private void Begin_Click(object sender, EventArgs e)
{
if (Regex.IsMatch(requestInput.Text, "&&val&&", RegexOptions.IgnoreCase) || MessageBox.Show("Your request doesn't have a &&val&& replaced value in it. If you click yes you will send "
+ testValues.Items.Count + " of the same request to the server. Do you want to do that?",
"No Replacement Value Found", MessageBoxButtons.YesNo, MessageBoxIcon.Warning) ==
System.Windows.Forms.DialogResult.Yes)
{
//move this up here so we can use it later.
ReqResPair newVal = new ReqResPair("", "");
List<ReqResPair> values = new List<ReqResPair>();
foreach (ReqResPair item in testValues.Items)
{
values.Add(item);
}
foreach (ReqResPair val in values)
{
newVal = new ReqResPair(val.Name, val.AttackString);
//remove it so we can re-add it later
testValues.Items.Remove(val);
newVal.Host = hostName.Text;
newVal.Proxy = proxyValue.Text;
string attackStr = val.AttackString;
if (URLEncodeAttack.Checked)
attackStr = HttpUtility.UrlEncode(attackStr);
newVal.Request = Regex.Replace(requestInput.Text, "&&val&&", attackStr, RegexOptions.IgnoreCase);
newVal.Response = SendRequest(newVal.Host, newVal.Request, newVal.Proxy);
newVal.Name = "Completed: " + newVal.AttackString;
testValues.Items.Add(newVal);
}
tabControl2.SelectTab(1);
fuzzedRequest.Text = newVal.Request;
browser.DocumentText = newVal.Response;
responseOutput.Text = newVal.Response;
}
}
private void saveReq_Click(object sender, EventArgs e)
{
ReqName rn = new ReqName();
if (rn.ShowDialog() == System.Windows.Forms.DialogResult.OK)
{
ReqResPair newRRP = new ReqResPair(rn.name, "");
if (rn.saveRequest)
newRRP.Request = requestInput.Text;
if (rn.saveResponse)
newRRP.Response = responseOutput.Text;
if (rn.saveURI)
newRRP.Host = hostName.Text;
if (rn.saveProxy)
newRRP.Proxy = proxyValue.Text;
testValues.Items.Insert(0, newRRP);
}
}
private ReqResPair ParseTestCase(string testCase)
{
ReqResPair item = new ReqResPair("", "");
string[] pieces = testCase.Split('|');
if (pieces.Length == 6)
{
item = new ReqResPair(Base64Decode(pieces[0]), Base64Decode(pieces[1]));
item.Host = Base64Decode(pieces[2]);
item.Proxy = Base64Decode(pieces[3]);
item.Request = Base64Decode(pieces[4]);
item.Response = Base64Decode(pieces[5]);
}
return item;
}
private void manuallyAddTestCaseToolStripMenuItem_Click(object sender, EventArgs e)
{
AddTestCase atc = new AddTestCase();
if (atc.ShowDialog() == System.Windows.Forms.DialogResult.OK)
{
ReqResPair rrp = new ReqResPair(atc.Name, atc.Value);
testValues.Items.Add(rrp);
}
}
private string GenerateTestCaseString(ReqResPair rrp)
{
string testCase = Base64Encode(rrp.Name) + "|" +
Base64Encode(rrp.AttackString) + "|" +
Base64Encode(rrp.Host) + "|" +
Base64Encode(rrp.Proxy) + "|" +
Base64Encode(rrp.Request) + "|" +
Base64Encode(rrp.Response);
return testCase;
}
private ReqResPair CloneRRP(ReqResPair rrp)
{
ReqResPair newVal = new ReqResPair(rrp.Name, rrp.AttackString);
//remove it so we can re-add it later
testValues.Items.Remove(rrp);
newVal.Host = rrp.Host;
newVal.Proxy = rrp.Proxy;
newVal.AttackString = rrp.AttackString;
newVal.Request = rrp.Request;
newVal.Response = rrp.Response;
return newVal;
}
