diff --git a/.travis.yml b/.travis.yml index 35167e40f..2b2d4aceb 100644 --- a/.travis.yml +++ b/.travis.yml @@ -21,6 +21,6 @@ addons: - liblzma-dev - libcurl4-openssl-dev browserstack: - username: 'greggregory4' + username: 'craigdonaldson1' access_key: - secure: 'gXYr5fVYXFdbbJYMfoo7hMDDlrd6VA873MI64o/lwbVyvEf2CrRWE5RgHIqdUZ9mI8cVp/u52Sr/BWeqxSKmQFg4kWxRY9OqMSuZPLccnuTk765YZtph36GzxjY+x6264coa426fu24l+s3FPWdETdQe8uzisJyyQXDRomNxZLV48x+RKWyg2d4JNeWKhmD8NSo//8WA+IrHQP91YbDyeSEmHJhLWC2xz9wjWsi1J7ahNr7PMaqpsqUBwyj88xmGQ1mUUzIMCPOy2zs7CNKllvi4can7iAiJPYATanf1VoL1BDBpN1l8QIDyeeXtlAsw3c5OXYg0Xr8Q8Wf5qNkOpbVeL464uCi46bGPhL/QMVIn56bPUP99rZevwxYKdeDs4rDPRciSKaBgZ0bk2jBLrdqTlM6OLT4RVG47EX10SuURbJaQjPma5hOxiOqcuS8ajOHCDqC3zj3Ot1KLlI9vaX2xo+jaOjZ9l6sm3f+IgIYG22N86H/q8c6QeehqOastGTWb5QV1v4/+JtpKCwhU/TAxKa5td9we4Nu5E5RPTlOoA48GeQecToaOvcuofZB0JeNtiREGCfxY1VgFBHk07eEo5RTIbYch896p89K0Ybpi4HqQC8BeIaOyK6W71UM3R7bJR4cu5QnfR6vyZ1i+Q9z5zzwTeWL7Pb/kR7RSRUc=' \ No newline at end of file + secure: 'ayO0krAdcapEPxbs9GyUfN2vDV0974vo+gMIRH4xSJ6/QStV38qfVKaHMMuDcmnLCboFaAnsPdklWfuR4fd5NSO26iOyby4ByjVA6tjO1DwVy31+Aw0Vd1KPLSil4n6eujpSpXqQwYnhCfdex3pgJ4csUGwdR0NPQ/b8PjV2KGzENscdGunYh+o2W67msWT+B3UH0lRVmGMYdUNplVBI3c7iviSAsEMJMSW7mjU3FKEAbsQR9OHscUkt883Axlgal3NxKjODgwaBNjfpVTFWOzcKDy0/eOAEmP02Wi+x1k8TU4zxOduzmiJZ18yYOzPlcbpBD3NSnFB0QbhQmPNRJghenF0zS/pRyAWRRt3r2p+VvbqmOlgcnlf3QaBARqCvCLIM/UpAz+pR0ICumFdP/z7ejX3RJCE/vOrLui+yow6A13yVElvpgbVBdt6uhubVlAblTOYdrooJNSqJh0zvprOcneaF0Di+MEx8FE9hp35YNBL8sdPtoWGWxLgKEmOTZysXj5VtPSnxpJcSSkdRGMBeKULtYVkCd0H+O4pfVvU7UGy6QcwtRO1WNa4VcFUi9m+wZ/Pkhoc1ZB7fv/dX99TEGMjRhqgCsR8VwCVoUlAvU5uhtbajmqoIt8gaK4P/rh+l5+HR+w2qmbfPt+3w1pU2Le8+n+ue5AMe+WcsnHk=' \ No newline at end of file diff --git a/spec/beef/core/main/autorun_engine/autorun_engine_spec.rb b/spec/beef/core/main/autorun_engine/autorun_engine_spec.rb index ab4bee67c..e2192d65b 100644 --- a/spec/beef/core/main/autorun_engine/autorun_engine_spec.rb +++ b/spec/beef/core/main/autorun_engine/autorun_engine_spec.rb @@ -3,75 +3,67 @@ RSpec.describe 'AutoRunEngine test' do before(:all) do # Note: rake spec passes --patterns which causes BeEF to pickup this argument via optparse. I can't see a better way at the moment to filter this out. Therefore ARGV=[] for this test. ARGV = [] + + # Set config @config = BeEF::Core::Configuration.instance @config.set('beef.credentials.user', "beef") @config.set('beef.credentials.passwd', "beef") - #generate api token + # Generate API token BeEF::Core::Crypto::api_token - # load up DB - # Connect to DB + # Load up and connect to DB ActiveRecord::Base.logger = nil OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')] OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database:'beef.db') + # Migrate (if required) context = ActiveRecord::Migration.new.migration_context if context.needs_migration? ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate end - - - # add AutoRunEngine rule + # Add AutoRunEngine rule test_rule = {"name"=>"Display an alert", "author"=>"mgeeky", "browser"=>"ALL", "browser_version"=>"ALL", "os"=>"ALL", "os_version"=>"ALL", "modules"=>[{"name"=>"alert_dialog", "condition"=>nil, "options"=>{"text"=>"You've been BeEFed ;>"}}], "execution_order"=>[0], "execution_delay"=>[0], "chain_mode"=>"sequential"} BeEF::Core::AutorunEngine::RuleLoader.instance.load_directory - # are_engine.R - + # Prepare hook server http_hook_server = BeEF::Core::Server.instance http_hook_server.prepare - @pids = fork do BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) end @pid = fork do http_hook_server.start end - # wait for server to start + + # Wait for server to start sleep 1 end - # wait for server to start - after(:all) do - - Process.kill("KILL",@pid) - Process.kill("KILL",@pids) - + after(:all) do + Process.kill("KILL",@pid) + Process.kill("KILL",@pids) end - it 'AutoRunEngine is working' do - + it 'AutoRunEngine is working', :run_on_browserstack => true do api = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, BEEF_PASSWD) - response = api.auth() @token = response[:token] - puts "authenticated. api token: #{@token}" - - puts 'hooking a new victim, waiting a few seconds...' + puts "Successfully authenticated. API token: #{@token}" + puts 'Hooking a new victim, waiting a few seconds...' victim = BeefTest.new_victim - sleep 5.0 + sleep 5.0 - response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}} - - j = JSON.parse(response.body) - expect(j) + response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}} + j = JSON.parse(response.body) + expect(j) end end diff --git a/spec/beef/core/main/handlers/browser_details_handler_spec.rb b/spec/beef/core/main/handlers/browser_details_handler_spec.rb index c3d295700..d87ac501d 100644 --- a/spec/beef/core/main/handlers/browser_details_handler_spec.rb +++ b/spec/beef/core/main/handlers/browser_details_handler_spec.rb @@ -3,83 +3,74 @@ RSpec.describe 'Browser details handler' do before(:all) do # Note: rake spec passes --patterns which causes BeEF to pickup this argument via optparse. I can't see a better way at the moment to filter this out. Therefore ARGV=[] for this test. ARGV = [] + + # Set config @config = BeEF::Core::Configuration.instance @config.set('beef.credentials.user', "beef") @config.set('beef.credentials.passwd', "beef") - #generate api token + # Generate API token BeEF::Core::Crypto::api_token - # load up DB - # Connect to DB + # Load up and connect to DB ActiveRecord::Base.logger = nil OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')] OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database:'beef.db') + # Migrate (if required) context = ActiveRecord::Migration.new.migration_context if context.needs_migration? ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate end - + # Prepare hook server http_hook_server = BeEF::Core::Server.instance http_hook_server.prepare + @pids = fork do BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) end @pid = fork do http_hook_server.start end - # wait for server to start + + # Wait for server to start sleep 1 end - # wait for server to start - after(:all) do - - Process.kill("KILL",@pid) - Process.kill("KILL",@pids) - + after(:all) do + Process.kill("KILL",@pid) + Process.kill("KILL",@pids) end - it 'browser details handler working' do - + it 'browser details handler working', :run_on_browserstack => true do api = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, BEEF_PASSWD) - response = api.auth() @token = response[:token] - puts "authenticated. api token: #{@token}" - - puts 'hooking a new victim, waiting a few seconds...' + puts "Successfully authenticated. API token: #{@token}" + puts 'Hooking a new victim, waiting a few seconds...' victim = BeefTest.new_victim - sleep 3.0 + sleep 3.0 - response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}} + response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}} - j = JSON.parse(response.body) - expect(j) - # response = RestClient.get "#{RESTAPI_HOOKS}/#{j['hooked-browsers']['online']['0']['session']}" , {:params => {:token => @token}} - # puts "getting browser details:" - - # details = JSON.parse(response.body) - - - # # require 'byebug';byebug - # expect(victim.driver.browser.browser.to_s.downcase).to eql (details["browser.name.friendly"].downcase) - - + j = JSON.parse(response.body) + expect(j) end - it 'can successfully hook a browser' do + it 'can successfully hook a browser', :run_on_browserstack => true do @token = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, BEEF_PASSWD).auth()[:token] + victim = BeefTest.new_victim - sleep(3) - response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}} - x = JSON.parse(response.body) - puts x + sleep 3.0 + + response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}} + + x = JSON.parse(response.body) + puts x expect(x) end end diff --git a/spec/beef/extensions/webrtc_spec.rb b/spec/beef/extensions/webrtc_spec.rb index d6e845ebd..987603b70 100644 --- a/spec/beef/extensions/webrtc_spec.rb +++ b/spec/beef/extensions/webrtc_spec.rb @@ -60,6 +60,4 @@ RSpec.describe 'BeEF Extension WebRTC' do # expect(browsers).to_not be_nil # expect(browsers.length).to be >= 2 # end - - end diff --git a/spec/beef/extensions/websocket_spec.rb b/spec/beef/extensions/websocket_spec.rb index 67b09c2a9..40152ef38 100644 --- a/spec/beef/extensions/websocket_spec.rb +++ b/spec/beef/extensions/websocket_spec.rb @@ -3,7 +3,6 @@ require 'core/main/network_stack/websocket/websocket' require 'websocket-client-simple' RSpec.describe 'BeEF Extension WebSockets' do - before(:all) do @config = BeEF::Core::Configuration.instance @cert_key = @config.get('beef.http.https.key') @@ -18,17 +17,17 @@ RSpec.describe 'BeEF Extension WebSockets' do @config.set('beef.http.websocket.secure', true) end - it 'confirms that a websocket server has been started' do + it 'confirms that a websocket server has been started', :run_on_browserstack => true do expect(@ws).to be_a_kind_of(BeEF::Core::Websocket::Websocket) end - it 'confirms that a secure websocket server has been started' do + it 'confirms that a secure websocket server has been started', :run_on_browserstack => true do @config.set('beef.http.websocket.secure', true) wss = BeEF::Core::Websocket::Websocket.instance expect(wss).to be_a_kind_of(BeEF::Core::Websocket::Websocket) end - it 'confirms that a websocket client can connect to the BeEF Websocket Server' do + it 'confirms that a websocket client can connect to the BeEF Websocket Server', :run_on_browserstack => true do sleep(3) client = WebSocket::Client::Simple.connect "ws://127.0.0.1:#{@port}" sleep(1) @@ -36,5 +35,4 @@ RSpec.describe 'BeEF Extension WebSockets' do expect(client.open?).to be true client.close end - end diff --git a/spec/beef/modules/debug/test_beef_debugs_spec.rb b/spec/beef/modules/debug/test_beef_debugs_spec.rb new file mode 100644 index 000000000..68fa13039 --- /dev/null +++ b/spec/beef/modules/debug/test_beef_debugs_spec.rb @@ -0,0 +1,164 @@ +# +# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# + +require 'rest-client' +require 'json' +require_relative '../../../support/constants' +require_relative '../../../support/beef_test' + +RSpec.describe 'BeEF Debug Command Modules:' do + + before(:all) do + # Grab config and set creds in variables for ease of access + @config = BeEF::Core::Configuration.instance + @username = @config.get('beef.credentials.user') + @password = @config.get('beef.credentials.passwd') + + # Load BeEF exetensions and modules + BeEF::Extensions.load + + sleep 10 + + BeEF::Modules.load + + # Grab DB file and regenerate if requested + db_file = @config.get('beef.database.file') + + if BeEF::Core::Console::CommandLine.parse[:resetdb] + print_info 'Resetting the database for BeEF.' + File.delete(db_file) if File.exists?(db_file) + end + + # Load up DB and migrate if necessary + ActiveRecord::Base.logger = nil + OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')] + OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file) + + context = ActiveRecord::Migration.new.migration_context + if context.needs_migration? + ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate + end + + sleep 10 + + BeEF::Core::Migration.instance.update_db! + + # Spawn HTTP Server + http_hook_server = BeEF::Core::Server.instance + http_hook_server.prepare + + # Generate a token for the server to respond with + BeEF::Core::Crypto::api_token + + # Initiate server start-up + @pids = fork do + BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) + end + @pid = fork do + http_hook_server.start + end + + # Give the server time to start-up + sleep 1 + + # Authenticate to REST API & pull the token from the response + @response = RestClient.post "#{RESTAPI_ADMIN}/login", { 'username': "#{@username}", 'password': "#{@password}" }.to_json, :content_type => :json + @token = JSON.parse(@response)['token'] + + # Hook new victim + @victim = BeefTest.new_victim + + sleep 5 + + # Identify Session ID of victim generated above + @hooks = RestClient.get "#{RESTAPI_HOOKS}?token=#{@token}" + @session = JSON.parse(@hooks)['hooked-browsers']['online']['0']['session'] + end + + after(:all) do + Process.kill("KILL",@pid) + Process.kill("KILL",@pids) + end + + it 'The Test_beef.debug() command module successfully executes', :run_on_browserstack => true do + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/27?token=#{@token}", + { "msg": "test" }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + it 'The Return ASCII Characters command module successfully executes', :run_on_browserstack => true do + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/25?token=#{@token}", + { }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + it 'The Return Image command module successfully executes', :run_on_browserstack => true do + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/22?token=#{@token}", + { }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + + it 'The Test HTTP Redirect command module successfully executes', :run_on_browserstack => true do + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/24?token=#{@token}", + { }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + it 'The Test Returning Results/Long String command module successfully executes', :run_on_browserstack => true do + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/29?token=#{@token}", + { "repeat": 20, + "repeat_string": "beef" }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + it 'The Test Network Request command module successfully executes', :run_on_browserstack => true do + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/29?token=#{@token}", + { "scheme": "http", + "method": "GET", + "domain": "#{ATTACK_DOMAIN}", + "port": "#{@config.get('beef.http.port')}", + "path": "/hook.js", + "anchor": "anchor", + "data": "query=testquerydata", + "timeout": "10", + "dataType": "script" }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + it 'The Test DNS Tunnel command module successfully executes', :run_on_browserstack => true do + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/26?token=#{@token}", + { "domain": "example.com", + "data": "Lorem ipsum" }.to_json, + :content_type => :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end + + it 'The Test CORS Request command module successfully executes', :run_on_browserstack => true do + response = RestClient.post "#{RESTAPI_MODULES}/#{@session}/30?token=#{@token}", + { "method": "GET", + "url": "example.com", + "data": { + "test": "data" + }}.to_json, + content_type: :json + result_data = JSON.parse(response.body) + expect(result_data['success']).to eq "true" + end +end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index ad5683bc0..aa787865f 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -58,7 +58,7 @@ RSpec.configure do |config| end end # BrowserStack - config.around(:example) do |example| + config.around(:example, :run_on_browserstack => true) do |example| @caps = CONFIG['common_caps'].merge(CONFIG['browser_caps'][TASK_ID]) @caps["name"] = ENV['name'] || example.metadata[:name] || example.metadata[:file_path].split('/').last.split('.').first enable_local = @caps["browserstack.local"] && @caps["browserstack.local"].to_s == "true" diff --git a/spec/support/browserstack.config.yml b/spec/support/browserstack.config.yml index 80eaf1bbe..733243053 100644 --- a/spec/support/browserstack.config.yml +++ b/spec/support/browserstack.config.yml @@ -1,14 +1,33 @@ server: "hub-cloud.browserstack.com" -user: "greggregory4" -key: "Vyo52yEzjPkDmqANH6qH" +user: "craigdonaldson1" +key: "qGsnjShFp9PbmT7dvgQC" common_caps: "build": "rspec-browserstack" "browserstack.debug": true - "name": "BStack-[RSpec] Test" + "name": "BStack Test Run" browser_caps: + # OS Specific Browsers + - + "browser": "safari" + "os": "OS X" + - + "browser": "edge" + "os": "Windows" + - + "browser": "internet explorer" + "os": "Windows" + # Multi-OS Browsers - "browser": "chrome" + "os": "OS X" - - "browser": "firefox" \ No newline at end of file + "browser": "chrome" + "os": "Windows" + - + "browser": "firefox" + "os": "OS X" + - + "browser": "firefox" + "os": "Windows" \ No newline at end of file