public int GetXmlInjectionPointsCount(Request Req) { this.RequestXml = this.ToXmlFromRequest(Req); this.RequestHash = Tools.MD5(Req.ToString()); string[,] XmlInjectionArray = XmlToArray(this.RequestXml); return(XmlInjectionArray.GetLength(0)); }
public virtual bool Is(Request Request) { try { Request Req = Request.GetClone(); string XmlString = ToXmlFromRequest(Req); if (!Tools.IsXml(XmlString)) { return(false); } Request FinalReq = ToRequestFromXml(Req, XmlString); if (Req.ToString().Equals(FinalReq.ToString())) { return(true); } } catch { return(false); } return(false); }
public Request InjectInRequest(Request Req, int InjectionPoint, string Payload) { string CurrentRequestHash = Tools.MD5(Req.ToString()); string XML = ""; if (this.RequestHash.Equals(CurrentRequestHash)) { XML = this.RequestXml; } else { XML = this.ToXmlFromRequest(Req); this.RequestXml = XML; this.RequestHash = CurrentRequestHash; } string InjectedXml = InjectInXml(this.RequestXml, InjectionPoint, Payload); return(this.ToRequestFromXml(Req.GetClone(true), InjectedXml)); }
internal static bool CanInterceptBasedOnFilter(Request Req) { //Check Hostnames if (InterceptCheckHostNames) { if (InterceptCheckHostNamesPlus && InterceptHostNames.Count > 0) { bool Match = false; foreach (string HostName in InterceptHostNames) { if (Req.Host.Equals(HostName, StringComparison.InvariantCultureIgnoreCase)) { Match = true; break; } } if (!Match) { return false; } } if (InterceptCheckHostNamesMinus && DontInterceptHostNames.Count > 0) { foreach (string HostName in DontInterceptHostNames) { if (Req.Host.Equals(HostName, StringComparison.InvariantCultureIgnoreCase)) { return false; } } } } //Check Methods Rule if (!InterceptGET) { if (Req.Method.Equals("GET", StringComparison.CurrentCultureIgnoreCase)) { return false; } } if (!InterceptPOST) { if (Req.Method.Equals("POST", StringComparison.CurrentCultureIgnoreCase)) { return false; } } if (!InterceptOtherMethods) { if (!(Req.Method.Equals("GET", StringComparison.CurrentCultureIgnoreCase) || Req.Method.Equals("POST", StringComparison.CurrentCultureIgnoreCase))) { return false; } } //Check File Extensions Req.StoredFile = Req.File; if (InterceptCheckFileExtensions && Req.StoredFile.Length > 0) { if (InterceptCheckFileExtensionsPlus && InterceptFileExtensions.Count > 0) { bool Match = false; foreach (string File in InterceptFileExtensions) { if (Req.StoredFile.Equals(File, StringComparison.InvariantCultureIgnoreCase)) { Match = true; break; } } if (!Match) { return false; } } if (InterceptCheckFileExtensionsMinus && DontInterceptFileExtensions.Count > 0) { foreach (string File in DontInterceptFileExtensions) { if (Req.StoredFile.Equals(File, StringComparison.InvariantCultureIgnoreCase)) { return false; } } } } //Check Keyword if (InterceptCheckRequestWithKeyword) { if (InterceptCheckRequestWithKeywordPlus && InterceptRequestWithKeyword.Length > 0) { if (!Req.ToString().Contains(InterceptRequestWithKeyword)) { return false; } } if (InterceptCheckRequestWithKeywordMinus && DontInterceptRequestWithKeyword.Length > 0) { if (Req.ToString().Contains(DontInterceptRequestWithKeyword)) { return false; } } } return true; }
public Request InjectInRequest(Request Req, int InjectionPoint, string Payload) { string CurrentRequestHash = Tools.MD5(Req.ToString()); string XML = ""; if(this.RequestHash.Equals(CurrentRequestHash)) { XML = this.RequestXml; } else { XML = this.ToXmlFromRequest(Req); this.RequestXml = XML; this.RequestHash = CurrentRequestHash; } string InjectedXml = InjectInXml(this.RequestXml, InjectionPoint, Payload); return this.ToRequestFromXml(Req.GetClone(true), InjectedXml); }
public int GetXmlInjectionPointsCount(Request Req) { this.RequestXml = this.ToXmlFromRequest(Req); this.RequestHash = Tools.MD5(Req.ToString()); string[,] XmlInjectionArray = XmlToArray(this.RequestXml); return XmlInjectionArray.GetLength(0); }