Beispiel #1
0
    def handle_object(self, object):
        log.warning(object)

        #self.check_attrs(object)
        self.do_handle_params(object)

        classid  = object.get('classid', None)
        id       = object.get('id', None)
        codebase = object.get('codebase', None)

        if codebase:
            try:
                self.window._navigator.fetch(codebase)
            except:
                pass

        if not log.ThugOpts.Personality.isIE():
            return

        #if classid and id:
        if classid:
            try:
                axo = _ActiveXObject(self.window, classid, 'id')
            except TypeError:
                return

            if id is None:
                return

            setattr(self.window, id, axo)
            setattr(self.window.doc, id, axo)
Beispiel #2
0
    def handle_object(self, object):
        log.warning(object)

        self.check_attrs(object)
                
        classid = object.get('classid', None)
        id      = object.get('id', None)

        if classid and id:
            setattr(self.window, id, _ActiveXObject(self.window, classid, 'id'))
Beispiel #3
0
    def _handle_object(self, object):
        log.warning(object)
                            
        classid = object.get('classid', None)
        id      = object.get('id', None)

        if not log.ThugOpts.Personality.isIE():
            return

        if classid and id: 
            setattr(self.doc.window, id, _ActiveXObject(self.doc.window, classid, 'id'))
Beispiel #4
0
    def __getattr__(self, key):
        if log.ThugOpts.Personality.isIE() and key.lower() in ('wscript', ):
            # Prevent _ActiveXObject loops
            super(Window, self).__setattr__("WScript", None)

            WScript = _ActiveXObject(self, "WScript.Shell")
            super(Window, self).__setattr__(key, WScript)
            super(Window, self).__setattr__("WScript", WScript)
            return WScript

        return super(Window, self).__getattr__(key)
Beispiel #5
0
    def __getattr__(self, key):
        if log.ThugOpts.Personality.isIE() and key.lower() in ('wscript', ):
            # Prevent _ActiveXObject loops
            super(Window, self).__setattr__("WScript", None)

            WScript = _ActiveXObject(self, "WScript.Shell")
            super(Window, self).__setattr__(key, WScript)
            super(Window, self).__setattr__("WScript", WScript)
            return WScript

        return super(Window, self).__getattr__(key)
Beispiel #6
0
    def _handle_object(self, object):
        log.warning(object)

        classid = object.get('classid', None)
        id = object.get('id', None)

        if not log.ThugOpts.Personality.isIE():
            return

        if classid and id:
            setattr(self.doc.window, id,
                    _ActiveXObject(self.doc.window, classid, 'id'))
Beispiel #7
0
    def __init_personality_IE(self):
        self.ActiveXObject = self._do_ActiveXObject
        self.Run = self._Run
        self.CollectGarbage = self._CollectGarbage
        self.navigate = self._navigate
        self.clientInformation = self.navigator
        self.clipboardData = ClipboardData()
        self.external = External()
        _ActiveXObject(self, "WScript.Shell")

        if log.ThugOpts.Personality.browserMajorVersion < 9:
            self.attachEvent = self._attachEvent
            self.detachEvent = self._detachEvent
        else:
            self.addEventListener = self._addEventListener
            self.removeEventListener = self._removeEventListener

        if log.ThugOpts.Personality.browserMajorVersion in (8, ):
            self.Storage = object()

        self.doc.parentWindow = self._parent
Beispiel #8
0
    def __init_personality_IE(self):
        self.ActiveXObject     = self._do_ActiveXObject
        self.Run               = self._Run
        self.CollectGarbage    = self._CollectGarbage
        self.navigate          = self._navigate
        self.clientInformation = self.navigator
        self.clipboardData     = ClipboardData()
        self.external          = External()
        _ActiveXObject(self, "WScript.Shell")

        if log.ThugOpts.Personality.browserMajorVersion < 9:
            self.attachEvent = self._attachEvent
            self.detachEvent = self._detachEvent
        else:
            self.addEventListener    = self._addEventListener
            self.removeEventListener = self._removeEventListener

        if log.ThugOpts.Personality.browserMajorVersion in (8, ):
            self.Storage = object()

        self.doc.parentWindow = self._parent
Beispiel #9
0
    def fireOnloadEvents(self):
        #for tag in self._findAll('script'):
        #   self.evalScript(tag.string, tag = tag)
        for tag in self._findAll('object'):
            classid = tag.get('classid', None)
            id = tag.get('id', None)
            if not classid or not id:
                continue

            setattr(self, id, _ActiveXObject(self, classid, 'id'))

        index = 0
        tags = self._findAll('script')
        while index < len(self._findAll('script')):
            tag = self._findAll('script')[index]
            if not tag.string:
                src = tag.get('src', None)
                if src:
                    try:
                        response = self._navigator.fetch(
                            src, redirect_type="onload script")
                    except:
                        continue

                    if response is None:
                        continue

                    if response.status_code == 404:
                        continue

                    js = response.content
                    tag.setString(js)
            try:
                self.evalScript(tag.string, tag=tag)
            except:
                log.debug(traceback.format_exc())

            index += 1

        body = self.doc.body
        if body and body.tag.has_attr('onload'):
            self.evalScript(body.tag['onload'], tag=body.tag.contents[-1])

        if hasattr(self, 'onload'):
            self.evalScript(self.onload)
Beispiel #10
0
    def fireOnloadEvents(self):
        #for tag in self._findAll('script'):
        #   self.evalScript(tag.string, tag = tag)
        for tag in self._findAll('object'):
            classid = tag.get('classid', None)
            id      = tag.get('id', None)
            if not classid or not id:
                continue

            setattr(self, id, _ActiveXObject(self, classid, 'id'))

        index = 0
        tags  = self._findAll('script')
        while index < len(self._findAll('script')):
            tag = self._findAll('script')[index]
            if not tag.string:
                src = tag.get('src', None)
                if src:
                    try:
                        response = self._navigator.fetch(src, redirect_type = "onload script")
                    except:
                        continue

                    if response is None:
                        continue

                    if response.status_code == 404:
                        continue

                    js = response.content
                    tag.setString(js)
            try:
                self.evalScript(tag.string, tag = tag)
            except:
                log.debug(traceback.format_exc())

            index += 1

        body = self.doc.body
        if body and body.tag.has_attr('onload'):
            self.evalScript(body.tag['onload'], tag = body.tag.contents[-1])

        if hasattr(self, 'onload'):
            self.evalScript(self.onload)
Beispiel #11
0
    def handle_object(self, object):
        log.warning(object)

        #self.check_attrs(object)
        params = self.do_handle_params(object)

        classid  = object.get('classid', None)
        id       = object.get('id', None)
        codebase = object.get('codebase', None)
        data     = object.get('data', None)

        if codebase:
            try:
                self.window._navigator.fetch(codebase,
                                             redirect_type = "object codebase",
                                             params = params)
            except:
                pass

        if data and not data.startswith('data:'):
            try:
                self.window._navigator.fetch(data,
                                             redirect_type = "object data",
                                             params = params)
            except:
                pass

        if not log.ThugOpts.Personality.isIE():
            return

        #if classid and id:
        if classid:
            try:
                axo = _ActiveXObject(self.window, classid, 'id')
            except TypeError:
                return

            if id is None:
                return

            setattr(self.window, id, axo)
            setattr(self.window.doc, id, axo)
Beispiel #12
0
    def handle_object(self, object):
        log.warning(object)

        #self.check_attrs(object)
        params = self.do_handle_params(object)

        classid  = object.get('classid', None)
        id       = object.get('id', None)
        codebase = object.get('codebase', None)
        data     = object.get('data', None)

        if codebase:
            try:
                self.window._navigator.fetch(codebase,
                                             redirect_type = "object codebase",
                                             params = params)
            except:
                pass

        if data and not data.startswith('data:'):
            try:
                self.window._navigator.fetch(data,
                                             redirect_type = "object data",
                                             params = params)
            except:
                pass

        if not log.ThugOpts.Personality.isIE():
            return

        #if classid and id:
        if classid:
            try:
                axo = _ActiveXObject(self.window, classid, 'id')
            except TypeError:
                return

            if id is None:
                return

            setattr(self.window, id, axo)
            setattr(self.window.doc, id, axo)
Beispiel #13
0
 def XMLHttpRequest(self):
     return _ActiveXObject(self, 'microsoft.xmlhttp')
Beispiel #14
0
 def _do_ActiveXObject(self, cls, type = 'name'):
     return _ActiveXObject(self, cls, type = 'name')
Beispiel #15
0
 def _do_ActiveXObject(self, cls, type='name'):
     return _ActiveXObject(self, cls, type='name')
Beispiel #16
0
 def XMLHttpRequest(self):
     return _ActiveXObject(self, 'microsoft.xmlhttp')
Beispiel #17
0
 def _do_ActiveXObject(self, cls, type="name"):
     return _ActiveXObject(self, cls, type="name")