Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
beefproject
GitHub Repository: beefproject/beef
 Path: blob/master/test/integration/tc_social_engineering_rest.rb
1154 views
1
#

2
# Copyright (c) 2006-2025 Wade Alcorn - [email protected]

3
# Browser Exploitation Framework (BeEF) - https://beefproject.com

4
# See the file 'doc/COPYING' for copying permission

5
#

6
require 'test/unit'

7
require 'rest-client'

8
require 'json'

9
require '../common/test_constants'

10


11
# @todo RESTful API for the social engineering extension lacks some serious test coverage.

12
class TC_SocialEngineeringRest < Test::Unit::TestCase

13


14
  class << self

15


16
    # Login to API before performing any tests

17
    def startup

18
      json = {:username => BEEF_USER, :password => BEEF_PASSWD}.to_json

19
      @@headers = {:content_type => :json, :accept => :json}

20


21
      response = RestClient.post("#{RESTAPI_ADMIN}/login",

22
                                 json,

23
                                 @@headers)

24


25
      result = JSON.parse(response.body)

26
      @@token = result['token']

27


28
      $root_dir = '../../'

29
      $:.unshift($root_dir)

30


31
      require 'core/loader'

32


33
      BeEF::Core::Configuration.new(File.join($root_dir, 'config.yaml'))

34
      BeEF::Core::Configuration.instance.load_extensions_config

35


36
      @@config = BeEF::Core::Configuration.instance

37
    end

38


39
    def shutdown

40
      $root_dir = nil

41
    end

42


43
  end

44


45
  # Tests DNS spoofing of cloned webpages

46
  def test_1_dns_spoof

47
    url = 'https://beefproject.com'

48
    mount = '/beefproject'

49
    dns_spoof = true

50


51
    json = {:url => url, :mount => mount, :dns_spoof => dns_spoof}.to_json

52


53
    domain = url.gsub(%r{^https?://}, '')

54


55
    response = RestClient.post("#{RESTAPI_SENG}/clone_page?token=#{@@token}",

56
                               json,

57
                               @@headers)

58


59
    check_response(response)

60


61
    # Send DNS request to server to verify that a new rule was added

62
    dns_address = @@config.get('beef.extension.dns.address')

63
    dns_port = @@config.get('beef.extension.dns.port')

64
    dig_output = IO.popen(["dig", "@#{dns_address}", "-p", "#{dns_port}", "-t",

65
                          "A", "+short", "#{domain}"], 'r+').read.strip!

66


67
    foundmatch = false

68


69
    # Iterate local IPs (excluding loopbacks) to find a match to the 'dig'

70
    # output

71
    assert_block do

72
        Socket.ip_address_list.each { |i|

73
            if !(i.ipv4_loopback? || i.ipv6_loopback?)

74
                return true if i.ip_address.to_s.eql?(dig_output.to_s)

75
            end

76
        }

77
    end

78


79
    # assert(foundmatch)

80
  end

81


82
  private

83


84
  # Assertions for verifying a response from the RESTful API

85
  def check_response(response)

86
    assert_not_nil(response.body)

87
    assert_equal(200, response.code)

88


89
    result = JSON.parse(response.body)

90


91
    assert(result['success'])

92
    assert(result['mount'])

93
  end

94


95
end

96


97