public void Scan()
{
try
{
if (this.StartedFromASTab) AddActiveScanID(this.ScanID);
this.OriginalRequest.SessionHandler = this.SessionHandler;
this.OriginalResponse = this.OriginalRequest.Send();//this is just a temp value since calling inject from GetBaseLine would require a response object
this.TestResponse = this.OriginalResponse;
this.CurrentRequest = this.OriginalRequest;
this.OriginalResponse = SessionHandler.GetBaseLine(this, this.OriginalRequest);
this.CurrentRequest = this.OriginalRequest;
this.TestResponse = this.OriginalResponse;
foreach (ActivePlugin AP in this.Plugins.Values)
{
this.CurrentPlugin = AP.Name;
this.CurrentSection = "URL";
foreach (int URLPartPosition in this.URLInjections)
{
this.CurrentURLPartPosition = URLPartPosition;
this.CurrentParameterName = "";
this.CurrentSubParameterPosition = 0;
this.CurrentParameterValue = this.CurrentRequest.UrlPathParts[URLPartPosition];
this.CheckWithActivePlugin(AP);
}
this.CurrentSection = "Query";
foreach (string ParameterName in this.QueryInjections.GetAll())
{
this.CurrentParameterName = ParameterName;
foreach (int SubParameterPosition in this.QueryInjections.GetAll(ParameterName))
{
this.CurrentSubParameterPosition = SubParameterPosition;
this.CurrentParameterValue = this.CurrentRequest.Query.GetAll(ParameterName)[SubParameterPosition];
this.CheckWithActivePlugin(AP);
}
}
this.CurrentSection = "Body";
if (BodyFormat.Name.Length == 0)
{
foreach (string ParameterName in this.BodyInjections.GetAll())
{
this.CurrentParameterName = ParameterName;
foreach (int SubParameterPosition in this.BodyInjections.GetAll(ParameterName))
{
this.CurrentSubParameterPosition = SubParameterPosition;
this.CurrentParameterValue = this.CurrentRequest.Body.GetAll(ParameterName)[SubParameterPosition];
this.CheckWithActivePlugin(AP);
}
}
}
else
{
if (this.BodyXmlInjections.Count != XmlInjectionArray.GetLength(0) || !XmlInjectionSignature.Equals(Tools.MD5("Name:" + BodyFormat.Name + "|Body" + this.OriginalRequest.BodyString)))
{
string Xml = BodyFormat.ToXmlFromRequest(this.OriginalRequest);
XmlInjectionArray = FormatPlugin.XmlToArray(Xml);
XmlInjectionSignature = Tools.MD5("Name:" + BodyFormat.Name + "|Body" + this.OriginalRequest.BodyString);
}
foreach (int BodyXmlPosition in this.BodyXmlInjections)
{
this.CurrentBodyXmlPosition = BodyXmlPosition;
if (XmlInjectionArray.GetLength(0) > BodyXmlPosition)
{
this.CurrentParameterName = XmlInjectionArray[BodyXmlPosition, 0];
this.CurrentParameterValue = XmlInjectionArray[BodyXmlPosition, 1];
}
else
{
this.CurrentParameterName = "";
this.CurrentParameterValue = "";
}
this.CurrentSubParameterPosition = 0;
this.CheckWithActivePlugin(AP);
}
}
this.CurrentSection = "Cookie";
foreach (string ParameterName in this.CookieInjections.GetAll())
{
this.CurrentParameterName = ParameterName;
foreach (int SubParameterPosition in this.CookieInjections.GetAll(ParameterName))
{
this.CurrentSubParameterPosition = SubParameterPosition;
this.CurrentParameterValue = this.CurrentRequest.Cookie.GetAll(ParameterName)[SubParameterPosition];
this.CheckWithActivePlugin(AP);
}
}
this.CurrentSection = "Headers";
foreach (string ParameterName in this.HeadersInjections.GetAll())
{
this.CurrentParameterName = ParameterName;
foreach (int SubParameterPosition in this.HeadersInjections.GetAll(ParameterName))
{
this.CurrentSubParameterPosition = SubParameterPosition;
this.CurrentParameterValue = this.CurrentRequest.Headers.GetAll(ParameterName)[SubParameterPosition];
this.CheckWithActivePlugin(AP);
}
}
}
if (this.StartedFromASTab)
{
Interlocked.Decrement(ref Config.ActiveScansCount);
IronUI.UpdateScanQueueStatus(this.ScanID, "Completed");
IronDB.UpdateScanStatus(this.ScanID, "Completed");
try
{
lock (CompletedScanIDs)
{
CompletedScanIDs.Enqueue(this.ScanID);
}
}
catch { }
this.DequeueAndStartScan();
}
}
catch (ThreadAbortException ThExp)
{
HandleScannerException(false, ThExp);
}
catch (Exception Exp)
{
HandleScannerException(true, Exp);
}
}
void PrepareScanner()
{
this.OriginalRequest.SessionHandler = this.SessionHandler;
//this.OriginalResponse = this.OriginalRequest.Send();//this is just a temp value since calling inject from GetBaseLine would require a response object
this.OriginalResponse = null;
//this.TestResponse = this.OriginalResponse;
this.TestResponse = null;
this.CurrentRequest = this.OriginalRequest;
this.OriginalResponse = SessionHandler.GetBaseLine(this, null);
this.CurrentRequest = this.OriginalRequest;
this.TestResponse = this.OriginalResponse;
}
