From 872272645edc3c5b9909bec29987a28603f1d304 Mon Sep 17 00:00:00 2001 From: antisnatchor Date: Mon, 12 Mar 2012 10:27:03 +0100 Subject: [PATCH] Added api_token for RESTful api authentication --- beef | 3 +++ core/main/crypto.rb | 13 +++++++++++++ core/main/rest/handlers/rest.rb | 6 ++++++ 3 files changed, 22 insertions(+) diff --git a/beef b/beef index f6cbb0840..bbab62e73 100755 --- a/beef +++ b/beef @@ -109,6 +109,9 @@ BeEF::Core::Console::Banners.print_loaded_modules BeEF::Core::Console::Banners.print_network_interfaces_count BeEF::Core::Console::Banners.print_network_interfaces_routes +#@note Prints the API key needed to use the RESTful API +print_info "RESTful API key: #{BeEF::Core::Crypto::api_token}" + # @note Call the API method 'pre_http_start' BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) diff --git a/core/main/crypto.rb b/core/main/crypto.rb index 25c751446..ae81ae5e6 100644 --- a/core/main/crypto.rb +++ b/core/main/crypto.rb @@ -36,6 +36,19 @@ module Core # return random hex string return OpenSSL::Random.random_bytes(token_length).unpack("H*")[0] end + + # Generate a secure random token, 20 chars, used as an auth token for the RESTful API. + # After creation it's stored in the BeEF configuration object => conf.get('beef.api_token') + # @return [String] Security token + def self.api_token + config = BeEF::Core::Configuration.instance + token_length = 20 + + # return random hex string + token = OpenSSL::Random.random_bytes(token_length).unpack("H*")[0] + config.set('beef.api_token', token) + token + end end end diff --git a/core/main/rest/handlers/rest.rb b/core/main/rest/handlers/rest.rb index 3746ae8e6..0164ce408 100644 --- a/core/main/rest/handlers/rest.rb +++ b/core/main/rest/handlers/rest.rb @@ -19,6 +19,12 @@ module BeEF module Rest class Rest < Sinatra::Base + config = BeEF::Core::Configuration.instance + + before do + error 401 unless params[:token] == config.get('beef.api_token') + end + get '/sinatra' do "Sinatra! v.#{Sinatra::VERSION}" end