Changeset 5556
- Timestamp:
- 07/14/08 13:57:13 (3 months ago)
- Files:
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
framework3/trunk/lib/rex/exploitation/obfuscatejs.rb
r5546 r5556 8 8 9 9 # 10 # Obfuscates symbols found within a javascript string. The symbols 11 # argument should have the following format: 10 # Obfuscates a javascript string. 11 # 12 # Options are 'Symbols', described below, and 'Strings', a boolean 13 # which specifies whether strings within the javascript should be 14 # mucked with (defaults to false). 15 # 16 # The 'Symbols' argument should have the following format: 12 17 # 13 18 # { … … 23 28 # joeBob before joe because it is more specific and will be globally 24 29 # replaced before joe is replaced. 30 # 31 # A simple example follows: 32 # 33 # <code> 34 # js = ObfuscateJS.new <<ENDJS 35 # function say_hi() { 36 # var foo = "Hello, world"; 37 # document.writeln(foo); 38 # } 39 # ENDJS 40 # js.obfuscate( 41 # 'Symbols' => { 42 # 'Variables' => [ 'foo' ], 43 # 'Methods' => [ 'say_hi' ] 44 # } 45 # 'Strings' => true 46 # ) 47 # </code> 48 # 49 # which should generate something like the following: 50 # 51 # <code> 52 # function oJaDYRzFOyJVQCOHk() { var cLprVG = "\x48\x65\x6c\x6c\x6f\x2c\x20\x77\x6f\x72\x6c\x64"; document.writeln(cLprVG); } 53 # </code> 25 54 # 26 55 def self.obfuscate(js, opts = {}) … … 50 79 remove_comments 51 80 81 if opts['Strings'] 82 obfuscate_strings() 83 84 # Normal space randomization does not work for 85 # javascript -- despite claims that space is irrelavent, 86 # newlines break things. Instead, use only space (0x20) 87 # and tab (0x09). 88 89 @js = Rex::Text.compress(@js) 90 @js.gsub!(/\s+/) { |s| 91 len = rand(50)+2 92 set = "\x09\x20" 93 buf = '' 94 while (buf.length < len) 95 buf << set[rand(set.length)].chr 96 end 97 98 buf 99 } 100 end 52 101 # Globally replace symbols 53 102 replace_symbols(opts['Symbols']) if opts['Symbols'] … … 62 111 @js 63 112 end 113 alias :to_str :to_s 64 114 65 115 protected 66 116 67 # Get rid of comments 117 # 118 # Get rid of both single-line C++ style comments and multiline C style comments. 119 # 120 # Note: embedded comments (e.g.: "/*/**/*/") will break this, 121 # but they also break real javascript engines so I don't care. 122 # 68 123 def remove_comments 69 @js.gsub!(/(\/\/.+?\n)/m, '') 124 @js.gsub!(%r{//.*$}, '') 125 @js.gsub!(%r{/\*.*?\*/}m, '') 70 126 end 71 127 … … 99 155 end 100 156 157 # 158 # Change each string into some javascript that will generate that string 159 # 160 # This tries to deal with escaped quotes within strings but 161 # won't catch things like 162 # "\\" 163 # so be careful. 164 # 165 def obfuscate_strings() 166 @js.gsub!(/".*?[^\\]"|'.*?[^\\]'/) { |str| 167 str = str[1, str.length-2] 168 case (rand(3)) 169 when 0 170 buf = '"' + Rex::Text.to_hex(str) + '"' 171 when 1 172 buf = "unescape(\"" + Rex::Text.to_hex(str, "%") + "\")" 173 when 2 174 buf = "String.fromCharCode(" 175 str.each_byte { |c| 176 if (0 == rand(2)) 177 buf << " %i,"%(c) 178 else 179 buf << " 0x%0.2x,"%(c) 180 end 181 } 182 buf = buf[0,buf.length-1] + " )" 183 end 184 buf 185 } 186 @js 187 end 101 188 102 189 end
