Move jsobfu to a mixin

Author: wchen-r7

lib/msf/core/exploit/jsobfu.rb

@@ -0,0 +1,31 @@
+# -*- coding: binary -*-
+
+require 'rex/exploitation/jsobfu'
+
+module Msf
+  module Exploit::JSObfu
+
+    def initialize(info={})
+      super
+      register_advanced_options([
+        OptInt.new('JsObfuscate', [false, "Number of times to obfuscate JavaScript", 0])
+      ], Exploit::JSObfu)
+    end
+
+    #
+    # Returns an JSObfu object. A wrapper of ::Rex::Exploitation::JSObfu.new(js).obfuscate
+    #
+    # @param js [String] JavaScript code
+    # @param opts [Hash] obfuscation options
+    #    * :iterations [FixNum] Number of times to obfuscate
+    # @return [::Rex::Exploitation::JSObfu]
+    #
+    def js_obfuscate(js, opts={})
+      iterations = (opts[:iterations] || datastore['JsObfuscate']).to_i
+      obfu = ::Rex::Exploitation::JSObfu.new(js)
+      obfu.obfuscate(:iterations=>iterations)
+      obfu
+    end
+
+  end
+end

lib/msf/core/exploit/remote/browser_exploit_server.rb

@@ -4,6 +4,7 @@
 require 'cgi'
 require 'date'
 require 'rex/exploitation/js'
+require 'msf/core/exploit/jsobfu'
 
 ###
 #
@@ -17,6 +18,7 @@ module Exploit::Remote::BrowserExploitServer
 
     include Msf::Exploit::Remote::HttpServer::HTML
     include Msf::Exploit::RopDb
+    include Msf::Exploit::JSObfu
 
     # this must be static between runs, otherwise the older cookies will be ignored
     DEFAULT_COOKIE_NAME = '__ua'
@@ -82,8 +84,7 @@ def initialize(info={})
 
       register_advanced_options([
         OptString.new('CookieName', [false,  "The name of the tracking cookie", DEFAULT_COOKIE_NAME]),
-        OptString.new('CookieExpiration', [false,  "Cookie expiration in years (blank=expire on exit)"]),
-        OptInt.new('JsObfuscate', [false, "Number of times to obfuscate JavaScript", 0])
+        OptString.new('CookieExpiration', [false,  "Cookie expiration in years (blank=expire on exit)"])
       ], Exploit::Remote::BrowserExploitServer)
     end
 
@@ -554,20 +555,5 @@ def get_payload(cli, browser_info)
       regenerate_payload(cli, platform, arch).encoded
     end
 
-    #
-    # Returns an JSObfu object. A wrapper of ::Rex::Exploitation::JSObfu.new(js).obfuscate
-    #
-    # @param js [String] JavaScript code
-    # @param opts [Hash] obfuscation options
-    #    * :iterations [FixNum] Number of times to obfuscate
-    # @return [::Rex::Exploitation::JSObfu]
-    #
-    def js_obfuscate(js, opts={})
-      iterations = (opts[:iterations] || datastore['JsObfuscate']).to_i
-      obfu = ::Rex::Exploitation::JSObfu.new(js)
-      obfu.obfuscate(:iterations=>iterations)
-      obfu
-    end
-
   end
 end

spec/lib/msf/core/exploit/jsobfu_spec.rb

@@ -0,0 +1,61 @@
+require 'spec_helper'
+require 'msf/core'
+require 'msf/core/exploit/jsobfu'
+
+
+describe Msf::Exploit::JSObfu do
+  subject(:jsobfu) do
+    mod = ::Msf::Module.new
+    mod.extend described_class
+    mod.send(:initialize, {})
+    mod
+  end
+
+  let (:js) do
+    %Q|alert("hello, world");|
+  end
+
+  let(:default_jsobfuscate) do
+    0
+  end
+
+  before do
+    subject.datastore['JsObfuscate'] = default_jsobfuscate
+  end
+
+  context 'when iteration is set' do
+    it 'returns a ::Rex::Exploitation::JSObfu object' do
+      opts = {:iterations=>0}
+      obj = jsobfu.js_obfuscate(js, opts)
+      expect(obj).to be_kind_of(::Rex::Exploitation::JSObfu)
+    end
+
+    it 'does not obfuscate if iteration is 0' do
+      opts = {:iterations=>0}
+      obj = jsobfu.js_obfuscate(js, opts)
+      expect(obj.to_s).to include js
+    end
+
+    it 'obfuscates if iteration is 1' do
+      opts = {:iterations=>1}
+      obj = jsobfu.js_obfuscate(js, opts)
+      expect(obj.to_s).not_to include js
+    end
+  end
+
+  context 'when iteration is nil' do
+    let (:opts) do
+      {:iterations=>nil}
+    end
+
+    it 'should return a ::Rex::Exploitation::JSObfu object' do
+      obj = jsobfu.js_obfuscate(js, opts)
+      expect(obj).to be_kind_of(::Rex::Exploitation::JSObfu)
+    end
+
+    it 'should not obfuscate' do
+      obj = jsobfu.js_obfuscate(js, opts)
+      expect(obj.to_s).to include(js)
+    end
+  end
+end

spec/lib/msf/core/exploit/remote/browser_exploit_server_spec.rb

@@ -298,54 +298,4 @@
     end
   end
 
-  describe '#js_obfuscate' do
-    let (:js) do
-      %Q|alert("hello, world");|
-    end
-
-    let(:default_jsobfuscate) do
-      0
-    end
-
-    before do
-      subject.datastore['JsObfuscate'] = default_jsobfuscate
-    end
-
-    context 'when iteration is set' do
-      it 'returns a ::Rex::Exploitation::JSObfu object' do
-        opts = {:iterations=>0}
-        obj = server.js_obfuscate(js, opts)
-        expect(obj).to be_kind_of(::Rex::Exploitation::JSObfu)
-      end
-
-      it 'does not obfuscate if iteration is 0' do
-        opts = {:iterations=>0}
-        obj = server.js_obfuscate(js, opts)
-        expect(obj.to_s).to include js
-      end
-
-      it 'obfuscates if iteration is 1' do
-        opts = {:iterations=>1}
-        obj = server.js_obfuscate(js, opts)
-        expect(obj.to_s).not_to include js
-      end
-    end
-
-    context 'when iteration is nil' do
-      let (:opts) do
-        {:iterations=>nil}
-      end
-
-      it 'should return a ::Rex::Exploitation::JSObfu object' do
-        obj = server.js_obfuscate(js, opts)
-        expect(obj).to be_kind_of(::Rex::Exploitation::JSObfu)
-      end
-
-      it 'should not obfuscate' do
-        obj = server.js_obfuscate(js, opts)
-        expect(obj.to_s).to include(js)
-      end
-    end
-  end
-
 end