[Owasp-o2-platform] Running Javascript in O2′s IE Automation environment

dinis cruz dinis.cruz at owasp.org
Mon Mar 7 21:46:11 EST 2011


O2 <http://o2platform.com/> has quite a good support for Javascript editing
and execution. It is able to from handle simple script execution to full
two-data-exchange and invocation between O2 and the Browser (in this case
IE)

Lets start with a simple script execution.

Open the *IE Script Execution* script (which can be found on the main O2 Gui
at the *Security Analysis*Tab via the *IE  Automation *button):

<http://o2platform.files.wordpress.com/2011/03/tmp1265-tmp.jpeg>

The image above shows what happens when the following default script is
executed:
   1 panel.clear();
  2 var ie = panel.add_IE().silent(true);ie.open("<a href="http://
www.google.com">http://www.google.com</a>");
  3
  4 //O2File:WatiN_IE_ExtensionMethods.cs
  5 //using O2.XRules.Database.Utils.O2
  6 //O2Ref:WatiN.Core.1x.dll

To make sure that all is ok, lets run a simple test (in this case a simple
Javascript alert)
   1 ie.open("<a href="http://www.google.com">http://www.google.com</a>");
  2 ie.invokeEval("alert('hello')");

 <http://o2platform.files.wordpress.com/2011/03/tmp8353-tmp.jpeg>

*If this doesn't work, the most likely reason is because the site you are
trying to open is not on IE's trusted site list.*

To address this issue you have three choices:

   1. go to IE and add it here
   2. use this O2 Script: O2 Util: Add sites to IE trusted
zone<http://o2platform.wordpress.com/2011/03/04/o2-util-add-sites-to-ie-trusted-zone/>
(Note
   that at the moment the IE instance running inside O2 is not picking up the
   zone change, so you will need to restart O2)
   3. run the following script in the current O2 script environment, or on
   another script (also needs O2 restart)
      1 "yahoo.com".makeDomainTrusted("uk");   // will add the domain <a
   href="http://uk.yahoo.com">http://uk.yahoo.com</a> to IE's trusted zone

As the name says the *ie.invokeEval *method will invoke the provided script
via an javasript eval command.

The javascript executed can be as complex has you want. Here are a couple
simple examples:

*Swapping DWR's logo with O2's Logo*
   1 ie.open("<a href="http://www.directwebremoting.org/">
http://www.directwebremoting.org/</a>");
  2 ie.invokeEval("document.images[0].src='
http://o2platform.googlecode.com/svn/trunk/O2_Scripts/_DataFiles/_Images/O2_Logo.gif
';");



*Showing up a popup alert with the user's submited search* (the return false
prevents the form from being submited)
   1 ie.open("<a href="http://www.google.com/">http://www.google.com/</a>");
  2 ie.invokeEval("document.forms[0].onsubmit = function() {alert('you
submited the query: ' + document.forms[0].q.value);return false;};");

*
Creating a new javascript function and invoking it*
   1 ie.invokeEval("myFunction = function() { alert('this is a new
function')} ; myFunction();");   // invoking it on the same eval
  2 //ie.invokeEval("myFunction();");   // can also be invoked here

*
Invoking the new javascript function using O2's InvokeScript method*

There is another way to invoke javascript functions which is to the use the
*ie.invokeScript* O2 method (instead of using *ie.InvokeEval*)
   1 ie.invokeEval("myFunction = function() { alert('this is a new
function')}");
  2 ie.invokeScript("myFunction");



*Passing Dynamic values from C# to Javascript* (i.e. invoking javascript
functions with dynamic data)

The *ie.invokeScript* method can be used to invoke javascript methods that
expect parameters
   1 ie.invokeEval("myFunction = function(name) { alert('hello ' + name)}");
  2 ie.invokeScript("myFunction", "john");
   1 ie.invokeEval("myFunction = function(name1, name2) { alert('hello ' +
name1 + ' and ' + name2)}");
  2 ie.invokeScript("myFunction", "john", "paul");

*
Getting the return value of a function*

* *The most powerful capability of the *ie.invokeScript* function is that it
can be used to access the return value of a function (with the added bonus
that C# types will be translated into javascript types).

For example this script will return 42
   1 ie.invokeEval("myFunction = function(a, b) { return a+b;}");
  2 return ie.invokeScript("myFunction", 10, 32);

and this one will return 1032
   1 ie.invokeEval("myFunction = function(a, b) { return a+b;}");
  2 return ie.invokeScript("myFunction", "10", "32");

*
Invoking C# method from Javascript*

For really advanced analysis and injection you probably will want to have
javascript functions/scripts that are able to callback into an O2/C#
function.

For example the following code will inject a javascript function into the
current page that can be used to send a message to the O2 Log Viewer:

 <http://o2platform.files.wordpress.com/2011/03/tmp2a2d-tmp.jpeg>

To undestand how this happens, here are the relevant O2 C# functions (that
are part of the*WatiN_IE_ExtensionMethods.cs *script)
   01         public static WatiN_IE injectJavascriptFunctions(this WatiN_IE
ie)
  02         {
  03             if (ie.WebBrowser.isNull())
  04                 "in InjectJavascriptFunctions, ie.WebBrowser was null"
.error();
  05             else
  06             {
  07                 if (ie.WebBrowser.ObjectForScripting.isNull())
  08                     ie.WebBrowser.ObjectForScripting = new
WatiN_IE.ToCSharp();
  09
  10                 "Injecting Javascript Hooks * Functions for page: {0}"
.debug(ie.url());
  11                 ie.eval("var o2Log = function(message) {
window.external.write(message) };");
  12                 ie.invokeScript("o2Log","Test from Javascript (via
toCSharp(message) )");
  13                 "Injection complete".info();
  14             }
  15             return ie;
  16         }
   01 [System.Runtime.InteropServices.ComVisible(true)]
  02         public class ToCSharp
  03         {
  04
  05             public void write(string message)
  06             {
  07                 "[IE to ToCSharp] : {0}".info(message);
  08             }
  09
  10             public string ping(string message)
  11             {
  12                 "[ping from IE] : {0}".info(message);
  13                 return "pong: " + message;
  14             }
  15             ....
  16         }

(this was also posted here
http://o2platform.wordpress.com/2011/03/08/running-javascript-in-ie-automation-environment/
)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20110308/95b81bc3/attachment-0001.html 


More information about the Owasp-o2-platform mailing list