public void CustomTestProxy_TestPatternEntityExclusion()
{
MockProxy mockSite;
string first, second, third;
InitMockSite(out mockSite, out first, out second, out third);
CustomTestsFile testFile = GetCustomTestFile();
TrafficViewerFile testDataStore = new TrafficViewerFile();
MockTestController mockTestController = new MockTestController();
testFile.PatternEntityExclusion = "p2";
DriveByAttackProxy testProxy = new DriveByAttackProxy(mockTestController, testFile, testDataStore);
testProxy.Start();
SendRequestThroughTestProxy(first, testProxy, mockSite);
SendRequestThroughTestProxy(second, testProxy, mockSite);
SendRequestThroughTestProxy(third, testProxy, mockSite);
Thread.Sleep(1000);
testProxy.Stop();
Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("p1"));
Assert.IsFalse(mockTestController.IssuesFound.ContainsKey("p2"));
}
public void CustomTestProxy_TestFirstRequestRegex()
{
MockProxy mockSite = new MockProxy();
string first = "GET / HTTP/1.1\r\n";
string second = "POST /r1 HTTP/1.1\r\n\r\np1=1234\r\n";
string third = "POST /r2 HTTP/1.1\r\n\r\np2=1234\r\n\r\n";
mockSite.MockSite.AddRequestResponse(first, "HTTP/1.1 200 OK\r\n\r\nbla");
mockSite.MockSite.AddRequestResponse(second, "HTTP/1.1 200 OK\r\n\r\nroot:0:0");
mockSite.MockSite.AddRequestResponse(third, "HTTP/1.1 200 OK\r\n\r\nroot:0:0");
mockSite.Start();
CustomTestsFile testFile = GetCustomTestFile();
TrafficViewerFile testDataStore = new TrafficViewerFile();
MockTestController mockTestController = new MockTestController();
SequentialAttackProxy testProxy = new SequentialAttackProxy(mockTestController, testFile, testDataStore);
testFile.PatternOfFirstRequestToTest = "r2";
testProxy.Start();
SendRequestThroughTestProxy(first, testProxy, mockSite);
SendRequestThroughTestProxy(second, testProxy, mockSite);
SendRequestThroughTestProxy(third, testProxy, mockSite);
testProxy.Stop();
Assert.IsFalse(mockTestController.IssuesFound.ContainsKey("p1"));
Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("p2"));
}
public void CustomTester_ParametersWithSameValue()
{
MockTestController mockTestController = new MockTestController();
string testRequest = "GET /search.jsp?a=1&b=1 HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n";
string paramName1 = "a";
string paramName2 = "b";
CustomTestsFile file = GetCustomTestFile();
Tester tester = new Tester(mockTestController, file);
CustomTestDef def = file.GetCustomTests()["Path Traversal"];
HttpRequestInfo original = new HttpRequestInfo(testRequest, true);
Uri uri = new Uri(original.FullUrl);
tester.ExecuteTests(testRequest, "", uri, paramName1, null, RequestLocation.Query, def);
Assert.IsTrue(mockTestController.IssuesFound.ContainsKey(paramName1));
string mutReq = mockTestController.MutatedRequests[0];
HttpRequestInfo mutReqInfo = new HttpRequestInfo(mutReq);
Assert.AreEqual(MockTestController.PATH_TRAVERSAL, mutReqInfo.QueryVariables[paramName1], "Invalid mutation for " + paramName1);
Assert.AreEqual("1", mutReqInfo.QueryVariables[paramName2], "Invalid value for " + paramName2);
tester.ExecuteTests(testRequest, "", uri, paramName2, null, RequestLocation.Query, def);
Assert.IsTrue(mockTestController.IssuesFound.ContainsKey(paramName2));
mutReq = mockTestController.MutatedRequests[1];
mutReqInfo = new HttpRequestInfo(mutReq);
Assert.AreEqual("1", mutReqInfo.QueryVariables[paramName1], "Invalid value for " + paramName1);
Assert.AreEqual(MockTestController.PATH_TRAVERSAL, mutReqInfo.QueryVariables[paramName2], "Invalid mutation for " + paramName2);
}
public void CustomTestProxy_TestPatternToTest()
{
MockProxy mockSite;
string first, second, third;
InitMockSite(out mockSite, out first, out second, out third);
CustomTestsFile testFile = GetCustomTestFile();
TrafficViewerFile testDataStore = new TrafficViewerFile();
MockTestController mockTestController = new MockTestController();
var targetList = new Dictionary <string, AttackTarget>();
targetList.Add("r1", new AttackTarget("r1", "Enabled", "r1"));
testFile.SetAttackTargetList(targetList);
DriveByAttackProxy testProxy = new DriveByAttackProxy(mockTestController, testFile, testDataStore);
testProxy.Start();
SendRequestThroughTestProxy(first, testProxy, mockSite);
SendRequestThroughTestProxy(second, testProxy, mockSite);
SendRequestThroughTestProxy(third, testProxy, mockSite);
Thread.Sleep(1000);
testProxy.Stop();
Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("p1"));
Assert.IsFalse(mockTestController.IssuesFound.ContainsKey("p2"));
}
public void CustomTester_SingleCharacterValue()
{
TrafficViewerFile mockSite = new TrafficViewerFile();
MockTestController mockTestController = new MockTestController(mockSite);
string testRequest = "GET /search.aspx?txtSearch=a&a1=a HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n";
string paramName = "txtSearch";
string paramName2 = "a1";
CustomTestsFile file = GetCustomTestFile();
Tester tester = new Tester(mockTestController, file);
CustomTestDef def = file.GetCustomTests()["Path Traversal"];
HttpRequestInfo original = new HttpRequestInfo(testRequest, true);
Uri uri = new Uri(original.FullUrl);
string entityId = tester.GetEntityId(uri, paramName);
string entityString = tester.GetEntityString(testRequest, uri, paramName, original.QueryVariables[paramName]);
TestJob testJob = new TestJob(paramName, original.QueryVariables[paramName], RequestLocation.Query, def);
string mutatedRequest = tester.GenerateMutatedRequestList(testRequest, testJob, entityString, entityId)[0];
HttpRequestInfo mutatedReqInfo = new HttpRequestInfo(mutatedRequest, true);
Assert.IsTrue(mutatedReqInfo.QueryVariables.ContainsKey(paramName), "Could no longer find parameter");
Assert.AreEqual(original.QueryVariables[paramName] + MockTestController.PATH_TRAVERSAL, mutatedReqInfo.QueryVariables[paramName], "Incorrect test value");
Assert.AreEqual(original.QueryVariables[paramName2], mutatedReqInfo.QueryVariables[paramName2], "Incorrect non-test value");
}
public void CustomTester_MatchHeaderValidation()
{
TrafficViewerFile mockSite = new TrafficViewerFile();
MockTestController mockTestController = new MockTestController(mockSite);
string testRequest = "GET /search.aspx?txtSearch=a&a1=a HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n";
string paramName = "txtSearch";
CustomTestsFile file = GetCustomTestFile();
Tester tester = new Tester(mockTestController, file);
CustomTestDef def = file.GetCustomTests()["Path Traversal"];
def.Validation = "$header=" + "root:\\s?:";
HttpRequestInfo original = new HttpRequestInfo(testRequest, true);
Uri uri = new Uri(original.FullUrl);
string entityId = tester.GetEntityId(uri, paramName);
string entityString = tester.GetEntityString(testRequest, uri, paramName, original.QueryVariables[paramName]);
TestJob testJob = new TestJob(paramName, original.QueryVariables[paramName], RequestLocation.Query, def);
string mutatedRequest = tester.GenerateMutatedRequestList(testRequest, testJob, entityString, entityId)[0];
Assert.IsFalse(tester.ValidateSingleTest(testRequest, "HTTP/1.1 200 OK\r\nbla", new Uri("http://demo.testfire.net/search.aspx"),
paramName, entityId, def, mutatedRequest, "HTTP/1.1 200 OK\r\n\r\nroot::"));
Assert.IsTrue(tester.ValidateSingleTest(testRequest, "HTTP/1.1 200 OK\r\nbla", new Uri("http://demo.testfire.net/search.aspx"),
paramName, entityId, def, mutatedRequest, "HTTP/1.1 200 OK\r\nroot::\r\n\r\nbody"));
}
public void CustomTestProxy_BodyParamUnitTest()
{
MockTestController mockTestController = new MockTestController();
string testRequest = "POST /search.aspx HTTP/1.1\r\n\r\ntxtSearch=1234\r\n\r\n";
HttpResponseInfo testResponse = CustomTestUnitExecution(testRequest, mockTestController);
Assert.AreEqual(1, mockTestController.IssuesFound.Count, "No issues found");
Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("txtSearch"), "Incorrect parameter found");
Assert.AreEqual("Path Traversal", mockTestController.IssuesFound["txtSearch"], "Incorrect issue found");
}
public void CustomTestProxy_TestJSValidation()
{
MockProxy mockSite = new MockProxy();
string testReq = "GET /r1?p1=test HTTP/1.1\r\n";
mockSite.MockSite.AddRequestResponse(testReq, "HTTP/1.1 200 OK\r\n\r\nFound user test");
mockSite.Start();
CustomTestsFile testFile = GetCustomTestFile();
var tests = testFile.GetCustomTests();
tests.Clear();
tests.Add("PathTraversal",
new CustomTestDef("PathTraversal", "Path Traversal",
"$original/" + MockTestController.PATH_TRAVERSAL,
"$js_code=function Callback(response){var found = false; if(response.indexOf('root')>-1) found=true; return found;}"));
testFile.SetCustomTests(tests);
testFile.Save();
TrafficViewerFile testDataStore = new TrafficViewerFile();
MockTestController mockTestController = new MockTestController(mockSite.MockSite);
var targetList = new Dictionary <string, AttackTarget>();
targetList.Add("r1", new AttackTarget("r1", "Enabled", "r1"));
testFile.SetAttackTargetList(targetList);
DriveByAttackProxy testProxy = new DriveByAttackProxy(mockTestController, testFile, testDataStore);
testProxy.Start();
SendRequestThroughTestProxy(testReq, testProxy, mockSite);
Thread.Sleep(100);
testProxy.Stop();
Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("p1"));
}
public void CustomTester_EmptyQueryParamUnitTest()
{
TrafficViewerFile mockSite = new TrafficViewerFile();
mockSite.AddRequestResponse(String.Format("GET /search.jsp?query={0} HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n", MockTestController.PATH_TRAVERSAL),
MockTestController.PATH_TRAVERSAL_RESPONSE);
MockTestController mockTestController = new MockTestController(mockSite);
string testRequest = "GET /search.jsp?query= HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n";
string paramName = "query";
CustomTestsFile file = GetCustomTestFile();
Tester tester = new Tester(mockTestController, file);
CustomTestDef def = file.GetCustomTests()["Path Traversal"];
HttpRequestInfo original = new HttpRequestInfo(testRequest, true);
Uri uri = new Uri(original.FullUrl);
tester.ExecuteTests(testRequest, "", uri, paramName, null, RequestLocation.Query, def);
Assert.IsTrue(mockTestController.IssuesFound.ContainsKey(paramName));
}
public void CustomTester_DynamicValue()
{
MockTestController mockTestController = new MockTestController();
string testRequest = "GET /search.jsp?query= HTTP/1.1\r\nDyn:__dynamic_value__ticks__\r\nHost: 127.0.0.1\r\n\r\n";
string paramName = "query";
CustomTestsFile file = GetCustomTestFile();
Tester tester = new Tester(mockTestController, file);
CustomTestDef def = file.GetCustomTests()["Path Traversal"];
HttpRequestInfo original = new HttpRequestInfo(testRequest, true);
Uri uri = new Uri(original.FullUrl);
tester.ExecuteTests(testRequest, "", uri, paramName, null, RequestLocation.Query, def);
Assert.IsTrue(mockTestController.IssuesFound.ContainsKey(paramName));
Assert.AreEqual(1, mockTestController.MutatedRequests.Count, "Incorrect number of mutated requests");
HttpRequestInfo mutatedRequest = new HttpRequestInfo(mockTestController.MutatedRequests[0]);
Assert.IsTrue(Utils.IsMatch(mutatedRequest.Headers["Dyn"], "\\d+"), "Incorrect dynamic header value");
}
public void CustomTestProxy_500Error()
{
MockProxy mockSite = new MockProxy();
string first = "GET / HTTP/1.1\r\n";
string second = Resources.IdeasPmc;
string third = "POST /r2 HTTP/1.1\r\n\r\np2=1234\r\n\r\n";
mockSite.MockSite.AddRequestResponse(first, "HTTP/1.1 200 OK\r\n\r\nbla");
mockSite.MockSite.AddRequestResponse(second, "HTTP/1.1 200 OK\r\n\r\nroot:0:0");
mockSite.MockSite.AddRequestResponse(third, "HTTP/1.1 200 OK\r\n\r\nbla");
mockSite.Start();
CustomTestsFile testFile = GetCustomTestFile();
TrafficViewerFile testDataStore = new TrafficViewerFile();
MockTestController mockTestController = new MockTestController();
SequentialAttackProxy testProxy = new SequentialAttackProxy(mockTestController, testFile, testDataStore);
testFile.PatternOfFirstRequestToTest = ".*pmc";
testProxy.Start();
HttpResponseInfo respInfo;
for (int i = 0; i < 2; i++)
{
respInfo = SendRequestThroughTestProxy(first, testProxy, mockSite);
Assert.AreNotEqual(500, respInfo.Status);
SendRequestThroughTestProxy(second, testProxy, mockSite);
Assert.AreNotEqual(500, respInfo.Status);
SendRequestThroughTestProxy(third, testProxy, mockSite);
Assert.AreNotEqual(500, respInfo.Status);
}
testProxy.Stop();
Assert.IsFalse(mockTestController.IssuesFound.ContainsKey("p2"));
Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("itoken"));
}
public HttpResponseInfo CustomTestUnitExecution(string request, MockTestController mockTestController, SequentialAttackProxy testProxy = null, MockProxy mockSite = null)
{
bool shouldStopMockSite = false;
if (mockSite == null)
{
shouldStopMockSite = true;
mockSite = new MockProxy(request, "HTTP/1.1 200 OK\r\n\r\nroot:0:0");
mockSite.Start();
}
CustomTestsFile testFile = GetCustomTestFile();
bool shouldStopTestProxy = false;
if (testProxy == null)
{
shouldStopTestProxy = true;
TrafficViewerFile testDataStore = new TrafficViewerFile();
testProxy = new SequentialAttackProxy(mockTestController, testFile, testDataStore);
testProxy.Start();
}
var response = SendRequestThroughTestProxy(request, testProxy, mockSite);
if (shouldStopMockSite)
{
mockSite.Stop();
}
if (shouldStopTestProxy)
{
testProxy.Stop();
}
return(response);
}
