CoCalc -- tc_network

GitHub Repository: beefproject/beef
Path: blob/master/test/integration/tc_network_rest.rb
¹¹⁵⁴ views
1
#
2
# Copyright (c) 2006-2025 Wade Alcorn - [email protected]
3
# Browser Exploitation Framework (BeEF) - https://beefproject.com
4
# See the file 'doc/COPYING' for copying permission
5
#
6
require 'test/unit'
7
require 'rest-client'
8
require 'json'
9
require '../common/test_constants'
10

11
class TC_NetworkRest < Test::Unit::TestCase
12

13
  class << self
14

15
    def startup
16
      $root_dir = '../../'
17
      $:.unshift($root_dir)
18

19
      # login and get api token
20
      json = {:username => BEEF_USER, :password => BEEF_PASSWD}.to_json
21
      @@headers = {:content_type => :json, :accept => :json}
22

23
      response = RestClient.post("#{RESTAPI_ADMIN}/login",
24
                                 json,
25
                                 @@headers)
26

27
      result = JSON.parse(response.body)
28
      @@token = result['token']
29

30
      # create hooked browser and get session id
31
      BeefTest.new_victim
32
      sleep 5.0
33
      response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @@token}}
34
      result = JSON.parse(response.body)
35
      @@hb_session = result["hooked-browsers"]["online"]["0"]["session"]
36

37
      # Retrieve Port Scanner module command ID
38
      response = RestClient.get "#{RESTAPI_MODULES}", {:params => {:token => @@token}}
39
      result = JSON.parse(response.body)
40
      result.each do |mod|
41
        if mod[1]['class'] == 'Port_scanner'
42
          @@mod_port_scanner = mod[1]["id"]
43
          break
44
        end
45
      end
46

47
      # Execute the Port Scanner module on the BeEF host to populate NetworkService object
48
      # Port Scanner module works only for Chrome and Firefox
49
      response = RestClient.post "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_port_scanner}?token=#{@@token}",
50
                               { 'ipHost' => "#{ATTACK_DOMAIN}",
51
                                 'ports' => 3000,
52
                                 'closetimeout' => 1100,
53
                                 'opentimeout' => 2500,
54
                                 'delay' => 600,
55
                                 'debug' => false}.to_json,
56
                               :content_type => :json,
57
                               :accept => :json
58
      result = JSON.parse(response.body)
59
      success = result['success']
60
      @@cmd_id = result['command_id']
61
      sleep 15.0
62
    end
63

64
    def shutdown
65
      $root_dir = nil
66
    end
67

68
  end
69

70
  # Ensure the Port Scanner module identified the BeEF host
71
  def test_port_scanner_results
72
    rest_response = RestClient.get "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_port_scanner}/#{@@cmd_id}?token=#{@@token}"
73
    check_rest_response(rest_response)
74
    result = JSON.parse(rest_response.body)
75
    raise "Port Scanner module failed to identify any open ports" unless result.to_s =~ /Port 3000 is OPEN/
76
  end
77

78
  # Tests GET /api/network/hosts handler
79
  def test_get_all_hosts
80
    rest_response = RestClient.get("#{RESTAPI_NETWORK}/hosts?token=#{@@token}")
81
    check_rest_response(rest_response)
82
    result = JSON.parse(rest_response.body)
83
    assert(result['count'])
84
    assert(result['hosts'])
85
    assert_not_equal(0, result['count'])
86
  end
87

88
  # Tests GET /api/network/hosts/:sessionid handler with valid input
89
  def test_get_hosts_valid_session
90
    rest_response = nil
91
    assert_nothing_raised do
92
      rest_response = RestClient.get("#{RESTAPI_NETWORK}/hosts/#{@@hb_session}", :params => {:token => @@token})
93
    end
94
    check_rest_response(rest_response)
95
    result = JSON.parse(rest_response.body)
96
    assert(result['count'])
97
    assert(result['hosts'])
98
    assert_not_equal(0, result['count'])
99

100
    result['hosts'].each do |host|
101
      assert_equal(@@hb_session, host['hooked_browser_id'])
102
    end
103
  end
104

105
  # Tests GET /api/network/hosts/:sessionid handler with invalid input
106
  def test_get_hosts_invalid_session
107
    session_id = 'z'
108
    rest_response = nil
109
    assert_nothing_raised do
110
      rest_response = RestClient.get("#{RESTAPI_NETWORK}/hosts/#{session_id}", :params => {:token => @@token})
111
    end
112
    check_rest_response(rest_response)
113
    result = JSON.parse(rest_response.body)
114
    assert(result['count'])
115
    assert_equal(0, result['count'])
116
  end
117

118
  # Tests GET /api/network/host/:id handler with valid input
119
  def test_get_host_valid_id
120
    id = 1
121
    rest_response = nil
122
    assert_nothing_raised do
123
      rest_response = RestClient.get("#{RESTAPI_NETWORK}/host/#{id}", :params => {:token => @@token})
124
    end
125
    check_rest_response(rest_response)
126
    result = JSON.parse(rest_response.body)
127
    assert_equal(1, result.length)
128
    assert_equal('localhost', result.first['hostname'])
129
  end
130

131
  # Tests GET /api/network/host/:id handler with invalid input
132
  def test_get_hosts_invalid_id
133
    id = 'z'
134
    assert_raise RestClient::ResourceNotFound do
135
      RestClient.get("#{RESTAPI_NETWORK}/host/#{id}", :params => {:token => @@token})
136
    end
137
  end
138

139
  # Tests GET /api/network/services handler
140
  def test_get_all_services
141
    rest_response = RestClient.get("#{RESTAPI_NETWORK}/services?token=#{@@token}",
142
                                    @@headers)
143
    check_rest_response(rest_response)
144
    result = JSON.parse(rest_response.body)
145
    assert(result['count'])
146
    assert(result['services'])
147
    assert_not_equal(0, result['count'])
148
  end
149

150
  # Tests GET /api/network/services/:sessionid handler with valid input
151
  def test_get_services_valid_session
152
    rest_response = nil
153
    assert_nothing_raised do
154
      rest_response = RestClient.get("#{RESTAPI_NETWORK}/services/#{@@hb_session}", :params => {:token => @@token})
155
    end
156
    check_rest_response(rest_response)
157
    result = JSON.parse(rest_response.body)
158
    assert(result['count'])
159
    assert(result['services'])
160
    assert_not_equal(0, result['count'])
161

162
    result['services'].each do |service|
163
      assert_equal(@@hb_session, service['hooked_browser_id'])
164
    end
165
  end
166

167
  # Tests GET /api/network/services/:sessionid handler with invalid input
168
  def test_get_services_invalid_session
169
    session_id = 'z'
170
    rest_response = nil
171
    assert_nothing_raised do
172
      rest_response = RestClient.get("#{RESTAPI_NETWORK}/services/#{session_id}", :params => {:token => @@token})
173
    end
174
    check_rest_response(rest_response)
175
    result = JSON.parse(rest_response.body)
176
    assert(result['count'])
177
    assert_equal(0, result['count'])
178
  end
179

180
  # Tests GET /api/network/service/:id handler with valid input
181
  def test_get_service_valid_id
182
    id = 1
183
    rest_response = nil
184
    assert_nothing_raised do
185
      rest_response = RestClient.get("#{RESTAPI_NETWORK}/service/#{id}", :params => {:token => @@token})
186
    end
187
    check_rest_response(rest_response)
188
    result = JSON.parse(rest_response.body)
189
    assert_equal(1, result.length)
190
    assert_not_nil(result.first['type'])
191
  end
192

193
  # Tests GET /api/network/service/:id handler with invalid input
194
  def test_get_services_invalid_id
195
    id = 'z'
196
    assert_raise RestClient::ResourceNotFound do
197
      RestClient.get("#{RESTAPI_NETWORK}/service/#{id}", :params => {:token => @@token})
198
    end
199
  end
200

201
  private
202

203
  # Standard assertions for verifying response from RESTful API
204
  def check_rest_response(response)
205
    assert_not_nil(response.body)
206
    assert_equal(200, response.code)
207
  end
208

209
end
210

211
Product

Resources

Company
