diff --git a/Rakefile b/Rakefile index 132d4ea73..0dd14c2fe 100644 --- a/Rakefile +++ b/Rakefile @@ -165,7 +165,7 @@ end task :xserver_stop do puts "\nShutting down X11 Server...\n" - sh "ps -ef|grep Xvfb|grep -v grep|awk '{print $2}'|xargs kill" + sh "ps -ef|grep Xvfb|grep -v grep|grep -v rake|awk '{print $2}'|xargs kill" end ################################ @@ -211,7 +211,7 @@ task :beef_stop do # shutting down puts "Shutting down BeEF...\n" - sh "ps -ef|grep beef|grep -v grep|awk '{print $2}'|xargs kill" + sh "ps -ef|grep beef|grep -v grep|grep -v rake|awk '{print $2}'|xargs kill" end ################################ diff --git a/test/api/1333_auth_rate.rb b/test/api/1333_auth_rate.rb index d5477a260..11b21c3da 100644 --- a/test/api/1333_auth_rate.rb +++ b/test/api/1333_auth_rate.rb @@ -4,6 +4,8 @@ # See the file 'doc/COPYING' for copying permission # +require 'test/unit' + require 'pry-byebug' require 'rest-client' require 'json' @@ -13,28 +15,59 @@ require 'pp' require '../common/test_constants' require './lib/beef_rest_client' -passwds = (1..9).map { |i| "broken_pass"} -passwds.push BEEF_PASSWD -apis = passwds.map { |pswd| BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, pswd) } +class TC_1333_auth_rate < Test::Unit::TestCase -#binding.pry -t0 = Time.now() -l = apis.length + def test_auth_rate + # tests rate of auth calls + # this takes some time - with no output + # beef must be running + + passwds = (1..9).map { |i| "broken_pass"} + passwds.push BEEF_PASSWD + apis = passwds.map { |pswd| BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, pswd) } + l = apis.length + + # t0 = Time.now() + + + (0..2).each do |again| # multiple sets of auth attempts + # first pass -- apis in order, valid passwd on 9th attempt + # subsequent passes apis shuffled + + # puts "speed requesets" # all should return 401 + (0..50).each do |i| + # t = Time.now() + # puts "#{i} : #{t - t0} : #{apis[i%l].auth()[:payload]}" + + test_api = apis[i%l] + assert_match("401", test_api.auth()[:payload]) # all (unless the valid is first 1 in 10 chance) + + # t0 = t + end + + # again with more time between calls -- there should be success (1st iteration) + # puts "delayed requests" + (0..(l*2)).each do |i| + # t = Time.now() + # puts "#{i} : #{t - t0} : #{apis[i%l].auth()[:payload]}" + + test_api = apis[i%l] + if (test_api.is_pass?(BEEF_PASSWD)) + assert(test_api.auth()[:payload]["success"]) # valid pass should succeed + else + assert_match("401", test_api.auth()[:payload]) + end + + sleep(0.5) + # t0 = t + end + + apis.shuffle! # new order for next iteration + apis.reverse if (apis[0].is_pass?(BEEF_PASSWD)) # prevent the first from having valid passwd + + end # multiple sets of auth attempts + + end # test_auth_rate -(0..2).each do |again| - puts "speed requesets" - (0..50).each do |i| - t = Time.now() - puts "#{i} : #{t - t0} : #{apis[i%l].auth()[:payload]}" - t0 = t - end - # again with more time - puts "delayed requests" - (0..(l*2)).each do |i| - t = Time.now() - puts "#{i} : #{t - t0} : #{apis[i%l].auth()[:payload]}" - sleep(0.5) - t0 = t - end end diff --git a/test/api/lib/beef_rest_client.rb b/test/api/lib/beef_rest_client.rb index b62f94163..4d75d2e8a 100644 --- a/test/api/lib/beef_rest_client.rb +++ b/test/api/lib/beef_rest_client.rb @@ -12,6 +12,12 @@ class BeefRestClient @token = nil end + + def is_pass?(passwd) + @pass == passwd + end + + def auth begin response = RestClient.post "#{@url}admin/login", @@ -24,9 +30,10 @@ class BeefRestClient {:success => result['success'], :payload => result} rescue => e {:success => false, :payload => e.message } - end + end end + def version return {:success => false, :payload => 'no token'} if @token.nil? begin @@ -37,6 +44,6 @@ class BeefRestClient rescue => e print_error "Could not retrieve BeEF version: #{e.message}" {:success => false, :payload => e.message} - end + end end end