Example #1
0
 internal void AddTaintResult(TaintResult TR, int _LogId)
 {
     this.AddSources(TR.Sources);
     this.AddSinks(TR.Sinks);
     this.SourceCount += TR.SourceCount;
     this.SinkCount   += TR.SinkCount;
     this.LogId        = _LogId;
 }
Example #2
0
        TaintResult FindTaints(string Code)
        {
            TaintResult TR = new TaintResult();

            Code = Tools.HtmlEncode(IronJint.Beautify(Code));

            foreach (Match M in SinkRegex.Matches(Code))
            {
                if (M.Success)
                {
                    if (!TR.Sinks.Contains(M.Value))
                    {
                        Code = Code.Replace(M.Value, string.Format("<span class='sink_match'>{0}</span>", M.Value));
                        TR.Sinks.Add(M.Value);
                    }
                    TR.SinkCount++;
                }
            }
            foreach (Match M in JquerySinkRegex.Matches(Code))
            {
                if (M.Success)
                {
                    if (!TR.Sinks.Contains(M.Value))
                    {
                        Code = Code.Replace(M.Value, string.Format("<span class='sink_match'>{0}</span>", M.Value));
                        TR.Sinks.Add(M.Value);
                    }
                    TR.SinkCount++;
                }
            }

            foreach (Match M in SourceRegex.Matches(Code))
            {
                if (M.Success)
                {
                    if (!TR.Sources.Contains(M.Value))
                    {
                        Code = Code.Replace(M.Value, string.Format("<span class='source_match'>{0}</span>", M.Value));
                        TR.Sources.Add(M.Value);
                    }
                    TR.SourceCount++;
                }
            }

            TR.HighlightedCode = Code.Replace("\r\n", "<br>").Replace("\r", "<br>").Replace("\n", "<br>");
            return(TR);
        }
Example #3
0
        void AnalyzeLogId(int LogId)
        {
            Session       Sess    = Session.FromProxyLog(LogId);
            List <string> Scripts = new List <string>();

            if (Sess.Response != null)
            {
                if (Sess.Response.IsHtml)
                {
                    if (!FullResults.ContainsKey(Sess.Request.BaseUrl))
                    {
                        FullResults[Sess.Request.BaseUrl] = new List <PageTaintResult>();
                    }

                    ShowStatusMsg(string.Format("Analyzing log id {0}", LogId));

                    StringBuilder PB = new StringBuilder();
                    //PB.AppendLine("<html><head><title></title><link rel='stylesheet' type='text/css' href='style.css'></head><body>");
                    int SourceCount = 0;
                    int SinkCount   = 0;

                    PageTaintResult PTR = new PageTaintResult();
                    PTR.Req = new Request(Sess.Request.FullUrl);

                    Scripts = Sess.Response.Html.GetJavaScriptFromAttributes();
                    if (Scripts.Count > 0)
                    {
                        //PB.AppendLine("//Script from attributes");
                        PB.AppendLine("<div id='attr_js'>");
                        for (int i = 0; i < Scripts.Count; i++)
                        {
                            TaintResult TR = FindTaints(Scripts[i]);
                            SourceCount += TR.SourceCount;
                            SinkCount   += TR.SinkCount;
                            PB.AppendLine(string.Format("<div id='attr_js_start'>//Contents of JS attribute no: {0}</div>", i + 1));
                            PB.AppendLine(TR.HighlightedCode);
                            PB.AppendLine("<br><br>");
                            PTR.AddTaintResult(TR, LogId);
                        }
                        PB.AppendLine("</div>");
                    }

                    Scripts = Sess.Response.Html.GetJavaScriptFromScriptTags();
                    if (Scripts.Count > 0)
                    {
                        //PB.AppendLine("//Script from script tags");
                        PB.AppendLine("<div id='tag_js'>");
                        for (int i = 0; i < Scripts.Count; i++)
                        {
                            TaintResult TR = FindTaints(Scripts[i]);
                            SourceCount += TR.SourceCount;
                            SinkCount   += TR.SinkCount;
                            PB.AppendLine(string.Format("<div id='tag_js_start'>//Contents of Script tag no: {0}</div>", i + 1));
                            PB.AppendLine(TR.HighlightedCode);
                            PB.AppendLine("<br><br>");
                            PTR.AddTaintResult(TR, LogId);
                        }
                        PB.AppendLine("</div>");
                    }

                    List <string> Urls = Sess.Response.Html.GetDecodedValues("script", "src");
                    if (Urls.Count > 0)
                    {
                        //PB.AppendLine("//Script from external files");
                        PB.AppendLine("<div id='ext_js'>");
                        foreach (string Url in Urls)
                        {
                            string  FinalUrl    = Sess.Request.RelativeUrlToAbsoluteUrl(Url);
                            Request FinalUrlReq = new Request(FinalUrl);
                            if (!FinalUrl.Equals(Sess.Request.FullUrl))
                            {
                                foreach (LogRow LR in IronDB.GetRecordsFromProxyLog(LogId, 1000))
                                {
                                    if (LR.Host.Equals(FinalUrlReq.Host) && (LR.Url.Equals(FinalUrlReq.Url)) && (LR.SSL == FinalUrlReq.SSL))
                                    {
                                        int LogIdToFetch = 0;
                                        if (LR.Code == 304 && JsSourceCodeLogs.ContainsKey(FinalUrlReq.FullUrl))
                                        {
                                            LogIdToFetch = JsSourceCodeLogs[FinalUrlReq.FullUrl];
                                        }
                                        else if (LR.Code == 200)
                                        {
                                            LogIdToFetch = LR.ID;
                                        }
                                        if (LogIdToFetch > 0)
                                        {
                                            Session JsSess = Session.FromProxyLog(LogIdToFetch);
                                            if (JsSess.Response != null)
                                            {
                                                if (JsSess.Response.IsJavaScript)
                                                {
                                                    TaintResult TR = FindTaints(JsSess.Response.BodyString);
                                                    SourceCount += TR.SourceCount;
                                                    SinkCount   += TR.SinkCount;
                                                    PB.AppendLine(string.Format("<div id='ext_js_url'>//Contents of - {0}</div>", FinalUrlReq.FullUrl));
                                                    PB.AppendLine(TR.HighlightedCode);
                                                    PB.AppendLine("<br><br>");
                                                    PTR.AddTaintResult(TR, LogId);
                                                    if (!JsSourceCodeLogs.ContainsKey(FinalUrlReq.FullUrl))
                                                    {
                                                        JsSourceCodeLogs[FinalUrlReq.FullUrl] = LogIdToFetch;
                                                    }
                                                }
                                            }
                                            break;
                                        }
                                    }
                                }
                            }
                        }
                        PB.AppendLine("</div>");
                    }
                    if ((PTR.SourceCount + PTR.SinkCount) > 0)
                    {
                        FullResults[Sess.Request.BaseUrl].Add(PTR);
                    }

                    File.WriteAllText(string.Format("{0}\\{1}.html", OutputDir.FullName, LogId), string.Format("{0}{1}{2}", PageTop, PB.ToString().Replace(" ", "&nbsp;").Replace("\t", "&nbsp;&nbsp;&nbsp;&nbsp;").Replace("<div&nbsp;id=", "<div id=").Replace("<div&nbsp;class=", "<div class=").Replace("<span&nbsp;id=", "<span id=").Replace("<span&nbsp;class=", "<span class="), PageBottom));
                }
            }
        }