private List <AuthenticationForm> LoadForms(string URL) { List <AuthenticationForm> Forms = new List <AuthenticationForm>(); CreateWebrequest webRequest = new CreateWebrequest(); string HTML = webRequest.StringGetWebPage(URL, string.Empty); if (HTML != string.Empty) { int LastFormIndexEnd = 0; while (true) { string NewHTML = HTML.Substring(LastFormIndexEnd); int FormIndex = NewHTML.ToLower().IndexOf("<form"); int FormIndexEnd = NewHTML.ToLower().IndexOf("</form>") + 7; int FormLength = FormIndexEnd - FormIndex; if (FormIndex == -1 || FormIndex >= FormIndexEnd) { break; } string HTMLForm = NewHTML.Substring(FormIndex, FormLength); string action = RegexText(" action\\=\\\"([^\"]*)\\\"", HTMLForm); string method = RegexText(" method\\=\\\"([^\"]*)\\\"", HTMLForm); AuthenticationForm authForm = new AuthenticationForm(); authForm.Action = GetURL(textBoxURL.Text, action); if (method.ToLower() == "get") { authForm.Method = AuthenticationForm.Methods.GET; } else { authForm.Method = AuthenticationForm.Methods.POST; } authForm.InputFields = LoadInputFields(HTMLForm); if (!authForm.Action.ToLower().Contains("javascript:")) { Forms.Add(authForm); } LastFormIndexEnd += FormIndexEnd; } } return(Forms); }
private void AttackPOST(string URL, string POST) { if (string.IsNullOrEmpty(POST)) { return; } for (int i = 0; i < AttackedUrls.Count; i++) { if (AttackedUrls[i].OriginalURL == URL && AttackedUrls[i].OriginalPOST == POST) { return; } } QueryModifier queryModifier = new QueryModifier(POST); if (queryModifier.ParameterCount == 0) { return; } do { string NewPOST = queryModifier.GetModifiedQuery(textBoxModifier.Text); DateTime Start = DateTime.Now; CreateWebrequest Request = new CreateWebrequest(); string HTML = Request.StringGetWebPage(URL, POST, new List <string>(), false); AttackedUrl attackedURL = new AttackedUrl(); attackedURL.HTML = HTML; attackedURL.OriginalPOST = POST; attackedURL.OriginalURL = URL; attackedURL.ModifiedPOST = NewPOST; AttackedUrls.Add(attackedURL); ClearAttackBrowser(); ListViewItem Item = new ListViewItem(); Item.Text = URL; Item.SubItems.Add(NewPOST); listViewResult.Items.Add(Item); }while (queryModifier.NextParameter()); }
private void AttackURL(string URL) { if (!URL.Contains("?")) { return; } for (int i = 0; i < AttackedUrls.Count; i++) { if (AttackedUrls[i].OriginalURL == URL && string.IsNullOrEmpty(AttackedUrls[i].OriginalPOST)) { return; } } string Query = URL.Substring(URL.IndexOf('?') + 1); string BeforeQuery = URL.Substring(0, URL.IndexOf('?') + 1); QueryModifier queryModifier = new QueryModifier(Query); if (queryModifier.ParameterCount != 0) { do { string NewURL = BeforeQuery + queryModifier.GetModifiedQuery(textBoxModifier.Text); DateTime Start = DateTime.Now; CreateWebrequest Request = new CreateWebrequest(); string HTML = Request.StringGetWebPage(NewURL, string.Empty, new List <string>(), false); AttackedUrl attackedURL = new AttackedUrl(); attackedURL.HTML = HTML; attackedURL.OriginalURL = URL; attackedURL.ModifiedURL = NewURL; AttackedUrls.Add(attackedURL); ClearAttackBrowser(); ListViewItem Item = new ListViewItem(); Item.Text = NewURL; Item.SubItems.Add(string.Empty); listViewResult.Items.Add(Item); }while (queryModifier.NextParameter()); } }
private void ThreadFunc() { var wh = new WaitHandle[] { _newRequestEvent, ManagerStopped }; while (_managerActive) { if (WaitHandle.WaitAny(wh) == 0) { Request req = GetRequest(); if (req != null) { var cwr = new CreateWebrequest { CustomCookieCollection = CustomCookieCollection }; req.HTML = cwr.StringGetWebPage(req.URL, req.POST); OnRequestFinish(req); } } } }
private void toolStripButtonSendRequest_Click(object sender, EventArgs e) { if (FieldsValid()) { bool mediatype = false; string URL = string.Empty; string Post = string.Empty; headers = new List <string>(); listViewResponseHeaders.Items.Clear(); richTextBoxSource.Text = ""; webBrowserSource.Navigate("about:blank"); URL = toolStripTextBoxURL.Text; if (toolStripComboBoxMethod.SelectedIndex == 1) { Post = richTextBoxPOST.Text; } if (listViewRequestHeaders.Items.Count > 0) { foreach (ListViewItem item in listViewRequestHeaders.Items) { if (item.SubItems.Count > 1) { headers.Add(item.Text + ":" + item.SubItems[1].Text); } } } if (toolStripComboBoxProtocol.SelectedIndex == 0) { mediatype = true; } else { mediatype = false; } CreateWebrequest webrequest = new CreateWebrequest(); webrequest.netCredentials = netCred; webrequest.CustomCookieCollection = cookieCollection; string HTML = webrequest.StringGetWebPage(URL, Post, headers, mediatype); richTextBoxSource.Text = HTML; webBrowserSource.DocumentText = HTML; if (webrequest.Response != null) { for (int i = 0; i < webrequest.Response.Headers.Count; i++) { ListViewItem Item = new ListViewItem(); Item.Text = webrequest.Response.Headers.Keys[i]; string Value = string.Empty; string[] HeaderValues = webrequest.Response.Headers.GetValues(i); for (int iHv = 0; iHv < HeaderValues.Length; iHv++) { Value += HeaderValues[iHv] + " "; } Item.SubItems.Add(Value); listViewResponseHeaders.Items.Add(Item); } } } }
private List<AuthenticationForm> LoadForms(string URL) { List<AuthenticationForm> Forms = new List<AuthenticationForm>(); CreateWebrequest webRequest = new CreateWebrequest(); string HTML = webRequest.StringGetWebPage(URL, string.Empty); if (HTML != string.Empty) { int LastFormIndexEnd = 0; while (true) { string NewHTML = HTML.Substring(LastFormIndexEnd); int FormIndex = NewHTML.ToLower().IndexOf("<form"); int FormIndexEnd = NewHTML.ToLower().IndexOf("</form>") + 7; int FormLength = FormIndexEnd - FormIndex; if (FormIndex == -1 || FormIndex >= FormIndexEnd) break; string HTMLForm = NewHTML.Substring(FormIndex, FormLength); string action = RegexText(" action\\=\\\"([^\"]*)\\\"", HTMLForm); string method = RegexText(" method\\=\\\"([^\"]*)\\\"", HTMLForm); AuthenticationForm authForm = new AuthenticationForm(); authForm.Action = GetURL(textBoxURL.Text, action); if (method.ToLower() == "get") authForm.Method = AuthenticationForm.Methods.GET; else authForm.Method = AuthenticationForm.Methods.POST; authForm.InputFields = LoadInputFields(HTMLForm); if (!authForm.Action.ToLower().Contains("javascript:")) Forms.Add(authForm); LastFormIndexEnd += FormIndexEnd; } } return Forms; }