Class: Rex::Exploitation::Js::Network

Inherits:
Object
  • Object
show all
Defined in:
lib/rex/exploitation/js/network.rb

Overview

Provides networking functions in JavaScript

Class Method Summary collapse

Class Method Details

.ajax_download(opts = {}) ⇒ String

Returns javascript code to perform a synchronous ajax request to the remote and returns the response

Options Hash (opts):

  • :obfuscate (Boolean)

    toggles js obfuscation. defaults to true.

  • :inject_xhr_shim (Boolean)

    automatically stubs XHR to use ActiveXObject when needed. defaults to true.


20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# File 'lib/rex/exploitation/js/network.rb', line 20

def self.ajax_download(opts={})
  should_obfuscate = opts.fetch(:obfuscate, true)
  js = ::File.read(::File.join(Msf::Config.data_directory, "js", "network", "ajax_download.js"))

  if should_obfuscate
    js = ::Rex::Exploitation::ObfuscateJS.new(js,
      {
        'Symbols' => {
          'Variables' => %w{ xmlHttp oArg }
        }
    }).obfuscate
  end

  xhr_shim(opts) + js
end

.ajax_post(opts = {}) ⇒ String

Returns javascript code to perform a synchronous or asynchronous ajax request to the remote with the data specified.

Options Hash (opts):

  • :obfuscate (Boolean)

    toggles js obfuscation. defaults to true.

  • :inject_xhr_shim (Boolean)

    automatically stubs XHR to use ActiveXObject when needed. defaults to true.


42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# File 'lib/rex/exploitation/js/network.rb', line 42

def self.ajax_post(opts={})
  should_obfuscate = opts.fetch(:obfuscate, true)
  js = ::File.read(::File.join(Msf::Config.data_directory, "js", "network", "ajax_post.js"))

  if should_obfuscate
    js = ::Rex::Exploitation::ObfuscateJS.new(js,
      {
        'Symbols' => {
          'Variables' => %w{ xmlHttp cb path data }
        }
      }).obfuscate
  end

  xhr_shim(opts) + js
end

.xhr_shim(opts = {}) ⇒ String

Returns javascript code that adds XMLHttpRequest to the global scope if it does not exist (e.g. on IE6, where you have to use the ActiveXObject constructor)

Options Hash (opts):

  • :obfuscate (Boolean)

    toggles js obfuscation. defaults to true.

  • :inject_xhr_shim (Boolean)

    false causes this method to return ''. defaults to true.


63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# File 'lib/rex/exploitation/js/network.rb', line 63

def self.xhr_shim(opts={})
  return '' unless opts.fetch(:inject_xhr_shim, true)

  should_obfuscate = opts.fetch(:obfuscate, true)
  js = ::File.read(::File.join(Msf::Config.data_directory, "js", "network", "xhr_shim.js"))

  if should_obfuscate
    js = ::Rex::Exploitation::ObfuscateJS.new(js,
      {
        'Symbols' => {
          'Variables' => %w{ activeObjs idx }
        }
      }
    ).obfuscate
  end
  js
end