Reputation: 2799
How do you view the JavaScript embedded in a PDF?
I have a PDF, which I think has JavaScript embedded in it. Is it possible to see what that JavaScript is? And if so, how would I see it?
It's probably possible to hack something together with iText, but I would prefer something faster.
Upvotes: 16
Views: 35962
Answers (3)
Reputation: 479
There are two ways this can be done directly in Adobe Acrobat:
First, more general and fast way if you only need to know whether there is any JavaScript code at all inside the PDF: it is enough to run
Remove Hidden Informationtool (Tools → ProtectunderProtect & Standardizesection).After the tool finishes examining the document, you will see an entry called "Links, actions and javascripts" if the document contains any scripts or actions at all (note that these might be harmless actions like opening a website after clicking on a link).
Second, more precise and slightly slower way if you need to see precisely what scripts or actions are present in the document: open
Prepare Formtool (Tools → Prepare FormunderForms & Signaturessection) and click "Start". This will analyze the whole document.There, click on
Morein the middle of the right panel and choose eitherAll JavaScripts,Document JavaScriptsorDocument Actionsto see relevant information.(Thanks goes to the original source of the answer on the Adobe Community Forums.)
Also note, however, that Adobe Acrobat is not a security tool for examining malicious JavaScript code. If you positively know that there is some malicious code inside the PDF and you know that the attacker would try to obfuscate it, use a tool that is specifically created for this goal. For more info on this topic, see this StackOverflow answer.
Upvotes: 1
Reputation: 77528
Download iText RUPS: https://github.com/itext/rups/releases
Open the PDF using RUPS and you'll be able to look at all the PDF objects. iText RUPS isn't a PDF viewer, it's a PDF syntax browser.
Upvotes: 9
Reputation: 5234
If you prefer a fast method, just open the PDF with a text editor, e.g. NotePad++, and search on JavaScript.
In my case, I ran into a pdf that insisted on being printed instead of viewed. With NP++ I found this script:
<</S/JavaScript/JS(this.print\({bUI: true,bSilent: false,bShrinkToFit: true}\);this.closeDoc\(\);)>>
The notation is a little weird, but obviously it has a Print command, followed by a Close command.
You can even replace the Close command with spaces, which is easy in Overwrite mode (press the Insert key to toggle to and from Overwrite mode). You need to keep the total nr of characters the same, to preserve the offset pointers in the PDF. Then, the document can be viewed after cancelling the print command.
As it was a digitally signed document, of course the signature showed "invalid" :-)
Upvotes: 12
Related Questions
- How can I put JavaScript code into a PDF document?
- Extract JavaScript from malicious PDF
- Javascript in PDF
- Implementing PDF.js Viewer example
- Adobe Acrobat Pro XI - Adding Javascript to a PDF
- load javascript from pdf with java itextpdf
- Javascript in PDFs
- Finding javascript code in PDF using Apache PDFBox
- how to implement pdf.js to view pdf files in the pdf viewer?
- Javascript in a PDF?