Class: Rex::Exploitation::Js::Network

Inherits:

Object

• Object
• Rex::Exploitation::Js::Network

Defined in:

lib/rex/exploitation/js/network.rb

Overview

Provides networking functions in JavaScript

Class Method Summary

• .ajax_download(opts = {}) ⇒ String

  Javascript code to perform a synchronous ajax request to the remote and returns the response.

• .ajax_post(opts = {}) ⇒ String

  Javascript code to perform a synchronous or asynchronous ajax request to the remote with the data specified.

• .xhr_shim(opts = {}) ⇒ String

  Javascript code that adds XMLHttpRequest to the global scope if it does not exist (e.g. on IE6, where you have to use the ActiveXObject constructor).

Class Method Details

.ajax_download(opts = {}) ⇒ String

Returns javascript code to perform a synchronous ajax request to the remote and returns the response.

Parameters:

• opts (Hash) (defaults to: {}) —

  the options hash

Options Hash (opts):

• :obfuscate (Boolean) —

  toggles js obfuscation. defaults to true.

• :inject_xhr_shim (Boolean) —

  automatically stubs XHR to use ActiveXObject when needed. defaults to true.

Returns:

• (String) —

  javascript code to perform a synchronous ajax request to the remote and returns the response

# File 'lib/rex/exploitation/js/network.rb', line 20

def self.ajax_download(opts={})
  should_obfuscate = opts.fetch(:obfuscate, true)
  js = ::File.read(::File.join(Msf::Config.data_directory, "js", "network", "ajax_download.js"))

  if should_obfuscate
    js = ::Rex::Exploitation::ObfuscateJS.new(js,
      {
        'Symbols' => {
          'Variables' => %w{ xmlHttp oArg }
        }
    }).obfuscate
  end

  xhr_shim(opts) + js
end

.ajax_post(opts = {}) ⇒ String

Returns javascript code to perform a synchronous or asynchronous ajax request to the remote with the data specified.

Parameters:

• opts (Hash) (defaults to: {}) —

  the options hash

Options Hash (opts):

• :obfuscate (Boolean) —

  toggles js obfuscation. defaults to true.

• :inject_xhr_shim (Boolean) —

  automatically stubs XHR to use ActiveXObject when needed. defaults to true.

Returns:

• (String) —

  javascript code to perform a synchronous or asynchronous ajax request to the remote with the data specified.

# File 'lib/rex/exploitation/js/network.rb', line 42

def self.ajax_post(opts={})
  should_obfuscate = opts.fetch(:obfuscate, true)
  js = ::File.read(::File.join(Msf::Config.data_directory, "js", "network", "ajax_post.js"))

  if should_obfuscate
    js = ::Rex::Exploitation::ObfuscateJS.new(js,
      {
        'Symbols' => {
          'Variables' => %w{ xmlHttp cb path data }
        }
      }).obfuscate
  end

  xhr_shim(opts) + js
end

.xhr_shim(opts = {}) ⇒ String

Returns javascript code that adds XMLHttpRequest to the global scope if it does not exist (e.g. on IE6, where you have to use the ActiveXObject constructor).

Parameters:

• opts (Hash) (defaults to: {}) —

  the options hash

Options Hash (opts):

• :obfuscate (Boolean) —

  toggles js obfuscation. defaults to true.

• :inject_xhr_shim (Boolean) —

  false causes this method to return ". defaults to true.

Returns:

• (String) —

  javascript code that adds XMLHttpRequest to the global scope if it does not exist (e.g. on IE6, where you have to use the ActiveXObject constructor)

# File 'lib/rex/exploitation/js/network.rb', line 63

def self.xhr_shim(opts={})
  return '' unless opts.fetch(:inject_xhr_shim, true)

  should_obfuscate = opts.fetch(:obfuscate, true)
  js = ::File.read(::File.join(Msf::Config.data_directory, "js", "network", "xhr_shim.js"))

  if should_obfuscate
    js = ::Rex::Exploitation::ObfuscateJS.new(js,
      {
        'Symbols' => {
          'Variables' => %w{ activeObjs idx }
        }
      }
    ).obfuscate
  end
  js
end