-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathobfu_ruby.rb
110 lines (97 loc) · 2.25 KB
/
obfu_ruby.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
require 'hieroglyphy'
#
# print debugging and error messages
#
def bug(msg)
$stderr.puts("[*] #{msg}")
end
#
# print usage
#
def usage
puts "[!] Usage: #{$0} [script <file>| number <number>| string <string>"
puts "[!] Examples:"
puts "\t script file.js"
puts "\t string \"alert('xss')\""
puts "\t number 1337"
end
#
# write obfu'd code to disk wrapped in html
#
# this isn't documented in usage yet
def write_html_to_disk(js)
html = <<-HTML
<html>
<body>
<script language='javascript'>
#{js}
</script>
</body>
</html>
HTML
begin
f = File.open(ARGV[1].sub(/js$/,"html"), "wb")
f.write(html)
rescue IOError => e
puts "Error writing file (#{e.to_s})"
ensure
f.close if f
end
end
#
# Show obfu'd code, original and new lengths, and inflation rate
#
def show(orig,obfu,orig_wo_comments=nil)
bug "Obfuscated code follows:"
puts obfu
orig = orig.length unless orig.class == Fixnum
obfu = obfu.length unless obfu.class == Fixnum
orig_wo_comments = orig unless orig_wo_comments
orig_wo_comments = orig_wo_comments.length unless orig_wo_comments.class == Fixnum
bug "Original length: #{orig}, len w/o comments: #{orig_wo_comments} obfu len: #{obfu})"
bug "Inflation: #{inflation(orig_wo_comments,obfu).to_s}x"
end
#
# calculate inflation
#
def inflation(orig,obfu)
orig = orig.length unless orig.class == Fixnum
obfu = obfu.length unless obfu.class == Fixnum
rate = obfu/orig
end
# this is currently not documented in usage
write_html = false
if ARGV.delete("html")
write_html = true
end
if ARGV.length == 2
case ARGV[0]
when 'script'
begin
f = File.open(ARGV[1], "rb")
js = f.read
o = JSObfu.new(js.strip)
orig_wo_comments = o.to_s
write_html ? write_html_to_disk(o.obfuscate) : show(js,o.obfuscate,orig_wo_comments)
rescue IOError => e
puts "Error reading file (#{e.to_s})"
ensure
f.close if f
end
when 'number'
n = ARGV[1].to_i
bug "Obfuscating the following which has length:#{n.to_s.length}\n==> #{n.to_s}"
o = JSObfu.new(n)
show(js,o.obfu_num)
when 'string'
s = ARGV[1].to_s
bug "Obfuscating the following which has length:#{s.length}\n==> #{s}"
o = JSObfu.new(s)
show(js,o.obfu_str)
else
print "[!] Unknown command(#{ARGV[0]})"
usage;exit 1
end
else
usage;exit 1
end