public Recording(Analysis.LogAssociations LoginLogAssos, string Uname, string Pwd, string CsrfParaName) { this.LoginAssociations = LoginLogAssos; this.Username = Uname; this.Password = Pwd; this.intCsrfParameterName = CsrfParaName; }
public void CalculateLogAssociations() { Analysis.LogAnalyzer LogAna = new Analysis.LogAnalyzer(); Dictionary <string, Analysis.LogAssociations> Result = LogAna.Analyze(this.intLogIds, this.LogSource); if (Result.ContainsKey(this.UserAgent)) { this.intWorkflowAssociations = Result[this.UserAgent]; } else { this.intWorkflowAssociations = null; } }
static void ScanAssociation(Analysis.LogAssociations Association, List <string> HostsToScan, int[] Marker) { if (Association.NonIgnorableCount > 0) { int Index = 0; foreach (int Id in Association.LogIds) { Analysis.LogAssociation Asso = Association.GetAssociation(Id); if (!Asso.IsIgnorable && HostsToScan.Contains(Asso.DestinationLog.Request.BaseUrl)) { Scanner S = new Scanner(Asso.DestinationLog.Request); if (S.BaseRequest.File.Length == 0 && S.BaseRequest.Query.Count == 0 && S.BaseRequest.UrlPathParts.Count > 1) { S.InjectUrl(); } S.InjectQuery(); if (S.BaseRequest.BodyType == BodyFormatType.Soap || S.BaseRequest.BodyType == BodyFormatType.Json || S.BaseRequest.BodyType == BodyFormatType.Multipart || S.BaseRequest.BodyType == BodyFormatType.Xml) { S.BodyFormat = FormatPlugin.Get(S.BaseRequest.BodyType); } S.InjectBody(); S.CheckAll(); if (S.InjectionPointsCount > 0) { S.WorkFlowLogAssociations = Association; S.IndexOfRequestToScanInWorkFlowLogAssociations = Index; WorkflowScannerWindow.UpdateScanStatusInUi(true, string.Format("Scanning Request no.{0} in workflow between logs {1}-{2}", Index, Marker[0], Marker[1])); S.Scan(); } Index++; } } } }
public static Recording FromXml(string Xml) { XmlDocument Xdoc = new XmlDocument(); Xdoc.XmlResolver = null; Xdoc.LoadXml(Xml); string Name = ""; string Uname = ""; string Passwd = ""; string CsrfPara = ""; List <Session> Sessions = new List <Session>(); Request LoginChkReq = null; Response ResWhenLoggedIn = null; Response ResWhenLoggedOut = null; try { Name = Xdoc.SelectNodes("/xml/name")[0].InnerText; } catch { throw new Exception("Invalid Recording, name field is missing!"); } try { Uname = Tools.Base64Decode(Xdoc.SelectNodes("/xml/username")[0].InnerText); } catch { throw new Exception("Invalid Recording, username field is missing!"); } try { Passwd = Tools.Base64Decode(Xdoc.SelectNodes("/xml/password")[0].InnerText); } catch { throw new Exception("Invalid Recording, password field is missing!"); } try { CsrfPara = Tools.Base64Decode(Xdoc.SelectNodes("/xml/csrf_token")[0].InnerText); } catch { throw new Exception("Invalid Recording, CSRF token field is missing!"); } try { foreach (XmlNode SessionNode in Xdoc.SelectNodes("/xml/sessions/session")) { int LogId = Int32.Parse(SessionNode.SelectNodes("log_id")[0].InnerText.Trim()); Request Req = Request.FromBinaryString(SessionNode.SelectNodes("request")[0].InnerText.Trim()); Response Res = Response.FromBinaryString(SessionNode.SelectNodes("response")[0].InnerText.Trim()); Session Sess = new Session(LogId, Req, Res); Sessions.Add(Sess); } }catch { throw new Exception("Invalid recording, logs are corrupted."); } try { LoginChkReq = Request.FromBinaryString(Xdoc.SelectNodes("/xml/login_check_request")[0].InnerText); } catch { throw new Exception("Invalid recording, Login Check Request is missing."); } try { ResWhenLoggedIn = Response.FromBinaryString(Xdoc.SelectNodes("/xml/response_when_logged_in")[0].InnerText); } catch { throw new Exception("Invalid recording, Reference Response for logged in sessions is missing."); } try { ResWhenLoggedOut = Response.FromBinaryString(Xdoc.SelectNodes("/xml/response_when_logged_out")[0].InnerText); } catch { throw new Exception("Invalid recording, Reference Response for logged out sessions is missing."); } Analysis.LogAnalyzer Analyzer = new Analysis.LogAnalyzer(); Analysis.LogAssociations Assos = Analyzer.AnalyzeSessionsFromSameUa(Sessions); Recording FromDb = new Recording(Assos, Uname, Passwd, CsrfPara); FromDb.SetName(Name); FromDb.LoginCheckRequest = LoginChkReq; FromDb.LoginCheckResponseWhenLoggedIn = ResWhenLoggedIn; FromDb.LoginCheckResponseWhenLoggedOut = ResWhenLoggedOut; Analysis.LogAssociation LoginAsso = FromDb.LoginAssociations.GetLastAssociationWithParameterValues(new List <string>() { FromDb.Username, FromDb.Password }); if (LoginAsso == null) { throw new Exception("Invalid recording, unable to find login request in the login recording"); } FromDb.LoginRequestAsso = LoginAsso; return(FromDb); }
void DoAnalysisOfRecording() { try { Analysis.LogAnalyzer LogAna = new Analysis.LogAnalyzer(); //Dictionary<string, Analysis.LogAssociations> LoginAssosDict = LogAna.Analyze(RecordingStartLogId, LoginRecordingDoneLogId, "Proxy"); //Check if the last log has been written to the db //We wait for max of 10 seconds if it is still not written then we proceed further so that an exception is thrown when processing int WaitTime = 0; while (WaitTime < 10000) { try { Session.FromProxyLog(RecordingCompleteLogId); break; } catch { } Thread.Sleep(1000); WaitTime = WaitTime + 1000; } Dictionary<string, Analysis.LogAssociations> LoginAssosDict = LogAna.Analyze(RecordingStartLogId, RecordingCompleteLogId, "Proxy"); List<string> Creds = new List<string>() { Username, Password }; string CorrectUa = ""; Analysis.LogAssociations LoginAssos = null; foreach (string Ua in LoginAssosDict.Keys) { if (LoginAssosDict[Ua].GetAssociationsWithParameterValues(Creds).Count > 0) { CorrectUa = Ua; LoginAssos = LoginAssosDict[Ua]; break; } } if (LoginAssos == null) { HandleAnalysisResult(false); return; } /* Dictionary<string, Analysis.LogAssociations> CsrfAssosDict = LogAna.Analyze(LoginRecordingDoneLogId, CsrfParameterRecordingDoneLogId, "Proxy"); Analysis.LogAssociations CsrfAssos = null; if (CsrfAssosDict.ContainsKey(CorrectUa)) { CsrfAssos = CsrfAssosDict[CorrectUa]; } if (CsrfParameterName.Length > 0 && CsrfAssos == null) { HandleAnalysisResult(false); return; } */ CurrentRecording = new Recording(LoginAssos, Username, Password, CsrfParameterName); if (!CurrentRecording.IsLoginRecordingReplayable()) { HandleAnalysisResult(false); return; } CurrentRecording.DoLogin(); if (CsrfParameterName.Length > 0) { string CT = CurrentRecording.GetCsrfToken(); if (CT.Length == 0) { HandleAnalysisResult(false); return; } } } catch (ThreadAbortException) { }//Ingore them catch (Exception Exp) { IronException.Report("Error analyzing recording", Exp); HandleAnalysisResult(false); return; } Workflow.Workflow Flow = CurrentRecording.ToWorkflow(); HandleAnalysisResult(true); }