Application Security Testing: An Integral Part of DevOps
Hello, everyone. Today, I will show you how to play around with Internet Explorer's Properties dialog box. Highlights of this article include: the clearing of all the various History settings (this includes the browsing info, cookies, form data, and so on). You also will cover how to change Internet Explorer's font settings, and how to access the Organize favourites dialog box from within your program.
To get access to the Internet Explorer's Properties, you will use the built-in RunDLL32 utility to launch Internet Explorer's Control Panel Applet, with different arguments.
Basically, the RunDLL32 utility enables you to call functions exported from a 32-bit DLL. In other words, Rundll32 loads the specified DLL using LoadLibrary, obtains the address of the function using the GetProcAddress function, and calls the function with the specified arguments, if any. When the function returns, Rundll32 unloads the DLL and exits.
To use the RunDll32 utility in your program, you need to look at the Process class. This class provides access to local and remote processes and enables you to start and stop local system processes.
A Process object provides access to a process that is running on a computer. A process, in the simplest terms, is a running application. A thread is the basic unit to which the operating system allocates processor time. A thread can execute any part of the code of the process, including parts currently being executed by another thread.
To start a Process, you can use the Start method from the Process class; you also can include the StartInfo parameter whose members can be used to duplicate the functionality of the Run dialog box of the Windows Start menu. Anything that can be typed into a command line can be started by setting the appropriate values in the StartInfo property. The only StartInfo property that must be set is the FileName property. The FileName property does not have to be an executable file. It can be of any file type for which the extension has been associated with an application that is installed on the system. For example, the FileName property can have a .txt extension if you have associated text files with an editor, such as Notepad, or it can have a .doc extension if you have associated .doc files with a word processing tool, such as Microsoft Word.
On the command line, you can specify actions to take for certain types of files. For example, you can print documents or edit text files. Specify these actions by using the Verb member of the StartInfo property. For other types of files, you can specify command line arguments when you start the file from the Run dialog box. For example, you can pass a URL as an argument if you specify your browser as the FileName. These arguments can be specified in the StartInfo property's Arguments member.
It's time to get started. Open Visual Basic 2005 or 2008. I have already designed your form's layout, as you can see in Figure 1. Feel free to give all objects proper names:
Figure 1: Form Layout
Opening Content Advisor
The first button is labeled Content Advisor; this button will be used to show the Content Advisor dialog box. All you need to do is double-click it and type the following inside its click event:
'Content Advisor Process.Start("rundll32.exe", "msrating.dll,RatingSetupUI")
Here, you used the Rundll32 utility to call the RatingsSetupUI method that resides inside msrating.dll. This DLL is responsible for Internet Ratings and Local User Management. The RatingSetupUI method allows you to set levels of restrictions; then, another function inside msrating.dll, named RatingCheckUserAccess, uses these settings to compare against these rating labels and determines whether the user is allowed to view the given content based on the associated rating label.
Simple, isn't it?
Figure 2: Content Advisor