pwn 0.5.189 → 0.5.191

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 23209b3ae230ac7903981327315c626571dabf4ddb74d3864ca2bd625c3651da
-  data.tar.gz: e2a378c4ed79978d0a6dd80a761d3dcedb9cbfa5926d0d926b1d248cbeebc974
+  metadata.gz: 0a505a20bdb9c9adcd1e006d35bc8b09002c4c98e4dfd43d6e592f381fc39ae0
+  data.tar.gz: '05856cfa4c5c3e0d3fb9a807a616f063f4606b09c913b6502e4c354613da321e'
 SHA512:
-  metadata.gz: dcfd61071ac2d1f858cb55c23754ba53deae089f828ce0d9f552b6a37e060e90476d5df80c88bcf32b9ecf63bf54b760fe3281cce17ed1a97545563522a21357
-  data.tar.gz: 67b6242126b03a7ea82c2e002c133b62f93a5f87561549355d27da94a9dbfca9afbec3eaf5256840215e45cdcb6c2077055fd5a4d140ed5fc99dd268f1414d3d
+  metadata.gz: a4386feadcc8c56c4de2c8fe323fba7c4b794397cdf4c4a0e3ca661e8126ce8cb07b71aa191d1cc5cf6233bbdc5a0cc5bcf8e4c7b7dfe2bfb824b8fd68db5651
+  data.tar.gz: c61ac9fcf9e474fe4b01eaa0fdf0deb03beebd91e4f7cdc340b9b960f9dbcec3b8ffa5fe3562007f0af313ff9ae805e3881bac25bdfbc37db9f94ba9a358e517

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.189]:001 >>> PWN.help
+pwn[v0.5.191]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.3@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.189]:001 >>> PWN.help
+pwn[v0.5.191]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.3@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.189]:001 >>> PWN.help
+pwn[v0.5.191]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/lib/pwn/plugins/transparent_browser.rb

@@ -41,7 +41,8 @@ module PWN
       # browser_obj1 = PWN::Plugins::TransparentBrowser.open(
       #   browser_type: 'optional - :firefox|:chrome|:headless|:rest|:websocket (defaults to :chrome)',
       #   proxy: 'optional - scheme://proxy_host:port || tor (defaults to nil)',
-      #   with_devtools: 'optional - boolean (defaults to true)'
+      #   with_devtools: 'optional - boolean (defaults to true)',
+      #   url: 'optional - URL to navigate to after opening browser (Defaults to about:about#RANDID)'
       # )
 
       public_class_method def self.open(opts = {})
@@ -62,6 +63,8 @@ module PWN
         with_devtools = opts[:with_devtools] ||= false
         with_devtools = true if devtools_supported.include?(browser_type) && with_devtools
 
+        url = opts[:url] ||= "about:about##{SecureRandom.hex(8)}"
+
         # Let's crank up the default timeout from 30 seconds to 15 min for slow sites
         Watir.default_timeout = 900
 
@@ -195,9 +198,6 @@ module PWN
           this_profile['devtools.cache.disabled'] = true
           this_profile['dom.caches.enabled'] = false
 
-          # caps = Selenium::WebDriver::Remote::Capabilities.firefox
-          # caps[:acceptInsecureCerts] = true
-
           if proxy
             this_profile['network.proxy.type'] = 1
             this_profile['network.proxy.allow_hijacking_localhost'] = true
@@ -286,6 +286,7 @@ module PWN
         if devtools_supported.include?(browser_type)
           rand_tab = SecureRandom.hex(8)
           browser_obj[:browser].goto("about:about##{rand_tab}")
+          browser_obj[:browser].execute_script("document.title = '#{rand_tab}'")
 
           if with_devtools
             driver = browser_obj[:browser].driver
@@ -307,7 +308,7 @@ module PWN
 
             browser_obj[:bidi] = driver.bidi
 
-            browser_obj[:browser].body.send_keys(:escape)
+            browser_obj[:browser].send_keys(:escape)
           end
         end
 
@@ -497,9 +498,9 @@ module PWN
           browser.execute_script("document.title = '#{rand_tab}'")
         end
         # Open the DevTools for Firefox, Chrome opens them automatically
-        browser.body.send_keys(:f12) if firefox_types.include?(browser_type)
+        browser.send_keys(:f12) if firefox_types.include?(browser_type)
         # Open Console drawer if DevTools are open
-        browser.body.send_keys(:escape) unless devtools.nil?
+        browser.send_keys(:escape) unless devtools.nil?
         browser.goto(url) unless url.nil?
 
         { title: browser.title, url: browser.url, state: :active }
@@ -509,7 +510,7 @@ module PWN
 
       # Supported Method Parameters::
       # tab = PWN::Plugins::TransparentBrowser.close_tab(
-      #   browser_obj: 'required - browser_obj returned from #open method)'
+      #   browser_obj: 'required - browser_obj returned from #open method)',
       #   keyword: 'required - keyword in title or url used to close tabs'
       # )
 
@@ -522,15 +523,26 @@ module PWN
 
         browser = browser_obj[:browser]
         # Switch to an inactive tab before closing the active tab if it's currently active
-        active_tab = list_tabs(browser_obj: browser_obj).select { |tab| tab[:state] == :active }
-        if active_tab.last[:url] == browser.url
-          inactive_tabs = list_tabs(browser_obj: browser_obj).reject { |tab| tab[:url] == browser.url }
-          keyword = inactive_tabs.last[:url]
-          jmp_tab(browser_obj: browser_obj, keyword: keyword)
+        tab_list = list_tabs(browser_obj: browser_obj)
+        active_tab = tab_list.find { |tab| tab[:state] == :active }
+        if active_tab[:url].include?(keyword)
+          inactive_tabs = tab_list.reject { |tab| tab[:url] == browser.url }
+          if inactive_tabs.any?
+            tab_to_activate = inactive_tabs.last[:url]
+            jmp_tab(browser_obj: browser_obj, keyword: tab_to_activate)
+          end
         end
         all_tabs = browser.windows
-        tab_sel = all_tabs.select { |tab| tab.close if tab.title.include?(keyword) || tab.url.include?(keyword) }
-        { title: tab_sel.last.title, url: tab_sel.last.url, state: :closed } if tab_sel.any?
+
+        tabs_to_close = all_tabs.select { |tab| tab.title.include?(keyword) || tab.url.include?(keyword) }
+
+        tabs_closed = tabs_to_close.map do |tab|
+          { title: tab.title, url: tab.url, state: :closed }
+        end
+
+        tabs_to_close.each(&:close)
+
+        tabs_closed
       rescue StandardError => e
         raise e
       end
@@ -647,7 +659,7 @@ module PWN
         verify_devtools_browser(browser_obj: browser_obj)
 
         browser = browser_obj[:browser]
-        browser.body.send_keys(:f12)
+        browser.send_keys(:f12)
       rescue StandardError => e
         raise e
       end
@@ -691,8 +703,8 @@ module PWN
         end
 
         # Have to call twice for Chrome, otherwise devtools stays closed
-        browser.body.send_keys(hotkey)
-        browser.body.send_keys(hotkey) if chrome_types.include?(browser_type)
+        browser.send_keys(hotkey)
+        browser.send_keys(hotkey) if chrome_types.include?(browser_type)
       rescue StandardError => e
         raise e
       end

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.189'
+  VERSION = '0.5.191'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.189
+  version: 0.5.191
 platform: ruby
 authors:
 - 0day Inc.