-2

This is my project topic given by my college. Can somebody please give me an idea on where to start with this topic.

I have seen a lot of topics on pdf vulnerability but the problem is they require knowing a lot of security stuff beforehand. I have less than a week to submit the project. If somebody could just guide me to where I should start I would be really grateful. I have already looked up didier stievens site but its getting really tough for me to understand it since there is no time.

user2546419
  • 65
  • 6
  • Questions asking for homework help must include a summary of the work you've done so far to solve the problem, and a description of the difficulty you are having solving it. See http://stackoverflow.com/help/on-topic – Amedee Van Gasse Mar 24 '16 at 09:52
  • 1
    You may be asking on the wrong site. Maybe you should ask on http://security.stackexchange.com/ – Amedee Van Gasse Mar 24 '16 at 10:39
  • One exploit with pdf is to package your own code within the file. This links shows how to do this. http://securityxploded.com/pdf_vuln_exploits.php – Dane Mar 24 '16 at 10:43

1 Answers1

1

The most important point about PDF security is that most 'popular' attacks are targeting:

  • application related vulnerabilities in most popular free PDF reading applications: Adobe Reader and Foxit Reader;
  • humans to get them to click on the malicious attachment inside PDF to initiate attack;

Check these analysis and parsing utilities and documents:

  • Didier Stevens's pdf tools which include make-pdf-javascript.py ( javascript injection tool), pdfid.py that scans PDF and embedded javascripts for keywords and others;

  • PDF Stream Dumper and its source code;

  • PDF Miner Py - pdf parsing library made with python;

  • PDF.js - javascript based PDF rendering that could help you to learn PDF structure parsing right from your browser console (widely used in lot of online services like DropBox)

  • Official PDF Format Specification from Adobe for PDF 1.4 and PDF 1.7

Eugene
  • 2,820
  • 19
  • 24