Post Reply 
Toggle/Resize PDF Embeds
Sep. 23, 2009, 05:37 PM (This post was last modified: Sep. 23, 2009 05:42 PM by ProxRocks.)
Post: #1
Toggle/Resize PDF Embeds
this filter will only work if you are already using z12's "Toggle Flash Resize"...

it basically BLOCKS embedded PDFs until you-the-user toggles it "on" (i got fed up with a particular SSL site changing their d@mn license agreement every week or so and since i do NOT allow scripts within .pdf's, the embedded license agreement would throw up a 'do you wish to allow scripts' dialog)...

with this, i do NOT need to download the NEVER-READ-ANYWAY license agreement and just click the "I Agree" button (or toggle and read) and proceed on my merry way...


Code:
Name = "<embed>: Toggle PDFs [add]"
Active = TRUE
Bounds = "<embed*>( </embed>|)"
Limit = 2700
Match = "(*src=*.pdf*)\0"
        "$SET(tfr=$GET(tfr)1)"
        "(($TST(script=*))$SET(1=\\")$SET(2=\\)|$SET(1=")$SET(2=))"
Replace = "<span class=\1proxoFlash_$GET(tfr)\1 style=\1display:block\1>"
          "<a title=\1Play Media\1 onmouseover=\1proxo.tfr.titleFlash(event)\1>"
          "<img alt=\1Toggle Media\1 src=\1http://local.ptron/My_HTML/43unite_HTML/player_play.png\1 style=\1border-style:none\1 /><\2/a>"
          "<br />"
          "<\2/span>"
          "<span class=\1drsElement\1 style=\1display:none\1>"
          "<textarea style=\1display:none\1>"
          "\0"
          "<\2/textarea>"
          "<\2/span>"
Add Thank You Quote this message in a reply
Sep. 26, 2009, 09:32 PM (This post was last modified: Sep. 26, 2009 09:33 PM by Graycode.)
Post: #2
RE: Toggle/Resize PDF Embeds
(Sep. 23, 2009 05:37 PM)ProxRocks Wrote:  ... and since i do NOT allow scripts within .pdf's, the embedded license agreement would throw up a 'do you wish to allow scripts' dialog)...

Can Proxo modify the data content of PDF files, even with 'application/pdf' or other non-text Content-Type?

The reason I ask that is I've been nailing JavaScript from PDF using my proxy.
When I change all its content '/JavaScript' into '/NotaScript' then *poof* the PDF scripting is disabled.

Got the idea from: http://answers.google.com/answers/thread...59827.html
Add Thank You Quote this message in a reply
Sep. 27, 2009, 02:20 AM
Post: #3
RE: Toggle/Resize PDF Embeds
(Sep. 26, 2009 09:32 PM)Graycode Wrote:  Can Proxo modify the data content of PDF files, even with 'application/pdf' or other non-text Content-Type?

(Sep. 26, 2009 09:32 PM)Graycode Wrote:  change all its content '/JavaScript' into '/NotaScript'

Code:
[HTTP headers]
In = TRUE
Out = FALSE
Key = "Content-Type: pdf force filtering (in) (fail)"
Match = "application/pdf$FILTER(true)(^)"

[Patterns]
Name = "Disable PDF scripting "
Active = TRUE
URL = "$IHDR(Content-Type:*/pdf) "
Limit = 11
Match = "/JavaScript"
Replace = "/NotaScript"

provided with no warranties of any kind, express or implied, including but not limited to... Wink

Have fun
Add Thank You Quote this message in a reply
Sep. 27, 2009, 12:43 PM (This post was last modified: Sep. 27, 2009 12:49 PM by ProxRocks.)
Post: #4
RE: Toggle/Resize PDF Embeds
i still got the (d@mn) "This document contains JavaScripts" error dialog with the filters as posted...

However, changing the [Patterns] filter to as below solved the nuisance for me - no error dialog at all, none, naughta...

Code:
Name = "Disable PDF scripting {JJoe} (modified)"
Active = TRUE
URL = "$IHDR(Content-Type:*/pdf)"
Limit = 3
Match = "/JS"
Replace = "/NotaScript"


AWESOME!


edit: byte limit dropped down to 3...
Add Thank You Quote this message in a reply
Sep. 27, 2009, 05:00 PM
Post: #5
RE: Toggle/Resize PDF Embeds
I wonder if "/JS" is a little too little.

Inside http://www.documents.dgs.ca.gov/osp/pdf/std020.pdf
I see '/' followed by 'a-z' in what may be unrelated data.
Just '/js' may get more than the scripts.

Code:
247 0 obj<</S/JavaScript/JS(iK17$n\)\)Fx3.v)>>
endobj

I think I've seen 'obj' followed by a line return.

How about

Code:
[HTTP headers]
In = TRUE
Out = FALSE
Key = "Content-Type: pdf force filtering (in) (fail)"
Match = "application/pdf$FILTER(true)(^)"

[Patterns]
Name = "Disable PDF scripting "
Active = TRUE
URL = "$IHDR(Content-Type:*/pdf) "
Limit = 32
Match = "(obj <</S)\0/JavaScript/JS"
Replace = "\0"
          "/NotaScript/SS"

BTW,
I'm using 'HTML Debug info' to look inside the pdf.

Hmmm... Would be nice to get shonen in there

Code:
[HTTP headers]
In = TRUE
Out = FALSE
Key = "Content-Type: pdf force filtering (in) (fail)"
Match = "application/pdf$FILTER(true)(^)"

[Patterns]
Name = "Disable PDF scripting shonen"
Active = TRUE
URL = "$IHDR(Content-Type:*/pdf) "
Limit = 32
Match = "(obj <</S)\0/JavaScript/JS"
Replace = "\0"
          "/ShonenScript/"

HTH
Add Thank You Quote this message in a reply
Sep. 27, 2009, 07:37 PM
Post: #6
RE: Toggle/Resize PDF Embeds
(Sep. 27, 2009 05:00 PM)JJoe Wrote:  How about

Code:
[HTTP headers]
In = TRUE
Out = FALSE
Key = "Content-Type: pdf force filtering (in) (fail)"
Match = "application/pdf$FILTER(true)(^)"

[Patterns]
Name = "Disable PDF scripting "
Active = TRUE
URL = "$IHDR(Content-Type:*/pdf) "
Limit = 32
Match = "(obj <</S)\0/JavaScript/JS"
Replace = "\0"
          "/NotaScript/SS"

BTW,
I'm using 'HTML Debug info' to look inside the pdf.

using debug-info here also, kinda cool to "see" something other than html code, lol...


the above is working for me... (didn't try the Shonen...)
Add Thank You Quote this message in a reply
Sep. 28, 2009, 06:49 AM
Post: #7
RE: Toggle/Resize PDF Embeds
I applaud what you're doing to control undesirable aspects of certain PDF. Applause

I've been just nailing the '/JavaScript' portion for PDF that comes from untrusted places, which seemed to kill their imbedded scripts from running. I hadn't realized that the '/JS' might also need to be hit in order to keep the reader from prompting though.
Add Thank You Quote this message in a reply
Sep. 28, 2009, 12:54 PM
Post: #8
RE: Toggle/Resize PDF Embeds
i've only tested the prompting in Adobe Reader 9.1.3 (due to "office politics", i'm kinda stuck with it [though i honestly don't mind, i'm not a fan of Foxit et alia])...

although, i'm using a LITE version that i download the 'official' installer from Adobe, tweak the living crap out of it, then install without all of the useless Adobe BLOAT...

another option is a proggy called "Adobe Reader SpeedUp" - but in that i've learned how to "edit" the installer myself, i've since abandoned AR SpeedUp and don't even know if it still works with the latest AR...
Add Thank You Quote this message in a reply
Oct. 04, 2009, 05:59 AM
Post: #9
RE: Toggle/Resize PDF Embeds
Can PDF viewers run Javascript? I read .pdf files with a helper application. What would the script be doing in a PDF reader?
Add Thank You Quote this message in a reply
Oct. 04, 2009, 06:36 AM
Post: #10
RE: Toggle/Resize PDF Embeds
(Oct. 04, 2009 05:59 AM)Siamesecat Wrote:  Can PDF viewers run Javascript? I read .pdf files with a helper application.
I think most PDF viewers include the scripting ability.

Quote:What would the script be doing in a PDF reader?
Sometimes very simple things. Some of those from the IRS auto-format numbers you enter into their PDF forms.

But they can also do malicious things. Scripting in PDF has unfortunately become a vector for malware injection.
http://isc.sans.org/diary.html?storyid=6445

My personal view is that scripting doesn't belong in PDF. But it's there and that can't be ignored. I feel it's safer to kill off or otherwise disable PDF scripts, even if doing so might eliminate something potentially useful like pretty-number formatting for the IRS.
Add Thank You Quote this message in a reply
Oct. 04, 2009, 01:35 PM
Post: #11
RE: Toggle/Resize PDF Embeds
it honestly never ceases to amaze me how so many people think "javascript" is a 'good thing'...

it's almost like the only way people start to "distrust" things anymore these days is if the entity contains the word "Microsoft" before it...

if it were called "MS JavaScript", you know dang well that more people would be blocking it in their browsers by default and they'd be aware of its presence in .pdf files...
Add Thank You Quote this message in a reply
Oct. 12, 2009, 12:29 PM (This post was last modified: Oct. 12, 2009 12:39 PM by defconnect.)
Post: #12
RE: Toggle/Resize PDF Embeds
The potential danger of embedded JavaScripts in PDFs has been proved once again: http://blog.trendmicro.com/new-adobe-zero-day-exploit/
Acrobat JavaScript is by default enabled in Adobe Acrobat/Reader.
Adobe has been made aware of the problem and expects to release an update tomorrow: http://www.adobe.com/support/security/bu...09-15.html
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: