From 98807ae9a3e9d4b82c507505cef3f3a619d871b4 Mon Sep 17 00:00:00 2001
From: antisnatchor <antisnatchor@gmail.com>
Date: Sun, 15 Apr 2012 13:22:35 +0100
Subject: [PATCH] Added RESTful API tests for /api/auth, /api/hooks,
 /api/modules. Added Test_return_long_string Debug module test using the API
 :D

---
 test/common/test_constants.rb        | 11 ++++
 test/integration/tc_debug_modules.rb | 93 ++++++++++++++++++++++++++++
 test/integration/ts_integration.rb   |  2 +
 3 files changed, 106 insertions(+)
 create mode 100644 test/integration/tc_debug_modules.rb

diff --git a/test/common/test_constants.rb b/test/common/test_constants.rb
index b7390f0ae..322010219 100644
--- a/test/common/test_constants.rb
+++ b/test/common/test_constants.rb
@@ -1,6 +1,17 @@
 BEEF_TEST_DIR = "/tmp/beef-test/"
 
+# General constants
 ATTACK_DOMAIN = "attacker.beefproject.com"
 VICTIM_DOMAIN = "attacker.beefproject.com"
 ATTACK_URL = "http://" + ATTACK_DOMAIN + ":3000/ui/panel"
 VICTIM_URL = "http://" + VICTIM_DOMAIN + ":3000/demos/basic.html"
+
+# Credentials
+BEEF_USER = "beef"
+BEEF_PASSWD = "beef"
+
+# RESTful API root endpoints
+RESTAPI_HOOKS = "http://" + ATTACK_DOMAIN + ":3000/api/hooks"
+RESTAPI_LOGS = "http://" + ATTACK_DOMAIN + ":3000/api/logs"
+RESTAPI_MODULES = "http://" + ATTACK_DOMAIN + ":3000/api/modules"
+RESTAPI_ADMIN = "http://" + ATTACK_DOMAIN + ":3000/api/admin"
diff --git a/test/integration/tc_debug_modules.rb b/test/integration/tc_debug_modules.rb
new file mode 100644
index 000000000..6945d7a7f
--- /dev/null
+++ b/test/integration/tc_debug_modules.rb
@@ -0,0 +1,93 @@
+require 'test/unit'
+require 'rest_client'
+require 'json'
+require '../common/test_constants'
+require '../common/beef_test'
+
+class TC_DebugModules < Test::Unit::TestCase
+
+  @@token = nil
+  @@hb_session = nil
+
+  @@mod_debug_long_string = nil
+  @@mod_debug_ascii_chars = nil
+  @@mod_debug_test_network = nil
+
+  # Test RESTful API authentication with default credentials, returns the API token to be used later.
+  def test_restful_auth
+    response = RestClient.post "#{RESTAPI_ADMIN}/login",
+                               { 'username' => "#{BEEF_USER}",
+                                 'password' => "#{BEEF_PASSWD}"}.to_json,
+                               :content_type => :json,
+                               :accept => :json
+    assert_equal 200, response.code
+    assert_not_nil response.body
+    result = JSON.parse(response.body)
+    success = result['success']
+    @@token = result['token']
+    assert(success)
+  end
+
+  # Test RESTful API hooks handler hooking a victim browser, and then retrieving his BeEF session
+  def test_restful_hooks
+    BeefTest.new_victim
+    sleep 2.0
+    response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @@token}}
+    assert_equal 200, response.code
+    assert_not_nil response.body
+    result = JSON.parse(response.body)
+    @@hb_session = result["hooked-browsers"]["online"]["0"]["session"]
+    assert_not_nil @@hb_session
+  end
+
+  # Test RESTful API modules handler, retrieving the IDs of the 3 debug modules currently in the framework
+  def test_restful_modules
+    response = RestClient.get "#{RESTAPI_MODULES}", {:params => {:token => @@token}}
+    assert_equal 200, response.code
+    assert_not_nil response.body
+    result = JSON.parse(response.body)
+    result.each do |mod|
+     case mod[1]["class"]
+       when "Test_return_long_string"
+         @@mod_debug_long_string = mod[1]["id"]
+       when "Test_return_ascii_chars"
+         @@mod_debug_ascii_chars = mod[1]["id"]
+       when "Test_network_request"
+         @@mod_debug_test_network = mod[1]["id"]
+     end
+    end
+    assert_not_nil @@mod_debug_long_string
+    assert_not_nil @@mod_debug_ascii_chars
+    assert_not_nil @@mod_debug_test_network
+  end
+
+  # Test debug module "Test_return_long_string" using the RESTful API
+  def test_return_long_string
+    repeat_string = "BeEF"
+    repeat_count = 20
+
+    BeefTest.new_victim
+    sleep 2.0
+    response = RestClient.post "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_long_string}?token=#{@@token}",
+                               { 'repeat_string' => repeat_string,
+                                 'repeat'        => repeat_count}.to_json,
+                               :content_type => :json,
+                               :accept => :json
+    assert_equal 200, response.code
+    assert_not_nil response.body
+    result = JSON.parse(response.body)
+    success = result['success']
+    assert success
+
+    cmd_id = result['command_id']
+    sleep 3.0
+    response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_long_string}/#{cmd_id}", {:params => {:token => @@token}}
+    assert_equal 200, response.code
+    assert_not_nil response.body
+    result = JSON.parse(response.body)
+    data = JSON.parse(result["data"])
+    assert_not_nil data
+    assert data["data"] == (repeat_string * repeat_count)
+  end
+
+end
\ No newline at end of file
diff --git a/test/integration/ts_integration.rb b/test/integration/ts_integration.rb
index 917de1324..b5f4d5a28 100644
--- a/test/integration/ts_integration.rb
+++ b/test/integration/ts_integration.rb
@@ -23,6 +23,7 @@ Capybara.run_server = false # we need to run our own BeEF server
 require 'selenium/webdriver'
 
 require './check_environment' # Basic log in and log out tests
+require './tc_debug_modules' # RESTful API tests (as well as debug modules)
 require './tc_login' # Basic log in and log out tests
 
 class TS_BeefIntegrationTests
@@ -30,6 +31,7 @@ class TS_BeefIntegrationTests
 
     suite = Test::Unit::TestSuite.new(name="BeEF Integration Test Suite")
     suite << TC_CheckEnvironment.suite
+    suite << TC_DebugModules.suite
     suite << TC_login.suite
 
     return suite