/// <summary>
/// The send payload.
/// </summary>
/// <param name="postElement">
/// The post element.
/// </param>
/// <param name="payload">
/// The payload.
/// </param>
/// <param name="browser">
/// The browser.
/// </param>
/// <param name="testCase">
/// The test case.
/// </param>
private void SendPayload(IWebElement postElement, string payload, BrowserAbstract browser, TestCase testCase)
{
if (!postElement.Displayed)
{
Logger.WriteWarning(
"Element {0} not displayed, url ={1}",
GetElementIdentification(postElement),
this.TestTarget.Uri.OriginalString);
return;
}
// send payload
postElement.SendKeys(payload);
// send enter
postElement.SendKeys(Keys.Return);
// waiting for page to load
browser.WaitForPageLoad(5000);
// dismiss any present alert
string alertText;
browser.DismissedIfAlertDisplayed(out alertText);
// log xss vulnerabilities
this.CheckForVulnerabilities(browser, testCase, payload);
}
/// <summary>
/// The check for vulnerabilities.
/// </summary>
/// <param name="browser">
/// The browser.
/// </param>
/// <param name="testCase">
/// The testCase.
/// </param>
/// <param name="testValue">
/// The tested val.
/// </param>
private void CheckForVulnerabilities(
BrowserAbstract browser,
TestCase testCase,
string testValue)
{
// waiting for page to load
browser.WaitForPageLoad(5000);
string alertText;
browser.DismissedIfAlertDisplayed(out alertText);
if (browser.AlertMessageDisplayed.Contains(TestBaseHelper.AttackSignature))
{
// since we use the same browser instance clear the alerts after the issue has been logged
browser.AlertMessageDisplayed.Clear();
// we found one issue
this.vulnerabilityFound = true;
Vulnerabilities.Enqueue(new Vulnerability
{
Title = testCase.TestName,
Level = (int)VulnerabilityLevelEnum.High,
TestedParam = string.Empty,
TestedVal = testValue,
Evidence = "Found by {0}".FormatIc(browser.BrowserType.ToString()),
MatchString = testCase.MatchString,
TestPlugin = GetType().Name
});
}
}
/// <summary>
/// The inspect.
/// </summary>
/// <param name="target">
/// The target.
/// </param>
/// <param name="browser">
/// The browser.
/// </param>
/// <returns>
/// An enumerator that allows foreach to be used to process inspect in this collection.
/// </returns>
public IEnumerable <IWebElement> Inspect(ITarget target, ref BrowserAbstract browser)
{
// clear the container in case we reuse the object
this.inputElement.Clear();
if (browser == null)
{
BrowserAbstract closureBrowser = this.context.AcquireBrowser(BrowserType.Chrome);
browser = closureBrowser;
if (browser == null)
{
Logger.Logger.WriteWarning("Not able to acquire a browser");
return(this.inputElement);
}
}
browser.NavigateTo(target.Uri.OriginalString);
// waiting for page to load
browser.WaitForPageLoad(Common.Constants.BrowserWaitForPageLoadInMilliseconds);
// dismiss any alert and register the text message, catch the vulnerability in the test plugin
string alertText;
browser.DismissedIfAlertDisplayed(out alertText);
foreach (var pathElement in this.xPathElements)
{
IEnumerable <IWebElement> elements = browser.FindWebElements(By.XPath(pathElement));
foreach (IWebElement webElement in elements)
{
this.inputElement.Add(webElement);
}
}
return(this.inputElement);
}
/// <summary>
/// Browser navigate to page.
/// </summary>
/// <param name="contextSendRequestParameter">
/// The context send request parameter.
/// </param>
/// <param name="uri">
/// The uri.
/// </param>
/// <param name="webRequestContext">
/// The web request context.
/// </param>
private void BrowserNavigateToPage(
ContextSendRequestParameter contextSendRequestParameter,
Uri uri,
WebRequestContext webRequestContext)
{
webRequestContext.ResponseHolder = new HttpWebResponseHolder();
BrowserAbstract browser = null;
try
{
var browserManager = ObjectResolver.Resolve <IBrowserManager>();
// there is no browser pool created for this browser type
if (browserManager.AvailableBrowserTypes.All(t => t != contextSendRequestParameter.BrowserType))
{
return;
}
// try to acquire a browser if we don't have one already
browser = webRequestContext.Browser ??
browserManager.AcquireBrowser(contextSendRequestParameter.BrowserType);
if (browser == null)
{
Library.Logger.Logger.WriteWarning(
"Browser pool failed allocation (measured by BrowserPoolCounters.FailedAllocationsPerMinute).");
return;
}
// in case we acquired then set this in the request context
webRequestContext.Browser = browser;
// Add request cookies.
if (this.CurrentCookies.ContainsKey(uri.Host))
{
foreach (Cookie cookie in this.CurrentCookies[uri.Host])
{
browser.AddCookie(cookie.Name, cookie.Value, cookie.Domain, cookie.Path, cookie.Expires);
}
}
var stopWatch = new Stopwatch();
stopWatch.Start();
browser.NavigateTo(uri.OriginalString);
stopWatch.Stop();
// FireFox does not block on the presence of an alert dialog, so we manually check here.
string alertText;
browser.DismissedIfAlertDisplayed(out alertText);
browser.WaitForPageLoad(Constants.BrowserWaitForPageLoadInMilliseconds);
// check for messages again following page load - do this before querying other browser properties
browser.DismissedIfAlertDisplayed(out alertText);
var fiddlerResponseSessionKey = Library.Constants.FiddlerResponseSessionKey.FormatIc(
browser.ProcessId,
browser.Url);
// get fiddler response
var fiddlerResponse = FiddlerProxy.ResponseSession.ContainsKey(fiddlerResponseSessionKey)
? FiddlerProxy.ResponseSession[fiddlerResponseSessionKey].oResponse
: null;
var fiddlerRequest = FiddlerProxy.ResponseSession.ContainsKey(fiddlerResponseSessionKey)
? FiddlerProxy.ResponseSession[fiddlerResponseSessionKey].oRequest
: null;
// populate response holder
webRequestContext.ResponseHolder.StatusCode = fiddlerResponse != null
? (HttpStatusCode)fiddlerResponse.headers.HTTPResponseCode
: HttpStatusCode.OK;
var source = browser.PageSource;
webRequestContext.ResponseHolder.ResponseContent = source;
webRequestContext.ResponseHolder.RequestAbsolutUri = uri.AbsoluteUri;
webRequestContext.ResponseHolder.RequestHost = uri.Host;
Uri resultUri;
if (Uri.TryCreate(browser.Url, UriKind.Absolute, out resultUri))
{
webRequestContext.ResponseHolder.ResponseUri = resultUri;
}
webRequestContext.ResponseHolder.ResponseDateTime = DateTime.UtcNow;
webRequestContext.ResponseHolder.RequestUserAgent =
contextSendRequestParameter.BrowserType.ToString();
webRequestContext.ResponseHolder.BrowserPageTitle = browser.PageTitle;
webRequestContext.ResponseHolder.ResponseContentType = "text/html";
webRequestContext.ResponseHolder.Latency = new TimeSpan(0, 0, 0, 0, (int)stopWatch.Elapsed.TotalMilliseconds);
// set headers from fiddler for this request
if (fiddlerRequest != null)
{
webRequestContext.ResponseHolder.RequestHeaders =
Regex.Replace(fiddlerRequest.headers.ToString().Trim(), @"[\u0000-\u001F]", string.Empty);
}
// set headers from fiddler for this response
if (fiddlerResponse != null)
{
webRequestContext.ResponseHolder.SetResponseFiddlerHeaders(fiddlerResponse.headers);
}
// set back response cookies
webRequestContext.ResponseHolder.Cookies = browser.AllCookies;
}
catch (Exception exception)
{
webRequestContext.ResponseHolder.HttpError = exception.Message;
CheckForUnexpectedDialog(uri, browser, exception);
}
}