public void Scan() { try { if (this.StartedFromASTab) AddActiveScanID(this.ScanID); this.OriginalRequest.SessionHandler = this.SessionHandler; this.OriginalResponse = this.OriginalRequest.Send();//this is just a temp value since calling inject from GetBaseLine would require a response object this.TestResponse = this.OriginalResponse; this.CurrentRequest = this.OriginalRequest; this.OriginalResponse = SessionHandler.GetBaseLine(this, this.OriginalRequest); this.CurrentRequest = this.OriginalRequest; this.TestResponse = this.OriginalResponse; foreach (ActivePlugin AP in this.Plugins.Values) { this.CurrentPlugin = AP.Name; this.CurrentSection = "URL"; foreach (int URLPartPosition in this.URLInjections) { this.CurrentURLPartPosition = URLPartPosition; this.CurrentParameterName = ""; this.CurrentSubParameterPosition = 0; this.CurrentParameterValue = this.CurrentRequest.UrlPathParts[URLPartPosition]; this.CheckWithActivePlugin(AP); } this.CurrentSection = "Query"; foreach (string ParameterName in this.QueryInjections.GetAll()) { this.CurrentParameterName = ParameterName; foreach (int SubParameterPosition in this.QueryInjections.GetAll(ParameterName)) { this.CurrentSubParameterPosition = SubParameterPosition; this.CurrentParameterValue = this.CurrentRequest.Query.GetAll(ParameterName)[SubParameterPosition]; this.CheckWithActivePlugin(AP); } } this.CurrentSection = "Body"; if (BodyFormat.Name.Length == 0) { foreach (string ParameterName in this.BodyInjections.GetAll()) { this.CurrentParameterName = ParameterName; foreach (int SubParameterPosition in this.BodyInjections.GetAll(ParameterName)) { this.CurrentSubParameterPosition = SubParameterPosition; this.CurrentParameterValue = this.CurrentRequest.Body.GetAll(ParameterName)[SubParameterPosition]; this.CheckWithActivePlugin(AP); } } } else { if (this.BodyXmlInjections.Count != XmlInjectionArray.GetLength(0) || !XmlInjectionSignature.Equals(Tools.MD5("Name:" + BodyFormat.Name + "|Body" + this.OriginalRequest.BodyString))) { string Xml = BodyFormat.ToXmlFromRequest(this.OriginalRequest); XmlInjectionArray = FormatPlugin.XmlToArray(Xml); XmlInjectionSignature = Tools.MD5("Name:" + BodyFormat.Name + "|Body" + this.OriginalRequest.BodyString); } foreach (int BodyXmlPosition in this.BodyXmlInjections) { this.CurrentBodyXmlPosition = BodyXmlPosition; if (XmlInjectionArray.GetLength(0) > BodyXmlPosition) { this.CurrentParameterName = XmlInjectionArray[BodyXmlPosition, 0]; this.CurrentParameterValue = XmlInjectionArray[BodyXmlPosition, 1]; } else { this.CurrentParameterName = ""; this.CurrentParameterValue = ""; } this.CurrentSubParameterPosition = 0; this.CheckWithActivePlugin(AP); } } this.CurrentSection = "Cookie"; foreach (string ParameterName in this.CookieInjections.GetAll()) { this.CurrentParameterName = ParameterName; foreach (int SubParameterPosition in this.CookieInjections.GetAll(ParameterName)) { this.CurrentSubParameterPosition = SubParameterPosition; this.CurrentParameterValue = this.CurrentRequest.Cookie.GetAll(ParameterName)[SubParameterPosition]; this.CheckWithActivePlugin(AP); } } this.CurrentSection = "Headers"; foreach (string ParameterName in this.HeadersInjections.GetAll()) { this.CurrentParameterName = ParameterName; foreach (int SubParameterPosition in this.HeadersInjections.GetAll(ParameterName)) { this.CurrentSubParameterPosition = SubParameterPosition; this.CurrentParameterValue = this.CurrentRequest.Headers.GetAll(ParameterName)[SubParameterPosition]; this.CheckWithActivePlugin(AP); } } } if (this.StartedFromASTab) { Interlocked.Decrement(ref Config.ActiveScansCount); IronUI.UpdateScanQueueStatus(this.ScanID, "Completed"); IronDB.UpdateScanStatus(this.ScanID, "Completed"); try { lock (CompletedScanIDs) { CompletedScanIDs.Enqueue(this.ScanID); } } catch { } this.DequeueAndStartScan(); } } catch (ThreadAbortException ThExp) { HandleScannerException(false, ThExp); } catch (Exception Exp) { HandleScannerException(true, Exp); } }
void PrepareScanner() { this.OriginalRequest.SessionHandler = this.SessionHandler; //this.OriginalResponse = this.OriginalRequest.Send();//this is just a temp value since calling inject from GetBaseLine would require a response object this.OriginalResponse = null; //this.TestResponse = this.OriginalResponse; this.TestResponse = null; this.CurrentRequest = this.OriginalRequest; this.OriginalResponse = SessionHandler.GetBaseLine(this, null); this.CurrentRequest = this.OriginalRequest; this.TestResponse = this.OriginalResponse; }