Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0e1efd0f5d8d60e84e1997bbc3400b461ec7c009
beef/spec/beef/extensions/adminui_spec.rb
Grant Burgess d76294735c Fixed issue where pull request #1846 changes were 
not merged to master.
2020-01-15 12:55:17 +10:00

52 lines
2.0 KiB
Ruby
Raw Blame History

#
# Tests for handling access to the Admin UI
#
require 'extensions/admin_ui/classes/httpcontroller'
require 'extensions/admin_ui/classes/session'
require 'extensions/admin_ui/controllers/authentication/authentication'
RSpec.describe 'BeEF Extension AdminUI' do
before(:all) do
@session = BeEF::Extension::AdminUI::Session.instance
@config = BeEF::Core::Configuration.instance
end
after(:all) do
@config.set('beef.restrictions.permitted_ui_subnet',["0.0.0.0/0", "::/0"])
end
it 'loads configuration' do
expect(@config.get('beef.restrictions')).to have_key('permitted_ui_subnet')
end
it 'confirms that any ip address is permitted to view the admin ui' do
ui = BeEF::Extension::AdminUI::HttpController.new
expect(@config.set('beef.restrictions.permitted_ui_subnet',["0.0.0.0/0", "::/0"])).to eq true
expect(ui.authenticate_request("8.8.8.8")).to eq true
end
it 'confirms that an ip address is permitted to view the admin ui' do
ui = BeEF::Extension::AdminUI::HttpController.new
expect(@config.set('beef.restrictions.permitted_ui_subnet',["192.168.10.1"])).to eq true
expect(ui.authenticate_request("192.168.10.1")).to eq true
end
it 'confirms that an ip address is not permitted to view the admin ui' do
ui = BeEF::Extension::AdminUI::HttpController.new
expect(@config.set('beef.restrictions.permitted_ui_subnet',["10.10.10.1"])).to eq true
expect(ui.authenticate_request("8.8.8.8")).to eq false
end
it 'confirms that X-Forwarded-For cant be spoofed when reverse proxy is disabled' do
ui = BeEF::Extension::AdminUI::HttpController.new
expect(@config.set('beef.restrictions.permitted_ui_subnet',["192.168.0.10"])).to eq true
expect(@config.set('beef.http.allow_reverse_proxy',false)).to eq true
env = { "REQUEST_METHOD" => "GET", "PATH_INFO" => "/ui/authentication" }
request = Rack::Request.new(env)
request.add_header("HTTP_X_FORWARDED_FOR","192.168.0.10")
request.add_header("REMOTE_ADDR","192.168.0.20")
expect(ui.get_ip(request)).to eq "192.168.0.20"
end
end
Reference in New Issue View Git Blame Copy Permalink