Exemple #1
0
        /// <inheritdoc />
        public void RunDetectors(
            HttpWebResponseHolder httpWebResponseHolder,
            ITarget target,
            string plugin,
            TestCase testCase,
            string testParameter,
            string testedValue)
        {
            if (this.ActiveDetectors.Count == 0)
            {
                Logger.WriteWarning("No active detectors have been found.");
                return;
            }

            // if no response then exit
            if (httpWebResponseHolder?.ResponseUri == null)
            {
                return;
            }

            // iterate through all active detectors and run them
            foreach (Type activeDetector in this.ActiveDetectors)
            {
                var pluginBaseAbstract = Activator.CreateInstance(activeDetector) as PluginBaseAbstract;

                if (pluginBaseAbstract == null)
                {
                    throw new NullReferenceException("{0} can't be instantiated".FormatIc(activeDetector.Name));
                }

                // execute all detectors
                if (!pluginBaseAbstract.TestBaseType.Equals(TestBaseType.Detector))
                {
                    continue;
                }

                this.RunDetector(
                    pluginBaseAbstract,
                    target,
                    Target.Create(httpWebResponseHolder.ResponseUri.AbsoluteUri),
                    httpWebResponseHolder,
                    plugin,
                    testCase,
                    testParameter,
                    testedValue);
            }
        }
Exemple #2
0
        /// <summary>
        /// Executes the detector operation.
        /// </summary>
        /// <param name="detectorInstance">
        /// The detector instance.
        /// </param>
        /// <param name="requestTarget">
        /// The request target.
        /// </param>
        /// <param name="responseTarget">
        /// The response target.
        /// </param>
        /// <param name="webResponseHolder">
        /// The web response holder.
        /// </param>
        /// <param name="plugInName">
        /// Name of the plug in.
        /// </param>
        /// <param name="testCase">
        /// The test case.
        /// </param>
        /// <param name="testParameter">
        /// The tested parameter.
        /// </param>
        /// <param name="testValue">
        /// The tested value.
        /// </param>
        private void RunDetector(
            PluginBaseAbstract detectorInstance,
            ITarget requestTarget,
            ITarget responseTarget,
            HttpWebResponseHolder webResponseHolder,
            string plugInName,
            TestCase testCase,
            string testParameter,
            string testValue)
        {
            try
            {
                Logger.WriteDebug("Run detector: {0}", detectorInstance.GetType().Name);

                detectorInstance.Init(
                    this,
                    responseTarget);

                detectorInstance.InspectResponse(
                    requestTarget,
                    responseTarget,
                    webResponseHolder,
                    plugInName,
                    testCase,
                    testParameter,
                    testValue);

                foreach (var vuln in detectorInstance.Vulnerabilities)
                {
                    this.Vulnerabilities[Guid.NewGuid().ToString()] = vuln;
                }
            }
            catch (Exception ex)
            {
                // write to the tests and detectors log.
                Library.Logger.Logger.WriteError(ex);
            }
        }
Exemple #3
0
 /// <summary>
 /// The set response fiddler headers.
 /// </summary>
 /// <param name="response">
 /// The response.
 /// </param>
 /// <param name="headers">
 /// The headers.
 /// </param>
 public static void SetResponseFiddlerHeaders(
     this HttpWebResponseHolder response,
     HTTPResponseHeaders headers)
 {
     foreach (HTTPHeaderItem httpResponseHeader in headers)
     {
         try
         {
             // remove control char from header value
             httpResponseHeader.Value = Regex.Replace(
                 httpResponseHeader.Value.Trim(),
                 @"[\u0000-\u001F]",
                 string.Empty);
             response.Headers[httpResponseHeader.Name] = httpResponseHeader.Value;
         }
         catch (ArgumentException ex)
         {
             Library.Logger.Logger.WriteWarning(
                 ex,
                 "control char hasn't been removed , header value {0}",
                 httpResponseHeader.Value);
         }
     }
 }