/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void BT_Add_Click(object sender, EventArgs e)
{
String lType = RB_Inject.Checked ? "Inject" : "Redirect";
String lRequestedURL = TB_RequestedURL.Text;
String lRequestedHost = TB_RequestedHost.Text;
String lReplacementHost = TB_ReplacementHost.Text;
String lReplacementURL = TB_ReplacementURL.Text;
String lErrorMsg = String.Empty;
try
{
if (RB_Inject.Checked)
{
cTask.addRecord(lType, lRequestedHost, lRequestedURL, PluginParameters.HostApplication.GetCurrentIP().ToString(), Path.GetFileName(lReplacementURL), lReplacementURL);
}
else
{
cTask.addRecord(lType, lRequestedHost, lRequestedURL, lReplacementHost, lReplacementURL, String.Empty);
}
TB_RequestedHost.Text = String.Empty;
TB_RequestedURL.Text = String.Empty;
TB_ReplacementHost.Text = String.Empty;
TB_ReplacementURL.Text = String.Empty;
}
catch (Exception lEx)
{
PluginParameters.HostApplication.LogMessage(String.Format("{0}: {1}", Config.PluginName, lEx.Message));
MessageBox.Show(lEx.Message, "Warning", MessageBoxButtons.OK, MessageBoxIcon.Warning);
}
}
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void BT_Add_Click(object sender, EventArgs e)
{
String lHostName = TB_Host.Text.Trim();
String lIPAddress = TB_Address.Text.Trim();
try
{
cTask.addRecord(lHostName, lIPAddress);
}
catch (Exception lEx)
{
cPluginParams.HostApplication.LogMessage(String.Format("{0}: {1}", Config.PluginName, lEx.Message));
MessageBox.Show(String.Format("An error occurred while adding a record.\r\n{0}", lEx.Message), "Warning", MessageBoxButtons.OK, MessageBoxIcon.Warning);
}
}
/// <summary>
///
/// </summary>
public void ProcessEntries()
{
if (cDataBatch != null && cDataBatch.Count > 0)
{
List <IMAP4Account> lNewRecords = new List <IMAP4Account>();
List <String> lNewData;
String[] lSplitter;
String lProto;
String lSMAC;
String lSIP;
String lSPort;
String lDIP;
String lDPort;
String lData;
String lPassword;
String lServer;
lock (this)
{
lNewData = new List <String>(cDataBatch);
cDataBatch.Clear();
} // lock (this)...
List <IMAP4Account> lNewRecordsBatch = new List <IMAP4Account>();
foreach (String lEntry in lNewData)
{
if (!String.IsNullOrEmpty(lEntry))
{
try
{
if ((lSplitter = Regex.Split(lEntry, @"\|\|")).Length == 9)
{
lProto = lSplitter[0];
lSMAC = lSplitter[1];
lSIP = lSplitter[2];
lSPort = lSplitter[3];
lDIP = lSplitter[4];
lDPort = lSplitter[5];
lData = lSplitter[6];
lPassword = lSplitter[7];
lServer = lSplitter[8];
lNewRecordsBatch.Add(new IMAP4Account(lSMAC, lSIP, lDIP, lDPort, lData, lPassword, lServer));
} // if (lSplitter...
}
catch (Exception)
{
}
} // if (!String...
} // foreach (Str...
if (lNewRecordsBatch.Count > 0)
{
cTask.addRecord(lNewRecordsBatch);
}
} // if (cData...
}
/// <summary>
///
/// </summary>
/// <param name="pData"></param>
/// <param name="pSrcMAC"></param>
/// <param name="pSrcIP"></param>
/// <param name="pURL"></param>
/// <param name="pSessionName"></param>
/// <returns></returns>
private bool EvaluateSession(String pData, String pSrcMAC, String pSrcIP, String pURL, String pSessionName)
{
bool lRetVal = false;
String lCookies = String.Empty;
String lBrowser = String.Empty;
String lHost = String.Empty;
String lURI = String.Empty;
Match lMatchCookies;
Match lMatchBrowser;
Match lMatchURI;
Match lMatchHost;
if (((lMatchBrowser = Regex.Match(pData, @"\.\.User-Agent\s*:\s*(.*?)(\.\.|$)", RegexOptions.IgnoreCase))).Success &&
((lMatchCookies = Regex.Match(pData, @"\.\.Cookie\s*:\s*(.*?)(\.\.|$)", RegexOptions.IgnoreCase))).Success &&
((lMatchHost = Regex.Match(pData, @"\.\.Host\s*:\s*(.*?)(\.\.|$)", RegexOptions.IgnoreCase))).Success &&
((lMatchURI = Regex.Match(pData, @"GET\s+([^\s]+)\s+", RegexOptions.IgnoreCase))).Success)
{
/*
* Define connection data.
*/
lCookies = lMatchCookies.Groups[1].Value.ToString();
lBrowser = lMatchBrowser.Groups[1].Value.ToString();
if (pURL.Length > 0)
{
lHost = pURL;
}
else
{
lURI = lMatchURI.Groups[1].Value.ToString();
lHost = "http://" + lMatchHost.Groups[1].Value.ToString() + lURI;
}
if (lCookies.Length > 0 && lBrowser.Length > 0 && lHost.Length > 0)
{
if (IsInDGV(pSrcIP, lBrowser, lCookies) == false)
{
AddNode(pSessionName, pSrcIP, IL_Sessions.Images.IndexOfKey(pSessionName));
cTask.addRecord(new Session.Config.Session(pSrcMAC, pSrcIP, lHost, "80", lCookies, lBrowser, pSessionName));
}
} // if (lCookies.L...
} // if (((lMatc...
return(lRetVal);
}
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void BT_Add_Click(object sender, EventArgs e)
{
String lProtocol = CB_Protocol.Text;
String lSrcIP = CB_SrcIP.Text;
String lDstIP = CB_DstIP.Text;
String lSrcPortLowerStr = TB_SrcPortLower.Text;
String lSrcPortUpperStr = TB_SrcPortUpper.Text;
String lDstPortLowerStr = TB_DstPortLower.Text;
String lDstPortUpperStr = TB_DstPortUpper.Text;
try
{
cTask.addRecord(lProtocol, lSrcIP, lDstIP, lSrcPortLowerStr, lSrcPortUpperStr, lDstPortLowerStr, lDstPortUpperStr);
}
catch (Exception lEx)
{
PluginParameters.HostApplication.LogMessage(String.Format("{0}: {1}", Config.PluginName, lEx.Message));
MessageBox.Show(String.Format(lEx.Message, "Warning", MessageBoxButtons.OK, MessageBoxIcon.Warning));
}
}
/// <summary>
///
/// </summary>
public void ProcessEntries()
{
if (cDataBatch != null && cDataBatch.Count > 0)
{
List <DNSRequestRecord> lNewRecords = new List <DNSRequestRecord>();
List <String> lNewData;
String[] lSplitter;
String lProto = String.Empty;
String lSMAC = String.Empty;
String lSIP = String.Empty;
String lSrcPort = String.Empty;
String lDstIP = String.Empty;
String lDstPort = String.Empty;
String lHostName = String.Empty;
lock (this)
{
lNewData = new List <String>(cDataBatch);
cDataBatch.Clear();
} // lock (this)...
foreach (String lEntry in lNewData)
{
try
{
if (!String.IsNullOrEmpty(lEntry))
{
if ((lSplitter = Regex.Split(lEntry, @"\|\|")).Length == 7)
{
lProto = lSplitter[0];
lSMAC = lSplitter[1];
lSIP = lSplitter[2];
lSrcPort = lSplitter[3];
lDstIP = lSplitter[4];
lDstPort = lSplitter[5];
lHostName = lSplitter[6];
if (lDstPort != null && lDstPort == "53")
{
lNewRecords.Add(new DNSRequestRecord(lSMAC, lSIP, lHostName, lProto));
}
} // if (lSplitter...
} // if (pData.Le...
}
catch (Exception lEx)
{
if (PluginParameters.HostApplication != null)
{
PluginParameters.HostApplication.LogMessage(String.Format("{0}: {1}", Config.PluginName, lEx.Message));
}
}
} // foreach(...
if (lNewRecords.Count > 0)
{
try
{
cTask.addRecord(lNewRecords);
}
catch (Exception lEx)
{
if (PluginParameters.HostApplication != null)
{
PluginParameters.HostApplication.LogMessage(String.Format("{0}: {1} (Host name: \"{2}\")", Config.PluginName, lEx.Message, lHostName));
}
}
} // if (lNewR...
} // if (cDataBatch...
}
/// <summary>
///
/// </summary>
public void ProcessEntries()
{
if (cDataBatch != null && cDataBatch.Count > 0)
{
List <Account> lNewRecords = new List <Account>();
List <String> lNewData;
int lDstPortInt;
String[] lSplitter;
String lProto;
String lSMAC;
String lSIP;
String lSPort;
String lDIP;
String lDPort;
String lData;
lock (this)
{
lNewData = new List <String>(cDataBatch);
cDataBatch.Clear();
} // lock (this)...
foreach (String lEntry in lNewData)
{
try
{
if (!String.IsNullOrEmpty(lEntry))
{
if ((lSplitter = Regex.Split(lEntry, @"\|\|")).Length == 7)
{
lProto = lSplitter[0];
lSMAC = lSplitter[1];
lSIP = lSplitter[2];
lSPort = lSplitter[3];
lDIP = lSplitter[4];
lDPort = lSplitter[5];
lData = lSplitter[6];
/*
* HTML GET authentication strings
*/
sHTTPAccount lAuthData = new sHTTPAccount();
try
{
lAuthData = FindAuthString(lData);
}
catch (Exception lEx)
{
PluginParameters.HostApplication.LogMessage(String.Format("{0}: {1}", Config.PluginName, lEx.Message));
return;
}
if (lAuthData.CompanyURL.Length > 0 && lAuthData.Username.Length > 0 && lAuthData.Password.Length > 0)
{
if (!Int32.TryParse(lDPort, out lDstPortInt))
{
throw new Exception("Something is wrong with the remote port.");
}
else if (!Regex.Match(lDIP, @"^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$").Success&& !Regex.Match(lDIP, @"\.[\d\w]+").Success)
{
throw new Exception("Something is wrong with the remote system.");
}
lNewRecords.Add(new Account(lSMAC, lSIP, lAuthData.CompanyURL, lDPort, lAuthData.Username, lAuthData.Password));
} // if (lAuthData.Co...
} // if (lSplitter...
} // if (pData.Lengt ...
}
catch (Exception lEx)
{
PluginParameters.HostApplication.LogMessage(String.Format("{0} : {1}", Config.PluginName, lEx.Message));
}
} // foreach ...
if (lNewRecords.Count > 0)
{
cTask.addRecord(lNewRecords);
}
} // if (cDataBat...
}
/// <summary>
///
/// </summary>
public void ProcessEntries()
{
if (cDataBatch != null && cDataBatch.Count > 0)
{
List <SystemRecord> lNewRecords = new List <SystemRecord>();
List <String> lNewData;
Match lMatchUserAgent;
EntryType lEntryType;
DataGridViewRow lTabelRow;
String[] lSplitter;
String lProto;
String lSMAC;
String lSIP;
String lSPort;
String lDIP;
String lDPort;
String lData;
String lOperatingSystem = String.Empty;
String lUserAgent = String.Empty;
lock (this)
{
lNewData = new List <String>(cDataBatch);
cDataBatch.Clear();
} // lock (this)...
foreach (String lEntry in lNewData)
{
try
{
if (!String.IsNullOrEmpty(lEntry))
{
if ((lSplitter = Regex.Split(lEntry, @"\|\|")).Length == 7)
{
lProto = lSplitter[0];
lSMAC = lSplitter[1];
lSIP = lSplitter[2];
lSPort = lSplitter[3];
lDIP = lSplitter[4];
lDPort = lSplitter[5];
lData = lSplitter[6];
lSMAC = Regex.Replace(lSMAC, @"-", ":");
lEntryType = FullEntryExists(lSMAC, lSIP);
/*
* Determine the operating system due to the HTTP User-Agent string.
*/
if (((lMatchUserAgent = Regex.Match(lData, @"\.\.User-Agent\s*:\s*(.+?)\.\.", RegexOptions.IgnoreCase))).Success)
{
try
{
lUserAgent = lMatchUserAgent.Groups[1].Value.ToString();
lOperatingSystem = GetOperatingSystem(lUserAgent);
}
catch (Exception lEx)
{
cPluginParams.HostApplication.LogMessage(String.Format("{0}: {1}", Config.PluginName, lEx.Message));
}
/*
*
*/
try
{
if (lEntryType != EntryType.Full && lOperatingSystem.Length > 0)
{
if (lEntryType == EntryType.Empty)
{
lock (this)
{
cTask.addRecord(new SystemRecord(lSMAC, lSIP, lUserAgent, String.Empty, lOperatingSystem, String.Empty));
}
}
else if (lEntryType == EntryType.Half)
{
SetOS(lSMAC, lSIP, lOperatingSystem);
}
if ((lTabelRow = GetRowByMAC(lSMAC)) != null)
{
lTabelRow.Cells["OperatingSystem"].ToolTipText = lUserAgent;
}
}
else if (lSIP.Length > 0 && lSMAC.Length > 0)
{
cTask.addRecord(new SystemRecord(lSMAC, lSIP, lUserAgent, String.Empty, String.Empty, String.Empty));
}
}
catch (RecordException lEx)
{
cPluginParams.HostApplication.LogMessage(String.Format("{0}: {1}", Config.PluginName, lEx.Message));
}
catch (RecordExistsException lEx)
{
}
catch (Exception lEx)
{
cPluginParams.HostApplication.LogMessage(String.Format("{0}: {1}", Config.PluginName, lEx.Message));
}
/*
* The operating system cant be determined.
*/
}
else if (lEntryType == EntryType.Empty && lSIP.Length > 0 && lSMAC.Length > 0)
{
try
{
lock (this)
{
cTask.addRecord(new SystemRecord(lSMAC, lSIP, String.Empty, lUserAgent, String.Empty, String.Empty));
}
}
catch (RecordException)
{
}
} // if (lDstPort...
/*
* Updating LastSeen column.
*/
using (DataGridViewRow lRow = ListEntryExists(lSMAC))
{
if (lRow != null && lRow.Cells["LastSeen"] != null)
{
lRow.Cells["LastSeen"].Value = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
}
}
} // if (lSplit.Leng..
} // if (pData.Leng...
}
catch (Exception lEx)
{
MessageBox.Show(String.Format("{0} : {1}", Config.PluginName, lEx.ToString()));
}
} // foreach (St...
} // if (cDataBat...
}
/// <summary>
///
/// </summary>
public void ProcessEntries()
{
if (cDataBatch != null && cDataBatch.Count > 0)
{
List <ApplicationRecord> lNewRecords = new List <ApplicationRecord>();
List <String> lNewData;
Match lMatchURI;
Match lMatchHost;
String lRemoteHost = String.Empty;
String lReqString = String.Empty;
String lRemotePort = "0";
String lRemoteString = String.Empty;
String lProto = String.Empty;
String lSMAC = String.Empty;
String lSIP = String.Empty;
String lSPort = String.Empty;
String lDIP = String.Empty;
String lDPort = String.Empty;
String lData = String.Empty;
String[] lSplitter;
lock (this)
{
lNewData = new List <String>(cDataBatch);
cDataBatch.Clear();
} // lock (this)...
foreach (String lEntry in lNewData)
{
try
{
if (!String.IsNullOrEmpty(lEntry))
{
if ((lSplitter = Regex.Split(lEntry, @"\|\|")).Length == 7)
{
lProto = lSplitter[0];
lSMAC = lSplitter[1];
lSIP = lSplitter[2];
lSPort = lSplitter[3];
lDIP = lSplitter[4];
lDPort = lSplitter[5];
lData = lSplitter[6];
if (lProto == "TCP" && lDPort == "80" &&
((lMatchURI = Regex.Match(lData, @"(\s+|^)(GET|POST|HEAD)\s+([^\s]+)\s+HTTP\/"))).Success &&
((lMatchHost = Regex.Match(lData, @"\.\.Host\s*:\s*([\w\d\.]+?)\.\.", RegexOptions.IgnoreCase))).Success)
{
lRemotePort = "80";
lRemoteHost = lMatchHost.Groups[1].Value.ToString();
lReqString = lMatchURI.Groups[3].Value.ToString();
lRemoteString = lRemoteHost + ":" + lRemotePort + lReqString;
}
else if (lProto == "DNSREQ" && lDPort == "53")
{
lRemoteString = lData;
}
/*
* Browse through patterns to identify the app
*/
if (lRemoteString.Length > 5)
{
foreach (MngApplication.ApplicationPattern lPattern in cApplicationPatterns)
{
if (Regex.Match(lRemoteString, @lPattern.ApplicationPatternString).Success)
{
try
{
cTask.addRecord(new ApplicationRecord(lSMAC, lSIP, lDPort, lRemoteHost, lReqString, lPattern.ApplicationName, lPattern.CompanyURL));
}
catch (Exception lEx)
{
cPluginParams.HostApplication.LogMessage(String.Format("{0}: {1}", Config.PluginName, lEx.Message));
}
} // if (lSplit2.L...
} //foreach (st...
} // if (lRemoteString...
} // if (lSplitte...
} // if (pData.Leng...
}
catch (Exception lEx)
{
cPluginParams.HostApplication.LogMessage(String.Format("{0}: {1}", Config.PluginName, lEx.Message));
}
} // foreach (...
} // if (cDataBa...
}