Exemple #1
0
 Request ModifyCsrfTokenInRequest(Request Req)
 {
     if (Req.Query.Has(TokenName))
     {
         if (RemoveParameter)
         {
             Req.Query.Remove(TokenName);
         }
         else
         {
             Req.Query.Set(TokenName, TokenReplacementValue);
         }
     }
     if (Req.HasBody)
     {
         if (Req.IsNormal)
         {
             if (Req.Body.Has(TokenName))
             {
                 if (RemoveParameter)
                 {
                     Req.Body.Remove(TokenName);
                 }
                 else
                 {
                     Req.Body.Set(TokenName, TokenReplacementValue);
                 }
             }
         }
         else
         {
             FormatParameters Params = null;
             if (Req.IsXml)
             {
                 Params = FormatPlugin.GetXmlParameters(Req);
             }
             else if (Req.IsSoap)
             {
                 Params = FormatPlugin.GetSoapParameters(Req);
             }
             else if (Req.IsJson)
             {
                 Params = FormatPlugin.GetJsonParameters(Req);
             }
             else if (Req.IsMultiPart)
             {
                 Params = FormatPlugin.GetMultipartParameters(Req);
             }
             if (Params != null)
             {
                 for (int i = 0; i < Params.Count; i++)
                 {
                     if (Params.GetName(i).Contains(TokenName))
                     {
                         string[] Parts = Params.GetName(i).Split(new char[] { '>' }, StringSplitOptions.RemoveEmptyEntries);
                         if (Parts.Length > 0)
                         {
                             if (Parts[Parts.Length - 1].Trim().Equals(TokenName))
                             {
                                 if (RemoveParameter)
                                 {
                                     TokenReplacementValue = "";
                                 }
                                 if (Req.IsXml || Req.IsSoap || Req.IsJson || Req.IsMultiPart)
                                 {
                                     FormatPlugin.Get(Req.BodyType).InjectInRequest(Req, i, TokenReplacementValue);
                                 }
                             }
                         }
                         break;
                     }
                 }
             }
         }
     }
     return(Req);
 }
Exemple #2
0
        void FindCandidatesFromDB(object FilterDictObj)
        {
            try
            {
                Dictionary <string, List <string> > FilterInfo = (Dictionary <string, List <string> >)FilterDictObj;
                string CsrfParameterName = FilterInfo["TokenName"][0];

                List <LogRow> MatchingRecords  = IronDB.GetRecordsFromProxyLogMatchingFilters(FilterInfo["Hosts"], FilterInfo["File"], CsrfParameterName);
                List <LogRow> RecordsWithToken = new List <LogRow>();
                foreach (LogRow LR in MatchingRecords)
                {
                    Request Req = Request.FromProxyLog(LR.ID);
                    if (Req.Query.Has(CsrfParameterName))
                    {
                        RecordsWithToken.Add(LR);
                    }
                    else if (Req.HasBody)
                    {
                        if (Req.IsNormal)
                        {
                            if (Req.Body.Has(CsrfParameterName))
                            {
                                RecordsWithToken.Add(LR);
                            }
                        }
                        else
                        {
                            FormatParameters Params = null;
                            if (Req.IsXml)
                            {
                                Params = FormatPlugin.GetXmlParameters(Req);
                            }
                            else if (Req.IsSoap)
                            {
                                Params = FormatPlugin.GetSoapParameters(Req);
                            }
                            else if (Req.IsJson)
                            {
                                Params = FormatPlugin.GetJsonParameters(Req);
                            }
                            else if (Req.IsMultiPart)
                            {
                                Params = FormatPlugin.GetMultipartParameters(Req);
                            }
                            if (Params != null)
                            {
                                for (int i = 0; i < Params.Count; i++)
                                {
                                    if (Params.GetName(i).Contains(CsrfParameterName))
                                    {
                                        string[] Parts = Params.GetName(i).Split(new char[] { '>' }, StringSplitOptions.RemoveEmptyEntries);
                                        if (Parts.Length > 0)
                                        {
                                            if (Parts[Parts.Length - 1].Trim().Equals(TokenName))
                                            {
                                                RecordsWithToken.Add(LR);
                                                break;
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    }
                }

                //Show these records on the page
                ShowMatchingRecordValues(RecordsWithToken);
            }
            catch (ThreadAbortException) { }
            catch (Exception Exp)
            {
                MessageBox.Show(string.Format("Error finding candidates - {0}", Exp.Message));
            }
        }