From f978b5fc4fd0e2df035c69304469c6987edb0b75 Mon Sep 17 00:00:00 2001 From: Stephen Date: Fri, 22 Mar 2024 11:47:45 +1000 Subject: [PATCH] moved testing server functions to spec_helper.rb --- spec/beef/api/auth_rate_spec.rb | 138 +++++++------------------------- spec/spec_helper.rb | 118 ++++++++++++++++++++++++++- 2 files changed, 147 insertions(+), 109 deletions(-) diff --git a/spec/beef/api/auth_rate_spec.rb b/spec/beef/api/auth_rate_spec.rb index f2d33c3a8..06f36a745 100644 --- a/spec/beef/api/auth_rate_spec.rb +++ b/spec/beef/api/auth_rate_spec.rb @@ -8,124 +8,43 @@ require 'net/http' require 'uri' RSpec.describe 'BeEF API Rate Limit' do - - def configure_beef - @config = BeEF::Core::Configuration.instance - - @config.set('beef.credentials.user', "beef") - @config.set('beef.credentials.passwd', "beef") - + + before(:each) do + port = 3000 + expect(`lsof -i :#{port}`).to be_empty + @pid = start_beef_server_and_wait @username = @config.get('beef.credentials.user') @password = @config.get('beef.credentials.passwd') - end - - def load_beef_extensions_and_modules - # Load BeEF extensions - BeEF::Extensions.load - - # Load BeEF modules only if they are not already loaded - BeEF::Modules.load if @config.get('beef.module').nil? - end - - def start_beef_server - configure_beef - load_beef_extensions_and_modules - - # Grab DB file and regenerate if requested - db_file = @config.get('beef.database.file') - - if BeEF::Core::Console::CommandLine.parse[:resetdb] - File.delete(db_file) if File.exist?(db_file) - end - - # Load up DB and migrate if necessary - ActiveRecord::Base.logger = nil - OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')] - OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file) - # otr-activerecord require you to manually establish the connection with the following line - #Also a check to confirm that the correct Gem version is installed to require it, likely easier for old systems. - if Gem.loaded_specs['otr-activerecord'].version > Gem::Version.create('1.4.2') - OTR::ActiveRecord.establish_connection! - end - - # Migrate (if required) - ActiveRecord::Migration.verbose = false # silence activerecord migration stdout messages - context = ActiveRecord::Migration.new.migration_context - if context.needs_migration? - ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration, context.internal_metadata).migrate - end - BeEF::Core::Migration.instance.update_db! - - # Spawn HTTP Server - # print_info "Starting HTTP Hook Server" - http_hook_server = BeEF::Core::Server.instance - http_hook_server.prepare - - # Generate a token for the server to respond with - BeEF::Core::Crypto::api_token - - # Initiate server start-up - BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) - pid = fork do - http_hook_server.start - end - - return pid - end - - def beef_server_running?(uri_str) - uri = URI.parse(uri_str) - response = Net::HTTP.get_response(uri) - response.is_a?(Net::HTTPSuccess) - rescue - false - end - - def wait_for_beef_server_to_start(uri_str, timeout: 5) - start_time = Time.now - - until beef_server_running?(uri_str) || (Time.now - start_time) > timeout do - sleep 0.1 - end - - beef_server_running?(uri_str) - end - - def start_beef_server_and_wait - pid = start_beef_server - - if wait_for_beef_server_to_start('http://localhost:3000', timeout: 5) - # print_info "Server started successfully." - else - print_info "Server failed to start within timeout." - end - - pid - end - - before(:all) do - @pid = start_beef_server_and_wait end - after(:all) do + after(:each) do + # Stop the DNS server after each test case + BeEF::Extension::Dns::Server.instance.stop # Shutting down server Process.kill("KILL", @pid) unless @pid.nil? - Process.wait(@pid) # Ensure the process has exited and the port is released + Process.wait(@pid) unless @pid.nil? # Ensure the process has exited and the port is released @pid = nil end it 'confirm correct creds are successful' do - sleep 0.5 - test_api = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, BEEF_PASSWD) + # sleep 1 + # uri = URI.parse("http://#{ATTACK_DOMAIN}:3000") + # response = Net::HTTP.get_response(uri) + # expect(response).to be_a(Net::HTTPSuccess) # HTTP request is successful + + # sleep 60 + test_api = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', @username, @password) + expect(@config.get('beef.credentials.user')).to eq('beef') + expect(@config.get('beef.credentials.passwd')).to eq('beef') + expect(test_api.auth()[:payload]).not_to eql("401 Unauthorized") expect(test_api.auth()[:payload]["success"]).to be(true) # valid pass should succeed end it 'confirm incorrect creds are unsuccessful' do - sleep 0.5 - test_api = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, "wrong_passowrd") + test_api = BeefRestClient.new('http', ATTACK_DOMAIN, '3000', @username, "wrong_passowrd") expect(test_api.auth()[:payload]).to eql("401 Unauthorized") # all (unless the valid is first 1 in 10 chance) end @@ -133,8 +52,8 @@ RSpec.describe 'BeEF API Rate Limit' do # create api structures with bad passwords and one good passwds = (1..9).map { |i| "bad_password"} # incorrect password - passwds.push BEEF_PASSWD # correct password - apis = passwds.map { |pswd| BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, pswd) } + passwds.push @password # correct password + apis = passwds.map { |pswd| BeefRestClient.new('http', ATTACK_DOMAIN, '3000', @username, pswd) } (0..apis.length-1).each do |i| test_api = apis[i] @@ -146,16 +65,19 @@ RSpec.describe 'BeEF API Rate Limit' do # create api structures with bad passwords and one good passwds = (1..9).map { |i| "bad_password"} # incorrect password - passwds.push BEEF_PASSWD # correct password - apis = passwds.map { |pswd| BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, pswd) } + passwds.push @password # correct password + apis = passwds.map { |pswd| BeefRestClient.new('http', ATTACK_DOMAIN, '3000', @username, pswd) } apis.shuffle! # random order for next iteration - apis = apis.reverse if (apis[0].is_pass?(BEEF_PASSWD)) # prevent the first from having valid passwd + apis = apis.reverse if (apis[0].is_pass?(@password)) # prevent the first from having valid passwd (0..apis.length-1).each do |i| test_api = apis[i] - if (test_api.is_pass?(BEEF_PASSWD)) - sleep(0.5) + if (test_api.is_pass?(@password)) + sleep 0.5 + expect(@config.get('beef.credentials.user')).to eq('beef') + expect(@config.get('beef.credentials.passwd')).to eq('beef') + expect(test_api.auth()[:payload]).not_to eql("401 Unauthorized") expect(test_api.auth()[:payload]["success"]).to be(true) # valid pass should succeed else expect(test_api.auth()[:payload]).to eql("401 Unauthorized") diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 2216e6f87..320587ed8 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -21,7 +21,7 @@ Dir['spec/support/*.rb'].each do |f| require f end -ENV['RACK_ENV'] ||= 'test' +ENV['RACK_ENV'] ||= 'test' # Set the environment to test ARGV.clear ## BrowserStack config @@ -89,4 +89,120 @@ RSpec.configure do |config| Process.kill('KILL', server_pid) Process.kill('KILL', server_pids) end + + + +######################################## + +require 'socket' + + def port_available? + socket = TCPSocket.new('localhost', 3000) + socket.close + false # If a connection is made, the port is in use, so it's not available. + rescue Errno::ECONNREFUSED + true # If the connection is refused, the port is not in use, so it's available. + rescue Errno::EADDRNOTAVAIL + true # If the connection is refused, the port is not in use, so it's available. + end + + + def configure_beef + + # Reset or re-initialise the configuration to a default state + @config = BeEF::Core::Configuration.instance + + @config.set('beef.credentials.user', "beef") + @config.set('beef.credentials.passwd', "beef") + + @username = @config.get('beef.credentials.user') + @password = @config.get('beef.credentials.passwd') + end + + # Load the server + def load_beef_extensions_and_modules + # Load BeEF extensions + BeEF::Extensions.load + + # Load BeEF modules only if they are not already loaded + BeEF::Modules.load if @config.get('beef.module').nil? + end + + def start_beef_server + exit unless port_available? + configure_beef + load_beef_extensions_and_modules + + # Grab DB file and regenerate if requested + db_file = @config.get('beef.database.file') + + if BeEF::Core::Console::CommandLine.parse[:resetdb] + File.delete(db_file) if File.exist?(db_file) + end + + # Load up DB and migrate if necessary + ActiveRecord::Base.logger = nil + OTR::ActiveRecord.migrations_paths = [File.join('core', 'main', 'ar-migrations')] + OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file) + # otr-activerecord require you to manually establish the connection with the following line + #Also a check to confirm that the correct Gem version is installed to require it, likely easier for old systems. + if Gem.loaded_specs['otr-activerecord'].version > Gem::Version.create('1.4.2') + OTR::ActiveRecord.establish_connection! + end + + # Migrate (if required) + ActiveRecord::Migration.verbose = false # silence activerecord migration stdout messages + context = ActiveRecord::Migration.new.migration_context + if context.needs_migration? + ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration, context.internal_metadata).migrate + end + BeEF::Core::Migration.instance.update_db! + + # Spawn HTTP Server + # print_info "Starting HTTP Hook Server" + http_hook_server = BeEF::Core::Server.instance + http_hook_server.prepare + + # Generate a token for the server to respond with + BeEF::Core::Crypto::api_token + + # Initiate server start-up + BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server) + pid = fork do + http_hook_server.start + end + + return pid + end + + def beef_server_running?(uri_str) + uri = URI.parse(uri_str) + response = Net::HTTP.get_response(uri) + response.is_a?(Net::HTTPSuccess) + rescue + false + end + + def wait_for_beef_server_to_start(uri_str, timeout: 5) + start_time = Time.now + + until beef_server_running?(uri_str) || (Time.now - start_time) > timeout do + sleep 0.1 + end + + beef_server_running?(uri_str) + end + + def start_beef_server_and_wait + pid = start_beef_server + + if wait_for_beef_server_to_start('http://localhost:3000', timeout: 5) + # print_info "Server started successfully." + else + print_error "Server failed to start within timeout." + end + + pid + end + end