//#Check logic based on https://github.com/Zapotek/arachni/blob/master/modules/audit/code_injection.rb of the Arachni project
//#Override the Check method of the base class with custom functionlity
public override void Check(Scanner scnr)
{
this.Scnr = scnr;
this.RequestTriggers = new List<string>();
this.ResponseTriggers = new List<string>();
this.RequestTriggerDescs = new List<string>();
this.ResponseTriggerDescs = new List<string>();
this.TriggerRequests = new List<Request>();
this.TriggerResponses = new List<Response>();
this.TriggerCount = 0;
this.Reasons = new List<FindingReason>();
this.CheckForCodeInjection();
}
public override void Check(Scanner scnr)
{
this.Scnr = scnr;
this.RequestTriggers = new List<string>();
this.ResponseTriggers = new List<string>();
this.RequestTriggerDescs = new List<string>();
this.ResponseTriggerDescs = new List<string>();
this.TriggerRequests = new List<Request>();
this.TriggerResponses = new List<Response>();
this.TriggerCount = 0;
this.Reasons = new List<FindingReason>();
this.CheckForELI();
this.AnalyzeTestResult();
}
//#Override the Check method of the base class with custom functionlity
public override void Check(Scanner scnr)
{
this.Scnr = scnr;
this.ConfidenceLevel = 0;
this.RequestTriggers = new List<string>();
this.ResponseTriggers = new List<string>();
this.RequestTriggerDescs = new List<string>();
this.ResponseTriggerDescs = new List<string>();
this.TriggerRequests = new List<Request>();
this.TriggerResponses = new List<Response>();
this.TriggerCount = 0;
this.Reasons = new List<FindingReason>();
this.CheckForRemoteFileInclude();
}
//#Override the Check method of the base class with custom functionlity
public override void Check(Scanner scnr)
{
this.Scnr = scnr;
this.BaseResponse = this.Scnr.BaseResponse;
this.RequestTriggers = new List<string>();
this.ResponseTriggers = new List<string>();
this.RequestTriggerDescs = new List<string>();
this.ResponseTriggerDescs = new List<string>();
this.TriggerRequests = new List<Request>();
this.TriggerResponses = new List<Response>();
this.TriggerCount = 0;
this.Reasons = new List<FindingReason>();
this.CheckForCommandInjection();
this.AnalyzeTestResults();
}
//Override the Check method of the base class with custom functionlity
public override void Check(Scanner Scnr)
{
this.Scnr = Scnr;
this.RequestTriggers = new List<string>();
this.ResponseTriggers = new List<string>();
this.RequestTriggerDescs = new List<string>();
this.ResponseTriggerDescs = new List<string>();
this.TriggerRequests = new List<Request>();
this.TriggerResponses = new List<Response>();
this.TriggerCount = 0;
this.reasons = new List<FindingReason>();
this.ConfidenceLevel = 0;
this.base_response = this.Scnr.BaseResponse;
this.ErrorCount = new int[] { 0, 0, 0 };
this.Errors = new List<string>();
this.ErrorTriggerCount = 0;
this.Scnr.Trace("<i<br>><i<h>>Checking for SQL Injection:<i</h>>");
int overall_error_score = this.CheckForErrorBasedSQLi();
int overall_blind_score = this.CheckForBlindSQLi();
int overall_score = overall_error_score + overall_blind_score;
if (this.RequestTriggers.Count == this.ErrorTriggerCount && (this.ErrorCount[0] + this.ErrorCount[1] + this.ErrorCount[2]) > 0 && (this.ErrorCount[0] == this.ErrorCount[1] && this.ErrorCount[1] == this.ErrorCount[2]))
{
this.ReportSQLError(this.Errors);
}
else if (overall_score > 7)
{
this.ReportSQLInjection(FindingConfidence.High);
}
else if (overall_score > 4)
{
this.ReportSQLInjection(FindingConfidence.Medium);
}
else if (overall_score > 3)
{
this.ReportSQLInjection(FindingConfidence.Low);
}
//overall_blind_score = this.CheckForBlindSQLi(Request, Scanner)
//overall_score = overall_error_score + overall_blind_score
//if(overall_score == 0):
// return
}
public override void Check(Scanner scnr)
{
//#Check logic based on https://github.com/fnordbg/SSI-Scan
this.Scnr = scnr;
this.Scnr.Trace("<i<br>><i<h>>Checking for Server Side Includes Injection:<i</h>><i<br>><i<br>>");
List<string> payloads = new List<string>() {string.Format("{0}\"'><!--#printenv -->", this.Scnr.PreInjectionParameterValue), "\"'><!--#printenv -->", "<!--#printenv -->"};
foreach(string payload in payloads)
{
this.Scnr.RequestTrace("Injected - " + payload);
Response res = this.Scnr.Inject(payload);
if (res.BodyString.Contains("REMOTE_ADDR") && res.BodyString.Contains("DATE_LOCAL") && res.BodyString.Contains("DATE_GMT") && res.BodyString.Contains("DOCUMENT_URI") && res.BodyString.Contains("LAST_MODIFIED"))
{
this.Scnr.ResponseTrace(" ==> <i<cr>> Got contents of Environment variables in the response body. Indicates SSI Injection.<i</cr>>");
this.reason = this.GetReason(payload, new List<string>() {"REMOTE_ADDR", "DATE_LOCAL", "DATE_GMT", "DOCUMENT_URI", "LAST_MODIFIED"});
this.ReportSSI(payload, string.Format("The payload in this request contains a SSI snippet <!--#printenv--> which if executed will print the contents of the environment variables. The payload is: {0}", payload), string.Join("\r\n", new string[] {"REMOTE_ADDR", "DATE_LOCAL", "DATE_GMT", "DOCUMENT_URI", "LAST_MODIFIED"}), "This response contains some keywords that are similar to some standard environment variable names.");
return;
}
else
{
this.Scnr.ResponseTrace(" ==> The response does not contain any Environment variable information.");
}
}
this.Scnr.Trace("<i<br>>No indication for presence of SSI Injection");
}
Scanner SetSessionPlugin(Scanner Scan)
{
if (SelectedSessionPlugin.Length > 0)
{
Scan.SessionHandler = SessionPlugin.Get(SelectedSessionPlugin);
}
else
{
Scan.SessionHandler = new SessionPlugin();
}
return Scan;
}
static void DoScan()
{
Spider = new Crawler();
Spider.PrimaryHost = PrimaryHost;
Spider.BaseUrl = BaseUrl;
Spider.StartingUrl = StartingUrl;
Spider.PerformDirAndFileGuessing = PerformDirAndFileGuessing;
Spider.IncludeSubDomains = IncludeSubDomains;
Spider.HTTP = HTTP;
Spider.HTTPS = HTTPS;
Spider.UrlsToAvoid = UrlsToAvoid;
Spider.HostsToInclude = HostsToInclude;
Spider.Start();
ScanItemUniquenessChecker UniqueChecker = new ScanItemUniquenessChecker(Mode != ScanMode.Default);
Thread.Sleep(5000);
List<int> ScanIDs = new List<int>();
bool ScanActive = true;
List<string> ActivePlugins = ActivePlugin.List();
int TotalRequestsCrawled = 0;
int TotalScanJobsCreated = 0;
int TotalScanJobsCompleted = 0;
List<Request> ScannedRequests = new List<Request>();
while (ScanActive)
{
ScanActive = false;
List<Request> Requests = Spider.GetCrawledRequests();
if (Requests.Count > 0 || Spider.IsActive())
{
ScanActive = true;
if (CrawlAndScan)
{
TotalRequestsCrawled = TotalRequestsCrawled + Requests.Count;
//update the ui with the number of requests crawled
foreach (Request Req in Requests)
{
if (!CanScan(Req)) continue;
if (Mode == ScanMode.UserConfigured && !UniqueChecker.IsUniqueToScan(Req, ScannedRequests, false)) continue;
Scanner S = new Scanner(Req);
S.CheckAll();
S.InjectAll();
if (!FormatPlugin.IsNormal(Req))
{
List<FormatPlugin> RightList = FormatPlugin.Get(Req);
if (RightList.Count > 0)
{
S.BodyFormat = RightList[0];
}
}
if (S.InjectionPointsCount == 0) continue;
TotalScanJobsCreated++;
if (Stopped) return;
int ScanID = S.LaunchScan();
if (ScanID > 0)
{
ScannedRequests.Add(Req);
ScanIDs.Add(ScanID);
}
}
}
}
if (CrawlAndScan)
{
List<int> ScanIDsToRemove = new List<int>();
List<int> AbortedScanIDs = Scanner.GetAbortedScanIDs();
List<int> CompletedScanIDs = Scanner.GetCompletedScanIDs();
for (int i = 0; i < ScanIDs.Count; i++)
{
if (CompletedScanIDs.Contains(ScanIDs[i]))
{
ScanIDsToRemove.Add(i);
TotalScanJobsCompleted++;
}
else if (AbortedScanIDs.Contains(ScanIDs[i]))
{
ScanIDsToRemove.Add(i);
}
}
for (int i = 0; i < ScanIDsToRemove.Count; i++)
{
ScanIDs.RemoveAt(ScanIDsToRemove[i] - i);
}
}
if (ScanActive)
{
Thread.Sleep(2000);
}
else
{
if (ScanIDs.Count > 0)
{
ScanActive = true;
Thread.Sleep(5000);
}
}
IronUI.UpdateConsoleCrawledRequestsCount(TotalRequestsCrawled);
IronUI.UpdateConsoleScanJobsCreatedCount(TotalScanJobsCreated);
IronUI.UpdateConsoleScanJobsCompletedCount(TotalScanJobsCompleted);
}
Stop();
}
void FillInjectionsPointsinUI(Scanner Scanner)
{
bool AllUlr = ASRequestScanURLGrid.Rows.Count > 0;
foreach (DataGridViewRow Row in this.ASRequestScanURLGrid.Rows)
{
bool Result = Scanner.URLInjections.Contains(Row.Index);
if (AllUlr)
{
AllUlr = Result;
}
Row.Cells[0].Value = Result;
}
int SubParameterIndex = 0;
string LastParameterName = "";
bool AllQuery = ASRequestScanQueryGrid.Rows.Count > 0;
foreach (DataGridViewRow Row in this.ASRequestScanQueryGrid.Rows)
{
string Name = Row.Cells[1].Value.ToString();
if (Name.Equals(LastParameterName))
{
SubParameterIndex++;
}
else
{
SubParameterIndex = 0;
}
bool Result = Scanner.QueryInjections.Has(Name) && Scanner.QueryInjections.GetAll(Name).Contains(SubParameterIndex);
if (AllQuery)
{
AllQuery = Result;
}
Row.Cells[0].Value = Result;
LastParameterName = Name;
}
SubParameterIndex = 0;
LastParameterName = "";
bool AllBody = ConfigureScanRequestBodyGrid.Rows.Count > 0;
if (Scanner.BodyFormat.Name.Length == 0)
{
foreach (DataGridViewRow Row in this.ConfigureScanRequestBodyGrid.Rows)
{
string Name = Row.Cells[1].Value.ToString();
if (Name.Equals(LastParameterName))
{
SubParameterIndex++;
}
else
{
SubParameterIndex = 0;
}
bool Result = Scanner.BodyInjections.Has(Name) && Scanner.BodyInjections.GetAll(Name).Contains(SubParameterIndex);
if (AllBody)
{
AllBody = Result;
}
Row.Cells[0].Value = Result;
LastParameterName = Name;
}
}
else
{
foreach (DataGridViewRow Row in this.ConfigureScanRequestBodyGrid.Rows)
{
bool Result = Scanner.BodyXmlInjections.Contains(Row.Index);
if (AllBody)
{
AllBody = Result;
}
Row.Cells[0].Value = Result;
}
}
SubParameterIndex = 0;
LastParameterName = "";
bool AllCookie = ASRequestScanCookieGrid.Rows.Count > 0;
foreach (DataGridViewRow Row in this.ASRequestScanCookieGrid.Rows)
{
string Name = Row.Cells[1].Value.ToString();
if (Name.Equals(LastParameterName))
{
SubParameterIndex++;
}
else
{
SubParameterIndex = 0;
}
bool Result = Scanner.CookieInjections.Has(Name) && Scanner.CookieInjections.GetAll(Name).Contains(SubParameterIndex);
if (AllCookie)
{
AllCookie = Result;
}
Row.Cells[0].Value = Result;
LastParameterName = Name;
}
SubParameterIndex = 0;
LastParameterName = "";
bool AllHeaders = ASRequestScanHeadersGrid.Rows.Count > 0;
foreach (DataGridViewRow Row in this.ASRequestScanHeadersGrid.Rows)
{
string Name = Row.Cells[1].Value.ToString();
if (Name.Equals(LastParameterName))
{
SubParameterIndex++;
}
else
{
SubParameterIndex = 0;
}
bool Result = Scanner.HeadersInjections.Has(Name) && Scanner.HeadersInjections.GetAll(Name).Contains(SubParameterIndex);
if (AllHeaders)
{
AllHeaders = Result;
}
Row.Cells[0].Value = Result;
LastParameterName = Name;
}
ASRequestScanAllCB.Checked = AllUlr && AllQuery && AllBody && AllCookie && AllHeaders;
ASRequestScanURLCB.Checked = AllUlr;
ASRequestScanQueryCB.Checked = AllQuery ;
ASRequestScanBodyCB.Checked = AllBody;
ASRequestScanCookieCB.Checked = AllCookie;
ASRequestScanHeadersCB.Checked = AllHeaders;
}
Scanner SetFormatPlugin(Scanner S)
{
Request RequestToScan = S.OriginalRequest;
if (!FormatPlugin.IsNormal(RequestToScan))
{
string FPName = FormatPlugin.Get(RequestToScan, FormatPlugins);
if (FPName.Length > 0 && FPName != "Normal")
{
S.BodyFormat = FormatPlugin.Get(FPName);
}
}
return S;
}
public virtual void Check(Scanner Scan)
{
}
internal static void SetScannerFromDBToUiAfterProcessing(Scanner ScannerFromDb)
{
ScannerFromDb.OriginalRequest.Source = RequestSource.Scan;
string[,] XmlInjectionPoints = new string[,] { };
string XML = "";
//try
//{
// if (ScannerFromDb.Status.Equals("Not Started"))
// {
// if (ScannerFromDb.BodyFormat.Name.Length == 0 && ScannerFromDb.CustomInjectionPointStartMarker.Length == 0 && ScannerFromDb.CustomInjectionPointEndMarker.Length == 0 && !FormatPlugin.IsNormal(ScannerFromDb.OriginalRequest))
// {
// List<FormatPlugin> RightList = FormatPlugin.Get(ScannerFromDb.OriginalRequest);
// if (RightList.Count > 0)
// {
// ScannerFromDb.BodyFormat = RightList[0];
// XML = ScannerFromDb.BodyFormat.ToXmlFromRequest(ScannerFromDb.OriginalRequest);
// XmlInjectionPoints = FormatPlugin.XmlToArray(XML);
// }
// }
// }
//}
//catch (Exception Exp) { IronException.Report("Error guessing Request body type", Exp); }
Scanner.CurrentScanner = ScannerFromDb;
Scanner.CurrentScanID = ScannerFromDb.ID;
IronUI.SetAutomatedScanningScanner(ScannerFromDb, XML, XmlInjectionPoints);
}
static Scanner SetSessionPlugin(Scanner Scan)
{
if (SessionPlugin.Length > 0)
{
Scan.SessionHandler = IronWASP.SessionPlugin.Get(SessionPlugin);
}
else
{
Scan.SessionHandler = new SessionPlugin();
}
return Scan;
}
internal static void SetAutomatedScanningScanner(Scanner ScannerToSet, string XML, string[,] XmlInjectionPoints)
{
if (UI.ASRequestTabs.InvokeRequired)
{
SetAutomatedScanningScanner_d SASS_d = new SetAutomatedScanningScanner_d(SetAutomatedScanningScanner);
UI.Invoke(SASS_d, new object[] { ScannerToSet, XML, XmlInjectionPoints });
}
else
{
try
{
Scanner.CurrentScanner = ScannerToSet;
Scanner.CurrentScanID = ScannerToSet.ID;
IronUI.FillConfigureScanFullFields(ScannerToSet.OriginalRequest);
UI.ASRequestTabs.SelectTab(0);
IronUI.UpdateScanTabsWithRequestData();
//if (ScannerToSet.BodyFormat.Name.Length > 0 && XmlInjectionPoints.Length > 0 && ScannerToSet.Status.Equals("Not Started"))
// IronUI.FillConfigureScanFormatDetails(XML, XmlInjectionPoints, new List<bool>(), false, ScannerToSet.BodyFormat.Name);
UI.ScanIDLbl.Text = string.Format("Scan ID: {0}", ScannerToSet.ID);
UI.ScanStatusLbl.Text = string.Format("Scan Status: {0}", ScannerToSet.Status);
Scanner.ResetChangedStatus();
UI.ScanTopPanel.Visible = false;
UI.ScanJobsBaseSplit.SplitterDistance = 350;
UI.ScanDisplayPanel.Visible = true;
}
catch (Exception Exp)
{
IronException.Report("Unable to display Request in 'Automated Scanning' section", Exp.Message, Exp.StackTrace);
IronUI.ShowConfigureScanException("Unable to display request");
return;
}
if (UI.ASScanPluginsGrid.Rows.Count > 0)
{
UI.ASScanPluginsGrid.Rows[0].Cells[0].Value = false;
foreach (DataGridViewRow Row in UI.ASScanPluginsGrid.Rows)
{
if (Row.Index > 0)
{
Row.Cells[0].Value = ScannerToSet.ShowChecks().Contains(Row.Cells[1].Value.ToString());
}
}
if (UI.ASScanPluginsGrid.Rows.Count > 1)
{
bool AllSelected = true;
for (int i = 1; i < UI.ASScanPluginsGrid.Rows.Count; i++)
{
if (!(bool)UI.ASScanPluginsGrid.Rows[i].Cells[0].Value)
{
AllSelected = false;
break;
}
}
if (AllSelected) UI.ASScanPluginsGrid.Rows[0].Cells[0].Value = true;
}
}
if (ScannerToSet.SessionHandler.Name.Length > 0)
UI.SessionPluginLbl.Text = string.Format("Selection Plugin: {0}", ScannerToSet.SessionHandler.Name);
else
UI.SessionPluginLbl.Text = "Selection Plugin: -";
//UI.ASSessionPluginsCombo.Items.Add("");
//int SelectedSessionPluginID = -1;
//bool SelectedSessionPluginFound = false;
//foreach (string Name in SessionPlugin.List())
//{
// int ItemID = UI.ASSessionPluginsCombo.Items.Add(Name);
// if (!SelectedSessionPluginFound)
// {
// if (ScannerToSet.SessionHandler.Name.Equals(Name))
// {
// SelectedSessionPluginID = ItemID;
// SelectedSessionPluginFound = true;
// }
// }
//}
//if (SelectedSessionPluginID >= 0) UI.ASSessionPluginsCombo.SelectedIndex = SelectedSessionPluginID;
try
{
FillInjectionsPointsinUI(ScannerToSet);
}
catch (Exception Exp)
{
IronException.Report("Error restoring 'Automated Scan' configuration information from DB", Exp.Message, Exp.StackTrace);
IronUI.ShowConfigureScanException("Error retriving scan information");
}
string ScanStatus = ScannerToSet.Status;
if (ScanStatus.Equals("Completed"))
{
UI.ASStartScanBtn.Text = "Scan Again";
}
else if (ScanStatus.Equals("Running"))
{
UI.ASStartScanBtn.Text = "Stop Scan";
}
else if (ScanStatus.Equals("Not Started") || ScanStatus.Equals("Incomplete") || ScanStatus.Equals("Aborted") || ScanStatus.Equals("Stopped"))
{
UI.ASStartScanBtn.Text = "Start Scan";
}
if (!UI.ASBaseTabs.SelectedTab.Name.Equals("ASRequestTab"))
UI.ASBaseTabs.SelectTab("ASRequestTab");
UI.ASStartScanBtn.Enabled = true;
}
}
Scanner UpdateScannerFromUi(Scanner NewScanner, string SessionPluginName)
{
//Body must come above everything else because for a custom injection marker selection a new scanner object is created.
int SubParameterPosition = 0;
string ParameterName = "";
#region BodyInjectionPoints
if (BodyTypeNormalRB.Checked)
{
SubParameterPosition = 0;
ParameterName = "";
foreach (DataGridViewRow Row in this.ScanBodyTypeNormalGrid.Rows)
{
string CurrentParameterName = Row.Cells[1].Value.ToString();
if (ParameterName.Equals(CurrentParameterName))
{
SubParameterPosition++;
}
else
{
ParameterName = CurrentParameterName;
SubParameterPosition = 0;
}
if ((bool)Row.Cells[0].Value)
{
NewScanner.InjectBody(ParameterName, SubParameterPosition);
}
}
}
else if (BodyTypeFormatPluginRB.Checked)
{
bool FormatPluginSelected = false;
bool FormatPluginInjectionPointSelected = false;
foreach (DataGridViewRow Row in FormatPluginsGrid.Rows)
{
if ((bool)Row.Cells[0].Value)
{
NewScanner.BodyFormat = FormatPlugin.Get(Row.Cells[1].Value.ToString());
FormatPluginSelected = true;
break;
}
}
foreach (DataGridViewRow Row in this.BodyTypeFormatPluginGrid.Rows)
{
if ((bool)Row.Cells[0].Value)
{
FormatPluginInjectionPointSelected = true;
break;
}
}
if (FormatPluginSelected && FormatPluginInjectionPointSelected)
{
NewScanner.InjectionArrayXML = FormatXMLTB.Text;
NewScanner.XmlInjectionArray = new string[BodyTypeFormatPluginGrid.Rows.Count, 2];
NewScanner.BodyXmlInjectionParameters = new Parameters();
for (int i = 0; i < BodyTypeFormatPluginGrid.Rows.Count; i++)
{
NewScanner.XmlInjectionArray[i, 0] = BodyTypeFormatPluginGrid.Rows[i].Cells[1].Value.ToString();
NewScanner.XmlInjectionArray[i, 1] = BodyTypeFormatPluginGrid.Rows[i].Cells[2].Value.ToString();
NewScanner.BodyXmlInjectionParameters.Add(NewScanner.XmlInjectionArray[i, 0], NewScanner.XmlInjectionArray[i, 1]);
}
foreach (DataGridViewRow Row in this.BodyTypeFormatPluginGrid.Rows)
{
if ((bool)Row.Cells[0].Value)
{
NewScanner.InjectBody(Row.Index);
}
}
}
}
else if (BodyTypeCustomRB.Checked)
{
if (ScanBodyCB.Checked)
{
Request RequestToScanClone = RequestToScan.GetClone();
RequestToScanClone.BodyString = SetCustomInjectionPointsSTB.Text;
if (ScanJobMode)
{
NewScanner = new Scanner(RequestToScanClone);
}
else
{
NewScanner = new Fuzzer(RequestToScanClone);
this.Fuzz = (Fuzzer) NewScanner;
}
NewScanner.InjectBody(CurrentStartMarker, CurrentEndMarker);
lock (Scanner.UserSpecifiedEncodingRuleList)
{
Scanner.UserSpecifiedEncodingRuleList.Clear();
foreach (DataGridViewRow Row in CharacterEscapingGrid.Rows)
{
Scanner.UserSpecifiedEncodingRuleList.Add(new string[] { Row.Cells[1].Value.ToString(), Row.Cells[3].Value.ToString() });
if ((bool)Row.Cells[0].Value)
NewScanner.AddEscapeRule(Row.Cells[1].Value.ToString(), Row.Cells[3].Value.ToString());
}
}
IronDB.StoreCharacterEscapingRules();
}
else
{
NewScanner.CustomInjectionPointStartMarker = "";
NewScanner.CustomInjectionPointEndMarker = "";
}
}
#endregion
#region UrlPathPartsInjectionPoints
for (int i = 0; i < this.ScanURLGrid.Rows.Count; i++)
{
if ((bool)this.ScanURLGrid.Rows[i].Cells[0].Value)
{
NewScanner.InjectUrl(i);
}
}
#endregion
#region QueryInjectionPoints
SubParameterPosition = 0;
ParameterName = "";
foreach (DataGridViewRow Row in this.ScanQueryGrid.Rows)
{
string CurrentParameterName = Row.Cells[1].Value.ToString();
if (ParameterName.Equals(CurrentParameterName))
{
SubParameterPosition++;
}
else
{
ParameterName = CurrentParameterName;
SubParameterPosition = 0;
}
if ((bool)Row.Cells[0].Value)
{
NewScanner.InjectQuery(ParameterName, SubParameterPosition);
}
}
#endregion
#region CookieInjectionPoints
SubParameterPosition = 0;
ParameterName = "";
foreach (DataGridViewRow Row in this.ScanCookieGrid.Rows)
{
string CurrentParameterName = Row.Cells[1].Value.ToString();
if (ParameterName.Equals(CurrentParameterName))
{
SubParameterPosition++;
}
else
{
ParameterName = CurrentParameterName;
SubParameterPosition = 0;
}
if ((bool)Row.Cells[0].Value)
{
NewScanner.InjectCookie(ParameterName, SubParameterPosition);
}
}
#endregion
#region HeaderInjectionPoints
SubParameterPosition = 0;
ParameterName = "";
foreach (DataGridViewRow Row in this.ScanHeadersGrid.Rows)
{
string CurrentParameterName = Row.Cells[1].Value.ToString();
if (ParameterName.Equals(CurrentParameterName))
{
SubParameterPosition++;
}
else
{
ParameterName = CurrentParameterName;
SubParameterPosition = 0;
}
if ((bool)Row.Cells[0].Value)
{
NewScanner.InjectHeaders(ParameterName, SubParameterPosition);
}
}
#endregion
#region ParameterNameInjectionPoints
if (ScanQueryParameterNameCB.Checked)
{
NewScanner.InjectParameterName("Query");
}
if (ScanBodyParameterNameCB.Checked)
{
NewScanner.InjectParameterName("Body");
}
if (ScanCookieParameterNameCB.Checked)
{
NewScanner.InjectParameterName("Cookie");
}
if (ScanHeadersParameterNameCB.Checked)
{
NewScanner.InjectParameterName("Headers");
}
#endregion
#region SetSessionPlugin
SessionPluginName = SessionPluginsCombo.Text;
if (SessionPluginName.Length > 0)
{
NewScanner.SessionHandler = SessionPlugin.Get(SessionPluginName);
}
#endregion
#region SetChecks
if (this.ScanJobMode)
{
foreach (DataGridViewRow Row in ScanPluginsGrid.Rows)
{
if ((bool)Row.Cells[0].Value) NewScanner.AddCheck(Row.Cells[1].Value.ToString());
}
}
#endregion
return NewScanner;
}
Scanner AddActivePlugins(Scanner Scan)
{
foreach (string Name in ActivePlugins)
{
Scan.AddCheck(Name);
}
return Scan;
}
Scanner SetFormatPlugin(Scanner S)
{
Request RequestToScan = S.OriginalRequest;
if (!FormatPlugin.IsNormal(RequestToScan))
{
List<FormatPlugin> RightList = FormatPlugin.Get(RequestToScan, FormatPlugins);
if (RightList.Count > 0)
{
S.BodyFormat = FormatPlugin.Get(RightList[0].Name);
}
}
return S;
}
public virtual Response GetBaseLine(Scanner Scanner, Request Request)
{
return Scanner.Inject();
}
public virtual bool CanInject(Scanner Scanner, Request Request)
{
return true;
}
public virtual bool ShouldReDo(Scanner Scnr, Request Req, Response Res)
{
return false;
}
public virtual string ProcessInjection(Scanner Scanner, Request Request, string Payload)
{
return Payload;
}
private void FinalBtn_Click(object sender, EventArgs e)
{
if (FinalBtn.Text.Equals("Close"))
{
this.Close();
}
else
{
try
{
FinalBtn.Enabled = false;
if (this.ScanJobMode)
{
Step3StatusTB.Text = "Creating scan job, please wait...";
}
else
{
Step3StatusTB.Text = "Reading your inputs, please wait...";
}
Scanner NewScanner = new Scanner(RequestToScan);
string SessionPluginName = SessionPluginsCombo.Text;
if (SessionPluginName.Length > 0)
{
if (SessionPlugin.List().Contains(SessionPluginName))
{
if (ScanThreadLimitCB.Checked)
{
Scanner.MaxParallelScanCount = 1;
IronUI.UpdateScannerSettingsInUIFromConfig();
IronDB.StoreScannerSettings();
}
}
else
{
Step3StatusTB.Text = "Invalid Session Plugin name selected.";
FinalBtn.Enabled = true;
return;
}
}
//
//No updates to the NewScanner object must be done before calling this.UpdateScannerFromUi method.
//There is a chance that this method might create a new scanner object and return it (when custom body injection points is selected).
//Any updates to NewScanner made before this method are lost if a new scanner object is returned
//
if (ScanJobMode)
{
NewScanner = this.UpdateScannerFromUi(NewScanner, SessionPluginName);
}
else
{
this.Fuzz = (Fuzzer) this.UpdateScannerFromUi(this.Fuzz, SessionPluginName);
}
if (ScanJobMode)
{
int ScanID = NewScanner.LaunchScan();
Step3StatusTB.Text = string.Format("Scan has been started. The ID for this scan job is {0}.\r\n\r\nThe status of this scan job can be checked in the 'Automated Scanning' tab, this window can be closed.", ScanID);
FinalBtn.Text = "Close";
StepFourPreviousBtn.Enabled = false;
FinalBtn.Enabled = true;
}
else
{
this.Close();
}
}
catch (Exception Exp)
{
if (this.ScanJobMode)
{
IronException.Report("Error starting a configured scan", Exp.Message, Exp.StackTrace);
Step3StatusTB.Text = "Error Starting Scan!";
}
else
{
IronException.Report("Error getting injection points from UI", Exp.Message, Exp.StackTrace);
Step3StatusTB.Text = "Error reading Injecton Points";
}
FinalBtn.Enabled = true;
}
}
}
void CreateScan(Request Req)
{
Scanner Scan = new Scanner(Req);
Scan = SetSessionPlugin(Scan);
Scan = SetFormatPlugin(Scan);
Scan = AddActivePlugins(Scan);
Scan = SetInjectionPoints(Scan);
if (Scan.InjectionPointsCount == 0)
{
TotalScans--;
UpdateScanBranchStats(ScanDone, TotalScans, "Skipping Request as no Injection Points were Identified...." + ScanDone.ToString() + "/" + TotalScans.ToString() + " done", true, false);
return;
}
Scan.LaunchScan();
ScanDone++;
UpdateScanBranchStats(ScanDone, TotalScans, "Creating and Queueing Scans...." + ScanDone.ToString() + "/" + TotalScans.ToString() + " done", true, false);
}
static void ScanItem(ScanItemUniquenessChecker UniqueChecker, string LogSource, int LogID)
{
try
{
Request Req;
if(LogSource.Equals("Proxy"))
Req = Request.FromProxyLog(LogID);
else
Req = Request.FromProbeLog(LogID);
if (!CanScan(Req))
{
TotalScans--;
IronUI.UpdateScanBranchStats(ScanDone, TotalScans, "Skipping previously scanned Request...." + ScanDone.ToString() + "/" + TotalScans.ToString() + " done", true, false);
return;
}
if (!UniqueChecker.IsUniqueToScan(Req, ScannedRequests, !ScanUrl))
{
TotalScans--;
IronUI.UpdateScanBranchStats(ScanDone, TotalScans, "Skipping duplicate Request...." + ScanDone.ToString() + "/" + TotalScans.ToString() + " done", true, false);
return;
}
ScannedRequests.Add(Req.GetClone());
Scanner Scan = new Scanner(Req);
Scan = SetSessionPlugin(Scan);
Scan = SetFormatPlugin(Scan);
Scan = AddActivePlugins(Scan);
Scan = SetInjectionPoints(Scan);
if (Scan.InjectionPointsCount == 0)
{
TotalScans--;
IronUI.UpdateScanBranchStats(ScanDone, TotalScans, "Skipping Request as no Injection Points were Identified...." + ScanDone.ToString() + "/" + TotalScans.ToString() + " done", true, false);
return;
}
Scan.LaunchScan();
ScanDone++;
IronUI.UpdateScanBranchStats(ScanDone, TotalScans, "Creating and Queueing Scans...." + ScanDone.ToString() + "/" + TotalScans.ToString() + " done", true, false);
}
catch (Exception Exp)
{
IronException.Report("ScanBranch Error Creating Scan Job with " + LogSource + " Log ID - " + LogID.ToString(), Exp.Message, Exp.StackTrace);
}
}
Scanner SetInjectionPoints(Scanner S)
{
if (ScanQuery)
{
if (QueryWhiteList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Query.GetNames())
{
if (QueryWhiteList.Contains(Name)) S.InjectQuery(Name);
}
}
else if (QueryBlackList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Query.GetNames())
{
if (!QueryBlackList.Contains(Name)) S.InjectQuery(Name);
}
}
else
{
S.InjectQuery();
}
}
if (ScanBody)
{
if (BodyWhiteList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Body.GetNames())
{
if (BodyWhiteList.Contains(Name)) S.InjectBody(Name);
}
}
else if (BodyBlackList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Body.GetNames())
{
if (!BodyBlackList.Contains(Name)) S.InjectBody(Name);
}
}
else
{
S.InjectBody();
}
}
if (ScanCookie)
{
if (CookieWhiteList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Cookie.GetNames())
{
if (CookieWhiteList.Contains(Name)) S.InjectCookie(Name);
}
}
else if (CookieBlackList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Cookie.GetNames())
{
if (!CookieBlackList.Contains(Name)) S.InjectCookie(Name);
}
}
else
{
S.InjectCookie();
}
}
if (ScanHeaders)
{
if (HeaderWhiteList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Headers.GetNames())
{
if (HeaderWhiteList.Contains(Name)) S.InjectHeaders(Name);
}
}
else if (HeaderBlackList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Headers.GetNames())
{
if (!HeaderBlackList.Contains(Name)) S.InjectHeaders(Name);
}
}
else
{
S.InjectHeaders();
}
}
if (ScanUrl)
{
if (S.OriginalRequest.Query.Count == 0 && S.OriginalRequest.File.Length == 0)
S.InjectUrl();
}
return S;
}
static Scanner SetFormatPlugin(Scanner Scan)
{
if (FormatPlugin.Length > 0)
{
Scan.BodyFormat = IronWASP.FormatPlugin.Get(FormatPlugin);
}
else
{
if (!IronWASP.FormatPlugin.IsNormal(Scan.OriginalRequest))
{
List<IronWASP.FormatPlugin> RightPlugins = IronWASP.FormatPlugin.Get(Scan.OriginalRequest);
if (RightPlugins.Count > 0)
{
Scan.BodyFormat = RightPlugins[0];
}
}
}
return Scan;
}
static void FillInjectionsPointsinUI(Scanner Scanner)
{
bool AllUrl = UI.ASRequestScanURLGrid.Rows.Count > 0;
foreach (DataGridViewRow Row in UI.ASRequestScanURLGrid.Rows)
{
bool Result = Scanner.URLInjections.Contains(Row.Index);
if (AllUrl)
{
AllUrl = Result;
}
Row.Cells[0].Value = Result;
}
int SubParameterIndex = 0;
string LastParameterName = "";
bool AllQuery = UI.ASRequestScanQueryGrid.Rows.Count > 0;
foreach (DataGridViewRow Row in UI.ASRequestScanQueryGrid.Rows)
{
string Name = Row.Cells[1].Value.ToString();
if (Name.Equals(LastParameterName))
{
SubParameterIndex++;
}
else
{
SubParameterIndex = 0;
}
bool Result = Scanner.QueryInjections.Has(Name) && Scanner.QueryInjections.GetAll(Name).Contains(SubParameterIndex);
if (AllQuery)
{
AllQuery = Result;
}
Row.Cells[0].Value = Result;
LastParameterName = Name;
}
SubParameterIndex = 0;
LastParameterName = "";
bool AllBody = UI.ConfigureScanRequestBodyTypeFormatPluginGrid.Rows.Count > 0;
if (Scanner.BodyFormat.Name.Length > 0)
{
foreach (DataGridViewRow Row in UI.ConfigureScanRequestBodyTypeFormatPluginGrid.Rows)
{
bool Result = Scanner.BodyXmlInjections.Contains(Row.Index);
if (AllBody)
{
AllBody = Result;
}
Row.Cells[0].Value = Result;
}
}
else if (Scanner.CustomInjectionPointStartMarker.Length > 0 && Scanner.CustomInjectionPointEndMarker.Length > 0)
{
AllBody = true;
}
else
{
foreach (DataGridViewRow Row in UI.ASRequestScanBodyTypeNormalGrid.Rows)
{
string Name = Row.Cells[1].Value.ToString();
if (Name.Equals(LastParameterName))
{
SubParameterIndex++;
}
else
{
SubParameterIndex = 0;
}
bool Result = Scanner.BodyInjections.Has(Name) && Scanner.BodyInjections.GetAll(Name).Contains(SubParameterIndex);
if (AllBody)
{
AllBody = Result;
}
Row.Cells[0].Value = Result;
LastParameterName = Name;
}
}
SubParameterIndex = 0;
LastParameterName = "";
bool AllCookie = UI.ASRequestScanCookieGrid.Rows.Count > 0;
foreach (DataGridViewRow Row in UI.ASRequestScanCookieGrid.Rows)
{
string Name = Row.Cells[1].Value.ToString();
if (Name.Equals(LastParameterName))
{
SubParameterIndex++;
}
else
{
SubParameterIndex = 0;
}
bool Result = Scanner.CookieInjections.Has(Name) && Scanner.CookieInjections.GetAll(Name).Contains(SubParameterIndex);
if (AllCookie)
{
AllCookie = Result;
}
Row.Cells[0].Value = Result;
LastParameterName = Name;
}
SubParameterIndex = 0;
LastParameterName = "";
bool AllHeaders = UI.ASRequestScanHeadersGrid.Rows.Count > 0;
foreach (DataGridViewRow Row in UI.ASRequestScanHeadersGrid.Rows)
{
string Name = Row.Cells[1].Value.ToString();
if (Name.Equals(LastParameterName))
{
SubParameterIndex++;
}
else
{
SubParameterIndex = 0;
}
bool Result = Scanner.HeadersInjections.Has(Name) && Scanner.HeadersInjections.GetAll(Name).Contains(SubParameterIndex);
if (AllHeaders)
{
AllHeaders = Result;
}
Row.Cells[0].Value = Result;
LastParameterName = Name;
}
bool AllNames = false;
UI.ASRequestScanQueryParameterNameCB.Checked = Scanner.ParameterNameInjections.Has("Query");
UI.ASRequestScanBodyParameterNameCB.Checked = Scanner.ParameterNameInjections.Has("Body");
UI.ASRequestScanCookieParameterNameCB.Checked = Scanner.ParameterNameInjections.Has("Cookie");
UI.ASRequestScanHeadersParameterNameCB.Checked = Scanner.ParameterNameInjections.Has("Headers");
if (UI.ASRequestScanQueryParameterNameCB.Checked && UI.ASRequestScanBodyParameterNameCB.Checked && UI.ASRequestScanCookieParameterNameCB.Checked && UI.ASRequestScanHeadersParameterNameCB.Checked)
{
AllNames = true;
}
UI.ASRequestScanAllCB.Checked = AllUrl && AllQuery && AllBody && AllCookie && AllHeaders;
UI.ASRequestScanURLCB.Checked = AllUrl;
UI.ASRequestScanQueryCB.Checked = AllQuery;
UI.ASRequestScanBodyCB.Checked = AllBody;
UI.ASRequestScanCookieCB.Checked = AllCookie;
UI.ASRequestScanHeadersCB.Checked = AllHeaders;
UI.ASRequestScanParameterNamesCB.Checked = AllNames;
}
static Scanner SetInjectionPoints(Scanner Scan)
{
if (ScanUrl) Scan.InjectUrl();
if (ScanQuery && SelectCheckQueryParameters && (SelectCheckQueryParametersPlus || SelectCheckQueryParametersMinus))
{
if (SelectCheckQueryParametersPlus)
{
foreach (string Name in Scan.OriginalRequest.Query.GetNames())
{
if (SelectQueryParameters.Contains(Name))
{
for (int i = 0; i < Scan.OriginalRequest.Query.GetAll(Name).Count; i++)
{
Scan.InjectQuery(Name, i);
}
}
}
}
else
{
foreach (string Name in Scan.OriginalRequest.Query.GetNames())
{
if (!DontSelectQueryParameters.Contains(Name))
{
for (int i = 0; i < Scan.OriginalRequest.Query.GetAll(Name).Count; i++)
{
Scan.InjectQuery(Name, i);
}
}
}
}
}
else
{
if (ScanQuery) Scan.InjectQuery();
}
if (Scan.BodyFormat.Name.Length > 0)
{
string Xml = Scan.BodyFormat.ToXmlFromRequest(Scan.OriginalRequest);
string[,] XmlArray = IronWASP.FormatPlugin.XmlToArray(Xml);
Scan.BodyXmlInjectionParameters = new Parameters();
for (int i = 0; i < XmlArray.GetLength(0); i++)
{
Scan.BodyXmlInjectionParameters.Add(XmlArray[i,0], XmlArray[i,1]);
}
}
if (ScanBody && SelectCheckBodyParameters && (SelectCheckBodyParametersPlus || SelectCheckBodyParametersMinus))
{
if (SelectCheckBodyParametersPlus)
{
if (Scan.BodyFormat.Name.Length == 0)
{
foreach (string Name in Scan.OriginalRequest.Body.GetNames())
{
if (SelectBodyParameters.Contains(Name))
{
for (int i = 0; i < Scan.OriginalRequest.Body.GetAll(Name).Count; i++)
{
Scan.InjectBody(Name, i);
}
}
}
}
else
{
int i = 0;
foreach (string Name in Scan.BodyXmlInjectionParameters.GetNames())
{
if (SelectBodyParameters.Contains(Name))
{
Scan.InjectBody(i);
}
i++;
}
}
}
else
{
if (Scan.BodyFormat.Name.Length == 0)
{
foreach (string Name in Scan.OriginalRequest.Body.GetNames())
{
if (!DontSelectBodyParameters.Contains(Name))
{
for (int i = 0; i < Scan.OriginalRequest.Body.GetAll(Name).Count; i++)
{
Scan.InjectBody(Name, i);
}
}
}
}
else
{
int i = 0;
foreach (string Name in Scan.BodyXmlInjectionParameters.GetNames())
{
if (!DontSelectBodyParameters.Contains(Name))
{
Scan.InjectBody(i);
}
i++;
}
}
}
}
else
{
if (ScanBody) Scan.InjectBody();
}
if (ScanCookie && SelectCheckCookieParameters && (SelectCheckCookieParametersPlus || SelectCheckCookieParametersMinus))
{
if (SelectCheckCookieParametersPlus)
{
foreach (string Name in Scan.OriginalRequest.Cookie.GetNames())
{
if (SelectCookieParameters.Contains(Name))
{
for (int i = 0; i < Scan.OriginalRequest.Cookie.GetAll(Name).Count; i++)
{
Scan.InjectCookie(Name, i);
}
}
}
}
else
{
foreach (string Name in Scan.OriginalRequest.Cookie.GetNames())
{
if (!DontSelectCookieParameters.Contains(Name))
{
for (int i = 0; i < Scan.OriginalRequest.Cookie.GetAll(Name).Count; i++)
{
Scan.InjectCookie(Name, i);
}
}
}
}
}
else
{
if (ScanCookie) Scan.InjectCookie();
}
if (ScanHeaders && SelectCheckHeadersParameters && (SelectCheckHeadersParametersPlus || SelectCheckHeadersParametersMinus))
{
if (SelectCheckHeadersParametersPlus)
{
foreach (string Name in Scan.OriginalRequest.Headers.GetNames())
{
if (SelectHeadersParameters.Contains(Name))
{
for (int i = 0; i < Scan.OriginalRequest.Headers.GetAll(Name).Count; i++)
{
Scan.InjectHeaders(Name, i);
}
}
}
}
else
{
foreach (string Name in Scan.OriginalRequest.Headers.GetNames())
{
if (!DontSelectHeadersParameters.Contains(Name))
{
for (int i = 0; i < Scan.OriginalRequest.Headers.GetAll(Name).Count; i++)
{
Scan.InjectHeaders(Name, i);
}
}
}
}
}
else
{
if (ScanHeaders) Scan.InjectHeaders();
}
return Scan;
}
internal static Scanner GetScannerFromDB(int ScanID)
{
Scanner ScannerFromLog = null;
using (SQLiteConnection DB = new SQLiteConnection("data source=" + IronProjectFile))
{
DB.Open();
using (SQLiteCommand cmd = DB.CreateCommand())
{
cmd.CommandText = "SELECT RequestHeaders, RequestBody, BinaryRequest, Status, InjectionPoints, FormatPlugin, SessionPlugin, ScanPlugins FROM ScanQueue WHERE ScanID=@ScanID LIMIT 1";
cmd.Parameters.AddWithValue("@ScanID", ScanID);
using (SQLiteDataReader result = cmd.ExecuteReader())
{
IronLogRecord ILR = new IronLogRecord();
ILR.RequestHeaders = result["RequestHeaders"].ToString();
ILR.RequestBody = result["RequestBody"].ToString();
ILR.IsRequestBinary = (result["BinaryRequest"].ToString().Equals("1"));
Session Irse = Session.GetIronSessionFromIronLogRecord(ILR, 0);
Request Req = Irse.Request;
string Status = result["Status"].ToString();
string FormatPluginName = result["FormatPlugin"].ToString();
string SessionPluginName = result["SessionPlugin"].ToString();
string InjectionString = result["InjectionPoints"].ToString();
string[] ScanPluginsArray = result["ScanPlugins"].ToString().Split(new char[] { ',' });
ScannerFromLog = new Scanner(Req);
ScannerFromLog.ScanID = ScanID;
if (Status.Equals("Not Started")) return ScannerFromLog;
if (SessionPluginName.Length > 0)
{
if (!SessionPluginName.Equals("None") && SessionPlugin.List().Contains(SessionPluginName))
{
ScannerFromLog.SessionHandler = SessionPlugin.Get(SessionPluginName);
}
}
if (FormatPluginName.Length > 0)
{
if (!FormatPluginName.Equals("None") && FormatPlugin.List().Contains(FormatPluginName))
{
ScannerFromLog.BodyFormat = FormatPlugin.Get(FormatPluginName);
}
}
if (ScanPluginsArray.Length > 0)
{
List<string> ValidScanPlugins = ActivePlugin.List();
foreach (string Name in ScanPluginsArray)
{
if (ValidScanPlugins.Contains(Name))
{
ScannerFromLog.AddCheck(Name);
}
}
}
ScannerFromLog.AbsorbInjectionString(InjectionString);
ScannerFromLog.Status = Status;
}
}
}
return ScannerFromLog;
}
static void DoScan()
{
Spider = new Crawler();
try
{
Spider.PrimaryHost = PrimaryHost;
Spider.BaseUrl = BaseUrl;
Spider.StartingUrl = StartingUrl;
Spider.PerformDirAndFileGuessing = PerformDirAndFileGuessing;
Spider.IncludeSubDomains = IncludeSubDomains;
Spider.HTTP = HTTP;
Spider.HTTPS = HTTPS;
Spider.UrlsToAvoid = UrlsToAvoid;
Spider.HostsToInclude = HostsToInclude;
Spider.SpecialHeader = SpecialHeader;
Spider.Start();
}
catch(Exception Exp)
{
IronException.Report("Error starting Crawler", Exp);
try
{
Stop();
}
catch { }
return;
}
ScanItemUniquenessChecker UniqueChecker = new ScanItemUniquenessChecker(CanPromptUser);
List<int> ScanIDs = new List<int>();
bool ScanActive = true;
List<string> ActivePlugins = ActivePlugin.List();
int TotalRequestsCrawled = 0;
int TotalScanJobsCreated = 0;
int TotalScanJobsCompleted = 0;
List<Request> ScannedRequests = new List<Request>();
int SleepCounter = 0;
while (ScanActive)
{
ScanActive = false;
List<Request> Requests = Spider.GetCrawledRequests();
if (Stopped) return;
if (Requests.Count > 0 || Spider.IsActive())
{
ScanActive = true;
if (CrawlAndScan)
{
TotalRequestsCrawled = TotalRequestsCrawled + Requests.Count;
//update the ui with the number of requests crawled
foreach (Request Req in Requests)
{
if (Stopped) return;
if (!CanScan(Req)) continue;
if (!UniqueChecker.IsUniqueToScan(Req, ScannedRequests, false)) continue;
try
{
Scanner S = new Scanner(Req);
foreach (string Check in Checks)
{
S.AddCheck(Check);
}
if (InjectQuery)
{
if (QueryWhiteList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Query.GetNames())
{
if (QueryWhiteList.Contains(Name)) S.InjectQuery(Name);
}
}
else if (QueryBlackList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Query.GetNames())
{
if (!QueryBlackList.Contains(Name)) S.InjectQuery(Name);
}
}
else
{
S.InjectQuery();
}
}
if (InjectBody)
{
if (BodyWhiteList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Body.GetNames())
{
if (BodyWhiteList.Contains(Name)) S.InjectBody(Name);
}
}
else if (BodyBlackList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Body.GetNames())
{
if (!BodyBlackList.Contains(Name)) S.InjectBody(Name);
}
}
else
{
S.InjectBody();
}
}
if (InjectCookie)
{
if (CookieWhiteList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Cookie.GetNames())
{
if (CookieWhiteList.Contains(Name)) S.InjectCookie(Name);
}
}
else if (CookieBlackList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Cookie.GetNames())
{
if (!CookieBlackList.Contains(Name)) S.InjectCookie(Name);
}
}
else
{
S.InjectCookie();
}
}
if (InjectHeaders)
{
if (HeaderWhiteList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Headers.GetNames())
{
if (HeaderWhiteList.Contains(Name)) S.InjectHeaders(Name);
}
}
else if (HeaderBlackList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Headers.GetNames())
{
if (!HeaderBlackList.Contains(Name)) S.InjectHeaders(Name);
}
}
else
{
S.InjectHeaders();
}
}
if (InjectUrlPathParts)
{
if (S.OriginalRequest.Query.Count == 0 && S.OriginalRequest.File.Length == 0)
S.InjectUrl();
}
if (S.InjectionPointsCount == 0) continue;
TotalScanJobsCreated++;
if (Stopped) return;
int ScanID = S.LaunchScan();
if (Stopped)
{
Stop(true);
return;
}
if (ScanID > 0)
{
ScannedRequests.Add(Req);
ScanIDs.Add(ScanID);
}
}
catch(Exception Exp)
{
IronException.Report(string.Format("Error creating Scan Job with Request - {0}", Req.Url), Exp);
}
}
}
}
if (CrawlAndScan)
{
List<int> ScanIDsToRemove = new List<int>();
List<int> AbortedScanIDs = Scanner.GetAbortedScanIDs();
List<int> CompletedScanIDs = Scanner.GetCompletedScanIDs();
for (int i = 0; i < ScanIDs.Count; i++)
{
if (Stopped) return;
if (CompletedScanIDs.Contains(ScanIDs[i]))
{
ScanIDsToRemove.Add(i);
TotalScanJobsCompleted++;
}
else if (AbortedScanIDs.Contains(ScanIDs[i]))
{
ScanIDsToRemove.Add(i);
}
}
for (int i = 0; i < ScanIDsToRemove.Count; i++)
{
if (Stopped) return;
ScanIDs.RemoveAt(ScanIDsToRemove[i] - i);
}
}
if (ScanActive)
{
Thread.Sleep(2000);
}
else
{
if (ScanIDs.Count > 0)
{
ScanActive = true;
Thread.Sleep(5000);
}
else if (SleepCounter < 10)
{
ScanActive = true;
Thread.Sleep(2000);
SleepCounter = SleepCounter + 2;
}
}
if (Stopped) return;
IronUI.UpdateConsoleCrawledRequestsCount(TotalRequestsCrawled);
IronUI.UpdateConsoleScanJobsCreatedCount(TotalScanJobsCreated);
IronUI.UpdateConsoleScanJobsCompletedCount(TotalScanJobsCompleted);
}
if (Stopped) return;
Stop();
}