/// <summary>Generates a new SqlErrorAttackVector</summary> /// <param name="URL">The target URL for the injection.</param> /// <param name="VectorName">The name of the parameter to be injected against.</param> /// <param name="VectorBuffer">The default value of the parameter to be injected against.</param> /// <param name="AdditionalParams">Any additional parameters for the request unreleated to the actual injection.</param> /// <param name="Method">The HTTP connection method. This may be "GET" or "POST".</param> /// <param name="PluginUsed">The plugin to use in this injection.</param> /// <param name="Options">Any options for this injection.</param> public SqlErrorAttackVector(string URL, string VectorName, string VectorBuffer, NameValueCollection AdditionalParams, string Method, IErrorPlugin PluginUsed, ErrorInjectionOptions Options) { _TargetURL = URL; _Options = Options; _Plugin = PluginUsed; _Proxies = Options.WebProxies; _ConnectViaPost = String.Equals(Method.ToUpper(), "POST"); _VectorName = VectorName; _VectorBuffer = VectorBuffer; _AttackParams = AdditionalParams; ParsePage.UserStatus += new UserEvents.UserStatusEventHandler(BubbleUserStatus); }
/// <summary>Generates a new SqlErrorAttackVector</summary> /// <param name="URL">The target URL for the injection.</param> /// <param name="VectorName">The name of the parameter to be injected against.</param> /// <param name="VectorBuffer">The default value of the parameter to be injected against.</param> /// <param name="AdditionalParams">Any additional parameters for the request unreleated to the actual injection.</param> /// <param name="Method">The HTTP connection method. This may be "GET" or "POST".</param> /// <param name="PluginUsed">The plugin to use in this injection.</param> /// <param name="Options">Any options for this injection.</param> public SqlErrorAttackVector(string URL, string VectorName, string VectorBuffer, NameValueCollection AdditionalParams, string Method, IErrorPlugin PluginUsed, ErrorInjectionOptions Options) { _TargetURL = URL; _Options = Options; _Plugin = PluginUsed; _Proxies = Options.WebProxies; _ConnectViaPost = String.Equals(Method.ToUpper(), "POST"); _VectorName = VectorName; _VectorBuffer = VectorBuffer; _AttackParams = AdditionalParams; ParsePage.UserStatus += new UserEvents.UserStatusEventHandler(BubbleUserStatus); }
/// <summary> /// Converts the Attack Vector from the native type to XML /// </summary> /// <param name="xInput">The XML node to start deserialization</param> /// <param name="AnonProxies">Any anonymous proxies being used</param> public void DeserializeAttackVector(ref XmlNode xInput, Queue AnonProxies) { string FullUrl; if (!_UseSSL) { FullUrl = "http://" + _TargetURL; } else { FullUrl = "https://" + _TargetURL; } XmlNode n = xInput.SelectSingleNode("attackvector"); if (n == null) { return; } InjectionOptions opts; if (_IsBlind) { opts = new BlindInjectionOptions(); ((BlindInjectionOptions)opts).Delimiter = _FilterDelimiter; ((BlindInjectionOptions)opts).Tolerance = _Tolerance; ((BlindInjectionOptions)opts).Throttle = _ThrottleValue; } else { opts = new ErrorInjectionOptions(); } opts.TerminateQuery = _TerminateQuery; opts.WebProxies = AnonProxies; AttackVectorFactory avf = new AttackVectorFactory(FullUrl, "", "", _ParamList, _ConnectionMethod, opts); _TargetAttackVector = avf.BuildFromXml(n, opts, _Plugins.GetPluginByName(_LoadedPluginName)); _TargetAttackVector.UserStatus += new UserEvents.UserStatusEventHandler(BubbleUserStatus); }
private void InitializeAttackVectors() { string URL; URL = ctlConnection1.UseSsl == true ? "https://" : "http://"; URL += ctlConnection1.TargetUrl; string Method = ctlConnection1.ConnectMethod; if (Method.Equals("")) return; SafelyChangeCursor(Cursors.WaitCursor); // Generate StringDict string TargetName, TargetField; bool InjectAsString; TargetName = String.Empty; TargetField = String.Empty; NameValueCollection Others = new NameValueCollection(); NameValueCollection Cookies = new NameValueCollection(); Others = FormParameters.FormParameters(ref TargetName, ref TargetField, out InjectAsString); Cookies = FormParameters.Cookies; if (TargetName.Equals(String.Empty)) { UserStatus("No Injection Point Found"); SafelyChangeCursor(Cursors.Default); return; } UserStatus("Beginning Preliminary Scan"); try { SafelyChangeEnableOfControl(butInitializeInjection, false); AttackVectorFactory avf; InjectionOptions opts; if (optBlindInjection.Checked == true) { opts = new BlindInjectionOptions(); ((BlindInjectionOptions)opts).Tolerance = _AbsintheState.FilterTolerance; ((BlindInjectionOptions)opts).Delimiter = _AbsintheState.FilterDelimiter; } else { opts = new ErrorInjectionOptions(); ((ErrorInjectionOptions)opts).VerifyVersion = chkVerifyVersion.Checked; } opts.TerminateQuery = _AbsintheState.TerminateQuery; opts.Cookies = Cookies; opts.WebProxies = _AppSettings.ProxyQueue(); opts.InjectAsString = InjectAsString; opts.UserAgent = _AbsintheState.UserAgent; opts.AuthCredentials = ctlUserAuth1.NetworkCredential; opts.AppendedQuery = _AbsintheState.AppendedText; avf = new AttackVectorFactory(URL, TargetName, TargetField, Others, Method, opts); avf.UserStatus += new UserEvents.UserStatusEventHandler(UserStatus); int PluginNumber = Array.IndexOf(_PluginEntries, _AbsintheState.LoadedPluginName); IPlugin pt = null; if (optBlindInjection.Checked) { foreach (IPlugin bp in _AbsintheState.PluginList) { if (bp.GetType().GetInterface("IBlindPlugin") != null) { if (bp.PluginDisplayTargetName == _AbsintheState.LoadedPluginName) { pt = (IPlugin)bp; break; } } } _AbsintheState.TargetAttackVector = avf.BuildBlindSqlAttackVector(_AbsintheState.FilterTolerance, (IBlindPlugin)pt); UserStatus("Finished initial scan"); } else if (optErrorBasedInjection.Checked) { if (PluginNumber <= 0) { pt = AutoDetectPlugin(avf); } else { foreach (IPlugin ep in _AbsintheState.PluginList) { if (ep.PluginDisplayTargetName == _AbsintheState.LoadedPluginName) { pt = (IPlugin)ep; break; } } } if (pt != null) { try { _AbsintheState.TargetAttackVector = avf.BuildSqlErrorAttackVector((IErrorPlugin)pt); UserStatus("Finished initial scan"); } catch (UnsupportedSQLErrorVersionException sqlex) { ErrorReportingDelegate ts = new ErrorReportingDelegate(ThreadUnsafeDisplayErrorReportDialog); this.Invoke(ts, new object[] { sqlex.VersionErrorPageHtml, sqlex.HavingErrorPageHtml }); } } } } catch (Exception e) { System.Diagnostics.Debug.WriteLine(e.ToString()); UserStatus(e.Message); } finally { SafelyChangeEnableOfControl(butInitializeInjection, true); SafelyChangeCursor(Cursors.Default); } }
/// <summary> /// Converts the Attack Vector from the native type to XML /// </summary> /// <param name="xInput">The XML node to start deserialization</param> /// <param name="AnonProxies">Any anonymous proxies being used</param> public void DeserializeAttackVector(ref XmlNode xInput, Queue AnonProxies) { string FullUrl; if (!_UseSSL) FullUrl = "http://" + _TargetURL; else FullUrl = "https://" + _TargetURL; XmlNode n = xInput.SelectSingleNode("attackvector"); if (n == null) return; InjectionOptions opts; if (_IsBlind) { opts = new BlindInjectionOptions(); ((BlindInjectionOptions) opts).Delimiter = _FilterDelimiter; ((BlindInjectionOptions) opts).Tolerance = _Tolerance; ((BlindInjectionOptions) opts).Throttle = _ThrottleValue; } else opts = new ErrorInjectionOptions(); opts.TerminateQuery = _TerminateQuery; opts.WebProxies = AnonProxies; AttackVectorFactory avf = new AttackVectorFactory(FullUrl, "", "", _ParamList, _ConnectionMethod, opts); _TargetAttackVector = avf.BuildFromXml(n, opts, _Plugins.GetPluginByName(_LoadedPluginName)); _TargetAttackVector.UserStatus += new UserEvents.UserStatusEventHandler(BubbleUserStatus); }