internal static void AddParameterValues(Session Sess)
{
if (IsRecording)
{
Request Req = Sess.Request;
List<string> Values = new List<string>();
foreach (string Name in Req.Query.GetNames())
{
Values.AddRange(Req.Query.GetAll(Name));
}
if(Req.BodyType == BodyFormatType.UrlFormEncoded)
{
foreach (string Name in Req.Body.GetNames())
{
Values.AddRange(Req.Body.GetAll(Name));
}
}
else
{
FormatPlugin FP = FormatPlugin.Get(Req.BodyType);
if(FP != null)
{
try
{
string[,] ParaValues = FormatPlugin.XmlToArray(FP.ToXmlFromRequest(Req));
for(int i=0; i < ParaValues.GetLength(0); i++)
{
Values.Add(ParaValues[i,1]);
}
}
catch{}
}
}
if (Values.Contains(OpenRecorder.Username) && Values.Contains(OpenRecorder.Password))
{
lock (LogsWithLoginCreds)
{
LogsWithLoginCreds.Add(Sess.LogId);
}
CheckIfRecordingGoalsMet();
}
}
}
static void ScanAssociation(Analysis.LogAssociations Association, List <string> HostsToScan, int[] Marker)
{
if (Association.NonIgnorableCount > 0)
{
int Index = 0;
foreach (int Id in Association.LogIds)
{
Analysis.LogAssociation Asso = Association.GetAssociation(Id);
if (!Asso.IsIgnorable && HostsToScan.Contains(Asso.DestinationLog.Request.BaseUrl))
{
Scanner S = new Scanner(Asso.DestinationLog.Request);
if (S.BaseRequest.File.Length == 0 && S.BaseRequest.Query.Count == 0 && S.BaseRequest.UrlPathParts.Count > 1)
{
S.InjectUrl();
}
S.InjectQuery();
if (S.BaseRequest.BodyType == BodyFormatType.Soap ||
S.BaseRequest.BodyType == BodyFormatType.Json ||
S.BaseRequest.BodyType == BodyFormatType.Multipart ||
S.BaseRequest.BodyType == BodyFormatType.Xml)
{
S.BodyFormat = FormatPlugin.Get(S.BaseRequest.BodyType);
}
S.InjectBody();
S.CheckAll();
if (S.InjectionPointsCount > 0)
{
S.WorkFlowLogAssociations = Association;
S.IndexOfRequestToScanInWorkFlowLogAssociations = Index;
WorkflowScannerWindow.UpdateScanStatusInUi(true, string.Format("Scanning Request no.{0} in workflow between logs {1}-{2}", Index, Marker[0], Marker[1]));
S.Scan();
}
Index++;
}
}
}
}
Request ModifyCsrfTokenInRequest(Request Req)
{
if (Req.Query.Has(TokenName))
{
if (RemoveParameter)
{
Req.Query.Remove(TokenName);
}
else
{
Req.Query.Set(TokenName, TokenReplacementValue);
}
}
if (Req.HasBody)
{
if (Req.IsNormal)
{
if (Req.Body.Has(TokenName))
{
if (RemoveParameter)
{
Req.Body.Remove(TokenName);
}
else
{
Req.Body.Set(TokenName, TokenReplacementValue);
}
}
}
else
{
FormatParameters Params = null;
if (Req.IsXml)
{
Params = FormatPlugin.GetXmlParameters(Req);
}
else if (Req.IsSoap)
{
Params = FormatPlugin.GetSoapParameters(Req);
}
else if (Req.IsJson)
{
Params = FormatPlugin.GetJsonParameters(Req);
}
else if (Req.IsMultiPart)
{
Params = FormatPlugin.GetMultipartParameters(Req);
}
if (Params != null)
{
for (int i = 0; i < Params.Count; i++)
{
if (Params.GetName(i).Contains(TokenName))
{
string[] Parts = Params.GetName(i).Split(new char[] { '>' }, StringSplitOptions.RemoveEmptyEntries);
if (Parts.Length > 0)
{
if (Parts[Parts.Length - 1].Trim().Equals(TokenName))
{
if (RemoveParameter)
{
TokenReplacementValue = "";
}
if (Req.IsXml || Req.IsSoap || Req.IsJson || Req.IsMultiPart)
{
FormatPlugin.Get(Req.BodyType).InjectInRequest(Req, i, TokenReplacementValue);
}
}
}
break;
}
}
}
}
}
return(Req);
}
void FindCandidatesFromDB(object FilterDictObj)
{
try
{
Dictionary <string, List <string> > FilterInfo = (Dictionary <string, List <string> >)FilterDictObj;
string CsrfParameterName = FilterInfo["TokenName"][0];
List <LogRow> MatchingRecords = IronDB.GetRecordsFromProxyLogMatchingFilters(FilterInfo["Hosts"], FilterInfo["File"], CsrfParameterName);
List <LogRow> RecordsWithToken = new List <LogRow>();
foreach (LogRow LR in MatchingRecords)
{
Request Req = Request.FromProxyLog(LR.ID);
if (Req.Query.Has(CsrfParameterName))
{
RecordsWithToken.Add(LR);
}
else if (Req.HasBody)
{
if (Req.IsNormal)
{
if (Req.Body.Has(CsrfParameterName))
{
RecordsWithToken.Add(LR);
}
}
else
{
FormatParameters Params = null;
if (Req.IsXml)
{
Params = FormatPlugin.GetXmlParameters(Req);
}
else if (Req.IsSoap)
{
Params = FormatPlugin.GetSoapParameters(Req);
}
else if (Req.IsJson)
{
Params = FormatPlugin.GetJsonParameters(Req);
}
else if (Req.IsMultiPart)
{
Params = FormatPlugin.GetMultipartParameters(Req);
}
if (Params != null)
{
for (int i = 0; i < Params.Count; i++)
{
if (Params.GetName(i).Contains(CsrfParameterName))
{
string[] Parts = Params.GetName(i).Split(new char[] { '>' }, StringSplitOptions.RemoveEmptyEntries);
if (Parts.Length > 0)
{
if (Parts[Parts.Length - 1].Trim().Equals(TokenName))
{
RecordsWithToken.Add(LR);
break;
}
}
}
}
}
}
}
}
//Show these records on the page
ShowMatchingRecordValues(RecordsWithToken);
}
catch (ThreadAbortException) { }
catch (Exception Exp)
{
MessageBox.Show(string.Format("Error finding candidates - {0}", Exp.Message));
}
}
