public int GetXmlInjectionPointsCount(Request Req)
{
this.RequestXml = this.ToXmlFromRequest(Req);
this.RequestHash = Tools.MD5(Req.ToString());
string[,] XmlInjectionArray = XmlToArray(this.RequestXml);
return(XmlInjectionArray.GetLength(0));
}
public virtual bool Is(Request Request)
{
try
{
Request Req = Request.GetClone();
string XmlString = ToXmlFromRequest(Req);
if (!Tools.IsXml(XmlString))
{
return(false);
}
Request FinalReq = ToRequestFromXml(Req, XmlString);
if (Req.ToString().Equals(FinalReq.ToString()))
{
return(true);
}
}
catch { return(false); }
return(false);
}
public Request InjectInRequest(Request Req, int InjectionPoint, string Payload)
{
string CurrentRequestHash = Tools.MD5(Req.ToString());
string XML = "";
if (this.RequestHash.Equals(CurrentRequestHash))
{
XML = this.RequestXml;
}
else
{
XML = this.ToXmlFromRequest(Req);
this.RequestXml = XML;
this.RequestHash = CurrentRequestHash;
}
string InjectedXml = InjectInXml(this.RequestXml, InjectionPoint, Payload);
return(this.ToRequestFromXml(Req.GetClone(true), InjectedXml));
}
internal static bool CanInterceptBasedOnFilter(Request Req)
{
//Check Hostnames
if (InterceptCheckHostNames)
{
if (InterceptCheckHostNamesPlus && InterceptHostNames.Count > 0)
{
bool Match = false;
foreach (string HostName in InterceptHostNames)
{
if (Req.Host.Equals(HostName, StringComparison.InvariantCultureIgnoreCase))
{
Match = true;
break;
}
}
if (!Match)
{
return false;
}
}
if (InterceptCheckHostNamesMinus && DontInterceptHostNames.Count > 0)
{
foreach (string HostName in DontInterceptHostNames)
{
if (Req.Host.Equals(HostName, StringComparison.InvariantCultureIgnoreCase))
{
return false;
}
}
}
}
//Check Methods Rule
if (!InterceptGET)
{
if (Req.Method.Equals("GET", StringComparison.CurrentCultureIgnoreCase))
{
return false;
}
}
if (!InterceptPOST)
{
if (Req.Method.Equals("POST", StringComparison.CurrentCultureIgnoreCase))
{
return false;
}
}
if (!InterceptOtherMethods)
{
if (!(Req.Method.Equals("GET", StringComparison.CurrentCultureIgnoreCase) || Req.Method.Equals("POST", StringComparison.CurrentCultureIgnoreCase)))
{
return false;
}
}
//Check File Extensions
Req.StoredFile = Req.File;
if (InterceptCheckFileExtensions && Req.StoredFile.Length > 0)
{
if (InterceptCheckFileExtensionsPlus && InterceptFileExtensions.Count > 0)
{
bool Match = false;
foreach (string File in InterceptFileExtensions)
{
if (Req.StoredFile.Equals(File, StringComparison.InvariantCultureIgnoreCase))
{
Match = true;
break;
}
}
if (!Match)
{
return false;
}
}
if (InterceptCheckFileExtensionsMinus && DontInterceptFileExtensions.Count > 0)
{
foreach (string File in DontInterceptFileExtensions)
{
if (Req.StoredFile.Equals(File, StringComparison.InvariantCultureIgnoreCase))
{
return false;
}
}
}
}
//Check Keyword
if (InterceptCheckRequestWithKeyword)
{
if (InterceptCheckRequestWithKeywordPlus && InterceptRequestWithKeyword.Length > 0)
{
if (!Req.ToString().Contains(InterceptRequestWithKeyword))
{
return false;
}
}
if (InterceptCheckRequestWithKeywordMinus && DontInterceptRequestWithKeyword.Length > 0)
{
if (Req.ToString().Contains(DontInterceptRequestWithKeyword))
{
return false;
}
}
}
return true;
}
public Request InjectInRequest(Request Req, int InjectionPoint, string Payload)
{
string CurrentRequestHash = Tools.MD5(Req.ToString());
string XML = "";
if(this.RequestHash.Equals(CurrentRequestHash))
{
XML = this.RequestXml;
}
else
{
XML = this.ToXmlFromRequest(Req);
this.RequestXml = XML;
this.RequestHash = CurrentRequestHash;
}
string InjectedXml = InjectInXml(this.RequestXml, InjectionPoint, Payload);
return this.ToRequestFromXml(Req.GetClone(true), InjectedXml);
}
public int GetXmlInjectionPointsCount(Request Req)
{
this.RequestXml = this.ToXmlFromRequest(Req);
this.RequestHash = Tools.MD5(Req.ToString());
string[,] XmlInjectionArray = XmlToArray(this.RequestXml);
return XmlInjectionArray.GetLength(0);
}
