private void checkedListBox1_ItemCheck(object sender, ItemCheckEventArgs e)
{
//Should always be true,lt in logic though to allow for a option to control the box itself in case
Transformation t = (Transformation)0x0;
List <int> indexes = new List <int>();
foreach (int index in this.checkedListBox1.CheckedIndices)
{
indexes.Add(index);
}
if (e.NewValue == CheckState.Checked)
{
indexes.Add(e.Index);
}
else if (e.NewValue == CheckState.Unchecked)
{
indexes.Remove(e.Index);
}
foreach (int index in indexes)
{
string s = this.checkedListBox1.Items[index].ToString();
t |= UAUtilities.GetTransformationFromString(s);
}
view.ApplyFilter(delegate(ResponseResult rr) { return(((rr.Transformation) & t) > 0); });
this.refreshBindings();
}
/// <summary>
///
/// </summary>
/// <param name="s"></param>
/// <returns></returns>
public MatchCollection TokenizeHeaders(Session s)
{
MatchCollection mc = new MatchCollection();
foreach (IHeaderParser parser in headerParsers)
{
if (parser is ParserBase && UAUtilities.isMatch(((ParserBase)parser).ContentTypePatterns, s.Request.ContentType))
{
mc.AddRange(parser.TokenizeHeaders(s));
}
}
return(mc);
}
private static Transformation GetTransformationFromXmlNode(XmlNode TransformationNode)
{
Transformation t = Transformation.None;
if (TransformationNode.Name == "Transformations")
{
//Next setup the transformations
foreach (XmlAttribute attr in TransformationNode.Attributes)
{
t |= UAUtilities.GetTransformationFromString(attr.Name.Trim());
}
}
return(t);
}
public static UnicodeTestCases LoadUnicodeCharMappingsFromFile(string fPath)
{
XmlDocument doc = new XmlDocument();
UnicodeTestCases list = new UnicodeTestCases();
try
{
doc.Load(fPath);
}
catch (FileNotFoundException e)
{
Trace.WriteLine(String.Format("Error opening XML document contained test cases: Error {0}", e.Message));
}
//Parsing into structures..
try
{
foreach (XmlNode node in doc.SelectNodes("/UnicodeTestMappings/UnicodeTestMapping"))
{
UnicodeTestCaseTypes t = UAUtilities.GetMappingTypeFromString(node.Attributes["Type"].Value);
switch (t)
{
case UnicodeTestCaseTypes.Transformable:
list.Add(ParseTransformable(node));
break;
case UnicodeTestCaseTypes.Traditional:
list.Add(ParseTraditional(node));
break;
case UnicodeTestCaseTypes.Overlong:
list.Add(ParseOverlong(node));
break;
}
}
}
catch (Exception e)
{
Trace.WriteLine(String.Format("Error parsing XML Document {0]", e.Message));
throw e;
}
return(list);
}
public UASettings()
{
this.canary = "pqz";
this.domainFilters = new List <string>();
this.UnicodeTestMappings = XmlMappingLoader.LoadUnicodeCharMappingsFromFile(UAUtilities.GetModuleLocation() + MappingFileName);
}
public static UASettings Load()
{
UASettings settings;
XmlSerializer s = new XmlSerializer(typeof(Secsay.UASettings));
string myDoc = Environment.GetEnvironmentVariable("UserProfile");
TextReader r = new StreamReader(fileName);
settings = (UASettings)s.Deserialize(r);
r.Close();
settings.UnicodeTestMappings = XmlMappingLoader.LoadUnicodeCharMappingsFromFile(UAUtilities.GetModuleLocation() + MappingFileName);
return(settings);
}
// Called before the user can edit a response using the Fiddler Inspectors
public void AutoTamperResponseBefore(Session oSession)
{
if (this.engine == null || !setup)
{
return;
}
if (this.engine.Settings.Enabled)
{
if (this.engine.Settings.domainFilterEnabled && this.engine.Settings.filterResponse && UAUtilities.isMatch(this.engine.Settings.domainFilters, oSession.host))
{
List <Secsay.ResponseResult> results = this.engine.InspectResponse(Secsay.xss.FiddlerUtils.FiddlerSessionToSession(oSession));
if (results.Count > 0)
{
ui.Invoke(ui.ar, results);
}
}
else if (!this.engine.Settings.domainFilterEnabled)
{
List <Secsay.ResponseResult> results = this.engine.InspectResponse(Secsay.xss.FiddlerUtils.FiddlerSessionToSession(oSession));
if (results.Count > 0)
{
foreach (Secsay.ResponseResult rr in results)
{
if (rr.Transformation == Secsay.Transformation.None)
{
if (!allXSSSessions.Contains(oSession))
{
List <Fiddler.Session> XSSSessions = new List <Fiddler.Session>();
XSSSessions.Add(oSession);
XNMD.Comman.WriteWarning("xss url£º" + oSession.fullUrl);
XNMD.MySession.SaveSessionsTo(XSSSessions, @"XSSresult");
}
Monitor.Enter(allXSSSessions);
allXSSSessions.Add(oSession);
Monitor.Exit(allXSSSessions);
}
//Capture.Comman.WriteWarning("type:" + rr.Transformation.ToString() + " xss url£º" + oSession.fullUrl);
}
//ui.Invoke(ui.ar, results);
}
}
}
}
// Called before the user can edit a request using the Fiddler Inspectors
public void AutoTamperRequestBefore(Session oSession)
{
if (this.engine == null || !setup)
{
return;
}
if (this.engine.Settings.Enabled)
{
if (oSession.oFlags[Secsay.UASettings.casabaFlag] == null)
{
if (this.engine.Settings.domainFilterEnabled && this.engine.Settings.filterRequests && UAUtilities.isMatch(this.engine.Settings.domainFilters, oSession.host))
{
this.engine.ProcessRequest(Secsay.xss.FiddlerUtils.FiddlerSessionToSession(oSession));
}
else if (!this.engine.Settings.domainFilterEnabled)
{
this.engine.ProcessRequest(Secsay.xss.FiddlerUtils.FiddlerSessionToSession(oSession));
}
}
}
}
private char GetUnicodeCharFromCodePoint(uint codePoint)
{
return(UAUtilities.uintCodePointToChar(codePoint));
}
public static char uintCodePointToChar(uint codePoint)
{
byte[] bytes = UAUtilities.uintToBytes(codePoint);
return(Encoding.UTF32.GetChars(bytes)[0]);
}
