Added api_token for RESTful api authentication

beef

@@ -109,6 +109,9 @@ BeEF::Core::Console::Banners.print_loaded_modules
 BeEF::Core::Console::Banners.print_network_interfaces_count
 BeEF::Core::Console::Banners.print_network_interfaces_routes
 
+#@note Prints the API key needed to use the RESTful API
+print_info "RESTful API key: #{BeEF::Core::Crypto::api_token}"
+
 # @note Call the API method 'pre_http_start'
 BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
 

core/main/crypto.rb

@@ -36,6 +36,19 @@ module Core
       # return random hex string
       return OpenSSL::Random.random_bytes(token_length).unpack("H*")[0]
     end
+
+    # Generate a secure random token, 20 chars, used as an auth token for the RESTful API.
+    # After creation it's stored in the BeEF configuration object => conf.get('beef.api_token')
+    # @return [String] Security token
+    def self.api_token
+      config = BeEF::Core::Configuration.instance
+      token_length = 20
+
+      # return random hex string
+      token = OpenSSL::Random.random_bytes(token_length).unpack("H*")[0]
+      config.set('beef.api_token', token)
+      token
+    end
   
   end
 end

core/main/rest/handlers/rest.rb

@@ -19,6 +19,12 @@ module BeEF
     module Rest
       class Rest < Sinatra::Base
 
+        config = BeEF::Core::Configuration.instance
+
+        before do
+          error 401 unless params[:token] == config.get('beef.api_token')
+        end
+
         get '/sinatra' do
           "Sinatra! v.#{Sinatra::VERSION}"
         end