def __getattr__(self, key): if key in self._symbols: raise AttributeError(key) if key in ('__members__', '__methods__'): raise AttributeError(key) if key == 'constructor': return PyV8.JSClassConstructor(self.__class__) if key == 'prototype': return PyV8.JSClassPrototype(self.__class__) prop = self.__dict__.setdefault('__properties__', {}).get(key, None) if prop and isinstance(prop[0], collections.Callable): return prop[0]() if log.ThugOpts.Personality.isIE() and key.lower() in ('wscript', 'wsh', ): # Prevent _ActiveXObject loops super(Window, self).__setattr__("WScript", None) WScript = _ActiveXObject(self, "WScript.Shell") super(Window, self).__setattr__(key, WScript) super(Window, self).__setattr__("WScript", WScript) return WScript context = self.__class__.__dict__['context'].__get__(self, Window) try: self._symbols.add(key) symbol = context.eval(key) except: raise AttributeError(key) finally: self._symbols.discard(key) if isinstance(symbol, PyV8.JSFunction): _method = None if symbol in self._methods: _method = symbol.clone() if _method is None: _method = new.instancemethod(symbol, self, Window) # _method = symbol.__get__(self, Window) setattr(self, key, _method) context.locals[key] = _method return _method if isinstance(symbol, (six.string_types, bool, numbers.Number, datetime.datetime, PyV8.JSObject)): setattr(self, key, symbol) context.locals[key] = symbol return symbol raise AttributeError(key)
def __getattr__(self, key): if key in self._symbols: raise AttributeError(key) if key in ("__members__", "__methods__"): raise AttributeError(key) if key == "constructor": return PyV8.JSClassConstructor(self.__class__) if key == "prototype": return PyV8.JSClassPrototype(self.__class__) prop = self.__dict__.setdefault("__properties__", {}).get(key, None) if prop and isinstance(prop[0], collections.Callable): return prop[0]() if log.ThugOpts.Personality.isIE() and key.lower() in ("wscript", "wsh"): # Prevent _ActiveXObject loops super(Window, self).__setattr__("WScript", None) WScript = _ActiveXObject(self, "WScript.Shell") super(Window, self).__setattr__(key, WScript) super(Window, self).__setattr__("WScript", WScript) return WScript context = self.__class__.__dict__["context"].__get__(self, Window) log.debug(key) try: self._symbols.add(key) symbol = context.eval(key) except: raise AttributeError(key) finally: self._symbols.discard(key) if isinstance(symbol, PyV8.JSFunction): _method = None if symbol in self._methods: _method = symbol.clone() if _method is None: _method = new.instancemethod(symbol, self, Window) # _method = symbol.__get__(self, Window) setattr(self, key, _method) context.locals[key] = _method return _method if isinstance(symbol, (six.string_types, bool, numbers.Number, datetime.datetime, PyV8.JSObject)): setattr(self, key, symbol) context.locals[key] = symbol return symbol raise AttributeError(key)
def handle_object(self, _object): log.warning(_object) if log.ThugOpts.features_logging: log.ThugLogging.Features.increase_object_count() self.check_small_element(_object, 'object') params = self.do_handle_params(_object) classid = _object.get('classid', None) _id = _object.get('id', None) codebase = _object.get('codebase', None) data = _object.get('data', None) if codebase: if log.ThugOpts.features_logging: log.ThugLogging.Features.increase_url_count() try: self.window._navigator.fetch(codebase, redirect_type = "object codebase", params = params) except Exception as e: # pragma: no cover log.info("[ERROR][handle_object] %s", str(e)) if data and not data.startswith('data:'): if log.ThugOpts.features_logging: log.ThugLogging.Features.increase_url_count() try: self.window._navigator.fetch(data, redirect_type = "object data", params = params) except Exception as e: log.info("[ERROR][handle_object] %s", str(e)) if not log.ThugOpts.Personality.isIE(): return if classid: try: axo = _ActiveXObject(self.window, classid, 'id') except TypeError as e: # pragma: no cover log.info("[ERROR][handle_object] %s", str(e)) return if _id is None: return try: setattr(self.window, _id, axo) setattr(self.window.doc, _id, axo) except TypeError as e: # pragma: no cover log.info("[ERROR][handle_object] %s", str(e))
def __getattr__(self, key): if log.ThugOpts.Personality.isIE() and key.lower() in ('wscript', ): # Prevent _ActiveXObject loops super(Window, self).__setattr__("WScript", None) WScript = _ActiveXObject(self, "WScript.Shell") super(Window, self).__setattr__(key, WScript) super(Window, self).__setattr__("WScript", WScript) return WScript return super(Window, self).__getattr__(key)
def handle_object(self, _object): log.warning(_object) # self.check_attrs(_object) params = self.do_handle_params(_object) classid = _object.get('classid', None) _id = _object.get('id', None) codebase = _object.get('codebase', None) data = _object.get('data', None) if codebase: try: self.window._navigator.fetch(codebase, redirect_type = "object codebase", params = params) except: # pylint:disable=bare-except pass if data and not data.startswith('data:'): try: self.window._navigator.fetch(data, redirect_type = "object data", params = params) except: # pylint:disable=bare-except pass if not log.ThugOpts.Personality.isIE(): return # if classid and _id: if classid: try: axo = _ActiveXObject(self.window, classid, 'id') except TypeError: return if _id is None: return setattr(self.window, _id, axo) setattr(self.window.doc, _id, axo)
def __init_personality_IE(self): from .ClipboardData import ClipboardData from .Console import Console from .External import External from thug.DOM.W3C.DOMParser import DOMParser log.ThugOpts.activex_ready = False if not (log.ThugOpts.local and log.ThugOpts.attachment): # self.document = self._document self.XMLHttpRequest = self._XMLHttpRequest self.document = self._document self.ActiveXObject = self._do_ActiveXObject self.DeferredListDataComplete = self._DeferredListDataComplete self.CollectGarbage = self._CollectGarbage self.WScript = _ActiveXObject(self, "WScript.Shell") self.navigate = self._navigate self.clientInformation = self.navigator self.clipboardData = ClipboardData() self.external = External() self.console = Console() self.ScriptEngineMajorVersion = log.ThugOpts.Personality.ScriptEngineMajorVersion self.ScriptEngineMinorVersion = log.ThugOpts.Personality.ScriptEngineMinorVersion self.ScriptEngineBuildVersion = log.ThugOpts.Personality.ScriptEngineBuildVersion if log.ThugOpts.Personality.browserMajorVersion < 11: self.execScript = self._execScript self.attachEvent = self._attachEvent self.detachEvent = self._detachEvent if log.ThugOpts.Personality.browserMajorVersion >= 8: self.DOMParser = DOMParser self.addEventListener = self._addEventListener self.removeEventListener = self._removeEventListener self.localStorage = LocalStorage() self.sessionStorage = SessionStorage() self.doc.parentWindow = self._parent log.ThugOpts.activex_ready = True
def __init_personality_IE(self): from .ClipboardData import ClipboardData from .Console import Console from .External import External from thug.DOM.W3C.DOMParser import DOMParser log.ThugOpts.activex_ready = False if not (log.ThugOpts.local and log.ThugOpts.attachment): self.XMLHttpRequest = self._XMLHttpRequest self.document = self._document self.ActiveXObject = self._do_ActiveXObject self.DeferredListDataComplete = self._DeferredListDataComplete self.CollectGarbage = self._CollectGarbage self.WScript = _ActiveXObject(self, "WScript.Shell") self.navigate = self._navigate self.clientInformation = self.navigator self.clipboardData = ClipboardData() self.external = External() self.console = Console() self.ScriptEngineMajorVersion = log.ThugOpts.Personality.ScriptEngineMajorVersion self.ScriptEngineMinorVersion = log.ThugOpts.Personality.ScriptEngineMinorVersion self.ScriptEngineBuildVersion = log.ThugOpts.Personality.ScriptEngineBuildVersion if log.ThugOpts.Personality.browserMajorVersion < 11: self.execScript = self._execScript self.attachEvent = self._attachEvent self.detachEvent = self._detachEvent if log.ThugOpts.Personality.browserMajorVersion >= 8: self.DOMParser = DOMParser self.addEventListener = self._addEventListener self.removeEventListener = self._removeEventListener self.localStorage = LocalStorage() self.sessionStorage = SessionStorage() self.doc.parentWindow = self._parent log.ThugOpts.activex_ready = True
def _do_ActiveXObject(self, cls, typename='name'): return _ActiveXObject(self, cls, typename)
def _XMLHttpRequest(self): return _ActiveXObject(self, 'microsoft.xmlhttp')
def XMLHttpRequest(self): return _ActiveXObject(self, 'microsoft.xmlhttp')
def _do_ActiveXObject(self, cls, typename = 'name'): return _ActiveXObject(self, cls, typename)
def _do_ActiveXObject(self, cls, typename="name"): return _ActiveXObject(self, cls, typename)