new: new -script allows to run JS code to instrument session

2025-08-20 13:33:21 -07:00 · 2021-04-04 15:15:32 +02:00 · 2021-04-04 15:15:32 +02:00 · 40727063ec
commit 40727063ec
parent d5e5abcb9b
13 changed files with 610 additions and 312 deletions
--- a/js/data.go
+++ b/js/data.go
@ -0,0 +1,86 @@
+package js
+
+import (
+	"bytes"
+	"compress/gzip"
+	"encoding/base64"
+	"github.com/robertkrimen/otto"
+)
+
+func btoa(call otto.FunctionCall) otto.Value {
+	varValue := base64.StdEncoding.EncodeToString([]byte(call.Argument(0).String()))
+	v, err := otto.ToValue(varValue)
+	if err != nil {
+		return ReportError("Could not convert to string: %s", varValue)
+	}
+	return v
+}
+
+func atob(call otto.FunctionCall) otto.Value {
+	varValue, err := base64.StdEncoding.DecodeString(call.Argument(0).String())
+	if err != nil {
+		return ReportError("Could not decode string: %s", call.Argument(0).String())
+	}
+	v, err := otto.ToValue(string(varValue))
+	if err != nil {
+		return ReportError("Could not convert to string: %s", varValue)
+	}
+	return v
+}
+
+func gzipCompress(call otto.FunctionCall) otto.Value {
+	argv := call.ArgumentList
+	argc := len(argv)
+	if argc != 1 {
+		return ReportError("gzipCompress: expected 1 argument, %d given instead.", argc)
+	}
+
+	uncompressedBytes := []byte(argv[0].String())
+
+	var writerBuffer bytes.Buffer
+	gzipWriter := gzip.NewWriter(&writerBuffer)
+	_, err := gzipWriter.Write(uncompressedBytes)
+	if err != nil {
+		return ReportError("gzipCompress: could not compress data: %s", err.Error())
+	}
+	gzipWriter.Close()
+
+	compressedBytes := writerBuffer.Bytes()
+
+	v, err := otto.ToValue(string(compressedBytes))
+	if err != nil {
+		return ReportError("Could not convert to string: %s", err.Error())
+	}
+
+	return v
+}
+
+func gzipDecompress(call otto.FunctionCall) otto.Value {
+	argv := call.ArgumentList
+	argc := len(argv)
+	if argc != 1 {
+		return ReportError("gzipDecompress: expected 1 argument, %d given instead.", argc)
+	}
+
+	compressedBytes := []byte(argv[0].String())
+	readerBuffer := bytes.NewBuffer(compressedBytes)
+
+	gzipReader, err := gzip.NewReader(readerBuffer)
+	if err != nil {
+		return ReportError("gzipDecompress: could not create gzip reader: %s", err.Error())
+	}
+
+	var decompressedBuffer bytes.Buffer
+	_, err = decompressedBuffer.ReadFrom(gzipReader)
+	if err != nil {
+		return ReportError("gzipDecompress: could not decompress data: %s", err.Error())
+	}
+
+	decompressedBytes := decompressedBuffer.Bytes()
+	v, err := otto.ToValue(string(decompressedBytes))
+	if err != nil {
+		return ReportError("Could not convert to string: %s", err.Error())
+	}
+
+	return v
+}
--- a/js/fs.go
+++ b/js/fs.go
@ -0,0 +1,70 @@
+package js
+
+import (
+	"github.com/robertkrimen/otto"
+	"io/ioutil"
+)
+
+func readDir(call otto.FunctionCall) otto.Value {
+	argv := call.ArgumentList
+	argc := len(argv)
+	if argc != 1 {
+		return ReportError("readDir: expected 1 argument, %d given instead.", argc)
+	}
+
+	path := argv[0].String()
+	dir, err := ioutil.ReadDir(path)
+	if err != nil {
+		return ReportError("Could not read directory %s: %s", path, err)
+	}
+
+	entry_list := []string{}
+	for _, file := range dir {
+		entry_list = append(entry_list, file.Name())
+	}
+
+	v, err := otto.Otto.ToValue(*call.Otto, entry_list)
+	if err != nil {
+		return ReportError("Could not convert to array: %s", err)
+	}
+
+	return v
+}
+
+func readFile(call otto.FunctionCall) otto.Value {
+	argv := call.ArgumentList
+	argc := len(argv)
+	if argc != 1 {
+		return ReportError("readFile: expected 1 argument, %d given instead.", argc)
+	}
+
+	filename := argv[0].String()
+	raw, err := ioutil.ReadFile(filename)
+	if err != nil {
+		return ReportError("Could not read file %s: %s", filename, err)
+	}
+
+	v, err := otto.ToValue(string(raw))
+	if err != nil {
+		return ReportError("Could not convert to string: %s", err)
+	}
+	return v
+}
+
+func writeFile(call otto.FunctionCall) otto.Value {
+	argv := call.ArgumentList
+	argc := len(argv)
+	if argc != 2 {
+		return ReportError("writeFile: expected 2 arguments, %d given instead.", argc)
+	}
+
+	filename := argv[0].String()
+	data := argv[1].String()
+
+	err := ioutil.WriteFile(filename, []byte(data), 0644)
+	if err != nil {
+		return ReportError("Could not write %d bytes to %s: %s", len(data), filename, err)
+	}
+
+	return otto.NullValue()
+}
--- a/js/http.go
+++ b/js/http.go
@ -0,0 +1,155 @@
+package js
+
+import (
+	"bytes"
+	"fmt"
+	"github.com/robertkrimen/otto"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+)
+
+type httpPackage struct {
+}
+
+type httpResponse struct {
+	Error    error
+	Response *http.Response
+	Raw      []byte
+	Body     string
+	JSON     interface{}
+}
+
+func (c httpPackage) Encode(s string) string {
+	return url.QueryEscape(s)
+}
+
+func (c httpPackage) Request(method string, uri string, headers map[string]string, form map[string]string, json string) httpResponse {
+	var reader io.Reader
+
+	if form != nil {
+		data := url.Values{}
+		for k, v := range form {
+			data.Set(k, v)
+		}
+		reader = bytes.NewBufferString(data.Encode())
+	} else if json != "" {
+		reader = strings.NewReader(json)
+	}
+
+	req, err := http.NewRequest(method, uri, reader)
+	if err != nil {
+		return httpResponse{Error: err}
+	}
+
+	if form != nil {
+		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	} else if json != "" {
+		req.Header.Set("Content-Type", "application/json")
+	}
+
+	for name, value := range headers {
+		req.Header.Add(name, value)
+	}
+
+	transport := &http.Transport{}
+	client := &http.Client{Transport: transport}
+
+	resp, err := client.Do(req)
+	if err != nil {
+		return httpResponse{Error: err}
+	}
+	defer resp.Body.Close()
+
+	raw, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return httpResponse{Error: err}
+	}
+
+	res := httpResponse{
+		Response: resp,
+		Raw:      raw,
+		Body:     string(raw),
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		res.Error = fmt.Errorf("%s", resp.Status)
+	}
+
+	return res
+}
+
+func (c httpPackage) Get(url string, headers map[string]string) httpResponse {
+	return c.Request("GET", url, headers, nil, "")
+}
+
+func (c httpPackage) PostForm(url string, headers map[string]string, form map[string]string) httpResponse {
+	return c.Request("POST", url, headers, form, "")
+}
+
+func (c httpPackage) PostJSON(url string, headers map[string]string, json string) httpResponse {
+	return c.Request("POST", url, headers, nil, json)
+}
+
+func httpRequest(call otto.FunctionCall) otto.Value {
+	argv := call.ArgumentList
+	argc := len(argv)
+	if argc < 2 {
+		return ReportError("httpRequest: expected 2 or more, %d given instead.", argc)
+	}
+
+	method := argv[0].String()
+	url := argv[1].String()
+
+	client := &http.Client{}
+	req, err := http.NewRequest(method, url, nil)
+	if argc >= 3 {
+		data := argv[2].String()
+		req, err = http.NewRequest(method, url, bytes.NewBuffer([]byte(data)))
+		if err != nil {
+			return ReportError("Could create request to url %s: %s", url, err)
+		}
+
+		if argc > 3 {
+			headers := argv[3].Object()
+			for _, key := range headers.Keys() {
+				v, err := headers.Get(key)
+				if err != nil {
+					return ReportError("Could add header %s to request: %s", key, err)
+				}
+				req.Header.Add(key, v.String())
+			}
+		}
+	} else if err != nil {
+		return ReportError("Could create request to url %s: %s", url, err)
+	}
+
+	resp, err := client.Do(req)
+	if err != nil {
+		return ReportError("Could not request url %s: %s", url, err)
+	}
+	defer resp.Body.Close()
+
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return ReportError("Could not read response: %s", err)
+	}
+
+	object, err := otto.New().Object("({})")
+	if err != nil {
+		return ReportError("Could not create response object: %s", err)
+	}
+
+	err = object.Set("body", string(body))
+	if err != nil {
+		return ReportError("Could not populate response object: %s", err)
+	}
+
+	v, err := otto.ToValue(object)
+	if err != nil {
+		return ReportError("Could not convert to object: %s", err)
+	}
+	return v
+}
--- a/js/init.go
+++ b/js/init.go
@ -0,0 +1,38 @@
+package js
+
+import (
+	"github.com/evilsocket/islazy/log"
+	"github.com/evilsocket/islazy/plugin"
+
+	"github.com/robertkrimen/otto"
+)
+
+var NullValue = otto.Value{}
+
+func ReportError(format string, args ...interface{}) otto.Value {
+	log.Error(format, args...)
+	return NullValue
+}
+
+func init() {
+	// TODO: refactor this in packages
+
+	plugin.Defines["readDir"] = readDir
+	plugin.Defines["readFile"] = readFile
+	plugin.Defines["writeFile"] = writeFile
+
+	plugin.Defines["log"] = flog
+	plugin.Defines["log_debug"] = log_debug
+	plugin.Defines["log_info"] = log_info
+	plugin.Defines["log_warn"] = log_warn
+	plugin.Defines["log_error"] = log_error
+	plugin.Defines["log_fatal"] = log_fatal
+
+	plugin.Defines["btoa"] = btoa
+	plugin.Defines["atob"] = atob
+	plugin.Defines["gzipCompress"] = gzipCompress
+	plugin.Defines["gzipDecompress"] = gzipDecompress
+
+	plugin.Defines["httpRequest"] = httpRequest
+	plugin.Defines["http"] = httpPackage{}
+}
--- a/js/log.go
+++ b/js/log.go
@ -0,0 +1,48 @@
+package js
+
+import (
+	"github.com/evilsocket/islazy/log"
+	"github.com/robertkrimen/otto"
+)
+
+func flog(call otto.FunctionCall) otto.Value {
+	for _, v := range call.ArgumentList {
+		log.Info("%s", v.String())
+	}
+	return otto.Value{}
+}
+
+func log_debug(call otto.FunctionCall) otto.Value {
+	for _, v := range call.ArgumentList {
+		log.Debug("%s", v.String())
+	}
+	return otto.Value{}
+}
+
+func log_info(call otto.FunctionCall) otto.Value {
+	for _, v := range call.ArgumentList {
+		log.Info("%s", v.String())
+	}
+	return otto.Value{}
+}
+
+func log_warn(call otto.FunctionCall) otto.Value {
+	for _, v := range call.ArgumentList {
+		log.Warning("%s", v.String())
+	}
+	return otto.Value{}
+}
+
+func log_error(call otto.FunctionCall) otto.Value {
+	for _, v := range call.ArgumentList {
+		log.Error("%s", v.String())
+	}
+	return otto.Value{}
+}
+
+func log_fatal(call otto.FunctionCall) otto.Value {
+	for _, v := range call.ArgumentList {
+		log.Fatal("%s", v.String())
+	}
+	return otto.Value{}
+}