid passwd on 9th attempt -# # subsequent passes apis shuffled -# print_info "Starting authentication attempt sequence #{again + 1}. The valid password is placed randomly among failed attempts." -# (0..50).each do |i| -# test_api = apis[i%l] -# expect(test_api.auth()[:payload]).to eql("401 Unauthorized") # all (unless the valid is first 1 in 10 chance) -# end -# # again with more time between calls -- there should be success (1st iteration) -# print_info "Initiating delayed authentication requests to test successful authentication with correct credentials." -# print_info "Delayed requests are made to simulate more realistic login attempts and verify rate limiting." -# (0..(l*2)).each do |i| -# test_api = apis[i%l] -# if (test_api.is_pass?(BEEF_PASSWD)) -# expect(test_api.auth()[:payload]["success"]).to be(true) # valid pass should succeed -# else -# expect(test_api.auth()[:payload]).to eql("401 Unauthorized") -# end -# sleep(0.5) -# end -# apis.shuffle! # new order for next iteration -# apis = apis.reverse if (apis[0].is_pass?(BEEF_PASSWD)) # prevent the first from having valid passwd -# end # multiple sets of auth attempts -# end + it 'adheres to auth rate limits' do + passwds = (1..9).map { |i| "broken_pass"} + passwds.push BEEF_PASSWD + apis = passwds.map { |pswd| BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, pswd) } + l = apis.length + (0..2).each do |again| # multiple sets of auth attempts + # first pass -- apis in order, valid passwd on 9th attempt + # subsequent passes apis shuffled + print_info "Starting authentication attempt sequence #{again + 1}. The valid password is placed randomly among failed attempts." + (0..50).each do |i| + test_api = apis[i%l] + expect(test_api.auth()[:payload]).to eql("401 Unauthorized") # all (unless the valid is first 1 in 10 chance) + end + # again with more time between calls -- there should be success (1st iteration) + print_info "Initiating delayed authentication requests to test successful authentication with correct credentials." + print_info "Delayed requests are made to simulate more realistic login attempts and verify rate limiting." + (0..(l*2)).each do |i| + test_api = apis[i%l] + if (test_api.is_pass?(BEEF_PASSWD)) + expect(test_api.auth()[:payload]["success"]).to be(true) # valid pass should succeed + else + expect(test_api.auth()[:payload]).to eql("401 Unauthorized") + end + sleep(0.5) + end + apis.shuffle! # new order for next iteration + apis = apis.reverse if (apis[0].is_pass?(BEEF_PASSWD)) # prevent the first from having valid passwd + end # multiple sets of auth attempts + end -# end +end