Pull shared XHR shim out, add option to static Js module method.

* Moves shim to data/js/network/xhr_shim.js * Add some yardoc comments
2013-11-02 14:52:50 -05:00 · 2013-11-02 14:52:50 -05:00 · c7c1fcfa98
parent 094abdd093
commit c7c1fcfa98
4 changed files with 71 additions and 40 deletions
--- a/data/js/network/ajax_download.js
+++ b/data/js/network/ajax_download.js
@ -7,19 +7,7 @@ function ajax_download(oArg) {
  if (method == path)      { throw "Missing parameter 'path'"; }
  if (data   == undefined) { data = null; }

-  if (window.XMLHttpRequest) {
-    xmlHttp = new XMLHttpRequest();
-  }
-  else {
-    var objs = ["Microsoft.XMLHTTP", "Msxml2.XMLHTTP", "Msxml2.XMLHTTP.4.0"];
-    for (var i=0; i < objs.length; i++) {
-      try {
-        xmlHttp = new ActiveXObject(objs[i]);
-        break;
-      }
-      catch (e) {}
-    }
-  }
+  var xmlHttp = new XMLHttpRequest();

  if (xmlHttp.overrideMimeType) {
    xmlHttp.overrideMimeType("text/plain; charset=x-user-defined");
--- a/data/js/network/ajax_post.js
+++ b/data/js/network/ajax_post.js
@ -1,18 +1,5 @@
 function postInfo(path, data) {
-  var xmlHttp = '';
-  if (window.XMLHttpRequest) {
-    xmlHttp = new XMLHttpRequest();
-  }
-  else {
-    var objs = ["Microsoft.XMLHTTP", "Msxml2.XMLHTTP", "Msxml2.XMLHTTP.4.0"];
-    for (var i=0; i < objs.length; i++) {
-      try {
-        xmlHttp = new ActiveXObject(objs[i]);
-        break;
-      }
-      catch (e) {}
-    }
-  }
+  var xmlHttp = new XMLHttpRequest();

  if (xmlHttp.overrideMimeType) {
    xmlHttp.overrideMimeType("text/plain; charset=x-user-defined");
--- a/data/js/network/xhr_shim.js
+++ b/data/js/network/xhr_shim.js
@ -0,0 +1,13 @@
+if (!window.XMLHTTPRequest) {
+  var i, ids = ["Microsoft.XMLHTTP", "Msxml2.XMLHTTP", "Msxml2.XMLHTTP.6.0", "Msxml2.XMLHTTP.3.0"];
+  for (i = 0; i < ids.length; i++) {
+    try {
+      new ActiveXObject(ids[i]);
+      window.XMLHttpRequest = function() {
+        return new ActiveXObject(ids[i]);
+      };
+      break;
+    }
+    catch (e) {}
+  }
+}
--- a/lib/rex/exploitation/js/network.rb
+++ b/lib/rex/exploitation/js/network.rb
@ -11,27 +11,70 @@ module Js
 #
 class Network

-  def self.ajax_download
+  # @param [Hash] opts the options hash
+  # @option opts [Boolean] :obfuscate toggles js obfuscation. defaults to true.
+  # @option opts [Boolean] :use_xhr_shim automatically stubs XHR to use ActiveXObject when needed.
+  #   defaults to true.
+  # @return [String] javascript code to perform a synchronous ajax request to the remote
+  #   and returns the response
+  def self.ajax_download(opts={})
+    should_obfuscate = opts.fetch(:obfuscate, true)
    js = ::File.read(::File.join(Msf::Config.data_directory, "js", "network", "ajax_download.js"))

-    ::Rex::Exploitation::ObfuscateJS.new(js,
-      {
-        'Symbols' => {
-          'Variables' => %w{ xmlHttp }
-        }
+    if should_obfuscate
+      js = ::Rex::Exploitation::ObfuscateJS.new(js,
+        {
+          'Symbols' => {
+            'Variables' => %w{ xmlHttp }
+          }
      }).obfuscate
+    end
+
+    xhr_shim(opts) + js
  end

+  # @param [Hash] opts the options hash
+  # @option opts [Boolean] :obfuscate toggles js obfuscation. defaults to true.
+  # @option opts [Boolean] :use_xhr_shim automatically stubs XHR to use ActiveXObject when needed.
+  #   defaults to true.
+  # @return [String] javascript code to perform a synchronous ajax request to the remote with
+  #   the data specified
+  def self.ajax_post(opts={})
+    should_obfuscate = opts.fetch(:obfuscate, true)
+    js = :File.read(::File.join(Msf::Config.data_directory, "js", "network", "ajax_post.js"))

-  def self.ajax_post
-    js = ::File.read(::File.join(Msf::Config.data_directory, "js", "network", "ajax_post.js"))
+    if should_obfuscate
+      ::Rex::Exploitation::ObfuscateJS.new(js,
+        {
+          'Symbols' => {
+            'Variables' => %w{ xmlHttp }
+          }
+        }).obfuscate
+    end

-    ::Rex::Exploitation::ObfuscateJS.new(js,
-      {
-        'Symbols' => {
-          'Variables' => %w{ xmlHttp }
+    xhr_shim(opts) + js
+  end
+
+  # @param [Hash] opts the options hash
+  # @option opts [Boolean] :obfuscate toggles js obfuscation. defaults to true.
+  # @option opts [Boolean] :use_xhr_shim false causes this method to return ''. defaults to true.
+  # @return [String] javascript code that adds XMLHttpRequest to the global scope if it
+  #   does not exist (e.g. on IE6, where you have to use the ActiveXObject constructor)
+  def self.xhr_shim(opts={})
+    return '' unless opts.fetch(:use_xhr_shim, true)
+
+    should_obfuscate = opts.fetch(:obfuscate, true)
+    js = ::File.read(::File.join(Msf::Config.data_directory, "js", "network", "xhr_shim.js"))
+
+    if should_obfuscate
+      ::Rex::Exploitation::ObfuscateJS.new(js,
+        {
+          'Symbols' => {
+            'Variables' => %w{ i objs }
+          }
        }
-      }).obfuscate
+      ).obfuscate
+    end
  end

 end