public void scanAuto()
        {
            string strReturn               = "";
            string strPayloadData          = "";
            string strFieldName            = "";
            string strCurrentUrlFormValues = "";
            string strHtml           = "";
            int    intX              = 0;
            int    intReplacerPos    = 0;
            int    intFieldPos       = 0;
            string strTmpUrl         = "";
            int    intQueryStringPos = 0;

            beretta.Objects.response objResponse = new beretta.Objects.response();

            //Get Payloads and Signatures for URL
            objPayloadDataSet    = payloadDataAccess.getAutoPayloads(mSessionId);
            objSignaturesDataSet = signaturesDataAccess.getSelectedForManageSessionScreen(mSessionId, 0);

            //Get form elements for page
            strHtml = objFormSubmitter.getPage(mUrl, true, mUserAgent);

            if (strHtml == "")
            {
                return;
            }

            objResponse.input = strHtml;
            objResponse.analyze();


            //For each Payload
            foreach (DataRow objDataRow in objPayloadDataSet.Tables[0].Rows)
            {
                intReplacerPos = 0;
                strPayloadData = "" + objDataRow["payloadData"].ToString();

                //For Each submit button
                foreach (string strUrlFormValues in objResponse.formSubmission)
                {
                    //Have we reached end of submit buttons?
                    if (strUrlFormValues == null || strUrlFormValues == "")
                    {
                        break;
                    }


                    //Form submission payload or url?
                    if (objDataRow["type"].ToString() == "1" || objDataRow["type"].ToString() == "0")
                    {
                        strPayloadData = "" + beretta.support.encoding.encodeFormElements(strPayloadData);


                        //Find placeholder and replace with payload
                        intReplacerPos = strUrlFormValues.IndexOf("%%r%%", intReplacerPos);

                        //Insert payload in each form field
                        while (intReplacerPos != -1)
                        {
                            strCurrentUrlFormValues = strUrlFormValues;

                            //Get name of field we are working on
                            strFieldName = strUrlFormValues.Substring(0, intReplacerPos);

                            intFieldPos = strFieldName.LastIndexOf("&");

                            if (intFieldPos != -1)
                            {
                                strFieldName = strFieldName.Substring(intFieldPos);
                            }
                            else
                            {
                            }

                            strFieldName = strFieldName.Replace("&", "");
                            strFieldName = strFieldName.Replace("=", "");



                            strCurrentUrlFormValues = strUrlFormValues.Remove(intReplacerPos, 5);
                            strCurrentUrlFormValues = strCurrentUrlFormValues.Insert(intReplacerPos, strPayloadData);
                            strCurrentUrlFormValues = strCurrentUrlFormValues.Replace("%%r%%", "");

                            strCurrentUrlFormValues = beretta.support.encoding.encodeForm(strCurrentUrlFormValues);


                            berettaSubmission objSubmission = new berettaSubmission();
                            objSubmission.url            = "" + mUrl;
                            objSubmission.formSubmission = "" + strCurrentUrlFormValues;

                            mObjBerettaSubmissionHashTable.Add(System.Guid.NewGuid().ToString(), objSubmission);

                            objSubmission = null;


                            strReturn = objFormSubmitter.submitData(strCurrentUrlFormValues, mUrl, true, "POST", mUserAgent);

                            //Check if result matches any signatures
                            foreach (DataRow objSignatureRow in objSignaturesDataSet.Tables[0].Rows)
                            {
                                berettaResult objResult = new berettaResult();


                                //Check if matches signature
                                objResult = isMatch(strReturn, objSignatureRow, System.Convert.ToInt32(objDataRow["id"]), objDataRow["payloadName"].ToString(), strFieldName, strCurrentUrlFormValues);

                                if (objResult.isMatch == true)
                                {
                                    mObjBerettaResultHashTable.Add(intX, objResult);
                                    intX++;
                                }

                                objResult = null;
                            }

                            intReplacerPos = strUrlFormValues.IndexOf("%%r%%", intReplacerPos + 1);
                        }
                    }
                    else
                    {
                        //Query String Replace

                        strTmpUrl = mUrl;

                        //4= query string replace auto
                        if (objDataRow["type"].ToString() == "4")
                        {
                            intQueryStringPos = strTmpUrl.IndexOf("?");

                            if (intQueryStringPos > 0)
                            {
                                strTmpUrl = strTmpUrl.Substring(0, intQueryStringPos);
                                strTmpUrl = strTmpUrl + "?" + strPayloadData;
                            }
                            else
                            {
                                strTmpUrl = strTmpUrl + "?" + strPayloadData;
                            }
                        }

                        //5= query string append auto
                        if (objDataRow["type"].ToString() == "5")
                        {
                            intQueryStringPos = strTmpUrl.IndexOf("?");

                            if (intQueryStringPos > 0)
                            {
                                strTmpUrl = strTmpUrl + "&" + strPayloadData;
                            }
                            else
                            {
                                strTmpUrl = strTmpUrl + "?" + strPayloadData;
                            }
                        }

                        berettaSubmission objSubmission = new berettaSubmission();
                        objSubmission.url            = "" + strTmpUrl;
                        objSubmission.formSubmission = "" + strCurrentUrlFormValues;

                        mObjBerettaSubmissionHashTable.Add(System.Guid.NewGuid().ToString(), objSubmission);

                        objSubmission = null;

                        strReturn = objFormSubmitter.submitData(strCurrentUrlFormValues, strTmpUrl, true, "POST", mUserAgent);

                        //Check if result matches any signatures
                        foreach (DataRow objSignatureRow in objSignaturesDataSet.Tables[0].Rows)
                        {
                            berettaResult objResult = new berettaResult();


                            //Check if matches signature
                            objResult = isMatch(strReturn, objSignatureRow, System.Convert.ToInt32(objDataRow["id"]), objDataRow["payloadName"].ToString(), strTmpUrl, strCurrentUrlFormValues);

                            if (objResult.isMatch == true)
                            {
                                mObjBerettaResultHashTable.Add(intX, objResult);
                                intX++;
                            }

                            objResult = null;
                        }
                    }
                }
            }
        }
Example #2
0
        public void scanAuto()
        {
            string strReturn="";
            string strPayloadData="";
            string strFieldName="";
            string strCurrentUrlFormValues="";
            string strHtml="";
            int intX=0;
            int intReplacerPos=0;
            int intFieldPos=0;
            string strTmpUrl="";
            int intQueryStringPos=0;

            beretta.Objects.response objResponse= new beretta.Objects.response();

            //Get form elements for page
            strHtml=objFormSubmitter.getPage(mUrl, true, mUserAgent);

            if(strHtml=="") return;

            objResponse.input=strHtml;
            objResponse.analyze();

            //For each Payload
            foreach(DataRow objDataRow in mObjPayloadDataSet.Tables[0].Rows)
            {
                intReplacerPos=0;
                strPayloadData="" + objDataRow["payloadData"].ToString();

                //For Each submit button
                foreach(string strUrlFormValues in objResponse.formSubmission)
                {

                    //Have we reached end of submit buttons?
                    if (strUrlFormValues==null || strUrlFormValues=="")
                    {
                        break;
                    }

                    //Form submission payload or url?
                    if (objDataRow["type"].ToString()=="1" || objDataRow["type"].ToString()=="0")
                    {
                        strPayloadData="" + beretta.support.encoding.encodeFormElements(strPayloadData);

                        //Find placeholder and replace with payload
                        intReplacerPos=strUrlFormValues.IndexOf("%%r%%", intReplacerPos);

                        //Insert payload in each form field
                        while(intReplacerPos != -1)
                        {
                            strCurrentUrlFormValues=strUrlFormValues;

                            //Get name of field we are working on
                            strFieldName=strUrlFormValues.Substring(0, intReplacerPos);

                            intFieldPos=strFieldName.LastIndexOf("&");

                            if(intFieldPos!=-1)
                            {
                                strFieldName=strFieldName.Substring(intFieldPos);
                            }
                            else
                            {

                            }

                            strFieldName=strFieldName.Replace("&", "");
                            strFieldName=strFieldName.Replace("=", "");

                            strCurrentUrlFormValues=strUrlFormValues.Remove(intReplacerPos, 5);
                            strCurrentUrlFormValues=strCurrentUrlFormValues.Insert(intReplacerPos, strPayloadData);
                            strCurrentUrlFormValues=strCurrentUrlFormValues.Replace("%%r%%", "");

                            strCurrentUrlFormValues=beretta.support.encoding.encodeForm(strCurrentUrlFormValues);

                            berettaSubmission objSubmission=new berettaSubmission();
                            objSubmission.url="" + mUrl;
                            objSubmission.formSubmission="" + strCurrentUrlFormValues;

                            mObjBerettaSubmissionHashTable.Add(System.Guid.NewGuid().ToString(), objSubmission);

                            objSubmission=null;

                            strReturn=objFormSubmitter.submitData(strCurrentUrlFormValues, mUrl, true, "POST", mUserAgent);

                            //Check if result matches any signatures
                            foreach(DataRow objSignatureRow in mObjSignaturesDataSet.Tables[0].Rows)
                            {
                                berettaResult objResult=new berettaResult();

                                //Check if matches signature
                                objResult=isMatch(strReturn, objSignatureRow, System.Convert.ToInt32(objDataRow["id"]), objDataRow["payloadName"].ToString(), strFieldName, strCurrentUrlFormValues);

                                if (objResult.isMatch==true)
                                {
                                    mObjBerettaResultHashTable.Add(intX, objResult);
                                    intX++;
                                }

                                objResult=null;
                            }

                            intReplacerPos=strUrlFormValues.IndexOf("%%r%%", intReplacerPos + 1);

                        }

                    }
                    else
                    {

                        //Query String Replace

                        strTmpUrl=mUrl;

                        //4= query string replace auto
                        if (objDataRow["type"].ToString()=="4")
                        {
                            intQueryStringPos= strTmpUrl.IndexOf("?");

                            if (intQueryStringPos>0)
                            {
                                strTmpUrl=strTmpUrl.Substring(0, intQueryStringPos);
                                strTmpUrl=strTmpUrl + "?" + strPayloadData;
                            }
                            else
                            {
                                strTmpUrl=strTmpUrl + "?" + strPayloadData;
                            }

                        }

                        //5= query string append auto
                        if (objDataRow["type"].ToString()=="5")
                        {
                            intQueryStringPos= strTmpUrl.IndexOf("?");

                            if (intQueryStringPos>0)
                            {
                                strTmpUrl=strTmpUrl + "&" + strPayloadData;
                            }
                            else
                            {
                                strTmpUrl=strTmpUrl + "?" + strPayloadData;
                            }

                        }

                        berettaSubmission objSubmission=new berettaSubmission();
                        objSubmission.url="" + strTmpUrl;
                        objSubmission.formSubmission="" + strCurrentUrlFormValues;

                        mObjBerettaSubmissionHashTable.Add(System.Guid.NewGuid().ToString(), objSubmission);

                        objSubmission=null;

                        strReturn=objFormSubmitter.submitData(strCurrentUrlFormValues, strTmpUrl, true, "POST", mUserAgent);

                        //Check if result matches any signatures
                        foreach(DataRow objSignatureRow in mObjSignaturesDataSet.Tables[0].Rows)
                        {
                            berettaResult objResult=new berettaResult();

                            //Check if matches signature
                            objResult=isMatch(strReturn, objSignatureRow, System.Convert.ToInt32(objDataRow["id"]), objDataRow["payloadName"].ToString(), strTmpUrl, strCurrentUrlFormValues);

                            if (objResult.isMatch==true)
                            {
                                mObjBerettaResultHashTable.Add(intX, objResult);
                                intX++;
                            }

                            objResult=null;
                        }

                    }

                }

            }
        }