public Recording(Analysis.LogAssociations LoginLogAssos, string Uname, string Pwd, string CsrfParaName)
{
this.LoginAssociations = LoginLogAssos;
this.Username = Uname;
this.Password = Pwd;
this.intCsrfParameterName = CsrfParaName;
}
public void CalculateLogAssociations()
{
Analysis.LogAnalyzer LogAna = new Analysis.LogAnalyzer();
Dictionary <string, Analysis.LogAssociations> Result = LogAna.Analyze(this.intLogIds, this.LogSource);
if (Result.ContainsKey(this.UserAgent))
{
this.intWorkflowAssociations = Result[this.UserAgent];
}
else
{
this.intWorkflowAssociations = null;
}
}
static void ScanAssociation(Analysis.LogAssociations Association, List <string> HostsToScan, int[] Marker)
{
if (Association.NonIgnorableCount > 0)
{
int Index = 0;
foreach (int Id in Association.LogIds)
{
Analysis.LogAssociation Asso = Association.GetAssociation(Id);
if (!Asso.IsIgnorable && HostsToScan.Contains(Asso.DestinationLog.Request.BaseUrl))
{
Scanner S = new Scanner(Asso.DestinationLog.Request);
if (S.BaseRequest.File.Length == 0 && S.BaseRequest.Query.Count == 0 && S.BaseRequest.UrlPathParts.Count > 1)
{
S.InjectUrl();
}
S.InjectQuery();
if (S.BaseRequest.BodyType == BodyFormatType.Soap ||
S.BaseRequest.BodyType == BodyFormatType.Json ||
S.BaseRequest.BodyType == BodyFormatType.Multipart ||
S.BaseRequest.BodyType == BodyFormatType.Xml)
{
S.BodyFormat = FormatPlugin.Get(S.BaseRequest.BodyType);
}
S.InjectBody();
S.CheckAll();
if (S.InjectionPointsCount > 0)
{
S.WorkFlowLogAssociations = Association;
S.IndexOfRequestToScanInWorkFlowLogAssociations = Index;
WorkflowScannerWindow.UpdateScanStatusInUi(true, string.Format("Scanning Request no.{0} in workflow between logs {1}-{2}", Index, Marker[0], Marker[1]));
S.Scan();
}
Index++;
}
}
}
}
public static Recording FromXml(string Xml)
{
XmlDocument Xdoc = new XmlDocument();
Xdoc.XmlResolver = null;
Xdoc.LoadXml(Xml);
string Name = "";
string Uname = "";
string Passwd = "";
string CsrfPara = "";
List <Session> Sessions = new List <Session>();
Request LoginChkReq = null;
Response ResWhenLoggedIn = null;
Response ResWhenLoggedOut = null;
try
{
Name = Xdoc.SelectNodes("/xml/name")[0].InnerText;
}
catch { throw new Exception("Invalid Recording, name field is missing!"); }
try
{
Uname = Tools.Base64Decode(Xdoc.SelectNodes("/xml/username")[0].InnerText);
}
catch { throw new Exception("Invalid Recording, username field is missing!"); }
try
{
Passwd = Tools.Base64Decode(Xdoc.SelectNodes("/xml/password")[0].InnerText);
}
catch { throw new Exception("Invalid Recording, password field is missing!"); }
try
{
CsrfPara = Tools.Base64Decode(Xdoc.SelectNodes("/xml/csrf_token")[0].InnerText);
}
catch { throw new Exception("Invalid Recording, CSRF token field is missing!"); }
try
{
foreach (XmlNode SessionNode in Xdoc.SelectNodes("/xml/sessions/session"))
{
int LogId = Int32.Parse(SessionNode.SelectNodes("log_id")[0].InnerText.Trim());
Request Req = Request.FromBinaryString(SessionNode.SelectNodes("request")[0].InnerText.Trim());
Response Res = Response.FromBinaryString(SessionNode.SelectNodes("response")[0].InnerText.Trim());
Session Sess = new Session(LogId, Req, Res);
Sessions.Add(Sess);
}
}catch { throw new Exception("Invalid recording, logs are corrupted."); }
try
{
LoginChkReq = Request.FromBinaryString(Xdoc.SelectNodes("/xml/login_check_request")[0].InnerText);
}
catch { throw new Exception("Invalid recording, Login Check Request is missing."); }
try
{
ResWhenLoggedIn = Response.FromBinaryString(Xdoc.SelectNodes("/xml/response_when_logged_in")[0].InnerText);
}
catch { throw new Exception("Invalid recording, Reference Response for logged in sessions is missing."); }
try
{
ResWhenLoggedOut = Response.FromBinaryString(Xdoc.SelectNodes("/xml/response_when_logged_out")[0].InnerText);
}
catch { throw new Exception("Invalid recording, Reference Response for logged out sessions is missing."); }
Analysis.LogAnalyzer Analyzer = new Analysis.LogAnalyzer();
Analysis.LogAssociations Assos = Analyzer.AnalyzeSessionsFromSameUa(Sessions);
Recording FromDb = new Recording(Assos, Uname, Passwd, CsrfPara);
FromDb.SetName(Name);
FromDb.LoginCheckRequest = LoginChkReq;
FromDb.LoginCheckResponseWhenLoggedIn = ResWhenLoggedIn;
FromDb.LoginCheckResponseWhenLoggedOut = ResWhenLoggedOut;
Analysis.LogAssociation LoginAsso = FromDb.LoginAssociations.GetLastAssociationWithParameterValues(new List <string>()
{
FromDb.Username, FromDb.Password
});
if (LoginAsso == null)
{
throw new Exception("Invalid recording, unable to find login request in the login recording");
}
FromDb.LoginRequestAsso = LoginAsso;
return(FromDb);
}
void DoAnalysisOfRecording()
{
try
{
Analysis.LogAnalyzer LogAna = new Analysis.LogAnalyzer();
//Dictionary<string, Analysis.LogAssociations> LoginAssosDict = LogAna.Analyze(RecordingStartLogId, LoginRecordingDoneLogId, "Proxy");
//Check if the last log has been written to the db
//We wait for max of 10 seconds if it is still not written then we proceed further so that an exception is thrown when processing
int WaitTime = 0;
while (WaitTime < 10000)
{
try
{
Session.FromProxyLog(RecordingCompleteLogId);
break;
}
catch { }
Thread.Sleep(1000);
WaitTime = WaitTime + 1000;
}
Dictionary<string, Analysis.LogAssociations> LoginAssosDict = LogAna.Analyze(RecordingStartLogId, RecordingCompleteLogId, "Proxy");
List<string> Creds = new List<string>() { Username, Password };
string CorrectUa = "";
Analysis.LogAssociations LoginAssos = null;
foreach (string Ua in LoginAssosDict.Keys)
{
if (LoginAssosDict[Ua].GetAssociationsWithParameterValues(Creds).Count > 0)
{
CorrectUa = Ua;
LoginAssos = LoginAssosDict[Ua];
break;
}
}
if (LoginAssos == null)
{
HandleAnalysisResult(false);
return;
}
/*
Dictionary<string, Analysis.LogAssociations> CsrfAssosDict = LogAna.Analyze(LoginRecordingDoneLogId, CsrfParameterRecordingDoneLogId, "Proxy");
Analysis.LogAssociations CsrfAssos = null;
if (CsrfAssosDict.ContainsKey(CorrectUa))
{
CsrfAssos = CsrfAssosDict[CorrectUa];
}
if (CsrfParameterName.Length > 0 && CsrfAssos == null)
{
HandleAnalysisResult(false);
return;
}
*/
CurrentRecording = new Recording(LoginAssos, Username, Password, CsrfParameterName);
if (!CurrentRecording.IsLoginRecordingReplayable())
{
HandleAnalysisResult(false);
return;
}
CurrentRecording.DoLogin();
if (CsrfParameterName.Length > 0)
{
string CT = CurrentRecording.GetCsrfToken();
if (CT.Length == 0)
{
HandleAnalysisResult(false);
return;
}
}
}
catch (ThreadAbortException) { }//Ingore them
catch (Exception Exp)
{
IronException.Report("Error analyzing recording", Exp);
HandleAnalysisResult(false);
return;
}
Workflow.Workflow Flow = CurrentRecording.ToWorkflow();
HandleAnalysisResult(true);
}
