public string initiate(int intSessionId)
{
string strTotalDoc = "";
string strHeader = "";
string strUserAgent = "";
System.Text.StringBuilder objFormSubmissionStr = new System.Text.StringBuilder();
strGuid = "" + System.Guid.NewGuid().ToString();
mSessionId = intSessionId;
objSession.id = mSessionId;
objSession.populate();
devCafe.framework.frameworkListItems objFrameWorkListItem = new devCafe.framework.frameworkListItems();
objFrameWorkListItem.id = objSession.userAgent;
objFrameWorkListItem.populate();
strUserAgent = objFrameWorkListItem.listItemName;
#region Construct Report Header
strHeader += "<header>";
strHeader += "<application>beretta</application>";
strHeader += "<version>1.0</version>";
strHeader += "<sessionId>" + objSession.id.ToString() + "</sessionId>";
strHeader += "<date>" + System.DateTime.Now + "</date>";
if (objSession.authenticationType == 0)
{
strHeader += "<authenticationType>None</authenticationType>";
}
else if (objSession.authenticationType == 1)
{
strHeader += "<authenticationType>Forms</authenticationType>";
}
else if (objSession.authenticationType == 2)
{
strHeader += "<authenticationType>Raw</authenticationType>";
}
strHeader += "<sessionName>" + objSession.sessionName + "</sessionName>";
strHeader += "<sessionDescription>" + objSession.sessionDescription + "</sessionDescription>";
strHeader += "</header>";
#endregion
objUrlsDataSet = urlsDataAccess.getAllForSession(objSession.id);
//For each URL in session
foreach (DataRow objUrlRow in objUrlsDataSet.Tables[0].Rows)
{
//Manual Scan
urlWorker objUrlWorker = new urlWorker();
objUrlWorker.sessionId = objSession.id;
objUrlWorker.authenticationType = objSession.authenticationType;
objUrlWorker.urlId = System.Convert.ToInt32(objUrlRow["id"]);
objUrlWorker.userAgent = strUserAgent;
objUrlWorker.scanManual();
strUrls = strUrls + "<url>" + objUrlWorker.url + "</url>";
if (objUrlWorker.objBerettaResultHashTable != null && objUrlWorker.objBerettaResultHashTable.Count > 0)
{
objStringBuilder.Append(buildResults(objUrlWorker.objBerettaResultHashTable));
}
objFormSubmissionStr.Append(buildSubmission(objUrlWorker.objBerettaSubmissionHashTable));
objUrlWorker = null;
//Auto Scan
if (objSession.useAutoScan == 1)
{
urlWorker objUrlWorkerAuto = new urlWorker();
objUrlWorkerAuto.sessionId = objSession.id;
objUrlWorkerAuto.authenticationType = objSession.authenticationType;
objUrlWorkerAuto.urlId = System.Convert.ToInt32(objUrlRow["id"]);
objUrlWorkerAuto.userAgent = strUserAgent;
objUrlWorkerAuto.scanAuto();
if (objUrlWorkerAuto.objBerettaResultHashTable != null && objUrlWorkerAuto.objBerettaResultHashTable.Count > 0)
{
objStringBuilder.Append(buildResults(objUrlWorkerAuto.objBerettaResultHashTable));
}
objFormSubmissionStr.Append(buildSubmission(objUrlWorkerAuto.objBerettaSubmissionHashTable));
objUrlWorkerAuto = null;
}
}
#region Construct XML report
strTotalDoc += "<report>";
strTotalDoc += "" + strHeader;
strTotalDoc += "" + "<body>";
strTotalDoc += "" + "<urlsScanned>" + strUrls + "</urlsScanned>";
strTotalDoc += "<scanItems>" + objStringBuilder.ToString() + "</scanItems>";
strTotalDoc += "<formSubmissions>" + objFormSubmissionStr.ToString() + "</formSubmissions>";
strTotalDoc += "" + "</body>";
strTotalDoc += "</report>";
#endregion
#region Write XML report
string strPath = "" + System.Configuration.ConfigurationSettings.AppSettings.Get("outputDir") + strGuid + ".XML";
StreamWriter objStreamWriter;
//Add XSL file ref
string strXslFile = "" + devCafe.framework.keyDataAccess.get("defaultScanXSL");
strTotalDoc = "<?xml-stylesheet href='../xsl/" + strXslFile + "' type='text/xsl'?>" + strTotalDoc;
objStreamWriter = System.IO.File.CreateText(strPath);
objStreamWriter.WriteLine(strTotalDoc);
objStreamWriter.Close();
#endregion
return("./" + strGuid + ".XML");
}
private void cmdScan_Click(object sender, System.EventArgs e)
{
string strPath = "" + Application.StartupPath;
string strTotalDoc = "";
string strHeader = "";
string strUserAgent = "";
DataSet objPayloads;
DataSet objSignatures;
berettaWinForms.classes.loadXml objLoadXml = new berettaWinForms.classes.loadXml();
objSignatures = objLoadXml.loadSignatures(strPath + "/data/signatures.xml");
objPayloads = objLoadXml.loadPayloads(strPath + "/data/payloads.xml");
MessageBox.Show("Starting Scan");
System.Text.StringBuilder objFormSubmissionStr = new System.Text.StringBuilder();
string strGuid = "" + System.Guid.NewGuid().ToString();
#region Construct Report Header
strHeader += "<header>";
strHeader += "<application>beretta</application>";
strHeader += "<version>1.0</version>";
strHeader += "<sessionId>0</sessionId>";
strHeader += "<date>" + System.DateTime.Now + "</date>";
strHeader += "<authenticationType>None</authenticationType>";
strHeader += "<sessionName>New Session</sessionName>";
strHeader += "<sessionDescription>Description</sessionDescription>";
strHeader += "</header>";
#endregion
foreach (string strUrl in lstUrls.Items)
{
//Auto Scan
urlWorker objUrlWorkerAuto = new urlWorker();
objUrlWorkerAuto.sessionId = 0;
objUrlWorkerAuto.authenticationType = 0;
objUrlWorkerAuto.url = "" + strUrl;
objUrlWorkerAuto.userAgent = strUserAgent;
objUrlWorkerAuto.payloadDataSet = objPayloads;
objUrlWorkerAuto.signaturesDataSet = objSignatures;
objUrlWorkerAuto.scanAuto();
if (objUrlWorkerAuto.objBerettaResultHashTable != null && objUrlWorkerAuto.objBerettaResultHashTable.Count > 0)
{
objStringBuilder.Append(buildResults(objUrlWorkerAuto.objBerettaResultHashTable));
}
objFormSubmissionStr.Append(buildSubmission(objUrlWorkerAuto.objBerettaSubmissionHashTable));
objUrlWorkerAuto = null;
strUrls = strUrls + "<url>" + strUrl + "</url>";
}
#region Construct XML report
strTotalDoc += "<report>";
strTotalDoc += "" + strHeader;
strTotalDoc += "" + "<body>";
strTotalDoc += "" + "<urlsScanned>" + strUrls + "</urlsScanned>";
strTotalDoc += "<scanItems>" + objStringBuilder.ToString() + "</scanItems>";
strTotalDoc += "<formSubmissions>" + objFormSubmissionStr.ToString() + "</formSubmissions>";
strTotalDoc += "" + "</body>";
strTotalDoc += "</report>";
#endregion
#region Write XML report
string strOutputPath = "" + Application.StartupPath + "/output/" + strGuid + ".XML";
string strXSLPath = "" + Application.StartupPath + "/xsl/beretta.xsl";
StreamWriter objStreamWriter;
//Add XSL file ref
strTotalDoc = "<?xml-stylesheet href='" + strXSLPath + "' type='text/xsl'?>" + strTotalDoc;
objStreamWriter = System.IO.File.CreateText(strOutputPath);
objStreamWriter.WriteLine(strTotalDoc);
objStreamWriter.Close();
MessageBox.Show("Finished Scan. Report at: " + strOutputPath);
#endregion
}
