Added test for test_network_request using the API.

2012-04-15 15:09:26 +01:00
parent 54e244013b
commit 66dbf871f1
1 changed files with 29 additions and 5 deletions
--- a/test/integration/tc_debug_modules.rb
+++ b/test/integration/tc_debug_modules.rb
@@ -66,8 +66,6 @@ class TC_DebugModules < Test::Unit::TestCase
    repeat_string = "BeEF"
    repeat_count = 20

-    BeefTest.new_victim
-    sleep 2.0
    response = RestClient.post "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_long_string}?token=#{@@token}",
                               { 'repeat_string' => repeat_string,
                                 'repeat'        => repeat_count}.to_json,
@@ -92,10 +90,8 @@ class TC_DebugModules < Test::Unit::TestCase

  # Test debug module "Test_return_ascii_chars" using the RESTful API
  def test_return_ascii_chars
-    BeefTest.new_victim
-    sleep 2.0
    response = RestClient.post "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_ascii_chars}?token=#{@@token}",
-                               {}.to_json,
+                               {}.to_json, # module does not expect any input
                               :content_type => :json,
                               :accept => :json
    assert_equal 200, response.code
@@ -117,4 +113,32 @@ class TC_DebugModules < Test::Unit::TestCase
    assert_equal ascii_chars,data["data"]
  end

+  # Test debug module "Test_network_request" using the RESTful API
+  def test_return_network_request
+
+    # Test same-domain request (response code and content of secret_page.html)
+    response = RestClient.post "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_test_network}?token=#{@@token}",
+                                #override only a few parameters, the other ones will have default values from modules's module.rb definition
+                               {"domain" => ATTACK_DOMAIN, "port" => "3000", "path" => "/demos/secret_page.html"}.to_json,
+                               :content_type => :json,
+                               :accept => :json
+    assert_equal 200, response.code
+    assert_not_nil response.body
+    result = JSON.parse(response.body)
+    success = result['success']
+    assert success
+
+    cmd_id = result['command_id']
+    sleep 3.0
+    response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_test_network}/#{cmd_id}", {:params => {:token => @@token}}
+    assert_equal 200, response.code
+    assert_not_nil response.body
+    result = JSON.parse(response.body)
+    data = JSON.parse(result["data"])
+    res = JSON.parse(data["data"])
+    assert_not_nil res
+    assert_equal 200, res["status_code"]
+    assert res["response_body"].include?("However you should still be capable of accessing it\n\t\tusing the Requester")
+
+  end
 end