Merge branch 'master' into dependabot/bundler/async-1.32.0

spec/beef/core/main/command_spec.rb

@@ -1,9 +1,4 @@
 RSpec.describe 'BeEF Command class testing' do
-  before(:each) do
-    # Reset or re-initialise the configuration to a default state
-    # @config_instance = BeEF::Core::Configuration.instance  
-  end
-
   it 'should return a beef configuration variable' do
     expect {
       BeEF::Modules.load if BeEF::Core::Configuration.instance.get('beef.module').nil?

spec/beef/extensions/adminui_spec.rb

@@ -1,7 +1,8 @@
-# 
-# Tests for handling access to the Admin UI
-# 
-
+#
+# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
 require 'extensions/admin_ui/classes/httpcontroller'
 require 'extensions/admin_ui/classes/session'
 require 'extensions/admin_ui/controllers/authentication/authentication'

spec/beef/extensions/dns_spec.rb

@@ -1,3 +1,8 @@
+#
+# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
 require 'resolv'
 require 'extensions/dns/extension.rb'
 

spec/beef/extensions/network_spec.rb

@@ -1,3 +1,8 @@
+#
+# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
 require 'extensions/network/models/network_service'
 require 'extensions/network/models/network_host'
 

spec/beef/extensions/proxy_spec.rb

@@ -1,3 +1,8 @@
+#
+# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
 require 'extensions/proxy/extension'
 
 RSpec.describe 'BeEF Extension Proxy' do

spec/beef/extensions/qrcode_spec.rb

@@ -1,3 +1,8 @@
+#
+# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
 require 'extensions/qrcode/extension'
 
 RSpec.describe 'BeEF Extension QRCode' do

spec/beef/extensions/requester_spec.rb

@@ -1,5 +1,10 @@
 require 'extensions/requester/extension'
 
+#
+# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
 RSpec.describe 'BeEF Extension Requester' do
   before(:all) do
     @config = BeEF::Core::Configuration.instance

spec/beef/extensions/social_engineering_spec.rb

@@ -1,3 +1,8 @@
+#
+# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
 require 'extensions/social_engineering/models/web_cloner'
 require 'extensions/social_engineering/web_cloner/web_cloner'
 require 'extensions/social_engineering/web_cloner/interceptor'

spec/beef/extensions/webrtc_spec.rb

@@ -1,5 +1,10 @@
 require 'rest-client'
 
+#
+# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
 RSpec.describe 'BeEF Extension WebRTC' do
   before(:all) do
     @config = BeEF::Core::Configuration.instance

spec/beef/extensions/websocket_hooked_browser_spec.rb

@@ -3,7 +3,6 @@
 # Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
-
 require 'rest-client'
 require 'json'
 require_relative '../../spec_helper'

spec/beef/extensions/websocket_spec.rb

@@ -1,3 +1,8 @@
+#
+# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
 require 'rest-client'
 require 'core/main/network_stack/websocket/websocket'
 require 'websocket-client-simple'

spec/beef/extensions/xssrays_spec.rb

@@ -1,3 +1,9 @@
+
+#
+# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
 require 'extensions/xssrays/extension'
 
 RSpec.describe 'BeEF Extension XSSRays' do

spec/requests/beef_test_spec.rb

@@ -0,0 +1,114 @@
+#
+# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+require 'spec_helper'
+require 'capybara/rspec'
+require_relative '../support/beef_test'
+
+RSpec.describe BeefTest do
+
+    before(:each) do
+        @pid = start_beef_server_and_wait
+    end
+
+    after(:each) do
+        # Shutting down server
+        Process.kill("KILL", @pid) unless @pid.nil?
+        Process.wait(@pid) unless @pid.nil? # Ensure the process has exited and the port is released 
+        @pid = nil        
+    end
+
+    describe '.login' do
+        it 'logs in successfully' do
+            expect(port_available?) # Check if the tcp port is open
+            session = BeefTest.login()
+            expect(session).not_to be_nil
+            expect(session.has_content?('Hooked Browsers', wait: 10))
+        end
+    end
+
+    describe '.logout' do
+        before(:each) do
+            expect(port_available?) # # Check if the tcp port is open
+            @session = BeefTest.login() # Ensure login before each '.logout' test
+            expect(@session.has_content?('Hooked Browsers', wait: 10))
+        end
+
+        it 'logs out successfully' do
+            expect(port_available?) # # Check if the tcp port is open
+            expect(@session.has_content?('Hooked Browsers', wait: 10))
+            
+            # Log out of the session
+            @sessoin = BeefTest.logout(@session)
+            expect(@session.has_no_content?('Hooked Browsers', wait: 10))
+            expect(@session.has_content?('Authentication', wait: 10))
+        @session.reset_session!
+        end
+    end
+
+    describe '.save_screenshot' do
+        it 'saves a screenshot' do
+            session = Capybara::Session.new(:selenium_headless) if session.nil?
+            
+            # Ensure the new directory does not exist
+            outputDir = '/tmp'
+            directory = "#{outputDir}/#{SecureRandom.hex}/"
+            expect(File.directory?(directory)).to be false
+
+            # Save the screenshot
+            BeefTest.save_screenshot(session, directory)
+
+            # Ensure the screenshot was saved
+            expect(File.directory?(directory)).to be true
+            screenshot_files = Dir.glob("#{directory}/*.png")
+            expect(screenshot_files.empty?).to be false
+
+            # Ensure the screenshot file is not empty and clean up
+            screenshot_files.each do |file|
+                expect(File.size(file)).to be > 0
+                File.delete(file)
+            end
+            expect(Dir.glob("#{directory}/*.png").empty?).to be true     
+            
+            # Remove the directory
+            Dir.delete(directory)
+            expect(File.directory?(directory)).to be false
+        end
+    end
+
+    let(:session) { Capybara::Session.new(:selenium_headless) }
+    let(:victim) { Capybara::Session.new(:selenium_headless) }
+
+    describe '.new_attacker' do
+        it 'creates a new attacker session' do
+            # # Test setup
+            expect(session).not_to be_nil
+
+            result = BeefTest.new_attacker(session)
+            
+            # Test assertions
+            expect(result).to eq(session)
+            expect(session.has_no_content?('Authentication', wait: 10))
+            expect(session.has_content?('Hooked Browsers', wait: 10))
+            session.reset_session!
+        end
+    end
+
+    describe '.new_victim' do
+        it 'creates a new victim session' do
+            # Test setup
+            allow(victim).to receive(:visit)
+            expect(victim).not_to be_nil
+
+            # Test execution
+            result = BeefTest.new_victim(victim)
+
+            # Test assertions
+            expect(victim).to have_received(:visit).with(VICTIM_URL)
+            expect(result).to eq(victim)
+            victim.reset_session!
+        end
+    end
+end

spec/requests/login_spec.rb

@@ -0,0 +1,78 @@
+#
+# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+require 'rspec'
+require 'spec/support/constants.rb'
+# require '../common/beef_test'
+
+RSpec.describe 'Beef Login' do
+  # let(:session) { Capybara::Session.new(:selenium_headless) }
+
+  # before(:each) do
+  #   session.visit(ATTACK_URL)
+  #   sleep 2.0
+  # end
+
+  # after(:each) do
+  #   BeefTest.save_screenshot(session)
+  #   session.driver.browser.close
+  # end
+
+  # it 'logs in successfully' do
+  #   session.fill_in 'user', with: BEEF_USER
+  #   session.fill_in 'pass', with: BEEF_PASSWD
+  #   session.click_button('Login')
+  #   sleep 10.0
+  #   expect(session).to have_content('Logout')
+  # end
+
+  # it 'logs out successfully' do
+  #   session.fill_in 'user', with: BEEF_USER
+  #   session.fill_in 'pass', with: BEEF_PASSWD
+  #   session.click_button('Login')
+  #   sleep 2.0
+  #   session.click_link('Logout')
+  #   sleep 2.0
+  #   expect(session).to have_title('BeEF Authentication')
+  # end
+
+  # it 'displays logs tab' do
+  #   session.fill_in 'user', with: BEEF_USER
+  #   session.fill_in 'pass', with: BEEF_PASSWD
+  #   session.click_button('Login')
+  #   sleep 2.0
+  #   session.click_on('Logs')
+  #   expect(session).to have_content('Logout')
+  #   expect(session).to have_content('Hooked Browsers')
+  #   expect(session).to have_content('Type')
+  #   expect(session).to have_content('Event')
+  #   expect(session).to have_content('Date')
+  #   expect(session).to have_content('Page')
+  #   expect(session).to have_content('User with ip 127.0.0.1 has successfully authenticated in the application')
+  # end
+
+  # it 'hooks a browser successfully' do
+  #   attacker = BeefTest.new_attacker
+  #   victim = BeefTest.new_victim
+
+  #   sleep 5.0
+
+  #   expect(attacker).to have_content(VICTIM_DOMAIN)
+  #   expect(attacker).to have_content('127.0.0.1')
+  #   attacker.click_on("127.0.0.1", match: :first)
+
+  #   sleep 1.0
+
+  #   expect(attacker).to have_content('Details')
+  #   expect(attacker).to have_content('Commands')
+
+  #   BeefTest.save_screenshot(attacker)
+  #   BeefTest.save_screenshot(victim)
+
+  #   BeefTest.logout(attacker)
+  #   attacker.driver.browser.close
+  #   victim.driver.browser.close
+  # end
+end

spec/spec_helper.rb

@@ -1,3 +1,8 @@
+#
+# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - https://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
 require 'core/loader.rb'
 
 # @note We need to load variables that 'beef' usually does for us

spec/support/beef_test.rb

@@ -3,45 +3,67 @@
 # Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
-require 'test/unit'
-
+require 'selenium-webdriver'
+require 'spec_helper'
 require 'capybara'
 require 'capybara/rspec'
 Capybara.run_server = false # we need to run our own BeEF server
 
-require 'selenium-webdriver'
-
 class BeefTest
-  def self.save_screenshot(session)
-    Dir.mkdir(BEEF_TEST_DIR) unless File.directory?(BEEF_TEST_DIR)
-    session.driver.browser.save_screenshot(BEEF_TEST_DIR + Time.now.strftime('%Y-%m-%d--%H-%M-%S-%N') + '.png')
+  def self.save_screenshot(session, dir = nil)
+    outputDir = dir || BEEF_TEST_DIR
+    Dir.mkdir(outputDir) unless File.directory?(outputDir)
+    filename = outputDir + Time.now.strftime('%Y-%m-%d--%H-%M-%S-%N') + '.png'
+    session.driver.browser.save_screenshot(filename)
   end
 
   def self.login(session = nil)
     session = Capybara::Session.new(:selenium_headless) if session.nil?
     session.visit(ATTACK_URL)
-    sleep 2.0
-    session.has_content?('BeEF Authentication')
-    session.fill_in 'user', with: BEEF_USER
-    session.fill_in 'pass', with: BEEF_PASSWD
-    session.click_button('Login')
-    sleep 10.0
+    
+    session.has_content?('Authentication', wait: 10)
+
+    # enter the credentials
+    session.execute_script("document.getElementById('pass').value = '#{CGI.escapeHTML(BEEF_PASSWD)}'\;")
+    session.execute_script("document.getElementById('user').value = '#{CGI.escapeHTML(BEEF_USER)}'\;")
+
+    # due to using JS there seems to be a race condition - this is a workaround
+    session.has_content?('beef', wait: 10)
+
+    # click the login button
+    login_script = <<-JAVASCRIPT
+      var loginButton;
+      var buttons = document.getElementsByTagName('button');
+      for (var i = 0; i < buttons.length; i++) {
+        if (buttons[i].textContent === 'Login') {
+          loginButton = buttons[i];
+          break;
+        }
+      }
+      if (loginButton) {
+        loginButton.click();
+      }
+    JAVASCRIPT
+    session.execute_script(login_script)
+
+    session.has_content?('Hooked Browsers', wait: 10)
 
     session
   end
 
   def self.logout(session)
-    session.click_link('Logout')
+    session.click_on('Logout')
+    session.has_content?('Authentication', wait: 10)
 
     session
   end
 
-  def self.new_attacker
-    self.login
+  def self.new_attacker(session = nil)
+    self.login(session)
   end
 
-  def self.new_victim
-    victim = Capybara::Session.new(:selenium_headless)
+  def self.new_victim(victim = nil)
+    victim = Capybara::Session.new(:selenium_headless) if victim.nil?
     victim.visit(VICTIM_URL)
     victim
   end

test/integration/check_environment.rb

@@ -1,15 +0,0 @@
-#
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - https://beefproject.com
-# See the file 'doc/COPYING' for copying permission
-#
-require 'test/unit'
-
-class TC_CheckEnvironment < Test::Unit::TestCase
-
-  def test_check_env
-    # Add environment checks here
-
-  end
-
-end

test/thirdparty/msf/unit/check_environment.rb

@@ -1,15 +0,0 @@
-#
-# Copyright (c) 2006-2024 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - https://beefproject.com
-# See the file 'doc/COPYING' for copying permission
-#
-require 'test/unit'
-
-class TC_CheckEnvironment < Test::Unit::TestCase
-
-  def test_check_env
-    # Add environment checks here
-
-  end
-
-end