/// <summary>
/// Network settings
/// </summary>
/// <param name="netSettings"></param>
public RequestSender(INetworkSettings netSettings)
{
_httpClient = new WebRequestClient();
if (netSettings == null)
{
netSettings = new DefaultNetworkSettings();
netSettings.CertificateValidationCallback = _certificateValidationCallback;
}
_httpClient.SetNetworkSettings(netSettings);
_httpClient.ShouldHandleCookies = true;
}
public CustomTestsExploiter()
{
_netSettings = new DefaultNetworkSettings();
if (TrafficViewerOptions.Instance.UseProxy)
{
_netSettings.WebProxy = new WebProxy(
TrafficViewerOptions.Instance.HttpProxyServer,
TrafficViewerOptions.Instance.HttpProxyPort);
}
_netSettings.CertificateValidationCallback = new RemoteCertificateValidationCallback(SSLValidationCallback.ValidateRemoteCertificate);
}
private IHttpClient GetTrackingProxyHttpClient()
{
IHttpClient webClient = new WebRequestClient();
DefaultNetworkSettings netSettings = new DefaultNetworkSettings();
//send the referer request to the tracking proxy
netSettings.CertificateValidationCallback = _networkSettings.CertificateValidationCallback;
netSettings.WebProxy = new WebProxy(_parentProxy.Host, _parentProxy.Port);
webClient.SetNetworkSettings(netSettings);
return(webClient);
}
/// <summary>
/// Makes an http client to be used with a request
/// </summary>
/// <returns></returns>
public IHttpClient MakeHttpClient()
{
IHttpClient client = null;
client = _httpClientFactory.MakeClient();
DefaultNetworkSettings netSettings = new DefaultNetworkSettings();
netSettings.CertificateValidationCallback = ValidateServerCertificate;
if (TrafficViewerOptions.Instance.UseProxy)
{
netSettings.WebProxy = new WebProxy(TrafficViewerOptions.Instance.HttpProxyServer, TrafficViewerOptions.Instance.HttpProxyPort);
}
client.SetNetworkSettings(netSettings);
return(client);
}
private static IHttpClient GetHttpClient()
{
SdkSettings.Instance.HttpRequestTimeout = 60;
WebRequestClient client = new WebRequestClient();
DefaultNetworkSettings networkSettings = new DefaultNetworkSettings();
networkSettings.CertificateValidationCallback = new RemoteCertificateValidationCallback(CertificateValidator.ValidateRemoteCertificate);
networkSettings.WebProxy = HttpWebRequest.GetSystemWebProxy();
client.SetNetworkSettings(networkSettings);
return(client);
}
private static IHttpClient GetHttpClient()
{
IHttpClient client = TrafficViewer.Instance.HttpClientFactory.MakeClient();
DefaultNetworkSettings networkSettings = new DefaultNetworkSettings();
networkSettings.CertificateValidationCallback = new RemoteCertificateValidationCallback(SSLValidationCallback.ValidateRemoteCertificate);
if (TrafficViewerOptions.Instance.UseProxy)
{
WebProxy proxy = new WebProxy(TrafficViewerOptions.Instance.HttpProxyServer, TrafficViewerOptions.Instance.HttpProxyPort);
networkSettings.WebProxy = proxy;
}
client.SetNetworkSettings(networkSettings);
return(client);
}
public void Test_NetworkSettings_ProxyUsesAProxy()
{
MockProxy mockProxy;
string testRequest = "GET http://site.com/ HTTP/1.1\r\n\r\n";
string testResponse = "HTTP/1.1 200 OK\r\n\r\n";
TrafficViewerFile dataStore = new TrafficViewerFile();
mockProxy = SetupMockProxy(testRequest, testResponse, dataStore);
mockProxy.Start();
ManualExploreProxy meProxy = new ManualExploreProxy("127.0.0.1", 0, null); //use a random port
meProxy.NetworkSettings.WebProxy = new WebProxy(mockProxy.Host, mockProxy.Port);
meProxy.Start();
WebRequestClient client = new WebRequestClient();
INetworkSettings networkSettings = new DefaultNetworkSettings();
networkSettings.WebProxy = new WebProxy(meProxy.Host, meProxy.Port);
client.SetNetworkSettings(networkSettings);
HttpRequestInfo testReqInfo = new HttpRequestInfo(testRequest);
Assert.AreEqual(0, dataStore.RequestCount);
HttpResponseInfo respInfo = client.SendRequest(testReqInfo);
meProxy.Stop();
mockProxy.Stop();
//test that the request goes through the mock proxy by checking the data store
Assert.AreEqual(200, respInfo.Status);
Assert.AreEqual(1, dataStore.RequestCount);
}
protected IHttpClient GetHttpClient(ClientType clientType, int proxyPort = -1)
{
IHttpClient client;
if (clientType == ClientType.WebRequestClient)
{
client = new WebRequestClient();
}
else
{
client = new TrafficViewerHttpClient();
}
if (proxyPort != -1)
{
INetworkSettings netSettings = new DefaultNetworkSettings();
netSettings.WebProxy = new WebProxy("127.0.0.1", proxyPort);
client.SetNetworkSettings(netSettings);
}
return(client);
}
private static HttpResponseInfo SendRequestThroughTestProxy(string request, BaseAttackProxy testProxy, MockProxy mockSite)
{
HttpRequestInfo testReqInfo = new HttpRequestInfo(request, false);
testReqInfo.Host = mockSite.Host;
testReqInfo.Port = mockSite.Port;
TrafficViewerHttpClient client = new TrafficViewerHttpClient();
client.Timeout = 60 * 60 * 24;
DefaultNetworkSettings netSettings = new DefaultNetworkSettings();
netSettings.WebProxy = new WebProxy(testProxy.Host, testProxy.Port);
client.SetNetworkSettings(netSettings);
var response = client.SendRequest(testReqInfo);
Assert.IsNotNull(response, "Error connecting to test proxy");
Assert.AreNotEqual(504, response.Status, "Mock site not responding");
return(response);
}
public void Run()
{
_runnable = true;
var customTests = _testFile.GetCustomTests().Values;
Tester tester = new Tester(this, _testFile);
if (_requestsToTest.Count == 0)
{
//load the requests to test
foreach (var tvReqInfo in _selectedRequests)
{
_requestsToTest.Enqueue(tvReqInfo);
}
}
_trafficFile.SetState(AccessorState.Loading);
while (_runnable && _requestsToTest.Count > 0)
{
TVRequestInfo workingEntry = _requestsToTest.Peek();
//check the request;
byte[] reqBytes = _trafficFile.LoadRequestData(workingEntry.Id);
byte[] respBytes = _trafficFile.LoadResponseData(workingEntry.Id);
HttpRequestInfo workingReqInfo = null;
if (reqBytes == null)
{
Log("SELECT A NEW REQUEST");
_requestsToTest.Dequeue(); //remove the request;
continue;
}
else
{
workingReqInfo = new HttpRequestInfo(reqBytes, true);
workingReqInfo.IsSecure = workingEntry.IsHttps;
}
string rawRequest = workingReqInfo.ToString();
string rawResponse = respBytes != null?Constants.DefaultEncoding.GetString(respBytes) : String.Empty;
if (ShouldBeTested(rawRequest, _testFile.GetAttackTargetList()))
{
MultiThreadedTestExecution testExecution = new MultiThreadedTestExecution(tester, rawRequest, rawResponse, new Uri(workingReqInfo.FullUrl), _testFile.NumberOfThreads);
bool containsFuzz = rawRequest.Contains(Constants.FUZZ_STRING);
foreach (CustomTestDef testDef in customTests)
{
if (containsFuzz)
{
testExecution.TestsQueue.Enqueue(new TestJob(String.Empty, String.Empty, RequestLocation.Path, testDef));
}
else
{
//iterate through parameters, cookies and headers
foreach (var parameter in workingReqInfo.PathVariables)
{
testExecution.TestsQueue.Enqueue(new TestJob(parameter.Key, parameter.Value, RequestLocation.Path, testDef));
}
foreach (var parameter in workingReqInfo.QueryVariables)
{
testExecution.TestsQueue.Enqueue(new TestJob(parameter.Key, parameter.Value, RequestLocation.Query, testDef));
}
foreach (var parameter in workingReqInfo.BodyVariables)
{
testExecution.TestsQueue.Enqueue(new TestJob(parameter.Key, parameter.Value, RequestLocation.Body, testDef));
}
if (!_testFile.TestOnlyParameters)
{
foreach (var header in workingReqInfo.Headers)
{
if (!header.Name.Equals("Host"))
{
testExecution.TestsQueue.Enqueue(new TestJob(header.Name, header.Value, RequestLocation.Headers, testDef));
}
}
foreach (var cookie in workingReqInfo.Cookies)
{
testExecution.TestsQueue.Enqueue(new TestJob(cookie.Key, cookie.Value, RequestLocation.Cookies, testDef));
}
}
}
testExecution.StartTestsAsync();
while (testExecution.IsRunning)
{
if (!_runnable)
{
testExecution.CancelTests();
}
//wait for the test execution to complete
Thread.Sleep(10);
}
}
}
if (_requestsToTest.Count > 0)
{
_requestsToTest.Dequeue();
}
}
//we also initialize all multi-step operations
List <string> multiStepList = _testFile.GetMultiStepList();
_multiStepsToTest = new Queue <string>();
foreach (string path in multiStepList)
{
if (File.Exists(path))
{
_multiStepsToTest.Enqueue(path);
}
else
{
SdkSettings.Instance.Logger.Log(TraceLevel.Error, "Multi-Step path '{0}' does not exist.", path);
}
}
while (_multiStepsToTest.Count > 0)
{
if (!_runnable)
{
return;
}
string path = _multiStepsToTest.Peek();
bool isAbl = path.EndsWith(".login");
TrafficViewerFile htd = new TrafficViewerFile();
if (isAbl)
{
SdkSettings.Instance.Logger.Log(TraceLevel.Error, "ABL files are not supported");
continue;
}
else
{
htd.Open(path);
}
SequentialAttackProxy proxy = GetTestProxy(_netSettings, true) as SequentialAttackProxy;
proxy.Start();
DefaultNetworkSettings netSettings = new DefaultNetworkSettings();
netSettings.WebProxy = new WebProxy(proxy.Host, proxy.Port);
netSettings.CertificateValidationCallback = _netSettings.CertificateValidationCallback;
RequestSender.RequestSender reqSender = new RequestSender.RequestSender(netSettings);
do
{
reqSender.Send(htd);
}while (!proxy.TestComplete && _runnable);
proxy.Stop();
if (_runnable)
{
_multiStepsToTest.Dequeue();
}
}
_trafficFile.SetState(AccessorState.Idle);
_runnable = false;
}
//[TestMethod]
public void Test_ReverseProxy()
{
string testRequest = "GET / HTTP/1.1\r\n";
string site1Response = "HTTP/1.1 200 OK\r\n\r\nThis is site1";
string site2Response = "HTTP/1.1 200 OK\r\n\r\nThis is site2";
//create two mock sites each on a different port and a http client that send a request to the first but in fact gets redirected to the other
TrafficViewerFile site1Source = new TrafficViewerFile();
site1Source.AddRequestResponse(testRequest, site1Response);
TrafficViewerFile site2Source = new TrafficViewerFile();
site2Source.AddRequestResponse(testRequest, site2Response);
TrafficStoreProxy mockSite1 = new TrafficStoreProxy(
site1Source, null, "127.0.0.1", 0, 0);
mockSite1.Start();
TrafficStoreProxy mockSite2 = new TrafficStoreProxy(
site2Source, null, "127.0.0.1", 0, 0);
mockSite2.Start();
HttpRequestInfo reqInfo = new HttpRequestInfo(testRequest);
//request will be sent to site 1
reqInfo.Host = mockSite1.Host;
reqInfo.Port = mockSite1.Port;
ReverseProxy revProxy = new ReverseProxy("127.0.0.1", 0, 0, null);
revProxy.ExtraOptions[ReverseProxy.FORWARDING_HOST_OPT] = mockSite2.Host;
revProxy.ExtraOptions[ReverseProxy.FORWARDING_PORT_OPT] = mockSite2.Port.ToString();
revProxy.Start();
//make an http client
IHttpClient client = new WebRequestClient();
DefaultNetworkSettings settings = new DefaultNetworkSettings();
settings.WebProxy = new WebProxy(revProxy.Host, revProxy.Port);
client.SetNetworkSettings(settings);
//send the request Http and verify the target site received it
HttpResponseInfo respInfo = client.SendRequest(reqInfo);
string respBody = respInfo.ResponseBody.ToString();
Assert.IsTrue(respBody.Contains("This is site2"));
//check over ssl
reqInfo.IsSecure = true;
respInfo = client.SendRequest(reqInfo);
respBody = respInfo.ResponseBody.ToString();
Assert.IsTrue(respBody.Contains("This is site2"));
mockSite1.Stop();
mockSite2.Stop();
revProxy.Stop();
}
private void TestMultiSteps()
{
//we also initialize all multi-step operations
List <string> multiStepList = _testFile.GetMultiStepList();
_multiStepsToTest = new Queue <string>();
foreach (string path in multiStepList)
{
if (File.Exists(path))
{
_multiStepsToTest.Enqueue(path);
}
else
{
HttpServerConsole.Instance.WriteLine(LogMessageType.Error,
"Multi-Step path '{0}' does not exist.", path);
}
}
while (_multiStepsToTest.Count > 0)
{
if (!_runnable)
{
return;
}
string path = _multiStepsToTest.Peek();
bool isAbl = path.EndsWith(".login");
TrafficViewerFile htd = new TrafficViewerFile();
if (isAbl)
{
HttpServerConsole.Instance.WriteLine(LogMessageType.Error, "ABL files are not supported");
continue;
}
else
{
htd.Open(path);
}
SequentialAttackProxy proxy = GetTestProxy(_netSettings, true) as SequentialAttackProxy;
proxy.Start();
DefaultNetworkSettings netSettings = new DefaultNetworkSettings();
netSettings.WebProxy = new WebProxy(proxy.Host, proxy.Port);
netSettings.CertificateValidationCallback = _netSettings.CertificateValidationCallback;
RequestSender.RequestSender reqSender = new RequestSender.RequestSender(netSettings);
do
{
reqSender.Send(htd);
}while (!proxy.TestComplete && _runnable);
proxy.Stop();
if (_runnable)
{
_multiStepsToTest.Dequeue();
}
}
}
