Dradis Word Macro
37 views
Skip to first unread message
Dejan Lukan
Nov 22, 2012, 6:55:57 AM11/22/12
to dradi...@googlegroups.com
Hi,
I've got a problem with Dradis Macro that is able to download pictures. The problem is that regular expression doesn't work the way it should.
It seems to me that it doesn't match the dot '.' , but may be anything, it's MS :)
Daniel Martin
Nov 23, 2012, 3:04:01 PM11/23/12
to dradi...@googlegroups.com
Hi Dejan,
It's amazing what just a year does to one's memory. I can barely
remember this code!
(Btw, he's referring to this macro [i] and blog post [ii].)
I just opened an empty document, pasted:
!http://www.google.com/images/srpr/logo3w.png!
And ran the macro and sure enough, it complained about a hard-coded path
not existing [iii] but once I created the folder, it ran without issues.
Next test also passed: new document and the following URL (adjust to
with your IP):
!https://192.168.49.128/pro/assets/logopro_small.png!
(hitting enter twice to close the username / password prompts)
Next test:
!https://192.168.49.128/pro/nodes/2123/attachments/dradispro_banner.png!
This time I provided the right credentials but sure enough, it didn't
work. A file was saved to the folder but the macro threw an error ("The
graphics filter was unable to convert this file."). I opened the file in
a text editor and it was HTML (the login page).
Looking into the authentication module it looks like the HTTP basic auth
for Dradis Pro is broken, or should I say, is not what you'd expect it
to be (in any case, fails closed / safe by default). Basically it's
still using the Dradis community edition approach of a shared password
[iv]. In order to make it work I had to create a Configuration setting
using the rails console:
>> Configuration.create :name => 'password', :value =>
::Digest::SHA512.hexdigest('secret')
Then supplying any username and secret as password in the Basic auth
header granted access to the content.
Looks like the regexp / macro is working fine on this side. Not sure
what may be the issue you're experiencing. Are you trying this in a
non-English version of Word? (that has caused some issues recently).
HTH,
Daniel
[i]
https://github.com/etdsoft/dradis-macros
[ii]
http://blog.dradisframework.org/2011/05/include-screenshots-stored-in-dradis-in.html
[iii]
https://github.com/etdsoft/dradis-macros/blob/master/DradisScreenshot.bas#L151
[iv]
https://github.com/dradis/dradisframework/blob/master/lib/authenticated_system.rb#L108-116
--
Morris's three golden rules of computer security:
do not own a computer;
do not power it on;
and do not use one
remember this code!
(Btw, he's referring to this macro [i] and blog post [ii].)
I just opened an empty document, pasted:
!http://www.google.com/images/srpr/logo3w.png!
And ran the macro and sure enough, it complained about a hard-coded path
not existing [iii] but once I created the folder, it ran without issues.
Next test also passed: new document and the following URL (adjust to
with your IP):
!https://192.168.49.128/pro/assets/logopro_small.png!
(hitting enter twice to close the username / password prompts)
Next test:
!https://192.168.49.128/pro/nodes/2123/attachments/dradispro_banner.png!
This time I provided the right credentials but sure enough, it didn't
work. A file was saved to the folder but the macro threw an error ("The
graphics filter was unable to convert this file."). I opened the file in
a text editor and it was HTML (the login page).
Looking into the authentication module it looks like the HTTP basic auth
for Dradis Pro is broken, or should I say, is not what you'd expect it
to be (in any case, fails closed / safe by default). Basically it's
still using the Dradis community edition approach of a shared password
[iv]. In order to make it work I had to create a Configuration setting
using the rails console:
>> Configuration.create :name => 'password', :value =>
::Digest::SHA512.hexdigest('secret')
Then supplying any username and secret as password in the Basic auth
header granted access to the content.
Looks like the regexp / macro is working fine on this side. Not sure
what may be the issue you're experiencing. Are you trying this in a
non-English version of Word? (that has caused some issues recently).
HTH,
Daniel
[i]
https://github.com/etdsoft/dradis-macros
[ii]
http://blog.dradisframework.org/2011/05/include-screenshots-stored-in-dradis-in.html
[iii]
https://github.com/etdsoft/dradis-macros/blob/master/DradisScreenshot.bas#L151
[iv]
https://github.com/dradis/dradisframework/blob/master/lib/authenticated_system.rb#L108-116
--
Morris's three golden rules of computer security:
do not own a computer;
do not power it on;
and do not use one
Reply all
Reply to author
Forward
0 new messages