diff --git a/.gitignore b/.gitignore index 8cfdbfb00..43485ea7d 100644 --- a/.gitignore +++ b/.gitignore @@ -120,6 +120,3 @@ node_modules/ # Generated files out/ doc/rdoc/ - -# User-specific files -config.yaml diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..32f677523 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,64 @@ +########################################################################################################### +########################################################################################################### +## ## +## Please read the Wiki Installation section on set-up using Docker prior to building this container. ## +## BeEF does NOT allow authentication with default credentials. So please, at the very least ## +## change the username:password in the config.yaml file to something secure that is not beef:beef ## +## before building or you will to denied access and have to rebuild anyway. ## +## ## +########################################################################################################### +########################################################################################################### + +# ---------------------------- Start of Builder 0 - Gemset Build ------------------------------------------ +FROM ruby:2.6.3-alpine AS builder +LABEL maintainer="Beef Project: github.com/beefproject/beef" + +# Install gems in parallel with 4 workers to expedite build process.= +ARG BUNDLER_ARGS="--jobs=4" + +# Set gemrc config to install gems without Ruby Index (ri) and Ruby Documentation (rdoc) files +RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc + +COPY . /beef + +# Add bundler/gem dependencies and then install +RUN apk add --no-cache git curl libcurl curl-dev ruby-dev libffi-dev make g++ gcc musl-dev zlib-dev sqlite-dev && \ + bundle install --system --clean --no-cache --gemfile=/beef/Gemfile $BUNDLER_ARGS && \ + # Temp fix for https://github.com/bundler/bundler/issues/6680 + rm -rf /usr/local/bundle/cache + +WORKDIR /beef + +# So we don't need to run as root +RUN chmod -R a+r /usr/local/bundle +# ------------------------------------- End of Builder 0 ------------------------------------------------- + + +# ---------------------------- Start of Builder 1 - Final Build ------------------------------------------ +FROM ruby:2.6.3-alpine +LABEL maintainer="Beef Project: github.com/beefproject/beef" + +# Create service account to run BeEF +RUN adduser -h /beef -g beef -D beef + +COPY . /beef + +# Use gemset created by the builder above +COPY --from=builder /usr/local/bundle /usr/local/bundle + +# Grant beef service account owner and groups rights over our BeEF working directory. +RUN chown -R beef:beef /beef + +# Install BeEF's runtime dependencies +RUN apk add --no-cache curl git build-base openssl readline-dev zlib zlib-dev libressl-dev yaml-dev sqlite-dev sqlite libxml2-dev libxslt-dev autoconf libc6-compat ncurses5 automake libtool bison nodejs + +WORKDIR /beef + +# Ensure we are using our service account by default +USER beef + +# Expose UI, Proxy, WebSocket server, and WebSocketSecure server +EXPOSE 3000 6789 61985 61986 + +ENTRYPOINT ["/beef/beef"] +# ------------------------------------- End of Builder 1 ------------------------------------------------- \ No newline at end of file diff --git a/Gemfile b/Gemfile index 0117ced97..d6cf1e954 100644 --- a/Gemfile +++ b/Gemfile @@ -81,7 +81,9 @@ group :test do gem 'rest-client', '>= 2.0.1' gem 'irb' gem 'pry-byebug' - gem 'em-websocket-client' + gem "websocket-client-simple", "~> 0.3.0" end source 'https://rubygems.org' + + diff --git a/config.yaml b/config.yaml index 5b8ad8617..d4d93e81b 100644 --- a/config.yaml +++ b/config.yaml @@ -69,13 +69,13 @@ beef: # Prefer WebSockets over XHR-polling when possible. websocket: - enable: true + enable: false port: 61985 # WS: good success rate through proxies # Use encrypted 'WebSocketSecure' # NOTE: works only on HTTPS domains and with HTTPS support enabled in BeEF secure: true secure_port: 61986 # WSSecure - ws_poll_timeout: 60000 # poll BeEF every 60 second + ws_poll_timeout: 5000 # poll BeEF every x second, this affects how often the browser can have a command execute on it ws_connect_timeout: 500 # useful to help fingerprinting finish before establishing the WS channel # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header) diff --git a/modules/debug/test_get_variable/config.yaml b/modules/debug/test_get_variable/config.yaml index efb400759..f26bc835c 100644 --- a/modules/debug/test_get_variable/config.yaml +++ b/modules/debug/test_get_variable/config.yaml @@ -6,7 +6,7 @@ beef: module: test_get_variable: - enable: false + enable: true category: "Debug" name: "Test JS variable passing" description: "Test for JS variable passing from another BeEF's script via Window object" diff --git a/spec/beef/extensions/websocket_spec.rb b/spec/beef/extensions/websocket_spec.rb index 5111a9418..67b09c2a9 100644 --- a/spec/beef/extensions/websocket_spec.rb +++ b/spec/beef/extensions/websocket_spec.rb @@ -1,6 +1,6 @@ require 'rest-client' require 'core/main/network_stack/websocket/websocket' -require 'em-websocket-client' +require 'websocket-client-simple' RSpec.describe 'BeEF Extension WebSockets' do @@ -10,26 +10,31 @@ RSpec.describe 'BeEF Extension WebSockets' do @cert = @config.get('beef.http.https.cert') @port = @config.get('beef.http.websocket.port') @secure_port = @config.get('beef.http.websocket.secure_port') + @config.set('beef.http.websocket.secure', false) + @ws = BeEF::Core::Websocket::Websocket.instance end - it 'Create Websocket Server' do - ws = BeEF::Core::Websocket::Websocket.instance - server= ws.start_websocket_server(:host => '127.0.0.1', - :port => @port , - :secure => false) - expect(server).to be_a_kind_of(Thread) + after(:all) do + @config.set('beef.http.websocket.secure', true) end - it 'Create Websocket Secure Server' do - ws = BeEF::Core::Websocket::Websocket.instance - server= ws.start_websocket_server(:host => '127.0.0.1', - :port => @secure_port , - :secure => true, - :tls_options => { - :cert_chain_file => @cert, - :private_key_file => @cert_key - }) - expect(server).to be_a_kind_of(Thread) + it 'confirms that a websocket server has been started' do + expect(@ws).to be_a_kind_of(BeEF::Core::Websocket::Websocket) + end + + it 'confirms that a secure websocket server has been started' do + @config.set('beef.http.websocket.secure', true) + wss = BeEF::Core::Websocket::Websocket.instance + expect(wss).to be_a_kind_of(BeEF::Core::Websocket::Websocket) + end + + it 'confirms that a websocket client can connect to the BeEF Websocket Server' do + sleep(3) + client = WebSocket::Client::Simple.connect "ws://127.0.0.1:#{@port}" + sleep(1) + expect(client).to be_a_kind_of(WebSocket::Client::Simple::Client) + expect(client.open?).to be true + client.close end end diff --git a/spec/beef/modules/debug/test_beef_debugs_spec.rb b/spec/beef/modules/debug/test_beef_debugs_spec.rb index 526401e2e..bbbc4afd5 100644 --- a/spec/beef/modules/debug/test_beef_debugs_spec.rb +++ b/spec/beef/modules/debug/test_beef_debugs_spec.rb @@ -11,145 +11,154 @@ require_relative '../../../support/beef_test' RSpec.describe 'BeEF Debug Command Modules:' do - before(:each) do - # Note: rake spec passes --patterns which causes BeEF to pickup this argument via optparse. I can't see a better way at the moment to filter this out. Therefore ARGV=[] for this test. - ARGV = [] - + before(:all) do # Grab config and set creds in variables for ease of access @config = BeEF::Core::Configuration.instance @username = @config.get('beef.credentials.user') @password = @config.get('beef.credentials.passwd') + + # Load BeEF exetensions and modules + BeEF::Extensions.load + + sleep 10 + + BeEF::Modules.load + + # Grab DB file and regenerate if requested + db_file = @config.get('beef.database.file') + + if BeEF::Core::Console::CommandLine.parse[:resetdb] + print_info 'Resetting the database for BeEF.' + File.delete(db_file) if File.exists?(db_file) + end + + # Load up DB and migrate if necessary + ActiveRecord::Base.logger = nil + OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')] + OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file) + + context = ActiveRecord::Migration.new.migration_context + if context.needs_migration? + ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate + end + + sleep 10 + + BeEF::Core::Migration.instance.update_db! # Spawn HTTP Server http_hook_server = BeEF::Core::Server.instance http_hook_server.prepare - + + # Generate a token for the server to respond with + BeEF::Core::Crypto::api_token + + # Initiate server start-up @pids = fork do - BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) + BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) end @pid = fork do http_hook_server.start end - # Wait for server to start - sleep 2 - - @restclient = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', @username, @password) + # Give the server time to start-up + sleep 1 - # Authenticate to RESTful API endpoint to generate token for future tests - response = @restclient.post "#{RESTAPI_ADMIN}/login", - { 'username': "#{@username}", - 'password': "#{@password}" }.to_json, - :content_type => :json - @token = JSON.parse(response)['token'] - hooks = @restclient.get "#{RESTAPI_HOOKS}?token=#{@token}" - @session = JSON.parse(hooks)['hooked-browsers']['online']['0']['session'] + # Authenticate to REST API & pull the token from the response + @response = RestClient.post "#{RESTAPI_ADMIN}/login", { 'username': "#{@username}", 'password': "#{@password}" }.to_json, :content_type => :json + @token = JSON.parse(@response)['token'] # Hook new victim - victim = BeefTest.new_victim + @victim = BeefTest.new_victim + + sleep 5 + + # Identify Session ID of victim generated above + @hooks = RestClient.get "#{RESTAPI_HOOKS}?token=#{@token}" + @session = JSON.parse(@hooks)['hooked-browsers']['online']['0']['session'] end - after(:each) do + after(:all) do Process.kill("KILL",@pid) Process.kill("KILL",@pids) end - describe 'Test_beef.debug() command module' do - it 'successfully executes' do - response = @restclient.post "#{RESTAPI_MODULES}/#{@session}/27?token=#{@token}", - { "msg": "Testing Test_beef.debug() command module" }.to_json, + it 'The Test_beef.debug() command module successfully executes' do + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/27?token=#{@token}", + { "msg": "test" }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + it 'The Return ASCII Characters command module successfully executes' do + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/25?token=#{@token}", + { }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + it "The Return Image command module successfully executes" do + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/22?token=#{@token}", + { }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + + it 'The Test HTTP Redirect command module successfully executes' do + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/24?token=#{@token}", + { }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + it "The Test Returning Results/Long String command module successfully executes" do + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/29?token=#{@token}", + { "repeat": 20, + "repeat_string": "beef" }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + it "The Test Network Request command module successfully executes" do + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/29?token=#{@token}", + { "scheme": "http", + "method": "GET", + "domain": "#{ATTACK_DOMAIN}", + "port": "#{@config.get('beef.http.port')}", + "path": "/hook.js", + "anchor": "anchor", + "data": "query=testquerydata", + "timeout": "10", + "dataType": "script" }.to_json, :content_type => :json - result_data = JSON.parse(response.body) - expect(result_data['success']).to eq "true" - end + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" end - describe 'Return ASCII Characters command module' do - it 'successfully executes' do - response = @restclient.post "#{RESTAPI_MODULES}/#{@session}/25?token=#{@token}", - { }.to_json, - :content_type => :json - result_data = JSON.parse(response.body) - expect(result_data['success']).to eq "true" - end + it "The Test DNS Tunnel command module successfully executes" do + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/26?token=#{@token}", + { "domain": "example.com", + "data": "Lorem ipsum" }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" end - describe 'Return Image command module' do - it "successfully executes" do - response = @restclient.post "#{RESTAPI_MODULES}/#{@session}/22?token=#{@token}", - { }.to_json, - :content_type => :json - result_data = JSON.parse(response.body) - expect(result_data['success']).to eq "true" - end - end - - describe "Test HTTP Redirect command module" do - before(:each) do - response = @restclient.post "#{RESTAPI_MODULES}/#{@session}/24?token=#{@token}", - { }.to_json, - :content_type => :json - result_data = JSON.parse(response.body) - expect(result_data['success']).to eq "true" - end - - it 'is successfully redirected to the specified URL' do - redirect_response = @restclient.get "http://#{ATTACK_DOMAIN}:3000/redirect" - expect(redirect_response.request.url).to eq "https://beefproject.com/" - end - end - - describe "Test Returning Results/Long String command module" do - it "successfully executes" do - response = @restclient.post "#{RESTAPI_MODULES}/#{@session}/29?token=#{@token}", - { "repeat": 20, - "repeat_string": "beef" }.to_json, - :content_type => :json - result_data = JSON.parse(response.body) - expect(result_data['success']).to eq "true" - end - end - - describe "Test Network Request command module" do - it "successfully executes" do - response = @restclient.post "#{RESTAPI_MODULES}/#{@session}/29?token=#{@token}", - { "scheme": "http", - "method": "GET", - "domain": "#{ATTACK_DOMAIN}", - "port": "#{@config.get('beef.http.port')}", - "path": "/hook.js", - "anchor": "anchor", - "data": "query=testquerydata", - "timeout": "10", - "dataType": "script" }.to_json, - :content_type => :json - result_data = JSON.parse(response.body) - expect(result_data['success']).to eq "true" - end - end - - describe "Test DNS Tunnel command module" do - it "successfully executes" do - response = @restclient.post "#{RESTAPI_MODULES}/#{@session}/26?token=#{@token}", - { "domain": "example.com", - "data": "Lorem ipsum" }.to_json, - :content_type => :json - result_data = JSON.parse(response.body) - expect(result_data['success']).to eq "true" - end - end - - describe "Test CORS Request command module" do - it "successfully executes" do - response = @restclient.post "#{RESTAPI_MODULES}/#{@session}/30?token=#{@token}", - { "method": "GET", - "url": "example.com", - "data": { - "test": "data" - }}.to_json, - content_type: :json - result_data = JSON.parse(response.body) - expect(result_data['success']).to eq "true" - end + it "The Test CORS Request command module successfully executes" do + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/30?token=#{@token}", + { "method": "GET", + "url": "example.com", + "data": { + "test": "data" + }}.to_json, + content_type: :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" end end \ No newline at end of file