From 6ced8acd8bd057e8e06644ef087e8065f35700ae Mon Sep 17 00:00:00 2001 From: Jack Walker Date: Mon, 20 Apr 2020 10:55:00 +1000 Subject: [PATCH] Found the fix for the browser hooking issues. Resolved where necessary and cleaned up tests. --- spec/beef/api/auth_rate_spec.rb | 9 +- .../autorun_engine/autorun_engine_spec.rb | 95 ++++++++---- .../handlers/browser_details_handler_spec.rb | 145 +++++++++++------- .../modules/debug/test_beef_debugs_spec.rb | 16 +- 4 files changed, 172 insertions(+), 93 deletions(-) diff --git a/spec/beef/api/auth_rate_spec.rb b/spec/beef/api/auth_rate_spec.rb index 5c01118a9..4740c334d 100644 --- a/spec/beef/api/auth_rate_spec.rb +++ b/spec/beef/api/auth_rate_spec.rb @@ -23,13 +23,10 @@ RSpec.describe 'BeEF API Rate Limit' do # wait for server to start sleep 1 end - # wait for server to start - after(:all) do - - Process.kill("KILL",@pid) - Process.kill("KILL",@pids) - + after(:all) do + Process.kill("KILL",@pid) + Process.kill("KILL",@pids) end it 'adheres to auth rate limits' do diff --git a/spec/beef/core/main/autorun_engine/autorun_engine_spec.rb b/spec/beef/core/main/autorun_engine/autorun_engine_spec.rb index ab4bee67c..cd5836691 100644 --- a/spec/beef/core/main/autorun_engine/autorun_engine_spec.rb +++ b/spec/beef/core/main/autorun_engine/autorun_engine_spec.rb @@ -1,27 +1,65 @@ +# +# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# + +require 'rest-client' +require 'json' +require_relative '../../../../support/constants' +require_relative '../../../../support/beef_test' + RSpec.describe 'AutoRunEngine test' do before(:all) do # Note: rake spec passes --patterns which causes BeEF to pickup this argument via optparse. I can't see a better way at the moment to filter this out. Therefore ARGV=[] for this test. - ARGV = [] @config = BeEF::Core::Configuration.instance @config.set('beef.credentials.user', "beef") @config.set('beef.credentials.passwd', "beef") + @username = @config.get('beef.credentials.user') + @password = @config.get('beef.credentials.passwd') - #generate api token - BeEF::Core::Crypto::api_token + # Load BeEF extensions and modules + if @config.get('beef.extension').keys.length == 10 + print_info "Loading in BeEF::Extensions" + BeEF::Extensions.load - # load up DB - # Connect to DB + sleep 2 + else + print_info "Extensions already loaded" + end + + if @config.get('beef.module').nil? + print_info "Loading in BeEF::Modules" + BeEF::Modules.load + + sleep 2 + else + print_info "Modules already loaded" + end + + # Grab DB file and regenerate if requested + print_info "Loading database" + db_file = @config.get('beef.database.file') + + if BeEF::Core::Console::CommandLine.parse[:resetdb] + print_info 'Resetting the database for BeEF.' + File.delete(db_file) if File.exists?(db_file) + end + + # Load up DB and migrate if necessary ActiveRecord::Base.logger = nil OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')] - OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database:'beef.db') - # Migrate (if required) + OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file) + context = ActiveRecord::Migration.new.migration_context if context.needs_migration? ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate end + sleep 2 + BeEF::Core::Migration.instance.update_db! # add AutoRunEngine rule test_rule = {"name"=>"Display an alert", "author"=>"mgeeky", "browser"=>"ALL", "browser_version"=>"ALL", "os"=>"ALL", "os_version"=>"ALL", "modules"=>[{"name"=>"alert_dialog", "condition"=>nil, "options"=>{"text"=>"You've been BeEFed ;>"}}], "execution_order"=>[0], "execution_delay"=>[0], "chain_mode"=>"sequential"} @@ -29,49 +67,46 @@ RSpec.describe 'AutoRunEngine test' do BeEF::Core::AutorunEngine::RuleLoader.instance.load_directory # are_engine.R - + # Spawn HTTP Server + print_info "Starting HTTP Hook Server" http_hook_server = BeEF::Core::Server.instance http_hook_server.prepare + # Generate a token for the server to respond with + BeEF::Core::Crypto::api_token + # Initiate server start-up @pids = fork do BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) end @pid = fork do http_hook_server.start end - # wait for server to start + + # Give the server time to start-up sleep 1 + + # Authenticate to REST API & pull the token from the response + @response = RestClient.post "#{RESTAPI_ADMIN}/login", { 'username': "#{@username}", 'password': "#{@password}" }.to_json, :content_type => :json + @token = JSON.parse(@response)['token'] end - # wait for server to start - after(:all) do - - Process.kill("KILL",@pid) - Process.kill("KILL",@pids) - + after(:all) do + print_info "Shutting down server" + Process.kill("KILL",@pid) + Process.kill("KILL",@pids) end it 'AutoRunEngine is working' do - - api = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, BEEF_PASSWD) - - response = api.auth() - - @token = response[:token] - - puts "authenticated. api token: #{@token}" - - puts 'hooking a new victim, waiting a few seconds...' - + print_info 'Hooking a new victim, waiting a few seconds...' victim = BeefTest.new_victim - sleep 5.0 - response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}} + sleep 3 - j = JSON.parse(response.body) - expect(j) + response = RestClient.get "#{RESTAPI_HOOKS}?token=#{@token}" + result_data = JSON.parse(response) + expect(result_data['hooked-browsers']['online']).not_to be_empty end end diff --git a/spec/beef/core/main/handlers/browser_details_handler_spec.rb b/spec/beef/core/main/handlers/browser_details_handler_spec.rb index c3d295700..a1b5a5740 100644 --- a/spec/beef/core/main/handlers/browser_details_handler_spec.rb +++ b/spec/beef/core/main/handlers/browser_details_handler_spec.rb @@ -1,85 +1,122 @@ -RSpec.describe 'Browser details handler' do +# +# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +require 'rest-client' +require 'json' +require_relative '../../../../support/constants' +require_relative '../../../../support/beef_test' + +RSpec.describe 'Browser details handler' do before(:all) do - # Note: rake spec passes --patterns which causes BeEF to pickup this argument via optparse. I can't see a better way at the moment to filter this out. Therefore ARGV=[] for this test. - ARGV = [] @config = BeEF::Core::Configuration.instance @config.set('beef.credentials.user', "beef") @config.set('beef.credentials.passwd', "beef") + @username = @config.get('beef.credentials.user') + @password = @config.get('beef.credentials.passwd') - #generate api token - BeEF::Core::Crypto::api_token + # Load BeEF extensions and modules + if @config.get('beef.extension').keys.length == 10 + print_info "Loading in BeEF::Extensions" + BeEF::Extensions.load - # load up DB - # Connect to DB + sleep 2 + else + print_info "Extensions already loaded" + end + + if @config.get('beef.module').nil? + print_info "Loading in BeEF::Modules" + BeEF::Modules.load + + sleep 2 + else + print_info "Modules already loaded" + end + + # Grab DB file and regenerate if requested + print_info "Loading database" + db_file = @config.get('beef.database.file') + + if BeEF::Core::Console::CommandLine.parse[:resetdb] + print_info 'Resetting the database for BeEF.' + File.delete(db_file) if File.exists?(db_file) + end + + # Load up DB and migrate if necessary ActiveRecord::Base.logger = nil OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')] - OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database:'beef.db') - # Migrate (if required) + OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file) + context = ActiveRecord::Migration.new.migration_context if context.needs_migration? ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate end + sleep 2 + BeEF::Core::Migration.instance.update_db! + + # add AutoRunEngine rule + test_rule = {"name"=>"Display an alert", "author"=>"mgeeky", "browser"=>"ALL", "browser_version"=>"ALL", "os"=>"ALL", "os_version"=>"ALL", "modules"=>[{"name"=>"alert_dialog", "condition"=>nil, "options"=>{"text"=>"You've been BeEFed ;>"}}], "execution_order"=>[0], "execution_delay"=>[0], "chain_mode"=>"sequential"} + + BeEF::Core::AutorunEngine::RuleLoader.instance.load_directory + # are_engine.R + + # Spawn HTTP Server + print_info "Starting HTTP Hook Server" http_hook_server = BeEF::Core::Server.instance http_hook_server.prepare + + # Generate a token for the server to respond with + BeEF::Core::Crypto::api_token + + # Initiate server start-up @pids = fork do BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) end @pid = fork do http_hook_server.start end - # wait for server to start + + # Give the server time to start-up sleep 1 + + # Authenticate to REST API & pull the token from the response + @response = RestClient.post "#{RESTAPI_ADMIN}/login", { 'username': "#{@username}", 'password': "#{@password}" }.to_json, :content_type => :json + @token = JSON.parse(@response)['token'] + + # Hook new victim + print_info 'Hooking a new victim, waiting a few seconds...' + @victim = BeefTest.new_victim + + sleep 3 + + # Identify Session ID of victim generated above + @hooks = JSON.parse(RestClient.get "#{RESTAPI_HOOKS}?token=#{@token}") end - # wait for server to start - after(:all) do - - Process.kill("KILL",@pid) - Process.kill("KILL",@pids) - - end + after(:all) do + print_info "Shutting down server" + Process.kill("KILL",@pid) + Process.kill("KILL",@pids) + end + + it 'can successfully hook a browser' do + expect(@hooks['hooked-browsers']['online']).not_to be_empty + end it 'browser details handler working' do - - api = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, BEEF_PASSWD) - - response = api.auth() - - @token = response[:token] - - puts "authenticated. api token: #{@token}" - - puts 'hooking a new victim, waiting a few seconds...' - - victim = BeefTest.new_victim - sleep 3.0 - - response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}} - - j = JSON.parse(response.body) - expect(j) - # response = RestClient.get "#{RESTAPI_HOOKS}/#{j['hooked-browsers']['online']['0']['session']}" , {:params => {:token => @token}} - # puts "getting browser details:" - - # details = JSON.parse(response.body) - - - # # require 'byebug';byebug - # expect(victim.driver.browser.browser.to_s.downcase).to eql (details["browser.name.friendly"].downcase) - - + session_id = @hooks['hooked-browsers']['online']['0']['session'] + + print_info "Getting browser details" + response = RestClient.get "#{RESTAPI_HOOKS}/#{session_id}?token=#{@token}" + details = JSON.parse(response.body) + + expect(@victim.driver.browser.browser.to_s.downcase).to eql (details['browser.name.friendly'].downcase) end - it 'can successfully hook a browser' do - @token = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, BEEF_PASSWD).auth()[:token] - victim = BeefTest.new_victim - sleep(3) - response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}} - x = JSON.parse(response.body) - puts x - expect(x) - end + end diff --git a/spec/beef/modules/debug/test_beef_debugs_spec.rb b/spec/beef/modules/debug/test_beef_debugs_spec.rb index e04afaf9c..41cf0bd5c 100644 --- a/spec/beef/modules/debug/test_beef_debugs_spec.rb +++ b/spec/beef/modules/debug/test_beef_debugs_spec.rb @@ -19,19 +19,26 @@ RSpec.describe 'BeEF Debug Command Modules:' do # Load BeEF extensions and modules if @config.get('beef.extension').keys.length == 10 + print_info "Loading in BeEF::Extensions" BeEF::Extensions.load - sleep 5 + sleep 2 + else + print_info "Extensions already loaded" end if @config.get('beef.module').nil? BeEF::Modules.load + print_info "Loading in BeEF::Modules" - sleep 5 + sleep 2 + else + print_info "Modules already loaded" end # Grab DB file and regenerate if requested + print_info "Loading database" db_file = @config.get('beef.database.file') if BeEF::Core::Console::CommandLine.parse[:resetdb] @@ -49,11 +56,12 @@ RSpec.describe 'BeEF Debug Command Modules:' do ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate end - sleep 5 + sleep 2 BeEF::Core::Migration.instance.update_db! # Spawn HTTP Server + print_info "Starting HTTP Hook Server" http_hook_server = BeEF::Core::Server.instance http_hook_server.prepare @@ -76,6 +84,7 @@ RSpec.describe 'BeEF Debug Command Modules:' do @token = JSON.parse(@response)['token'] # Hook new victim + print_info 'Hooking a new victim, waiting a few seconds...' @victim = BeefTest.new_victim sleep 3 @@ -94,6 +103,7 @@ RSpec.describe 'BeEF Debug Command Modules:' do end after(:all) do + print_info "Shutting down server" Process.kill("KILL",@pid) Process.kill("KILL",@pids) end