public void CustomTester_Exclusion() { TrafficViewerFile mockSite = new TrafficViewerFile(); MockTestController mockTestController = new MockTestController(mockSite); string testRequest = "GET /search.aspx?txtSearch=a&a1=a HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n"; string paramName = "txtSearch"; CustomTestsFile file = GetCustomTestFile(); Tester tester = new Tester(mockTestController, file); CustomTestDef def = file.GetCustomTests()["Path Traversal"]; def.Exclusion = "exclude_me"; def.Validation = "$body=" + "root::"; HttpRequestInfo original = new HttpRequestInfo(testRequest, true); Uri uri = new Uri(original.FullUrl); string entityId = tester.GetEntityId(uri, paramName); string entityString = tester.GetEntityString(testRequest, uri, paramName, original.QueryVariables[paramName]); TestJob testJob = new TestJob(paramName, original.QueryVariables[paramName], RequestLocation.Query, def); string mutatedRequest = tester.GenerateMutatedRequestList(testRequest, testJob, entityString, entityId)[0]; Assert.IsTrue(tester.ValidateSingleTest(testRequest, "HTTP/1.1 200 OK\r\nbla", new Uri("http://demo.testfire.net/search.aspx"), paramName, entityId, def, mutatedRequest, "HTTP/1.1 200 OK\r\n\r\nroot::")); Assert.IsFalse(tester.ValidateSingleTest(testRequest, "HTTP/1.1 200 OK\r\nbla", new Uri("http://demo.testfire.net/search.aspx"), paramName, entityId, def, mutatedRequest, "HTTP/1.1 200 OK\r\nroot::\r\n\r\nbody")); //this should not match due to the exclusion condition Assert.IsFalse(tester.ValidateSingleTest(testRequest, "HTTP/1.1 200 OK\r\nbla", new Uri("http://demo.testfire.net/search.aspx"), paramName, entityId, def, mutatedRequest, "HTTP/1.1 200 OK\r\n\r\nexclude_me")); }
public void CustomTester_MatchFileValidation() { TrafficViewerFile mockSite = new TrafficViewerFile(); MockTestController mockTestController = new MockTestController(mockSite); string testRequest = "GET /search.aspx?txtSearch=a&a1=a HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n"; string paramName = "txtSearch"; CustomTestsFile file = GetCustomTestFile(); Tester tester = new Tester(mockTestController, file); CustomTestDef def = file.GetCustomTests()["Path Traversal"]; TempFile tempFile = new TempFile(); tempFile.Write("boogers\r\nroot\r\n"); def.Validation = "$match_file=" + tempFile.Path; HttpRequestInfo original = new HttpRequestInfo(testRequest, true); Uri uri = new Uri(original.FullUrl); string entityId = tester.GetEntityId(uri, paramName); string entityString = tester.GetEntityString(testRequest, uri, paramName, original.QueryVariables[paramName]); TestJob testJob = new TestJob(paramName, original.QueryVariables[paramName], RequestLocation.Query, def); string mutatedRequest = tester.GenerateMutatedRequestList(testRequest, testJob, entityString, entityId)[0]; Assert.IsTrue(tester.ValidateSingleTest(testRequest, "HTTP/1.1 200 OK\r\nbla", new Uri("http://demo.testfire.net/search.aspx"), paramName, entityId, def, mutatedRequest, "HTTP/1.1 200 OK\r\nroot::")); }
public void CustomTester_TestScriptingRuleBasedOnComponent() { TrafficViewerFile mockSite = new TrafficViewerFile(); CustomTestDef def = new CustomTestDef("BlindSQL", "BlindSQL", "$js_code=function Callback(rawRequest, entityName, entityValue, requestLocation){if(requestLocation.indexOf('Query') > -1) return encodeURIComponent(\"' or '1'='1\");}", ""); TestJob job = new TestJob("x", "y", RequestLocation.Query, def); CustomTestsFile file = GetCustomTestFile(); Tester tester = new Tester(new MockTestController(mockSite), file); var list = tester.GeneratePayloadListFromMutation("GET /x=y HTTP/1.1\r\n", job, false, "don't care"); Assert.IsNotNull(list); Assert.AreEqual(1, list.Count); string expected = "'%20or%20'1'%3D'1"; Assert.AreEqual(expected, list[0]); }
public void CustomTester_TestMultiPayloadsWithTicks() { TrafficViewerFile mockSite = new TrafficViewerFile(); CustomTestDef def = new CustomTestDef("BlindSQLABC", "Blind SQL", @"__dynamic_value__ticks__,__dynamic_value__ticks__,__dynamic_value__ticks__", ""); TestJob job = new TestJob("x", "y", RequestLocation.Query, def); CustomTestsFile file = GetCustomTestFile(); Tester tester = new Tester(new MockTestController(mockSite), file); var entity_string = tester.GetEntityString("GET /x=y HTTP/1.1\r\n", new Uri("http://localhost/x=y"), "x", "y"); var entity_id = tester.GetEntityId(new Uri("http://localhost/x=y"), "x"); var list = tester.GenerateMutatedRequestList("GET /x=y HTTP/1.1\r\n", job, entity_string, entity_id); Assert.IsNotNull(list); Assert.AreEqual(3, list.Count); Assert.AreNotEqual(list[0], list[1]); Assert.AreNotEqual(list[1], list[2]); }
public void CustomTester_TestMultiPayloads() { TrafficViewerFile mockSite = new TrafficViewerFile(); CustomTestDef def = new CustomTestDef("BlindSQLABC", "Blind SQL", @"a\,,b,c", ""); TestJob job = new TestJob("x", "y", RequestLocation.Query, def); CustomTestsFile file = GetCustomTestFile(); Tester tester = new Tester(new MockTestController(mockSite), file); var list = tester.GeneratePayloadListFromMutation("GET /x=y HTTP/1.1\r\n", job, false, "don't care"); Assert.IsNotNull(list); Assert.AreEqual(3, list.Count); Assert.AreEqual("a,", list[0]); Assert.AreEqual("b", list[1]); Assert.AreEqual("c", list[2]); }
public void CustomTester_EmptyQueryParamUnitTest() { TrafficViewerFile mockSite = new TrafficViewerFile(); mockSite.AddRequestResponse(String.Format("GET /search.jsp?query={0} HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n", MockTestController.PATH_TRAVERSAL), MockTestController.PATH_TRAVERSAL_RESPONSE); MockTestController mockTestController = new MockTestController(mockSite); string testRequest = "GET /search.jsp?query= HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n"; string paramName = "query"; CustomTestsFile file = GetCustomTestFile(); Tester tester = new Tester(mockTestController, file); CustomTestDef def = file.GetCustomTests()["Path Traversal"]; HttpRequestInfo original = new HttpRequestInfo(testRequest, true); Uri uri = new Uri(original.FullUrl); tester.ExecuteTests(testRequest, "", uri, paramName, null, RequestLocation.Query, def); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey(paramName)); }
public void CustomTester_DynamicValue() { MockTestController mockTestController = new MockTestController(); string testRequest = "GET /search.jsp?query= HTTP/1.1\r\nDyn:__dynamic_value__ticks__\r\nHost: 127.0.0.1\r\n\r\n"; string paramName = "query"; CustomTestsFile file = GetCustomTestFile(); Tester tester = new Tester(mockTestController, file); CustomTestDef def = file.GetCustomTests()["Path Traversal"]; HttpRequestInfo original = new HttpRequestInfo(testRequest, true); Uri uri = new Uri(original.FullUrl); tester.ExecuteTests(testRequest, "", uri, paramName, null, RequestLocation.Query, def); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey(paramName)); Assert.AreEqual(1, mockTestController.MutatedRequests.Count, "Incorrect number of mutated requests"); HttpRequestInfo mutatedRequest = new HttpRequestInfo(mockTestController.MutatedRequests[0]); Assert.IsTrue(Utils.IsMatch(mutatedRequest.Headers["Dyn"], "\\d+"), "Incorrect dynamic header value"); }
public void CustomTester_TestScriptingRuleManyAs() { TrafficViewerFile mockSite = new TrafficViewerFile(); CustomTestDef def = new CustomTestDef("ManyAs", "Buffer Overflow", "$js_code=function Callback(){var ret = ''; for(var i=0;i<100;i++){ret+='A';} return ret;}", ""); TestJob job = new TestJob("x", "y", RequestLocation.Query, def); CustomTestsFile file = GetCustomTestFile(); Tester tester = new Tester(new MockTestController(mockSite), file); var list = tester.GeneratePayloadListFromMutation("GET /x=y HTTP/1.1\r\n", job, false, "bla"); Assert.IsNotNull(list); Assert.AreEqual(1, list.Count); string expected = ""; for (int i = 0; i < 100; i++) { expected += "A"; } Assert.AreEqual(expected, list[0]); }
public void CustomTester_Fuzz() { TrafficViewerFile mockSite = new TrafficViewerFile(); MockTestController mockTestController = new MockTestController(mockSite); string testRequest = "GET /search.aspx?txtSearch=(" + Constants.FUZZ_STRING + ") HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n"; string paramName = "txtSearch"; CustomTestsFile file = GetCustomTestFile(); Tester tester = new Tester(mockTestController, file); CustomTestDef def = file.GetCustomTests()["Path Traversal"]; HttpRequestInfo original = new HttpRequestInfo(testRequest, true); Uri uri = new Uri(original.FullUrl); string entityId = tester.GetEntityId(uri, paramName); string entityString = tester.GetEntityString(testRequest, uri, paramName, original.QueryVariables[paramName]); TestJob testJob = new TestJob(paramName, original.QueryVariables[paramName], RequestLocation.Query, def); string mutatedRequest = tester.GenerateMutatedRequestList(testRequest, testJob, entityString, entityId)[0]; HttpRequestInfo mutatedReqInfo = new HttpRequestInfo(mutatedRequest, true); Assert.IsTrue(mutatedReqInfo.QueryVariables.ContainsKey(paramName), "Could no longer find parameter"); Assert.AreEqual("(" + MockTestController.PATH_TRAVERSAL + ")", mutatedReqInfo.QueryVariables[paramName], "Incorrect test value"); }