private void RefreshSessListLL_LinkClicked(object sender, LinkLabelLinkClickedEventArgs e)
{
LoginRecordingComboBox.Items.Clear();
LoginRecordingComboBox.Items.AddRange(Recording.Recording.GetNames().ToArray());
ScanBranchSessionPluginsCombo.Items.Clear();
ScanBranchSessionPluginsCombo.Items.AddRange(SessionPlugin.List().ToArray());
}
private void ScanSelectedWizard_Load(object sender, EventArgs e)
{
foreach (string Name in ActivePlugin.List())
{
ScanPluginsGrid.Rows.Add(new object[] { true, Name });
}
foreach (string Name in FormatPlugin.List())
{
FormatGrid.Rows.Add(new object[] { true, Name });
}
ScanBranchSessionPluginsCombo.Items.AddRange(SessionPlugin.List().ToArray());
if (InjectQueryCB.Checked)
{
QueryParametersFilterCB.Enabled = true;
}
if (InjectBodyCB.Checked)
{
BodyParametersFilterCB.Enabled = true;
}
if (InjectCookieCB.Checked)
{
CookieParametersFilterCB.Enabled = true;
}
if (InjectHeadersCB.Checked)
{
HeadersParametersFilterCB.Enabled = true;
}
}
string CheckStep3Input()
{
if (ScanBranchSessionPluginsCombo.Text.Trim().Length > 0 && !SessionPlugin.List().Contains(ScanBranchSessionPluginsCombo.Text))
{
return("Session Plugin value is invalid, either enter a valid Plugin name or leave this value blank");
}
return("");
}
public static void Add(SessionPlugin SP)
{
if ((SP.Name.Length > 0) && !(SP.Name.Equals("All") || SP.Name.Equals("None")))
{
if (!List().Contains(SP.Name))
{
SP.FileName = PluginStore.FileName;
Collection.Add(SP);
}
}
}
public static void Add(SessionPlugin SP)
{
if ((SP.Name.Length > 0) && !(SP.Name.Equals("All") || SP.Name.Equals("None")))
{
if (!List().Contains(SP.Name))
{
SP.FileName = PluginEngine.FileName;
Collection.Add(SP);
}
}
}
string CheckStep3Input()
{
if (LoginRecordingComboBox.Text.Trim().Length > 0 && !Recording.Recording.GetNames().Contains(LoginRecordingComboBox.Text))
{
return("Recording with given name does not exist, either enter a valid recording name or leave this value blank");
}
if (ScanBranchSessionPluginsCombo.Text.Trim().Length > 0 && !SessionPlugin.List().Contains(ScanBranchSessionPluginsCombo.Text))
{
return("Session Plugin with given name does not exist, either enter a valid Plugin name or leave this value blank");
}
return("");
}
Scanner SetSessionPlugin(Scanner Scan)
{
if (SelectedSessionPlugin.Length > 0)
{
Scan.SessionHandler = SessionPlugin.Get(SelectedSessionPlugin);
}
else
{
Scan.SessionHandler = new SessionPlugin();
}
return(Scan);
}
public static SessionPlugin Get(string Name)
{
foreach (SessionPlugin SP in Collection)
{
if (SP.Name.Equals(Name))
{
SessionPlugin NewInstance = SP.GetInstance();
NewInstance.FileName = SP.FileName;
return(NewInstance);
}
}
return(null);
}
internal static void ReloadPlugin(PluginType Type, string Name, string PluginFileName)
{
string FileName = "";
switch (Type)
{
case PluginType.Passive:
FileName = Config.RootDir + "\\plugins\\passive\\" + PluginFileName;
lock (PassivePlugin.Collection)
{
PassivePlugin.Remove(Name);
LoadPlugin(FileName);
}
break;
case PluginType.Active:
FileName = Config.RootDir + "\\plugins\\active\\" + PluginFileName;
lock (ActivePlugin.Collection)
{
ActivePlugin.Remove(Name);
LoadPlugin(FileName);
}
break;
case PluginType.Format:
FileName = Config.RootDir + "\\plugins\\format\\" + PluginFileName;
lock (FormatPlugin.Collection)
{
FormatPlugin.Remove(Name);
LoadPlugin(FileName);
IronUI.UpdateAllFormatPluginRows();
}
break;
case PluginType.Session:
FileName = Config.RootDir + "\\plugins\\session\\" + PluginFileName;
lock (SessionPlugin.Collection)
{
SessionPlugin.Remove(Name);
LoadPlugin(FileName);
}
break;
}
IronUI.UpdateAllFormatPluginRows();
IronUI.UpdateAllActivePluginRows();
IronUI.BuildPluginTree();
}
internal static void LoadNewSessionPlugins(ScriptEngine Engine)
{
string SessionPluginPath = Path.Combine(Config.RootDir, "plugins\\session");
string[] SessionPluginFiles = Directory.GetFiles(SessionPluginPath);
List <string> OldPluginFiles = new List <string>();
List <string> NewPluginFiles = new List <string>();
foreach (string Name in SessionPlugin.List())
{
OldPluginFiles.Add((Config.RootDir + "\\plugins\\session\\" + SessionPlugin.Get(Name).FileName).Replace("/", "\\"));
}
foreach (string PluginFile in SessionPluginFiles)
{
if (!OldPluginFiles.Contains(PluginFile))
{
NewPluginFiles.Add(PluginFile);
}
}
LoadSessionPlugins(Engine, NewPluginFiles);
}
private void ConfigureScanStartScanBtn_Click(object sender, EventArgs e)
{
ScanManager.Stop(true);
ScanManager.PrimaryHost = ConfigureScanHostNameTB.Text;
ScanManager.BaseUrl = ConfigureScanBaseUrlTB.Text;
ScanManager.StartingUrl = ConfigureScanStartingUrlTB.Text;
ScanManager.Mode = ScanMode.UserConfigured;
ScanManager.PerformDirAndFileGuessing = ConfigureScanDirAndFileGuessingCB.Checked;
ScanManager.HTTP = ConfigureScanHTTPCB.Checked;
ScanManager.HTTPS = ConfigureScanHTTPSCB.Checked;
ScanManager.HostsToInclude = new List <string>(ConfigureScanHostsToIncludeTB.Text.Split(new string[] { "\r\n" }, StringSplitOptions.RemoveEmptyEntries));
ScanManager.UrlsToAvoid = new List <string>(ConfigureScanUrlToAvoidTB.Text.Split(new string[] { "\r\n" }, StringSplitOptions.RemoveEmptyEntries));
ScanManager.IncludeSubDomains = ConfigureScanIncludeSubDomainsCB.Checked;
ScanManager.CrawlAndScan = ConfigureScanCrawlAndScanRB.Checked;
if (IronUI.CSF.ConfigureScanSessionPluginsCombo.Text.Length > 0)
{
if (SessionPlugin.List().Contains(IronUI.CSF.ConfigureScanSessionPluginsCombo.Text))
{
ScanManager.SessionHandler = SessionPlugin.Get(IronUI.CSF.ConfigureScanSessionPluginsCombo.Text);
}
else
{
IronUI.ShowConfiguredScanMessage("Non-existent Session Plugin Selected", true);
return;
}
}
string Message = CheckInput();
if (Message.Length > 0)
{
IronUI.ShowConfiguredScanMessage(Message, true);
return;
}
ScanManager.StartScan();
IronUI.CSF.Close();
IronUI.UpdateConsoleControlsStatus(true);
}
static void GetNewPlugins()
{
string[] PluginManifestLines = PluginManifestFile.Split(new string[] { "\r\n" }, StringSplitOptions.RemoveEmptyEntries);
foreach (string Line in PluginManifestLines)
{
string[] LineParts = Line.Split(new char[] { '|' }, 6);
if (LineParts.Length != 6)
{
throw new Exception("Invalid 'Plugin Manifest File' recieved from server");
}
PluginManifestInfo.Add(LineParts);
}
List <string[]> CurrentPluginInfo = new List <string[]>();
foreach (string Name in ActivePlugin.List())
{
ActivePlugin AP = ActivePlugin.Get(Name);
string[] CurrentInfo = new string[] { "active", AP.Version, AP.FileName.Substring(AP.FileName.LastIndexOf('\\') + 1) };
CurrentPluginInfo.Add(CurrentInfo);
}
foreach (string Name in PassivePlugin.List())
{
PassivePlugin PP = PassivePlugin.Get(Name);
string[] CurrentInfo = new string[] { "passive", PP.Version, PP.FileName.Substring(PP.FileName.LastIndexOf('\\') + 1) };
CurrentPluginInfo.Add(CurrentInfo);
}
foreach (string Name in FormatPlugin.List())
{
FormatPlugin FP = FormatPlugin.Get(Name);
string[] CurrentInfo = new string[] { "format", FP.Version, FP.FileName.Substring(FP.FileName.LastIndexOf('\\') + 1) };
CurrentPluginInfo.Add(CurrentInfo);
}
foreach (string Name in SessionPlugin.List())
{
SessionPlugin SP = SessionPlugin.Get(Name);
string[] CurrentInfo = new string[] { "session", SP.Version, SP.FileName.Substring(SP.FileName.LastIndexOf('\\') + 1) };
CurrentPluginInfo.Add(CurrentInfo);
}
foreach (string[] PluginManifestInfoLine in PluginManifestInfo)
{
if (PluginManifestInfoLine[0].StartsWith("+") || PluginManifestInfoLine[0].StartsWith("*"))
{
bool MatchFound = false;
foreach (string[] CurrentPluginLineInfo in CurrentPluginInfo)
{
if (PluginManifestInfoLine[1].Equals(CurrentPluginLineInfo[0]) && PluginManifestInfoLine[3].Equals(CurrentPluginLineInfo[2]))
{
MatchFound = true;
if (!PluginManifestInfoLine[2].Equals(CurrentPluginLineInfo[1]))
{
DownloadPlugin(PluginManifestInfoLine[1], PluginManifestInfoLine[3], PluginManifestInfoLine[4]);
}
break;
}
else if (PluginManifestInfoLine[0].Contains("_"))
{
string[] SupportDetailParts = PluginManifestInfoLine[0].Split(new char[] { '_' }, 2);
if (PluginManifestInfoLine[1].Equals(CurrentPluginLineInfo[0]) && SupportDetailParts[1].Equals(CurrentPluginLineInfo[2]))
{
MatchFound = true;
if (!PluginManifestInfoLine[2].Equals(CurrentPluginLineInfo[1]))
{
DownloadPlugin(PluginManifestInfoLine[1], PluginManifestInfoLine[3], PluginManifestInfoLine[4]);
}
break;
}
}
}
if (!MatchFound)
{
DownloadPlugin(PluginManifestInfoLine[1], PluginManifestInfoLine[3], PluginManifestInfoLine[4]);
}
}
}
}
void PrepareScanner()
{
this.OriginalRequest.SessionHandler = this.SessionHandler;
//this.OriginalResponse = this.OriginalRequest.Send();//this is just a temp value since calling inject from GetBaseLine would require a response object
this.OriginalResponse = null;
//this.TestResponse = this.OriginalResponse;
this.TestResponse = null;
this.CurrentRequest = this.OriginalRequest;
this.OriginalResponse = SessionHandler.GetBaseLine(this, null);
this.CurrentRequest = this.OriginalRequest;
this.TestResponse = this.OriginalResponse;
}
internal void UpdateScanBranchConfigFromUI()
{
ScanBranch.HostName = this.BaseRequest.Host;
ScanBranch.UrlPattern = this.ScanBranchUrlPatternTB.Text;
if (this.BaseRequest != null)
{
ScanBranch.HTTP = !this.BaseRequest.SSL;
ScanBranch.HTTPS = this.BaseRequest.SSL;
}
ScanBranch.PromptUser = PromptUserCB.Checked;
ScanBranch.ScanUrl = this.InjectUrlPathPartsCB.Checked;
ScanBranch.ScanQuery = this.InjectQueryCB.Checked;
ScanBranch.ScanBody = this.InjectBodyCB.Checked;
ScanBranch.ScanCookie = this.InjectCookieCB.Checked;
ScanBranch.ScanHeaders = this.InjectHeadersCB.Checked;
ScanBranch.PickFromProxyLog = this.ScanBranchPickProxyLogCB.Checked;
ScanBranch.PickFromProbeLog = this.ScanBranchPickProbeLogCB.Checked;
ScanBranch.ProxyLogIDs.Clear();
ScanBranch.ProbeLogIDs.Clear();
ScanBranch.SessionPlugin = "";
if (this.ScanBranchSessionPluginsCombo.SelectedItem != null)
{
string PluginName = this.ScanBranchSessionPluginsCombo.SelectedItem.ToString();
if (PluginName.Length > 0)
{
if (SessionPlugin.List().Contains(PluginName))
{
ScanBranch.SessionPlugin = PluginName;
if (ScanThreadLimitCB.Checked)
{
Scanner.MaxParallelScanCount = 1;
IronUI.UpdateScannerSettingsInUIFromConfig();
IronDB.StoreScannerSettings();
}
}
}
}
if (this.LoginRecordingComboBox.SelectedItem != null)
{
string RecName = this.LoginRecordingComboBox.SelectedItem.ToString();
if (RecName.Length > 0)
{
if (Recording.Recording.GetNames().Contains(RecName))
{
ScanBranch.LoginRecording = RecName;
if (ScanThreadLimitCB.Checked)
{
Scanner.MaxParallelScanCount = 1;
IronUI.UpdateScannerSettingsInUIFromConfig();
IronDB.StoreScannerSettings();
}
}
}
}
ScanBranch.FormatPlugins.Clear();
foreach (DataGridViewRow Row in this.FormatGrid.Rows)
{
if ((bool)Row.Cells[0].Value)
{
ScanBranch.FormatPlugins.Add(Row.Cells[1].Value.ToString());
}
}
ScanBranch.ActivePlugins.Clear();
foreach (DataGridViewRow Row in this.ScanPluginsGrid.Rows)
{
if ((bool)Row.Cells[0].Value)
{
ScanBranch.ActivePlugins.Add(Row.Cells[1].Value.ToString());
}
}
ScanBranch.QueryWhiteList.Clear();
ScanBranch.QueryBlackList.Clear();
ScanBranch.BodyWhiteList.Clear();
ScanBranch.BodyBlackList.Clear();
ScanBranch.CookieWhiteList.Clear();
ScanBranch.CookieBlackList.Clear();
ScanBranch.HeaderWhiteList.Clear();
ScanBranch.HeaderBlackList.Clear();
if (QueryParametersFilterCB.Checked)
{
if (QueryParametersPlusRB.Checked)
{
foreach (string Name in QueryParametersPlusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
ScanBranch.QueryWhiteList.Add(Name.Trim());
}
}
else
{
foreach (string Name in QueryParametersMinusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
ScanBranch.QueryBlackList.Add(Name.Trim());
}
}
}
if (BodyParametersFilterCB.Checked)
{
if (BodyParametersPlusRB.Checked)
{
foreach (string Name in BodyParametersPlusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
ScanBranch.BodyWhiteList.Add(Name.Trim());
}
}
else
{
foreach (string Name in BodyParametersMinusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
ScanBranch.BodyBlackList.Add(Name.Trim());
}
}
}
if (CookieParametersFilterCB.Checked)
{
if (CookieParametersPlusRB.Checked)
{
foreach (string Name in CookieParametersPlusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
ScanBranch.CookieWhiteList.Add(Name.Trim());
}
}
else
{
foreach (string Name in CookieParametersMinusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
ScanBranch.CookieBlackList.Add(Name.Trim());
}
}
}
if (HeadersParametersFilterCB.Checked)
{
if (HeadersParametersPlusRB.Checked)
{
foreach (string Name in HeadersParametersPlusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
ScanBranch.HeaderWhiteList.Add(Name.Trim());
}
}
else
{
foreach (string Name in HeadersParametersMinusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
ScanBranch.HeaderBlackList.Add(Name.Trim());
}
}
}
}
public void Scan()
{
try
{
if (this.StartedFromASTab) AddActiveScanID(this.ScanID);
this.OriginalRequest.SessionHandler = this.SessionHandler;
this.OriginalResponse = this.OriginalRequest.Send();//this is just a temp value since calling inject from GetBaseLine would require a response object
this.TestResponse = this.OriginalResponse;
this.CurrentRequest = this.OriginalRequest;
this.OriginalResponse = SessionHandler.GetBaseLine(this, this.OriginalRequest);
this.CurrentRequest = this.OriginalRequest;
this.TestResponse = this.OriginalResponse;
foreach (ActivePlugin AP in this.Plugins.Values)
{
this.CurrentPlugin = AP.Name;
this.CurrentSection = "URL";
foreach (int URLPartPosition in this.URLInjections)
{
this.CurrentURLPartPosition = URLPartPosition;
this.CurrentParameterName = "";
this.CurrentSubParameterPosition = 0;
this.CurrentParameterValue = this.CurrentRequest.UrlPathParts[URLPartPosition];
this.CheckWithActivePlugin(AP);
}
this.CurrentSection = "Query";
foreach (string ParameterName in this.QueryInjections.GetAll())
{
this.CurrentParameterName = ParameterName;
foreach (int SubParameterPosition in this.QueryInjections.GetAll(ParameterName))
{
this.CurrentSubParameterPosition = SubParameterPosition;
this.CurrentParameterValue = this.CurrentRequest.Query.GetAll(ParameterName)[SubParameterPosition];
this.CheckWithActivePlugin(AP);
}
}
this.CurrentSection = "Body";
if (BodyFormat.Name.Length == 0)
{
foreach (string ParameterName in this.BodyInjections.GetAll())
{
this.CurrentParameterName = ParameterName;
foreach (int SubParameterPosition in this.BodyInjections.GetAll(ParameterName))
{
this.CurrentSubParameterPosition = SubParameterPosition;
this.CurrentParameterValue = this.CurrentRequest.Body.GetAll(ParameterName)[SubParameterPosition];
this.CheckWithActivePlugin(AP);
}
}
}
else
{
if (this.BodyXmlInjections.Count != XmlInjectionArray.GetLength(0) || !XmlInjectionSignature.Equals(Tools.MD5("Name:" + BodyFormat.Name + "|Body" + this.OriginalRequest.BodyString)))
{
string Xml = BodyFormat.ToXmlFromRequest(this.OriginalRequest);
XmlInjectionArray = FormatPlugin.XmlToArray(Xml);
XmlInjectionSignature = Tools.MD5("Name:" + BodyFormat.Name + "|Body" + this.OriginalRequest.BodyString);
}
foreach (int BodyXmlPosition in this.BodyXmlInjections)
{
this.CurrentBodyXmlPosition = BodyXmlPosition;
if (XmlInjectionArray.GetLength(0) > BodyXmlPosition)
{
this.CurrentParameterName = XmlInjectionArray[BodyXmlPosition, 0];
this.CurrentParameterValue = XmlInjectionArray[BodyXmlPosition, 1];
}
else
{
this.CurrentParameterName = "";
this.CurrentParameterValue = "";
}
this.CurrentSubParameterPosition = 0;
this.CheckWithActivePlugin(AP);
}
}
this.CurrentSection = "Cookie";
foreach (string ParameterName in this.CookieInjections.GetAll())
{
this.CurrentParameterName = ParameterName;
foreach (int SubParameterPosition in this.CookieInjections.GetAll(ParameterName))
{
this.CurrentSubParameterPosition = SubParameterPosition;
this.CurrentParameterValue = this.CurrentRequest.Cookie.GetAll(ParameterName)[SubParameterPosition];
this.CheckWithActivePlugin(AP);
}
}
this.CurrentSection = "Headers";
foreach (string ParameterName in this.HeadersInjections.GetAll())
{
this.CurrentParameterName = ParameterName;
foreach (int SubParameterPosition in this.HeadersInjections.GetAll(ParameterName))
{
this.CurrentSubParameterPosition = SubParameterPosition;
this.CurrentParameterValue = this.CurrentRequest.Headers.GetAll(ParameterName)[SubParameterPosition];
this.CheckWithActivePlugin(AP);
}
}
}
if (this.StartedFromASTab)
{
Interlocked.Decrement(ref Config.ActiveScansCount);
IronUI.UpdateScanQueueStatus(this.ScanID, "Completed");
IronDB.UpdateScanStatus(this.ScanID, "Completed");
try
{
lock (CompletedScanIDs)
{
CompletedScanIDs.Enqueue(this.ScanID);
}
}
catch { }
this.DequeueAndStartScan();
}
}
catch (ThreadAbortException ThExp)
{
HandleScannerException(false, ThExp);
}
catch (Exception Exp)
{
HandleScannerException(true, Exp);
}
}
static void GetNewPlugins(XmlNode ManifestNode)
{
string PluginType = ManifestNode.Name;
List <string[]> AllPluginInfo = new List <string[]>();
switch (PluginType)
{
case ("active"):
foreach (string Name in ActivePlugin.List())
{
ActivePlugin P = ActivePlugin.Get(Name);
AllPluginInfo.Add(new string[] { P.FileName, P.Version });
}
break;
case ("passive"):
foreach (string Name in PassivePlugin.List())
{
PassivePlugin P = PassivePlugin.Get(Name);
AllPluginInfo.Add(new string[] { P.FileName, P.Version });
}
break;
case ("format"):
foreach (string Name in FormatPlugin.List())
{
FormatPlugin P = FormatPlugin.Get(Name);
AllPluginInfo.Add(new string[] { P.FileName, P.Version });
}
break;
case ("session"):
foreach (string Name in SessionPlugin.List())
{
SessionPlugin P = SessionPlugin.Get(Name);
AllPluginInfo.Add(new string[] { P.FileName, P.Version });
}
break;
}
StringBuilder SB = new StringBuilder();
XmlWriter XW = XmlWriter.Create(SB);
XW.WriteStartDocument();
XW.WriteStartElement("manifest");
foreach (XmlNode FileNode in ManifestNode.ChildNodes)
{
string Version = "";
string Action = "";
string FileName = "";
string DownloadFileName = "";
string Comment = "";
List <string[]> SupportFiles = new List <string[]>();
foreach (XmlNode PropertyNode in FileNode.ChildNodes)
{
switch (PropertyNode.Name)
{
case ("version"):
Version = PropertyNode.InnerText;
break;
case ("action"):
Action = PropertyNode.InnerText;
break;
case ("filename"):
FileName = PropertyNode.InnerText;
break;
case ("downloadname"):
DownloadFileName = PropertyNode.InnerText;
break;
case ("comment"):
Comment = PropertyNode.InnerText;
break;
case ("support_file"):
string SupportFileName = "";
string SupportFileDownloadName = "";
foreach (XmlNode SupportFileNode in PropertyNode.ChildNodes)
{
switch (SupportFileNode.Name)
{
case ("filename"):
SupportFileName = SupportFileNode.InnerText;
break;
case ("downloadname"):
SupportFileDownloadName = SupportFileNode.InnerText;
break;
}
}
SupportFiles.Add(new string[] { SupportFileName, SupportFileDownloadName });
break;
}
}
if (Action.Equals("add") || Action.Equals("update"))
{
bool MatchFound = false;
string[] MatchedPluginInfo = new string[2];
foreach (string[] PluginInfo in AllPluginInfo)
{
if (PluginInfo[0].Equals(FileName))
{
MatchFound = true;
MatchedPluginInfo = PluginInfo;
break;
}
}
if ((MatchFound && !MatchedPluginInfo[1].Equals(Version)) || !MatchFound)
{
DownloadPlugin(PluginType, FileName, DownloadFileName);
XW.WriteStartElement("file");
XW.WriteStartElement("action"); XW.WriteValue(Action); XW.WriteEndElement();
XW.WriteStartElement("filename"); XW.WriteValue(FileName); XW.WriteEndElement();
XW.WriteStartElement("comment"); XW.WriteValue(Comment); XW.WriteEndElement();
XW.WriteEndElement();
foreach (string[] SupportFile in SupportFiles)
{
DownloadPlugin(PluginType, SupportFile[0], SupportFile[1]);
XW.WriteStartElement("file");
XW.WriteStartElement("action"); XW.WriteValue(Action); XW.WriteEndElement();
XW.WriteStartElement("filename"); XW.WriteValue(SupportFile[0]); XW.WriteEndElement();
XW.WriteStartElement("comment"); XW.WriteValue(Comment); XW.WriteEndElement();
XW.WriteEndElement();
}
}
}
}
XW.WriteEndElement();
XW.WriteEndDocument();
XW.Close();
StreamWriter SW = File.CreateText(Config.Path + "\\updates\\" + PluginType + "_plugin_manifest.xml");
SW.Write(SB.ToString());
SW.Close();
}
bool ReadTestSettings()
{
if (this.TestType.Equals(PassivePluginTest))
{
this.PassivePluginsToRun.Clear();
foreach (DataGridViewRow Row in PassiveScanPluginsGrid.Rows)
{
if ((bool)Row.Cells[0].Value) PassivePluginsToRun.Add(Row.Cells[1].Value.ToString());
}
if (this.PassivePluginsToRun.Count == 0)
{
ShowStep1Error("No plugins selected, select atleast one plugin");
return false;
}
else
{
return true;
}
}
else
{
ParameterSection = ParameterTypeCombo.Text;
ParameterName = ParameterNameTB.Text.Trim();
ParameterValue = ParameterValueTB.Text.Trim();
if (ParameterTypeCombo.SelectedIndex < 0)
{
ShowStep1Error("Parameter Section is not selected");
return false;
}
if (ParameterName.Length == 0)
{
ShowStep1Error("Parameter name cannot be blank");
return false;
}
if (ParameterTypeCombo.SelectedIndex == 0)
{
try
{
Int32.Parse(ParameterName);
}
catch
{
ShowStep1Error("Parameter Index must be a number");
return false;
}
}
if (SessionPluginsCombo.Text.Trim().Length > 0)
{
if (SessionPlugin.List().Contains(SessionPluginsCombo.Text))
{
SessionHandler = SessionPlugin.Get(SessionPluginsCombo.Text);
}
else
{
ShowStep1Error("Session Plugin name is invalid. Either select an existing plugin from drop-down or leave this field blank.");
return false;
}
}
}
return true;
}
private void RefreshSessListLL_LinkClicked(object sender, LinkLabelLinkClickedEventArgs e)
{
ScanBranchSessionPluginsCombo.Items.Clear();
ScanBranchSessionPluginsCombo.Items.AddRange(SessionPlugin.List().ToArray());
}
internal void UpdateScanBranchConfigFromUI()
{
this.ScanUrl = this.InjectUrlPathPartsCB.Checked;
this.ScanQuery = this.InjectQueryCB.Checked;
this.ScanBody = this.InjectBodyCB.Checked;
this.ScanCookie = this.InjectCookieCB.Checked;
this.ScanHeaders = this.InjectHeadersCB.Checked;
this.SelectedSessionPlugin = "";
if (this.ScanBranchSessionPluginsCombo.SelectedItem != null)
{
string PluginName = this.ScanBranchSessionPluginsCombo.SelectedItem.ToString();
if (PluginName.Length > 0)
{
if (SessionPlugin.List().Contains(PluginName))
{
this.SelectedSessionPlugin = PluginName;
if (ScanThreadLimitCB.Checked)
{
Scanner.MaxParallelScanCount = 1;
IronUI.UpdateScannerSettingsInUIFromConfig();
IronDB.StoreScannerSettings();
}
}
}
}
this.FormatPlugins.Clear();
foreach (DataGridViewRow Row in this.FormatGrid.Rows)
{
if ((bool)Row.Cells[0].Value)
{
this.FormatPlugins.Add(Row.Cells[1].Value.ToString());
}
}
this.ActivePlugins.Clear();
foreach (DataGridViewRow Row in this.ScanPluginsGrid.Rows)
{
if ((bool)Row.Cells[0].Value)
{
this.ActivePlugins.Add(Row.Cells[1].Value.ToString());
}
}
this.QueryWhiteList.Clear();
this.QueryBlackList.Clear();
this.BodyWhiteList.Clear();
this.BodyBlackList.Clear();
this.CookieWhiteList.Clear();
this.CookieBlackList.Clear();
this.HeaderWhiteList.Clear();
this.HeaderBlackList.Clear();
if (QueryParametersFilterCB.Checked)
{
if (QueryParametersPlusRB.Checked)
{
foreach (string Name in QueryParametersPlusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
this.QueryWhiteList.Add(Name.Trim());
}
}
else
{
foreach (string Name in QueryParametersMinusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
this.QueryBlackList.Add(Name.Trim());
}
}
}
if (BodyParametersFilterCB.Checked)
{
if (BodyParametersPlusRB.Checked)
{
foreach (string Name in BodyParametersPlusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
this.BodyWhiteList.Add(Name.Trim());
}
}
else
{
foreach (string Name in BodyParametersMinusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
this.BodyBlackList.Add(Name.Trim());
}
}
}
if (CookieParametersFilterCB.Checked)
{
if (CookieParametersPlusRB.Checked)
{
foreach (string Name in CookieParametersPlusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
this.CookieWhiteList.Add(Name.Trim());
}
}
else
{
foreach (string Name in CookieParametersMinusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
this.CookieBlackList.Add(Name.Trim());
}
}
}
if (HeadersParametersFilterCB.Checked)
{
if (HeadersParametersPlusRB.Checked)
{
foreach (string Name in HeadersParametersPlusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
this.HeaderWhiteList.Add(Name.Trim());
}
}
else
{
foreach (string Name in HeadersParametersMinusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
this.HeaderBlackList.Add(Name.Trim());
}
}
}
}