Package modules :: Package packages :: Module ie
[hide private]
[frames] | no frames]

Source Code for Module modules.packages.ie

  1  # Copyright (C) 2010-2013 Claudio Guarnieri. 
  2  # Copyright (C) 2014-2016 Cuckoo Foundation. 
  3  # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 
  4  # See the file 'docs/LICENSE' for copying permission. 
  5   
  6  import logging 
  7  import os 
  8   
  9  from _winreg import HKEY_LOCAL_MACHINE, HKEY_CURRENT_USER 
 10   
 11  from lib.common.abstracts import Package 
 12   
 13  log = logging.getLogger(__name__) 
 14   
15 -class IE(Package):
16 """Internet Explorer analysis package.""" 17 PATHS = [ 18 ("ProgramFiles", "Internet Explorer", "iexplore.exe"), 19 ] 20 21 REGKEYS = [ 22 [ 23 HKEY_CURRENT_USER, 24 "Software\\Microsoft\\Internet Explorer\\Main", 25 { 26 # "Would you like Internet Explorer as default browser?" 27 "Check_Associations": "no", 28 29 # "Set Up Windows Internet Explorer 8" 30 "DisableFirstRunCustomize": 1, 31 }, 32 ], 33 [ 34 HKEY_CURRENT_USER, 35 "Software\\Microsoft\\Internet Explorer\\Security", 36 { 37 "Safety Warning Level": "Low", 38 "Sending_Security": "Low", 39 "Viewing_Security": "Low", 40 }, 41 ], 42 [ 43 HKEY_LOCAL_MACHINE, 44 "Software\\Microsoft\\Internet Explorer\\Main", 45 { 46 # Disable Security Settings Check. 47 "DisableSecuritySettingsCheck": 1, 48 }, 49 ], 50 [ 51 HKEY_CURRENT_USER, 52 "Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", 53 { 54 "FEATURE_LOCALMACHINE_LOCKDOWN": { 55 # "To help protect your security, Internet Explorer has 56 # restricted this webpage from running scripts or ActiveX 57 # controls that could access your computer. Click here for 58 # options..." 59 "iexplore.exe": 0, 60 }, 61 "FEATURE_RESTRICT_FILEDOWNLOAD": { 62 # "To help protect your security, Windows Internet 63 # Explorer blocked this site from downloading files to 64 # your computer. Click here for more options..." 65 "iexplore.exe": 0, 66 }, 67 }, 68 ], 69 [ 70 HKEY_CURRENT_USER, 71 "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", 72 { 73 # "You are about to be redirected to a connection that is not secure." 74 "WarnOnHTTPSToHTTPRedirect": 0, 75 76 # "You are about to view pages over a secure connection." 77 "WarnOnZoneCrossing": 0, 78 }, 79 ], 80 [ 81 HKEY_CURRENT_USER, 82 "Software\\Microsoft\\Internet Explorer\\Document Windows", 83 { 84 # Maximize the window by default. 85 "Maximized": "yes", 86 }, 87 ], 88 [ 89 HKEY_CURRENT_USER, 90 "Software\\Microsoft\\Internet Explorer\\Download", 91 { 92 # "Internet Explorer - Security Warning" 93 # "The publisher could not be verified." 94 "CheckExeSignatures": "no", 95 }, 96 ], 97 ] 98
99 - def setup_proxy(self, proxy_host):
100 """Configure Internet Explorer to route all traffic through a 101 proxy.""" 102 self.init_regkeys([[ 103 HKEY_CURRENT_USER, 104 "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", 105 { 106 "MigrateProxy": 1, 107 "ProxyEnable": 1, 108 "ProxyHttp1.1": 0, 109 "ProxyServer": "http://%s" % proxy_host, 110 "ProxyOverride": "<local>", 111 }, 112 ]])
113
114 - def start(self, target):
115 if "proxy" in self.options: 116 self.setup_proxy(self.options["proxy"]) 117 118 # If it's a HTML file, force an extension, or otherwise Internet 119 # Explorer will open it as a text file or something else non-html. 120 if os.path.exists(target) and not target.endswith((".htm", ".html")): 121 os.rename(target, target + ".html") 122 target += ".html" 123 log.info("Submitted file is missing extension, adding .html") 124 125 iexplore = self.get_path("Internet Explorer") 126 return self.execute( 127 iexplore, args=[target], maximize=True, mode="iexplore" 128 )
129