From e43b79fa5b0ebbc0fa54887df85b5eeb9c74231e Mon Sep 17 00:00:00 2001 From: Josh Date: Sun, 19 Apr 2020 22:24:49 -0700 Subject: [PATCH 1/3] made a new websocket test for the browser --- .../websocket_hooked_browser_spec.rb | 106 ++++++++++++++++++ 1 file changed, 106 insertions(+) create mode 100644 spec/beef/extensions/websocket_hooked_browser_spec.rb diff --git a/spec/beef/extensions/websocket_hooked_browser_spec.rb b/spec/beef/extensions/websocket_hooked_browser_spec.rb new file mode 100644 index 000000000..15f7bd6c2 --- /dev/null +++ b/spec/beef/extensions/websocket_hooked_browser_spec.rb @@ -0,0 +1,106 @@ +# encoding: UTF-8 +require 'rest-client' +require 'core/main/network_stack/websocket/websocket' +require 'websocket-client-simple' + +RSpec.describe 'BeEF Extension WebSockets' do + + before(:all) do + @config = BeEF::Core::Configuration.instance + @cert_key = @config.get('beef.http.https.key') + @cert = @config.get('beef.http.https.cert') + @port = @config.get('beef.http.websocket.port') + @secure_port = @config.get('beef.http.websocket.secure_port') + @config.set('beef.http.websocket.secure', true) + @config.set('beef.http.websocket.enable', true) + end + + it 'can hook a browser with websockets' do + # start beef server + @config = BeEF::Core::Configuration.instance + #set config parameters + @config.set('beef.credentials.user', "beef") + @config.set('beef.credentials.passwd', "beef") + @username = @config.get('beef.credentials.user') + @password = @config.get('beef.credentials.passwd') + #load extensions, best practice is to reload as previous tests can potentially cause issues. + BeEF::Extensions.load + sleep 2 + if @config.get('beef.module').nil? + puts "loading modules" + BeEF::Modules.load + sleep 2 + end + #generate token for the api to use + BeEF::Core::Crypto::api_token + + # load up DB + # Connect to DB + ActiveRecord::Base.logger = nil + OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')] + OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database:'beef.db') + + # Migrate (if required) + context = ActiveRecord::Migration.new.migration_context + if context.needs_migration? + puts "migrating db" + ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate + end + + #start the hook server instance, for it out to track the pids for graceful closure + http_hook_server = BeEF::Core::Server.instance + http_hook_server.prepare + @pids = fork do + BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) + end + @pid = fork do + http_hook_server.start + end + # wait for server to start + sleep 1 + + #prepare for the HTTP model + https = BeEF::Core::Models::Http + + ### hook a new victim, use rest API to send request and get the token and victim + + api = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, BEEF_PASSWD) + response = api.auth() + @token = response[:token] + puts 'hooking a new victim, waiting a few seconds...' + victim = BeefTest.new_victim + sleep 2 + #Uses the response and hooked browser details to get the response + response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}} + #test for the response if errors and weirdness there + # puts "#{response} from the rest client " + hb_details = JSON.parse(response.body) + while hb_details["hooked-browsers"]["online"].empty? + # get victim session + response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @token}} + hb_details = JSON.parse(response.body) + puts "json: #{hb_details}" + puts "can hook a browser" + puts "online hooked browsers empty: #{hb_details["hooked-browsers"]["online"].empty?}" + end + #get the hooked browser details + hb_session = hb_details["hooked-browsers"]["online"]["0"]["session"] + #show the address of what is being hooked + #puts "hooked browser: #{hb_session}" + expect(hb_session).not_to be_nil + #I am cleaning up here for now, potentially move to after all if someoen wants + # cleanup: delete test browser entries and session + # kill the server + #if @pid.nil? + # break + #else + Process.kill("KILL", @pid) + #if @pids.nil? + # break + #else + Process.kill("KILL", @pids) + puts "waiting for server to die.." + sleep 1 + https.where(:hooked_browser_id => hb_session).delete_all + end +end From 549df7480ab94e952cdd25f86ea3631cf59ee0f5 Mon Sep 17 00:00:00 2001 From: Josh Date: Sun, 19 Apr 2020 23:30:20 -0700 Subject: [PATCH 2/3] updated due to feedback from reviewer --- .../websocket_hooked_browser_spec.rb | 107 ++++++++---------- 1 file changed, 50 insertions(+), 57 deletions(-) diff --git a/spec/beef/extensions/websocket_hooked_browser_spec.rb b/spec/beef/extensions/websocket_hooked_browser_spec.rb index 15f7bd6c2..1ee3d60fd 100644 --- a/spec/beef/extensions/websocket_hooked_browser_spec.rb +++ b/spec/beef/extensions/websocket_hooked_browser_spec.rb @@ -13,52 +13,47 @@ RSpec.describe 'BeEF Extension WebSockets' do @secure_port = @config.get('beef.http.websocket.secure_port') @config.set('beef.http.websocket.secure', true) @config.set('beef.http.websocket.enable', true) + #set config parameters + @config.set('beef.credentials.user', "beef") + @config.set('beef.credentials.passwd', "beef") + @username = @config.get('beef.credentials.user') + @password = @config.get('beef.credentials.passwd') + #load extensions, best practice is to reload as previous tests can potentially cause issues. + BeEF::Extensions.load + sleep 2 + if @config.get('beef.module').nil? + puts "loading modules" + BeEF::Modules.load + sleep 2 + end + #generate token for the api to use + BeEF::Core::Crypto::api_token + # load up DB + # Connect to DB + ActiveRecord::Base.logger = nil + OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')] + OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database:'beef.db') + + # Migrate (if required) + context = ActiveRecord::Migration.new.migration_context + if context.needs_migration? + puts "migrating db" + ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate + end + #start the hook server instance, for it out to track the pids for graceful closure + http_hook_server = BeEF::Core::Server.instance + http_hook_server.prepare + @pids = fork do + BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) + end + @pid = fork do + http_hook_server.start + end + # wait for server to start + sleep 1 end it 'can hook a browser with websockets' do - # start beef server - @config = BeEF::Core::Configuration.instance - #set config parameters - @config.set('beef.credentials.user', "beef") - @config.set('beef.credentials.passwd', "beef") - @username = @config.get('beef.credentials.user') - @password = @config.get('beef.credentials.passwd') - #load extensions, best practice is to reload as previous tests can potentially cause issues. - BeEF::Extensions.load - sleep 2 - if @config.get('beef.module').nil? - puts "loading modules" - BeEF::Modules.load - sleep 2 - end - #generate token for the api to use - BeEF::Core::Crypto::api_token - - # load up DB - # Connect to DB - ActiveRecord::Base.logger = nil - OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')] - OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database:'beef.db') - - # Migrate (if required) - context = ActiveRecord::Migration.new.migration_context - if context.needs_migration? - puts "migrating db" - ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration).migrate - end - - #start the hook server instance, for it out to track the pids for graceful closure - http_hook_server = BeEF::Core::Server.instance - http_hook_server.prepare - @pids = fork do - BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) - end - @pid = fork do - http_hook_server.start - end - # wait for server to start - sleep 1 - #prepare for the HTTP model https = BeEF::Core::Models::Http @@ -87,20 +82,18 @@ RSpec.describe 'BeEF Extension WebSockets' do hb_session = hb_details["hooked-browsers"]["online"]["0"]["session"] #show the address of what is being hooked #puts "hooked browser: #{hb_session}" - expect(hb_session).not_to be_nil - #I am cleaning up here for now, potentially move to after all if someoen wants - # cleanup: delete test browser entries and session - # kill the server - #if @pid.nil? - # break - #else - Process.kill("KILL", @pid) - #if @pids.nil? - # break - #else - Process.kill("KILL", @pids) - puts "waiting for server to die.." - sleep 1 + expect(hb_session).not_to be_nil + #cannot do it in the after:all https.where(:hooked_browser_id => hb_session).delete_all end + + after(:all) do + # cleanup: delete test browser entries and session + # kill the server + @config.set('beef.http.websocket.enable', false) + Process.kill("KILL", @pid) + Process.kill("KILL", @pids) + puts "waiting for server to die.." + end + end From 54929dad9f09d65072d0a628906778a246f68507 Mon Sep 17 00:00:00 2001 From: Josh Date: Sun, 19 Apr 2020 23:39:57 -0700 Subject: [PATCH 3/3] changed the extension name --- spec/beef/extensions/websocket_hooked_browser_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/beef/extensions/websocket_hooked_browser_spec.rb b/spec/beef/extensions/websocket_hooked_browser_spec.rb index 1ee3d60fd..ac5476a27 100644 --- a/spec/beef/extensions/websocket_hooked_browser_spec.rb +++ b/spec/beef/extensions/websocket_hooked_browser_spec.rb @@ -3,7 +3,7 @@ require 'rest-client' require 'core/main/network_stack/websocket/websocket' require 'websocket-client-simple' -RSpec.describe 'BeEF Extension WebSockets' do +RSpec.describe 'BeEF WebSockets enabled' do before(:all) do @config = BeEF::Core::Configuration.instance