From cc3bfc071e0279ba2835b721de6ab14294fbce24 Mon Sep 17 00:00:00 2001 From: Bucky Wilson Date: Wed, 29 Nov 2017 17:13:57 +1000 Subject: [PATCH] Added speed checking of api auth calls. Added beef_rest_client based on the beef rest api found in tools/lib Added mass auth attempts Adjusted test_constants to use environment variables -- to use with rake. Eventually should be a test --- test/api/beef_rest.rb | 32 ++++++++++++++++++++++++ test/api/lib/beef_rest_client.rb | 42 ++++++++++++++++++++++++++++++++ test/common/test_constants.rb | 4 +-- 3 files changed, 76 insertions(+), 2 deletions(-) create mode 100644 test/api/beef_rest.rb create mode 100644 test/api/lib/beef_rest_client.rb diff --git a/test/api/beef_rest.rb b/test/api/beef_rest.rb new file mode 100644 index 000000000..9e21a0ef6 --- /dev/null +++ b/test/api/beef_rest.rb @@ -0,0 +1,32 @@ +# +# Copyright (c) 2006-2017 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +require 'pry-byebug' +require 'rest-client' +require 'json' +require 'optparse' +require 'pp' + +require '../common/test_constants' +require './lib/beef_rest_client' + +passwds = (1..9).map { |i| "broken_pass"} +passwds.push BEEF_PASSWD +apis = passwds.map { |pswd| BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, pswd) } + +#binding.pry +t0 = Time.now().usec +l = apis.length +(0..50).each do |i| + t = Time.now().usec + puts "#{i} : #{t - t0} : #{apis[i%l].auth()[:payload]}" + t0 = t +end + + +#binding.pry +# response = @api.auth + +#@api.version if response[:success] diff --git a/test/api/lib/beef_rest_client.rb b/test/api/lib/beef_rest_client.rb new file mode 100644 index 000000000..b62f94163 --- /dev/null +++ b/test/api/lib/beef_rest_client.rb @@ -0,0 +1,42 @@ +# +# Copyright (c) 2006-2017 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +# less noisy verson of BeeRestAPI found in tools. +class BeefRestClient + def initialize proto, host, port, user, pass + @user = user + @pass = pass + @url = "#{proto}://#{host}:#{port}/api/" + @token = nil + end + + def auth + begin + response = RestClient.post "#{@url}admin/login", + { 'username' => "#{@user}", + 'password' => "#{@pass}" }.to_json, + :content_type => :json, + :accept => :json + result = JSON.parse(response.body) + @token = result['token'] + {:success => result['success'], :payload => result} + rescue => e + {:success => false, :payload => e.message } + end + end + + def version + return {:success => false, :payload => 'no token'} if @token.nil? + begin + response = RestClient.get "#{@url}server/version", {:params => {:token => @token}} + result = JSON.parse(response.body) + + {:success => result['success'], :payload => result} + rescue => e + print_error "Could not retrieve BeEF version: #{e.message}" + {:success => false, :payload => e.message} + end + end +end diff --git a/test/common/test_constants.rb b/test/common/test_constants.rb index 9a6a032bf..2944f0aa2 100644 --- a/test/common/test_constants.rb +++ b/test/common/test_constants.rb @@ -12,8 +12,8 @@ ATTACK_URL = "http://" + ATTACK_DOMAIN + ":3000/ui/panel" VICTIM_URL = "http://" + VICTIM_DOMAIN + ":3000/demos/basic.html" # Credentials -BEEF_USER = "beef" -BEEF_PASSWD = "test" +BEEF_USER = ENV["TEST_BEEF_USER"] || 'beef' +BEEF_PASSWD = ENV["TEST_BEEF_PASS"] || "beef" # RESTful API root endpoints RESTAPI_HOOKS = "http://" + ATTACK_DOMAIN + ":3000/api/hooks"