Beispiel #1
0
        private void SaveTvf(object param)
        {
            string path = (string)param;

            _trafficViewerFile.EnableDefrag = true;
            _trafficViewerFile.Save(path);
        }
Beispiel #2
0
        private void StopClick(object sender, EventArgs e)
        {
            _abort            = true;
            _fuzzOn           = false;
            button1.ForeColor = Color.White;
            lock (_lock)
            {
                _payloads.Clear();
            }

            timer1.Stop();
            button2.Text    = "Saving...";
            button2.Enabled = false;
            _outputFile.SetState(AccessorState.Idle);
            string filePath = _fileSelector.Text;

            if (!String.IsNullOrWhiteSpace(filePath))
            {
                _outputFile.Save(filePath);
            }
            button1.Enabled       = true;
            button2.Enabled       = true;
            button2.Text          = "Stop and Save";
            _fileSelector.Enabled = true;
        }
Beispiel #3
0
        public void SaveAndOpen()
        {
            TrafficViewerFile tvf  = MakeDummyTrafficFile();
            TempFile          temp = new TempFile(".tvf");

            tvf.Save(temp.Path);
            tvf.Close(false);
            //verfiy that we can open
            tvf.Open(temp.Path);
            //run all validations
            ValidateASEFile(tvf);
            tvf.Close(false);
        }
Beispiel #4
0
        public void SaveAndOpen()
        {
            string expectedRequest  = "GET / HTTP/1.1";
            string expectedResponse = "HTTP/1.1 200 OK";

            TrafficViewerFile file = new TrafficViewerFile();
            int reqId = file.AddRequestResponse(expectedRequest, expectedResponse);

            file.GetRequestInfo(reqId).IsHttps = true;

            Assert.AreEqual(1, file.RequestCount);

            TempFile temp = new TempFile(".tvf");

            file.Save(temp.Path);
            //verify that the file can be saved
            Assert.IsTrue(File.Exists(temp.Path), "Cannot save the file");

            file.Close(false);

            //make a new file and verify we can open
            TrafficViewerFile file2 = new TrafficViewerFile();

            file2.Open(temp.Path);
            //verify actual file was open
            Assert.AreEqual(1, file2.RequestCount, "Incorrect request count after opening saved file");
            //verify request data is correct
            int           requestId = -1;
            TVRequestInfo info      = file2.GetNext(ref requestId);

            Assert.IsNotNull(info, "Cannot obtain request info");

            //veryfy transport info
            Assert.IsTrue(info.IsHttps);

            //verify request data
            string loadedRequest = Encoding.UTF8.GetString(file2.LoadRequestData(info.Id));

            Assert.AreEqual(expectedRequest, loadedRequest);

            string loadedResponse = Encoding.UTF8.GetString(file2.LoadResponseData(info.Id));

            Assert.AreEqual(expectedResponse, loadedResponse);


            file2.Close(false);
        }
Beispiel #5
0
        public void Clear()
        {
            TrafficViewerFile tvf  = MakeDummyTrafficFile();
            TempFile          temp = new TempFile(".tvf");

            tvf.Save(temp.Path);
            Assert.AreNotSame(0, tvf.RequestCount);

            tvf.Clear(false);

            Assert.AreEqual(0, tvf.RequestCount);
            int i = -1;

            Assert.IsNull(tvf.GetNext(ref i));

            tvf.Close(false);
        }
Beispiel #6
0
        private void StartClick(object sender, EventArgs e)
        {
            if (_fuzzOn)
            {
                return;
            }

            _options.MatchPattern   = _textPattern.Text;
            _options.ReversePattern = _reversePattern.Checked;


            GenerateRequestsToFuzz();


            ErrorBox error = new ErrorBox();

            if (!String.IsNullOrWhiteSpace(_fileSelector.Text))
            {
                _outputFile = new TrafficViewerFile();
                _outputFile.Save(_fileSelector.Text);
                if (!File.Exists(_fileSelector.Text))
                {
                    error.Show("Invalid result file location");
                    return;
                }
                _options.OutputFile = _fileSelector.Text;
            }
            else
            {
                _outputFile = TrafficViewer.Instance.TrafficViewerFile;
                _outputFile.SetState(AccessorState.Tailing);
            }

            if (!int.TryParse(_textNumThreads.Text, out _numThreads))
            {
                error.Show("Invalid number of threads specified");

                return;
            }
            _options.NumberOfThreads = _numThreads;
            _options.Save();
            GenerateAndRunPayloads();
        }
Beispiel #7
0
        public void TestEncryptedRequest()
        {
            TrafficViewerFile file      = new TrafficViewerFile();
            string            request1  = "GET /unencrypted HTTP/1.1";
            string            request2  = "GET /encrypted\r\n\r\nsecret=123456789 HTTP/1.1";
            string            response1 = "HTTP 200 OK\r\n\r\nUnencrypted Response";
            string            response2 = "HTTP 200 OK\r\n\r\nEncrypted Response (secret 1234567789)";

            file.AddRequestResponse(request1, response1);
            file.AddRequestResponse(request2, response2);

            var reqInfo = file.GetRequestInfo(1);

            Assert.IsFalse(reqInfo.IsEncrypted, "Default should be unencrypted");
            reqInfo.IsEncrypted = true;
            //resave the request
            file.SaveRequestResponse(1, request2, response2);
            TempFile tempFile = new TempFile();

            file.EnableDefrag = true; //defrag the raw file
            file.Save(tempFile.Path);

            file = new TrafficViewerFile();

            file.Open(tempFile.Path);


            Assert.IsFalse(file.GetRequestInfo(0).IsEncrypted, "First request should not be encrypted");
            Assert.IsTrue(file.GetRequestInfo(1).IsEncrypted, "Second request should be encrypted");


            string testRequest = Constants.DefaultEncoding.GetString(file.LoadRequestData(1));

            Assert.AreEqual(request2, testRequest);

            string testResponse = Constants.DefaultEncoding.GetString(file.LoadResponseData(1));

            Assert.AreEqual(response2, testResponse);
            file.Close(false);
            File.Delete(tempFile.Path);
        }
Beispiel #8
0
        static void Main(string[] args)
        {
            TrafficViewerFile file = new TrafficViewerFile();

            file.Profile.SetExclusions((IEnumerable <string>) new string[2]
            {
                "\\.(js|axd|zip|Z|tar|t?gz|sit|cab|pdf|ps|doc|ppt|xls|rtf|dot|mp(p|t|d|e|a|3|4|ga)|m4p|mdb|csv|pp(s|a)|xl(w|a)|dbf|slk|prn|dif|avi|mpe?g|mov(ie)?|qt|moov|rmi?|as(f|x)|m1v|wm(v|f|a)|wav|ra|au|aiff|midi?|m3u|gif|jpe?g|bmp|png|tif?f|ico|pcx|css|xml|dll)\\b",
                ConvertorProperties.ExcludedDomainsFromRecordingPattern
            });


            try
            {
                // Create an instance of StreamReader to read from a file.
                // The using statement also closes the StreamReader.
                using (StreamReader sr = new StreamReader(args[0]))
                {
                    String line;
                    // Read and display lines from the file until the end of
                    // the file is reached.
                    while ((line = sr.ReadLine()) != null)
                    {
                        Har har             = JsonConvert.DeserializeObject <Har>(line);
                        int requestHeaderId = 0;
                        int counter         = 0;
                        foreach (Entry tempEntry in har.log.entries)
                        {
                            if (HtdConvertorUtil.isRelevantRequest(tempEntry))
                            {
                                counter++;
                                requestHeaderId = file.AddRequestResponse(tempEntry.request.ToString(), tempEntry.response.ToString());

                                if (tempEntry.request.postData != null)
                                {
                                    Console.WriteLine(tempEntry.request.postData.ToString());
                                }

                                file.GetRequestInfo(requestHeaderId).Description = "AppScan Proxy Request to Server";

                                if (tempEntry.request.isHttps)
                                {
                                    file.GetRequestInfo(requestHeaderId).IsHttps = true;
                                }
                            }
                        }
                        Console.WriteLine(counter);
                    }
                }


                file.Save(args[1]);
                file.Close(false);
                Console.WriteLine("Recording has been done");
                //Console.ReadLine();
            }
            catch (Exception e)
            {
                // Let the user know what went wrong.
                Console.WriteLine("The file could not be read:");
                Console.WriteLine(e.Message);
            }
        }
Beispiel #9
0
        /// <summary>
        /// Stops a manual explore proxy on the specified port and then save the resulting traffic file if specified
        /// </summary>
        /// <param name="port">The corresponding proxy port</param>
        /// <param name="fileName">Optional - The file name to use. If not provided no file will get created.</param>
        public void StopManualExploreProxy(int port, string fileName = null)
        {
            if (!_manualExploreProxies.ContainsKey(port))
            {
                _logWriter.Log(TraceLevel.Error, "Can't stop proxy on port {0}. Not found.", port);
                throw new HttpProxyException(HttpStatusCode.NotFound, "Proxy not found on the specified port", ServiceCode.CommandProxyStopCannotFindPort);
            }

            bool saveFile = !String.IsNullOrWhiteSpace(fileName);

            string absolutePath = null;

            if (saveFile)             //we need to save a file name after stopping, perform validations on the file name
            {
                if (fileName.IndexOfAny(Path.GetInvalidFileNameChars()) >= 0 || fileName.IndexOfAny(Path.GetInvalidPathChars()) >= 0)
                {
                    //invalid file name
                    _logWriter.Log(TraceLevel.Error, "Invalid characters in file name: {0}", fileName);
                    throw new HttpProxyException(HttpStatusCode.BadRequest, "Invalid file name", ServiceCode.CommandProxyStopInvalidFileName);
                }

                //now generate full path and check it
                string fullPath = Path.Combine(_filesDirectory, String.Format("{0}.{1}", fileName, _recordingType));

                absolutePath = Path.GetFullPath(fullPath);

                if (!fullPath.StartsWith(_filesDirectory))
                {
                    //path traversal attempt
                    _logWriter.Log(TraceLevel.Error, "Directory traversal attempted with file name: {0}", fileName);
                    throw new HttpProxyException(HttpStatusCode.BadRequest, "Directory traversal", ServiceCode.ProxyInternalError);
                }

                //check if the file already exists
                if (File.Exists(fullPath))
                {
                    _logWriter.Log(TraceLevel.Error, "File {0} already exists.", fileName);
                    throw new HttpProxyException(HttpStatusCode.Forbidden, "File already exists", ServiceCode.CommandProxyStopFileExists);
                }
            }

            ManualExploreProxy proxy = _manualExploreProxies[port];

            try
            {
                proxy.Stop();
                //remove the proxy from the list of existing proxies
                _manualExploreProxies.Remove(port);
            }
            catch (Exception ex)
            {
                _logWriter.Log(TraceLevel.Error, "Internal error trying to stop a proxy: {0}", ex);
                throw new HttpProxyException(HttpStatusCode.InternalServerError, "Internal error trying to stop a proxy", ServiceCode.ProxyInternalError);
            }

            if (!saveFile)
            {
                _logWriter.Log(TraceLevel.Verbose,
                               "No file name was specified. Discarding the data for proxy started on port {0}", port);
                //we are done here
                return;
            }

            //file path is fine
            try
            {
                TrafficViewerFile htd = (TrafficViewerFile)proxy.TrafficDataStore;
                if (_recordingType.Equals(Constants.HTD_STRING))
                {
                    htd.Save(absolutePath);
                }
                else if (_recordingType.Equals(Constants.EXD_STRING))
                {
                    ManualExploreExporter exporter = new ManualExploreExporter();
                    Stream exportStream            = new FileStream(absolutePath, FileMode.CreateNew);
                    exporter.Export(htd, exportStream);
                    exportStream.Close();
                }
            }
            catch (Exception ex)
            {
                _logWriter.Log(TraceLevel.Error, "An exception occured saving traffic file: {0}", ex);
                throw new HttpProxyException(HttpStatusCode.InternalServerError, "Cannot save file", ServiceCode.ProxyInternalError);
            }
        }
Beispiel #10
0
        private HttpResponseInfo StopProxy(HttpRequestInfo requestInfo)
        {
            string report = "";
            //get the port from the url
            string portString = null;

            requestInfo.QueryVariables.TryGetValue("port", out portString);
            //optional secret to protect the recording session
            string secret = null;

            requestInfo.QueryVariables.TryGetValue("secret", out secret);
            //optional flag indicating if similar requests should be skiped
            string skipSimilar = null;

            requestInfo.QueryVariables.TryGetValue("skipSimilar", out skipSimilar);
            //the file to save to
            string fileName = null;

            requestInfo.QueryVariables.TryGetValue("fileName", out fileName);
            //optional parameter to cancel the scan
            string cancel = null;

            requestInfo.QueryVariables.TryGetValue("cancel", out cancel);

            if (fileName == null)
            {
                //assign a random file name
                fileName = DateTime.Now.Ticks.ToString();
            }

            if (!Utils.IsMatch(fileName, "^[\\w._-]+$"))
            {
                return(GetResponse(400, "Bad Request", "Invalid file name."));
            }

            int port;

            if (int.TryParse(portString, out port))
            {
                if (!CollectorProxyList.Instance.ProxyList.ContainsKey(port))
                {
                    return(GetResponse(400, "Bad Request", "Port not found."));
                }
                else
                {
                    IHttpProxy        proxy       = CollectorProxyList.Instance.ProxyList[port];
                    TrafficViewerFile trafficFile = (proxy as ManualExploreProxy).TrafficDataStore as TrafficViewerFile;

                    //check the secret if it exists
                    string configuredSecret = trafficFile.Profile.GetOption("secret") as String;
                    if (!String.IsNullOrWhiteSpace(configuredSecret) && !configuredSecret.Equals(secret))
                    {
                        return(GetResponse(401, "Unauthorized", "Invalid secret."));
                    }

                    string filePath = Path.Combine(TrafficCollectorSettings.Instance.DumpDir, fileName + ".htd");


                    if (proxy is DriveByAttackProxy)
                    {
                        DriveByAttackProxy dProx = proxy as DriveByAttackProxy;
                        int requestsLeft         = dProx.RequestsLeft;
                        if (requestsLeft > 0 && (cancel == null || !cancel.Equals("true")))
                        {
                            return(GetResponse(206, "Partial Content", "Please wait... {0} request(s) left, {1} test job(s) in queue", requestsLeft, dProx.TestCount));
                        }
                        else
                        {
                            int           id   = -1;
                            TVRequestInfo info = null;
                            report  = "\r\n\r\nVulnerability List\r\n";
                            report += "============================\r\n";
                            int count = 0;
                            while ((info = trafficFile.GetNext(ref id)) != null)
                            {
                                if (info.Description.Contains("Vulnerability"))
                                {
                                    count++;
                                    report += String.Format("Request {0} - {1} ({2})\r\n", info.RequestLine, info.Description, info.Validation);
                                }
                            }
                            report += String.Format("Total: {0}\r\n", count);
                        }
                    }

                    if (File.Exists(filePath)) //load the existing file and check the secret
                    {
                        TrafficViewerFile existingFile = new TrafficViewerFile();
                        existingFile.Open(filePath);
                        configuredSecret = existingFile.Profile.GetOption("secret") as String;
                        existingFile.Close(false);

                        if (String.IsNullOrWhiteSpace(configuredSecret) || String.IsNullOrWhiteSpace(secret) || !configuredSecret.Equals(secret))
                        {
                            return(GetResponse(401, "Unauthorized", "Cannot override existing file."));
                        }
                    }


                    proxy.Stop();
                    CollectorProxyList.Instance.ProxyList.Remove(port);
                    if (trafficFile.RequestCount > 0)
                    {
                        if (skipSimilar != null && skipSimilar.Equals("true", StringComparison.OrdinalIgnoreCase))
                        {
                            trafficFile = removeSimilar(trafficFile);
                        }

                        trafficFile.Save(filePath);

                        report += String.Format("Traffic file saved at '{0}'\r\n", filePath);
                    }
                    else
                    {
                        report += "Nothing recorded.";
                    }
                }
            }
            else
            {
                return(GetResponse(400, "Bad Request", "Invalid 'port' parameter."));
            }

            return(GetResponse(200, "OK", "Proxy stopped. {0}", report));
        }