public void TestReplaceInvalidCoords() { TrafficViewer.Instance.NewTvf(); ITrafficDataAccessor tvf = TrafficViewer.Instance.TrafficViewerFile; string firstRequest = "GET /a1 HTTP/1.1\r\nHeader1: a1"; string firstResponse = "HTTP 200 OK\r\n<r>2</r><tag><r>3</r>"; tvf.AddRequestResponse(firstRequest, firstResponse); LineSearcher searcher = new LineSearcher(); LineMatches result = new LineMatches(); SearchCriteriaSet criteriaSet = new SearchCriteriaSet(); criteriaSet.Add(new SearchCriteria(SearchContext.Full, true, @"a1|a=2|<r>\d</r>")); searcher.Search(tvf, criteriaSet, result); (tvf as TrafficViewerFile).Clear(false); Assert.AreEqual(0, tvf.RequestCount); string secondRequest = "GET /a2 HTTP/1.1\r\nHeader1: a2"; string secondResponse = "HTTP 200 OK\r\n<r>1</r>"; tvf.AddRequestResponse(secondRequest, secondResponse); Assert.AreEqual(1, tvf.RequestCount); //this should not cause an exception tvf.Replace(result, ""); }
public void TestLineSearchInRequestNoRegex() { TrafficViewer.Instance.NewTvf(); ITrafficDataAccessor tvf = TrafficViewer.Instance.TrafficViewerFile; string firstRequest = "GET /a1 HTTP/1.1\r\nHeader1: a1"; string secondRequest = "GET /a2 HTTP/1.1\r\nHeader1: a2"; tvf.AddRequestResponse(firstRequest, "HTTP 200 OK"); tvf.AddRequestResponse(secondRequest, "HTTP 200 OK"); Assert.AreEqual(2, tvf.RequestCount); LineSearcher searcher = new LineSearcher(); LineMatches result = new LineMatches(); SearchCriteriaSet criteriaSet = new SearchCriteriaSet(); criteriaSet.Add(new SearchCriteria(SearchContext.Request, false, "a1")); searcher.Search(tvf, criteriaSet, result); Assert.AreEqual(2, result.Count); Assert.AreEqual(0, result[0].RequestId); Assert.AreEqual(0, result[1].RequestId); Assert.AreEqual(1, result[0].MatchCoordinatesList.Count); Assert.AreEqual(1, result[1].MatchCoordinatesList.Count); Assert.AreEqual("a1", firstRequest.Substring(result[0].MatchCoordinatesList[0].MatchPosition, result[0].MatchCoordinatesList[0].MatchLength)); Assert.AreEqual("a1", firstRequest.Substring(result[1].MatchCoordinatesList[0].MatchPosition, result[1].MatchCoordinatesList[0].MatchLength)); }
private static void ReplaceTest(string replacement) { TrafficViewer.Instance.NewTvf(); ITrafficDataAccessor tvf = TrafficViewer.Instance.TrafficViewerFile; string firstRequest = "GET /a1 HTTP/1.1\r\nHeader1: a1"; string secondRequest = "GET /a2 HTTP/1.1\r\nHeader1: a2"; string firstResponse = "HTTP 200 OK\r\n<r>1</r>"; string secondResponse = "HTTP 200 OK\r\n<r>2</r><tag><r>3</r>"; tvf.AddRequestResponse(firstRequest, firstResponse); tvf.AddRequestResponse(secondRequest, secondResponse); Assert.AreEqual(2, tvf.RequestCount); LineSearcher searcher = new LineSearcher(); LineMatches result = new LineMatches(); SearchCriteriaSet criteriaSet = new SearchCriteriaSet(); criteriaSet.Add(new SearchCriteria(SearchContext.Full, true, @"a1|a=2|<r>\d</r>")); searcher.Search(tvf, criteriaSet, result); tvf.Replace(result, replacement); firstRequest = Constants.DefaultEncoding.GetString(tvf.LoadRequestData(0)); secondRequest = Constants.DefaultEncoding.GetString(tvf.LoadRequestData(1)); firstResponse = Constants.DefaultEncoding.GetString(tvf.LoadResponseData(0)); secondResponse = Constants.DefaultEncoding.GetString(tvf.LoadResponseData(1)); Assert.AreEqual("GET /" + replacement + " HTTP/1.1\r\nHeader1: " + replacement, firstRequest); Assert.AreEqual("HTTP 200 OK\r\n" + replacement + "<tag>" + replacement, secondResponse); }
public void TestRequestSearchMultipleTexts() { TrafficViewer.Instance.NewTvf(); ITrafficDataAccessor tvf = TrafficViewer.Instance.TrafficViewerFile; string firstRequest = "POST /a1 HTTP/1.1\r\nHeader1: a1\r\n\r\na=1"; string secondRequest = "POST /a2 HTTP/1.1\r\nHeader1: a2\r\n\r\na=1&b=2"; string firstResponse = "HTTP 200 OK\r\n<r>1</r>"; string secondResponse = "HTTP 200 OK\r\n<r>2</r>"; tvf.AddRequestResponse(firstRequest, firstResponse); tvf.AddRequestResponse(secondRequest, secondResponse); Assert.AreEqual(2, tvf.RequestCount); RequestSearcher searcher = new RequestSearcher(); RequestMatches result = new RequestMatches(); SearchCriteriaSet criteriaSet = new SearchCriteriaSet(); criteriaSet.Add(new SearchCriteria(SearchContext.RequestBody, false, "a=1")); criteriaSet.Add(new SearchCriteria(SearchContext.RequestBody, false, "b=2")); searcher.Search(tvf, criteriaSet, result); Assert.AreEqual(1, result.Count); Assert.AreEqual(1, result[0]); }
public void TestLineSearchInResponseRegex() { TrafficViewer.Instance.NewTvf(); ITrafficDataAccessor tvf = TrafficViewer.Instance.TrafficViewerFile; string firstRequest = "POST /a1 HTTP/1.1\r\nHeader1: a1\r\n\r\na=1"; string secondRequest = "POST /a2 HTTP/1.1\r\nHeader1: a2\r\n\r\na=2"; string firstResponse = "HTTP 200 OK\r\n<r>1</r>"; string secondResponse = "HTTP 200 OK\r\n<r>2</r>"; tvf.AddRequestResponse(firstRequest, firstResponse); tvf.AddRequestResponse(secondRequest, secondResponse); Assert.AreEqual(2, tvf.RequestCount); LineSearcher searcher = new LineSearcher(); LineMatches result = new LineMatches(); SearchCriteriaSet criteriaSet = new SearchCriteriaSet(); criteriaSet.Add(new SearchCriteria(SearchContext.Response, true, @"<r>\d+</r>|a1")); searcher.Search(tvf, criteriaSet, result); Assert.AreEqual(2, result.Count); Assert.AreEqual(0, result[0].RequestId); Assert.AreEqual(SearchContext.Response, result[0].Context); Assert.AreEqual(1, result[0].MatchCoordinatesList.Count); Assert.AreEqual("<r>2</r>", secondResponse.Substring(result[1].MatchCoordinatesList[0].MatchPosition, result[1].MatchCoordinatesList[0].MatchLength)); }
public void TestRequestLineAfterReplace() { TrafficViewer.Instance.NewTvf(); ITrafficDataAccessor tvf = TrafficViewer.Instance.TrafficViewerFile; string firstRequest = "GET http://site.com/a1 HTTP/1.1\r\nHeader1: a1"; tvf.AddRequestResponse(firstRequest, String.Empty); TVRequestInfo reqInfo = tvf.GetRequestInfo(0); Assert.AreEqual("GET http://site.com/a1 HTTP/1.1", reqInfo.RequestLine); Assert.AreEqual(1, tvf.RequestCount); LineSearcher searcher = new LineSearcher(); LineMatches result = new LineMatches(); SearchCriteriaSet criteriaSet = new SearchCriteriaSet(); criteriaSet.Add(new SearchCriteria(SearchContext.RequestLine, true, "a1|a=2|<r>2</r>")); searcher.Search(tvf, criteriaSet, result); tvf.Replace(result, "replacement"); firstRequest = Constants.DefaultEncoding.GetString(tvf.LoadRequestData(0)); Assert.AreEqual("GET http://site.com/replacement HTTP/1.1\r\nHeader1: a1", firstRequest); Assert.AreEqual("GET http://site.com/replacement HTTP/1.1", reqInfo.RequestLine); }
public void TestLineSearchMultipleMatchesPerLineRegex() { TrafficViewer.Instance.NewTvf(); ITrafficDataAccessor tvf = TrafficViewer.Instance.TrafficViewerFile; string firstRequest = "POST /a1/a1 HTTP/1.1\r\nHeader1: a1\r\n\r\na=1"; string firstResponse = "HTTP 200 OK\r\n<r>1</r>"; tvf.AddRequestResponse(firstRequest, firstResponse); Assert.AreEqual(1, tvf.RequestCount); LineSearcher searcher = new LineSearcher(); LineMatches result = new LineMatches(); SearchCriteriaSet criteriaSet = new SearchCriteriaSet(); criteriaSet.Add(new SearchCriteria(SearchContext.RequestLine, true, @"a\d")); searcher.Search(tvf, criteriaSet, result); Assert.AreEqual(1, result.Count); Assert.AreEqual(2, result[0].MatchCoordinatesList.Count); }
public void TestLineSearchFullRegex() { TrafficViewer.Instance.NewTvf(); ITrafficDataAccessor tvf = TrafficViewer.Instance.TrafficViewerFile; string firstRequest = "POST /a1 HTTP/1.1\r\nHeader1: a1\r\n\r\na=1"; string secondRequest = "POST /a2 HTTP/1.1\r\nHeader1: a2\r\n\r\na=2"; string firstResponse = "HTTP 200 OK\r\n<r>1</r>"; string secondResponse = "HTTP 200 OK\r\n<r>2</r>"; tvf.AddRequestResponse(firstRequest, firstResponse); string testValue = Constants.DefaultEncoding.GetString(tvf.LoadRequestData(0)); Assert.AreEqual(firstRequest, testValue, "Incorrect first request"); testValue = Constants.DefaultEncoding.GetString(tvf.LoadResponseData(0)); Assert.AreEqual(firstResponse, testValue, "Incorrect first response"); tvf.AddRequestResponse(secondRequest, secondResponse); Assert.AreEqual(2, tvf.RequestCount, "Correct number of requests not added"); LineSearcher searcher = new LineSearcher(); LineMatches result = new LineMatches(); SearchCriteriaSet criteriaSet = new SearchCriteriaSet(); criteriaSet.Add(new SearchCriteria(SearchContext.Full, true, "a=1|<r>2</r>")); searcher.Search(tvf, criteriaSet, result); Assert.AreEqual(2, result.Count); Assert.AreEqual(0, result[0].RequestId); Assert.AreEqual(1, result[1].RequestId); Assert.AreEqual(SearchContext.Request, result[0].Context); Assert.AreEqual(SearchContext.Response, result[1].Context); Assert.AreEqual("a=1", firstRequest.Substring(result[0].MatchCoordinatesList[0].MatchPosition, result[0].MatchCoordinatesList[0].MatchLength)); Assert.AreEqual("<r>2</r>", secondResponse.Substring(result[1].MatchCoordinatesList[0].MatchPosition, result[1].MatchCoordinatesList[0].MatchLength)); }
private void GenerateClick(object sender, EventArgs e) { FormHelper fh = new FormHelper(); fh.Url = _textUrl.Text; fh.IsConfigurable = _comboTarget.SelectedIndex == 0; fh.AttackPage = _textTitle.Text; fh.AdditionalMarkup = _textMarkup.Text; byte[] modifiedReq; byte[] modifiedResp; fh.ConvertRequestToForm(_reqInfo, out modifiedReq, out modifiedResp); _curDataAccessor.AddRequestResponse(modifiedReq, modifiedResp); }
private void ExtractForms(string fileContents) { MatchCollection matches = Regex.Matches(fileContents, "(?si)<form.*?</form>"); foreach (Match m in matches) { var form = m.Value; //extract the form uri and method var method = Utils.RegexFirstGroupValue(form, "(?si)method\\s*=\\s*['\"]?(\\w+)").ToLower(); if (String.IsNullOrWhiteSpace(method)) { method = "get"; } var url = Utils.RegexFirstGroupValue(form, "(?si)action\\s*=\\s*['\"]?(\\w+)"); //if the url contains script in it or is malformed skip it if (!Uri.IsWellFormedUriString(url, UriKind.RelativeOrAbsolute)) { continue; } Uri formUri = _rootUri; if (!String.IsNullOrWhiteSpace(url)) { formUri = new Uri(url); if (!formUri.IsAbsoluteUri) { formUri = new Uri(_rootUri, formUri); } } //extract form fields var fieldMatches = Regex.Matches(form, "(?si)<input.*?</input>"); HttpRequestInfo formReqInfo; if (method.Equals("get")) { formReqInfo = new HttpRequestInfo(String.Format("GET {0} HTTP/1.1\r\n{1}\r\n\r\n", formUri.PathAndQuery, _headers), true); } else { formReqInfo = new HttpRequestInfo(String.Format("POST {0} HTTP/1.1\r\n{1}\r\n", formUri.PathAndQuery, _headers), true); formReqInfo.Headers["Content-Type"] = "application/x-www-form-urlencoded"; } formReqInfo.Host = formUri.Host; formReqInfo.Port = formUri.Port; foreach (Match fm in fieldMatches) { //get input name and value var input = fm.Value; var name = Utils.RegexFirstGroupValue(form, "(?si)name\\s*=\\s*['\"]?(\\w+)"); var value = Utils.RegexFirstGroupValue(form, "(?si)value\\s*=\\s*['\"]?(\\w+)"); if (method.Equals("get")) { formReqInfo.QueryVariables.Add(name, value); } else { formReqInfo.BodyVariables.Add(name, value); } } //finally if (method.Equals("get"))//add to the list of urls { url = formReqInfo.FullUrl; if (!_foundUrls.Contains(url)) { _foundUrls.Add(url); } } else { //add the post request on the spot TVRequestInfo reqInfo = _curDataAccessor.GetRequestInfo( _curDataAccessor.AddRequestResponse(formReqInfo.ToString(), "") ); reqInfo.IsHttps = formUri.Scheme.Equals("https", StringComparison.OrdinalIgnoreCase); _curDataAccessor.UpdateRequestInfo(reqInfo); } } }
/// <summary> /// Creates the proxy with a single request and response /// </summary> /// <param name="testRequest"></param> /// <param name="testResponse"></param> public MockProxy(string testRequest, string testResponse) : this(new TrafficViewerFile(), new TrafficViewerFile()) { _mockSite.AddRequestResponse(testRequest, testResponse); }