private void StartFuzzing()
{
while (true)
{
CreateWebrequest webRequest = GetWork();
if (webRequest == null || userStopped)
{
Thread.Sleep(4000);
finished = true;
break;
}
else
{
Process(webRequest);
}
}
//string HTML = SendWebRequest(RequestList[i], string.Empty);
//if (Filtered(HTML))
//{
// if (useMatchFile)
// {
// string Match = GetMatch(HTML);
// WriteMatch(Match);
// }
//}
}
private void PrepareQueue()
{
RequestGenerator RG = new RequestGenerator(Generators);
List <string> RequestListGET = RG.GenerateRequestList(URL);
List <string> RequestListPOST = RG.GenerateRequestList(URL);
if (RequestListGET.Count > 0)
{
requestAnzahl = RequestListGET.Count;
}
else
{
requestAnzahl = RequestListPOST.Count;
}
foreach (string _URL in RequestListGET)
{
if (post.Length == 0)
{
CreateWebrequest webRequest = new CreateWebrequest();
webRequest.URL = _URL;
Work.Enqueue(webRequest);
}
else
{
foreach (string _POST in RequestListPOST)
{
CreateWebrequest webRequest = new CreateWebrequest();
webRequest.URL = _URL;
webRequest.POST = _POST;
Work.Enqueue(webRequest);
}
}
}
}
private string SendWebRequest(string URL, string POST)
{
CreateWebrequest request = new CreateWebrequest();
request.CustomCookieCollection = CustomCookieCollection;
string HTML = request.StringGetWebPage(URL, POST);
return(HTML);
}
private string SendWebRequest(string URL, string POST)
{
CreateWebrequest request = new CreateWebrequest();
request.CustomCookieCollection = CustomCookieCollection;
string HTML = request.StringGetWebPage(URL, POST);
return HTML;
}
private void Process(CreateWebrequest webRequest)
{
string HTML = webRequest.StringGetWebPage();
if (webRequest.Response != null)
{
string ResponseHeaders = "";
for (int iKey = 0; iKey < webRequest.Response.Headers.Keys.Count; iKey++)
{
string Values = "";
string[] ValuesSplitted = webRequest.Response.Headers.GetValues(iKey);
for (int iValue = 0; iValue < ValuesSplitted.Length; iValue++)
Values += ValuesSplitted[iValue] + " ";
ResponseHeaders += webRequest.Response.Headers.Keys[iKey] + ": " + Values + "\r\n";
}
string RequestHeaders = "";
if (webRequest.Request != null)
{
for (int iKey = 0; iKey < webRequest.Request.Headers.Keys.Count; iKey++)
{
string Values = "";
string[] ValuesSplitted = webRequest.Request.Headers.GetValues(iKey);
for (int iValue = 0; iValue < ValuesSplitted.Length; iValue++)
Values += ValuesSplitted[iValue] + " ";
RequestHeaders += webRequest.Request.Headers.Keys[iKey] + ": " + Values + "\r\n";
}
}
bool RequestSuccess = true;
for (int i = 0; i < fuzzerFilters.Count; i++)
{
bool Filtered = true;
FuzzerFilter Filter = fuzzerFilters[i];
if (Filter.ConditionType == FuzzerFilter.ConditionTypes.ResponseHeaders)
{
if (!RegexMatch(ResponseHeaders, Filter.ConditionValue))
Filtered = false;
}
if (Filter.ConditionType == FuzzerFilter.ConditionTypes.ResponseHTML)
{
if (!RegexMatch(HTML, Filter.ConditionValue))
Filtered = false;
}
if (Filter.ConditionType == FuzzerFilter.ConditionTypes.ResponseStatusCode)
{
if (!RegexMatch(Convert.ToInt32(webRequest.Response.StatusCode).ToString(), Filter.ConditionValue))
Filtered = false;
}
if (Filtered && Filter.FilterType == FuzzerFilter.FilterTypes.Exclude)
RequestSuccess = false;
}
if (RequestSuccess)
{
FilteredRequest filteredRequest = new FilteredRequest();
filteredRequest.HTML = HTML;
filteredRequest.URL = webRequest.URL;
filteredRequest.RequestHeaders = RequestHeaders;
filteredRequest.ResponseHeaders = ResponseHeaders;
filteredRequests.Add(filteredRequest);
}
}
}
private void PrepareQueue()
{
RequestGenerator RG = new RequestGenerator(Generators);
List<string> RequestListGET = RG.GenerateRequestList(URL);
List<string> RequestListPOST = RG.GenerateRequestList(URL);
if (RequestListGET.Count > 0)
requestAnzahl = RequestListGET.Count;
else
requestAnzahl = RequestListPOST.Count;
foreach (string _URL in RequestListGET)
{
if (post.Length == 0)
{
CreateWebrequest webRequest = new CreateWebrequest();
webRequest.URL = _URL;
Work.Enqueue(webRequest);
}
else
{
foreach (string _POST in RequestListPOST)
{
CreateWebrequest webRequest = new CreateWebrequest();
webRequest.URL = _URL;
webRequest.POST = _POST;
Work.Enqueue(webRequest);
}
}
}
}
private void Process(CreateWebrequest webRequest)
{
string HTML = webRequest.StringGetWebPage();
if (webRequest.Response != null)
{
string ResponseHeaders = "";
for (int iKey = 0; iKey < webRequest.Response.Headers.Keys.Count; iKey++)
{
string Values = "";
string[] ValuesSplitted = webRequest.Response.Headers.GetValues(iKey);
for (int iValue = 0; iValue < ValuesSplitted.Length; iValue++)
{
Values += ValuesSplitted[iValue] + " ";
}
ResponseHeaders += webRequest.Response.Headers.Keys[iKey] + ": " + Values + "\r\n";
}
string RequestHeaders = "";
if (webRequest.Request != null)
{
for (int iKey = 0; iKey < webRequest.Request.Headers.Keys.Count; iKey++)
{
string Values = "";
string[] ValuesSplitted = webRequest.Request.Headers.GetValues(iKey);
for (int iValue = 0; iValue < ValuesSplitted.Length; iValue++)
{
Values += ValuesSplitted[iValue] + " ";
}
RequestHeaders += webRequest.Request.Headers.Keys[iKey] + ": " + Values + "\r\n";
}
}
bool RequestSuccess = true;
for (int i = 0; i < fuzzerFilters.Count; i++)
{
bool Filtered = true;
FuzzerFilter Filter = fuzzerFilters[i];
if (Filter.ConditionType == FuzzerFilter.ConditionTypes.ResponseHeaders)
{
if (!RegexMatch(ResponseHeaders, Filter.ConditionValue))
{
Filtered = false;
}
}
if (Filter.ConditionType == FuzzerFilter.ConditionTypes.ResponseHTML)
{
if (!RegexMatch(HTML, Filter.ConditionValue))
{
Filtered = false;
}
}
if (Filter.ConditionType == FuzzerFilter.ConditionTypes.ResponseStatusCode)
{
if (!RegexMatch(Convert.ToInt32(webRequest.Response.StatusCode).ToString(), Filter.ConditionValue))
{
Filtered = false;
}
}
if (Filtered && Filter.FilterType == FuzzerFilter.FilterTypes.Exclude)
{
RequestSuccess = false;
}
}
if (RequestSuccess)
{
FilteredRequest filteredRequest = new FilteredRequest();
filteredRequest.HTML = HTML;
filteredRequest.URL = webRequest.URL;
filteredRequest.RequestHeaders = RequestHeaders;
filteredRequest.ResponseHeaders = ResponseHeaders;
filteredRequests.Add(filteredRequest);
}
}
}
