/// <summary> /// Network settings /// </summary> /// <param name="netSettings"></param> public RequestSender(INetworkSettings netSettings) { _httpClient = new WebRequestClient(); if (netSettings == null) { netSettings = new DefaultNetworkSettings(); netSettings.CertificateValidationCallback = _certificateValidationCallback; } _httpClient.SetNetworkSettings(netSettings); _httpClient.ShouldHandleCookies = true; }
public CustomTestsExploiter() { _netSettings = new DefaultNetworkSettings(); if (TrafficViewerOptions.Instance.UseProxy) { _netSettings.WebProxy = new WebProxy( TrafficViewerOptions.Instance.HttpProxyServer, TrafficViewerOptions.Instance.HttpProxyPort); } _netSettings.CertificateValidationCallback = new RemoteCertificateValidationCallback(SSLValidationCallback.ValidateRemoteCertificate); }
private IHttpClient GetTrackingProxyHttpClient() { IHttpClient webClient = new WebRequestClient(); DefaultNetworkSettings netSettings = new DefaultNetworkSettings(); //send the referer request to the tracking proxy netSettings.CertificateValidationCallback = _networkSettings.CertificateValidationCallback; netSettings.WebProxy = new WebProxy(_parentProxy.Host, _parentProxy.Port); webClient.SetNetworkSettings(netSettings); return(webClient); }
/// <summary> /// Makes an http client to be used with a request /// </summary> /// <returns></returns> public IHttpClient MakeHttpClient() { IHttpClient client = null; client = _httpClientFactory.MakeClient(); DefaultNetworkSettings netSettings = new DefaultNetworkSettings(); netSettings.CertificateValidationCallback = ValidateServerCertificate; if (TrafficViewerOptions.Instance.UseProxy) { netSettings.WebProxy = new WebProxy(TrafficViewerOptions.Instance.HttpProxyServer, TrafficViewerOptions.Instance.HttpProxyPort); } client.SetNetworkSettings(netSettings); return(client); }
private static IHttpClient GetHttpClient() { SdkSettings.Instance.HttpRequestTimeout = 60; WebRequestClient client = new WebRequestClient(); DefaultNetworkSettings networkSettings = new DefaultNetworkSettings(); networkSettings.CertificateValidationCallback = new RemoteCertificateValidationCallback(CertificateValidator.ValidateRemoteCertificate); networkSettings.WebProxy = HttpWebRequest.GetSystemWebProxy(); client.SetNetworkSettings(networkSettings); return(client); }
private static IHttpClient GetHttpClient() { IHttpClient client = TrafficViewer.Instance.HttpClientFactory.MakeClient(); DefaultNetworkSettings networkSettings = new DefaultNetworkSettings(); networkSettings.CertificateValidationCallback = new RemoteCertificateValidationCallback(SSLValidationCallback.ValidateRemoteCertificate); if (TrafficViewerOptions.Instance.UseProxy) { WebProxy proxy = new WebProxy(TrafficViewerOptions.Instance.HttpProxyServer, TrafficViewerOptions.Instance.HttpProxyPort); networkSettings.WebProxy = proxy; } client.SetNetworkSettings(networkSettings); return(client); }
public void Test_NetworkSettings_ProxyUsesAProxy() { MockProxy mockProxy; string testRequest = "GET http://site.com/ HTTP/1.1\r\n\r\n"; string testResponse = "HTTP/1.1 200 OK\r\n\r\n"; TrafficViewerFile dataStore = new TrafficViewerFile(); mockProxy = SetupMockProxy(testRequest, testResponse, dataStore); mockProxy.Start(); ManualExploreProxy meProxy = new ManualExploreProxy("127.0.0.1", 0, null); //use a random port meProxy.NetworkSettings.WebProxy = new WebProxy(mockProxy.Host, mockProxy.Port); meProxy.Start(); WebRequestClient client = new WebRequestClient(); INetworkSettings networkSettings = new DefaultNetworkSettings(); networkSettings.WebProxy = new WebProxy(meProxy.Host, meProxy.Port); client.SetNetworkSettings(networkSettings); HttpRequestInfo testReqInfo = new HttpRequestInfo(testRequest); Assert.AreEqual(0, dataStore.RequestCount); HttpResponseInfo respInfo = client.SendRequest(testReqInfo); meProxy.Stop(); mockProxy.Stop(); //test that the request goes through the mock proxy by checking the data store Assert.AreEqual(200, respInfo.Status); Assert.AreEqual(1, dataStore.RequestCount); }
protected IHttpClient GetHttpClient(ClientType clientType, int proxyPort = -1) { IHttpClient client; if (clientType == ClientType.WebRequestClient) { client = new WebRequestClient(); } else { client = new TrafficViewerHttpClient(); } if (proxyPort != -1) { INetworkSettings netSettings = new DefaultNetworkSettings(); netSettings.WebProxy = new WebProxy("127.0.0.1", proxyPort); client.SetNetworkSettings(netSettings); } return(client); }
private static HttpResponseInfo SendRequestThroughTestProxy(string request, BaseAttackProxy testProxy, MockProxy mockSite) { HttpRequestInfo testReqInfo = new HttpRequestInfo(request, false); testReqInfo.Host = mockSite.Host; testReqInfo.Port = mockSite.Port; TrafficViewerHttpClient client = new TrafficViewerHttpClient(); client.Timeout = 60 * 60 * 24; DefaultNetworkSettings netSettings = new DefaultNetworkSettings(); netSettings.WebProxy = new WebProxy(testProxy.Host, testProxy.Port); client.SetNetworkSettings(netSettings); var response = client.SendRequest(testReqInfo); Assert.IsNotNull(response, "Error connecting to test proxy"); Assert.AreNotEqual(504, response.Status, "Mock site not responding"); return(response); }
public void Run() { _runnable = true; var customTests = _testFile.GetCustomTests().Values; Tester tester = new Tester(this, _testFile); if (_requestsToTest.Count == 0) { //load the requests to test foreach (var tvReqInfo in _selectedRequests) { _requestsToTest.Enqueue(tvReqInfo); } } _trafficFile.SetState(AccessorState.Loading); while (_runnable && _requestsToTest.Count > 0) { TVRequestInfo workingEntry = _requestsToTest.Peek(); //check the request; byte[] reqBytes = _trafficFile.LoadRequestData(workingEntry.Id); byte[] respBytes = _trafficFile.LoadResponseData(workingEntry.Id); HttpRequestInfo workingReqInfo = null; if (reqBytes == null) { Log("SELECT A NEW REQUEST"); _requestsToTest.Dequeue(); //remove the request; continue; } else { workingReqInfo = new HttpRequestInfo(reqBytes, true); workingReqInfo.IsSecure = workingEntry.IsHttps; } string rawRequest = workingReqInfo.ToString(); string rawResponse = respBytes != null?Constants.DefaultEncoding.GetString(respBytes) : String.Empty; if (ShouldBeTested(rawRequest, _testFile.GetAttackTargetList())) { MultiThreadedTestExecution testExecution = new MultiThreadedTestExecution(tester, rawRequest, rawResponse, new Uri(workingReqInfo.FullUrl), _testFile.NumberOfThreads); bool containsFuzz = rawRequest.Contains(Constants.FUZZ_STRING); foreach (CustomTestDef testDef in customTests) { if (containsFuzz) { testExecution.TestsQueue.Enqueue(new TestJob(String.Empty, String.Empty, RequestLocation.Path, testDef)); } else { //iterate through parameters, cookies and headers foreach (var parameter in workingReqInfo.PathVariables) { testExecution.TestsQueue.Enqueue(new TestJob(parameter.Key, parameter.Value, RequestLocation.Path, testDef)); } foreach (var parameter in workingReqInfo.QueryVariables) { testExecution.TestsQueue.Enqueue(new TestJob(parameter.Key, parameter.Value, RequestLocation.Query, testDef)); } foreach (var parameter in workingReqInfo.BodyVariables) { testExecution.TestsQueue.Enqueue(new TestJob(parameter.Key, parameter.Value, RequestLocation.Body, testDef)); } if (!_testFile.TestOnlyParameters) { foreach (var header in workingReqInfo.Headers) { if (!header.Name.Equals("Host")) { testExecution.TestsQueue.Enqueue(new TestJob(header.Name, header.Value, RequestLocation.Headers, testDef)); } } foreach (var cookie in workingReqInfo.Cookies) { testExecution.TestsQueue.Enqueue(new TestJob(cookie.Key, cookie.Value, RequestLocation.Cookies, testDef)); } } } testExecution.StartTestsAsync(); while (testExecution.IsRunning) { if (!_runnable) { testExecution.CancelTests(); } //wait for the test execution to complete Thread.Sleep(10); } } } if (_requestsToTest.Count > 0) { _requestsToTest.Dequeue(); } } //we also initialize all multi-step operations List <string> multiStepList = _testFile.GetMultiStepList(); _multiStepsToTest = new Queue <string>(); foreach (string path in multiStepList) { if (File.Exists(path)) { _multiStepsToTest.Enqueue(path); } else { SdkSettings.Instance.Logger.Log(TraceLevel.Error, "Multi-Step path '{0}' does not exist.", path); } } while (_multiStepsToTest.Count > 0) { if (!_runnable) { return; } string path = _multiStepsToTest.Peek(); bool isAbl = path.EndsWith(".login"); TrafficViewerFile htd = new TrafficViewerFile(); if (isAbl) { SdkSettings.Instance.Logger.Log(TraceLevel.Error, "ABL files are not supported"); continue; } else { htd.Open(path); } SequentialAttackProxy proxy = GetTestProxy(_netSettings, true) as SequentialAttackProxy; proxy.Start(); DefaultNetworkSettings netSettings = new DefaultNetworkSettings(); netSettings.WebProxy = new WebProxy(proxy.Host, proxy.Port); netSettings.CertificateValidationCallback = _netSettings.CertificateValidationCallback; RequestSender.RequestSender reqSender = new RequestSender.RequestSender(netSettings); do { reqSender.Send(htd); }while (!proxy.TestComplete && _runnable); proxy.Stop(); if (_runnable) { _multiStepsToTest.Dequeue(); } } _trafficFile.SetState(AccessorState.Idle); _runnable = false; }
//[TestMethod] public void Test_ReverseProxy() { string testRequest = "GET / HTTP/1.1\r\n"; string site1Response = "HTTP/1.1 200 OK\r\n\r\nThis is site1"; string site2Response = "HTTP/1.1 200 OK\r\n\r\nThis is site2"; //create two mock sites each on a different port and a http client that send a request to the first but in fact gets redirected to the other TrafficViewerFile site1Source = new TrafficViewerFile(); site1Source.AddRequestResponse(testRequest, site1Response); TrafficViewerFile site2Source = new TrafficViewerFile(); site2Source.AddRequestResponse(testRequest, site2Response); TrafficStoreProxy mockSite1 = new TrafficStoreProxy( site1Source, null, "127.0.0.1", 0, 0); mockSite1.Start(); TrafficStoreProxy mockSite2 = new TrafficStoreProxy( site2Source, null, "127.0.0.1", 0, 0); mockSite2.Start(); HttpRequestInfo reqInfo = new HttpRequestInfo(testRequest); //request will be sent to site 1 reqInfo.Host = mockSite1.Host; reqInfo.Port = mockSite1.Port; ReverseProxy revProxy = new ReverseProxy("127.0.0.1", 0, 0, null); revProxy.ExtraOptions[ReverseProxy.FORWARDING_HOST_OPT] = mockSite2.Host; revProxy.ExtraOptions[ReverseProxy.FORWARDING_PORT_OPT] = mockSite2.Port.ToString(); revProxy.Start(); //make an http client IHttpClient client = new WebRequestClient(); DefaultNetworkSettings settings = new DefaultNetworkSettings(); settings.WebProxy = new WebProxy(revProxy.Host, revProxy.Port); client.SetNetworkSettings(settings); //send the request Http and verify the target site received it HttpResponseInfo respInfo = client.SendRequest(reqInfo); string respBody = respInfo.ResponseBody.ToString(); Assert.IsTrue(respBody.Contains("This is site2")); //check over ssl reqInfo.IsSecure = true; respInfo = client.SendRequest(reqInfo); respBody = respInfo.ResponseBody.ToString(); Assert.IsTrue(respBody.Contains("This is site2")); mockSite1.Stop(); mockSite2.Stop(); revProxy.Stop(); }
private void TestMultiSteps() { //we also initialize all multi-step operations List <string> multiStepList = _testFile.GetMultiStepList(); _multiStepsToTest = new Queue <string>(); foreach (string path in multiStepList) { if (File.Exists(path)) { _multiStepsToTest.Enqueue(path); } else { HttpServerConsole.Instance.WriteLine(LogMessageType.Error, "Multi-Step path '{0}' does not exist.", path); } } while (_multiStepsToTest.Count > 0) { if (!_runnable) { return; } string path = _multiStepsToTest.Peek(); bool isAbl = path.EndsWith(".login"); TrafficViewerFile htd = new TrafficViewerFile(); if (isAbl) { HttpServerConsole.Instance.WriteLine(LogMessageType.Error, "ABL files are not supported"); continue; } else { htd.Open(path); } SequentialAttackProxy proxy = GetTestProxy(_netSettings, true) as SequentialAttackProxy; proxy.Start(); DefaultNetworkSettings netSettings = new DefaultNetworkSettings(); netSettings.WebProxy = new WebProxy(proxy.Host, proxy.Port); netSettings.CertificateValidationCallback = _netSettings.CertificateValidationCallback; RequestSender.RequestSender reqSender = new RequestSender.RequestSender(netSettings); do { reqSender.Send(htd); }while (!proxy.TestComplete && _runnable); proxy.Stop(); if (_runnable) { _multiStepsToTest.Dequeue(); } } }