virgild / origami-pdf

Automatically exported from code.google.com/p/origami-pdf
GNU Lesser General Public License v3.0
0 stars 0 forks source link

Issues with using Origami in REMnux #11

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. installed the JS dependency therubyracer
2. attempted to create a PDF which went to a URL
3. attempt to create a PDF with Javascript

What is the expected output? What do you see instead?

I followed the instructions on the webpages on the 'Getting Started' under the 
wiki as well as the example on http://esec-lab.sogeti.com/pages/Origami.

For the URL example, it looked like the action (adding the URL) did not take 
place. I save the 'new' PDF and opened with Wireshark running, no request was 
made out. 

For the Javascript, I here is my input and subsequent output:

>>> pdf.onDocumentOpen Action::Javascript.new('app.alert("Hello!")')
NameError: uninitialized constant Origami::Action::Javascript
    from (irb):3
    from :0

What version of the product are you using? On what operating system?
*Origami Version --- Welcome to the PDF shell (Origami release 1.2.3) [OpenSSL: 
yes, JavaScript: yes]
* RubyGems v1.5.15
*OS: Remnux v3.0

Please provide any additional information below.
I was having issues with a date format specification in the file 
'therubyracer-0.9.9.gemspec' however found a workaround. Not sure if that is 
the issue, but wanted to address it as it could be part of the problem! I also 
ran 'gem update' and 'update_rubygems'

Original issue reported on code.google.com by missy.au...@gmail.com on 23 Jan 2012 at 9:17

GoogleCodeExporter commented 9 years ago
You apparently mispelled "JavaScript".

The correct namespace is Action::JavaScript, with 'S' in uppercase.
Also, you do not need therubyracer gem to create documents with JavaScript. The 
gem is only used if you want to emulate the JavaScript inside a document (I 
basically added this to reverse JavaScript obfuscated exploits).

Regards,
Guillaume

Original comment by guilla...@security-labs.org on 6 Apr 2012 at 2:46