public void CustomTester_Exclusion()
{
TrafficViewerFile mockSite = new TrafficViewerFile();
MockTestController mockTestController = new MockTestController(mockSite);
string testRequest = "GET /search.aspx?txtSearch=a&a1=a HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n";
string paramName = "txtSearch";
CustomTestsFile file = GetCustomTestFile();
Tester tester = new Tester(mockTestController, file);
CustomTestDef def = file.GetCustomTests()["Path Traversal"];
def.Exclusion = "exclude_me";
def.Validation = "$body=" + "root::";
HttpRequestInfo original = new HttpRequestInfo(testRequest, true);
Uri uri = new Uri(original.FullUrl);
string entityId = tester.GetEntityId(uri, paramName);
string entityString = tester.GetEntityString(testRequest, uri, paramName, original.QueryVariables[paramName]);
TestJob testJob = new TestJob(paramName, original.QueryVariables[paramName], RequestLocation.Query, def);
string mutatedRequest = tester.GenerateMutatedRequestList(testRequest, testJob, entityString, entityId)[0];
Assert.IsTrue(tester.ValidateSingleTest(testRequest, "HTTP/1.1 200 OK\r\nbla", new Uri("http://demo.testfire.net/search.aspx"),
paramName, entityId, def, mutatedRequest, "HTTP/1.1 200 OK\r\n\r\nroot::"));
Assert.IsFalse(tester.ValidateSingleTest(testRequest, "HTTP/1.1 200 OK\r\nbla", new Uri("http://demo.testfire.net/search.aspx"),
paramName, entityId, def, mutatedRequest, "HTTP/1.1 200 OK\r\nroot::\r\n\r\nbody"));
//this should not match due to the exclusion condition
Assert.IsFalse(tester.ValidateSingleTest(testRequest, "HTTP/1.1 200 OK\r\nbla", new Uri("http://demo.testfire.net/search.aspx"),
paramName, entityId, def, mutatedRequest, "HTTP/1.1 200 OK\r\n\r\nexclude_me"));
}
public void CustomTester_MatchFileValidation()
{
TrafficViewerFile mockSite = new TrafficViewerFile();
MockTestController mockTestController = new MockTestController(mockSite);
string testRequest = "GET /search.aspx?txtSearch=a&a1=a HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n";
string paramName = "txtSearch";
CustomTestsFile file = GetCustomTestFile();
Tester tester = new Tester(mockTestController, file);
CustomTestDef def = file.GetCustomTests()["Path Traversal"];
TempFile tempFile = new TempFile();
tempFile.Write("boogers\r\nroot\r\n");
def.Validation = "$match_file=" + tempFile.Path;
HttpRequestInfo original = new HttpRequestInfo(testRequest, true);
Uri uri = new Uri(original.FullUrl);
string entityId = tester.GetEntityId(uri, paramName);
string entityString = tester.GetEntityString(testRequest, uri, paramName, original.QueryVariables[paramName]);
TestJob testJob = new TestJob(paramName, original.QueryVariables[paramName], RequestLocation.Query, def);
string mutatedRequest = tester.GenerateMutatedRequestList(testRequest, testJob, entityString, entityId)[0];
Assert.IsTrue(tester.ValidateSingleTest(testRequest, "HTTP/1.1 200 OK\r\nbla", new Uri("http://demo.testfire.net/search.aspx"),
paramName, entityId, def, mutatedRequest, "HTTP/1.1 200 OK\r\nroot::"));
}
public void CustomTester_TestScriptingRuleBasedOnComponent()
{
TrafficViewerFile mockSite = new TrafficViewerFile();
CustomTestDef def = new CustomTestDef("BlindSQL", "BlindSQL",
"$js_code=function Callback(rawRequest, entityName, entityValue, requestLocation){if(requestLocation.indexOf('Query') > -1) return encodeURIComponent(\"' or '1'='1\");}", "");
TestJob job = new TestJob("x", "y", RequestLocation.Query, def);
CustomTestsFile file = GetCustomTestFile();
Tester tester = new Tester(new MockTestController(mockSite), file);
var list = tester.GeneratePayloadListFromMutation("GET /x=y HTTP/1.1\r\n", job, false, "don't care");
Assert.IsNotNull(list);
Assert.AreEqual(1, list.Count);
string expected = "'%20or%20'1'%3D'1";
Assert.AreEqual(expected, list[0]);
}
public void CustomTester_TestMultiPayloadsWithTicks()
{
TrafficViewerFile mockSite = new TrafficViewerFile();
CustomTestDef def = new CustomTestDef("BlindSQLABC", "Blind SQL",
@"__dynamic_value__ticks__,__dynamic_value__ticks__,__dynamic_value__ticks__", "");
TestJob job = new TestJob("x", "y", RequestLocation.Query, def);
CustomTestsFile file = GetCustomTestFile();
Tester tester = new Tester(new MockTestController(mockSite), file);
var entity_string = tester.GetEntityString("GET /x=y HTTP/1.1\r\n", new Uri("http://localhost/x=y"), "x", "y");
var entity_id = tester.GetEntityId(new Uri("http://localhost/x=y"), "x");
var list = tester.GenerateMutatedRequestList("GET /x=y HTTP/1.1\r\n", job, entity_string, entity_id);
Assert.IsNotNull(list);
Assert.AreEqual(3, list.Count);
Assert.AreNotEqual(list[0], list[1]);
Assert.AreNotEqual(list[1], list[2]);
}
public void CustomTester_TestMultiPayloads()
{
TrafficViewerFile mockSite = new TrafficViewerFile();
CustomTestDef def = new CustomTestDef("BlindSQLABC", "Blind SQL",
@"a\,,b,c", "");
TestJob job = new TestJob("x", "y", RequestLocation.Query, def);
CustomTestsFile file = GetCustomTestFile();
Tester tester = new Tester(new MockTestController(mockSite), file);
var list = tester.GeneratePayloadListFromMutation("GET /x=y HTTP/1.1\r\n", job, false, "don't care");
Assert.IsNotNull(list);
Assert.AreEqual(3, list.Count);
Assert.AreEqual("a,", list[0]);
Assert.AreEqual("b", list[1]);
Assert.AreEqual("c", list[2]);
}
public void CustomTester_EmptyQueryParamUnitTest()
{
TrafficViewerFile mockSite = new TrafficViewerFile();
mockSite.AddRequestResponse(String.Format("GET /search.jsp?query={0} HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n", MockTestController.PATH_TRAVERSAL),
MockTestController.PATH_TRAVERSAL_RESPONSE);
MockTestController mockTestController = new MockTestController(mockSite);
string testRequest = "GET /search.jsp?query= HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n";
string paramName = "query";
CustomTestsFile file = GetCustomTestFile();
Tester tester = new Tester(mockTestController, file);
CustomTestDef def = file.GetCustomTests()["Path Traversal"];
HttpRequestInfo original = new HttpRequestInfo(testRequest, true);
Uri uri = new Uri(original.FullUrl);
tester.ExecuteTests(testRequest, "", uri, paramName, null, RequestLocation.Query, def);
Assert.IsTrue(mockTestController.IssuesFound.ContainsKey(paramName));
}
public void CustomTester_DynamicValue()
{
MockTestController mockTestController = new MockTestController();
string testRequest = "GET /search.jsp?query= HTTP/1.1\r\nDyn:__dynamic_value__ticks__\r\nHost: 127.0.0.1\r\n\r\n";
string paramName = "query";
CustomTestsFile file = GetCustomTestFile();
Tester tester = new Tester(mockTestController, file);
CustomTestDef def = file.GetCustomTests()["Path Traversal"];
HttpRequestInfo original = new HttpRequestInfo(testRequest, true);
Uri uri = new Uri(original.FullUrl);
tester.ExecuteTests(testRequest, "", uri, paramName, null, RequestLocation.Query, def);
Assert.IsTrue(mockTestController.IssuesFound.ContainsKey(paramName));
Assert.AreEqual(1, mockTestController.MutatedRequests.Count, "Incorrect number of mutated requests");
HttpRequestInfo mutatedRequest = new HttpRequestInfo(mockTestController.MutatedRequests[0]);
Assert.IsTrue(Utils.IsMatch(mutatedRequest.Headers["Dyn"], "\\d+"), "Incorrect dynamic header value");
}
public void CustomTester_TestScriptingRuleManyAs()
{
TrafficViewerFile mockSite = new TrafficViewerFile();
CustomTestDef def = new CustomTestDef("ManyAs", "Buffer Overflow",
"$js_code=function Callback(){var ret = ''; for(var i=0;i<100;i++){ret+='A';} return ret;}", "");
TestJob job = new TestJob("x", "y", RequestLocation.Query, def);
CustomTestsFile file = GetCustomTestFile();
Tester tester = new Tester(new MockTestController(mockSite), file);
var list = tester.GeneratePayloadListFromMutation("GET /x=y HTTP/1.1\r\n", job, false, "bla");
Assert.IsNotNull(list);
Assert.AreEqual(1, list.Count);
string expected = "";
for (int i = 0; i < 100; i++)
{
expected += "A";
}
Assert.AreEqual(expected, list[0]);
}
public void CustomTester_Fuzz()
{
TrafficViewerFile mockSite = new TrafficViewerFile();
MockTestController mockTestController = new MockTestController(mockSite);
string testRequest = "GET /search.aspx?txtSearch=(" + Constants.FUZZ_STRING + ") HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n";
string paramName = "txtSearch";
CustomTestsFile file = GetCustomTestFile();
Tester tester = new Tester(mockTestController, file);
CustomTestDef def = file.GetCustomTests()["Path Traversal"];
HttpRequestInfo original = new HttpRequestInfo(testRequest, true);
Uri uri = new Uri(original.FullUrl);
string entityId = tester.GetEntityId(uri, paramName);
string entityString = tester.GetEntityString(testRequest, uri, paramName, original.QueryVariables[paramName]);
TestJob testJob = new TestJob(paramName, original.QueryVariables[paramName], RequestLocation.Query, def);
string mutatedRequest = tester.GenerateMutatedRequestList(testRequest, testJob, entityString, entityId)[0];
HttpRequestInfo mutatedReqInfo = new HttpRequestInfo(mutatedRequest, true);
Assert.IsTrue(mutatedReqInfo.QueryVariables.ContainsKey(paramName), "Could no longer find parameter");
Assert.AreEqual("(" + MockTestController.PATH_TRAVERSAL + ")", mutatedReqInfo.QueryVariables[paramName], "Incorrect test value");
}
