diff --git a/modules/debug/test_get_variable/config.yaml b/modules/debug/test_get_variable/config.yaml index efb400759..f26bc835c 100644 --- a/modules/debug/test_get_variable/config.yaml +++ b/modules/debug/test_get_variable/config.yaml @@ -6,7 +6,7 @@ beef: module: test_get_variable: - enable: false + enable: true category: "Debug" name: "Test JS variable passing" description: "Test for JS variable passing from another BeEF's script via Window object" diff --git a/spec/beef/api/auth_rate_spec.rb b/spec/beef/api/auth_rate_spec.rb index 5c01118a9..c9d3fe9ac 100644 --- a/spec/beef/api/auth_rate_spec.rb +++ b/spec/beef/api/auth_rate_spec.rb @@ -7,31 +7,87 @@ RSpec.describe 'BeEF API Rate Limit' do before(:all) do - # Note: rake spec passes --patterns which causes BeEF to pickup this argument via optparse. I can't see a better way at the moment to filter this out. Therefore ARGV=[] for this test. - ARGV = [] @config = BeEF::Core::Configuration.instance @config.set('beef.credentials.user', "beef") @config.set('beef.credentials.passwd', "beef") + @username = @config.get('beef.credentials.user') + @password = @config.get('beef.credentials.passwd') + + # Load BeEF extensions and modules + # Always load Extensions, as previous changes to the config from other tests may affect + # whether or not this test passes. + BeEF::Extensions.load + sleep 2 + + # Check if modules already loaded. No need to reload. + if @config.get('beef.module').nil? + print_info "Loading in BeEF::Modules" + BeEF::Modules.load + + sleep 2 + else + print_info "Modules already loaded" + end + + # Grab DB file and regenerate if requested + print_info "Loading database" + db_file = @config.get('beef.database.file') + + if BeEF::Core::Console::CommandLine.parse[:resetdb] + print_info 'Resetting the database for BeEF.' + File.delete(db_file) if File.exists?(db_file) + end + + # Load up DB and migrate if necessary + ActiveRecord::Base.logger = nil + OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')] + OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file) + + context = ActiveRecord::Migration.new.migration_context + if context.needs_migration? + ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate + end + + sleep 2 + + BeEF::Core::Migration.instance.update_db! + + # add AutoRunEngine rule + test_rule = {"name"=>"Display an alert", "author"=>"mgeeky", "browser"=>"ALL", "browser_version"=>"ALL", "os"=>"ALL", "os_version"=>"ALL", "modules"=>[{"name"=>"alert_dialog", "condition"=>nil, "options"=>{"text"=>"You've been BeEFed ;>"}}], "execution_order"=>[0], "execution_delay"=>[0], "chain_mode"=>"sequential"} + + BeEF::Core::AutorunEngine::RuleLoader.instance.load_directory + # are_engine.R + + # Spawn HTTP Server + print_info "Starting HTTP Hook Server" http_hook_server = BeEF::Core::Server.instance http_hook_server.prepare + + # Generate a token for the server to respond with + BeEF::Core::Crypto::api_token + + # Initiate server start-up @pids = fork do BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) end @pid = fork do http_hook_server.start end - # wait for server to start - sleep 1 - end - # wait for server to start - - after(:all) do - - Process.kill("KILL",@pid) - Process.kill("KILL",@pids) - - end + # Give the server time to start-up + sleep 1 + + # Authenticate to REST API & pull the token from the response + @response = RestClient.post "#{RESTAPI_ADMIN}/login", { 'username': "#{@username}", 'password': "#{@password}" }.to_json, :content_type => :json + @token = JSON.parse(@response)['token'] + end + + after(:all) do + print_info "Shutting down server" + Process.kill("KILL",@pid) + Process.kill("KILL",@pids) + end + it 'adheres to auth rate limits' do passwds = (1..9).map { |i| "broken_pass"} passwds.push BEEF_PASSWD diff --git a/spec/beef/core/main/autorun_engine/autorun_engine_spec.rb b/spec/beef/core/main/autorun_engine/autorun_engine_spec.rb index ab4bee67c..e908d24f9 100644 --- a/spec/beef/core/main/autorun_engine/autorun_engine_spec.rb +++ b/spec/beef/core/main/autorun_engine/autorun_engine_spec.rb @@ -1,27 +1,61 @@ +# +# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# + +require 'rest-client' +require 'json' +require_relative '../../../../support/constants' +require_relative '../../../../support/beef_test' + RSpec.describe 'AutoRunEngine test' do before(:all) do - # Note: rake spec passes --patterns which causes BeEF to pickup this argument via optparse. I can't see a better way at the moment to filter this out. Therefore ARGV=[] for this test. - ARGV = [] @config = BeEF::Core::Configuration.instance @config.set('beef.credentials.user', "beef") @config.set('beef.credentials.passwd', "beef") + @username = @config.get('beef.credentials.user') + @password = @config.get('beef.credentials.passwd') - #generate api token - BeEF::Core::Crypto::api_token + # Load BeEF extensions and modules + # Always load Extensions, as previous changes to the config from other tests may affect + # whether or not this test passes. + BeEF::Extensions.load + sleep 2 - # load up DB - # Connect to DB + # Check if modules already loaded. No need to reload. + if @config.get('beef.module').nil? + print_info "Loading in BeEF::Modules" + BeEF::Modules.load + + sleep 2 + else + print_info "Modules already loaded" + end + + # Grab DB file and regenerate if requested + print_info "Loading database" + db_file = @config.get('beef.database.file') + + if BeEF::Core::Console::CommandLine.parse[:resetdb] + print_info 'Resetting the database for BeEF.' + File.delete(db_file) if File.exists?(db_file) + end + + # Load up DB and migrate if necessary ActiveRecord::Base.logger = nil OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')] - OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database:'beef.db') - # Migrate (if required) + OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file) + context = ActiveRecord::Migration.new.migration_context if context.needs_migration? ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate end + sleep 2 + BeEF::Core::Migration.instance.update_db! # add AutoRunEngine rule test_rule = {"name"=>"Display an alert", "author"=>"mgeeky", "browser"=>"ALL", "browser_version"=>"ALL", "os"=>"ALL", "os_version"=>"ALL", "modules"=>[{"name"=>"alert_dialog", "condition"=>nil, "options"=>{"text"=>"You've been BeEFed ;>"}}], "execution_order"=>[0], "execution_delay"=>[0], "chain_mode"=>"sequential"} @@ -29,49 +63,46 @@ RSpec.describe 'AutoRunEngine test' do BeEF::Core::AutorunEngine::RuleLoader.instance.load_directory # are_engine.R - + # Spawn HTTP Server + print_info "Starting HTTP Hook Server" http_hook_server = BeEF::Core::Server.instance http_hook_server.prepare + # Generate a token for the server to respond with + BeEF::Core::Crypto::api_token + # Initiate server start-up @pids = fork do BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) end @pid = fork do http_hook_server.start end - # wait for server to start + + # Give the server time to start-up sleep 1 + + # Authenticate to REST API & pull the token from the response + @response = RestClient.post "#{RESTAPI_ADMIN}/login", { 'username': "#{@username}", 'password': "#{@password}" }.to_json, :content_type => :json + @token = JSON.parse(@response)['token'] end - # wait for server to start - after(:all) do - - Process.kill("KILL",@pid) - Process.kill("KILL",@pids) - + after(:all) do + print_info "Shutting down server" + Process.kill("KILL",@pid) + Process.kill("KILL",@pids) end it 'AutoRunEngine is working' do - - api = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, BEEF_PASSWD) - - response = api.auth() - - @token = response[:token] - - puts "authenticated. api token: #{@token}" - - puts 'hooking a new victim, waiting a few seconds...' - + print_info 'Hooking a new victim, waiting a few seconds...' victim = BeefTest.new_victim - sleep 5.0 - response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}} + sleep 3 - j = JSON.parse(response.body) - expect(j) + response = RestClient.get "#{RESTAPI_HOOKS}?token=#{@token}" + result_data = JSON.parse(response) + expect(result_data['hooked-browsers']['online']).not_to be_empty end end diff --git a/spec/beef/core/main/handlers/browser_details_handler_spec.rb b/spec/beef/core/main/handlers/browser_details_handler_spec.rb index c3d295700..f545f3c36 100644 --- a/spec/beef/core/main/handlers/browser_details_handler_spec.rb +++ b/spec/beef/core/main/handlers/browser_details_handler_spec.rb @@ -1,85 +1,119 @@ -RSpec.describe 'Browser details handler' do +# +# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +require 'rest-client' +require 'json' +require_relative '../../../../support/constants' +require_relative '../../../../support/beef_test' + +RSpec.describe 'Browser details handler' do before(:all) do - # Note: rake spec passes --patterns which causes BeEF to pickup this argument via optparse. I can't see a better way at the moment to filter this out. Therefore ARGV=[] for this test. - ARGV = [] @config = BeEF::Core::Configuration.instance @config.set('beef.credentials.user', "beef") @config.set('beef.credentials.passwd', "beef") + @username = @config.get('beef.credentials.user') + @password = @config.get('beef.credentials.passwd') - #generate api token - BeEF::Core::Crypto::api_token + # Load BeEF extensions and modules + # Always load Extensions, as previous changes to the config from other tests may affect + # whether or not this test passes. + BeEF::Extensions.load + sleep 2 - # load up DB - # Connect to DB + # Check if modules already loaded. No need to reload. + if @config.get('beef.module').nil? + print_info "Loading in BeEF::Modules" + BeEF::Modules.load + + sleep 2 + else + print_info "Modules already loaded" + end + + # Grab DB file and regenerate if requested + print_info "Loading database" + db_file = @config.get('beef.database.file') + + if BeEF::Core::Console::CommandLine.parse[:resetdb] + print_info 'Resetting the database for BeEF.' + File.delete(db_file) if File.exists?(db_file) + end + + # Load up DB and migrate if necessary ActiveRecord::Base.logger = nil OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')] - OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database:'beef.db') - # Migrate (if required) + OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file) + context = ActiveRecord::Migration.new.migration_context if context.needs_migration? ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate end + sleep 2 + BeEF::Core::Migration.instance.update_db! + + # add AutoRunEngine rule + test_rule = {"name"=>"Display an alert", "author"=>"mgeeky", "browser"=>"ALL", "browser_version"=>"ALL", "os"=>"ALL", "os_version"=>"ALL", "modules"=>[{"name"=>"alert_dialog", "condition"=>nil, "options"=>{"text"=>"You've been BeEFed ;>"}}], "execution_order"=>[0], "execution_delay"=>[0], "chain_mode"=>"sequential"} + + BeEF::Core::AutorunEngine::RuleLoader.instance.load_directory + # are_engine.R + + # Spawn HTTP Server + print_info "Starting HTTP Hook Server" http_hook_server = BeEF::Core::Server.instance http_hook_server.prepare + + # Generate a token for the server to respond with + BeEF::Core::Crypto::api_token + + # Initiate server start-up @pids = fork do BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) end @pid = fork do http_hook_server.start end - # wait for server to start + + # Give the server time to start-up sleep 1 + + # Authenticate to REST API & pull the token from the response + @response = RestClient.post "#{RESTAPI_ADMIN}/login", { 'username': "#{@username}", 'password': "#{@password}" }.to_json, :content_type => :json + @token = JSON.parse(@response)['token'] + + # Hook new victim + print_info 'Hooking a new victim, waiting a few seconds...' + @victim = BeefTest.new_victim + + sleep 3 + + # Identify Session ID of victim generated above + @hooks = JSON.parse(RestClient.get "#{RESTAPI_HOOKS}?token=#{@token}") end - # wait for server to start - after(:all) do - - Process.kill("KILL",@pid) - Process.kill("KILL",@pids) - - end + after(:all) do + print_info "Shutting down server" + Process.kill("KILL",@pid) + Process.kill("KILL",@pids) + end + + it 'can successfully hook a browser' do + expect(@hooks['hooked-browsers']['online']).not_to be_empty + end it 'browser details handler working' do - - api = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, BEEF_PASSWD) - - response = api.auth() - - @token = response[:token] - - puts "authenticated. api token: #{@token}" - - puts 'hooking a new victim, waiting a few seconds...' - - victim = BeefTest.new_victim - sleep 3.0 - - response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}} - - j = JSON.parse(response.body) - expect(j) - # response = RestClient.get "#{RESTAPI_HOOKS}/#{j['hooked-browsers']['online']['0']['session']}" , {:params => {:token => @token}} - # puts "getting browser details:" - - # details = JSON.parse(response.body) - - - # # require 'byebug';byebug - # expect(victim.driver.browser.browser.to_s.downcase).to eql (details["browser.name.friendly"].downcase) - - + session_id = @hooks['hooked-browsers']['online']['0']['session'] + + print_info "Getting browser details" + response = RestClient.get "#{RESTAPI_HOOKS}/#{session_id}?token=#{@token}" + details = JSON.parse(response.body) + + expect(@victim.driver.browser.browser.to_s.downcase).to eql (details['browser.name.friendly'].downcase) end - it 'can successfully hook a browser' do - @token = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, BEEF_PASSWD).auth()[:token] - victim = BeefTest.new_victim - sleep(3) - response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}} - x = JSON.parse(response.body) - puts x - expect(x) - end + end diff --git a/spec/beef/modules/debug/test_beef_debugs_spec.rb b/spec/beef/modules/debug/test_beef_debugs_spec.rb new file mode 100644 index 000000000..f3b7569b4 --- /dev/null +++ b/spec/beef/modules/debug/test_beef_debugs_spec.rb @@ -0,0 +1,193 @@ +# +# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# + +require 'rest-client' +require 'json' +require_relative '../../../support/constants' +require_relative '../../../support/beef_test' + +RSpec.describe 'BeEF Debug Command Modules:' do + + before(:all) do + # Grab config and set creds in variables for ease of access + @config = BeEF::Core::Configuration.instance + @username = @config.get('beef.credentials.user') + @password = @config.get('beef.credentials.passwd') + + # Load BeEF extensions and modules + # Always load Extensions, as previous changes to the config from other tests may affect + # whether or not this test passes. + BeEF::Extensions.load + sleep 2 + + # Check if modules already loaded. No need to reload. + if @config.get('beef.module').nil? + print_info "Loading in BeEF::Modules" + BeEF::Modules.load + + sleep 2 + else + print_info "Modules already loaded" + end + + # Grab DB file and regenerate if requested + print_info "Loading database" + db_file = @config.get('beef.database.file') + + if BeEF::Core::Console::CommandLine.parse[:resetdb] + print_info 'Resetting the database for BeEF.' + File.delete(db_file) if File.exists?(db_file) + end + + # Load up DB and migrate if necessary + ActiveRecord::Base.logger = nil + OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')] + OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file) + + context = ActiveRecord::Migration.new.migration_context + if context.needs_migration? + ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate + end + + sleep 2 + + BeEF::Core::Migration.instance.update_db! + + # Spawn HTTP Server + print_info "Starting HTTP Hook Server" + http_hook_server = BeEF::Core::Server.instance + http_hook_server.prepare + + # Generate a token for the server to respond with + BeEF::Core::Crypto::api_token + + # Initiate server start-up + @pids = fork do + BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) + end + @pid = fork do + http_hook_server.start + end + + # Give the server time to start-up + sleep 1 + + # Authenticate to REST API & pull the token from the response + @response = RestClient.post "#{RESTAPI_ADMIN}/login", { 'username': "#{@username}", 'password': "#{@password}" }.to_json, :content_type => :json + @token = JSON.parse(@response)['token'] + + # Hook new victim + print_info 'Hooking a new victim, waiting a few seconds...' + @victim = BeefTest.new_victim + + sleep 3 + + # Identify Session ID of victim generated above + @hooks = RestClient.get "#{RESTAPI_HOOKS}?token=#{@token}" + @session = JSON.parse(@hooks)['hooked-browsers']['online']['0']['session'] + + # Grab Command Module IDs as they can differ from machine to machine + @debug_mod_ids = JSON.parse(RestClient.get "#{RESTAPI_MODULES}?token=#{@token}") + @debug_mod_names_ids = {} + @debug_mods = @debug_mod_ids.to_a.select { |cmd_mod| cmd_mod[1]['category'] == 'Debug' } + .map do |debug_mod| + @debug_mod_names_ids[debug_mod[1]['class']] = debug_mod[0] + end + end + + after(:all) do + print_info "Shutting down server" + Process.kill("KILL",@pid) + Process.kill("KILL",@pids) + end + + it 'The Test_beef.debug() command module successfully executes' do + cmd_mod_id = @debug_mod_names_ids['Test_beef_debug'] + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}", + { "msg": "test" }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + it 'The Return ASCII Characters command module successfully executes' do + cmd_mod_id = @debug_mod_names_ids['Test_return_ascii_chars'] + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}", + { }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + it 'The Return Image command module successfully executes' do + cmd_mod_id = @debug_mod_names_ids['Test_return_image'] + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}", + { }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + + it 'The Test HTTP Redirect command module successfully executes' do + cmd_mod_id = @debug_mod_names_ids['Test_http_redirect'] + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}", + { }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + it 'The Test Returning Results/Long String command module successfully executes' do + cmd_mod_id = @debug_mod_names_ids['Test_return_long_string'] + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}", + { "repeat": 20, + "repeat_string": "beef" }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + it 'The Test Network Request command module successfully executes' do + cmd_mod_id = @debug_mod_names_ids['Test_network_request'] + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}", + { "scheme": "http", + "method": "GET", + "domain": "#{ATTACK_DOMAIN}", + "port": "#{@config.get('beef.http.port')}", + "path": "/hook.js", + "anchor": "anchor", + "data": "query=testquerydata", + "timeout": "10", + "dataType": "script" }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + it 'The Test DNS Tunnel command module successfully executes' do + cmd_mod_id = @debug_mod_names_ids['Test_dns_tunnel_client'] + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}", + { "domain": "example.com", + "data": "Lorem ipsum" }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + it 'The Test CORS Request command module successfully executes' do + cmd_mod_id = @debug_mod_names_ids['Test_cors_request'] + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/#{cmd_mod_id}?token=#{@token}", + { "method": "GET", + "url": "example.com", + "data": { + "test": "data" + }}.to_json, + content_type: :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end +end \ No newline at end of file