private XAttackParam[] ComputeAttackParams(Form form)
        {
            List<XAttackParam> lstParams=new List<XAttackParam>();

            for (int i = 0; i < form.FormElements.Count; i++)
            {
                FormElement element=form.FormElements.ElementAt(i);

                if(element.Type=="hidden")
                {
                    lstParams.Add(new XAttackParam() { Value=element.Value,FormElementId=element.Id});
                }
                else if (element.Type == "text"
                    || element.Type == "password"
                    || element.Type == "email")
                {
                    lstParams.Add(new XAttackParam() { Value = GetInjectionValue(), FormElementId = element.Id });
                }
                else
                {
                    lstParams.Add(new XAttackParam() { Value = "", FormElementId = element.Id });
                }

            }

            return lstParams.ToArray();
        }
        private string CreateAttackVector(XAttackParam[] attackParams, Form form)
        {
            string postData = "";
            for (int i = 0; i < form.FormElements.Count; i++)
            {
                FormElement element = form.FormElements.ElementAt(i);

                if(!(form.Method=="get" && element.Type=="submit"))
                    postData+=string.Format("{0}={1}&",element.Name,HttpUtility.UrlEncode(attackParams[i].Value));
            }

            postData = postData.Substring(0, postData.Length - 1);

            if (form.Method == "get")
                postData = "?" + postData;

            if (form.Method=="get" && !form.Action.EndsWith("/"))
                postData = "/" + postData;

            return postData;
        }
 private bool HasReflectedResults(Form form)
 {
     return true;
 }
        private string DoAttack(Form form, string attackContent)
        {
            try
            {

                SimpleXssAttackAnnounceItem announceItem = new SimpleXssAttackAnnounceItem(_xAttack, SimpleXssAttackStatus.AttackStarted, _sharedResource, "", DateTime.Now);
                OnAgentAttackAnnounced(announceItem);

                HttpWebRequest request = null;

                if (form.Method == "get")
                    request = WebRequest.Create(form.Action + attackContent) as HttpWebRequest;
                else
                    request = WebRequest.Create(form.Action) as HttpWebRequest;

                request.Timeout = 100000;
                request.UserAgent = "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)";
                request.AllowAutoRedirect = true;
                request.KeepAlive = false;

                if(form.Method=="post")
                {
                    request.ContentType = "";
                    byte[] data = Encoding.UTF8.GetBytes(attackContent);
                    request.ContentLength = data.Length;

                    using(Stream stream=request.GetRequestStream())
                    {
                        stream.Write(data,0,data.Length);
                    }
                }

                using (HttpWebResponse response = request.GetResponse() as HttpWebResponse)
                {
                    if (
                        (response.StatusCode != HttpStatusCode.NotFound
                        || response.StatusCode != HttpStatusCode.BadGateway
                        || response.StatusCode != HttpStatusCode.BadRequest
                        || response.StatusCode != HttpStatusCode.Forbidden
                        || response.StatusCode != HttpStatusCode.GatewayTimeout
                        || response.StatusCode != HttpStatusCode.Gone
                        || response.StatusCode != HttpStatusCode.InternalServerError
                        || response.StatusCode != HttpStatusCode.NotAcceptable)
                        && (response.ContentType.Contains("text/html"))
                        )
                    {
                        using (StreamReader sr = new StreamReader(response.GetResponseStream()))
                        {
                            string resp=sr.ReadToEnd();

                            _sharedResource.IncrementAttacks();
                            announceItem = new SimpleXssAttackAnnounceItem(_xAttack, SimpleXssAttackStatus.AttackFinished, _sharedResource, "", DateTime.Now);
                            OnAgentAttackAnnounced(announceItem);

                            return resp;
                        }
                    }
                    else
                    {
                        announceItem = new SimpleXssAttackAnnounceItem(_xAttack, SimpleXssAttackStatus.AttackHalted, _sharedResource, "", DateTime.Now);
                        OnAgentAttackAnnounced(announceItem);
                        return null;
                    }
                }
            }
            catch (WebException ex)
            {
                SimpleXssAttackAnnounceItem announceItem = new SimpleXssAttackAnnounceItem(_xAttack, SimpleXssAttackStatus.AttackHalted, _sharedResource, "", DateTime.Now);
                OnAgentAttackAnnounced(announceItem);
                return null;
            }
        }
Esempio n. 5
0
 /// <summary>
 /// Create a new Form object.
 /// </summary>
 /// <param name="id">Initial value of the Id property.</param>
 /// <param name="webpageId">Initial value of the WebpageId property.</param>
 /// <param name="action">Initial value of the Action property.</param>
 /// <param name="method">Initial value of the Method property.</param>
 public static Form CreateForm(global::System.Int32 id, global::System.Int32 webpageId, global::System.String action, global::System.String method)
 {
     Form form = new Form();
     form.Id = id;
     form.WebpageId = webpageId;
     form.Action = action;
     form.Method = method;
     return form;
 }
Esempio n. 6
0
 /// <summary>
 /// Deprecated Method for adding a new object to the Forms EntitySet. Consider using the .Add method of the associated ObjectSet&lt;T&gt; property instead.
 /// </summary>
 public void AddToForms(Form form)
 {
     base.AddObject("Forms", form);
 }
Esempio n. 7
0
        private Form[] ExtractForms(Webpage page)
        {
            CrawlAnnounceItem item = new CrawlAnnounceItem(page, CrawlStatus.ExtractingFormsStarted, null, DateTime.Now, _sharedResource);
            OnCrawlAnnounced(item);

            List<Form> _formLst = new List<Form>();
            HtmlNode.ElementsFlags.Remove("form");

            HtmlDocument htmlDocument = new HtmlDocument();
            htmlDocument.LoadHtml(page.Html);

            HtmlNode root = htmlDocument.DocumentNode;

            foreach (HtmlNode formNode in root.Descendants("form"))
            {
                Form form = new Form();
                HtmlAttribute att = formNode.Attributes["action"];
                string uri = (att == null || att.Value == "" || att.Value.StartsWith("#") ? page.Url : att.Value);

                if (Uri.IsWellFormedUriString(uri, UriKind.Absolute))
                    form.Action = uri;
                else if (Uri.IsWellFormedUriString(uri, UriKind.Relative))
                    form.Action = UnifyUri(page, uri);

                form.Method = formNode.Attributes["method"].Value;

                if (form.Action != null)
                {
                    foreach (HtmlNode inputNode in formNode.Descendants("input"))
                    {
                        FormElement element = new FormElement();
                        if (inputNode.Attributes.Any(a => a.Name == "name"))
                            element.Name = inputNode.Attributes["name"].Value;
                        else
                            element.Name = "";

                        if (inputNode.Attributes.Any(a => a.Name == "value"))
                            element.Value = inputNode.Attributes["value"].Value;
                        else
                            element.Value = "";

                        element.Type = inputNode.Attributes["type"].Value;

                        form.FormElements.Add(element);
                    }

                    _formLst.Add(form);
                }
            }

            _sharedResource.AddTotalFormsFound(_formLst.Count);

            item = new CrawlAnnounceItem(page, CrawlStatus.ExtractingFormsFinished, string.Format("این صفحه دارای {0} فرم می باشد.", _formLst.Count), DateTime.Now, _sharedResource);
            OnCrawlAnnounced(item);

            return _formLst.ToArray();
        }
Esempio n. 8
0
        private void AddFormsToPage(Webpage page, Form[] forms)
        {
            lock (_sharedResource.SharedLock)
            {
                for (int i = 0; i < forms.Length; i++)
                {
                    string id=forms[i].Action + ":" + forms[i].Method;
                    for (int j = 0; j < forms[i].FormElements.Count; j++)
                    {
                        id+=":"+forms[i].FormElements.ElementAt(j).Name+":"+forms[i].FormElements.ElementAt(j).Value;
                    }

                    byte[] hashData = Encoding.UTF8.GetBytes(id);

                    if (!_sharedResource.SharedFormHash.Contains(id))
                    {
                        page.Forms.Add(forms[i]);
                        _sharedResource.SharedFormHash.Add(id);
                    }
                    else
                        Console.WriteLine("Duplicated Form");
                }
            }
        }