Request ModifyCsrfTokenInRequest(Request Req)
{
if (Req.Query.Has(TokenName))
{
if (RemoveParameter)
{
Req.Query.Remove(TokenName);
}
else
{
Req.Query.Set(TokenName, TokenReplacementValue);
}
}
if (Req.HasBody)
{
if (Req.IsNormal)
{
if (Req.Body.Has(TokenName))
{
if (RemoveParameter)
{
Req.Body.Remove(TokenName);
}
else
{
Req.Body.Set(TokenName, TokenReplacementValue);
}
}
}
else
{
FormatParameters Params = null;
if (Req.IsXml)
{
Params = FormatPlugin.GetXmlParameters(Req);
}
else if (Req.IsSoap)
{
Params = FormatPlugin.GetSoapParameters(Req);
}
else if (Req.IsJson)
{
Params = FormatPlugin.GetJsonParameters(Req);
}
else if (Req.IsMultiPart)
{
Params = FormatPlugin.GetMultipartParameters(Req);
}
if (Params != null)
{
for (int i = 0; i < Params.Count; i++)
{
if (Params.GetName(i).Contains(TokenName))
{
string[] Parts = Params.GetName(i).Split(new char[] { '>' }, StringSplitOptions.RemoveEmptyEntries);
if (Parts.Length > 0)
{
if (Parts[Parts.Length - 1].Trim().Equals(TokenName))
{
if (RemoveParameter)
{
TokenReplacementValue = "";
}
if (Req.IsXml || Req.IsSoap || Req.IsJson || Req.IsMultiPart)
{
FormatPlugin.Get(Req.BodyType).InjectInRequest(Req, i, TokenReplacementValue);
}
}
}
break;
}
}
}
}
}
return(Req);
}
void FindCandidatesFromDB(object FilterDictObj)
{
try
{
Dictionary <string, List <string> > FilterInfo = (Dictionary <string, List <string> >)FilterDictObj;
string CsrfParameterName = FilterInfo["TokenName"][0];
List <LogRow> MatchingRecords = IronDB.GetRecordsFromProxyLogMatchingFilters(FilterInfo["Hosts"], FilterInfo["File"], CsrfParameterName);
List <LogRow> RecordsWithToken = new List <LogRow>();
foreach (LogRow LR in MatchingRecords)
{
Request Req = Request.FromProxyLog(LR.ID);
if (Req.Query.Has(CsrfParameterName))
{
RecordsWithToken.Add(LR);
}
else if (Req.HasBody)
{
if (Req.IsNormal)
{
if (Req.Body.Has(CsrfParameterName))
{
RecordsWithToken.Add(LR);
}
}
else
{
FormatParameters Params = null;
if (Req.IsXml)
{
Params = FormatPlugin.GetXmlParameters(Req);
}
else if (Req.IsSoap)
{
Params = FormatPlugin.GetSoapParameters(Req);
}
else if (Req.IsJson)
{
Params = FormatPlugin.GetJsonParameters(Req);
}
else if (Req.IsMultiPart)
{
Params = FormatPlugin.GetMultipartParameters(Req);
}
if (Params != null)
{
for (int i = 0; i < Params.Count; i++)
{
if (Params.GetName(i).Contains(CsrfParameterName))
{
string[] Parts = Params.GetName(i).Split(new char[] { '>' }, StringSplitOptions.RemoveEmptyEntries);
if (Parts.Length > 0)
{
if (Parts[Parts.Length - 1].Trim().Equals(TokenName))
{
RecordsWithToken.Add(LR);
break;
}
}
}
}
}
}
}
}
//Show these records on the page
ShowMatchingRecordValues(RecordsWithToken);
}
catch (ThreadAbortException) { }
catch (Exception Exp)
{
MessageBox.Show(string.Format("Error finding candidates - {0}", Exp.Message));
}
}