public void attack()
{
DB.PagesManager pagesManager = new DB.PagesManager();
SqlInjectionAttack sql = new SqlInjectionAttack(this._profileID);
XssAttack xss = new XssAttack(this._profileID);
RfiAttack rfi = new RfiAttack(this._profileID);
//xss
if (this._xssTest)
{
if (!this.deepScan) // normal mode
{
xss.attackAllInputfields(this._url);
xss.attackAllQueryStrings(this._url);
}
else // deep scan mode
{
xss.attackEachInputfield(this._url);
xss.attackEachQueryString(this._url);
}
pagesManager.setHasXSSed(true, this._url);
}
// sql injection
if (this._sqlTest)
{
if (!this.deepScan)
{
sql.attackAllInputfields(this._url);
sql.attackAllQueryStrings(this._url);
}
else
{
sql.attackEachInputfield(this._url);
sql.attackEachQueryString(this._url);
}
pagesManager.setHasSQLInjection(true, this._url);
}
// rfi
if (this._rfiTest)
{
if (!this.deepScan)
{
rfi.attackAllInputfields(this._url);
rfi.attackAllQueryStrings(this._url);
}
else
{
rfi.attackEachInputfield(this._url);
rfi.attackEachQueryString(this._url);
}
pagesManager.setHasRFIed(true, this._url);
}
// update gui
GUIs.SharedVariables.myTestingForm.refreshExploits();
}
private void newScanPhase()
{
using (OleDbConnection con = new OleDbConnection(myConnectionString))
{
//fetch and analyse phase
using (OleDbCommand cmd = new OleDbCommand("SELECT * FROM `page` WHERE `profileID` = ? AND (IsNull(`pageContent`) OR `pageContent`='NULL')", con))
{
con.Open();
cmd.Parameters.AddWithValue("?", this._profileID);
using (OleDbDataReader dr = cmd.ExecuteReader())
{
if (dr.HasRows)
{
while (dr.Read())
{
if (_isStoped || _isPaused)
{
threadFinished();
return;
}
//fetch page content
GUIs.SharedVariables.myTestingForm.setStatus("fetching...");
Web.WebCrawler crawler = new Web.WebCrawler(dr.GetString(1));
DB.PagesManager pagesManager = new DB.PagesManager();
GUIs.SharedVariables.myTestingForm.displayOutputActivity("fetching the page : " + dr.GetString(1) + " \n\r");
string pageContent = crawler.fetchPage();
pagesManager.editPageContent(dr.GetString(1), pageContent);
if (_isStoped || _isPaused)
{
threadFinished();
return;
}
//analyse page
GUIs.SharedVariables.myTestingForm.setStatus("analaysing...");
GUIs.SharedVariables.myTestingForm.displayOutputActivity("analysing the page : " + dr.GetString(1) + " \n\r");
Web.HtmlParser parser = new Web.HtmlParser(dr.GetString(1), pageContent);
List<string> links = parser.getInternalLinks();
GUIs.SharedVariables.myTestingForm.displayOutputActivity("found (" + links.Count + ") links in the page : " + dr.GetString(1) + " \n\r");
foreach (string l in links)
{
if (!pagesManager.isPageExist(l.ToLower()))
{
pagesManager.addPage(l.ToLower(), this._profileID.ToString(), "NULL");
}
}
pagesManager.setHasAnalysed(true, dr.GetString(1));
if (_isStoped || _isPaused)
{
threadFinished();
return;
}
//attack page
GUIs.SharedVariables.myTestingForm.setStatus("attacking...");
FullAttack p = new FullAttack(this._profileID, dr.GetString(1), this._xssTest, this._sqlTest, this._rfiTest, this._deepScan);
p.attack();
}
}
else
{
threadFinished();
}
}
}
}
newScanPhase();
}
