Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor starting beef server

Browse Source
This commit is contained in:
Stephen
2024-03-20 04:11:39 +10:00
parent f3e3e6b014
commit 32543c6f33
1 changed files with 127 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

250
spec/beef/api/auth_rate_spec.rb
View File

@@ -1,139 +1,143 @@
# # #
# # Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net # Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
# # Browser Exploitation Framework (BeEF) - https://beefproject.com # Browser Exploitation Framework (BeEF) - https://beefproject.com
# # See the file 'doc/COPYING' for copying permission # See the file 'doc/COPYING' for copying permission
# # #
# RSpec.describe 'BeEF API Rate Limit' do require 'net/http'
require 'uri'
# before(:all) do RSpec.describe 'BeEF API Rate Limit' do
# @config = BeEF::Core::Configuration.instance
# @config.set('beef.credentials.user', "beef") def start_beef_server
# @config.set('beef.credentials.passwd', "beef") @config = BeEF::Core::Configuration.instance
# @username = @config.get('beef.credentials.user') @config.set('beef.credentials.user', "beef")
# @password = @config.get('beef.credentials.passwd') @config.set('beef.credentials.passwd', "beef")
@username = @config.get('beef.credentials.user')
@password = @config.get('beef.credentials.passwd')
# # Load BeEF extensions and modules # Load BeEF extensions
# # Always load Extensions, as previous changes to the config from other tests may affect # Always load Extensions, as previous changes to the config from other tests may affect
# # whether or not this test passes. # whether or not this test passes.
# print_info "Loading in BeEF::Extensions" BeEF::Extensions.load
# BeEF::Extensions.load
# sleep 2
# # Check if modules already loaded. No need to reload. # Load BeEF modules
# if @config.get('beef.module').nil? # Check if modules already loaded. No need to reload.
# print_info "Loading in BeEF::Modules" if @config.get('beef.module').nil?
# BeEF::Modules.load BeEF::Modules.load
else
print_info "Modules already loaded"
end
# sleep 2 # Grab DB file and regenerate if requested
# else db_file = @config.get('beef.database.file')
# print_info "Modules already loaded"
# end
# # Grab DB file and regenerate if requested if BeEF::Core::Console::CommandLine.parse[:resetdb]
# print_info "Loading database" File.delete(db_file) if File.exist?(db_file)
# db_file = @config.get('beef.database.file') end
# if BeEF::Core::Console::CommandLine.parse[:resetdb] # Load up DB and migrate if necessary
# print_info 'Resetting the database for BeEF.' ActiveRecord::Base.logger = nil
# File.delete(db_file) if File.exist?(db_file) OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
# end OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file)
# otr-activerecord require you to manually establish the connection with the following line
#Also a check to confirm that the correct Gem version is installed to require it, likely easier for old systems.
if Gem.loaded_specs['otr-activerecord'].version > Gem::Version.create('1.4.2')
OTR::ActiveRecord.establish_connection!
end
# # Load up DB and migrate if necessary # Migrate (if required)
# ActiveRecord::Base.logger = nil ActiveRecord::Migration.verbose = false # silence activerecord migration stdout messages
# OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')] context = ActiveRecord::Migration.new.migration_context
# OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file) if context.needs_migration?
# # otr-activerecord require you to manually establish the connection with the following line ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration, context.internal_metadata).migrate
# #Also a check to confirm that the correct Gem version is installed to require it, likely easier for old systems. end
# if Gem.loaded_specs['otr-activerecord'].version > Gem::Version.create('1.4.2') BeEF::Core::Migration.instance.update_db!
# OTR::ActiveRecord.establish_connection!
# end
# # Migrate (if required) # Spawn HTTP Server
# ActiveRecord::Migration.verbose = false # silence activerecord migration stdout messages # print_info "Starting HTTP Hook Server"
# context = ActiveRecord::Migration.new.migration_context http_hook_server = BeEF::Core::Server.instance
# if context.needs_migration? http_hook_server.prepare
# ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration, context.internal_metadata).migrate
# end
# sleep 2 # Generate a token for the server to respond with
BeEF::Core::Crypto::api_token
# BeEF::Core::Migration.instance.update_db! # Initiate server start-up
BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
pid = fork do
http_hook_server.start
end
# # Spawn HTTP Server return pid
# print_info "Starting HTTP Hook Server" end
# http_hook_server = BeEF::Core::Server.instance
# http_hook_server.prepare
# # Generate a token for the server to respond with def beef_server_running?(uri_str)
# BeEF::Core::Crypto::api_token uri = URI.parse(uri_str)
response = Net::HTTP.get_response(uri)
response.is_a?(Net::HTTPSuccess)
rescue
false
end
def wait_for_beef_server_to_start(uri_str, timeout: 30)
start_time = Time.now
until beef_server_running?(uri_str) || (Time.now - start_time) > timeout do
sleep 0.1
end
beef_server_running?(uri_str)
end
def start_beef_server_and_wait
pid = start_beef_server
if wait_for_beef_server_to_start('http://localhost:3000', timeout: 30)
# print_info "Server started successfully."
else
print_info "Server failed to start within timeout."
end
pid
end
before(:all) do
@pid = start_beef_server_and_wait
end
# # Initiate server start-up after(:all) do
# @pids = fork do print_info "Shutting down server"
# BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) Process.kill("KILL",@pid) unless @pid.nil?
# end end
# @pid = fork do
# http_hook_server.start
# end
# # Give the server time to start-up
# sleep 3
# # Try to connect 3 times
# (0..2).each do |again|
# # Authenticate to REST API & pull the token from the response
# if @response.nil?
# print_info "Try to connect: " + again.to_s
# begin
# creds = { 'username': "#{@username}", 'password': "#{@password}" }.to_json
# @response = RestClient.post "#{RESTAPI_ADMIN}/login", creds, :content_type => :json
# rescue RestClient::ServerBrokeConnection, Errno::ECONNREFUSED # likely to be starting up still
# rescue => error
# print_error error.message
# end
# print_info "Rescue: sleep for 10 and try to connect again"
# sleep 10
# end
# end
# expect(@response) .to be_truthy # confirm the test has connected to the server
# print_info "Connection with server was successful"
# @token = JSON.parse(@response)['token']
# end
# after(:all) do
# print_info "Shutting down server"
# Process.kill("KILL",@pid) unless @pid.nil?
# Process.kill("KILL",@pids) unless @pid.nil?
# end
# xit 'adheres to auth rate limits' do it 'adheres to auth rate limits' do
# passwds = (1..9).map { |i| "broken_pass"} passwds = (1..9).map { |i| "broken_pass"}
# passwds.push BEEF_PASSWD passwds.push BEEF_PASSWD
# apis = passwds.map { |pswd| BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, pswd) } apis = passwds.map { |pswd| BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, pswd) }
# l = apis.length l = apis.length
# (0..2).each do |again| # multiple sets of auth attempts (0..2).each do |again| # multiple sets of auth attempts
# # first pass -- apis in order, valid passwd on 9th attempt # first pass -- apis in order, valid passwd on 9th attempt
# # subsequent passes apis shuffled # subsequent passes apis shuffled
# print_info "Starting authentication attempt sequence #{again + 1}. The valid password is placed randomly among failed attempts." print_info "Starting authentication attempt sequence #{again + 1}. The valid password is placed randomly among failed attempts."
# (0..50).each do |i| (0..50).each do |i|
# test_api = apis[i%l] test_api = apis[i%l]
# expect(test_api.auth()[:payload]).to eql("401 Unauthorized") # all (unless the valid is first 1 in 10 chance) expect(test_api.auth()[:payload]).to eql("401 Unauthorized") # all (unless the valid is first 1 in 10 chance)
# end end
# # again with more time between calls -- there should be success (1st iteration) # again with more time between calls -- there should be success (1st iteration)
# print_info "Initiating delayed authentication requests to test successful authentication with correct credentials." print_info "Initiating delayed authentication requests to test successful authentication with correct credentials."
# print_info "Delayed requests are made to simulate more realistic login attempts and verify rate limiting." print_info "Delayed requests are made to simulate more realistic login attempts and verify rate limiting."
# (0..(l*2)).each do |i| (0..(l*2)).each do |i|
# test_api = apis[i%l] test_api = apis[i%l]
# if (test_api.is_pass?(BEEF_PASSWD)) if (test_api.is_pass?(BEEF_PASSWD))
# expect(test_api.auth()[:payload]["success"]).to be(true) # valid pass should succeed expect(test_api.auth()[:payload]["success"]).to be(true) # valid pass should succeed
# else else
# expect(test_api.auth()[:payload]).to eql("401 Unauthorized") expect(test_api.auth()[:payload]).to eql("401 Unauthorized")
# end end
# sleep(0.5) sleep(0.5)
# end end
# apis.shuffle! # new order for next iteration apis.shuffle! # new order for next iteration
# apis = apis.reverse if (apis[0].is_pass?(BEEF_PASSWD)) # prevent the first from having valid passwd apis = apis.reverse if (apis[0].is_pass?(BEEF_PASSWD)) # prevent the first from having valid passwd
# end # multiple sets of auth attempts end # multiple sets of auth attempts
# end end
# end end