protected override HttpRequestInfo OnBeforeRequestToSite(HttpRequestInfo requestInfo) { requestInfo = base.OnBeforeRequestToSite(requestInfo); if (!_isNonEssential) { bool mutated; requestInfo = _parentProxy.HandleRequest(requestInfo, out mutated); if (mutated) { CurrDataStoreRequestInfo.Description = "Custom Test"; } TrafficDataStore.SaveRequest(CurrDataStoreRequestInfo.Id, requestInfo.ToArray(false)); TrafficDataStore.UpdateRequestInfo(CurrDataStoreRequestInfo); } return(requestInfo); }
protected override HttpResponseInfo OnBeforeResponseToClient(HttpResponseInfo responseInfo) { responseInfo = base.OnBeforeResponseToClient(responseInfo); if (!_isNonEssential) { //validate if the test was successful if (_parentProxy.ValidateResponse(responseInfo)) { //the test was found CurrDataStoreRequestInfo.Description = "Vulnerable Response"; TrafficDataStore.UpdateRequestInfo(CurrDataStoreRequestInfo); } } return(responseInfo); }
private void TrackRequestContext(HttpRequestInfo requestInfo) { foreach (TrackingPattern pattern in _autoTrackingPatternList.Values) { string rawRequest = requestInfo.ToString(); string needle = Utils.RegexFirstGroupValue(rawRequest, pattern.RequestPattern); if (String.IsNullOrWhiteSpace(needle)) { continue; } //first search for the path of the current request in responses LineMatches results = SearchParameterValue(needle); if (results.Count == 0) { needle = Utils.UrlDecode(needle); results = SearchParameterValue(needle); } //if any of the two searches returned results if (results.Count != 0) { //get the last match to extract the request context var match = results[results.Count - 1]; CurrDataStoreRequestInfo.RefererId = match.RequestId; //replace the path in the match string requestContext = match.Line.Replace(needle, REQ_CONTEXT_ID); if (requestContext.Length > MAX_REQUEST_CONTEXT_SIZE) { requestContext = TrimRequestContext(requestContext); } //also replace hexadecimal values requestContext = Regex.Replace(requestContext, HEX_REGEX, HEX_VAL); //escape the line requestContext = Regex.Escape(requestContext); //insert the group requestContext = requestContext.Replace(REQ_CONTEXT_ID, RX_GROUP); //insert the HEX regex requestContext = requestContext.Replace(HEX_VAL, HEX_REGEX); CurrDataStoreRequestInfo.RequestContext = requestContext; CurrDataStoreRequestInfo.TrackingPattern = pattern.Name; TrafficDataStore.UpdateRequestInfo(CurrDataStoreRequestInfo); string originalPath = requestInfo.Path; CurrDataStoreRequestInfo.UpdatedPath = originalPath; //change the path of the request HttpRequestInfo newReq = new HttpRequestInfo(requestInfo.ToArray(false), false); //we are only replacing the last portion of the path and the query string to prevent relative path issues and also cookie path issues int lastIndexOfSlash = originalPath.LastIndexOf('/'); if (lastIndexOfSlash >= 0) { originalPath = originalPath.Substring(0, lastIndexOfSlash + 1); } newReq.Path = String.Format("{0}{1}{2}", originalPath, REQ_ID_STRING, CurrDataStoreRequestInfo.Id); TrafficDataStore.SaveRequest(CurrDataStoreRequestInfo.Id, newReq.ToArray(false)); HttpServerConsole.Instance.WriteLine ("Found request context for request '{0}' id: {1}, referer id:{2}", requestInfo.Path, CurrDataStoreRequestInfo.Id, CurrDataStoreRequestInfo.RefererId); HttpServerConsole.Instance.WriteLine (requestContext); return; //we can only have one tracking pattern per request } } }