Example #1
0
        void LoadAndFill()
        {
            if (this.Trace == null)
            {
                this.Trace = IronDB.GetScanTrace(this.TraceId);
            }

            try
            {
                List <object[]> Rows = IronTrace.GetGridRowsFromTraceAndOverviewXml(Trace.OverviewXml, Trace.MessageXml);

                StringBuilder SB = new StringBuilder(@"{\rtf1{\colortbl ;\red0\green77\blue187;\red247\green150\blue70;\red255\green0\blue0;\red0\green200\blue50;\red255\green255\blue255;}");
                SB.Append(Tools.RtfSafe(Trace.GetScanTracePrettyMessage()));

                this.SetTraceData(Rows, SB.ToString());
            }
            catch (Exception Exp)
            {
                IronException.Report("Error loading Scan Trace", Exp);
                this.CloseTraceWindow();
            }

            if (this.UiResults == null)
            {
                DoAnalysis();
            }
            else
            {
                SetAnalysisUiResults(this.UiResults);
            }
        }
Example #2
0
 internal static void AddSessionPluginTrace(IronTrace Trace)
 {
     if (Trace != null)
     {
         lock (SessionPluginTraces)
         {
             SessionPluginTraces.Enqueue(Trace);
         }
     }
 }
Example #3
0
 internal static void AddScanTrace(IronTrace Trace)
 {
     if (Trace != null)
     {
         lock (ScanTraces)
         {
             ScanTraces.Enqueue(Trace);
         }
     }
 }
        void AnalyzeTraceId(int CurrentId, string TraceOverviewMessage, IronTrace ScanTraceRecord)
        {
            ShowAnalysisStatus(string.Format("Analyzing Trace ID - {0}", CurrentId));
            List<Dictionary<string, string>> OverviewEntries = IronTrace.GetOverviewEntriesFromXml(TraceOverviewMessage);
            List<string> Payloads = new List<string>();
            List<int> RoundTrips = new List<int>();
            List<int> LogIds = new List<int>();
            foreach (Dictionary<string, string> Entry in OverviewEntries)
            {
                try
                {
                    int LogId = Int32.Parse(Entry["log_id"]);
                    int Time = Int32.Parse(Entry["time"]);
                    Payloads.Add(Entry["payload"]);
                    LogIds.Add(LogId);
                    RoundTrips.Add(Time);
                }
                catch { }
            }
            BehaviourAnalysis BA = new BehaviourAnalysis(this.Keywords, this.RoundtripIncrease, this.RoundtripIncreaseFactor, this.InsertedCharsCount);
            BA.Analyze(Payloads, LogIds, RoundTrips, ScanTraceRecord.Section);

            bool CodeResultFound = false;
            bool KeywordsResultFound = false;
            string BodyResultFound = "";
            bool SetCookieFound = false;
            bool HeadersFound = false;
            string RoundtripFound = "";

            BehaviourAnalysisResults Results = new BehaviourAnalysisResults(BA.Results);

            if (Results.SetCookies.Count > 0) SetCookieFound = true;
            if (Results.Codes.Count > 0) CodeResultFound = true;
            if (Results.Keywords.Count > 0) KeywordsResultFound = true;
            if (Results.Headers.Count > 0) HeadersFound = true;

            if (Results.InsertedChars.Count > 0) BodyResultFound = string.Format("{0} chars", Results.InsertedChars[Results.InsertedChars.Count - 1]);
            if (Results.PlusRoundtripDiffs.Count > 0 || Results.MinusRoundtripDiffs.Count > 0)
            {
                int PlusMax = 0;
                int MinusMax = 0;
                if (Results.PlusRoundtripDiffs.Count > 0) PlusMax = Results.PlusRoundtripDiffs[Results.PlusRoundtripDiffs.Count - 1];
                if (Results.MinusRoundtripDiffs.Count > 0) MinusMax = Results.MinusRoundtripDiffs[Results.MinusRoundtripDiffs.Count - 1];
                if (PlusMax > MinusMax)
                    RoundtripFound = string.Format("+{0} ms", PlusMax);
                else
                    RoundtripFound = string.Format("-{0} ms", MinusMax);
            }

            if (CodeResultFound || KeywordsResultFound || BodyResultFound.Length > 0 || SetCookieFound || HeadersFound || RoundtripFound.Length > 0)
            {
                List<object> Vals = new List<object>() { CurrentId, ScanTraceRecord.Section, ScanTraceRecord.PluginName, CodeResultFound, KeywordsResultFound, BodyResultFound, SetCookieFound, HeadersFound, RoundtripFound, BA.BaseLineLogId, BA.BaseLinePayload, BA.BaseLineRoundtripTime, BA.BaseLineSession.Response.Code, BA.ResultsXml };
                AddAnalysisResultEntry(Vals);
            }
        }
        void DoAnalysis()
        {
            bool CanDo   = true;
            int  StartId = 1;
            int  LastId  = 0;

            if (!this.CheckAllScanTrace)
            {
                StartId = this.StartScanTraceId;
                LastId  = this.EndScanTraceId;
            }
            int CurrentId = StartId;

            try
            {
                while (CanDo && CurrentId <= Config.LastScanTraceId)
                {
                    try
                    {
                        CanDo = false;
                        string    TraceOverviewMessage = IronDB.GetScanTraceOverviewAndMessage(CurrentId)[0];
                        IronTrace ScanTraceRecord      = IronDB.GetScanTraces(CurrentId, 1)[0];

                        if (this.SelectedChecks.Contains(ScanTraceRecord.PluginName))
                        {
                            AnalyzeTraceId(CurrentId, TraceOverviewMessage, ScanTraceRecord);
                        }
                    }
                    catch (ThreadAbortException)
                    {}
                    catch (Exception Exp)
                    {
                        IronException.Report(string.Format("Error performing Payload Effect Analysis on Scan Trace ID - {0}", CurrentId), Exp);
                    }
                    if (CurrentId < Config.LastScanTraceId && (CurrentId < LastId || LastId == 0))
                    {
                        CanDo = true;
                        CurrentId++;
                    }
                }
                StopAnalysis(true);
            }
            catch (ThreadAbortException) {}
        }
Example #6
0
        internal void Analyze(string TraceOverviewMessage, string ScannedSection)
        {
            List <Dictionary <string, string> > OverviewEntries = IronTrace.GetOverviewEntriesFromXml(TraceOverviewMessage);
            List <string> Payloads   = new List <string>();
            List <int>    RoundTrips = new List <int>();
            List <int>    LogIds     = new List <int>();

            foreach (Dictionary <string, string> Entry in OverviewEntries)
            {
                try
                {
                    int LogId = Int32.Parse(Entry["log_id"]);
                    int Time  = Int32.Parse(Entry["time"]);
                    Payloads.Add(Entry["payload"]);
                    LogIds.Add(LogId);
                    RoundTrips.Add(Time);
                }
                catch { }
            }
            Analyze(Payloads, LogIds, RoundTrips, ScannedSection);
        }
Example #7
0
 internal static void AddTrace(IronTrace Trace)
 {
     if (Trace != null)
     {
         lock (Traces)
         {
             Traces.Enqueue(Trace);
         }
     }
 }
Example #8
0
        internal static List<IronTrace> GetScanTraces(Finding F)
        {
            List<IronTrace> TraceRecords = new List<IronTrace>();

            using(SQLiteConnection DB = new SQLiteConnection("data source=" + TraceLogFile))
            {
            DB.Open();
            using (SQLiteCommand cmd = DB.CreateCommand())
            {
                cmd.CommandText = "SELECT ID, Message, OverviewXml FROM ScanTrace WHERE ScanID=@ScanID AND PluginName=@PluginName AND Section=@Section AND Parameter=@Parameter ORDER BY ID";
                cmd.Parameters.AddWithValue("@ScanID", F.ScanId);
                cmd.Parameters.AddWithValue("@PluginName", F.FinderName);
                cmd.Parameters.AddWithValue("@Section", F.AffectedSection);
                cmd.Parameters.AddWithValue("@Parameter", F.AffectedParameter);

                using (SQLiteDataReader result = cmd.ExecuteReader())
                {
                    while (result.Read())
                    {
                        IronTrace Trace = new IronTrace();
                        try
                        { Trace.ID = Int32.Parse(result["ID"].ToString()); }
                        catch { continue; }
                        try
                        {
                            Trace.MessageXml = result["Message"].ToString();
                        }
                        catch
                        {
                            Trace.Message = result["Message"].ToString();
                        }
                        Trace.OverviewXml = result["OverviewXml"].ToString();
                        TraceRecords.Add(Trace);
                    }
                }
            }
            }
            return TraceRecords;
        }
Example #9
0
 public void LogTrace(string Title)
 {
     IronTrace IT = new IronTrace(this.ScanID, CurrentPlugin, this.CurrentSection, this.CurrentParameterName, Title, TraceMsg.ToString());
     IT.Report();
     this.TraceMsg = new StringBuilder();
     this.RequestTraceMsg = "";
 }
Example #10
0
        void LoadAndFill()
        {
            if (this.Trace == null)
            {
                this.Trace = IronDB.GetScanTrace(this.TraceId);
            }

            try
            {
                List<object[]> Rows = IronTrace.GetGridRowsFromTraceAndOverviewXml(Trace.OverviewXml, Trace.MessageXml);

                StringBuilder SB = new StringBuilder(@"{\rtf1{\colortbl ;\red0\green77\blue187;\red247\green150\blue70;\red255\green0\blue0;\red0\green200\blue50;\red255\green255\blue255;}");
                SB.Append(Tools.RtfSafe(Trace.GetScanTracePrettyMessage()));

                this.SetTraceData(Rows, SB.ToString());
            }
            catch(Exception Exp)
            {
                IronException.Report("Error loading Scan Trace", Exp);
                this.CloseTraceWindow();
            }

            if (this.UiResults == null)
            {
                DoAnalysis();
            }
            else
            {
                SetAnalysisUiResults(this.UiResults);
            }
        }
Example #11
0
        public static void Trace(string Source, string Message)
        {
            IronTrace IT = new IronTrace(Source, Message);

            IT.Report();
        }
        void AnalyzeTraceId(int CurrentId, string TraceOverviewMessage, IronTrace ScanTraceRecord)
        {
            ShowAnalysisStatus(string.Format("Analyzing Trace ID - {0}", CurrentId));

            BehaviourAnalysis BA = new BehaviourAnalysis(this.Keywords, this.RoundtripIncrease, this.RoundtripIncreaseFactor, this.InsertedCharsCount);
            BA.Analyze(TraceOverviewMessage, ScanTraceRecord.Section);

            bool CodeResultFound = false;
            bool KeywordsResultFound = false;
            string BodyResultFound = "";
            bool SetCookieFound = false;
            bool HeadersFound = false;
            string RoundtripFound = "";

            BehaviourAnalysisResults Results = new BehaviourAnalysisResults(BA.Results);

            if (Results.SetCookies.Count > 0) SetCookieFound = true;
            if (Results.Codes.Count > 0) CodeResultFound = true;
            if (Results.Keywords.Count > 0) KeywordsResultFound = true;
            if (Results.Headers.Count > 0) HeadersFound = true;

            if (Results.InsertedChars.Count > 0) BodyResultFound = string.Format("{0} chars", Results.InsertedChars[Results.InsertedChars.Count - 1]);
            if (Results.PlusRoundtripDiffs.Count > 0 || Results.MinusRoundtripDiffs.Count > 0)
            {
                int PlusMax = 0;
                int MinusMax = 0;
                if (Results.PlusRoundtripDiffs.Count > 0) PlusMax = Results.PlusRoundtripDiffs[Results.PlusRoundtripDiffs.Count - 1];
                if (Results.MinusRoundtripDiffs.Count > 0) MinusMax = Results.MinusRoundtripDiffs[Results.MinusRoundtripDiffs.Count - 1];
                if (PlusMax > MinusMax)
                    RoundtripFound = string.Format("+{0} ms", PlusMax);
                else
                    RoundtripFound = string.Format("-{0} ms", MinusMax);
            }

            if (CodeResultFound || KeywordsResultFound || BodyResultFound.Length > 0 || SetCookieFound || HeadersFound || RoundtripFound.Length > 0)
            {
                List<object> Vals = new List<object>() { CurrentId, ScanTraceRecord.Section, ScanTraceRecord.PluginName, CodeResultFound, KeywordsResultFound, BodyResultFound, SetCookieFound, HeadersFound, RoundtripFound, BA.BaseLineLogId, BA.BaseLinePayload, BA.BaseLineRoundtripTime, BA.BaseLineSession.Response.Code, BA.ResultsXml };
                AddAnalysisResultEntry(Vals);
            }
        }
Example #13
0
        public void LogTrace(string Title)
        {
            try
            {
                this.TraceMsgXml.WriteEndElement();
                this.TraceMsgXml.WriteEndDocument();
                this.TraceMsgXml.Close();
            }
            catch { }
            IronTrace IT = new IronTrace(this.ScanID, CurrentPlugin, this.CurrentSection, this.CurrentParameterName, Title, TraceMsg.ToString(), this.TraceOverviewEntries);
            IT.Report();
            this.TraceMsg = new StringBuilder();

            this.RequestTraceMsg = "";
            this.TraceTitle = "";
            this.TraceTitleWeight = 0;
        }
Example #14
0
 internal LogTraceViewer(IronTrace Trace)
 {
     this.Trace = Trace;
     InitializeComponent();
 }
        void AnalyzeTraceId(int CurrentId, string TraceOverviewMessage, IronTrace ScanTraceRecord)
        {
            ShowAnalysisStatus(string.Format("Analyzing Trace ID - {0}", CurrentId));

            BehaviourAnalysis BA = new BehaviourAnalysis(this.Keywords, this.RoundtripIncrease, this.RoundtripIncreaseFactor, this.InsertedCharsCount);

            BA.Analyze(TraceOverviewMessage, ScanTraceRecord.Section);

            bool   CodeResultFound     = false;
            bool   KeywordsResultFound = false;
            string BodyResultFound     = "";
            bool   SetCookieFound      = false;
            bool   HeadersFound        = false;
            string RoundtripFound      = "";

            BehaviourAnalysisResults Results = new BehaviourAnalysisResults(BA.Results);

            if (Results.SetCookies.Count > 0)
            {
                SetCookieFound = true;
            }
            if (Results.Codes.Count > 0)
            {
                CodeResultFound = true;
            }
            if (Results.Keywords.Count > 0)
            {
                KeywordsResultFound = true;
            }
            if (Results.Headers.Count > 0)
            {
                HeadersFound = true;
            }

            if (Results.InsertedChars.Count > 0)
            {
                BodyResultFound = string.Format("{0} chars", Results.InsertedChars[Results.InsertedChars.Count - 1]);
            }
            if (Results.PlusRoundtripDiffs.Count > 0 || Results.MinusRoundtripDiffs.Count > 0)
            {
                int PlusMax  = 0;
                int MinusMax = 0;
                if (Results.PlusRoundtripDiffs.Count > 0)
                {
                    PlusMax = Results.PlusRoundtripDiffs[Results.PlusRoundtripDiffs.Count - 1];
                }
                if (Results.MinusRoundtripDiffs.Count > 0)
                {
                    MinusMax = Results.MinusRoundtripDiffs[Results.MinusRoundtripDiffs.Count - 1];
                }
                if (PlusMax > MinusMax)
                {
                    RoundtripFound = string.Format("+{0} ms", PlusMax);
                }
                else
                {
                    RoundtripFound = string.Format("-{0} ms", MinusMax);
                }
            }

            if (CodeResultFound || KeywordsResultFound || BodyResultFound.Length > 0 || SetCookieFound || HeadersFound || RoundtripFound.Length > 0)
            {
                List <object> Vals = new List <object>()
                {
                    CurrentId, ScanTraceRecord.Section, ScanTraceRecord.PluginName, CodeResultFound, KeywordsResultFound, BodyResultFound, SetCookieFound, HeadersFound, RoundtripFound, BA.BaseLineLogId, BA.BaseLinePayload, BA.BaseLineRoundtripTime, BA.BaseLineSession.Response.Code, BA.ResultsXml
                };
                AddAnalysisResultEntry(Vals);
            }
        }
Example #16
0
 public void Trace(Request Req, string Action, string Message)
 {
     IronTrace IT = new IronTrace(Req, this.Name, Action, Message);
     IT.Report();
 }
Example #17
0
 internal static void AddSessionPluginTrace(IronTrace Trace)
 {
     if (Trace != null)
     {
         lock (SessionPluginTraces)
         {
             SessionPluginTraces.Enqueue(Trace);
         }
     }
 }
Example #18
0
        public static void ScanTrace(int ScanID, string PluginName, string Section, string Parameter, string Title, string Message)
        {
            IronTrace IT = new IronTrace(ScanID, PluginName, Section, Parameter, Title, Message, new List <string[]>());

            IT.Report();
        }
Example #19
0
 public static void ScanTrace(int ScanID, string PluginName, string Section, string Parameter, string Title, string Message)
 {
     IronTrace IT = new IronTrace(ScanID, PluginName, Section, Parameter, Title, Message);
     IT.Report();
 }
Example #20
0
 internal LogTraceViewer(IronTrace Trace)
 {
     this.Trace = Trace;
     InitializeComponent();
 }
Example #21
0
 public static void Trace(string Source, string Message)
 {
     IronTrace IT = new IronTrace(Source, Message);
     IT.Report();
 }
Example #22
0
 internal static List<IronTrace> GetScanTraces(int StartID, int Count)
 {
     List<IronTrace> TraceRecords = new List<IronTrace>();
     using(SQLiteConnection DB = new SQLiteConnection("data source=" + TraceLogFile))
     {
     DB.Open();
     using (SQLiteCommand cmd = DB.CreateCommand())
     {
         cmd.CommandText = "SELECT ID, ScanID, PluginName, Section, Parameter, Title, Message, OverviewXml FROM ScanTrace WHERE ID > @StartID ORDER BY ID LIMIT @LIMIT";
         cmd.Parameters.AddWithValue("@StartID", StartID - 1);
         cmd.Parameters.AddWithValue("@LIMIT", Count);
         using (SQLiteDataReader result = cmd.ExecuteReader())
         {
             while (result.Read())
             {
                 IronTrace Trace = new IronTrace();
                 try
                 { Trace.ID = Int32.Parse(result["ID"].ToString()); }
                 catch { continue; }
                 try
                 { Trace.ScanID = Int32.Parse(result["ScanID"].ToString()); }
                 catch { }
                 Trace.PluginName = result["PluginName"].ToString();
                 Trace.Section = result["Section"].ToString();
                 Trace.Parameter = result["Parameter"].ToString();
                 Trace.Title = result["Title"].ToString();
                 try
                 {
                     Trace.MessageXml = result["Message"].ToString();
                 }
                 catch
                 {
                     Trace.Message = result["Message"].ToString();
                 }
                 Trace.OverviewXml = result["OverviewXml"].ToString();
                 TraceRecords.Add(Trace);
             }
         }
     }
     }
     return TraceRecords;
 }
Example #23
0
        public void Trace(Request Req, string Action, string Message)
        {
            IronTrace IT = new IronTrace(Req, this.Name, Action, Message);

            IT.Report();
        }
Example #24
0
 internal static List<IronTrace> GetTraceRecords(int StartID, int Count)
 {
     List<IronTrace> TraceRecords = new List<IronTrace>();
     using (SQLiteConnection DB = new SQLiteConnection("data source=" + TraceLogFile))
     {
         DB.Open();
             using(SQLiteCommand cmd = DB.CreateCommand())
             {
             cmd.CommandText = "SELECT ID, Time, Date, ThreadID, Source, Message FROM Trace WHERE ID > @StartID LIMIT @LIMIT";
             cmd.Parameters.AddWithValue("@StartID", StartID);
             cmd.Parameters.AddWithValue("@LIMIT", Count);
             using(SQLiteDataReader result = cmd.ExecuteReader())
                 {
             while (result.Read())
             {
                 IronTrace Trace = new IronTrace();
                 try
                 { Trace.ID = Int32.Parse(result["ID"].ToString()); }
                 catch { continue; }
                 try
                 { Trace.ThreadID = Int32.Parse(result["ThreadID"].ToString()); }
                 catch { }
                 Trace.Time = result["Time"].ToString();
                 Trace.Date = result["Date"].ToString();
                 Trace.Source = result["Source"].ToString();
                 Trace.Message = result["Message"].ToString();
                 TraceRecords.Add(Trace);
             }
                 }
             }
         }
     return TraceRecords;
 }
Example #25
0
 internal static List<IronTrace> GetScanTraceRecords(int StartID)
 {
     List<IronTrace> TraceRecords = new List<IronTrace>();
     SQLiteConnection DB = new SQLiteConnection("data source=" + TraceLogFile);
     DB.Open();
     try
     {
         SQLiteCommand cmd = DB.CreateCommand();
         cmd.CommandText = "SELECT ID, ScanID, PluginName, Section, Parameter, Title, Message FROM ScanTrace WHERE ID > @StartID LIMIT 1000";
         cmd.Parameters.AddWithValue("@StartID", StartID);
         SQLiteDataReader result = cmd.ExecuteReader();
         while (result.Read())
         {
             IronTrace Trace = new IronTrace();
             try
             { Trace.ID = Int32.Parse(result["ID"].ToString()); }
             catch { continue; }
             try
             { Trace.ScanID = Int32.Parse(result["ScanID"].ToString()); }
             catch { }
             Trace.PluginName = result["PluginName"].ToString();
             Trace.Section = result["Section"].ToString();
             Trace.Parameter = result["Parameter"].ToString();
             Trace.Title = result["Title"].ToString();
             Trace.Message = result["Message"].ToString();
             TraceRecords.Add(Trace);
         }
         result.Close();
     }
     catch (Exception Exp)
     {
         DB.Close();
         throw Exp;
     }
     DB.Close();
     return TraceRecords;
 }