Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Test cleanup.

Browse Source
This commit is contained in:
Jack Walker
2020-04-15 11:59:29 +10:00
parent 45034fcfe6
commit ba81a386e1
8 changed files with 239 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.travis.yml
View File

@@ -21,6 +21,6 @@ addons:
- liblzma-dev
- libcurl4-openssl-dev
browserstack:
username: 'greggregory4'
username: 'craigdonaldson1'
access_key:
secure: 'gXYr5fVYXFdbbJYMfoo7hMDDlrd6VA873MI64o/lwbVyvEf2CrRWE5RgHIqdUZ9mI8cVp/u52Sr/BWeqxSKmQFg4kWxRY9OqMSuZPLccnuTk765YZtph36GzxjY+x6264coa426fu24l+s3FPWdETdQe8uzisJyyQXDRomNxZLV48x+RKWyg2d4JNeWKhmD8NSo//8WA+IrHQP91YbDyeSEmHJhLWC2xz9wjWsi1J7ahNr7PMaqpsqUBwyj88xmGQ1mUUzIMCPOy2zs7CNKllvi4can7iAiJPYATanf1VoL1BDBpN1l8QIDyeeXtlAsw3c5OXYg0Xr8Q8Wf5qNkOpbVeL464uCi46bGPhL/QMVIn56bPUP99rZevwxYKdeDs4rDPRciSKaBgZ0bk2jBLrdqTlM6OLT4RVG47EX10SuURbJaQjPma5hOxiOqcuS8ajOHCDqC3zj3Ot1KLlI9vaX2xo+jaOjZ9l6sm3f+IgIYG22N86H/q8c6QeehqOastGTWb5QV1v4/+JtpKCwhU/TAxKa5td9we4Nu5E5RPTlOoA48GeQecToaOvcuofZB0JeNtiREGCfxY1VgFBHk07eEo5RTIbYch896p89K0Ybpi4HqQC8BeIaOyK6W71UM3R7bJR4cu5QnfR6vyZ1i+Q9z5zzwTeWL7Pb/kR7RSRUc='
secure: 'ayO0krAdcapEPxbs9GyUfN2vDV0974vo+gMIRH4xSJ6/QStV38qfVKaHMMuDcmnLCboFaAnsPdklWfuR4fd5NSO26iOyby4ByjVA6tjO1DwVy31+Aw0Vd1KPLSil4n6eujpSpXqQwYnhCfdex3pgJ4csUGwdR0NPQ/b8PjV2KGzENscdGunYh+o2W67msWT+B3UH0lRVmGMYdUNplVBI3c7iviSAsEMJMSW7mjU3FKEAbsQR9OHscUkt883Axlgal3NxKjODgwaBNjfpVTFWOzcKDy0/eOAEmP02Wi+x1k8TU4zxOduzmiJZ18yYOzPlcbpBD3NSnFB0QbhQmPNRJghenF0zS/pRyAWRRt3r2p+VvbqmOlgcnlf3QaBARqCvCLIM/UpAz+pR0ICumFdP/z7ejX3RJCE/vOrLui+yow6A13yVElvpgbVBdt6uhubVlAblTOYdrooJNSqJh0zvprOcneaF0Di+MEx8FE9hp35YNBL8sdPtoWGWxLgKEmOTZysXj5VtPSnxpJcSSkdRGMBeKULtYVkCd0H+O4pfVvU7UGy6QcwtRO1WNa4VcFUi9m+wZ/Pkhoc1ZB7fv/dX99TEGMjRhqgCsR8VwCVoUlAvU5uhtbajmqoIt8gaK4P/rh+l5+HR+w2qmbfPt+3w1pU2Le8+n+ue5AMe+WcsnHk='

46
spec/beef/core/main/autorun_engine/autorun_engine_spec.rb
View File

@@ -3,75 +3,67 @@ RSpec.describe 'AutoRunEngine test' do
before(:all) do
# Note: rake spec passes --patterns which causes BeEF to pickup this argument via optparse. I can't see a better way at the moment to filter this out. Therefore ARGV=[] for this test.
ARGV = []
# Set config
@config = BeEF::Core::Configuration.instance
@config.set('beef.credentials.user', "beef")
@config.set('beef.credentials.passwd', "beef")
#generate api token
# Generate API token
BeEF::Core::Crypto::api_token
# load up DB
# Connect to DB
# Load up and connect to DB
ActiveRecord::Base.logger = nil
OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database:'beef.db')
# Migrate (if required)
context = ActiveRecord::Migration.new.migration_context
if context.needs_migration?
ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate
end
# add AutoRunEngine rule
# Add AutoRunEngine rule
test_rule = {"name"=>"Display an alert", "author"=>"mgeeky", "browser"=>"ALL", "browser_version"=>"ALL", "os"=>"ALL", "os_version"=>"ALL", "modules"=>[{"name"=>"alert_dialog", "condition"=>nil, "options"=>{"text"=>"You've been BeEFed ;>"}}], "execution_order"=>[0], "execution_delay"=>[0], "chain_mode"=>"sequential"}
BeEF::Core::AutorunEngine::RuleLoader.instance.load_directory
# are_engine.R
# Prepare hook server
http_hook_server = BeEF::Core::Server.instance
http_hook_server.prepare
@pids = fork do
BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
end
@pid = fork do
http_hook_server.start
end
# wait for server to start
# Wait for server to start
sleep 1
end
# wait for server to start
after(:all) do
Process.kill("KILL",@pid)
Process.kill("KILL",@pids)
after(:all) do
Process.kill("KILL",@pid)
Process.kill("KILL",@pids)
end
it 'AutoRunEngine is working' do
it 'AutoRunEngine is working', :run_on_browserstack => true do
api = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, BEEF_PASSWD)
response = api.auth()
@token = response[:token]
puts "authenticated. api token: #{@token}"
puts 'hooking a new victim, waiting a few seconds...'
puts "Successfully authenticated. API token: #{@token}"
puts 'Hooking a new victim, waiting a few seconds...'
victim = BeefTest.new_victim
sleep 5.0
sleep 5.0
response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}}
j = JSON.parse(response.body)
expect(j)
response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}}
j = JSON.parse(response.body)
expect(j)
end
end

63
spec/beef/core/main/handlers/browser_details_handler_spec.rb
View File

@@ -3,83 +3,74 @@ RSpec.describe 'Browser details handler' do
before(:all) do
# Note: rake spec passes --patterns which causes BeEF to pickup this argument via optparse. I can't see a better way at the moment to filter this out. Therefore ARGV=[] for this test.
ARGV = []
# Set config
@config = BeEF::Core::Configuration.instance
@config.set('beef.credentials.user', "beef")
@config.set('beef.credentials.passwd', "beef")
#generate api token
# Generate API token
BeEF::Core::Crypto::api_token
# load up DB
# Connect to DB
# Load up and connect to DB
ActiveRecord::Base.logger = nil
OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database:'beef.db')
# Migrate (if required)
context = ActiveRecord::Migration.new.migration_context
if context.needs_migration?
ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate
end
# Prepare hook server
http_hook_server = BeEF::Core::Server.instance
http_hook_server.prepare
@pids = fork do
BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
end
@pid = fork do
http_hook_server.start
end
# wait for server to start
# Wait for server to start
sleep 1
end
# wait for server to start
after(:all) do
Process.kill("KILL",@pid)
Process.kill("KILL",@pids)
after(:all) do
Process.kill("KILL",@pid)
Process.kill("KILL",@pids)
end
it 'browser details handler working' do
it 'browser details handler working', :run_on_browserstack => true do
api = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, BEEF_PASSWD)
response = api.auth()
@token = response[:token]
puts "authenticated. api token: #{@token}"
puts 'hooking a new victim, waiting a few seconds...'
puts "Successfully authenticated. API token: #{@token}"
puts 'Hooking a new victim, waiting a few seconds...'
victim = BeefTest.new_victim
sleep 3.0
sleep 3.0
response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}}
response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}}
j = JSON.parse(response.body)
expect(j)
# response = RestClient.get "#{RESTAPI_HOOKS}/#{j['hooked-browsers']['online']['0']['session']}" , {:params => {:token => @token}}
# puts "getting browser details:"
# details = JSON.parse(response.body)
# # require 'byebug';byebug
# expect(victim.driver.browser.browser.to_s.downcase).to eql (details["browser.name.friendly"].downcase)
j = JSON.parse(response.body)
expect(j)
end
it 'can successfully hook a browser' do
it 'can successfully hook a browser', :run_on_browserstack => true do
@token = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, BEEF_PASSWD).auth()[:token]
victim = BeefTest.new_victim
sleep(3)
response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}}
x = JSON.parse(response.body)
puts x
sleep 3.0
response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}}
x = JSON.parse(response.body)
puts x
expect(x)
end
end

2
spec/beef/extensions/webrtc_spec.rb
View File

@@ -60,6 +60,4 @@ RSpec.describe 'BeEF Extension WebRTC' do
# expect(browsers).to_not be_nil
# expect(browsers.length).to be >= 2
# end
end

8
spec/beef/extensions/websocket_spec.rb
View File

@@ -3,7 +3,6 @@ require 'core/main/network_stack/websocket/websocket'
require 'websocket-client-simple'
RSpec.describe 'BeEF Extension WebSockets' do
before(:all) do
@config = BeEF::Core::Configuration.instance
@cert_key = @config.get('beef.http.https.key')
@@ -18,17 +17,17 @@ RSpec.describe 'BeEF Extension WebSockets' do
@config.set('beef.http.websocket.secure', true)
end
it 'confirms that a websocket server has been started' do
it 'confirms that a websocket server has been started', :run_on_browserstack => true do
expect(@ws).to be_a_kind_of(BeEF::Core::Websocket::Websocket)
end
it 'confirms that a secure websocket server has been started' do
it 'confirms that a secure websocket server has been started', :run_on_browserstack => true do
@config.set('beef.http.websocket.secure', true)
wss = BeEF::Core::Websocket::Websocket.instance
expect(wss).to be_a_kind_of(BeEF::Core::Websocket::Websocket)
end
it 'confirms that a websocket client can connect to the BeEF Websocket Server' do
it 'confirms that a websocket client can connect to the BeEF Websocket Server', :run_on_browserstack => true do
sleep(3)
client = WebSocket::Client::Simple.connect "ws://127.0.0.1:#{@port}"
sleep(1)
@@ -36,5 +35,4 @@ RSpec.describe 'BeEF Extension WebSockets' do
expect(client.open?).to be true
client.close
end
end

164
spec/beef/modules/debug/test_beef_debugs_spec.rb Normal file
View File

@@ -0,0 +1,164 @@
#
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
require 'rest-client'
require 'json'
require_relative '../../../support/constants'
require_relative '../../../support/beef_test'
RSpec.describe 'BeEF Debug Command Modules:' do
before(:all) do
# Grab config and set creds in variables for ease of access
@config = BeEF::Core::Configuration.instance
@username = @config.get('beef.credentials.user')
@password = @config.get('beef.credentials.passwd')
# Load BeEF exetensions and modules
BeEF::Extensions.load
sleep 10
BeEF::Modules.load
# Grab DB file and regenerate if requested
db_file = @config.get('beef.database.file')
if BeEF::Core::Console::CommandLine.parse[:resetdb]
print_info 'Resetting the database for BeEF.'
File.delete(db_file) if File.exists?(db_file)
end
# Load up DB and migrate if necessary
ActiveRecord::Base.logger = nil
OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file)
context = ActiveRecord::Migration.new.migration_context
if context.needs_migration?
ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate
end
sleep 10
BeEF::Core::Migration.instance.update_db!
# Spawn HTTP Server
http_hook_server = BeEF::Core::Server.instance
http_hook_server.prepare
# Generate a token for the server to respond with
BeEF::Core::Crypto::api_token
# Initiate server start-up
@pids = fork do
BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
end
@pid = fork do
http_hook_server.start
end
# Give the server time to start-up
sleep 1
# Authenticate to REST API & pull the token from the response
@response = RestClient.post "#{RESTAPI_ADMIN}/login", { 'username': "#{@username}", 'password': "#{@password}" }.to_json, :content_type => :json
@token = JSON.parse(@response)['token']
# Hook new victim
@victim = BeefTest.new_victim
sleep 5
# Identify Session ID of victim generated above
@hooks = RestClient.get "#{RESTAPI_HOOKS}?token=#{@token}"
@session = JSON.parse(@hooks)['hooked-browsers']['online']['0']['session']
end
after(:all) do
Process.kill("KILL",@pid)
Process.kill("KILL",@pids)
end
it 'The Test_beef.debug() command module successfully executes', :run_on_browserstack => true do
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/27?token=#{@token}",
{ "msg": "test" }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
it 'The Return ASCII Characters command module successfully executes', :run_on_browserstack => true do
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/25?token=#{@token}",
{ }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
it 'The Return Image command module successfully executes', :run_on_browserstack => true do
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/22?token=#{@token}",
{ }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
it 'The Test HTTP Redirect command module successfully executes', :run_on_browserstack => true do
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/24?token=#{@token}",
{ }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
it 'The Test Returning Results/Long String command module successfully executes', :run_on_browserstack => true do
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/29?token=#{@token}",
{ "repeat": 20,
"repeat_string": "beef" }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
it 'The Test Network Request command module successfully executes', :run_on_browserstack => true do
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/29?token=#{@token}",
{ "scheme": "http",
"method": "GET",
"domain": "#{ATTACK_DOMAIN}",
"port": "#{@config.get('beef.http.port')}",
"path": "/hook.js",
"anchor": "anchor",
"data": "query=testquerydata",
"timeout": "10",
"dataType": "script" }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
it 'The Test DNS Tunnel command module successfully executes', :run_on_browserstack => true do
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/26?token=#{@token}",
{ "domain": "example.com",
"data": "Lorem ipsum" }.to_json,
:content_type => :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
it 'The Test CORS Request command module successfully executes', :run_on_browserstack => true do
response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/30?token=#{@token}",
{ "method": "GET",
"url": "example.com",
"data": {
"test": "data"
}}.to_json,
content_type: :json
result_data = JSON.parse(response.body)
expect(result_data['success']).to eq "true"
end
end

2
spec/spec_helper.rb
View File

@@ -58,7 +58,7 @@ RSpec.configure do |config|
end
end
# BrowserStack
config.around(:example) do |example|
config.around(:example, :run_on_browserstack => true) do |example|
@caps = CONFIG['common_caps'].merge(CONFIG['browser_caps'][TASK_ID])
@caps["name"] = ENV['name'] || example.metadata[:name] || example.metadata[:file_path].split('/').last.split('.').first
enable_local = @caps["browserstack.local"] && @caps["browserstack.local"].to_s == "true"

27
spec/support/browserstack.config.yml
View File

@@ -1,14 +1,33 @@
server: "hub-cloud.browserstack.com"
user: "greggregory4"
key: "Vyo52yEzjPkDmqANH6qH"
user: "craigdonaldson1"
key: "qGsnjShFp9PbmT7dvgQC"
common_caps:
"build": "rspec-browserstack"
"browserstack.debug": true
"name": "BStack-[RSpec] Test"
"name": "BStack Test Run"
browser_caps:
# OS Specific Browsers
-
"browser": "safari"
"os": "OS X"
-
"browser": "edge"
"os": "Windows"
-
"browser": "internet explorer"
"os": "Windows"
# Multi-OS Browsers
-
"browser": "chrome"
"os": "OS X"
-
"browser": "firefox"
"browser": "chrome"
"os": "Windows"
-
"browser": "firefox"
"os": "OS X"
-
"browser": "firefox"
"os": "Windows"