public void CustomTester_ParametersWithSameValue() { MockTestController mockTestController = new MockTestController(); string testRequest = "GET /search.jsp?a=1&b=1 HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n"; string paramName1 = "a"; string paramName2 = "b"; CustomTestsFile file = GetCustomTestFile(); Tester tester = new Tester(mockTestController, file); CustomTestDef def = file.GetCustomTests()["Path Traversal"]; HttpRequestInfo original = new HttpRequestInfo(testRequest, true); Uri uri = new Uri(original.FullUrl); tester.ExecuteTests(testRequest, "", uri, paramName1, null, RequestLocation.Query, def); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey(paramName1)); string mutReq = mockTestController.MutatedRequests[0]; HttpRequestInfo mutReqInfo = new HttpRequestInfo(mutReq); Assert.AreEqual(MockTestController.PATH_TRAVERSAL, mutReqInfo.QueryVariables[paramName1], "Invalid mutation for " + paramName1); Assert.AreEqual("1", mutReqInfo.QueryVariables[paramName2], "Invalid value for " + paramName2); tester.ExecuteTests(testRequest, "", uri, paramName2, null, RequestLocation.Query, def); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey(paramName2)); mutReq = mockTestController.MutatedRequests[1]; mutReqInfo = new HttpRequestInfo(mutReq); Assert.AreEqual("1", mutReqInfo.QueryVariables[paramName1], "Invalid value for " + paramName1); Assert.AreEqual(MockTestController.PATH_TRAVERSAL, mutReqInfo.QueryVariables[paramName2], "Invalid mutation for " + paramName2); }
public void CustomTester_SingleCharacterValue() { TrafficViewerFile mockSite = new TrafficViewerFile(); MockTestController mockTestController = new MockTestController(mockSite); string testRequest = "GET /search.aspx?txtSearch=a&a1=a HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n"; string paramName = "txtSearch"; string paramName2 = "a1"; CustomTestsFile file = GetCustomTestFile(); Tester tester = new Tester(mockTestController, file); CustomTestDef def = file.GetCustomTests()["Path Traversal"]; HttpRequestInfo original = new HttpRequestInfo(testRequest, true); Uri uri = new Uri(original.FullUrl); string entityId = tester.GetEntityId(uri, paramName); string entityString = tester.GetEntityString(testRequest, uri, paramName, original.QueryVariables[paramName]); TestJob testJob = new TestJob(paramName, original.QueryVariables[paramName], RequestLocation.Query, def); string mutatedRequest = tester.GenerateMutatedRequestList(testRequest, testJob, entityString, entityId)[0]; HttpRequestInfo mutatedReqInfo = new HttpRequestInfo(mutatedRequest, true); Assert.IsTrue(mutatedReqInfo.QueryVariables.ContainsKey(paramName), "Could no longer find parameter"); Assert.AreEqual(original.QueryVariables[paramName] + MockTestController.PATH_TRAVERSAL, mutatedReqInfo.QueryVariables[paramName], "Incorrect test value"); Assert.AreEqual(original.QueryVariables[paramName2], mutatedReqInfo.QueryVariables[paramName2], "Incorrect non-test value"); }
public void CustomTester_MatchHeaderValidation() { TrafficViewerFile mockSite = new TrafficViewerFile(); MockTestController mockTestController = new MockTestController(mockSite); string testRequest = "GET /search.aspx?txtSearch=a&a1=a HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n"; string paramName = "txtSearch"; CustomTestsFile file = GetCustomTestFile(); Tester tester = new Tester(mockTestController, file); CustomTestDef def = file.GetCustomTests()["Path Traversal"]; def.Validation = "$header=" + "root:\\s?:"; HttpRequestInfo original = new HttpRequestInfo(testRequest, true); Uri uri = new Uri(original.FullUrl); string entityId = tester.GetEntityId(uri, paramName); string entityString = tester.GetEntityString(testRequest, uri, paramName, original.QueryVariables[paramName]); TestJob testJob = new TestJob(paramName, original.QueryVariables[paramName], RequestLocation.Query, def); string mutatedRequest = tester.GenerateMutatedRequestList(testRequest, testJob, entityString, entityId)[0]; Assert.IsFalse(tester.ValidateSingleTest(testRequest, "HTTP/1.1 200 OK\r\nbla", new Uri("http://demo.testfire.net/search.aspx"), paramName, entityId, def, mutatedRequest, "HTTP/1.1 200 OK\r\n\r\nroot::")); Assert.IsTrue(tester.ValidateSingleTest(testRequest, "HTTP/1.1 200 OK\r\nbla", new Uri("http://demo.testfire.net/search.aspx"), paramName, entityId, def, mutatedRequest, "HTTP/1.1 200 OK\r\nroot::\r\n\r\nbody")); }
private static CustomTestsFile GetCustomTestFile() { CustomTestsFile testFile = new CustomTestsFile(); var customTests = testFile.GetCustomTests(); customTests.Clear(); customTests.Add("Path Traversal", new CustomTestDef("Path Traversal", "Path Traversal", "$original" + MockTestController.PATH_TRAVERSAL, "root\\:")); testFile.SetCustomTests(customTests); testFile.LoginBeforeTests = false; testFile.TestOnlyParameters = true; var targetList = testFile.GetAttackTargetList(); targetList.Add("all", new AttackTarget("all", "Enabled", ".*")); testFile.SetAttackTargetList(targetList); return(testFile); }
public void CustomTestProxy_TestJSValidation() { MockProxy mockSite = new MockProxy(); string testReq = "GET /r1?p1=test HTTP/1.1\r\n"; mockSite.MockSite.AddRequestResponse(testReq, "HTTP/1.1 200 OK\r\n\r\nFound user test"); mockSite.Start(); CustomTestsFile testFile = GetCustomTestFile(); var tests = testFile.GetCustomTests(); tests.Clear(); tests.Add("PathTraversal", new CustomTestDef("PathTraversal", "Path Traversal", "$original/" + MockTestController.PATH_TRAVERSAL, "$js_code=function Callback(response){var found = false; if(response.indexOf('root')>-1) found=true; return found;}")); testFile.SetCustomTests(tests); testFile.Save(); TrafficViewerFile testDataStore = new TrafficViewerFile(); MockTestController mockTestController = new MockTestController(mockSite.MockSite); var targetList = new Dictionary <string, AttackTarget>(); targetList.Add("r1", new AttackTarget("r1", "Enabled", "r1")); testFile.SetAttackTargetList(targetList); DriveByAttackProxy testProxy = new DriveByAttackProxy(mockTestController, testFile, testDataStore); testProxy.Start(); SendRequestThroughTestProxy(testReq, testProxy, mockSite); Thread.Sleep(100); testProxy.Stop(); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("p1")); }
public void CustomTester_EmptyQueryParamUnitTest() { TrafficViewerFile mockSite = new TrafficViewerFile(); mockSite.AddRequestResponse(String.Format("GET /search.jsp?query={0} HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n", MockTestController.PATH_TRAVERSAL), MockTestController.PATH_TRAVERSAL_RESPONSE); MockTestController mockTestController = new MockTestController(mockSite); string testRequest = "GET /search.jsp?query= HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n"; string paramName = "query"; CustomTestsFile file = GetCustomTestFile(); Tester tester = new Tester(mockTestController, file); CustomTestDef def = file.GetCustomTests()["Path Traversal"]; HttpRequestInfo original = new HttpRequestInfo(testRequest, true); Uri uri = new Uri(original.FullUrl); tester.ExecuteTests(testRequest, "", uri, paramName, null, RequestLocation.Query, def); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey(paramName)); }
public void CustomTester_DynamicValue() { MockTestController mockTestController = new MockTestController(); string testRequest = "GET /search.jsp?query= HTTP/1.1\r\nDyn:__dynamic_value__ticks__\r\nHost: 127.0.0.1\r\n\r\n"; string paramName = "query"; CustomTestsFile file = GetCustomTestFile(); Tester tester = new Tester(mockTestController, file); CustomTestDef def = file.GetCustomTests()["Path Traversal"]; HttpRequestInfo original = new HttpRequestInfo(testRequest, true); Uri uri = new Uri(original.FullUrl); tester.ExecuteTests(testRequest, "", uri, paramName, null, RequestLocation.Query, def); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey(paramName)); Assert.AreEqual(1, mockTestController.MutatedRequests.Count, "Incorrect number of mutated requests"); HttpRequestInfo mutatedRequest = new HttpRequestInfo(mockTestController.MutatedRequests[0]); Assert.IsTrue(Utils.IsMatch(mutatedRequest.Headers["Dyn"], "\\d+"), "Incorrect dynamic header value"); }
private void LoadFile(string path) { bool loaded = true; _testFile = new CustomTestsFile(); CustomTestsFile file = new CustomTestsFile(); if (File.Exists(path)) { loaded = file.Load(path); } if (!loaded) { ErrorBox.ShowDialog("Could not load file"); return; } _testFile = file; _testFile.SetCustomTests(file.GetCustomTests()); _grid.SetValues((List <string>)_testFile.GetOption(CUSTOM_TESTS)); runAutomaticallyToolStripMenuItem.Checked = _testFile.AutoRunTests; _testRunner.SetTestFile(_testFile); }
public void Run() { _runnable = true; var customTests = _testFile.GetCustomTests().Values; Tester tester = new Tester(this, _testFile); if (_requestsToTest.Count == 0) { //load the requests to test foreach (var tvReqInfo in _selectedRequests) { _requestsToTest.Enqueue(tvReqInfo); } } _trafficFile.SetState(AccessorState.Loading); while (_runnable && _requestsToTest.Count > 0) { TVRequestInfo workingEntry = _requestsToTest.Peek(); //check the request; byte[] reqBytes = _trafficFile.LoadRequestData(workingEntry.Id); byte[] respBytes = _trafficFile.LoadResponseData(workingEntry.Id); HttpRequestInfo workingReqInfo = null; if (reqBytes == null) { Log("SELECT A NEW REQUEST"); _requestsToTest.Dequeue(); //remove the request; continue; } else { workingReqInfo = new HttpRequestInfo(reqBytes, true); workingReqInfo.IsSecure = workingEntry.IsHttps; } string rawRequest = workingReqInfo.ToString(); string rawResponse = respBytes != null?Constants.DefaultEncoding.GetString(respBytes) : String.Empty; if (ShouldBeTested(rawRequest, _testFile.GetAttackTargetList())) { MultiThreadedTestExecution testExecution = new MultiThreadedTestExecution(tester, rawRequest, rawResponse, new Uri(workingReqInfo.FullUrl), _testFile.NumberOfThreads); bool containsFuzz = rawRequest.Contains(Constants.FUZZ_STRING); foreach (CustomTestDef testDef in customTests) { if (containsFuzz) { testExecution.TestsQueue.Enqueue(new TestJob(String.Empty, String.Empty, RequestLocation.Path, testDef)); } else { //iterate through parameters, cookies and headers foreach (var parameter in workingReqInfo.PathVariables) { testExecution.TestsQueue.Enqueue(new TestJob(parameter.Key, parameter.Value, RequestLocation.Path, testDef)); } foreach (var parameter in workingReqInfo.QueryVariables) { testExecution.TestsQueue.Enqueue(new TestJob(parameter.Key, parameter.Value, RequestLocation.Query, testDef)); } foreach (var parameter in workingReqInfo.BodyVariables) { testExecution.TestsQueue.Enqueue(new TestJob(parameter.Key, parameter.Value, RequestLocation.Body, testDef)); } if (!_testFile.TestOnlyParameters) { foreach (var header in workingReqInfo.Headers) { if (!header.Name.Equals("Host")) { testExecution.TestsQueue.Enqueue(new TestJob(header.Name, header.Value, RequestLocation.Headers, testDef)); } } foreach (var cookie in workingReqInfo.Cookies) { testExecution.TestsQueue.Enqueue(new TestJob(cookie.Key, cookie.Value, RequestLocation.Cookies, testDef)); } } } testExecution.StartTestsAsync(); while (testExecution.IsRunning) { if (!_runnable) { testExecution.CancelTests(); } //wait for the test execution to complete Thread.Sleep(10); } } } if (_requestsToTest.Count > 0) { _requestsToTest.Dequeue(); } } //we also initialize all multi-step operations List <string> multiStepList = _testFile.GetMultiStepList(); _multiStepsToTest = new Queue <string>(); foreach (string path in multiStepList) { if (File.Exists(path)) { _multiStepsToTest.Enqueue(path); } else { SdkSettings.Instance.Logger.Log(TraceLevel.Error, "Multi-Step path '{0}' does not exist.", path); } } while (_multiStepsToTest.Count > 0) { if (!_runnable) { return; } string path = _multiStepsToTest.Peek(); bool isAbl = path.EndsWith(".login"); TrafficViewerFile htd = new TrafficViewerFile(); if (isAbl) { SdkSettings.Instance.Logger.Log(TraceLevel.Error, "ABL files are not supported"); continue; } else { htd.Open(path); } SequentialAttackProxy proxy = GetTestProxy(_netSettings, true) as SequentialAttackProxy; proxy.Start(); DefaultNetworkSettings netSettings = new DefaultNetworkSettings(); netSettings.WebProxy = new WebProxy(proxy.Host, proxy.Port); netSettings.CertificateValidationCallback = _netSettings.CertificateValidationCallback; RequestSender.RequestSender reqSender = new RequestSender.RequestSender(netSettings); do { reqSender.Send(htd); }while (!proxy.TestComplete && _runnable); proxy.Stop(); if (_runnable) { _multiStepsToTest.Dequeue(); } } _trafficFile.SetState(AccessorState.Idle); _runnable = false; }
private void TestSelectedRequests() { var customTests = _testFile.GetCustomTests().Values; Tester tester = new Tester(this, _testFile); if (_requestsToTest.Count == 0) { //load the requests to test foreach (var tvReqInfo in _selectedRequests) { _requestsToTest.Enqueue(tvReqInfo); } } _trafficFile.SetState(AccessorState.Loading); while (_runnable && _requestsToTest.Count > 0) { TVRequestInfo workingEntry = _requestsToTest.Peek(); //check the request; byte[] reqBytes = _trafficFile.LoadRequestData(workingEntry.Id); byte[] respBytes = _trafficFile.LoadResponseData(workingEntry.Id); HttpRequestInfo workingReqInfo = null; if (reqBytes == null) { Log("SELECT A NEW REQUEST"); _requestsToTest.Dequeue(); //remove the request; continue; } else { workingReqInfo = new HttpRequestInfo(reqBytes, true); workingReqInfo.IsSecure = workingEntry.IsHttps; } string rawRequest = workingReqInfo.ToString(); string rawResponse = respBytes != null?Constants.DefaultEncoding.GetString(respBytes) : String.Empty; if (ShouldBeTested(rawRequest, _testFile.GetAttackTargetList())) { MultiThreadedTestExecution testExecution = new MultiThreadedTestExecution(tester, rawRequest, rawResponse, new Uri(workingReqInfo.FullUrl), _testFile.NumberOfThreads); bool containsFuzz = rawRequest.Contains(Constants.FUZZ_STRING); foreach (CustomTestDef testDef in customTests) { if (containsFuzz) { testExecution.TestsQueue.Enqueue(new TestJob(String.Empty, String.Empty, RequestLocation.Path, testDef)); } else { //iterate through parameters, cookies and headers foreach (var parameter in workingReqInfo.PathVariables) { testExecution.TestsQueue.Enqueue(new TestJob(parameter.Key, parameter.Value, RequestLocation.Path, testDef)); } foreach (var parameter in workingReqInfo.QueryVariables) { testExecution.TestsQueue.Enqueue(new TestJob(parameter.Key, parameter.Value, RequestLocation.Query, testDef)); } foreach (var parameter in workingReqInfo.BodyVariables) { testExecution.TestsQueue.Enqueue(new TestJob(parameter.Key, parameter.Value, RequestLocation.Body, testDef)); } if (!_testFile.TestOnlyParameters) { foreach (var header in workingReqInfo.Headers) { if (!header.Name.Equals("Host")) { testExecution.TestsQueue.Enqueue(new TestJob(header.Name, header.Value, RequestLocation.Headers, testDef)); } } foreach (var cookie in workingReqInfo.Cookies) { testExecution.TestsQueue.Enqueue(new TestJob(cookie.Key, cookie.Value, RequestLocation.Cookies, testDef)); } } } } testExecution.StartTestsAsync(); while (testExecution.IsRunning) { if (!_runnable) { testExecution.CancelTests(); } //wait for the test execution to complete HttpServerConsole.Instance.WriteLine(LogMessageType.Notification, "Requests in queue: {0}, Tests in queue for current request: {1}.", _requestsToTest.Count, testExecution.TestsQueue.Count); Thread.Sleep(10); } HttpServerConsole.Instance.WriteLine(LogMessageType.Notification, "Test execution completed."); } if (_requestsToTest.Count > 0) { _requestsToTest.Dequeue(); } } }