def search_url(self, sc):
from thug.DOM.W3C import w3c
from thug.DOM.Window import Window
from thug.DOM.DFT import DFT
offset = sc.find('http')
if offset > 0:
url = sc[offset:].split()[0]
if url.endswith("'") or url.endswith('"'):
url = url[:-1]
if url in log.ThugLogging.shellcode_urls:
return
log.info('[Shellcode Analysis] URL Detected: %s', url)
try:
response = self.window._navigator.fetch(
url, redirect_type="URL found")
log.ThugLogging.shellcode_urls.add(url)
except Exception:
return
if response is None:
return
if not response.ok:
return
doc = w3c.parseString(response.content)
window = Window(url, doc, personality=log.ThugOpts.useragent)
dft = DFT(window)
dft.run()
def __run(self, window):
if log.Trace:
sys.settrace(log.Trace)
with self.JSLocker():
with Watchdog(log.ThugOpts.timeout, callback=self.watchdog_cb):
dft = DFT(window)
dft.run()
def __run(self, window):
if log.Trace:
sys.settrace(log.Trace)
with self.JSLocker():
with Watchdog(log.ThugOpts.timeout, callback = self.watchdog_cb):
dft = DFT(window)
dft.run()
def __run(self, window):
if log.Trace: # pragma: no cover
sys.settrace(log.Trace)
with log.JSEngine.JSLocker:
with Watchdog(log.ThugOpts.timeout, callback = self.watchdog_cb):
dft = DFT(window)
dft.run()
def search_url(self, sc):
from thug.DOM.W3C import w3c
from thug.DOM.Window import Window
from thug.DOM.DFT import DFT
offset = sc.find('http')
if offset > 0:
url = sc[offset:].split()[0]
if url.endswith("'") or url.endswith('"'):
url = url[:-1]
if url in log.ThugLogging.shellcode_urls:
return
if url in log.ThugLogging.retrieved_urls:
return
log.info('[Shellcode Analysis] URL Detected: %s', url)
try:
response = self.window._navigator.fetch(url, redirect_type = "URL found")
log.ThugLogging.shellcode_urls.add(url)
except Exception:
return
if response is None:
return
if not response.ok:
return
doc = w3c.parseString(response.content)
window = Window(url, doc, personality = log.ThugOpts.useragent)
dft = DFT(window)
dft.run()
def run(self, window):
with PyV8.JSLocker():
dft = DFT(window)
dft.run()
def __run(self, window):
with PyV8.JSLocker():
with Watchdog(log.ThugOpts.timeout, callback = self.watchdog_cb):
dft = DFT(window)
dft.run()
def setAttribute(self, name, value):
from thug.DOM.W3C import w3c
from thug.DOM.Window import Window
from thug.DOM.DFT import DFT
if log.ThugOpts.features_logging:
log.ThugLogging.Features.increase_setattribute_count()
if not isinstance(name, six.string_types): # pragma: no cover
name = str(name)
if log.ThugOpts.Personality.isFirefox():
if name in ('style', ):
svalue = value.split('-')
_value = svalue[0]
if len(svalue) > 1:
_value = '{}{}'.format(
_value, ''.join([s.capitalize() for s in svalue[1:]]))
for css in [
p for p in FF_STYLES
if log.ThugOpts.Personality.browserMajorVersion >= p[0]
]:
if css[1] in value:
self.tag.attrs[name] = _value
return
if name in ('type', ):
for _input in [
p for p in FF_INPUTS
if log.ThugOpts.Personality.browserMajorVersion > p[0]
]:
if _input[1] in value:
self.tag.attrs[name] = value
return
self.tag.attrs[name] = value
if name.lower() in ('src', 'archive'):
s = urlparse.urlsplit(value)
handler = getattr(log.SchemeHandler, 'handle_%s' % (s.scheme, ),
None)
if handler:
handler(self.doc.window, value)
return
try:
response = self.doc.window._navigator.fetch(
value, redirect_type="element workaround")
except Exception:
return
if response is None or not response.ok:
return
ctype = response.headers.get('content-type', None)
if ctype is None: # pragma: no cover
return
handler = log.MIMEHandler.get_handler(ctype)
if handler:
handler(self.doc.window.url, response.content)
return
if ctype.startswith(('text/html', )):
doc = w3c.parseString(response.content)
window = Window(response.url,
doc,
personality=log.ThugOpts.useragent)
dft = DFT(window)
dft.run()
def setAttribute(self, name, value):
from thug.DOM.W3C import w3c
from thug.DOM.Window import Window
from thug.DOM.DFT import DFT
if log.ThugOpts.features_logging:
log.ThugLogging.Features.increase_setattribute_count()
if not isinstance(name, six.string_types):
name = str(name)
if log.ThugOpts.Personality.isFirefox():
if name in ('style', ):
svalue = value.split('-')
_value = svalue[0]
if len(svalue) > 1:
_value = '{}{}'.format(_value, ''.join([s.capitalize() for s in svalue[1:]]))
for css in [p for p in FF_STYLES if log.ThugOpts.Personality.browserMajorVersion >= p[0]]:
if css[1] in value:
self.tag.attrs[name] = _value
return
if name in ('type', ):
for _input in [p for p in FF_INPUTS if log.ThugOpts.Personality.browserMajorVersion > p[0]]:
if _input[1] in value:
self.tag.attrs[name] = value
return
self.tag.attrs[name] = value
if name.lower() in ('src', 'archive'):
s = urlparse.urlsplit(value)
handler = getattr(log.SchemeHandler, 'handle_%s' % (s.scheme, ), None)
if handler:
handler(self.doc.window, value)
return
try:
response = self.doc.window._navigator.fetch(value, redirect_type = "element workaround")
except Exception:
return
if response is None or not response.ok:
return
ctype = response.headers.get('content-type', None)
if ctype is None:
return
handler = log.MIMEHandler.get_handler(ctype)
if handler:
handler(self.doc.window.url, response.content)
return
if ctype.startswith(('text/html', )):
doc = w3c.parseString(response.content)
window = Window(response.url, doc, personality = log.ThugOpts.useragent)
dft = DFT(window)
dft.run()
def __run(self, window):
with PyV8.JSLocker():
with Watchdog(log.ThugOpts.timeout, callback = self.watchdog_cb):
dft = DFT(window)
dft.run()
