Esempio n. 1
0
        public void CustomTester_ParametersWithSameValue()
        {
            MockTestController mockTestController = new MockTestController();


            string          testRequest = "GET /search.jsp?a=1&b=1 HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n";
            string          paramName1  = "a";
            string          paramName2  = "b";
            CustomTestsFile file        = GetCustomTestFile();
            Tester          tester      = new Tester(mockTestController, file);
            CustomTestDef   def         = file.GetCustomTests()["Path Traversal"];
            HttpRequestInfo original    = new HttpRequestInfo(testRequest, true);
            Uri             uri         = new Uri(original.FullUrl);

            tester.ExecuteTests(testRequest, "", uri, paramName1, null, RequestLocation.Query, def);
            Assert.IsTrue(mockTestController.IssuesFound.ContainsKey(paramName1));
            string          mutReq     = mockTestController.MutatedRequests[0];
            HttpRequestInfo mutReqInfo = new HttpRequestInfo(mutReq);

            Assert.AreEqual(MockTestController.PATH_TRAVERSAL, mutReqInfo.QueryVariables[paramName1], "Invalid mutation for " + paramName1);
            Assert.AreEqual("1", mutReqInfo.QueryVariables[paramName2], "Invalid value for " + paramName2);
            tester.ExecuteTests(testRequest, "", uri, paramName2, null, RequestLocation.Query, def);
            Assert.IsTrue(mockTestController.IssuesFound.ContainsKey(paramName2));
            mutReq     = mockTestController.MutatedRequests[1];
            mutReqInfo = new HttpRequestInfo(mutReq);
            Assert.AreEqual("1", mutReqInfo.QueryVariables[paramName1], "Invalid value for " + paramName1);
            Assert.AreEqual(MockTestController.PATH_TRAVERSAL, mutReqInfo.QueryVariables[paramName2], "Invalid mutation for " + paramName2);
        }
Esempio n. 2
0
        public void CustomTester_SingleCharacterValue()
        {
            TrafficViewerFile  mockSite           = new TrafficViewerFile();
            MockTestController mockTestController = new MockTestController(mockSite);


            string          testRequest = "GET /search.aspx?txtSearch=a&a1=a HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n";
            string          paramName   = "txtSearch";
            string          paramName2  = "a1";
            CustomTestsFile file        = GetCustomTestFile();
            Tester          tester      = new Tester(mockTestController, file);
            CustomTestDef   def         = file.GetCustomTests()["Path Traversal"];
            HttpRequestInfo original    = new HttpRequestInfo(testRequest, true);
            Uri             uri         = new Uri(original.FullUrl);

            string          entityId       = tester.GetEntityId(uri, paramName);
            string          entityString   = tester.GetEntityString(testRequest, uri, paramName, original.QueryVariables[paramName]);
            TestJob         testJob        = new TestJob(paramName, original.QueryVariables[paramName], RequestLocation.Query, def);
            string          mutatedRequest = tester.GenerateMutatedRequestList(testRequest, testJob, entityString, entityId)[0];
            HttpRequestInfo mutatedReqInfo = new HttpRequestInfo(mutatedRequest, true);

            Assert.IsTrue(mutatedReqInfo.QueryVariables.ContainsKey(paramName), "Could no longer find parameter");
            Assert.AreEqual(original.QueryVariables[paramName] + MockTestController.PATH_TRAVERSAL, mutatedReqInfo.QueryVariables[paramName], "Incorrect test value");
            Assert.AreEqual(original.QueryVariables[paramName2], mutatedReqInfo.QueryVariables[paramName2], "Incorrect non-test value");
        }
Esempio n. 3
0
        public void CustomTester_MatchHeaderValidation()
        {
            TrafficViewerFile  mockSite           = new TrafficViewerFile();
            MockTestController mockTestController = new MockTestController(mockSite);


            string testRequest = "GET /search.aspx?txtSearch=a&a1=a HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n";
            string paramName   = "txtSearch";

            CustomTestsFile file   = GetCustomTestFile();
            Tester          tester = new Tester(mockTestController, file);
            CustomTestDef   def    = file.GetCustomTests()["Path Traversal"];



            def.Validation = "$header=" + "root:\\s?:";

            HttpRequestInfo original = new HttpRequestInfo(testRequest, true);
            Uri             uri      = new Uri(original.FullUrl);

            string  entityId       = tester.GetEntityId(uri, paramName);
            string  entityString   = tester.GetEntityString(testRequest, uri, paramName, original.QueryVariables[paramName]);
            TestJob testJob        = new TestJob(paramName, original.QueryVariables[paramName], RequestLocation.Query, def);
            string  mutatedRequest = tester.GenerateMutatedRequestList(testRequest, testJob, entityString, entityId)[0];

            Assert.IsFalse(tester.ValidateSingleTest(testRequest, "HTTP/1.1 200 OK\r\nbla", new Uri("http://demo.testfire.net/search.aspx"),
                                                     paramName, entityId, def, mutatedRequest, "HTTP/1.1 200 OK\r\n\r\nroot::"));
            Assert.IsTrue(tester.ValidateSingleTest(testRequest, "HTTP/1.1 200 OK\r\nbla", new Uri("http://demo.testfire.net/search.aspx"),
                                                    paramName, entityId, def, mutatedRequest, "HTTP/1.1 200 OK\r\nroot::\r\n\r\nbody"));
        }
Esempio n. 4
0
        private static CustomTestsFile GetCustomTestFile()
        {
            CustomTestsFile testFile    = new CustomTestsFile();
            var             customTests = testFile.GetCustomTests();

            customTests.Clear();
            customTests.Add("Path Traversal", new CustomTestDef("Path Traversal", "Path Traversal", "$original" + MockTestController.PATH_TRAVERSAL, "root\\:"));

            testFile.SetCustomTests(customTests);

            testFile.LoginBeforeTests   = false;
            testFile.TestOnlyParameters = true;
            var targetList = testFile.GetAttackTargetList();

            targetList.Add("all", new AttackTarget("all", "Enabled", ".*"));
            testFile.SetAttackTargetList(targetList);

            return(testFile);
        }
Esempio n. 5
0
        public void CustomTestProxy_TestJSValidation()
        {
            MockProxy mockSite = new MockProxy();
            string    testReq  = "GET /r1?p1=test HTTP/1.1\r\n";

            mockSite.MockSite.AddRequestResponse(testReq, "HTTP/1.1 200 OK\r\n\r\nFound user test");
            mockSite.Start();

            CustomTestsFile testFile = GetCustomTestFile();

            var tests = testFile.GetCustomTests();

            tests.Clear();
            tests.Add("PathTraversal",
                      new CustomTestDef("PathTraversal", "Path Traversal",
                                        "$original/" + MockTestController.PATH_TRAVERSAL,
                                        "$js_code=function Callback(response){var found = false; if(response.indexOf('root')>-1) found=true; return found;}"));

            testFile.SetCustomTests(tests);
            testFile.Save();

            TrafficViewerFile  testDataStore      = new TrafficViewerFile();
            MockTestController mockTestController = new MockTestController(mockSite.MockSite);

            var targetList = new Dictionary <string, AttackTarget>();

            targetList.Add("r1", new AttackTarget("r1", "Enabled", "r1"));
            testFile.SetAttackTargetList(targetList);
            DriveByAttackProxy testProxy = new DriveByAttackProxy(mockTestController, testFile, testDataStore);

            testProxy.Start();


            SendRequestThroughTestProxy(testReq, testProxy, mockSite);


            Thread.Sleep(100);

            testProxy.Stop();

            Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("p1"));
        }
Esempio n. 6
0
        public void CustomTester_EmptyQueryParamUnitTest()
        {
            TrafficViewerFile mockSite = new TrafficViewerFile();

            mockSite.AddRequestResponse(String.Format("GET /search.jsp?query={0} HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n", MockTestController.PATH_TRAVERSAL),
                                        MockTestController.PATH_TRAVERSAL_RESPONSE);
            MockTestController mockTestController = new MockTestController(mockSite);


            string          testRequest = "GET /search.jsp?query= HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n";
            string          paramName   = "query";
            CustomTestsFile file        = GetCustomTestFile();
            Tester          tester      = new Tester(mockTestController, file);
            CustomTestDef   def         = file.GetCustomTests()["Path Traversal"];
            HttpRequestInfo original    = new HttpRequestInfo(testRequest, true);
            Uri             uri         = new Uri(original.FullUrl);

            tester.ExecuteTests(testRequest, "", uri, paramName, null, RequestLocation.Query, def);
            Assert.IsTrue(mockTestController.IssuesFound.ContainsKey(paramName));
        }
Esempio n. 7
0
        public void CustomTester_DynamicValue()
        {
            MockTestController mockTestController = new MockTestController();


            string          testRequest = "GET /search.jsp?query= HTTP/1.1\r\nDyn:__dynamic_value__ticks__\r\nHost: 127.0.0.1\r\n\r\n";
            string          paramName   = "query";
            CustomTestsFile file        = GetCustomTestFile();
            Tester          tester      = new Tester(mockTestController, file);
            CustomTestDef   def         = file.GetCustomTests()["Path Traversal"];
            HttpRequestInfo original    = new HttpRequestInfo(testRequest, true);
            Uri             uri         = new Uri(original.FullUrl);

            tester.ExecuteTests(testRequest, "", uri, paramName, null, RequestLocation.Query, def);
            Assert.IsTrue(mockTestController.IssuesFound.ContainsKey(paramName));

            Assert.AreEqual(1, mockTestController.MutatedRequests.Count, "Incorrect number of mutated requests");
            HttpRequestInfo mutatedRequest = new HttpRequestInfo(mockTestController.MutatedRequests[0]);

            Assert.IsTrue(Utils.IsMatch(mutatedRequest.Headers["Dyn"], "\\d+"), "Incorrect dynamic header value");
        }
Esempio n. 8
0
        private void LoadFile(string path)
        {
            bool loaded = true;

            _testFile = new CustomTestsFile();
            CustomTestsFile file = new CustomTestsFile();

            if (File.Exists(path))
            {
                loaded = file.Load(path);
            }


            if (!loaded)
            {
                ErrorBox.ShowDialog("Could not load file");
                return;
            }
            _testFile = file;
            _testFile.SetCustomTests(file.GetCustomTests());
            _grid.SetValues((List <string>)_testFile.GetOption(CUSTOM_TESTS));
            runAutomaticallyToolStripMenuItem.Checked = _testFile.AutoRunTests;
            _testRunner.SetTestFile(_testFile);
        }
Esempio n. 9
0
        public void Run()
        {
            _runnable = true;
            var    customTests = _testFile.GetCustomTests().Values;
            Tester tester      = new Tester(this, _testFile);

            if (_requestsToTest.Count == 0)
            {
                //load the requests to test
                foreach (var tvReqInfo in _selectedRequests)
                {
                    _requestsToTest.Enqueue(tvReqInfo);
                }
            }

            _trafficFile.SetState(AccessorState.Loading);

            while (_runnable && _requestsToTest.Count > 0)
            {
                TVRequestInfo workingEntry = _requestsToTest.Peek();
                //check the request;
                byte[]          reqBytes       = _trafficFile.LoadRequestData(workingEntry.Id);
                byte[]          respBytes      = _trafficFile.LoadResponseData(workingEntry.Id);
                HttpRequestInfo workingReqInfo = null;
                if (reqBytes == null)
                {
                    Log("SELECT A NEW REQUEST");
                    _requestsToTest.Dequeue(); //remove the request;
                    continue;
                }
                else
                {
                    workingReqInfo          = new HttpRequestInfo(reqBytes, true);
                    workingReqInfo.IsSecure = workingEntry.IsHttps;
                }


                string rawRequest  = workingReqInfo.ToString();
                string rawResponse = respBytes != null?Constants.DefaultEncoding.GetString(respBytes) : String.Empty;

                if (ShouldBeTested(rawRequest, _testFile.GetAttackTargetList()))
                {
                    MultiThreadedTestExecution testExecution = new MultiThreadedTestExecution(tester, rawRequest, rawResponse, new Uri(workingReqInfo.FullUrl), _testFile.NumberOfThreads);

                    bool containsFuzz = rawRequest.Contains(Constants.FUZZ_STRING);

                    foreach (CustomTestDef testDef in customTests)
                    {
                        if (containsFuzz)
                        {
                            testExecution.TestsQueue.Enqueue(new TestJob(String.Empty, String.Empty, RequestLocation.Path, testDef));
                        }
                        else
                        {
                            //iterate through parameters, cookies and headers
                            foreach (var parameter in workingReqInfo.PathVariables)
                            {
                                testExecution.TestsQueue.Enqueue(new TestJob(parameter.Key, parameter.Value, RequestLocation.Path, testDef));
                            }

                            foreach (var parameter in workingReqInfo.QueryVariables)
                            {
                                testExecution.TestsQueue.Enqueue(new TestJob(parameter.Key, parameter.Value, RequestLocation.Query, testDef));
                            }

                            foreach (var parameter in workingReqInfo.BodyVariables)
                            {
                                testExecution.TestsQueue.Enqueue(new TestJob(parameter.Key, parameter.Value, RequestLocation.Body, testDef));
                            }

                            if (!_testFile.TestOnlyParameters)
                            {
                                foreach (var header in workingReqInfo.Headers)
                                {
                                    if (!header.Name.Equals("Host"))
                                    {
                                        testExecution.TestsQueue.Enqueue(new TestJob(header.Name, header.Value, RequestLocation.Headers, testDef));
                                    }
                                }

                                foreach (var cookie in workingReqInfo.Cookies)
                                {
                                    testExecution.TestsQueue.Enqueue(new TestJob(cookie.Key, cookie.Value, RequestLocation.Cookies, testDef));
                                }
                            }
                        }
                        testExecution.StartTestsAsync();
                        while (testExecution.IsRunning)
                        {
                            if (!_runnable)
                            {
                                testExecution.CancelTests();
                            }
                            //wait for the test execution to complete
                            Thread.Sleep(10);
                        }
                    }
                }
                if (_requestsToTest.Count > 0)
                {
                    _requestsToTest.Dequeue();
                }
            }


            //we also initialize all multi-step operations
            List <string> multiStepList = _testFile.GetMultiStepList();

            _multiStepsToTest = new Queue <string>();


            foreach (string path in multiStepList)
            {
                if (File.Exists(path))
                {
                    _multiStepsToTest.Enqueue(path);
                }
                else
                {
                    SdkSettings.Instance.Logger.Log(TraceLevel.Error, "Multi-Step path '{0}' does not exist.", path);
                }
            }

            while (_multiStepsToTest.Count > 0)
            {
                if (!_runnable)
                {
                    return;
                }

                string path = _multiStepsToTest.Peek();

                bool isAbl            = path.EndsWith(".login");
                TrafficViewerFile htd = new TrafficViewerFile();
                if (isAbl)
                {
                    SdkSettings.Instance.Logger.Log(TraceLevel.Error, "ABL files are not supported");
                    continue;
                }
                else
                {
                    htd.Open(path);
                }



                SequentialAttackProxy proxy = GetTestProxy(_netSettings, true) as SequentialAttackProxy;
                proxy.Start();

                DefaultNetworkSettings netSettings = new DefaultNetworkSettings();
                netSettings.WebProxy = new WebProxy(proxy.Host, proxy.Port);
                netSettings.CertificateValidationCallback = _netSettings.CertificateValidationCallback;
                RequestSender.RequestSender reqSender = new RequestSender.RequestSender(netSettings);

                do
                {
                    reqSender.Send(htd);
                }while (!proxy.TestComplete && _runnable);

                proxy.Stop();

                if (_runnable)
                {
                    _multiStepsToTest.Dequeue();
                }
            }
            _trafficFile.SetState(AccessorState.Idle);
            _runnable = false;
        }
Esempio n. 10
0
        private void TestSelectedRequests()
        {
            var    customTests = _testFile.GetCustomTests().Values;
            Tester tester      = new Tester(this, _testFile);

            if (_requestsToTest.Count == 0)
            {
                //load the requests to test
                foreach (var tvReqInfo in _selectedRequests)
                {
                    _requestsToTest.Enqueue(tvReqInfo);
                }
            }

            _trafficFile.SetState(AccessorState.Loading);

            while (_runnable && _requestsToTest.Count > 0)
            {
                TVRequestInfo workingEntry = _requestsToTest.Peek();
                //check the request;
                byte[]          reqBytes       = _trafficFile.LoadRequestData(workingEntry.Id);
                byte[]          respBytes      = _trafficFile.LoadResponseData(workingEntry.Id);
                HttpRequestInfo workingReqInfo = null;
                if (reqBytes == null)
                {
                    Log("SELECT A NEW REQUEST");
                    _requestsToTest.Dequeue(); //remove the request;
                    continue;
                }
                else
                {
                    workingReqInfo          = new HttpRequestInfo(reqBytes, true);
                    workingReqInfo.IsSecure = workingEntry.IsHttps;
                }


                string rawRequest  = workingReqInfo.ToString();
                string rawResponse = respBytes != null?Constants.DefaultEncoding.GetString(respBytes) : String.Empty;

                if (ShouldBeTested(rawRequest, _testFile.GetAttackTargetList()))
                {
                    MultiThreadedTestExecution testExecution = new MultiThreadedTestExecution(tester, rawRequest, rawResponse, new Uri(workingReqInfo.FullUrl), _testFile.NumberOfThreads);

                    bool containsFuzz = rawRequest.Contains(Constants.FUZZ_STRING);

                    foreach (CustomTestDef testDef in customTests)
                    {
                        if (containsFuzz)
                        {
                            testExecution.TestsQueue.Enqueue(new TestJob(String.Empty, String.Empty, RequestLocation.Path, testDef));
                        }
                        else
                        {
                            //iterate through parameters, cookies and headers
                            foreach (var parameter in workingReqInfo.PathVariables)
                            {
                                testExecution.TestsQueue.Enqueue(new TestJob(parameter.Key, parameter.Value, RequestLocation.Path, testDef));
                            }

                            foreach (var parameter in workingReqInfo.QueryVariables)
                            {
                                testExecution.TestsQueue.Enqueue(new TestJob(parameter.Key, parameter.Value, RequestLocation.Query, testDef));
                            }

                            foreach (var parameter in workingReqInfo.BodyVariables)
                            {
                                testExecution.TestsQueue.Enqueue(new TestJob(parameter.Key, parameter.Value, RequestLocation.Body, testDef));
                            }

                            if (!_testFile.TestOnlyParameters)
                            {
                                foreach (var header in workingReqInfo.Headers)
                                {
                                    if (!header.Name.Equals("Host"))
                                    {
                                        testExecution.TestsQueue.Enqueue(new TestJob(header.Name, header.Value, RequestLocation.Headers, testDef));
                                    }
                                }

                                foreach (var cookie in workingReqInfo.Cookies)
                                {
                                    testExecution.TestsQueue.Enqueue(new TestJob(cookie.Key, cookie.Value, RequestLocation.Cookies, testDef));
                                }
                            }
                        }
                    }

                    testExecution.StartTestsAsync();

                    while (testExecution.IsRunning)
                    {
                        if (!_runnable)
                        {
                            testExecution.CancelTests();
                        }
                        //wait for the test execution to complete
                        HttpServerConsole.Instance.WriteLine(LogMessageType.Notification,
                                                             "Requests in queue: {0}, Tests in queue for current request: {1}.",
                                                             _requestsToTest.Count, testExecution.TestsQueue.Count);
                        Thread.Sleep(10);
                    }

                    HttpServerConsole.Instance.WriteLine(LogMessageType.Notification,
                                                         "Test execution completed.");
                }
                if (_requestsToTest.Count > 0)
                {
                    _requestsToTest.Dequeue();
                }
            }
        }