コード例 #1
0
ファイル: Recorder.cs プロジェクト: war-and-code/IronWASP
 internal static void AddParameterValues(Session Sess)
 {
     if (IsRecording)
     {
         Request Req = Sess.Request;
         
         List<string> Values = new List<string>();
         foreach (string Name in Req.Query.GetNames())
         {
             Values.AddRange(Req.Query.GetAll(Name));
         }
         if(Req.BodyType ==  BodyFormatType.UrlFormEncoded)
         {
             foreach (string Name in Req.Body.GetNames())
             {
                 Values.AddRange(Req.Body.GetAll(Name));
             }
         }
         else
         {
             FormatPlugin FP =  FormatPlugin.Get(Req.BodyType);
             if(FP != null)
             {
                 try
                 {
                     string[,] ParaValues = FormatPlugin.XmlToArray(FP.ToXmlFromRequest(Req));
                     for(int i=0; i < ParaValues.GetLength(0); i++)
                     {
                         Values.Add(ParaValues[i,1]);
                     }
                 }
                 catch{}
             }
         }
         if (Values.Contains(OpenRecorder.Username) && Values.Contains(OpenRecorder.Password))
         {
             lock (LogsWithLoginCreds)
             {
                 LogsWithLoginCreds.Add(Sess.LogId);
             }
             CheckIfRecordingGoalsMet();
         }
     }
 }
コード例 #2
0
 static void ScanAssociation(Analysis.LogAssociations Association, List <string> HostsToScan, int[] Marker)
 {
     if (Association.NonIgnorableCount > 0)
     {
         int Index = 0;
         foreach (int Id in Association.LogIds)
         {
             Analysis.LogAssociation Asso = Association.GetAssociation(Id);
             if (!Asso.IsIgnorable && HostsToScan.Contains(Asso.DestinationLog.Request.BaseUrl))
             {
                 Scanner S = new Scanner(Asso.DestinationLog.Request);
                 if (S.BaseRequest.File.Length == 0 && S.BaseRequest.Query.Count == 0 && S.BaseRequest.UrlPathParts.Count > 1)
                 {
                     S.InjectUrl();
                 }
                 S.InjectQuery();
                 if (S.BaseRequest.BodyType == BodyFormatType.Soap ||
                     S.BaseRequest.BodyType == BodyFormatType.Json ||
                     S.BaseRequest.BodyType == BodyFormatType.Multipart ||
                     S.BaseRequest.BodyType == BodyFormatType.Xml)
                 {
                     S.BodyFormat = FormatPlugin.Get(S.BaseRequest.BodyType);
                 }
                 S.InjectBody();
                 S.CheckAll();
                 if (S.InjectionPointsCount > 0)
                 {
                     S.WorkFlowLogAssociations = Association;
                     S.IndexOfRequestToScanInWorkFlowLogAssociations = Index;
                     WorkflowScannerWindow.UpdateScanStatusInUi(true, string.Format("Scanning Request no.{0} in workflow between logs {1}-{2}", Index, Marker[0], Marker[1]));
                     S.Scan();
                 }
                 Index++;
             }
         }
     }
 }
コード例 #3
0
ファイル: CsrfTester.cs プロジェクト: war-and-code/IronWASP
 Request ModifyCsrfTokenInRequest(Request Req)
 {
     if (Req.Query.Has(TokenName))
     {
         if (RemoveParameter)
         {
             Req.Query.Remove(TokenName);
         }
         else
         {
             Req.Query.Set(TokenName, TokenReplacementValue);
         }
     }
     if (Req.HasBody)
     {
         if (Req.IsNormal)
         {
             if (Req.Body.Has(TokenName))
             {
                 if (RemoveParameter)
                 {
                     Req.Body.Remove(TokenName);
                 }
                 else
                 {
                     Req.Body.Set(TokenName, TokenReplacementValue);
                 }
             }
         }
         else
         {
             FormatParameters Params = null;
             if (Req.IsXml)
             {
                 Params = FormatPlugin.GetXmlParameters(Req);
             }
             else if (Req.IsSoap)
             {
                 Params = FormatPlugin.GetSoapParameters(Req);
             }
             else if (Req.IsJson)
             {
                 Params = FormatPlugin.GetJsonParameters(Req);
             }
             else if (Req.IsMultiPart)
             {
                 Params = FormatPlugin.GetMultipartParameters(Req);
             }
             if (Params != null)
             {
                 for (int i = 0; i < Params.Count; i++)
                 {
                     if (Params.GetName(i).Contains(TokenName))
                     {
                         string[] Parts = Params.GetName(i).Split(new char[] { '>' }, StringSplitOptions.RemoveEmptyEntries);
                         if (Parts.Length > 0)
                         {
                             if (Parts[Parts.Length - 1].Trim().Equals(TokenName))
                             {
                                 if (RemoveParameter)
                                 {
                                     TokenReplacementValue = "";
                                 }
                                 if (Req.IsXml || Req.IsSoap || Req.IsJson || Req.IsMultiPart)
                                 {
                                     FormatPlugin.Get(Req.BodyType).InjectInRequest(Req, i, TokenReplacementValue);
                                 }
                             }
                         }
                         break;
                     }
                 }
             }
         }
     }
     return(Req);
 }