Sometimes, maldocs don’t really need to do anything malicious.
You might just want to create awareness and just send a request to a webserver.
In this short blogpost, I’ll show some code to issue web requests in VBA, usable in your favorite office program.
ServerXMLHTTP vs WinHTTPRequest
My colleague Didier Stevens has briefly explained to me what the difference is between these two objects (both can be used to invoke webrequests):
ServerXMLHTTP is used when a proxy is set for IE
WinHTTPRequest is used when there is a proxy set via netsh
For completeness I should probably also mention VBAWEB but this is third party and I have not tested this setup, so this will be out of scope for this blogpost.
Solution: combine the two.
In case you are doing this black box, it’s less than ideal that you’ll have to gamble which proxy settings are being used. Luckily for us, VBA has error handling built in, so we can actually create a macro that combines the two, if the first request fails, try another request. You can also use this error handling to change your URL’s so you can actually try to send to multiple domains in case you fear your “control” domain will be flagged by the proxy.
Without further blah blah blah, here is the code I’m using to achieve this:
Sub WebRequest() Url = http://<yourdomain>/ On Error GoTo Request2 Set objHTTP = CreateObject("MSXML2.ServerXMLHTTP") ' very short timeouts, increase if you want. this is in miliseconds objHTTP.setTimeouts 100, 100, 100, 100 'Get for example, can also be any other HTTP VERB, in case you POST, the Send method needs another argument (else you'll just post empty) objHTTP.Open "GET", Url, False objHTTP.Send Set objHTTP = Nothing Exit Sub Request2: 'if you want you can create more error handlers, alternating url or serverxml/winhttp In case you want multiple errors you'll have to reset the error handle to -1 On Error GoTo -1 ' In case of multiple error handlers 'On Error GoTo Request3 'you can change your URL here if you want Set winHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1") winHttpReq.Open "GET", Url, False winHttpReq.Send End Sub