public void CustomTestProxy_TestPatternEntityExclusion()
{
MockProxy mockSite;
string first, second, third;
InitMockSite(out mockSite, out first, out second, out third);
CustomTestsFile testFile = GetCustomTestFile();
TrafficViewerFile testDataStore = new TrafficViewerFile();
MockTestController mockTestController = new MockTestController();
testFile.PatternEntityExclusion = "p2";
DriveByAttackProxy testProxy = new DriveByAttackProxy(mockTestController, testFile, testDataStore);
testProxy.Start();
SendRequestThroughTestProxy(first, testProxy, mockSite);
SendRequestThroughTestProxy(second, testProxy, mockSite);
SendRequestThroughTestProxy(third, testProxy, mockSite);
Thread.Sleep(1000);
testProxy.Stop();
Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("p1"));
Assert.IsFalse(mockTestController.IssuesFound.ContainsKey("p2"));
}
public void CustomTestProxy_TestPatternToTest()
{
MockProxy mockSite;
string first, second, third;
InitMockSite(out mockSite, out first, out second, out third);
CustomTestsFile testFile = GetCustomTestFile();
TrafficViewerFile testDataStore = new TrafficViewerFile();
MockTestController mockTestController = new MockTestController();
var targetList = new Dictionary <string, AttackTarget>();
targetList.Add("r1", new AttackTarget("r1", "Enabled", "r1"));
testFile.SetAttackTargetList(targetList);
DriveByAttackProxy testProxy = new DriveByAttackProxy(mockTestController, testFile, testDataStore);
testProxy.Start();
SendRequestThroughTestProxy(first, testProxy, mockSite);
SendRequestThroughTestProxy(second, testProxy, mockSite);
SendRequestThroughTestProxy(third, testProxy, mockSite);
Thread.Sleep(1000);
testProxy.Stop();
Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("p1"));
Assert.IsFalse(mockTestController.IssuesFound.ContainsKey("p2"));
}
public BaseAttackProxy GetTestProxy(INetworkSettings networkSettings, bool isSequential)
{
BaseAttackProxy testProxy;
if (isSequential)
{
testProxy = new SequentialAttackProxy(this, _testFile, _trafficFile, TrafficViewerOptions.Instance.TrafficServerIp, TrafficViewerOptions.Instance.TrafficServerPort);
}
else
{
testProxy = new DriveByAttackProxy(this, _testFile, _trafficFile, TrafficViewerOptions.Instance.TrafficServerIp, TrafficViewerOptions.Instance.TrafficServerPort);
}
testProxy.NetworkSettings.WebProxy = networkSettings.WebProxy;
testProxy.NetworkSettings.CertificateValidationCallback = networkSettings.CertificateValidationCallback;
return(testProxy);
}
public void CustomTestProxy_TestJSValidation()
{
MockProxy mockSite = new MockProxy();
string testReq = "GET /r1?p1=test HTTP/1.1\r\n";
mockSite.MockSite.AddRequestResponse(testReq, "HTTP/1.1 200 OK\r\n\r\nFound user test");
mockSite.Start();
CustomTestsFile testFile = GetCustomTestFile();
var tests = testFile.GetCustomTests();
tests.Clear();
tests.Add("PathTraversal",
new CustomTestDef("PathTraversal", "Path Traversal",
"$original/" + MockTestController.PATH_TRAVERSAL,
"$js_code=function Callback(response){var found = false; if(response.indexOf('root')>-1) found=true; return found;}"));
testFile.SetCustomTests(tests);
testFile.Save();
TrafficViewerFile testDataStore = new TrafficViewerFile();
MockTestController mockTestController = new MockTestController(mockSite.MockSite);
var targetList = new Dictionary <string, AttackTarget>();
targetList.Add("r1", new AttackTarget("r1", "Enabled", "r1"));
testFile.SetAttackTargetList(targetList);
DriveByAttackProxy testProxy = new DriveByAttackProxy(mockTestController, testFile, testDataStore);
testProxy.Start();
SendRequestThroughTestProxy(testReq, testProxy, mockSite);
Thread.Sleep(100);
testProxy.Stop();
Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("p1"));
}
public IHttpProxy MakeProxy(string type)
{
HttpServerConsole.Instance.WriteLine(LogMessageType.Information, "Created proxy '{0}'", type);
string host = TrafficViewerOptions.Instance.TrafficServerIp;
int port = TrafficViewerOptions.Instance.TrafficServerPort;
int securePort = TrafficViewerOptions.Instance.TrafficServerPortSecure;
ITrafficDataAccessor dataStore = TrafficViewer.Instance.TrafficViewerFile;
var exploiter = new CustomTestsExploiter();
IHttpProxy result = null;
if (type.Equals(Resources.CaptureProxy))
{
result = new AdvancedExploreProxy(host, port, dataStore);
}
else if (type.Equals(Resources.DriveByAttackProxy))
{
result = new DriveByAttackProxy(exploiter, dataStore, host, port);
}
else if (type.Equals(Resources.SequentialAttackProxy))
{
result = new SequentialAttackProxy(exploiter, dataStore, host, port);
}
else if (type.Equals(Resources.ReverseProxy))
{
result = new ReverseProxy(host, port, securePort, dataStore);
}
else if (type.Equals(Resources.TrafficFileProxy))
{
result = new TrafficStoreProxy(dataStore, dataStore, host, port, securePort);
}
else if (type.Equals(Resources.BinaryReverseProxy))
{
result = new BinaryReverseProxy(host, port, securePort, dataStore);
}
else if (type.Equals(Resources.TrackingProxy))
{
result = new TrackingReverseProxy(host, port, securePort, dataStore);
}
if (result != null)
{
if (!(result is TrafficStoreProxy))
{
if (TrafficViewerOptions.Instance.UseProxy)
{
WebProxy proxy = new WebProxy(TrafficViewerOptions.Instance.HttpProxyServer, TrafficViewerOptions.Instance.HttpProxyPort);
result.NetworkSettings.WebProxy = proxy;
}
result.NetworkSettings.CertificateValidationCallback = new RemoteCertificateValidationCallback(SSLValidationCallback.ValidateRemoteCertificate);
}
if (result is BaseAttackProxy)
{
result.ExtraOptions[BaseAttackProxy.TEST_FILE_PATH] = Path.Combine(TrafficViewerOptions.TrafficViewerAppDataDir, "CustomTests.xml");
}
if (result is ReverseProxy || result is BinaryReverseProxy)
{
result.ExtraOptions[ReverseProxy.FORWARDING_HOST_OPT] = TrafficViewerOptions.Instance.ForwardingHost;
result.ExtraOptions[ReverseProxy.FORWARDING_PORT_OPT] = TrafficViewerOptions.Instance.ForwardingPort.ToString();
}
}
return(result);
}
private HttpResponseInfo StartProxy(HttpRequestInfo requestInfo)
{
IHttpProxy proxy;
//get the port from the url
string portString = null;
requestInfo.QueryVariables.TryGetValue("port", out portString);
//optional secret to protect the recording session
string secret = null;
requestInfo.QueryVariables.TryGetValue("secret", out secret);
//the host to record traffic for
string targetHost = null;
requestInfo.QueryVariables.TryGetValue("targetHost", out targetHost);
//whether to execute inline tests
string test = null;
requestInfo.QueryVariables.TryGetValue("test", out test);
int port;
if (int.TryParse(portString, out port) && port >= 0 && port <= 65535)
{
if (CollectorProxyList.Instance.ProxyList.ContainsKey(port))
{
return(GetResponse(400, "Bad Request", "Port in use."));
}
if (targetHost == null)
{
return(GetResponse(400, "Bad Request", "'targetHost' parameter is not specified."));
}
if (!Utils.IsMatch(targetHost, "^[\\w._-]+$") || !Utils.IsMatch(targetHost, TrafficCollectorSettings.Instance.AllowedHostsPattern))
{
return(GetResponse(400, "Bad Request", "Invalid target host!"));
}
try
{
TrafficViewerFile trafficFile = new TrafficViewerFile();
trafficFile.Profile = ParsingOptions.GetRawProfile();
//optional secret to prevent others stopping the recording
if (!String.IsNullOrWhiteSpace(secret))
{
trafficFile.Profile.SetSingleValueOption("secret", secret);
}
trafficFile.Profile.SetSingleValueOption("targetHost", targetHost);
if (test != null && test.Equals("true"))
{
CustomTestsFile testsFile = new CustomTestsFile();
testsFile.Load(TrafficCollectorSettings.Instance.TestFile);
Dictionary <string, AttackTarget> targetDef = new Dictionary <string, AttackTarget>();
targetDef.Add("targetHost", new AttackTarget("targetHost", "Enabled", String.Format("Host:\\s*{0}", targetHost)));
testsFile.SetAttackTargetList(targetDef);
proxy = new DriveByAttackProxy(new TestController(trafficFile), testsFile, trafficFile, TrafficCollectorSettings.Instance.Ip, port);
}
else
{
proxy = new AdvancedExploreProxy(TrafficCollectorSettings.Instance.Ip, port, trafficFile);
}
proxy.NetworkSettings.CertificateValidationCallback = new RemoteCertificateValidationCallback(CollectorAPIController.ValidateServerCertificate);
proxy.NetworkSettings.WebProxy = HttpWebRequest.GetSystemWebProxy();
proxy.Start();
CollectorProxyList.Instance.ProxyList.Add(proxy.Port, proxy);
}
catch (Exception ex)
{
return(GetResponse(500, "Unexpected error.", ex.Message));
}
}
else
{
return(GetResponse(400, "Bad Request", "Invalid 'port' parameter."));
}
return(GetResponse(200, "OK", "Proxy is listening on port: {0}.", proxy.Port));
}
private HttpResponseInfo StopProxy(HttpRequestInfo requestInfo)
{
string report = "";
//get the port from the url
string portString = null;
requestInfo.QueryVariables.TryGetValue("port", out portString);
//optional secret to protect the recording session
string secret = null;
requestInfo.QueryVariables.TryGetValue("secret", out secret);
//optional flag indicating if similar requests should be skiped
string skipSimilar = null;
requestInfo.QueryVariables.TryGetValue("skipSimilar", out skipSimilar);
//the file to save to
string fileName = null;
requestInfo.QueryVariables.TryGetValue("fileName", out fileName);
//optional parameter to cancel the scan
string cancel = null;
requestInfo.QueryVariables.TryGetValue("cancel", out cancel);
if (fileName == null)
{
//assign a random file name
fileName = DateTime.Now.Ticks.ToString();
}
if (!Utils.IsMatch(fileName, "^[\\w._-]+$"))
{
return(GetResponse(400, "Bad Request", "Invalid file name."));
}
int port;
if (int.TryParse(portString, out port))
{
if (!CollectorProxyList.Instance.ProxyList.ContainsKey(port))
{
return(GetResponse(400, "Bad Request", "Port not found."));
}
else
{
IHttpProxy proxy = CollectorProxyList.Instance.ProxyList[port];
TrafficViewerFile trafficFile = (proxy as ManualExploreProxy).TrafficDataStore as TrafficViewerFile;
//check the secret if it exists
string configuredSecret = trafficFile.Profile.GetOption("secret") as String;
if (!String.IsNullOrWhiteSpace(configuredSecret) && !configuredSecret.Equals(secret))
{
return(GetResponse(401, "Unauthorized", "Invalid secret."));
}
string filePath = Path.Combine(TrafficCollectorSettings.Instance.DumpDir, fileName + ".htd");
if (proxy is DriveByAttackProxy)
{
DriveByAttackProxy dProx = proxy as DriveByAttackProxy;
int requestsLeft = dProx.RequestsLeft;
if (requestsLeft > 0 && (cancel == null || !cancel.Equals("true")))
{
return(GetResponse(206, "Partial Content", "Please wait... {0} request(s) left, {1} test job(s) in queue", requestsLeft, dProx.TestCount));
}
else
{
int id = -1;
TVRequestInfo info = null;
report = "\r\n\r\nVulnerability List\r\n";
report += "============================\r\n";
int count = 0;
while ((info = trafficFile.GetNext(ref id)) != null)
{
if (info.Description.Contains("Vulnerability"))
{
count++;
report += String.Format("Request {0} - {1} ({2})\r\n", info.RequestLine, info.Description, info.Validation);
}
}
report += String.Format("Total: {0}\r\n", count);
}
}
if (File.Exists(filePath)) //load the existing file and check the secret
{
TrafficViewerFile existingFile = new TrafficViewerFile();
existingFile.Open(filePath);
configuredSecret = existingFile.Profile.GetOption("secret") as String;
existingFile.Close(false);
if (String.IsNullOrWhiteSpace(configuredSecret) || String.IsNullOrWhiteSpace(secret) || !configuredSecret.Equals(secret))
{
return(GetResponse(401, "Unauthorized", "Cannot override existing file."));
}
}
proxy.Stop();
CollectorProxyList.Instance.ProxyList.Remove(port);
if (trafficFile.RequestCount > 0)
{
if (skipSimilar != null && skipSimilar.Equals("true", StringComparison.OrdinalIgnoreCase))
{
trafficFile = removeSimilar(trafficFile);
}
trafficFile.Save(filePath);
report += String.Format("Traffic file saved at '{0}'\r\n", filePath);
}
else
{
report += "Nothing recorded.";
}
}
}
else
{
return(GetResponse(400, "Bad Request", "Invalid 'port' parameter."));
}
return(GetResponse(200, "OK", "Proxy stopped. {0}", report));
}
