internal static void AddParameterValues(Session Sess) { if (IsRecording) { Request Req = Sess.Request; List<string> Values = new List<string>(); foreach (string Name in Req.Query.GetNames()) { Values.AddRange(Req.Query.GetAll(Name)); } if(Req.BodyType == BodyFormatType.UrlFormEncoded) { foreach (string Name in Req.Body.GetNames()) { Values.AddRange(Req.Body.GetAll(Name)); } } else { FormatPlugin FP = FormatPlugin.Get(Req.BodyType); if(FP != null) { try { string[,] ParaValues = FormatPlugin.XmlToArray(FP.ToXmlFromRequest(Req)); for(int i=0; i < ParaValues.GetLength(0); i++) { Values.Add(ParaValues[i,1]); } } catch{} } } if (Values.Contains(OpenRecorder.Username) && Values.Contains(OpenRecorder.Password)) { lock (LogsWithLoginCreds) { LogsWithLoginCreds.Add(Sess.LogId); } CheckIfRecordingGoalsMet(); } } }
static void ScanAssociation(Analysis.LogAssociations Association, List <string> HostsToScan, int[] Marker) { if (Association.NonIgnorableCount > 0) { int Index = 0; foreach (int Id in Association.LogIds) { Analysis.LogAssociation Asso = Association.GetAssociation(Id); if (!Asso.IsIgnorable && HostsToScan.Contains(Asso.DestinationLog.Request.BaseUrl)) { Scanner S = new Scanner(Asso.DestinationLog.Request); if (S.BaseRequest.File.Length == 0 && S.BaseRequest.Query.Count == 0 && S.BaseRequest.UrlPathParts.Count > 1) { S.InjectUrl(); } S.InjectQuery(); if (S.BaseRequest.BodyType == BodyFormatType.Soap || S.BaseRequest.BodyType == BodyFormatType.Json || S.BaseRequest.BodyType == BodyFormatType.Multipart || S.BaseRequest.BodyType == BodyFormatType.Xml) { S.BodyFormat = FormatPlugin.Get(S.BaseRequest.BodyType); } S.InjectBody(); S.CheckAll(); if (S.InjectionPointsCount > 0) { S.WorkFlowLogAssociations = Association; S.IndexOfRequestToScanInWorkFlowLogAssociations = Index; WorkflowScannerWindow.UpdateScanStatusInUi(true, string.Format("Scanning Request no.{0} in workflow between logs {1}-{2}", Index, Marker[0], Marker[1])); S.Scan(); } Index++; } } } }
Request ModifyCsrfTokenInRequest(Request Req) { if (Req.Query.Has(TokenName)) { if (RemoveParameter) { Req.Query.Remove(TokenName); } else { Req.Query.Set(TokenName, TokenReplacementValue); } } if (Req.HasBody) { if (Req.IsNormal) { if (Req.Body.Has(TokenName)) { if (RemoveParameter) { Req.Body.Remove(TokenName); } else { Req.Body.Set(TokenName, TokenReplacementValue); } } } else { FormatParameters Params = null; if (Req.IsXml) { Params = FormatPlugin.GetXmlParameters(Req); } else if (Req.IsSoap) { Params = FormatPlugin.GetSoapParameters(Req); } else if (Req.IsJson) { Params = FormatPlugin.GetJsonParameters(Req); } else if (Req.IsMultiPart) { Params = FormatPlugin.GetMultipartParameters(Req); } if (Params != null) { for (int i = 0; i < Params.Count; i++) { if (Params.GetName(i).Contains(TokenName)) { string[] Parts = Params.GetName(i).Split(new char[] { '>' }, StringSplitOptions.RemoveEmptyEntries); if (Parts.Length > 0) { if (Parts[Parts.Length - 1].Trim().Equals(TokenName)) { if (RemoveParameter) { TokenReplacementValue = ""; } if (Req.IsXml || Req.IsSoap || Req.IsJson || Req.IsMultiPart) { FormatPlugin.Get(Req.BodyType).InjectInRequest(Req, i, TokenReplacementValue); } } } break; } } } } } return(Req); }