public override void Check(Session session) { String id; bool filter = configpanel.enablefiltercheckBox.Checked; //alertbody = ""; //findingnum = 0; if (WatcherEngine.Configuration.IsOriginDomain(session.hostname)) { if (session.responseCode == 200) { if (Utility.IsResponseHtml(session) && session.responseBodyBytes.Length > 0) { if (!filter || SiteNotChecked(session.hostname)) { UtilityHtmlParser parser = new UtilityHtmlParser(); parser.Open(session); if (parser.Parser == null) { return; } HTMLchunk chunk; while ((chunk = parser.Parser.ParseNext()) != null) { if (chunk.oType == HTMLchunkType.OpenTag && chunk.sTag == "input") { if (chunk.oParams.ContainsKey("id")) { id = chunk.oParams["id"].ToString(); // Find ones where id="__VIEWSTATE" if (id.Equals("__VIEWSTATE", StringComparison.InvariantCultureIgnoreCase)) { // Get the __VIEWSTATE value if (chunk.oParams.ContainsKey("value")) { String val = chunk.oParams["value"].ToString(); // If the VIEWSTATE is not secured with a MAC, then raise an alert. if (!IsViewStateSecure(val)) { lock (hosts) { hosts.Add(session.hostname); } AddAlert(session); } } } } } } parser.Close(); } } } } }
public override void Check(Session session) { String[] bods = null; String body = null; if (WatcherEngine.Configuration.IsOriginDomain(session.hostname)) { if (session.responseCode == 200) { if (Utility.IsResponseHtml(session)) { UtilityHtmlParser parser = new UtilityHtmlParser(); parser.Open(session); if (parser.Parser == null) { return; } HTMLchunk chunk; while ((chunk = parser.Parser.ParseNext()) != null) { if (chunk.oType == HTMLchunkType.Script) { CheckDomainLowering(session, chunk.oHTML); } } parser.Close(); } if (Utility.IsResponseJavascript(session)) { body = Utility.GetResponseText(session); CheckDomainLowering(session, body); } } } }
public override void Check(Session session) { String bod = null; alertbody = ""; alertbody2 = ""; alertbody3 = ""; findingnum = 0; if (WatcherEngine.Configuration.IsOriginDomain(session.hostname)) { if (session.responseCode == 200) { if (Utility.IsResponseHtml(session)) { UtilityHtmlParser parser = new UtilityHtmlParser(); parser.Open(session); parser.Parser.bKeepRawHTML = true; if (parser.Parser == null) { return; } HTMLchunk chunk; while ((chunk = parser.Parser.ParseNext()) != null) { if (chunk.oType == HTMLchunkType.OpenTag) { if (chunk.sTag == "object") { CheckObjectTag(chunk, ref parser); } if (chunk.sTag == "embed") { CheckEmbedxTag(chunk); } } } if (!String.IsNullOrEmpty(alertbody)) { AddAlert(session, WatcherResultSeverity.Medium, alertbody); } if (!String.IsNullOrEmpty(alertbody2)) { AddAlert(session, WatcherResultSeverity.Informational, alertbody2); } if (!String.IsNullOrEmpty(alertbody3)) { AddAlert(session, WatcherResultSeverity.Medium, alertbody3); } } } } }
public override void Check(Session session) { String pat = null; String bod = null; String dom = null; alertbody = ""; findingnum = 0; // This is a check for cross-domain issues. So if Watcher is not configured with // an origin domain, treat the session response hostname as the origin. // // For details of the Silverlight clientaccesspolicy.xml DTD see: // http://msdn.microsoft.com/en-us/library/cc645032(v=vs.95).aspx // if (WatcherEngine.Configuration.IsOriginDomain(session.hostname, session.hostname)) { if (session.responseCode == 200) { if (Utility.IsResponseXml(session) || Utility.IsResponsePlain(session)) { pat = Path.GetFileName(session.PathAndQuery); if (pat != null && pat.ToLower() == "clientaccesspolicy.xml") { UtilityHtmlParser parser = new UtilityHtmlParser(); parser.Open(session); parser.Parser.bKeepRawHTML = true; HTMLchunk chunk; while ((chunk = parser.Parser.ParseNext()) != null) { // The easy thing to do here is just scan for all 'domain uri' declarations if (chunk.oType == HTMLchunkType.OpenTag && chunk.sTag == "domain" && chunk.oParams.ContainsKey("uri")) { dom = chunk.oParams["uri"].ToString(); if (!WatcherEngine.Configuration.IsOriginDomain(dom, session.hostname) && !WatcherEngine.Configuration.IsTrustedDomain(dom)) { AssembleAlert(dom, chunk.oHTML); } } } parser.Close(); if (!String.IsNullOrEmpty(alertbody)) { AddAlert(session); } } } } } }
public override void Check(Session session) { NameValueCollection parms = null; String bod = null; alertbody = ""; findingnum = 0; if (WatcherEngine.Configuration.IsOriginDomain(session.hostname)) { if (session.responseCode == 200) { parms = Utility.GetRequestParameters(session); if (parms != null && parms.Keys.Count > 0) { if (Utility.IsResponseHtml(session)) { UtilityHtmlParser parser = new UtilityHtmlParser(); parser.Open(session); if (parser.Parser == null) { return; } HTMLchunk chunk; while ((chunk = parser.Parser.ParseNext()) != null) { if (chunk.oType == HTMLchunkType.Script) { CheckUserControllableJavascriptReferenceProperty(parms, chunk.oHTML, "src"); CheckUserControllableJavascriptReferenceProperty(parms, chunk.oHTML, "href"); CheckUserControllableJavascriptReferenceWindowOpen(parms, chunk.oHTML); } } parser.Close(); } if (Utility.IsResponseJavascript(session)) { CheckUserControllableJavascriptReferenceProperty(parms, bod, "src"); CheckUserControllableJavascriptReferenceProperty(parms, bod, "href"); CheckUserControllableJavascriptReferenceWindowOpen(parms, bod); } if (!String.IsNullOrEmpty(alertbody)) { AddAlert(session); } } } } }
public override void Check(Session session) { String act = null; String dom = null; alertbody = ""; findingnum = 0; if (WatcherEngine.Configuration.IsOriginDomain(session.hostname, session.hostname) || WatcherEngine.Configuration.IsOriginDomain("")) { if (session.responseCode == 200) { if (Utility.IsResponseHtml(session)) { UtilityHtmlParser parser = new UtilityHtmlParser(); parser.Open(session); parser.Parser.bKeepRawHTML = true; if (parser.Parser == null) { return; } HTMLchunk chunk; while ((chunk = parser.Parser.ParseNext()) != null) { if (chunk.oType == HTMLchunkType.OpenTag && chunk.sTag.ToLower() == "form" && chunk.oParams.ContainsKey("action")) { act = chunk.oParams["action"].ToString(); if (!String.IsNullOrEmpty(act)) { dom = Utility.GetUriDomainName(act); if (!String.IsNullOrEmpty(dom)) { if (!WatcherEngine.Configuration.IsOriginDomain(dom, session.hostname) && !WatcherEngine.Configuration.IsTrustedDomain(dom)) { AssembleAlert(dom, chunk.oHTML); } } } } } parser.Close(); if (!String.IsNullOrEmpty(alertbody)) { AddAlert(session); } } } } }
public override void Check(Session session) { String bod = null; alertbody = ""; alertbody2 = ""; findingnum = 0; if (WatcherEngine.Configuration.IsOriginDomain(session.hostname)) { if (session.responseCode == 200) { if (Utility.IsResponseHtml(session)) { UtilityHtmlParser parser = new UtilityHtmlParser(); parser.Open(session); parser.Parser.bKeepRawHTML = true; HTMLchunk chunk; while ((chunk = parser.Parser.ParseNext()) != null) { if (chunk.oType == HTMLchunkType.OpenTag && chunk.sTag == "object") { CheckObjectTag(parser, chunk); } if (chunk.oType == HTMLchunkType.OpenTag && chunk.sTag == "embed") { CheckEmbedTag(chunk); } } //bod = Utility.GetResponseText(session); //if (bod != null) //{ // bod = Utility.ToSafeLower(bod); ; // CheckObjectTag(bod); // CheckEmbedTag(bod); //} if (!String.IsNullOrEmpty(alertbody)) { AddAlert(session, WatcherResultSeverity.Medium, alertbody); } if (!String.IsNullOrEmpty(alertbody2)) { AddAlert(session, WatcherResultSeverity.Low, alertbody2); } } } } }
public override void Check(Session session) { NameValueCollection parms = null; alertbody = ""; findingnum = 0; if (WatcherEngine.Configuration.IsOriginDomain(session.hostname)) { if (session.responseCode == 200 && session.responseBodyBytes.Length > 0) { UtilityHtmlParser parser = new UtilityHtmlParser(); parser.Open(session); if (parser.Parser == null) { return; } HTMLchunk chunk; parms = Utility.GetRequestParameters(session); // If there was no user-supplied parms we don't care to continue. if (parms != null && parms.Keys.Count > 0) { while ((chunk = parser.Parser.ParseNext()) != null) { // Check every open tag we encounter if (chunk.oType == HTMLchunkType.OpenTag) { // Check the attributes of this tag CheckTags(parms, chunk); } } parser.Close(); } if (!String.IsNullOrEmpty(alertbody)) { AddAlert(session); } } } }
public override void Check(Session session) { String[] bods = null; String body = null; alertbody = ""; findingnum = 0; if (WatcherEngine.Configuration.IsOriginDomain(session.hostname)) { if (session.responseCode == 200) { if (Utility.IsResponseHtml(session) || Utility.IsResponseJavascript(session)) { UtilityHtmlParser parser = new UtilityHtmlParser(); parser.Open(session); if (parser.Parser == null) { return; } HTMLchunk chunk; while ((chunk = parser.Parser.ParseNext()) != null) { if (chunk.oType == HTMLchunkType.Script) { CheckJavascriptEvalUsage(session, chunk.oHTML); } } parser.Close(); } if (Utility.IsResponseJavascript(session)) { body = Utility.GetResponseText(session); CheckJavascriptEvalUsage(session, body); } if (!String.IsNullOrEmpty(alertbody)) { AddAlert(session); } } } }
public override void Check(Session session) { String[] bods = null; String body = null; alertbody = ""; findingnum = 0; if (WatcherEngine.Configuration.IsOriginDomain(session.hostname, session.hostname)) { if (session.responseCode == 200) { if (Utility.IsResponseHtml(session)) { UtilityHtmlParser parser = new UtilityHtmlParser(); parser.Open(session); parser.Parser.bAutoKeepScripts = true; if (parser.Parser == null) { return; } HTMLchunk chunk; while ((chunk = parser.Parser.ParseNext()) != null) { if (chunk.oType == HTMLchunkType.Script) { CheckJavascriptCrossDomainReferenceProperty(session, chunk.oHTML, "src"); CheckJavascriptCrossDomainReferenceProperty(session, chunk.oHTML, "href"); CheckJavascriptCrossDomainReferenceWindowOpen(session, chunk.oHTML); } } parser.Close(); //body = Utility.GetResponseText(session); //if (body != null) //{ // bods = Utility.GetHtmlTagBodies(body, "script"); // if (bods != null) // { // foreach (String b in bods) // { // CheckJavascriptCrossDomainReferenceProperty(session, b, "src"); // CheckJavascriptCrossDomainReferenceProperty(session, b, "href"); // CheckJavascriptCrossDomainReferenceWindowOpen(session, b); // } // } //} } if (Utility.IsResponseJavascript(session)) { body = Utility.GetResponseText(session); if (body != null) { CheckJavascriptCrossDomainReferenceProperty(session, body, "src"); CheckJavascriptCrossDomainReferenceProperty(session, body, "href"); CheckJavascriptCrossDomainReferenceWindowOpen(session, body); } } if (!String.IsNullOrEmpty(alertbody)) { AddAlert(session); } } } }
public override void Check(Session session) { String pat = null; String bod = null; String dom = null; alertbody = ""; findingnum = 0; // This is a check for cross-domain issues. So if Watcher is not configured with // an origin domain, treat the session response hostname as the origin. if (WatcherEngine.Configuration.IsOriginDomain(session.hostname, session.hostname)) { if (session.responseCode == 200) { if (Utility.IsResponseXml(session) || Utility.IsResponsePlain(session)) { pat = Path.GetFileName(session.PathAndQuery); if (pat != null && pat.ToLower() == "crossdomain.xml") { UtilityHtmlParser parser = new UtilityHtmlParser(); parser.Open(session); parser.Parser.bKeepRawHTML = true; HTMLchunk chunk; while ((chunk = parser.Parser.ParseNext()) != null) { // Check if this is a Flash cross-domain-policy //if (chunk.oType == HTMLchunkType.OpenTag && chunk.sTag == "cross-domain-policy") //{ //} if (chunk.oType == HTMLchunkType.OpenTag && chunk.sTag == "allow-access-from") { try { dom = chunk.oParams["domain"].ToString(); } catch (ArgumentOutOfRangeException) { continue; } if (!WatcherEngine.Configuration.IsOriginDomain(dom, session.hostname) && !WatcherEngine.Configuration.IsTrustedDomain(dom)) { AssembleAlert(dom, chunk.oHTML); } } if (chunk.oType == HTMLchunkType.OpenTag && chunk.sTag == "allow-http-request-headers-from") { try { dom = chunk.oParams["domain"].ToString(); } catch (ArgumentOutOfRangeException) { continue; } if (!WatcherEngine.Configuration.IsOriginDomain(dom, session.hostname) && !WatcherEngine.Configuration.IsTrustedDomain(dom)) { AssembleAlert(dom, chunk.oHTML); } } } parser.Close(); if (!String.IsNullOrEmpty(alertbody)) { AddAlert(session); } } } } } }
public override void Check(Session session) { String body = null; String comment = null; String script = null; alertbody = ""; findingnum = 0; if (WatcherEngine.Configuration.IsOriginDomain(session.hostname)) { if (session.responseCode == 200) { if (Utility.IsResponseHtml(session) && session.responseBodyBytes.Length > 0) { UtilityHtmlParser parser = new UtilityHtmlParser(); parser.Open(session); HTMLchunk chunk; while ((chunk = parser.Parser.ParseNext()) != null) { if (chunk.oType == HTMLchunkType.Comment) { // TODO: Must call Finalise() first! comment = chunk.oHTML; if (comment != null) { CheckComment(session, comment); } } if (chunk.oType == HTMLchunkType.Script) { script = chunk.oHTML.Trim(); if (script != null) { foreach (Match comments in Utility.GetJavascriptMultiLineComment(script)) { comment = comments.ToString(); CheckComment(session, comment); } foreach (Match comments in Utility.GetJavascriptSingleLineComment(script)) { comment = comments.ToString(); CheckComment(session, comment); } } } } parser.Close(); } if (Utility.IsResponseJavascript(session)) { body = Utility.GetResponseText(session); // Look at application/javascript responses if (Utility.IsResponseJavascript(session)) { foreach (Match comments in Utility.GetJavascriptMultiLineComment(body)) { comment = comments.ToString(); if (comment != null) { CheckComment(session, comment); } } foreach (Match comments in Utility.GetJavascriptSingleLineComment(body)) { comment = comments.ToString(); if (comment != null) { CheckComment(session, comment); } } } } if (!String.IsNullOrEmpty(alertbody)) { AddAlert(session); } } } }
public override void Check(Session session) { String bod = null; String src = null; String dom = null; String rel = null; String[] bods = null; alertbody = ""; findingnum = 0; if (WatcherEngine.Configuration.IsOriginDomain(session.hostname, session.hostname)) { if (session.responseCode == 200 && session.responseBodyBytes.Length > 0) { if (Utility.IsResponseHtml(session)) { UtilityHtmlParser parser = new UtilityHtmlParser(); parser.Open(session); parser.Parser.bKeepRawHTML = true; HTMLchunk chunk; while ((chunk = parser.Parser.ParseNext()) != null) { if (chunk.oType == HTMLchunkType.OpenTag && chunk.sTag == "style") { // Get the stuff between style tags chunk = parser.Parser.ParseNext(); CheckCssImport(session, chunk.oHTML); } if (chunk.oType == HTMLchunkType.OpenTag && chunk.sTag == "link" && chunk.oParams.ContainsKey("rel")) { rel = chunk.oParams["rel"].ToString().ToLower(); if (rel == "stylesheet" && chunk.oParams.ContainsKey("href")) { src = chunk.oParams["href"].ToString(); if (!String.IsNullOrEmpty(src)) { dom = Utility.GetUriDomainName(src); if (dom != null) { if (!WatcherEngine.Configuration.IsOriginDomain(dom, session.hostname) && !WatcherEngine.Configuration.IsTrustedDomain(dom)) { AssembleAlert(dom, chunk.oHTML); } } } } } } // close the parser parser.Close(); } if (Utility.IsResponseCss(session)) { bod = Utility.GetResponseText(session); if (bod != null) { CheckCssImport(session, bod); } } if (!String.IsNullOrEmpty(alertbody)) { AddAlert(session); } } } }
//public override void Check(WatcherEngine watcher, Session session, UtilityHtmlParser htmlparser) public override void Check(Session session) { String body = null; String hteq = null; String cont = null; String enc = null; String header = null; alertbody = String.Empty; findingnum = 0; if (WatcherEngine.Configuration.IsOriginDomain(session.hostname)) { if (session.responseCode == 200) { if (Utility.UrlNotInList(session.fullUrl, urls)) { // We only care about HTML and XML content, see: // http://www.w3.org/International/O-charset // if (Utility.IsResponseHtml(session)) { header = session.oResponse.headers.GetTokenValue("Content-Type", "charset"); // skip cases where the HTTP Header is null or empty, these are covered by another check. if (session.responseBodyBytes.Length > 0 && !String.IsNullOrEmpty(header)) { UtilityHtmlParser parser = new UtilityHtmlParser(); parser.Open(session); HTMLchunk chunk; while ((chunk = parser.Parser.ParseNext()) != null) { if (chunk.oType == HTMLchunkType.OpenTag && chunk.sTag == "meta") { if (chunk.oParams.ContainsKey("http-equiv") && chunk.oParams.ContainsKey("content")) { hteq = chunk.oParams["http-equiv"].ToString(); if (hteq.ToString().Equals("content-type", StringComparison.InvariantCultureIgnoreCase)) { cont = chunk.oParams["content"].ToString(); if (!String.IsNullOrEmpty(cont)) { CheckContentTypeCharset(cont, "html", header); } } } } } parser.Close(); } } else if (Utility.IsResponseXml(session)) { header = session.oResponse.headers.GetTokenValue("Content-Type", "charset"); // skip cases where the HTTP Header is null or empty, these are covered by another check. if (session.responseBodyBytes.Length > 0 && !String.IsNullOrEmpty(header)) { UtilityHtmlParser parser = new UtilityHtmlParser(); parser.Open(session); HTMLchunk chunk; while ((chunk = parser.Parser.ParseNext()) != null) { if (chunk.oType == HTMLchunkType.OpenTag && chunk.sTag == "?xml") { if (chunk.oParams.ContainsKey("encoding")) { enc = chunk.oParams["encoding"].ToString(); if (!String.IsNullOrEmpty(enc)) { CheckContentTypeCharset(enc, "xml", header); } } } } parser.Close(); } } if (!String.IsNullOrEmpty(alertbody)) { AddAlert(session); } } } } }