/// <summary>
/// Injects Casaba Request Sessions into Fiddler..
/// </summary>
/// <param name="?"></param>
/// <returns></returns>
public static void CasabaSessionFiddlerInjector(Secsay.Session s)
{
Fiddler.HTTPRequestHeaders reqHeaders = new Fiddler.HTTPRequestHeaders();
StringDictionary flags = new StringDictionary();
string sc;
foreach (string key in s.Request.Headers.Keys)
{
List <string> values = s.Request.Headers[key];
foreach (string v in values)
{
reqHeaders.Add(key, v);
}
}
reqHeaders.RequestPath = s.Request.Path;
reqHeaders.HTTPMethod = s.Request.HttpMethod;
if (s.ContainsCodePoint)
{
sc = s.Chr.ToString(); //Here and i put the code point as text string..
}
else
{
sc = "";
}
flags[UASettings.casabaFlag] = sc;
Fiddler.FiddlerApplication.oProxy.InjectCustomRequest(reqHeaders, s.Request.BodyBytes, flags);
}
static Fiddler.Session CreateFiddlerSessionFromRequestString(string RequestString)
{
string[] RequestParts = RequestString.Split(new string[] { "\r\n\r\n" }, 2, StringSplitOptions.RemoveEmptyEntries);
Fiddler.HTTPRequestHeaders RequestHeaders = new Fiddler.HTTPRequestHeaders();
RequestHeaders.AssignFromString(RequestParts[0] + "\r\n\r\n");
byte[] RequestBody = new byte[] { };
if (RequestParts.Length > 1)
{
RequestBody = Encoding.GetEncoding("ISO-8859-1").GetBytes(RequestParts[1]);
}
Fiddler.Session Sess = new Fiddler.Session(RequestHeaders, RequestBody);
return(Sess);
}
/// <summary>
/// devleuve las cookies de manera amigable para imprimir
/// </summary>
/// <param name="hTTPRequestHeaders"></param>
/// <returns></returns>
internal static string GetCookiesFriendly(Fiddler.HTTPRequestHeaders hTTPRequestHeaders)
{
var result = "Send Cookies= ";
foreach (Fiddler.HTTPHeaderItem item in hTTPRequestHeaders)
{
if (item.Name.ToLower().Contains("cookie"))
{
result += item.Value;
}
}
return(OpenSTAUtils.SplitCommentIfNecesary(result));
}
/// <summary>
/// Devuelve un string con las cookies parametrizadas y agrega variables si es necesario
/// </summary>
/// <param name="hTTPRequestHeaders"></param>
/// <param name="scriptSCL"></param>
/// <returns></returns>
internal static string GetCookies(Fiddler.HTTPRequestHeaders hTTPRequestHeaders, ScriptSCL scriptSCL)
{
const string inicial = "\t\"Cookie: ";
var result = inicial;
//llamar a OpenSTAUtils para que corte el stirng si es necesario
foreach (Fiddler.HTTPHeaderItem item in hTTPRequestHeaders)
{
if (!item.Name.ToLower().Contains("cookie"))
{
continue;
}
var cookies = item.Value.Split(';');
foreach (var cookie in cookies)
{
if (cookie.Contains("__utm") || BuscarEnArchivoCookies(cookie))
{//cookies de analitics o blacklisteadas
result += cookie + ";";
}
else
{
var cookieName = cookie.Split('=')[0];
//string cookieValue = cookie.Split('=')[1];
var var = new Variable(cookieName, "CHARACTER*1024", VariablesScopes.Local);
scriptSCL.AddVariable(var);
result += "\"+" + var.Name + "+\";";
}
}
}
if (result.EndsWith("+\";"))
{
result = result.Substring(0, result.Length - "+\";".Length);
}
else // NP 15/07/2013 si termina con una cookie de google analytics le saco el ; final y le cierro las comillas
{
result = result.Substring(0, result.Length - 1);
result += "\"";
}
if (result == inicial)
{
result = result + "\"";
}
result = OpenSTAUtils.SplitStringIfNecesary(result, "\t\t\t");
return(result);
}
internal Fiddler.HTTPRequestHeaders GetFiddlerHTTPRequestHeaders()
{
Fiddler.HTTPRequestHeaders HRH = new Fiddler.HTTPRequestHeaders();
HRH.HTTPMethod = this.Method;
HRH.HTTPVersion = this.HTTPVersion;
HRH.RequestPath = this.URL;
if (this.SSL)
{
HRH.UriScheme = "https";
}
else
{
HRH.UriScheme = "http";
}
foreach (string Key in Headers.GetNames())
{
foreach (string Value in Headers.GetAll(Key))
{
HRH.Add(Key, Value);
}
}
return(HRH);
}
/// <summary>
/// Injects Casaba Request Sessions into Fiddler..
/// </summary>
/// <param name="?"></param>
/// <returns></returns>
public static void CasabaSessionFiddlerInjector(Secsay.Session s)
{
Fiddler.HTTPRequestHeaders reqHeaders = new Fiddler.HTTPRequestHeaders();
StringDictionary flags = new StringDictionary();
string sc;
foreach (string key in s.Request.Headers.Keys)
{
List<string> values = s.Request.Headers[key];
foreach (string v in values)
{
reqHeaders.Add(key, v);
}
}
reqHeaders.RequestPath = s.Request.Path;
reqHeaders.HTTPMethod = s.Request.HttpMethod;
if (s.ContainsCodePoint)
sc = s.Chr.ToString(); //Here and i put the code point as text string..
else
sc = "";
flags[UASettings.casabaFlag] = sc;
Fiddler.FiddlerApplication.oProxy.InjectCustomRequest(reqHeaders, s.Request.BodyBytes, flags);
}
static Fiddler.Session CreateFiddlerSessionFromRequestString(string RequestString)
{
string[] RequestParts = RequestString.Split(new string[] { "\r\n\r\n" }, 2, StringSplitOptions.RemoveEmptyEntries);
Fiddler.HTTPRequestHeaders RequestHeaders = new Fiddler.HTTPRequestHeaders();
RequestHeaders.AssignFromString(RequestParts[0] + "\r\n\r\n");
byte[] RequestBody = new byte[] { };
if (RequestParts.Length > 1)
{
RequestBody = Encoding.GetEncoding("ISO-8859-1").GetBytes(RequestParts[1]);
}
Fiddler.Session Sess = new Fiddler.Session(RequestHeaders, RequestBody);
return Sess;
}
public Response Send()
{
StringDictionary Flags = new StringDictionary();
string BuiltBy;
if(this.Source == RequestSource.Scan)
{
BuiltBy = "Scan";
this.ID = Interlocked.Increment(ref Config.PluginRequestsCount);
Flags.Add("IronFlag-ScanID", this.ScanID.ToString());
}
else if(this.Source == RequestSource.Probe)
{
BuiltBy = "Probe";
this.ID = Interlocked.Increment(ref Config.ProbeRequestsCount);
}
else if (this.Source == RequestSource.Stealth)
{
BuiltBy = "Stealth";
this.ID = Interlocked.Increment(ref Config.StealthRequestsCount);
}
else
{
BuiltBy = "Shell";
this.ID = Interlocked.Increment(ref Config.ShellRequestsCount);
}
Flags.Add("IronFlag-BuiltBy", BuiltBy);
Flags.Add("IronFlag-ID", this.ID.ToString());
Fiddler.HTTPRequestHeaders ReqHeaders = new Fiddler.HTTPRequestHeaders();
ReqHeaders.HTTPMethod = this.Method;
ReqHeaders.HTTPVersion = this.HTTPVersion;
ReqHeaders.RequestPath = this.URL;
if (this.SSL)
{
ReqHeaders.UriScheme = "https";
}
else
{
ReqHeaders.UriScheme = "http";
}
foreach (string Name in this.Headers.GetNames())
{
foreach (string Value in this.headers.GetAll(Name))
{
ReqHeaders.Add(Name, Value);
}
}
this.MSR = new ManualResetEvent(false);
string DictID = this.ID.ToString() + "-" + BuiltBy;
this.TimeObject = DateTime.Now;
lock (Config.APIResponseDict)
{
Config.APIResponseDict.Add(DictID, this);
}
if (this.HasBody)
{
Fiddler.FiddlerApplication.oProxy.InjectCustomRequest(ReqHeaders, this.bodyArray, Flags);
}
else
{
string RequestStringForFiddler = this.GetHeadersAsString();
Fiddler.FiddlerApplication.oProxy.InjectCustomRequest(RequestStringForFiddler, Flags);
}
this.MSR.WaitOne();
lock (Config.APIResponseDict)
{
Config.APIResponseDict.Remove(DictID);
}
if (this.response.Code == 502 && this.response.Status.StartsWith("Fiddler - "))
{
throw new Exception(this.response.Status.Replace("Fiddler - ",""));
}
return this.response;
}
internal Fiddler.HTTPRequestHeaders GetFiddlerHTTPRequestHeaders()
{
Fiddler.HTTPRequestHeaders HRH = new Fiddler.HTTPRequestHeaders();
HRH.HTTPMethod = this.Method;
HRH.HTTPVersion = this.HTTPVersion;
HRH.RequestPath = this.URL;
if (this.SSL)
{
HRH.UriScheme = "https";
}
else
{
HRH.UriScheme = "http";
}
foreach (string Key in Headers.GetNames())
{
foreach (string Value in Headers.GetAll(Key))
{
HRH.Add(Key, Value);
}
}
return HRH;
}
public Response Send()
{
if (!IronProxy.ProxyRunning)
{
throw new Exception("IronWASP Proxy is currently not running. IronWASP cannot send Requests unless the Proxy is started. Please go to the Proxy section of IronWASP and click on the 'Start Proxy' button to fix this problem.");
}
this.response = null;
StringDictionary Flags = new StringDictionary();
string BuiltBy;
if(this.Source == RequestSource.Scan)
{
BuiltBy = "Scan";
this.ID = Interlocked.Increment(ref Config.ScanRequestsCount);
Flags.Add("IronFlag-ScanID", this.ScanID.ToString());
}
else if(this.Source == RequestSource.Probe)
{
BuiltBy = "Probe";
this.ID = Interlocked.Increment(ref Config.ProbeRequestsCount);
}
else if (this.Source == RequestSource.Stealth)
{
BuiltBy = "Stealth";
this.ID = Interlocked.Increment(ref Config.StealthRequestsCount);
}
else if (this.Source == RequestSource.Shell)
{
BuiltBy = "Shell";
this.ID = Interlocked.Increment(ref Config.ShellRequestsCount);
}
else
{
BuiltBy = this.Source;
this.ID = Config.GetNewId(this.Source);
}
Flags.Add("IronFlag-BuiltBy", BuiltBy);
Flags.Add("IronFlag-ID", this.ID.ToString());
if(this.CanRunPassivePlugins)
Flags.Add("IronFlag-RunPassivePlugins", "1");
else
Flags.Add("IronFlag-RunPassivePlugins", "0");
Fiddler.HTTPRequestHeaders ReqHeaders = new Fiddler.HTTPRequestHeaders();
ReqHeaders.HTTPMethod = this.Method;
ReqHeaders.HTTPVersion = this.HTTPVersion;
ReqHeaders.RequestPath = this.URL;
if (this.SSL)
{
ReqHeaders.UriScheme = "https";
}
else
{
ReqHeaders.UriScheme = "http";
}
foreach (string Name in this.Headers.GetNames())
{
foreach (string Value in this.headers.GetAll(Name))
{
ReqHeaders.Add(Name, Value);
}
}
this.MSR = new ManualResetEvent(false);
string DictID = string.Format("{0}-{1}", this.ID, BuiltBy);
this.TimeObject = DateTime.Now;
lock (Config.APIResponseDict)
{
Config.APIResponseDict.Add(DictID, this);
}
if (this.HasBody)
{
Fiddler.FiddlerApplication.oProxy.InjectCustomRequest(ReqHeaders, this.bodyArray, Flags);
}
else
{
string RequestStringForFiddler = this.GetHeadersAsString();
Fiddler.FiddlerApplication.oProxy.InjectCustomRequest(RequestStringForFiddler, Flags);
}
this.MSR.WaitOne();
lock (Config.APIResponseDict)
{
Config.APIResponseDict.Remove(DictID);
}
if (this.response.Code == 502 && this.response.Status.StartsWith("Fiddler - "))
{
throw new Exception(this.response.Status.Replace("Fiddler - ",""));
}
return this.response;
}
public Response Send()
{
StringDictionary Flags = new StringDictionary();
string BuiltBy;
if (this.Source == RequestSource.Scan)
{
BuiltBy = "Scan";
this.ID = Interlocked.Increment(ref Config.ScanRequestsCount);
Flags.Add("IronFlag-ScanID", this.ScanID.ToString());
}
else if (this.Source == RequestSource.Probe)
{
BuiltBy = "Probe";
this.ID = Interlocked.Increment(ref Config.ProbeRequestsCount);
}
else if (this.Source == RequestSource.Stealth)
{
BuiltBy = "Stealth";
this.ID = Interlocked.Increment(ref Config.StealthRequestsCount);
}
else
{
BuiltBy = "Shell";
this.ID = Interlocked.Increment(ref Config.ShellRequestsCount);
}
Flags.Add("IronFlag-BuiltBy", BuiltBy);
Flags.Add("IronFlag-ID", this.ID.ToString());
Fiddler.HTTPRequestHeaders ReqHeaders = new Fiddler.HTTPRequestHeaders();
ReqHeaders.HTTPMethod = this.Method;
ReqHeaders.HTTPVersion = this.HTTPVersion;
ReqHeaders.RequestPath = this.URL;
if (this.SSL)
{
ReqHeaders.UriScheme = "https";
}
else
{
ReqHeaders.UriScheme = "http";
}
foreach (string Name in this.Headers.GetNames())
{
foreach (string Value in this.headers.GetAll(Name))
{
ReqHeaders.Add(Name, Value);
}
}
this.MSR = new ManualResetEvent(false);
string DictID = this.ID.ToString() + "-" + BuiltBy;
this.TimeObject = DateTime.Now;
lock (Config.APIResponseDict)
{
Config.APIResponseDict.Add(DictID, this);
}
if (this.HasBody)
{
Fiddler.FiddlerApplication.oProxy.InjectCustomRequest(ReqHeaders, this.bodyArray, Flags);
}
else
{
string RequestStringForFiddler = this.GetHeadersAsString();
Fiddler.FiddlerApplication.oProxy.InjectCustomRequest(RequestStringForFiddler, Flags);
}
this.MSR.WaitOne();
lock (Config.APIResponseDict)
{
Config.APIResponseDict.Remove(DictID);
}
if (this.response.Code == 502 && this.response.Status.StartsWith("Fiddler - "))
{
throw new Exception(this.response.Status.Replace("Fiddler - ", ""));
}
return(this.response);
}
internal Fiddler.Session ReturnAsFiddlerSession()
{
Fiddler.HTTPRequestHeaders HRH = this.GetFiddlerHTTPRequestHeaders();
Fiddler.Session Sess = new Fiddler.Session(HRH, this.bodyArray);
return(Sess);
}
