public void CustomTester_TestMultiPayloads() { TrafficViewerFile mockSite = new TrafficViewerFile(); CustomTestDef def = new CustomTestDef("BlindSQLABC", "Blind SQL", @"a\,,b,c", ""); TestJob job = new TestJob("x", "y", RequestLocation.Query, def); CustomTestsFile file = GetCustomTestFile(); Tester tester = new Tester(new MockTestController(mockSite), file); var list = tester.GeneratePayloadListFromMutation("GET /x=y HTTP/1.1\r\n", job, false, "don't care"); Assert.IsNotNull(list); Assert.AreEqual(3, list.Count); Assert.AreEqual("a,", list[0]); Assert.AreEqual("b", list[1]); Assert.AreEqual("c", list[2]); }
public void CustomTester_TestMultiPayloadsWithTicks() { TrafficViewerFile mockSite = new TrafficViewerFile(); CustomTestDef def = new CustomTestDef("BlindSQLABC", "Blind SQL", @"__dynamic_value__ticks__,__dynamic_value__ticks__,__dynamic_value__ticks__", ""); TestJob job = new TestJob("x", "y", RequestLocation.Query, def); CustomTestsFile file = GetCustomTestFile(); Tester tester = new Tester(new MockTestController(mockSite), file); var entity_string = tester.GetEntityString("GET /x=y HTTP/1.1\r\n", new Uri("http://localhost/x=y"), "x", "y"); var entity_id = tester.GetEntityId(new Uri("http://localhost/x=y"), "x"); var list = tester.GenerateMutatedRequestList("GET /x=y HTTP/1.1\r\n", job, entity_string, entity_id); Assert.IsNotNull(list); Assert.AreEqual(3, list.Count); Assert.AreNotEqual(list[0], list[1]); Assert.AreNotEqual(list[1], list[2]); }
private static CustomTestsFile GetCustomTestFile() { CustomTestsFile testFile = new CustomTestsFile(); var customTests = testFile.GetCustomTests(); customTests.Clear(); customTests.Add("Path Traversal", new CustomTestDef("Path Traversal", "Path Traversal", "$original" + MockTestController.PATH_TRAVERSAL, "root\\:")); testFile.SetCustomTests(customTests); testFile.LoginBeforeTests = false; testFile.TestOnlyParameters = true; var targetList = testFile.GetAttackTargetList(); targetList.Add("all", new AttackTarget("all", "Enabled", ".*")); testFile.SetAttackTargetList(targetList); return(testFile); }
public void CustomTestProxy_TestJSValidation() { MockProxy mockSite = new MockProxy(); string testReq = "GET /r1?p1=test HTTP/1.1\r\n"; mockSite.MockSite.AddRequestResponse(testReq, "HTTP/1.1 200 OK\r\n\r\nFound user test"); mockSite.Start(); CustomTestsFile testFile = GetCustomTestFile(); var tests = testFile.GetCustomTests(); tests.Clear(); tests.Add("PathTraversal", new CustomTestDef("PathTraversal", "Path Traversal", "$original/" + MockTestController.PATH_TRAVERSAL, "$js_code=function Callback(response){var found = false; if(response.indexOf('root')>-1) found=true; return found;}")); testFile.SetCustomTests(tests); testFile.Save(); TrafficViewerFile testDataStore = new TrafficViewerFile(); MockTestController mockTestController = new MockTestController(mockSite.MockSite); var targetList = new Dictionary <string, AttackTarget>(); targetList.Add("r1", new AttackTarget("r1", "Enabled", "r1")); testFile.SetAttackTargetList(targetList); DriveByAttackProxy testProxy = new DriveByAttackProxy(mockTestController, testFile, testDataStore); testProxy.Start(); SendRequestThroughTestProxy(testReq, testProxy, mockSite); Thread.Sleep(100); testProxy.Stop(); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("p1")); }
private void LoadFile(string path) { bool loaded = true; _testFile = new CustomTestsFile(); if (File.Exists(path)) { loaded = _testFile.Load(path); } if (!loaded) { ErrorBox.ShowDialog("Could not load file"); return; } _grid.SetValues((List <string>)_testFile.GetOption(CUSTOM_TESTS)); runAutomaticallyToolStripMenuItem.Checked = _testFile.AutoRunTests; _testRunner.SetTestFile(_testFile); }
public void CustomTester_EmptyQueryParamUnitTest() { TrafficViewerFile mockSite = new TrafficViewerFile(); mockSite.AddRequestResponse(String.Format("GET /search.jsp?query={0} HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n", MockTestController.PATH_TRAVERSAL), MockTestController.PATH_TRAVERSAL_RESPONSE); MockTestController mockTestController = new MockTestController(mockSite); string testRequest = "GET /search.jsp?query= HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n"; string paramName = "query"; CustomTestsFile file = GetCustomTestFile(); Tester tester = new Tester(mockTestController, file); CustomTestDef def = file.GetCustomTests()["Path Traversal"]; HttpRequestInfo original = new HttpRequestInfo(testRequest, true); Uri uri = new Uri(original.FullUrl); tester.ExecuteTests(testRequest, "", uri, paramName, null, RequestLocation.Query, def); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey(paramName)); }
public void CustomTester_DynamicValue() { MockTestController mockTestController = new MockTestController(); string testRequest = "GET /search.jsp?query= HTTP/1.1\r\nDyn:__dynamic_value__ticks__\r\nHost: 127.0.0.1\r\n\r\n"; string paramName = "query"; CustomTestsFile file = GetCustomTestFile(); Tester tester = new Tester(mockTestController, file); CustomTestDef def = file.GetCustomTests()["Path Traversal"]; HttpRequestInfo original = new HttpRequestInfo(testRequest, true); Uri uri = new Uri(original.FullUrl); tester.ExecuteTests(testRequest, "", uri, paramName, null, RequestLocation.Query, def); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey(paramName)); Assert.AreEqual(1, mockTestController.MutatedRequests.Count, "Incorrect number of mutated requests"); HttpRequestInfo mutatedRequest = new HttpRequestInfo(mockTestController.MutatedRequests[0]); Assert.IsTrue(Utils.IsMatch(mutatedRequest.Headers["Dyn"], "\\d+"), "Incorrect dynamic header value"); }
public void CustomTester_TestScriptingRuleManyAs() { TrafficViewerFile mockSite = new TrafficViewerFile(); CustomTestDef def = new CustomTestDef("ManyAs", "Buffer Overflow", "$js_code=function Callback(){var ret = ''; for(var i=0;i<100;i++){ret+='A';} return ret;}", ""); TestJob job = new TestJob("x", "y", RequestLocation.Query, def); CustomTestsFile file = GetCustomTestFile(); Tester tester = new Tester(new MockTestController(mockSite), file); var list = tester.GeneratePayloadListFromMutation("GET /x=y HTTP/1.1\r\n", job, false, "bla"); Assert.IsNotNull(list); Assert.AreEqual(1, list.Count); string expected = ""; for (int i = 0; i < 100; i++) { expected += "A"; } Assert.AreEqual(expected, list[0]); }
public void CustomTestProxy_500Error() { MockProxy mockSite = new MockProxy(); string first = "GET / HTTP/1.1\r\n"; string second = Resources.IdeasPmc; string third = "POST /r2 HTTP/1.1\r\n\r\np2=1234\r\n\r\n"; mockSite.MockSite.AddRequestResponse(first, "HTTP/1.1 200 OK\r\n\r\nbla"); mockSite.MockSite.AddRequestResponse(second, "HTTP/1.1 200 OK\r\n\r\nroot:0:0"); mockSite.MockSite.AddRequestResponse(third, "HTTP/1.1 200 OK\r\n\r\nbla"); mockSite.Start(); CustomTestsFile testFile = GetCustomTestFile(); TrafficViewerFile testDataStore = new TrafficViewerFile(); MockTestController mockTestController = new MockTestController(); SequentialAttackProxy testProxy = new SequentialAttackProxy(mockTestController, testFile, testDataStore); testFile.PatternOfFirstRequestToTest = ".*pmc"; testProxy.Start(); HttpResponseInfo respInfo; for (int i = 0; i < 2; i++) { respInfo = SendRequestThroughTestProxy(first, testProxy, mockSite); Assert.AreNotEqual(500, respInfo.Status); SendRequestThroughTestProxy(second, testProxy, mockSite); Assert.AreNotEqual(500, respInfo.Status); SendRequestThroughTestProxy(third, testProxy, mockSite); Assert.AreNotEqual(500, respInfo.Status); } testProxy.Stop(); Assert.IsFalse(mockTestController.IssuesFound.ContainsKey("p2")); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("itoken")); }
public HttpResponseInfo CustomTestUnitExecution(string request, MockTestController mockTestController, SequentialAttackProxy testProxy = null, MockProxy mockSite = null) { bool shouldStopMockSite = false; if (mockSite == null) { shouldStopMockSite = true; mockSite = new MockProxy(request, "HTTP/1.1 200 OK\r\n\r\nroot:0:0"); mockSite.Start(); } CustomTestsFile testFile = GetCustomTestFile(); bool shouldStopTestProxy = false; if (testProxy == null) { shouldStopTestProxy = true; TrafficViewerFile testDataStore = new TrafficViewerFile(); testProxy = new SequentialAttackProxy(mockTestController, testFile, testDataStore); testProxy.Start(); } var response = SendRequestThroughTestProxy(request, testProxy, mockSite); if (shouldStopMockSite) { mockSite.Stop(); } if (shouldStopTestProxy) { testProxy.Stop(); } return(response); }
public void CustomTester_Fuzz() { TrafficViewerFile mockSite = new TrafficViewerFile(); MockTestController mockTestController = new MockTestController(mockSite); string testRequest = "GET /search.aspx?txtSearch=(" + Constants.FUZZ_STRING + ") HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n"; string paramName = "txtSearch"; CustomTestsFile file = GetCustomTestFile(); Tester tester = new Tester(mockTestController, file); CustomTestDef def = file.GetCustomTests()["Path Traversal"]; HttpRequestInfo original = new HttpRequestInfo(testRequest, true); Uri uri = new Uri(original.FullUrl); string entityId = tester.GetEntityId(uri, paramName); string entityString = tester.GetEntityString(testRequest, uri, paramName, original.QueryVariables[paramName]); TestJob testJob = new TestJob(paramName, original.QueryVariables[paramName], RequestLocation.Query, def); string mutatedRequest = tester.GenerateMutatedRequestList(testRequest, testJob, entityString, entityId)[0]; HttpRequestInfo mutatedReqInfo = new HttpRequestInfo(mutatedRequest, true); Assert.IsTrue(mutatedReqInfo.QueryVariables.ContainsKey(paramName), "Could no longer find parameter"); Assert.AreEqual("(" + MockTestController.PATH_TRAVERSAL + ")", mutatedReqInfo.QueryVariables[paramName], "Incorrect test value"); }
public void SetTestFile(CustomTestsFile testFile) { _testFile = testFile; }
public AttackTargetsSetup(CustomTestsFile file) { _testFile = file; InitializeComponent(); }
public void SetTestFile(CustomTestsFile testFile) { _testFile = testFile; _verbose = testFile.Verbose; }
public ActionBasedMultiStepSetup(CustomTestsFile file) { _testFile = file; InitializeComponent(); }
public TestOptions(CustomTestsFile testFile) { _testFile = testFile; InitializeComponent(); }
private HttpResponseInfo StartProxy(HttpRequestInfo requestInfo) { IHttpProxy proxy; //get the port from the url string portString = null; requestInfo.QueryVariables.TryGetValue("port", out portString); //optional secret to protect the recording session string secret = null; requestInfo.QueryVariables.TryGetValue("secret", out secret); //the host to record traffic for string targetHost = null; requestInfo.QueryVariables.TryGetValue("targetHost", out targetHost); //whether to execute inline tests string test = null; requestInfo.QueryVariables.TryGetValue("test", out test); int port; if (int.TryParse(portString, out port) && port >= 0 && port <= 65535) { if (CollectorProxyList.Instance.ProxyList.ContainsKey(port)) { return(GetResponse(400, "Bad Request", "Port in use.")); } if (targetHost == null) { return(GetResponse(400, "Bad Request", "'targetHost' parameter is not specified.")); } if (!Utils.IsMatch(targetHost, "^[\\w._-]+$") || !Utils.IsMatch(targetHost, TrafficCollectorSettings.Instance.AllowedHostsPattern)) { return(GetResponse(400, "Bad Request", "Invalid target host!")); } try { TrafficViewerFile trafficFile = new TrafficViewerFile(); trafficFile.Profile = ParsingOptions.GetRawProfile(); //optional secret to prevent others stopping the recording if (!String.IsNullOrWhiteSpace(secret)) { trafficFile.Profile.SetSingleValueOption("secret", secret); } trafficFile.Profile.SetSingleValueOption("targetHost", targetHost); if (test != null && test.Equals("true")) { CustomTestsFile testsFile = new CustomTestsFile(); testsFile.Load(TrafficCollectorSettings.Instance.TestFile); Dictionary <string, AttackTarget> targetDef = new Dictionary <string, AttackTarget>(); targetDef.Add("targetHost", new AttackTarget("targetHost", "Enabled", String.Format("Host:\\s*{0}", targetHost))); testsFile.SetAttackTargetList(targetDef); proxy = new DriveByAttackProxy(new TestController(trafficFile), testsFile, trafficFile, TrafficCollectorSettings.Instance.Ip, port); } else { proxy = new AdvancedExploreProxy(TrafficCollectorSettings.Instance.Ip, port, trafficFile); } proxy.NetworkSettings.CertificateValidationCallback = new RemoteCertificateValidationCallback(CollectorAPIController.ValidateServerCertificate); proxy.NetworkSettings.WebProxy = HttpWebRequest.GetSystemWebProxy(); proxy.Start(); CollectorProxyList.Instance.ProxyList.Add(proxy.Port, proxy); } catch (Exception ex) { return(GetResponse(500, "Unexpected error.", ex.Message)); } } else { return(GetResponse(400, "Bad Request", "Invalid 'port' parameter.")); } return(GetResponse(200, "OK", "Proxy is listening on port: {0}.", proxy.Port)); }