Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Found the fix for the browser hooking issues. Resolved where necessary and cleaned up tests.

Browse Source
This commit is contained in:
Jack Walker
2020-04-20 10:55:00 +10:00
parent 31b039b0c5
commit 6ced8acd8b
4 changed files with 172 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
spec/beef/api/auth_rate_spec.rb
View File

@@ -23,13 +23,10 @@ RSpec.describe 'BeEF API Rate Limit' do
# wait for server to start
sleep 1
end
# wait for server to start
after(:all) do
Process.kill("KILL",@pid)
Process.kill("KILL",@pids)
after(:all) do
Process.kill("KILL",@pid)
Process.kill("KILL",@pids)
end
it 'adheres to auth rate limits' do

95
spec/beef/core/main/autorun_engine/autorun_engine_spec.rb
View File

@@ -1,27 +1,65 @@
#
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'rest-client'
require 'json'
require_relative '../../../../support/constants'
require_relative '../../../../support/beef_test'
RSpec.describe 'AutoRunEngine test' do
before(:all) do
# Note: rake spec passes --patterns which causes BeEF to pickup this argument via optparse. I can't see a better way at the moment to filter this out. Therefore ARGV=[] for this test.
ARGV = []
@config = BeEF::Core::Configuration.instance
@config.set('beef.credentials.user', "beef")
@config.set('beef.credentials.passwd', "beef")
@username = @config.get('beef.credentials.user')
@password = @config.get('beef.credentials.passwd')
#generate api token
BeEF::Core::Crypto::api_token
# Load BeEF extensions and modules
if @config.get('beef.extension').keys.length == 10
print_info "Loading in BeEF::Extensions"
BeEF::Extensions.load
# load up DB
# Connect to DB
sleep 2
else
print_info "Extensions already loaded"
end
if @config.get('beef.module').nil?
print_info "Loading in BeEF::Modules"
BeEF::Modules.load
sleep 2
else
print_info "Modules already loaded"
end
# Grab DB file and regenerate if requested
print_info "Loading database"
db_file = @config.get('beef.database.file')
if BeEF::Core::Console::CommandLine.parse[:resetdb]
print_info 'Resetting the database for BeEF.'
File.delete(db_file) if File.exists?(db_file)
end
# Load up DB and migrate if necessary
ActiveRecord::Base.logger = nil
OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database:'beef.db')
# Migrate (if required)
OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file)
context = ActiveRecord::Migration.new.migration_context
if context.needs_migration?
ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate
end
sleep 2
BeEF::Core::Migration.instance.update_db!
# add AutoRunEngine rule
test_rule = {"name"=>"Display an alert", "author"=>"mgeeky", "browser"=>"ALL", "browser_version"=>"ALL", "os"=>"ALL", "os_version"=>"ALL", "modules"=>[{"name"=>"alert_dialog", "condition"=>nil, "options"=>{"text"=>"You've been BeEFed ;>"}}], "execution_order"=>[0], "execution_delay"=>[0], "chain_mode"=>"sequential"}
@@ -29,49 +67,46 @@ RSpec.describe 'AutoRunEngine test' do
BeEF::Core::AutorunEngine::RuleLoader.instance.load_directory
# are_engine.R
# Spawn HTTP Server
print_info "Starting HTTP Hook Server"
http_hook_server = BeEF::Core::Server.instance
http_hook_server.prepare
# Generate a token for the server to respond with
BeEF::Core::Crypto::api_token
# Initiate server start-up
@pids = fork do
BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
end
@pid = fork do
http_hook_server.start
end
# wait for server to start
# Give the server time to start-up
sleep 1
# Authenticate to REST API & pull the token from the response
@response = RestClient.post "#{RESTAPI_ADMIN}/login", { 'username': "#{@username}", 'password': "#{@password}" }.to_json, :content_type => :json
@token = JSON.parse(@response)['token']
end
# wait for server to start
after(:all) do
Process.kill("KILL",@pid)
Process.kill("KILL",@pids)
after(:all) do
print_info "Shutting down server"
Process.kill("KILL",@pid)
Process.kill("KILL",@pids)
end
it 'AutoRunEngine is working' do
api = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, BEEF_PASSWD)
response = api.auth()
@token = response[:token]
puts "authenticated. api token: #{@token}"
puts 'hooking a new victim, waiting a few seconds...'
print_info 'Hooking a new victim, waiting a few seconds...'
victim = BeefTest.new_victim
sleep 5.0
response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}}
sleep 3
j = JSON.parse(response.body)
expect(j)
response = RestClient.get "#{RESTAPI_HOOKS}?token=#{@token}"
result_data = JSON.parse(response)
expect(result_data['hooked-browsers']['online']).not_to be_empty
end
end

145
spec/beef/core/main/handlers/browser_details_handler_spec.rb
View File

@@ -1,85 +1,122 @@
RSpec.describe 'Browser details handler' do
#
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'rest-client'
require 'json'
require_relative '../../../../support/constants'
require_relative '../../../../support/beef_test'
RSpec.describe 'Browser details handler' do
before(:all) do
# Note: rake spec passes --patterns which causes BeEF to pickup this argument via optparse. I can't see a better way at the moment to filter this out. Therefore ARGV=[] for this test.
ARGV = []
@config = BeEF::Core::Configuration.instance
@config.set('beef.credentials.user', "beef")
@config.set('beef.credentials.passwd', "beef")
@username = @config.get('beef.credentials.user')
@password = @config.get('beef.credentials.passwd')
#generate api token
BeEF::Core::Crypto::api_token
# Load BeEF extensions and modules
if @config.get('beef.extension').keys.length == 10
print_info "Loading in BeEF::Extensions"
BeEF::Extensions.load
# load up DB
# Connect to DB
sleep 2
else
print_info "Extensions already loaded"
end
if @config.get('beef.module').nil?
print_info "Loading in BeEF::Modules"
BeEF::Modules.load
sleep 2
else
print_info "Modules already loaded"
end
# Grab DB file and regenerate if requested
print_info "Loading database"
db_file = @config.get('beef.database.file')
if BeEF::Core::Console::CommandLine.parse[:resetdb]
print_info 'Resetting the database for BeEF.'
File.delete(db_file) if File.exists?(db_file)
end
# Load up DB and migrate if necessary
ActiveRecord::Base.logger = nil
OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database:'beef.db')
# Migrate (if required)
OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file)
context = ActiveRecord::Migration.new.migration_context
if context.needs_migration?
ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate
end
sleep 2
BeEF::Core::Migration.instance.update_db!
# add AutoRunEngine rule
test_rule = {"name"=>"Display an alert", "author"=>"mgeeky", "browser"=>"ALL", "browser_version"=>"ALL", "os"=>"ALL", "os_version"=>"ALL", "modules"=>[{"name"=>"alert_dialog", "condition"=>nil, "options"=>{"text"=>"You've been BeEFed ;>"}}], "execution_order"=>[0], "execution_delay"=>[0], "chain_mode"=>"sequential"}
BeEF::Core::AutorunEngine::RuleLoader.instance.load_directory
# are_engine.R
# Spawn HTTP Server
print_info "Starting HTTP Hook Server"
http_hook_server = BeEF::Core::Server.instance
http_hook_server.prepare
# Generate a token for the server to respond with
BeEF::Core::Crypto::api_token
# Initiate server start-up
@pids = fork do
BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
end
@pid = fork do
http_hook_server.start
end
# wait for server to start
# Give the server time to start-up
sleep 1
# Authenticate to REST API & pull the token from the response
@response = RestClient.post "#{RESTAPI_ADMIN}/login", { 'username': "#{@username}", 'password': "#{@password}" }.to_json, :content_type => :json
@token = JSON.parse(@response)['token']
# Hook new victim
print_info 'Hooking a new victim, waiting a few seconds...'
@victim = BeefTest.new_victim
sleep 3
# Identify Session ID of victim generated above
@hooks = JSON.parse(RestClient.get "#{RESTAPI_HOOKS}?token=#{@token}")
end
# wait for server to start
after(:all) do
Process.kill("KILL",@pid)
Process.kill("KILL",@pids)
end
after(:all) do
print_info "Shutting down server"
Process.kill("KILL",@pid)
Process.kill("KILL",@pids)
end
it 'can successfully hook a browser' do
expect(@hooks['hooked-browsers']['online']).not_to be_empty
end
it 'browser details handler working' do
api = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, BEEF_PASSWD)
response = api.auth()
@token = response[:token]
puts "authenticated. api token: #{@token}"
puts 'hooking a new victim, waiting a few seconds...'
victim = BeefTest.new_victim
sleep 3.0
response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}}
j = JSON.parse(response.body)
expect(j)
# response = RestClient.get "#{RESTAPI_HOOKS}/#{j['hooked-browsers']['online']['0']['session']}" , {:params => {:token => @token}}
# puts "getting browser details:"
# details = JSON.parse(response.body)
# # require 'byebug';byebug
# expect(victim.driver.browser.browser.to_s.downcase).to eql (details["browser.name.friendly"].downcase)
session_id = @hooks['hooked-browsers']['online']['0']['session']
print_info "Getting browser details"
response = RestClient.get "#{RESTAPI_HOOKS}/#{session_id}?token=#{@token}"
details = JSON.parse(response.body)
expect(@victim.driver.browser.browser.to_s.downcase).to eql (details['browser.name.friendly'].downcase)
end
it 'can successfully hook a browser' do
@token = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, BEEF_PASSWD).auth()[:token]
victim = BeefTest.new_victim
sleep(3)
response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}}
x = JSON.parse(response.body)
puts x
expect(x)
end
end

16
spec/beef/modules/debug/test_beef_debugs_spec.rb
View File

@@ -19,19 +19,26 @@ RSpec.describe 'BeEF Debug Command Modules:' do
# Load BeEF extensions and modules
if @config.get('beef.extension').keys.length == 10
print_info "Loading in BeEF::Extensions"
BeEF::Extensions.load
sleep 5
sleep 2
else
print_info "Extensions already loaded"
end
if @config.get('beef.module').nil?
BeEF::Modules.load
print_info "Loading in BeEF::Modules"
sleep 5
sleep 2
else
print_info "Modules already loaded"
end
# Grab DB file and regenerate if requested
print_info "Loading database"
db_file = @config.get('beef.database.file')
if BeEF::Core::Console::CommandLine.parse[:resetdb]
@@ -49,11 +56,12 @@ RSpec.describe 'BeEF Debug Command Modules:' do
ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate
end
sleep 5
sleep 2
BeEF::Core::Migration.instance.update_db!
# Spawn HTTP Server
print_info "Starting HTTP Hook Server"
http_hook_server = BeEF::Core::Server.instance
http_hook_server.prepare
@@ -76,6 +84,7 @@ RSpec.describe 'BeEF Debug Command Modules:' do
@token = JSON.parse(@response)['token']
# Hook new victim
print_info 'Hooking a new victim, waiting a few seconds...'
@victim = BeefTest.new_victim
sleep 3
@@ -94,6 +103,7 @@ RSpec.describe 'BeEF Debug Command Modules:' do
end
after(:all) do
print_info "Shutting down server"
Process.kill("KILL",@pid)
Process.kill("KILL",@pids)
end