Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
beefproject
GitHub Repository: beefproject/beef
 Path: blob/master/test/integration/tc_debug_modules.rb
1154 views
1
#

2
# Copyright (c) 2006-2025 Wade Alcorn - [email protected]

3
# Browser Exploitation Framework (BeEF) - https://beefproject.com

4
# See the file 'doc/COPYING' for copying permission

5
#

6
require 'test/unit'

7
require 'rest-client'

8
require 'json'

9
require '../common/test_constants'

10
require '../common/beef_test'

11


12
class TC_DebugModules < Test::Unit::TestCase

13


14
  @@token = nil

15
  @@hb_session = nil

16


17
  @@mod_debug_long_string = nil

18
  @@mod_debug_ascii_chars = nil

19
  @@mod_debug_test_network = nil

20


21
  # NOTE: Tests within the same test class are called in the order they are defined.

22
  # NOTE: However, test classes are run in alphabetical order by classname.

23
  # That's why we use the prefix x_N_y, with N being the order of execution.

24
  #

25


26
  # Test RESTful API authentication with default credentials, returns the API token to be used later.

27
  def test_1_restful_auth

28
    response = RestClient.post "#{RESTAPI_ADMIN}/login",

29
                               { 'username' => "#{BEEF_USER}",

30
                                 'password' => "#{BEEF_PASSWD}"}.to_json,

31
                               :content_type => :json,

32
                               :accept => :json

33
    assert_equal 200, response.code

34
    assert_not_nil response.body

35
    result = JSON.parse(response.body)

36
    success = result['success']

37
    @@token = result['token']

38
    assert(success)

39
  end

40


41
  # Test RESTful API hooks handler hooking a victim browser, and then retrieving his BeEF session

42
  def test_2_restful_hooks

43
    BeefTest.new_victim

44
    sleep 5.0

45
    response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @@token}}

46
    assert_equal 200, response.code

47
    assert_not_nil response.body

48
    result = JSON.parse(response.body)

49
    @@hb_session = result["hooked-browsers"]["online"]["0"]["session"]

50
    assert_not_nil @@hb_session

51
  end

52


53
  # Test RESTful API modules handler, retrieving the IDs of the 3 debug modules currently in the framework

54
  def test_3_restful_modules

55
    response = RestClient.get "#{RESTAPI_MODULES}", {:params => {:token => @@token}}

56
    assert_equal 200, response.code

57
    assert_not_nil response.body

58
    result = JSON.parse(response.body)

59
    result.each do |mod|

60
     case mod[1]["class"]

61
       when "Test_return_long_string"

62
         @@mod_debug_long_string = mod[1]["id"]

63
       when "Test_return_ascii_chars"

64
         @@mod_debug_ascii_chars = mod[1]["id"]

65
       when "Test_network_request"

66
         @@mod_debug_test_network = mod[1]["id"]

67
     end

68
    end

69
    assert_not_nil @@mod_debug_long_string

70
    assert_not_nil @@mod_debug_ascii_chars

71
    assert_not_nil @@mod_debug_test_network

72
  end

73
  #

74
  ## Test debug module "Test_return_long_string" using the RESTful API

75
  def test_return_long_string

76
    repeat_string = "BeEF"

77
    repeat_count = 20

78


79
    response = RestClient.post "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_long_string}?token=#{@@token}",

80
                               { 'repeat_string' => repeat_string,

81
                                 'repeat'        => repeat_count}.to_json,

82
                               :content_type => :json,

83
                               :accept => :json

84
    assert_equal 200, response.code

85
    assert_not_nil response.body

86
    result = JSON.parse(response.body)

87
    success = result['success']

88
    assert success

89


90
    cmd_id = result['command_id']

91
    count = 0

92
    response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_long_string}/#{cmd_id}?token=#{@@token}"

93


94
    #TODO if the response is empty, the body size is 2, basically an empty Hash.

95
    # don't know why empty?, nil and other checks are not working.

96
    while(response.body.size <= 2 && count < 10)

97
      response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_long_string}/#{cmd_id}?token=#{@@token}"

98
      sleep 2

99
      count += 1

100
    end

101
    assert_equal 200, response.code

102
    assert_not_nil response.body

103
    result = JSON.parse(response.body)

104
    data = JSON.parse(result['0']['data'])['data']

105
    assert_not_nil data

106
    assert_equal (repeat_string * repeat_count),data

107
  end

108
  #

109
  ## Test debug module "Test_return_ascii_chars" using the RESTful API

110
  def test_return_ascii_chars

111
    response = RestClient.post "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_ascii_chars}?token=#{@@token}",

112
                               {}.to_json, # module does not expect any input

113
                               :content_type => :json,

114
                               :accept => :json

115
    assert_equal 200, response.code

116
    assert_not_nil response.body

117
    result = JSON.parse(response.body)

118
    success = result['success']

119
    assert success

120
    cmd_id = result['command_id']

121
    count = 0

122
    response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_ascii_chars}/#{cmd_id}?token=#{@@token}"

123


124
    #TODO if the response is empty, the body size is 2, basically an empty Hash.

125
    # don't know why empty?, nil and other checks are not working.

126
    while(response.body.size <= 2 && count < 10)

127
       response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_ascii_chars}/#{cmd_id}?token=#{@@token}"

128
       sleep 2

129
       count += 1

130
    end

131
    assert_equal 200, response.code

132
    assert_not_nil response.body

133
    result = JSON.parse(response.body)

134
    data = JSON.parse(result['0']['data'])['data']

135
    assert_not_nil data

136
    ascii_chars = ""

137
    (32..127).each do |i| ascii_chars << i.chr end

138
    assert_equal ascii_chars,data

139
  end

140


141
  # Test debug module "Test_network_request" using the RESTful API

142
  def test_return_network_request

143


144
    # Test same-origin request (response code and content of secret_page.html)

145
    response = RestClient.post "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_test_network}?token=#{@@token}",

146
                                #override only a few parameters, the other ones will have default values from modules's module.rb definition

147
                               {"domain" => ATTACK_DOMAIN, "port" => "3000", "path" => "/demos/secret_page.html"}.to_json,

148
                               :content_type => :json,

149
                               :accept => :json

150
    assert_equal 200, response.code

151
    assert_not_nil response.body

152
    result = JSON.parse(response.body)

153
    success = result['success']

154
    assert success

155


156
    cmd_id = result['command_id']

157
    count = 0

158
    response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_test_network}/#{cmd_id}?token=#{@@token}"

159


160
    #TODO if the response is empty, the body size is 2, basically an empty Hash.

161
    # don't know why empty?, nil and other checks are not working.

162
    while(response.body.size <= 2 && count < 10)

163
      response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_test_network}/#{cmd_id}?token=#{@@token}"

164
      sleep 2

165
      count += 1

166
    end

167
    assert_equal 200, response.code

168
    assert_not_nil response.body

169
    result = JSON.parse(response.body)

170
    data = JSON.parse(result['0']['data'])['data']

171
    assert_not_nil data

172
    assert_equal 200, JSON.parse(data)["status_code"]

173
    assert JSON.parse(data)["port_status"].include?("open")

174


175
  end

176
end

177


178