1
#
2
# Copyright (c) 2006-2025 Wade Alcorn - [email protected]
3
# Browser Exploitation Framework (BeEF) - https://beefproject.com
4
# See the file 'doc/COPYING' for copying permission
5
#
6
require 'test/unit'
7
require 'rest-client'
8
require 'json'
9
require '../common/test_constants'
10
require '../common/beef_test'
11

12
class TC_Proxy < Test::Unit::TestCase
13

14
  class << self
15

16
    def startup
17
      $root_dir = '../../'
18
      $:.unshift($root_dir)
19

20
      # load proxy config
21
      require 'core/loader'
22
      BeEF::Core::Configuration.new(File.join($root_dir, 'config.yaml'))
23
      config = BeEF::Core::Configuration.instance
24
      config.load_extensions_config
25
      @@proxy_config = config.get('beef.extension.proxy')
26
      @@proxy = "#{@@proxy_config['address']}:#{@@proxy_config['port']}"
27

28
      # set up active record
29
      ActiveRecord::Base.establish_connection(
30
        database: "beef.db"
31
        adapter:	"sqlite3"
32
      )
33

34
      # set headers for rest requests
35
      @@headers = { :content_type => :json, :accept => :json }
36

37
      # login and get api token
38
      json = {:username => BEEF_USER, :password => BEEF_PASSWD}.to_json
39
      response = RestClient.post("#{RESTAPI_ADMIN}/login", json, @@headers)
40
      result = JSON.parse(response.body)
41
      @@token = result['token']
42

43
      # create hooked browser and get session id
44
      @@victim = BeefTest.new_victim
45
      sleep 5.0
46
      response = RestClient.get "#{RESTAPI_HOOKS}", {:params => {:token => @@token}}
47
      result = JSON.parse(response.body)
48
      @@hb_session = result["hooked-browsers"]["online"]["0"]["session"]
49

50
      # set proxy to use hooked browser
51
      result = set_target_zombie(@@hb_session)
52
    end
53

54
    def shutdown
55
      @@victim.driver.browser.close
56
      $root_dir = nil
57
    end
58

59
    # set zombie to be used as proxy
60
    def set_target_zombie(session_id)
61
      json = { :hb_id => session_id.to_s }.to_json
62
      response = RestClient.post("#{RESTAPI_PROXY}/setTargetZombie?token=#{@@token}", json, @@headers)
63
      result = JSON.parse(response.body)
64
      return result['success']
65
    end
66

67
  end
68

69
  def test_get_url_same_origin
70
    assert_nothing_raised do
71
      url = "http://#{VICTIM_DOMAIN}:3000/demos/secret_page.html"
72
      cmd = ['curl', '--connect-timeout', '30', '--max-time', '30', '-x', "#{@@proxy}", '-X', 'GET', '-isk', "#{url}"]
73
      res = IO.popen(cmd, 'r+').read
74
      assert_not_empty(res)
75
      assert_not_nil(res)
76
      raise "Proxy request failed - Unexpected response" unless res =~ /Secret Page/
77
    end
78
  end
79

80
  def test_post_url_same_origin
81
    assert_nothing_raised do
82
      url = "http://#{VICTIM_DOMAIN}:3000/demos/secret_page.html"
83
      cmd = ['curl', '--connect-timeout', '30', '--max-time', '30', '-x', "#{@@proxy}", '-X', 'POST', '-isk', "#{url}", '-d', 'beef=beef']
84
      res = IO.popen(cmd, 'r+').read
85
      assert_not_empty(res)
86
      assert_not_nil(res)
87
      raise "Proxy request failed - Unexpected response" unless res =~ /Secret Page/
88
    end
89
  end
90

91
  def test_get_url_cross_origin
92
    assert_nothing_raised do
93
      url = "http://#{ATTACK_DOMAIN}:3000/demos/plain.html"
94
      cmd = ['curl', '--connect-timeout', '30', '--max-time', '30', '-x', "#{@@proxy}", '-X', 'GET', '-isk', "#{url}"]
95
      res = IO.popen(cmd, 'r+').read
96
      assert_not_empty(res)
97
      assert_not_nil(res)
98
      raise "Proxy request failed - Unexpected response #{@@proxy}" unless res =~ /ERROR: Cross Domain Request/
99
    end
100
  end
101
end
102

103