private string getDataApiString(string urlApi)
{
MyWebRequest myRequest = new MyWebRequest(urlApi);
string data = myRequest.GetResponse();
return(data);
}
private void Geo()
{
GeoCoordinateWatcher watcher;
watcher = new GeoCoordinateWatcher();
label1.Text = "Loading..";
watcher.PositionChanged += (sender, e) =>
{
var coordinate = e.Position.Location;
var prm = "lat=" + coordinate.Latitude.ToString() + "&long=" + coordinate.Longitude.ToString();
label1.Text = coordinate.Latitude.ToString() + "--" + coordinate.Longitude.ToString();
watcher.Stop();
try
{
MyWebRequest myRequest = new MyWebRequest("http://denyoapi.stridecdev.com/vij.php?gid=" + gid + "&" + prm, "GET");
var str = myRequest.GetResponse();
}
catch (WebException ex) { MessageBox.Show(ex.Message); }
// MessageBox.Show(str);
// browsor.Navigate("javascript:" + f + "('" + coordinate.Latitude.ToString() + "','" + coordinate.Longitude.ToString() + "')");
// Uncomment to get only one event.
};
// Begin listening for location updates.
watcher.Start();
}
private void StatRequest(MyWebRequest req)
{
StringBuilder sb = new StringBuilder("<html><head><meta http-equiv=\"Refresh\" content=\"30\" /><title>Статистика</title></head><body>");
sb.Append("<h1>Версия приложения:</h1>");
sb.Append(Assembly.GetExecutingAssembly().ManifestModule.Assembly);
sb.Append("<h1>Статистика бродкаста</h1>");
sb.Append("<table border=1><tr><td><b>Трансляция</b></td><td><b>Количество подключений</b></td></tr>");
var broads = Proxy.Broadcaster.GetBroadcasts();
foreach (var broad in broads)
{
sb.AppendFormat("<tr><td>{0}</td><td>{1}</td></tr>", broad, Proxy.Broadcaster.GetClientConnected(broad));
}
sb.Append("</table><h1>Статистика VL VoD</h1><table border=1>");
sb.Append("<tr><td><b>URL-источника</b></td><td><b>VLC VoD URL</b></td></tr>");
sb.Append("</table></body></html>");
var res = Encoding.UTF8.GetBytes(sb.ToString());
var resp = req.GetResponse();
resp.AddHeader(HttpHeader.ContentType, WebServer.GetMime(".html").ToString());
resp.AddHeader(HttpHeader.ContentLength, res.Length.ToString());
resp.SendHeaders();
resp.GetStream().Write(res, 0, res.Length);
}
private void X_GetFeatureList(MyWebRequest request)
{
StringBuilder sb = new StringBuilder();
using (XmlWriter writer = XmlWriter.Create(sb, new XmlWriterSettings()
{
OmitXmlDeclaration = true
}))
{
writer.WriteStartElement("Features", "urn:schemas-upnp-org:av:avs");
writer.WriteAttributeString("xmlns", "xsi", null, "http://www.w3.org/2001/XMLSchema-instance");
writer.WriteAttributeString("xsi", "schemaLocation", null, "urn:schemas-upnp-org:av:avs http://www.upnp.org/schemas/av/avs.xsd");
writer.WriteStartElement("Feature");
writer.WriteAttributeString("name", "samsung.com_BASICVIEW");
writer.WriteAttributeString("version", "1");
writer.WriteStartElement("container");
writer.WriteAttributeString("id", "0");
writer.WriteAttributeString("type", "object.item.videoItem");
writer.WriteEndElement();
writer.WriteEndElement();
writer.WriteEndElement();
}
MyWebResponse response = request.GetResponse();
response.SendSoapHeadersBody(sb.ToString());
}
public List <object> SelectAll()
{
MyWebRequest myRequest = new MyWebRequest(phpLocatie + "agenda.php", "POST", databaseString);
string s = myRequest.GetStringResponse();
List <object> resultList = new List <object>();
// MyWebRequest
myRequest = new MyWebRequest(phpLocatie + "lidselectall.php", "POST", databaseString);
MySQLLidResponse myResponse = JsonConvert.DeserializeObject <MySQLLidResponse>(myRequest.GetStringResponse());
resultList.Add(myResponse.posts);
myRequest = new MyWebRequest(phpLocatie + "incselectall.php", "POST", databaseString);
MySQLIncassoResponse myResponse2 = JsonConvert.DeserializeObject <MySQLIncassoResponse>(myRequest.GetStringResponse());
resultList.Add(myResponse2.posts);
myRequest = new MyWebRequest(phpLocatie + "corselectall.php", "POST", databaseString);
MySQLCompResultResponse myResponse3 = JsonConvert.DeserializeObject <MySQLCompResultResponse>(myRequest.GetStringResponse());
resultList.Add(myResponse3.posts);
myRequest = new MyWebRequest(phpLocatie + "betselectall.php", "POST", databaseString);
MySQLBetalingResponse myResponse4 = JsonConvert.DeserializeObject <MySQLBetalingResponse>(myRequest.GetStringResponse());
resultList.Add(myResponse4.posts);
myRequest = new MyWebRequest(phpLocatie + "creselectall.php", "POST", databaseString);
MySQLCrediteurResponse myResponse5 = JsonConvert.DeserializeObject <MySQLCrediteurResponse>(myRequest.GetStringResponse());
resultList.Add(myResponse5.posts);
return(resultList);
}
public Login()
{
InitializeComponent();
//Console.WriteLine("------------------------>" + emp.Account.UserName);
//var json = new JavaScriptSerializer().Serialize(setAddEmployee(emp)).ToString();
//create the constructor with post type and few data
MyWebRequest myRequest = new MyWebRequest("http://127.0.0.1:1200/Ma_so_Xu_ly=Doc_Danh_sach_Nguoi_dung", "POST");
//show the response string on the console screen.
String json = myRequest.GetResponse();
Console.WriteLine(json);
/*
* List<User> obj = JsonConvert.DeserializeObject<List<User>>(json);
* obj.ForEach(x =>
* {
* Console.WriteLine(x.email);
* x.listReminder.ForEach(y =>
* {
* Console.WriteLine(y.notes);
* });
* });*/
}
private void ProceedEventSub(MyWebRequest req)
{
uint timeout = uint.Parse(req.Headers["TIMEOUT"].Split(new[] { '-' }, StringSplitOptions.RemoveEmptyEntries).Last());
string sid;
if (req.Headers.ContainsKey("SID"))
{
sid = req.Headers["SID"];
}
else
{
sid = "uuid:" + Guid.NewGuid();
string callback = req.Headers["CALLBACK"];
int startIdx = callback.IndexOf('<') + 1;
int endIdx = callback.IndexOf('>', startIdx);
Uri uri = new Uri(callback.Substring(startIdx, endIdx - startIdx));
new SendEventDel(SendEvent).BeginInvoke(sid, uri, null, null);
}
var resp = req.GetResponse();
resp.AddHeader(HttpHeader.ContentLength, "0");
resp.AddHeader("SID", sid);
resp.AddHeader("TIMEOUT", "Second-" + timeout);
resp.SendHeaders();
}
private MySQLGeneralResponse WebRequestUpdate(string tabel, string urlString)
{
try
{
Console.WriteLine(databaseString);
MyWebRequest myRequest = new MyWebRequest(phpLocatie + tabel + "update.php", "POST", databaseString + urlString);
MySQLGeneralResponse obj = JsonConvert.DeserializeObject <MySQLGeneralResponse>(myRequest.GetStringResponse());
if (obj.success == 4)
{
myRequest = new MyWebRequest(phpLocatie + tabel + "insert.php", "POST", databaseString + urlString);
obj = JsonConvert.DeserializeObject <MySQLGeneralResponse>(myRequest.GetStringResponse());
}
Console.WriteLine(obj.message);
return(obj);
}
catch (Exception ex)
{
MySQLGeneralResponse obj = new MySQLGeneralResponse();
obj.message = ex.Message;
obj.success = 0;
return(obj);
}
}
public static string Send(string phone, string message)
{
//MyWebRequest myRequest = new MyWebRequest("http://www.jawalbsms.ws/api.php/sendsms?", "POST", "user=acig111&pass=1234&to=" + phone + "&message=" + message + "&sender=Acig");
var myRequest = new MyWebRequest("http://sms-quick.com/api/sendsms.php?", "POST", "username=ACIG&password=ACIG123456&numbers=" + phone + "&message=" + message + "&sender=ACIG&unicode=u&return=xml");
return(myRequest.GetResponse());
}
public override void Play(MyWebRequest req)
{
string id = req.Parameters["id"].Split("#".ToCharArray(), 2)[0];
Records rec = _device.Records[id];
req.GetResponse().SendFile(rec.Path.LocalPath);
}
public TorrentStream GetContentUrl(SourceUrl url, MyWebRequest req)
{
//locker.isSet = true;
if (url.Type == SourceType.Torrent)
{
url.Url = new Uri(url.Url, UriKind.Absolute).ToString();
}
var ts = _device.Proxy.GetTsClient(url.Url);
Task <string> waiter;
try
{
if (ts == null)
{
if (!req.Client.Connected)
{
return(null);
}
ts = new TorrentStream(req.Client);
ts.Connect();
waiter = ts.Play(url.Url, (TTVApi.SourceType)(byte) url.Type, req.Headers.ContainsKey("index") ? int.Parse(req.Headers["index"]) : 0);
if (waiter != null)
{
_device.Proxy.AddToTsPool(ts);
}
}
else
{
waiter = ts.GetPlayTask();
ts.Owner[0].Close();
ts.Owner.Add(req.Client);
ts.Owner.RemoveAt(0);
}
if (waiter != null && !waiter.IsCompleted)
{
waiter.Wait();
}
else if (waiter == null)
{
throw new FileNotFoundException();
}
if (string.IsNullOrEmpty(waiter.Result))
{
_device.Proxy.RemoveFromTsPoos(ts);
}
return(ts);
}
catch (Exception ex)
{
P2pProxyApp.Log.Write(ex.Message, TypeMessage.Error);
ts.Disconnect();
_device.Proxy.RemoveFromTsPoos(ts);
plaing = false;
locker.isSet = false;
return(null);
}
}
protected void btnJobFairFee_Click(object sender, EventArgs e)
{
string sql = "";
foreach (GridViewRow gvr in gvbKash.Rows)
{
try
{
TextBox txtCorrctReferenceNo = (TextBox)gvr.FindControl("txtCorrctReferenceNo");
TextBox txtMemberShipNo = (TextBox)gvr.FindControl("txtMemberShipNo");
Label lblTransactionID = (Label)gvr.FindControl("lblTransactionID");
Label lblAmount = (Label)gvr.FindControl("lblAmount");
Label lblTrancsactionTime = (Label)gvr.FindControl("lblTrancsactionTime");
Label lblMobile = (Label)gvr.FindControl("lblMobile");
Label lblEmail = (Label)gvr.FindControl("lblEmail");
CheckBox chkSelect = (CheckBox)gvr.FindControl("chkSelect");
RadioButtonList rbtnPaidUpto = (RadioButtonList)gvr.FindControl("rbtnPaidUpto");
if (chkSelect.Checked && txtMemberShipNo.Text.Trim() != "")
{
sql = @"
update Acc_bKash_Final set ExtraField1='" + txtMemberShipNo.Text + @"' where TransactionID=" + lblTransactionID.Text + @";
update Conv_JobFair set TrxID+=', " + lblTransactionID.Text + @"' where Conv_JobFairID=" + txtMemberShipNo.Text + @"
";
DatabaseManager.ExecSQL(sql);
//SMS
if (lblMobile.Text.Trim() != "")
{
try
{
string SMS = "Thanks for bKash payment.Your registration for Job Fair is Confirmed.. Your payment amount(" + lblAmount.Text + ") and trxID: " + lblTransactionID.Text;
MyWebRequest myRequest = new MyWebRequest("http://cbsms.grameenphone.com/send_sms_api/send_sms_from_api.php?user_name=IEBadmin&password=IEBadmin123&subscriber_no=" + lblMobile.Text.Trim().Substring(1, 10) + "&mask=IEB&sms=" + SMS);
XmlDocument doc = new XmlDocument();
//doc.LoadXml(myRequest.GetResponse());
}
catch (Exception ex)
{ }
}
//Mail
if (lblEmail.Text.Trim() != "")
{
try
{
string mialMessage = "Dear Engr,<br/><br/>Thanks for bKash payment.Your registration for Job Fair is Confirmed.. Your payment amount(" + lblAmount.Text + ") and trxID: " + lblTransactionID.Text + "<br/>This is system generated payment confirmation mail.<hr/>We will send you the money receipt before 27th April<hr/>With regards<br/>IT Section, IEB<br/>01766674142";
//Sendmail.sendEmail(lblEmail.Text, "IEB Job Fair Fees payment confirmation", mialMessage);
}
catch (Exception ex)
{ }
}
}
}
catch (Exception ex)
{ }
}
btnSearch_Click(this, new EventArgs());
}
public ActionResult SendSeatInfo()
{
MyWebRequest myRequest = new MyWebRequest("http://smsgateway.me/api/v3/messages/send", "POST", "[email protected]&password=companyproject&device=83001&number=+959257706564&message=Ko Sai! I love you very much!");
//show the response string on the console screen.
ViewData["status"] = myRequest.GetResponse();
return(View());
}
static void Main(string[] args)
{
MyWebRequest api = new MyWebRequest("http://uat.sgbbc.com.sg/api/list-auctions", "POST", "status=2&token=zVjk98qEsZqFeJmHYxKqVBKmA20oYDwlImHXRuEoN3M&uid=1257");
Console.WriteLine(api.GetResponse());
Console.ReadLine();
}
private dynamic getDataApiArray(string urlApi)
{
MyWebRequest myRequest = new MyWebRequest(urlApi);
var data = myRequest.GetResponse();
dynamic dataApi = JArray.Parse(data);
return(dataApi);
}
public void addEmployee(Employee emp)
{
//Console.WriteLine("------------------------>" + emp.Account.UserName);
var json = new JavaScriptSerializer().Serialize(setAddEmployee(emp)).ToString();
//create the constructor with post type and few data
MyWebRequest myRequest = new MyWebRequest("https://quanlynhanviengdu.herokuapp.com/ma_so_xu_ly=VAThem_nhan_vien_moi_mssql", "POST", json.ToString());
//show the response string on the console screen.
Console.WriteLine(myRequest.GetResponse());
}
public override string GetPlaylist(MyWebRequest req)
{
int id = 0;
if (req.Parameters.ContainsKey("id"))
{
id = int.Parse(req.Parameters["id"]);
}
return(new StreamReader(new TranslationEpg(id).Execute(_device.Proxy.SessionState.session, TypeResult.Xml)).ReadToEnd());
}
private void StopRequest(MyWebRequest req)
{
if (!req.Parameters.ContainsKey("id"))
{
_device.Web.Send404(req);
return;
}
Stop(req.Parameters["id"]);
req.GetResponse().SendText("OK");
}
private void AddFavouriteRequest(MyWebRequest req)
{
int id = int.Parse(req.Parameters["id"].Split("#".ToCharArray(), 2)[0]);
var res = new FavouriteAdd(id).Execute(_device.Proxy.SessionState.session, TypeResult.Xml);
var resp = req.GetResponse();
resp.AddHeader(HttpHeader.ContentType, WebServer.GetMime(".json").ToString());
resp.AddHeader(HttpHeader.ContentLength, res.Length.ToString());
resp.SendHeaders();
res.CopyTo(resp.GetStream());
}
private void SendDescription(MyWebRequest req)
{
var resp = req.GetResponse();
resp.AddHeader(HttpHeader.ContentLength, descArray.Length.ToString());
resp.AddHeader(HttpHeader.ContentType, "text/xml; charset=\"utf-8\"");
resp.SendHeaders();
var stream = new MemoryStream(descArray);
stream.CopyTo(resp.GetStream());
}
public String GetAccessToken(string code)
{
//create the constructor with post type and few data
MyWebRequest myRequest = new MyWebRequest("https://graph.facebook.com/oauth/access_token", "GET", "client_id=" + this.ApplicationID + "&client_secret=" + this.ApplicationSecret + "&code=" + code + "&redirect_uri=http:%2F%2Flocalhost:5176%2F");
string accessToken = myRequest.GetResponse().Split('&')[0];
accessToken = accessToken.Split('=')[1];
return(accessToken);
}
private void LoginRequest(MyWebRequest obj)
{
Proxy.Login();
var resp = obj.GetResponse();
var state = Encoding.UTF8.GetBytes(Proxy.SessionState.ToString("xml"));
resp.AddHeader(HttpHeader.ContentType, "text/xml");
resp.AddHeader(HttpHeader.ContentLength, state.Length.ToString());
resp.SendHeaders();
resp.GetStream().Write(state, 0, state.Length);
}
public void addSchedule(Schedule schedule, String email)
{
EmailAndSchedule emailAndSchedule = new EmailAndSchedule(email, setAddSchedule(schedule));
//Console.WriteLine("------------------------>" + emp.Account.UserName);
var json = new JavaScriptSerializer().Serialize(emailAndSchedule).ToString();
//create the constructor with post type and few data
MyWebRequest myRequest = new MyWebRequest("https://quanlynhanviengdu.herokuapp.com/ma_so_xu_ly=VAThem_Lich_bieu", "POST", json.ToString());
//show the response string on the console screen.
Console.WriteLine(myRequest.GetResponse());
}
private void PlayNew(MyWebRequest req, SourceUrl source)
{
var url = source.Url;
if (source.Type == SourceType.Torrent)
{
TorrentStream ts1 = new TorrentStream(req.Client);
ts1.Connect();
var respData = ts1.ReadTorrent(url, TTVApi.SourceType.Torrent);
url = ts1.GetContentId(respData);
}
}
public static XmlDocument sendSMS(string _11DigitNo, string SMS)
{
MyWebRequest myRequest = new MyWebRequest("http://cbsms.grameenphone.com/send_sms_api/send_sms_from_api.php?user_name=IEBadmin&password=IEBadmin123&subscriber_no=" + _11DigitNo.Substring(1, 10) + "&mask=IEB&sms=" + SMS);
XmlDocument doc = new XmlDocument();
string successMessage = "";
doc.LoadXml(myRequest.GetResponse());
XmlNodeList nodesUrl = doc.SelectNodes("response");
return(doc);
}
private void GetCurrentConnectionInfo(MyWebRequest request,
[AliasAttribute("ConnectionID")][UpnpServiceArgument("A_ARG_TYPE_ConnectionID")] string ConnectionID)
{
if (ConnectionID != "0")
{
throw new SoapException(402, "Invalid Args");
}
MyWebResponse response = request.GetResponse();
response.SendSoapHeadersBody("-1", "-1", string.Empty, string.Empty, "-1", "Output", "OK");
}
protected void btn1_Click(object sender, EventArgs e)
{
string user_agent = HttpUtility.UrlEncode(txt1.Text);
// Put your api key in this variable:
api_key = "";
// -- Create the constructor with post type and few data
MyWebRequest myRequest = new MyWebRequest("https://api.whatismybrowser.com/api/v1/user_agent_parse", "POST", "user_key=" + api_key + "&user_agent=" + user_agent);
// -- Show the response string on the console screen
Response.Write(myRequest.GetResponse());
}
public async Task <string> GetRidePriceEstimate(string location)
{
using (var client = new HttpClient())
{
MyWebRequest myRequest = new MyWebRequest("https://localhost:5050/connect/token", "POST", "a=value1&b=value2");
//var response = await client.GetAsync($"{RideSharingApiUrl}?from=Seattle&to={location}");
//response.EnsureSuccessStatusCode();
//var price = await response.Content.ReadAsStringAsync();
//return price.Replace("\"", "");
return("Your Product has been added");
}
}
private void GetDescription(MyWebRequest request)
{
MyWebResponse response = request.GetResponse();
response.AddHeader(HttpHeader.ContentLength, this.descArray.Length.ToString());
response.AddHeader(HttpHeader.ContentType, "text/xml; charset=\"utf-8\"");
using (MemoryStream stream = new MemoryStream(this.descArray))
{
response.SendHeaders();
stream.CopyTo(response.GetStream());
}
}
public IAsyncResult MyBeginXX(AsyncCallback callback)
{
var asyncResult = new MyWebRequest(callback, null);
var request = WebRequest.Create("https://github.com/");
new Thread(() => //重新启用一个线程
{
using (StreamReader sr = new StreamReader(request.GetResponse().GetResponseStream()))
{
var str = sr.ReadToEnd();
asyncResult.SetComplete(str);//设置异步结果
}
}).Start();
return(asyncResult);//放回一个IAsyncResult
}
private void ParseUri(MyUri uri, ref MyWebRequest request)
{
string str = "";
if ((request != null) && request.response.KeepAlive)
{
str = str + "连接转至: " + uri.Host + "\r\n\r\n";
}
else
{
str = str + "连接: " + uri.Host + "\r\n\r\n";
}
ListViewItem item = null;
Monitor.Enter(this.listViewThreads);
try
{
item = this.listViewThreads.Items[int.Parse(Thread.CurrentThread.Name)];
item.SubItems[1].Text = uri.Depth.ToString();
item.ImageIndex = 1;
item.BackColor = System.Drawing.Color.WhiteSmoke;
item.SubItems[2].Text = "正在连接";
item.ForeColor = System.Drawing.Color.Red;
item.SubItems[3].Text = uri.AbsoluteUri;
item.SubItems[4].Text = "";
item.SubItems[5].Text = "";
}
catch (Exception)
{
}
Monitor.Exit(this.listViewThreads);
try
{
object obj2;
request = MyWebRequest.Create(uri, request, this.KeepAlive);
request.Timeout = this.RequestTimeout * 0x3e8;
MyWebResponse response = request.GetResponse();
str = str + request.Header + response.Header;
if (!response.ResponseUri.Equals(uri))
{
this.EnqueueUri(new MyUri(response.ResponseUri.AbsoluteUri), true);
obj2 = str;
str = string.Concat(new object[] { obj2, "重定向到: ", response.ResponseUri, "\r\n" });
request = null;
}
else
{
if ((!this.AllMIMETypes && (response.ContentType != null)) && (this.MIMETypes.Length > 0))
{
string str2 = response.ContentType.ToLower();
int index = str2.IndexOf(';');
if (index != -1)
{
str2 = str2.Substring(0, index);
}
if ((str2.IndexOf('*') == -1) && ((index = this.MIMETypes.IndexOf(str2)) == -1))
{
this.LogError(uri.AbsoluteUri, str + "\r\nUnlisted Content-Type (" + str2 + "), check settings.");
request = null;
return;
}
Match match = new Regex(@"\d+").Match(this.MIMETypes, index);
int num3 = int.Parse(match.Value) * 0x400;
int num4 = int.Parse(match.NextMatch().Value) * 0x400;
if ((num3 < num4) && ((response.ContentLength < num3) || (response.ContentLength > num4)))
{
this.LogError(uri.AbsoluteUri, string.Concat(new object[] { str, "\r\nContentLength limit error (", response.ContentLength, ")" }));
request = null;
return;
}
}
string[] strArray = new string[] { ".gif", ".jpg", ".css", ".zip", ".exe" };
bool flag = true;
foreach (string str3 in strArray)
{
if (uri.AbsoluteUri.ToLower().EndsWith(str3))
{
flag = false;
break;
}
}
foreach (string str3 in this.ExcludeFiles)
{
if ((str3.Trim().Length > 0) && uri.AbsoluteUri.ToLower().EndsWith(str3))
{
flag = false;
break;
}
}
string strBody = uri.ToString();
if (this.Compared(uri.LocalPath.Substring(uri.LocalPath.LastIndexOf('.') + 1).ToLower()) && (uri.ToString().Substring(uri.ToString().Length - 1, 1) != "/"))
{
this.LogError("丢弃--非网页文件", strBody);
}
else
{
int num5;
UriKind absolute = UriKind.Absolute;
if (!string.IsNullOrEmpty(strBody) && Uri.IsWellFormedUriString(strBody, absolute))
{
string page = GetPage(strBody);
Stopwatch stopwatch = new Stopwatch();
stopwatch.Start();
Html html = new Html {
Web = page,
Url = strBody
};
CommonAnalyze analyze = new CommonAnalyze();
analyze.LoadHtml(html);
Net.LikeShow.ContentAnalyze.Document result = analyze.GetResult();
stopwatch.Stop();
string bt = result.Title.Replace("[(title)]", "");
switch (bt)
{
case null:
case "":
bt = result.Doc.Substring(20).ToString();
break;
}
if ((result.Doc == null) || (result.Doc == ""))
{
this.LogError("丢弃--空内容或非内空页", strBody);
}
else
{
Lucene.Net.Documents.Document document3;
string str7 = result.Doc + bt;
if (this.cgcount >= 10)
{
string keywords = this.MD5string(result.Doc.ToString());
string keyWordsSplitBySpace = "";
IndexSearcher searcher = new IndexSearcher(this.path);
keyWordsSplitBySpace = GetKeyWordsSplitBySpace(keywords, new KTDictSegTokenizer());
Query query = new QueryParser("J_md5_bai", new KTDictSegAnalyzer(true)).Parse(keyWordsSplitBySpace);
if (searcher.Search(query).Doc(0).Get("J_md5_bai") == keywords)
{
this.LogError("排除--重复", strBody);
}
else
{
this.cgcount++;
this.LogUri(bt, "引索完成");
document3 = new Lucene.Net.Documents.Document();
document3.Add(new Field("分类", this.page_py, Field.Store.YES, Field.Index.TOKENIZED));
document3.Add(new Field("J_title_bai", bt, Field.Store.YES, Field.Index.TOKENIZED));
document3.Add(new Field("J_msgContent_bai", str7, Field.Store.YES, Field.Index.TOKENIZED));
document3.Add(new Field("J_SiteType_bai", result.SiteType.ToString(), Field.Store.YES, Field.Index.NO));
document3.Add(new Field("J_URL_bai", strBody, Field.Store.YES, Field.Index.NO));
document3.Add(new Field("J_addtime_bai", DateTime.Now.ToShortDateString(), Field.Store.YES, Field.Index.NO));
document3.Add(new Field("J_md5_bai", this.MD5string(result.Doc.ToString()), Field.Store.YES, Field.Index.TOKENIZED));
this.writer.AddDocument(document3);
}
}
else
{
this.cgcount++;
this.LogUri(bt, "引索完成");
document3 = new Lucene.Net.Documents.Document();
document3.Add(new Field("分类", this.page_py, Field.Store.YES, Field.Index.TOKENIZED));
document3.Add(new Field("J_title_bai", bt, Field.Store.YES, Field.Index.TOKENIZED));
document3.Add(new Field("J_msgContent_bai", str7, Field.Store.YES, Field.Index.TOKENIZED));
document3.Add(new Field("J_SiteType_bai", result.SiteType.ToString(), Field.Store.YES, Field.Index.NO));
document3.Add(new Field("J_URL_bai", strBody, Field.Store.YES, Field.Index.NO));
document3.Add(new Field("J_addtime_bai", DateTime.Now.ToShortDateString(), Field.Store.YES, Field.Index.NO));
document3.Add(new Field("J_md5_bai", this.MD5string(result.Doc.ToString()), Field.Store.YES, Field.Index.TOKENIZED));
this.writer.AddDocument(document3);
}
}
}
item.SubItems[2].Text = "正在下载";
item.ForeColor = System.Drawing.Color.Black;
string input = "";
byte[] buffer = new byte[0x2800];
int nNum = 0;
while ((num5 = response.socket.Receive(buffer, 0, 0x2800, SocketFlags.None)) > 0)
{
nNum += num5;
if (flag)
{
input = input + Encoding.ASCII.GetString(buffer, 0, num5);
}
item.SubItems[4].Text = this.Commas(nNum);
if (response.ContentLength > 0)
{
item.SubItems[5].Text = '%' + ((100 - (((response.ContentLength - nNum) * 100) / response.ContentLength))).ToString();
}
if ((response.KeepAlive && (nNum >= response.ContentLength)) && (response.ContentLength > 0))
{
break;
}
}
if (response.KeepAlive)
{
str = str + "Connection kept alive to be used in subpages.\r\n";
}
else
{
response.Close();
str = str + "Connection closed.\r\n";
}
this.FileCount++;
this.ByteCount += nNum;
if ((this.ThreadsRunning && flag) && (uri.Depth < this.WebDepth))
{
str = str + "\r\nParsing page ...\r\n";
string pattern = "(href|HREF|src|SRC)[ ]*=[ ]*[\"'][^\"'#>]+[\"']";
MatchCollection matchs = new Regex(pattern).Matches(input);
obj2 = str;
str = string.Concat(new object[] { obj2, "Found: ", matchs.Count, " ref(s)\r\n" });
this.URLCount += matchs.Count;
foreach (Match match in matchs)
{
pattern = match.Value.Substring(match.Value.IndexOf('=') + 1).Trim(new char[] { '"', '\'', '#', ' ', '>' });
try
{
if (!(((pattern.IndexOf("..") == -1) && !pattern.StartsWith("/")) && pattern.StartsWith("http://")))
{
pattern = new Uri(uri, pattern).AbsoluteUri;
}
this.Normalize(ref pattern);
MyUri uri2 = new MyUri(pattern);
if ((((uri2.Scheme != Uri.UriSchemeHttp) && (uri2.Scheme != Uri.UriSchemeHttps)) || ((uri2.Host.Split(new char[] { '.' })[1] != this.urllhost[1]) && this.KeepSameServer)) || !this.Compared_jpg(uri2.LocalPath.Substring(uri2.LocalPath.LastIndexOf('.') + 1).ToLower()))
{
continue;
}
Global.URL = uri2.ToString();
if ((Global.BXBH != "") && (Redspider_link.bxbh() == 2))
{
continue;
}
uri2.Depth = uri.Depth + 1;
if (this.EnqueueUri(uri2, true))
{
str = str + uri2.AbsoluteUri + "\r\n";
}
}
catch (Exception)
{
}
}
}
}
}
}
catch (Exception exception)
{
this.LogError(uri.AbsoluteUri, str + exception.Message);
request = null;
}
finally
{
this.EraseItem(item);
}
}
public static void AuthenticationSql(string urlToCheck, ref string result, ref List<string> array)
{
string actionUrl;
result = "By Pass Authentication SQL Injection started!!";
var uri = new Uri(urlToCheck); // Find the length of the hostname
//string urlOfSite = uri.Scheme + "://www." + uri.Host;
string urlOfSite = uri.Host;
//Load the html document from the url
var webGet = new HtmlWeb();
HtmlNode.ElementsFlags.Remove("form");
HtmlDocument document = webGet.Load(urlToCheck);
//Array containing all form objects found
List<FormDataStore> arrayOfForms = new List<FormDataStore>();
//Array containing all input fields
List<InputDataStore> arrayOfInputFields = new List<InputDataStore>();
//$log->lwrite("Searching $postUrl for forms");
result = "Searching " + urlToCheck + " for forms...." ;
int formNum = 0;//Must use an integer to identify form as forms could have same names and ids
#region Find all HtmlForms and their inputs
HtmlNodeCollection nodeCollection = document.DocumentNode.SelectNodes("//form");
for (int nodeNum = 0; nodeCollection != null && nodeNum < nodeCollection.Count; nodeNum++)
{
HtmlNode form = nodeCollection[nodeNum];
//HtmlForm form = (HtmlForm)form.FindControl("form");
formId = (form.Attributes["id"] != null) ? form.Attributes["id"].Value : "";
formName = (form.Attributes["name"] != null) ? form.Attributes["name"].Value : "";
formMethod = (form.Attributes["method"] != null) ? form.Attributes["method"].Value : "get";
formAction = (form.Attributes["action"] != null) ? form.Attributes["action"].Value : "";
formMethod = formMethod.ToLower();
//If the action of the form is empty, set the action equal to everything
//after the URL that the user entered
if (String.IsNullOrEmpty(formAction))
{
int strLengthUrl = urlToCheck.Length;
int strLengthSite = urlOfSite.Length;
int firstIndexOfSlash = urlToCheck.IndexOf('/', strLengthSite - 1);
formAction = urlToCheck.Substring(firstIndexOfSlash + 1, strLengthUrl);
}
FormDataStore newArr = new FormDataStore(formId, formName, formMethod, formAction, formNum);
arrayOfForms.Add(newArr);
HtmlNodeCollection nodeCollectionInput = form.SelectNodes("//input");
for (int nodeInput = 0; nodeCollectionInput != null && nodeInput < nodeCollectionInput.Count; nodeInput++)
{
HtmlNode input = nodeCollectionInput[nodeInput];
// HtmlInputControl input = (HtmlInputControl)input.FindControl("input");
inputId = (input.Attributes["id"] != null) ? input.Attributes["id"].Value : "";
inputName = (input.Attributes["name"] != null) ? input.Attributes["name"].Value : "";
inputValue = (input.Attributes["value"] != null) ? input.Attributes["value"].Value : "";
inputType = (input.Attributes["type"] != null) ? input.Attributes["type"].Value : "";
InputDataStore newarr = new InputDataStore(inputId, inputName, formId, formName, inputValue, inputType, formNum);
arrayOfInputFields.Add(newarr);
}
formNum++;
}
#endregion
//At this stage, we should have captured all forms and their input fields into the appropriate arrays
//Begin testing each of the forms
//Check if the URL passed into this function displays the same webpage at different intervals
//If it does then attempt to login and if this URL displays a different page, the vulnerability is present
//e.g. a login page would always look different when you are and are not logged in
//*$log->lwrite("Checking if $urlToCheck displays the same page at different intervals");
List<String> responseBodies = new List<String>(); //$responseBodies = array();
for (int a = 0; a < 3; a++)
{
// Creates an HttpWebRequest for the specified URL.
HttpWebRequest myHttpWebRequest = (HttpWebRequest)WebRequest.Create(urlToCheck);
// Sends the HttpWebRequest and waits for a response.
HttpWebResponse myHttpWebResponse = (HttpWebResponse)myHttpWebRequest.GetResponse();
Stream receiveStream = myHttpWebResponse.GetResponseStream();
StreamReader reader = new StreamReader(receiveStream, Encoding.UTF8);
String body = reader.ReadToEnd();
if (body.Length > 0)
{
responseBodies.Add(body);
}
myHttpWebResponse.Close();
}
bool pageChanges = true;
string bodyOfUrl = "";
if ((responseBodies[0] == responseBodies[1]) && (responseBodies[1] == responseBodies[2]))
{
bodyOfUrl = responseBodies[0];
pageChanges = false;
}
//Begin testing each of the forms
//$log->lwrite("Beginning testing of forms");
for (int i = 0; i < arrayOfForms.Count; i++)
{
//$currentForm = arrayOfForms[i];
string currentFormId = arrayOfForms[i].getId;
string currentFormName = arrayOfForms[i].getName;
string currentFormMethod = arrayOfForms[i].getMethod;
string currentFormAction = arrayOfForms[i].getAction;
int currentFormNum = arrayOfForms[i].getFormNum;
//$arrayOfCurrentFormsInputs = array();
List<InputDataStore> arrayOfCurrentFormsInputs = new List<InputDataStore>();
result = "Beginning test of form....";
//$log->lwrite("Beginning testing of form on $postUrl: $currentFormId $currentFormName $currentFormMethod $currentFormAction");
//echo sizeof($arrayOfInputFields) . "<br>";
for (int j = 0; j < arrayOfInputFields.Count; j++)
{
//$currentInput = arrayOfInputFields[j];
string currentInputIdOfForm = arrayOfInputFields[j].getIdOfForm;
string currentInputNameOfForm = arrayOfInputFields[j].getNameOfForm;
int currentInputFormNum = arrayOfInputFields[j].getFormNum;
//Check if the current input field belongs to the current form and add to array if it does
if (currentFormNum == currentInputFormNum)
{
arrayOfCurrentFormsInputs.Add(arrayOfInputFields[j]);
}
}
//$log->lwrite("Beginning testing input fields of form on $postUrl: $currentFormId $currentFormName $currentFormMethod $currentFormAction");
foreach (string currentPayload in arrayOfAuthenticationPayloads)
{
//echo sizeof($arrayOfCurrentFormsInputs) . '<br>';
List<PostOrGetObject> arrayOfValues = new List<PostOrGetObject>();
for (int k = 0; k < arrayOfCurrentFormsInputs.Count; k++)
{
//$currentFormInput = $arrayOfCurrentFormsInputs[k];
string currentFormInputName = arrayOfCurrentFormsInputs[k].getName;
string currentFormInputType = arrayOfCurrentFormsInputs[k].getType;
string currentFormInputValue = arrayOfCurrentFormsInputs[k].getValue;
if (currentFormInputType != "reset")
{
//$log->lwrite("Using payload: $currentPayload, to all input fields of form w/ action: $currentFormAction");
//Add current input and other inputs to array of post values and set their values
if (currentFormInputType == "text" || currentFormInputType == "password")
{
PostOrGetObject postObject = new PostOrGetObject(currentFormInputName, currentPayload);
arrayOfValues.Add(postObject);
}
else if (currentFormInputType == "checkbox" || currentFormInputType == "submit")
{
PostOrGetObject postObject = new PostOrGetObject(currentFormInputName, currentFormInputValue);
arrayOfValues.Add(postObject);
}
else if (currentFormInputType == "radio")
{
PostOrGetObject postObject = new PostOrGetObject(currentFormInputName, currentFormInputValue);
//Check if a radio button in the radio group has already been added
bool found = false;
for (int n = 0; n < arrayOfValues.Count; n++)
{
if (arrayOfValues[n].gpName == postObject.gpName)
{
found = true;
break;
}
}
if (!found)
arrayOfValues.Add(postObject);//array_push($arrayOfValues, $postObject);
}
}
}
if (currentFormMethod == "get")
{
//Build query string and submit it at end of URL
if (!currentFormAction.Contains(urlOfSite))
{
if (urlOfSite[urlOfSite.Length - 1] == '/')
actionUrl = urlOfSite + currentFormAction;
else
actionUrl = urlOfSite + "/" + currentFormAction;
}
else
{
actionUrl = currentFormAction;
}
totalTestStr = "";//Compile a test string to show the user how the vulnerability was tested for
for (int p = 0; p < arrayOfValues.Count; p++)
{
string currentPostValueName = arrayOfValues[p].gpName;
string currentPostValueValue = arrayOfValues[p].gpValue;
totalTestStr += currentPostValueName;
totalTestStr += '=';
totalTestStr += currentPostValueValue;
if (p != (arrayOfValues.Count - 1))
totalTestStr += '&';
}
actionUrl += '?';
actionUrl += totalTestStr;
// Creates an HttpWebRequest for the specified URL.
HttpWebRequest myHttpWebRequest = (HttpWebRequest)WebRequest.Create(actionUrl);
// Sends the HttpWebRequest and waits for a response.
HttpWebResponse myHttpWebResponse = (HttpWebResponse)myHttpWebRequest.GetResponse();
Stream receiveStream = myHttpWebResponse.GetResponseStream();
StreamReader reader = new StreamReader(receiveStream, Encoding.UTF8);
String body = reader.ReadToEnd();
if (body.Length > 0)
{
myHttpWebResponse.Close();
vulnerabilityFound = checkIfVulnerabilityFound(urlToCheck, pageChanges, bodyOfUrl, currentPayload);
if (vulnerabilityFound)
{
totalTestStr = "";//Make a test string to show the user how the vulnerability was tested for
for (int p = 0; p < arrayOfValues.Count; p++)
{
string currentPostValueName = arrayOfValues[p].gpName;
string currentPostValueValue = arrayOfValues[p].gpValue;
totalTestStr += currentPostValueName;
totalTestStr += '=';
totalTestStr += currentPostValueValue;
if (p != (arrayOfValues.Count - 1))
totalTestStr += '&';
}
numFound++;
StringBuilder str = new StringBuilder();
str.Append("<br><span style='font-size:medium;font-style: bold;color:red;'>" + numFound.ToString() + " Found Broken Authentication SQL Injection Present!" + "</span><br>" + "Query:" + urlToCheck + "<br>");
str.Append("Method: GET <br>");
str.Append("Url: " + totalTestStr + "<br>");
str.Append("Error:"+currentPayload+"<br>");
result = str.ToString();
array.Add(urlToCheck);
Thread.Sleep(1000);
break;
}
}
//myHttpWebResponse.Close();
}
else if (currentFormMethod == "post")//Send data in body of request
{
//Build query string and submit it at end of URL
if (!currentFormAction.Contains(urlOfSite))
{
if (urlOfSite[urlOfSite.Length - 1] == '/')
actionUrl = urlOfSite + currentFormAction;
else
actionUrl = urlOfSite + "/" + currentFormAction;
}
else
{
actionUrl = currentFormAction;
}
totalTestStr = "";//Compile a test string to show the user how the vulnerability was tested for
for (int p = 0; p < arrayOfValues.Count; p++)
{
string currentPostValueName = arrayOfValues[p].gpName;
string currentPostValueValue = arrayOfValues[p].gpValue;
totalTestStr += currentPostValueName;
totalTestStr += '=';
totalTestStr += currentPostValueValue;
if (p != (arrayOfValues.Count - 1))
totalTestStr += '&';
}
//create the constructor with post type and few data
MyWebRequest myRequest = new MyWebRequest(actionUrl, "POST", totalTestStr);
//show the response string on the console screen.
String body = myRequest.GetResponse();
if (body.Length > 0)
{
//myHttpWebResponse.Close();
vulnerabilityFound = checkIfVulnerabilityFound(urlToCheck, pageChanges, bodyOfUrl, currentPayload);
if (vulnerabilityFound)
{
totalTestStr = "";//Make a test string to show the user how the vulnerability was tested for
for (int p = 0; p < arrayOfValues.Count; p++)
{
string currentPostValueName = arrayOfValues[p].gpName;
string currentPostValueValue = arrayOfValues[p].gpValue;
totalTestStr += currentPostValueName;
totalTestStr += '=';
totalTestStr += currentPostValueValue;
if (p != (arrayOfValues.Count - 1))
totalTestStr += '&';
}
numFound++;
StringBuilder str = new StringBuilder();
str.Append("<br><span style='font-size:medium;font-style: bold;color:red;'>" + numFound.ToString() + " Found Broken Authentication SQL Injection Present!" + "</span><br>" + "Query:" + urlToCheck + "<br>");
str.Append("Method: POST <br>");
str.Append("Url: " + totalTestStr + "<br>");
str.Append("Error:" + currentPayload + "<br>");
result = str.ToString();
array.Add(urlToCheck);
Thread.Sleep(1000);
break;
}
}
}
}
}
}
public static void DetectSql(string urlToCheck, ref string result, ref List<string> array)
{
//array = new List<string>();
//First check does the URL passed into this function contain parameters and submit payloads as those parameters if it does
Uri uri = new Uri(urlToCheck);
string query = uri.Query.Replace("?", "");
NameValueCollection Parms = HttpUtility.ParseQueryString(query);
result = string.Format("Check if {0} contains parameters", urlToCheck);
Thread.Sleep(1000);
if (Parms != null && Parms.Count > 0)
{
//MessageBox.Show("$urlToCheck does contain parameters");
Thread.Sleep(1000);
result = string.Format("{0} does contain parameters", urlToCheck);
Thread.Sleep(1000);
string scheme = uri.Scheme;
string host = uri.Host;
string path = HttpUtility.UrlDecode(uri.AbsolutePath);
string originalQuery = query;
foreach (string currentPayload in arrayOfPayloads)
{
foreach (string x in Parms.AllKeys)
{
query = originalQuery;
string newQuery = query.Replace(Parms[x], currentPayload);
query = newQuery;
string testUrl = scheme + "://" + host + path + '?' + query;
//MessageBox.Show("URL to be requested is: ",testUrl);
result = string.Format("URL to be requested is: " + testUrl);
Thread.Sleep(1000);
string error;
HttpWebRequest myHttpWebRequest = (HttpWebRequest)WebRequest.Create(testUrl);
HttpWebResponse myHttpWebResponse;
try
{
myHttpWebResponse = (HttpWebResponse)myHttpWebRequest.GetResponse();
Stream receiveStream = myHttpWebResponse.GetResponseStream();
StreamReader reader = new StreamReader(receiveStream, Encoding.UTF8);
String body = reader.ReadToEnd();
if (body.Length > 0)
{
vulnerabilityFound = false;
string regularExpression = "";
for (int warningIndex = 0; warningIndex < arrayOfSQLWarnings.Length; warningIndex++)
{
regularExpression = arrayOfSQLWarnings[warningIndex];
if (body.Contains(regularExpression))//if (Regex.IsMatch(regularExpression, body))
{
//MessageBox.Show("Found regular expression: $regularExpression, in body of HTTP response");
vulnerabilityFound = true;
break;
}
}
//showExtractConetent.InnerHtml += "<h1 class=bold>Links of Pages</h1>";
//Vulnerability details
if (vulnerabilityFound)
{
numFound++;
StringBuilder str = new StringBuilder();
str.Append("<br><span style='font-size:medium;font-weight: bold;color:red;'>" + numFound.ToString() + " Found SQL Injection Present!" + "</span><br>" + "Query:" + urlToCheck + "<br>");
str.Append("Method: GET <br>");
str.Append("Url: " + testUrl + "<br>");
str.Append("Error: " + regularExpression + "<br>");
result = str.ToString();
array.Add(urlToCheck);
Thread.Sleep(1000);
/*
showExtractConetent.InnerHtml = "<br>SQL Injection Present!<br>Query:" + urlToCheck + "<br>";
showExtractConetent.InnerHtml = "Method: GET <br>";
showExtractConetent.InnerHtml = "Url: " + testUrl + "<br>";
showExtractConetent.InnerHtml = "Error: " + regularExpression + "<br>";
*/
myHttpWebResponse.Close();
return;
}
}
myHttpWebResponse.Close();
}
catch (WebException ex)
{
myHttpWebResponse = ex.Response as HttpWebResponse;
result = ex.Message;
}
}
}
}
//begin form testing
string actionUrl;
var uri1 = new Uri(urlToCheck); // Find the length of the hostname
//string urlOfSite = uri.Scheme + "://www." + uri.Host;
string urlOfSite = uri1.Host;
//Load the html document from the url
var webGet = new HtmlWeb();
HtmlNode.ElementsFlags.Remove("form");
HtmlDocument document = webGet.Load(urlToCheck);
List<FormDataStore> arrayOfForms = new List<FormDataStore>(); //Array containing all form objects found
List<InputDataStore> arrayOfInputFields = new List<InputDataStore>(); //Array containing all input fields
int formNum = 0;//Must use an integer to identify form as forms could have same names and ids
#region Find all HtmlForms and their inputs
HtmlNodeCollection nodeCollection = document.DocumentNode.SelectNodes("//form");
for (int nodeNum = 0; nodeCollection != null && nodeNum < nodeCollection.Count; nodeNum++)
{
HtmlNode form = nodeCollection[nodeNum];
//HtmlForm form = (HtmlForm)form.FindControl("form");
formId = (form.Attributes["id"] != null) ? form.Attributes["id"].Value : "";
formName = (form.Attributes["name"] != null) ? form.Attributes["name"].Value : "";
formMethod = (form.Attributes["method"] != null) ? form.Attributes["method"].Value : "get";
formAction = (form.Attributes["action"] != null) ? form.Attributes["action"].Value : "";
formMethod = formMethod.ToLower();
//If the action of the form is empty, set the action equal to everything
//after the URL that the user entered
if (String.IsNullOrEmpty(formAction))
{
int strLengthUrl = urlToCheck.Length;
int strLengthSite = urlOfSite.Length;
int firstIndexOfSlash = urlToCheck.IndexOf('/', strLengthSite - 1);
formAction = urlToCheck.Substring(firstIndexOfSlash + 1, strLengthUrl);
}
FormDataStore newArr = new FormDataStore(formId, formName, formMethod, formAction, formNum);
arrayOfForms.Add(newArr);
HtmlNodeCollection nodeCollectionInput = form.SelectNodes("//input");
for (int nodeInput = 0; nodeCollectionInput != null && nodeInput < nodeCollectionInput.Count; nodeInput++)
{
HtmlNode input = nodeCollectionInput[nodeInput];
// HtmlInputControl input = (HtmlInputControl)input.FindControl("input");
inputId = (input.Attributes["id"] != null) ? input.Attributes["id"].Value : "";
inputName = (input.Attributes["name"] != null) ? input.Attributes["name"].Value : "";
inputValue = (input.Attributes["value"] != null) ? input.Attributes["value"].Value : "";
inputType = (input.Attributes["type"] != null) ? input.Attributes["type"].Value : "";
InputDataStore newarr = new InputDataStore(inputId, inputName, formId, formName, inputValue, inputType, formNum);
arrayOfInputFields.Add(newarr);
}
formNum++;
}
#endregion
//Begin testing each of the forms
for (int i = 0; i < arrayOfForms.Count; i++)
{
string currentFormId = arrayOfForms[i].getId;
string currentFormName = arrayOfForms[i].getName;
string currentFormMethod = arrayOfForms[i].getMethod;
string currentFormAction = arrayOfForms[i].getAction;
int currentFormNum = arrayOfForms[i].getFormNum;
List<InputDataStore> arrayOfCurrentFormsInputs = new List<InputDataStore>();
for (int j = 0; j < arrayOfInputFields.Count; j++)
{
string currentInputIdOfForm = arrayOfInputFields[j].getIdOfForm;
string currentInputNameOfForm = arrayOfInputFields[j].getNameOfForm;
int currentInputFormNum = arrayOfInputFields[j].getFormNum;
//Check if the current input field belongs to the current form and add to array if it does
if (currentFormNum == currentInputFormNum)
{
arrayOfCurrentFormsInputs.Add(arrayOfInputFields[j]);
}
}
for (int k = 0; k < arrayOfCurrentFormsInputs.Count; k++)
{
for (int plIndex = 0; plIndex < arrayOfPayloads.Length; plIndex++)//foreach(string currentPayload in arrayOfAuthenticationPayloads)
{
string currentFormInputName = arrayOfCurrentFormsInputs[k].getName;
string currentFormInputType = arrayOfCurrentFormsInputs[k].getType;
string currentFormInputValue = arrayOfCurrentFormsInputs[k].getValue;
if (currentFormInputType != "reset")
{
string defaultStr = "Abc123";
List<PostOrGetObject> arrayOfValues = new List<PostOrGetObject>();
List<InputDataStore> otherInputs = new List<InputDataStore>();
for (int l = 0; l < arrayOfCurrentFormsInputs.Count; l++)
{
if (currentFormInputName != arrayOfCurrentFormsInputs[l].getName)
{
otherInputs.Add(arrayOfCurrentFormsInputs[l]);
}
}
PostOrGetObject postObject = new PostOrGetObject(currentFormInputName, arrayOfPayloads[plIndex]);
//Add current input and other to array of post values and set their values
arrayOfValues.Add(postObject);
for (int m = 0; m < otherInputs.Count; m++)
{
string currentOtherType = otherInputs[m].getType;
string currentOtherName = otherInputs[m].getName;
string currentOtherValue = otherInputs[m].getValue;
if (currentOtherType == "text" || currentOtherType == "password")
{
PostOrGetObject postObject1 = new PostOrGetObject(currentOtherName, defaultStr);
arrayOfValues.Add(postObject1);
}
else if (currentOtherType == "checkbox" || currentOtherType == "submit")
{
PostOrGetObject postObject1 = new PostOrGetObject(currentOtherName, currentOtherValue);
arrayOfValues.Add(postObject1);
}
else if (currentOtherType == "radio")
{
PostOrGetObject postObject1 = new PostOrGetObject(currentOtherName, currentOtherValue);
//Check if a radio button in the radio group has already been added
bool found = false;
for (int n = 0; n < arrayOfValues.Count; n++)
{
if (arrayOfValues[n].gpName == postObject.gpName)
{
found = true;
break;
}
}
if (!found)
arrayOfValues.Add(postObject1);
}
}
if (currentFormMethod == "get")
{
//Build query string and submit it at end of URL
if (!currentFormAction.Contains(urlOfSite))
{
if (urlOfSite[urlOfSite.Length - 1] == '/')
actionUrl = urlOfSite + currentFormAction;
else
actionUrl = urlOfSite + "/" + currentFormAction;
}
else
{
actionUrl = currentFormAction;
}
totalTestStr = "";//Compile a test string to show the user how the vulnerability was tested for
for (int p = 0; p < arrayOfValues.Count; p++)
{
string currentPostValueName = arrayOfValues[p].gpName;
string currentPostValueValue = arrayOfValues[p].gpValue;
totalTestStr += currentPostValueName;
totalTestStr += '=';
totalTestStr += currentPostValueValue;
if (p != (arrayOfValues.Count - 1))
totalTestStr += '&';
}
actionUrl += '?';
actionUrl += totalTestStr;
HttpWebRequest myHttpWebRequest = (HttpWebRequest)WebRequest.Create(actionUrl);
HttpWebResponse myHttpWebResponse = (HttpWebResponse)myHttpWebRequest.GetResponse();
Stream receiveStream = myHttpWebResponse.GetResponseStream();
StreamReader reader = new StreamReader(receiveStream, Encoding.UTF8);
String body = reader.ReadToEnd();
if (body.Length > 0)
{
vulnerabilityFound = false;
string regularExpression = "";
for (int warningIndex = 0; warningIndex < arrayOfSQLWarnings.Length; warningIndex++)
{
regularExpression = arrayOfSQLWarnings[warningIndex];
if (body.Contains(regularExpression))//if (Regex.IsMatch(regularExpression, body))
{
//MessageBox.Show("Found regular expression: $regularExpression, in body of HTTP response");
vulnerabilityFound = true;
break;
}
}
//Vulnerability details
if (vulnerabilityFound)
{
StringBuilder str = new StringBuilder();
str.Append("<br><span style='font-size:medium;font-style: bold;color:red;'>" + "SQL Injection Present!" +"</span><br>"+ "Query:" + urlToCheck + "<br>");
result = str.ToString();
array.Add(str.ToString());
Thread.Sleep(1000);
/*
showExtractConetent.InnerHtml = "<br>SQL Injection Present!<br>Query:" + urlToCheck + "<br>";
showExtractConetent.InnerHtml = "Method: GET <br>";
showExtractConetent.InnerHtml = "Url: " + testUrl + "<br>";
showExtractConetent.InnerHtml = "Error: " + regularExpression + "<br>";
*/
myHttpWebResponse.Close();
return;
}
}
myHttpWebResponse.Close();
}
else if (currentFormMethod == "post")//Send data in body of request
{
//Build query string and submit it at end of URL
if (!currentFormAction.Contains(urlOfSite))
{
if (urlOfSite[urlOfSite.Length - 1] == '/')
actionUrl = urlOfSite + currentFormAction;
else
actionUrl = urlOfSite + "/" + currentFormAction;
}
else
{
actionUrl = currentFormAction;
}
totalTestStr = "";//Compile a test string to show the user how the vulnerability was tested for
for (int p = 0; p < arrayOfValues.Count; p++)
{
string currentPostValueName = arrayOfValues[p].gpName;
string currentPostValueValue = arrayOfValues[p].gpValue;
totalTestStr += currentPostValueName;
totalTestStr += '=';
totalTestStr += currentPostValueValue;
if (p != (arrayOfValues.Count - 1))
totalTestStr += '&';
}
//create the constructor with post type and few data
MyWebRequest myRequest = new MyWebRequest(actionUrl, "POST", totalTestStr);
//show the response string on the console screen.
String body = myRequest.GetResponse();
if (body.Length > 0)
{
vulnerabilityFound = false;
string regularExpression = "";
for (int warningIndex = 0; warningIndex < arrayOfSQLWarnings.Length; warningIndex++)
{
regularExpression = arrayOfSQLWarnings[warningIndex];
if (body.Contains(regularExpression))//if (Regex.IsMatch(regularExpression, body))
{
//MessageBox.Show("Found regular expression: $regularExpression, in body of HTTP response");
vulnerabilityFound = true;
break;
}
}
//Vulnerability details
if (vulnerabilityFound)
{
StringBuilder str = new StringBuilder();
str.Append("<br><span style='font-size:medium;font-style: bold;color:red;'>" + "SQL Injection Present!" + "</span><br>" + "Query:" + urlToCheck + "<br>");
result = str.ToString();
array.Add(str.ToString());
Thread.Sleep(1000);
/*
showExtractConetent.InnerHtml = "<br>SQL Injection Present!<br>Query:" + urlToCheck + "<br>";
showExtractConetent.InnerHtml = "Method: GET <br>";
showExtractConetent.InnerHtml = "Url: " + testUrl + "<br>";
showExtractConetent.InnerHtml = "Error: " + regularExpression + "<br>";
*/
//myHttpWebResponse.Close();
return;
}
}
}
}
}
}
}
}
