Added speed checking of api auth calls.

Added beef_rest_client based on the beef rest api found in tools/lib Added mass auth attempts Adjusted test_constants to use environment variables -- to use with rake. Eventually should be a test
2017-11-29 17:13:57 +10:00
parent 8d226378b7
commit cc3bfc071e
3 changed files with 76 additions and 2 deletions
--- a/test/api/beef_rest.rb
+++ b/test/api/beef_rest.rb
@@ -0,0 +1,32 @@
+#
+# Copyright (c) 2006-2017 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+require 'pry-byebug'
+require 'rest-client'
+require 'json'
+require 'optparse'
+require 'pp'
+
+require '../common/test_constants'
+require './lib/beef_rest_client'
+
+passwds = (1..9).map { |i| "broken_pass"}
+passwds.push BEEF_PASSWD
+apis = passwds.map { |pswd| BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, pswd) }
+
+#binding.pry
+t0 = Time.now().usec
+l = apis.length
+(0..50).each do |i|
+  t = Time.now().usec
+  puts "#{i} : #{t - t0} : #{apis[i%l].auth()[:payload]}"
+  t0 = t
+end
+
+
+#binding.pry
+#         response = @api.auth
+
+#@api.version if response[:success]
--- a/test/api/lib/beef_rest_client.rb
+++ b/test/api/lib/beef_rest_client.rb
@@ -0,0 +1,42 @@
+#
+# Copyright (c) 2006-2017 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+# less noisy verson of BeeRestAPI found in tools.
+class BeefRestClient
+  def initialize proto, host, port, user, pass
+    @user = user
+    @pass = pass
+    @url = "#{proto}://#{host}:#{port}/api/"
+    @token = nil
+  end
+
+  def auth
+    begin
+      response = RestClient.post "#{@url}admin/login",
+                                 { 'username' => "#{@user}",
+                                   'password' => "#{@pass}" }.to_json,
+                                 :content_type => :json,
+                                 :accept => :json
+      result = JSON.parse(response.body)
+      @token = result['token']
+      {:success => result['success'], :payload => result}
+    rescue => e
+      {:success => false, :payload => e.message }
+       end
+  end
+
+  def version
+    return {:success => false, :payload => 'no token'} if @token.nil?
+    begin
+      response = RestClient.get "#{@url}server/version", {:params => {:token => @token}}
+      result = JSON.parse(response.body)
+
+      {:success => result['success'], :payload => result}
+    rescue => e
+      print_error "Could not retrieve BeEF version: #{e.message}"
+      {:success => false, :payload => e.message}
+       end
+  end
+end
--- a/test/common/test_constants.rb
+++ b/test/common/test_constants.rb
@@ -12,8 +12,8 @@ ATTACK_URL = "http://" + ATTACK_DOMAIN + ":3000/ui/panel"
 VICTIM_URL = "http://" + VICTIM_DOMAIN + ":3000/demos/basic.html"

 # Credentials
-BEEF_USER = "beef"
-BEEF_PASSWD = "test"
+BEEF_USER = ENV["TEST_BEEF_USER"] || 'beef'
+BEEF_PASSWD = ENV["TEST_BEEF_PASS"] || "beef"

 # RESTful API root endpoints
 RESTAPI_HOOKS = "http://" + ATTACK_DOMAIN + ":3000/api/hooks"