private void ReloadProxyClick(object sender, EventArgs e)
{
IHttpProxy proxy = GetCurrentProxy();
if (proxy.IsListening)
{
proxy.Stop();
}
string currentSelection = _availableProxies.Text;
if (_proxyFactory.AvailableTypes.Contains(currentSelection))
{
proxy = _proxyFactory.MakeProxy(currentSelection);
}
else
{
foreach (IHttpProxyFactory factory in TrafficViewer.Instance.HttpProxyFactoryList)
{
if (factory.Name.Equals(currentSelection))
{
HttpServerConsole.Instance.WriteLine(LogMessageType.Information,
"Re-creating proxy: '{0}'", factory.Name);
proxy = factory.MakeProxyServer(TrafficViewerOptions.Instance.TrafficServerIp,
TrafficViewerOptions.Instance.TrafficServerPort,
TrafficViewerOptions.Instance.TrafficServerPortSecure,
TrafficViewer.Instance.TrafficViewerFile);
}
}
}
_initializedProxies[currentSelection] = proxy;
}
private void _buttonStart_Click(object sender, EventArgs e)
{
_proxy.Host = _hostBox.Text;
int port = 0;
if (!int.TryParse(_portBox.Text, out port))
{
ErrorBox.ShowDialog("Invalid port");
return;
}
else
{
_proxy.Port = port;
}
int securePort = 0;
if (!int.TryParse(_securePort.Text, out securePort))
{
ErrorBox.ShowDialog("Invalid port");
return;
}
else
{
_proxy.SecurePort = securePort;
}
IEnumerable <string> extraOptions = _extraOptionsGrid.GetValues();
foreach (string line in extraOptions)
{
string[] keyValPair = line.Split(Constants.VALUES_SEPARATOR.ToCharArray());
if (keyValPair.Length == 2)
{
if (_proxy.ExtraOptions.ContainsKey(keyValPair[0]))
{
_proxy.ExtraOptions[keyValPair[0]] = keyValPair[1];
}
else
{
_proxy.ExtraOptions.Add(keyValPair[0], keyValPair[1]);
}
}
}
if (_proxy.IsListening)
{
_proxy.Stop();
_proxy.Start();
}
this.Hide();
}
private void StartStopClick(object sender, EventArgs e)
{
IHttpProxy proxy = GetCurrentProxy();
if (proxy != null)
{
if (proxy.IsListening)
{
proxy.Stop();
}
else
{
proxy.Start();
}
UpdateStartStopButtonStatus(proxy);
}
}
private HttpResponseInfo StopProxy(HttpRequestInfo requestInfo)
{
string report = "";
//get the port from the url
string portString = null;
requestInfo.QueryVariables.TryGetValue("port", out portString);
//optional secret to protect the recording session
string secret = null;
requestInfo.QueryVariables.TryGetValue("secret", out secret);
//optional flag indicating if similar requests should be skiped
string skipSimilar = null;
requestInfo.QueryVariables.TryGetValue("skipSimilar", out skipSimilar);
//the file to save to
string fileName = null;
requestInfo.QueryVariables.TryGetValue("fileName", out fileName);
//optional parameter to cancel the scan
string cancel = null;
requestInfo.QueryVariables.TryGetValue("cancel", out cancel);
if (fileName == null)
{
//assign a random file name
fileName = DateTime.Now.Ticks.ToString();
}
if (!Utils.IsMatch(fileName, "^[\\w._-]+$"))
{
return(GetResponse(400, "Bad Request", "Invalid file name."));
}
int port;
if (int.TryParse(portString, out port))
{
if (!CollectorProxyList.Instance.ProxyList.ContainsKey(port))
{
return(GetResponse(400, "Bad Request", "Port not found."));
}
else
{
IHttpProxy proxy = CollectorProxyList.Instance.ProxyList[port];
TrafficViewerFile trafficFile = (proxy as ManualExploreProxy).TrafficDataStore as TrafficViewerFile;
//check the secret if it exists
string configuredSecret = trafficFile.Profile.GetOption("secret") as String;
if (!String.IsNullOrWhiteSpace(configuredSecret) && !configuredSecret.Equals(secret))
{
return(GetResponse(401, "Unauthorized", "Invalid secret."));
}
string filePath = Path.Combine(TrafficCollectorSettings.Instance.DumpDir, fileName + ".htd");
if (proxy is DriveByAttackProxy)
{
DriveByAttackProxy dProx = proxy as DriveByAttackProxy;
int requestsLeft = dProx.RequestsLeft;
if (requestsLeft > 0 && (cancel == null || !cancel.Equals("true")))
{
return(GetResponse(206, "Partial Content", "Please wait... {0} request(s) left, {1} test job(s) in queue", requestsLeft, dProx.TestCount));
}
else
{
int id = -1;
TVRequestInfo info = null;
report = "\r\n\r\nVulnerability List\r\n";
report += "============================\r\n";
int count = 0;
while ((info = trafficFile.GetNext(ref id)) != null)
{
if (info.Description.Contains("Vulnerability"))
{
count++;
report += String.Format("Request {0} - {1} ({2})\r\n", info.RequestLine, info.Description, info.Validation);
}
}
report += String.Format("Total: {0}\r\n", count);
}
}
if (File.Exists(filePath)) //load the existing file and check the secret
{
TrafficViewerFile existingFile = new TrafficViewerFile();
existingFile.Open(filePath);
configuredSecret = existingFile.Profile.GetOption("secret") as String;
existingFile.Close(false);
if (String.IsNullOrWhiteSpace(configuredSecret) || String.IsNullOrWhiteSpace(secret) || !configuredSecret.Equals(secret))
{
return(GetResponse(401, "Unauthorized", "Cannot override existing file."));
}
}
proxy.Stop();
CollectorProxyList.Instance.ProxyList.Remove(port);
if (trafficFile.RequestCount > 0)
{
if (skipSimilar != null && skipSimilar.Equals("true", StringComparison.OrdinalIgnoreCase))
{
trafficFile = removeSimilar(trafficFile);
}
trafficFile.Save(filePath);
report += String.Format("Traffic file saved at '{0}'\r\n", filePath);
}
else
{
report += "Nothing recorded.";
}
}
}
else
{
return(GetResponse(400, "Bad Request", "Invalid 'port' parameter."));
}
return(GetResponse(200, "OK", "Proxy stopped. {0}", report));
}