public static string Highlight(Request Req, List<string> ToHighlight)
{
string ReqHeader = Req.GetHeadersAsString();
string Body = Req.BodyString;
ReqHeader = InsertHighlights(ReqHeader, ToHighlight);
Body = InsertHighlights(Body, ToHighlight);
StringBuilder SB = new StringBuilder();
SB.Append(SnipHeaderSection(ReqHeader));
SB.AppendLine(); SB.AppendLine();
SB.Append(SnipBodySection(Body));
return SB.ToString();
}
public static string Highlight(Request Req, List <string> ToHighlight)
{
string ReqHeader = Req.GetHeadersAsString();
string Body = Req.BodyString;
ReqHeader = InsertHighlights(ReqHeader, ToHighlight);
Body = InsertHighlights(Body, ToHighlight);
StringBuilder SB = new StringBuilder();
SB.Append(SnipHeaderSection(ReqHeader));
SB.AppendLine(); SB.AppendLine();
SB.Append(SnipBodySection(Body));
return(SB.ToString());
}
internal static void UpdateScan(int ScanID, Request Req, string Status, string InjectionPoints, string FormatPlugin, string ScanPlugins, string SessionPlugin)
{
using(SQLiteConnection DB = new SQLiteConnection("data source=" + IronProjectFile))
{
DB.Open();
using(SQLiteCommand Cmd = DB.CreateCommand())
{
Cmd.CommandText = "UPDATE ScanQueue SET RequestHeaders=@RequestHeaders, RequestBody=@RequestBody, BinaryRequest=@BinaryRequest, Status=@Status, Method=@Method, URL=@URL, SessionPlugin=@SessionPlugin, InjectionPoints=@InjectionPoints, FormatPlugin=@FormatPlugin, ScanPlugins=@ScanPlugins WHERE ScanID=@ScanID";
Cmd.Parameters.AddWithValue("@ScanID", ScanID);
Cmd.Parameters.AddWithValue("@RequestHeaders", Req.GetHeadersAsString());
if(Req.IsBinary)
Cmd.Parameters.AddWithValue("@RequestBody", Req.BinaryBodyString);
else
Cmd.Parameters.AddWithValue("@RequestBody", Req.BodyString);
Cmd.Parameters.AddWithValue("@BinaryRequest", AsInt(Req.IsBinary));
Cmd.Parameters.AddWithValue("@Status", Status);
Cmd.Parameters.AddWithValue("@Method", Req.Method);
Cmd.Parameters.AddWithValue("@URL", Req.FullUrl);
Cmd.Parameters.AddWithValue("@SessionPlugin", SessionPlugin);
Cmd.Parameters.AddWithValue("@InjectionPoints", InjectionPoints);
Cmd.Parameters.AddWithValue("@FormatPlugin", FormatPlugin);
Cmd.Parameters.AddWithValue("@ScanPlugins", ScanPlugins);
Cmd.ExecuteNonQuery();
}
}
}
internal static void CreateScan(int ScanID, Request Req)
{
using(SQLiteConnection DB = new SQLiteConnection("data source=" + IronProjectFile))
{
DB.Open();
using (SQLiteCommand Cmd = DB.CreateCommand())
{
Cmd.CommandText = "INSERT INTO ScanQueue (ScanID, RequestHeaders, RequestBody, BinaryRequest, Status, Method, URL) VALUES (@ScanID, @RequestHeaders, @RequestBody, @BinaryRequest, @Status, @Method, @URL)";
Cmd.Parameters.AddWithValue("@ScanID", ScanID);
Cmd.Parameters.AddWithValue("@RequestHeaders", Req.GetHeadersAsString());
if (Req.IsBinary)
Cmd.Parameters.AddWithValue("@RequestBody", Req.BinaryBodyString);
else
Cmd.Parameters.AddWithValue("@RequestBody", Req.BodyString);
Cmd.Parameters.AddWithValue("@BinaryRequest", AsInt(Req.IsBinary));
Cmd.Parameters.AddWithValue("@Status", "Not Started");
Cmd.Parameters.AddWithValue("@Method", Req.Method);
Cmd.Parameters.AddWithValue("@URL", Req.FullUrl);
Cmd.ExecuteNonQuery();
}
}
//CreateScan(ScanID, Req, "Not Started", "", "", "", "");
}
internal static void LogMTRequest(Request Request)
{
using (SQLiteConnection MT_DB = new SQLiteConnection("data source=" + TestLogFile))
{
MT_DB.Open();
using (SQLiteCommand Cmd = MT_DB.CreateCommand())
{
Cmd.CommandText = "INSERT INTO TestLog (ID, SSL, HostName, Method, URL, File, Parameters, RequestHeaders, RequestBody, BinaryRequest, Notes) VALUES (@ID, @SSL, @HostName, @Method, @URL, @File, @Parameters, @RequestHeaders, @RequestBody, @BinaryRequest, @Notes)";
Cmd.Parameters.AddWithValue("@ID", Request.ID);
Cmd.Parameters.AddWithValue("@SSL", AsInt(Request.SSL));
Cmd.Parameters.AddWithValue("@HostName", Request.Host);
Cmd.Parameters.AddWithValue("@Method", Request.Method);
Cmd.Parameters.AddWithValue("@URL", Request.URL);
Cmd.Parameters.AddWithValue("@File", Request.File);
Cmd.Parameters.AddWithValue("@Parameters", Request.GetParametersString());
//Cmd.Parameters.AddWithValue("@RequestHeaders", Request.GetHeadersAsStringWithoutFullURL());
Cmd.Parameters.AddWithValue("@RequestHeaders", Request.GetHeadersAsString());
if (Request.IsBinary)
Cmd.Parameters.AddWithValue("@RequestBody", Request.BinaryBodyString);
else
Cmd.Parameters.AddWithValue("@RequestBody", Request.BodyString);
//Cmd.Parameters.AddWithValue("@RequestBody", Request.BodyString);
Cmd.Parameters.AddWithValue("@BinaryRequest", AsInt(Request.IsBinary));
Cmd.Parameters.AddWithValue("@Notes", "Some Notes");
Cmd.ExecuteNonQuery();
}
}
}
public static string GetRequestTriggerHighlighting(string Trigg, Request Req)
{
StringBuilder SB = new StringBuilder();
string ReqHeader = Req.GetHeadersAsString();
string ReqBody = Req.BodyString;
List<string> AllTriggerVariations = new List<string>();
AllTriggerVariations.Add(Trigg);
if (!AllTriggerVariations.Contains(Request.PathPartEncode(Trigg))) AllTriggerVariations.Add(Request.PathPartEncode(Trigg));
if (!AllTriggerVariations.Contains(QueryParameters.Encode(Trigg))) AllTriggerVariations.Add(QueryParameters.Encode(Trigg));
if (!AllTriggerVariations.Contains(CookieParameters.Encode(Trigg))) AllTriggerVariations.Add(CookieParameters.Encode(Trigg));
if (!AllTriggerVariations.Contains(HeaderParameters.Encode(Trigg))) AllTriggerVariations.Add(HeaderParameters.Encode(Trigg));
try
{
List<string> HeaderAdjustments = GetHeaderVariations(Trigg, Req.Headers, ReqHeader);
foreach (string HA in HeaderAdjustments)
{
if (!AllTriggerVariations.Contains(HA))
{
AllTriggerVariations.Add(HA);
}
}
}
catch { }
List<string> HeaderTriggerVariations = new List<string>();
foreach (string CurrentVariation in AllTriggerVariations)
{
if (!HeaderTriggerVariations.Contains(CurrentVariation) && ReqHeader.Contains(CurrentVariation))
{
HeaderTriggerVariations.Add(CurrentVariation);
}
}
ReqHeader = Highlighter.InsertHighlights(ReqHeader, HeaderTriggerVariations);
ReqBody = GetRequestBodyHighlighting(ReqBody, Trigg);
if (!ReqHeader.Contains("<i<hlg>>") && !ReqBody.Contains("<i<hlg>>"))
{
foreach (string TriggLine in Tools.SplitLines(Trigg))
{
ReqBody = GetRequestBodyHighlighting(ReqBody, TriggLine);
}
}
SB.Append(Highlighter.SnipHeaderSection(ReqHeader).TrimEnd());
SB.AppendLine(); SB.AppendLine();
SB.Append(Highlighter.SnipBodySection(ReqBody));
return SB.ToString().Replace("\n", "<i<br>>");
}
public static bool IsSame(Request A, Request B)
{
try
{
if (!A.GetHeadersAsString().Equals(B.GetHeadersAsString())) return false;
if (A.BodyLength != B.BodyLength) return false;
for (int i = 0; i < A.BodyLength; i++)
{
if (A.BodyArray[i] != B.BodyArray[i]) return false;
}
}
catch { return false; }
return true;
}
public static string GetRequestTriggerHighlighting(string Trigg, Request Req)
{
StringBuilder SB = new StringBuilder();
string ReqHeader = Req.GetHeadersAsString();
string ReqBody = Req.BodyString;
List <string> AllTriggerVariations = new List <string>();
AllTriggerVariations.Add(Trigg);
if (!AllTriggerVariations.Contains(Request.PathPartEncode(Trigg)))
{
AllTriggerVariations.Add(Request.PathPartEncode(Trigg));
}
if (!AllTriggerVariations.Contains(QueryParameters.Encode(Trigg)))
{
AllTriggerVariations.Add(QueryParameters.Encode(Trigg));
}
if (!AllTriggerVariations.Contains(CookieParameters.Encode(Trigg)))
{
AllTriggerVariations.Add(CookieParameters.Encode(Trigg));
}
if (!AllTriggerVariations.Contains(HeaderParameters.Encode(Trigg)))
{
AllTriggerVariations.Add(HeaderParameters.Encode(Trigg));
}
try
{
List <string> HeaderAdjustments = GetHeaderVariations(Trigg, Req.Headers, ReqHeader);
foreach (string HA in HeaderAdjustments)
{
if (!AllTriggerVariations.Contains(HA))
{
AllTriggerVariations.Add(HA);
}
}
}
catch { }
List <string> HeaderTriggerVariations = new List <string>();
foreach (string CurrentVariation in AllTriggerVariations)
{
if (!HeaderTriggerVariations.Contains(CurrentVariation) && ReqHeader.Contains(CurrentVariation))
{
HeaderTriggerVariations.Add(CurrentVariation);
}
}
ReqHeader = Highlighter.InsertHighlights(ReqHeader, HeaderTriggerVariations);
ReqBody = GetRequestBodyHighlighting(ReqBody, Trigg);
if (!ReqHeader.Contains("<i<hlg>>") && !ReqBody.Contains("<i<hlg>>"))
{
foreach (string TriggLine in Tools.SplitLines(Trigg))
{
ReqBody = GetRequestBodyHighlighting(ReqBody, TriggLine);
}
}
SB.Append(Highlighter.SnipHeaderSection(ReqHeader).TrimEnd());
SB.AppendLine(); SB.AppendLine();
SB.Append(Highlighter.SnipBodySection(ReqBody));
return(SB.ToString().Replace("\n", "<i<br>>"));
}
