public string initiate(int intSessionId) { string strTotalDoc = ""; string strHeader = ""; string strUserAgent = ""; System.Text.StringBuilder objFormSubmissionStr = new System.Text.StringBuilder(); strGuid = "" + System.Guid.NewGuid().ToString(); mSessionId = intSessionId; objSession.id = mSessionId; objSession.populate(); devCafe.framework.frameworkListItems objFrameWorkListItem = new devCafe.framework.frameworkListItems(); objFrameWorkListItem.id = objSession.userAgent; objFrameWorkListItem.populate(); strUserAgent = objFrameWorkListItem.listItemName; #region Construct Report Header strHeader += "<header>"; strHeader += "<application>beretta</application>"; strHeader += "<version>1.0</version>"; strHeader += "<sessionId>" + objSession.id.ToString() + "</sessionId>"; strHeader += "<date>" + System.DateTime.Now + "</date>"; if (objSession.authenticationType == 0) { strHeader += "<authenticationType>None</authenticationType>"; } else if (objSession.authenticationType == 1) { strHeader += "<authenticationType>Forms</authenticationType>"; } else if (objSession.authenticationType == 2) { strHeader += "<authenticationType>Raw</authenticationType>"; } strHeader += "<sessionName>" + objSession.sessionName + "</sessionName>"; strHeader += "<sessionDescription>" + objSession.sessionDescription + "</sessionDescription>"; strHeader += "</header>"; #endregion objUrlsDataSet = urlsDataAccess.getAllForSession(objSession.id); //For each URL in session foreach (DataRow objUrlRow in objUrlsDataSet.Tables[0].Rows) { //Manual Scan urlWorker objUrlWorker = new urlWorker(); objUrlWorker.sessionId = objSession.id; objUrlWorker.authenticationType = objSession.authenticationType; objUrlWorker.urlId = System.Convert.ToInt32(objUrlRow["id"]); objUrlWorker.userAgent = strUserAgent; objUrlWorker.scanManual(); strUrls = strUrls + "<url>" + objUrlWorker.url + "</url>"; if (objUrlWorker.objBerettaResultHashTable != null && objUrlWorker.objBerettaResultHashTable.Count > 0) { objStringBuilder.Append(buildResults(objUrlWorker.objBerettaResultHashTable)); } objFormSubmissionStr.Append(buildSubmission(objUrlWorker.objBerettaSubmissionHashTable)); objUrlWorker = null; //Auto Scan if (objSession.useAutoScan == 1) { urlWorker objUrlWorkerAuto = new urlWorker(); objUrlWorkerAuto.sessionId = objSession.id; objUrlWorkerAuto.authenticationType = objSession.authenticationType; objUrlWorkerAuto.urlId = System.Convert.ToInt32(objUrlRow["id"]); objUrlWorkerAuto.userAgent = strUserAgent; objUrlWorkerAuto.scanAuto(); if (objUrlWorkerAuto.objBerettaResultHashTable != null && objUrlWorkerAuto.objBerettaResultHashTable.Count > 0) { objStringBuilder.Append(buildResults(objUrlWorkerAuto.objBerettaResultHashTable)); } objFormSubmissionStr.Append(buildSubmission(objUrlWorkerAuto.objBerettaSubmissionHashTable)); objUrlWorkerAuto = null; } } #region Construct XML report strTotalDoc += "<report>"; strTotalDoc += "" + strHeader; strTotalDoc += "" + "<body>"; strTotalDoc += "" + "<urlsScanned>" + strUrls + "</urlsScanned>"; strTotalDoc += "<scanItems>" + objStringBuilder.ToString() + "</scanItems>"; strTotalDoc += "<formSubmissions>" + objFormSubmissionStr.ToString() + "</formSubmissions>"; strTotalDoc += "" + "</body>"; strTotalDoc += "</report>"; #endregion #region Write XML report string strPath = "" + System.Configuration.ConfigurationSettings.AppSettings.Get("outputDir") + strGuid + ".XML"; StreamWriter objStreamWriter; //Add XSL file ref string strXslFile = "" + devCafe.framework.keyDataAccess.get("defaultScanXSL"); strTotalDoc = "<?xml-stylesheet href='../xsl/" + strXslFile + "' type='text/xsl'?>" + strTotalDoc; objStreamWriter = System.IO.File.CreateText(strPath); objStreamWriter.WriteLine(strTotalDoc); objStreamWriter.Close(); #endregion return("./" + strGuid + ".XML"); }
private void Page_Load(object sender, System.EventArgs e) { try { //Start new recording session if ("" + Request.QueryString["action"] == "reset") { clearSession(); } if ("" + Session["sessionId"] != "") { objSession.id = System.Convert.ToInt32(Session["sessionId"]); objSession.populate(); } //Set Buttons if (Session["mode"].ToString() == "record") { cmdRecord.Enabled = false; cmdPause.Enabled = true; cmdStop.Enabled = true; } if (Session["mode"].ToString() == "pause") { cmdRecord.Enabled = true; cmdPause.Enabled = false; cmdStop.Enabled = true; } try { strRedirectUrl = "" + Request.QueryString["pageUrl"].ToString(); } catch { } //Get Form Submission if ("" + Session["mode"].ToString() == "record") { string strPayload = "" + Request.Form; //replace modified view state field strPayload = strPayload.Replace("__RETREIVEDVIEWSTATE", "__VIEWSTATE"); //add this payload if we are in record mode objPayload.payloadName = "Auto Generated for " + objSession.sessionName + ", " + Session["url"].ToString(); objPayload.description = "" + Session["url"].ToString(); objPayload.payloadData = "" + strPayload; objPayload.payloadOrder = System.Convert.ToInt32(Session["payloadOrder"]); objPayload.type = 0; objPayload.add(); txtPayload.Text = "" + objPayload.payloadData; txtCurrentURL.Text = "" + strRedirectUrl; payloadDataAccess.addSessionPayload(System.Convert.ToInt32(Session["sessionId"]), objPayload.id, System.Convert.ToInt32(Session["urlId"]), System.Convert.ToInt32(Session["payloadOrder"])); intTmp = System.Convert.ToInt32(Session["payloadOrder"]); intTmp = intTmp + 1; Session["payloadOrder"] = intTmp.ToString(); } //Display Results of form submission on page if ("" + Session["mode"].ToString() == "pause" || Session["mode"].ToString() == "record") { //Increment recording values intTmp = System.Convert.ToInt32(Session["order"]); intTmp = intTmp + 1; Session["order"] = intTmp; objUrl.description = "Auto Generated URL"; objUrl.sessionId = System.Convert.ToInt32(Session["sessionId"]); objUrl.sessionOrder = System.Convert.ToInt32(Session["order"]); objUrl.url = strRedirectUrl; objUrl.add(); Session["urlId"] = objUrl.id.ToString(); Session["url"] = "" + objUrl.url; strHtml = "" + objFormSubmitter.submitData("" + objPayload.payloadData, strRedirectUrl, true, "POST", ""); strHtml = strHtml.Replace("__VIEWSTATE", "__RETREIVEDVIEWSTATE"); strHtml = objFormRedirect.rewriteForm(strHtml, System.Configuration.ConfigurationSettings.AppSettings.Get("siteRoot") + "default.aspx?pageId=46&pageUrl=" + System.Web.HttpUtility.UrlEncode(strRedirectUrl), System.Configuration.ConfigurationSettings.AppSettings.Get("siteRoot") + "default.aspx?pageId=46&pageUrl=", objSession.applicationBaseUrl); Literal objLiteral = new Literal(); objLiteral.Text = strHtml; panelHtml.Controls.Add(objLiteral); panelInitialSessionSetup.Visible = false; panelRecord.Visible = true; panelRetrievedSite.Visible = true; } else if ("" + Session["mode"].ToString() == "start") { Session["mode"] = "record"; } } catch { } }