internal void AddTaintResult(TaintResult TR, int _LogId) { this.AddSources(TR.Sources); this.AddSinks(TR.Sinks); this.SourceCount += TR.SourceCount; this.SinkCount += TR.SinkCount; this.LogId = _LogId; }
TaintResult FindTaints(string Code) { TaintResult TR = new TaintResult(); Code = Tools.HtmlEncode(IronJint.Beautify(Code)); foreach (Match M in SinkRegex.Matches(Code)) { if (M.Success) { if (!TR.Sinks.Contains(M.Value)) { Code = Code.Replace(M.Value, string.Format("<span class='sink_match'>{0}</span>", M.Value)); TR.Sinks.Add(M.Value); } TR.SinkCount++; } } foreach (Match M in JquerySinkRegex.Matches(Code)) { if (M.Success) { if (!TR.Sinks.Contains(M.Value)) { Code = Code.Replace(M.Value, string.Format("<span class='sink_match'>{0}</span>", M.Value)); TR.Sinks.Add(M.Value); } TR.SinkCount++; } } foreach (Match M in SourceRegex.Matches(Code)) { if (M.Success) { if (!TR.Sources.Contains(M.Value)) { Code = Code.Replace(M.Value, string.Format("<span class='source_match'>{0}</span>", M.Value)); TR.Sources.Add(M.Value); } TR.SourceCount++; } } TR.HighlightedCode = Code.Replace("\r\n", "<br>").Replace("\r", "<br>").Replace("\n", "<br>"); return(TR); }
void AnalyzeLogId(int LogId) { Session Sess = Session.FromProxyLog(LogId); List <string> Scripts = new List <string>(); if (Sess.Response != null) { if (Sess.Response.IsHtml) { if (!FullResults.ContainsKey(Sess.Request.BaseUrl)) { FullResults[Sess.Request.BaseUrl] = new List <PageTaintResult>(); } ShowStatusMsg(string.Format("Analyzing log id {0}", LogId)); StringBuilder PB = new StringBuilder(); //PB.AppendLine("<html><head><title></title><link rel='stylesheet' type='text/css' href='style.css'></head><body>"); int SourceCount = 0; int SinkCount = 0; PageTaintResult PTR = new PageTaintResult(); PTR.Req = new Request(Sess.Request.FullUrl); Scripts = Sess.Response.Html.GetJavaScriptFromAttributes(); if (Scripts.Count > 0) { //PB.AppendLine("//Script from attributes"); PB.AppendLine("<div id='attr_js'>"); for (int i = 0; i < Scripts.Count; i++) { TaintResult TR = FindTaints(Scripts[i]); SourceCount += TR.SourceCount; SinkCount += TR.SinkCount; PB.AppendLine(string.Format("<div id='attr_js_start'>//Contents of JS attribute no: {0}</div>", i + 1)); PB.AppendLine(TR.HighlightedCode); PB.AppendLine("<br><br>"); PTR.AddTaintResult(TR, LogId); } PB.AppendLine("</div>"); } Scripts = Sess.Response.Html.GetJavaScriptFromScriptTags(); if (Scripts.Count > 0) { //PB.AppendLine("//Script from script tags"); PB.AppendLine("<div id='tag_js'>"); for (int i = 0; i < Scripts.Count; i++) { TaintResult TR = FindTaints(Scripts[i]); SourceCount += TR.SourceCount; SinkCount += TR.SinkCount; PB.AppendLine(string.Format("<div id='tag_js_start'>//Contents of Script tag no: {0}</div>", i + 1)); PB.AppendLine(TR.HighlightedCode); PB.AppendLine("<br><br>"); PTR.AddTaintResult(TR, LogId); } PB.AppendLine("</div>"); } List <string> Urls = Sess.Response.Html.GetDecodedValues("script", "src"); if (Urls.Count > 0) { //PB.AppendLine("//Script from external files"); PB.AppendLine("<div id='ext_js'>"); foreach (string Url in Urls) { string FinalUrl = Sess.Request.RelativeUrlToAbsoluteUrl(Url); Request FinalUrlReq = new Request(FinalUrl); if (!FinalUrl.Equals(Sess.Request.FullUrl)) { foreach (LogRow LR in IronDB.GetRecordsFromProxyLog(LogId, 1000)) { if (LR.Host.Equals(FinalUrlReq.Host) && (LR.Url.Equals(FinalUrlReq.Url)) && (LR.SSL == FinalUrlReq.SSL)) { int LogIdToFetch = 0; if (LR.Code == 304 && JsSourceCodeLogs.ContainsKey(FinalUrlReq.FullUrl)) { LogIdToFetch = JsSourceCodeLogs[FinalUrlReq.FullUrl]; } else if (LR.Code == 200) { LogIdToFetch = LR.ID; } if (LogIdToFetch > 0) { Session JsSess = Session.FromProxyLog(LogIdToFetch); if (JsSess.Response != null) { if (JsSess.Response.IsJavaScript) { TaintResult TR = FindTaints(JsSess.Response.BodyString); SourceCount += TR.SourceCount; SinkCount += TR.SinkCount; PB.AppendLine(string.Format("<div id='ext_js_url'>//Contents of - {0}</div>", FinalUrlReq.FullUrl)); PB.AppendLine(TR.HighlightedCode); PB.AppendLine("<br><br>"); PTR.AddTaintResult(TR, LogId); if (!JsSourceCodeLogs.ContainsKey(FinalUrlReq.FullUrl)) { JsSourceCodeLogs[FinalUrlReq.FullUrl] = LogIdToFetch; } } } break; } } } } } PB.AppendLine("</div>"); } if ((PTR.SourceCount + PTR.SinkCount) > 0) { FullResults[Sess.Request.BaseUrl].Add(PTR); } File.WriteAllText(string.Format("{0}\\{1}.html", OutputDir.FullName, LogId), string.Format("{0}{1}{2}", PageTop, PB.ToString().Replace(" ", " ").Replace("\t", " ").Replace("<div id=", "<div id=").Replace("<div class=", "<div class=").Replace("<span id=", "<span id=").Replace("<span class=", "<span class="), PageBottom)); } } }