public void AutoTamperResponseAfter(Session session)
{
if (!Enabled) return;
if (!session.oRequest.host.Contains("duolingo.com")) return;
if (!session.oResponse.MIMEType.StartsWith("application/j")) return;
if (session.uriContains("/sessions/")) GetAnswersFromResponse(session);
if (session.uriContains("/hints/")) GetHintsFromResponse(session);
}
public PassiveCheckResult RunCheck(Session fiddlerSession)
{
if (!fiddlerSession.isHTTPS)
{
if (fiddlerSession.uriContains("login"))
{
return PassiveCheckResult.CreateFailure(this, fiddlerSession.url);
}
}
return PassiveCheckResult.CreatePass(this, fiddlerSession.url);
}
public void AutoTamperResponseBefore(Session oSession)
{
if (oSession.uriContains("luoqi/fun/option.php"))
{
string xx = oSession.url;
string[] requestPar = xx.Split(new char[2] {'?','&'});
foreach (string i in requestPar)
{
if(i.ToString().Contains("guid="))
{
guid = i.ToString().Substring(i.ToString().IndexOf("=") + 1);
}
}
oSession.utilSetResponseBody("irv=200|sign=" + this.Sign(oSession, prize.Text, guid) + "|couponw=asdafas" + "|prize=" + prize.Text);
}
}
public void AutoTamperResponseBefore(Session oSession)
{
if (bAutotestEnabled && oSession.responseCode == 200)
{
foreach (ProductInXML product in products.Values)
{
foreach (ApiItem item in product.apiItems)
{
if (oSession.uriContains(item.url) && oSession.RequestMethod.Equals(item.request.type.ToString()))
{
try
{
String orgResponseBody = Encoding.UTF8.GetString(oSession.responseBodyBytes);
item.response.rootParam.matchWithJsonEntry(JsonEntry.analyzeFromJsonToken(JToken.Parse(orgResponseBody)));
if (item.response.rootParam.matchStruct.matchResult == MatchResult.TYPE_NOT_MATCH)
{
oSession["ui-backcolor"] = "red";
}
log("\n****" + item.url + "****\n" + Utils.insertSpaces(item.response.rootParam.outputMatchResult()));
}
catch (Exception e)
{
}
}
}
}
}
}
/// <summary>
/// This function kills known matches early
/// </summary>
/// <param name="oSession"></param>
public void AutoTamperRequestBefore(Session oSession)
{
// Return immediately if no rule is enabled
if (!bBlockerEnabled) return;
string oHost = oSession.host.ToLower();
if ((oHost.StartsWith("ad.") ||
oHost.StartsWith("ads.") ||
slBlockedHosts.Contains(oHost))) { // Consider tailmatch?
if (miHideBlockedSessions.Checked) {
oSession["ui-hide"] = "userblocked";
}
else
{
oSession["ui-strikeout"] = "userblocked";
}
oSession["x-replywithfile"] = "1pxtrans.dat";
return;
}
if (miLikelyPaths.Checked)
{
if (oSession.uriContains("/ad/") || oSession.uriContains("/ads/") || oSession.uriContains("/advert"))
{
if (!oSession.uriContains(sSecret))
{
oSession.oRequest.FailSession(404, "Fiddler - ContentBlock", "Blocked <a href='//"+oSession.url+"?&"+sSecret+"'>Click to see</a>");
oSession.state = SessionStates.Done;
return;
}
}
}
// If Always Removing, do it and return immediately
if (miFlashAlwaysBlock.Checked)
{
if (/*oSession.url.EndsWith(".swf") ||*/ oSession.oRequest.headers.Exists("x-flash-version"))
{
oSession.oRequest.FailSession(404, "Fiddler - ContentBlock", "Blocked Flash");
oSession.state = SessionStates.Done;
return;
}
}
else if (miBlockXDomainFlash.Checked)
{
// Issue: We don't want to block a .SWF's x-domain request for data, but we do want to block the .SWF if it's xDomain. Hrm.
if (oSession.uriContains(".swf"))// || oSession.oRequest.headers.Exists("x-flash-version"))
{
bool bBlock = false;
string sReferer = oSession.oRequest["Referer"];
// Allow if referer was not sent. Note, this is a hole.
if (sReferer == String.Empty) return;
// Block if Referer was from another domain
if (!bBlock)
{
Uri sFromURI;
Uri sToURI;
if ((Uri.TryCreate(sReferer, UriKind.Absolute, out sFromURI)) && (Uri.TryCreate("http://" + oSession.url, UriKind.Absolute, out sToURI)))
{
bBlock = (0 != Uri.Compare(sFromURI, sToURI, UriComponents.Host, UriFormat.Unescaped, StringComparison.InvariantCultureIgnoreCase));
}
}
if (bBlock)
{
oSession.oRequest.FailSession(404, "Fiddler - ContentBlock", "Blocked Flash");
oSession.state = SessionStates.Done;
}
return;
}
}
}
public void AutoTamperResponseBefore(Session oSession)
{
if (bAutotestEnabled && apiItems != null && oSession.responseCode == 200)
{
//foreach (MockResponseRules singleRule in rules.Values)
//{
// if (oSession.uriContains(singleRule.ApiPattern))
// {
// String orgResponseBody = Encoding.UTF8.GetString(oSession.responseBodyBytes);
// oSession.responseBodyBytes = Encoding.UTF8.GetBytes(singleRule.MockedResponse(orgResponseBody));
// }
//}
foreach (XMLApiItem item in apiItems.Values)
{
if (oSession.uriContains(item.Apiurl) && item.Response.Type == ResponseType.JSON || item.Response.Type == ResponseType.JSON_LIST)
{
String orgResponseBody = Encoding.UTF8.GetString(oSession.responseBodyBytes);
JToken jtResponse = JToken.Parse(orgResponseBody);
Dictionary<String, JsonResponseEntry> responseJsonEntry = JsonUtil.analyzeResponseEntry(jtResponse);
JsonXMLMatcher matcher = JsonUtil.matchJsonWithXML(responseJsonEntry, item.Response.Items, item.Response.Type == ResponseType.JSON_LIST);
item.Response.matchResult = matcher.matchResult;
if (matcher.matchResult == JsonXMLMatcher.MatchResult.MATCH)
{
logger.Log(item.Apiurl + " match result: MATCHED");
}
else
{
if (matcher.matchResult == JsonXMLMatcher.MatchResult.NOT_MATCH)
{
oSession["ui-backcolor"] = "red";
}
logger.Log(item.Apiurl + " match result:" + matcher.matchResultToString() + "\nroot->\n " +
matcher.ToString().Replace("\n", "\n "));
}
String newResponseBody = JsonUtil.assembleJson(responseJsonEntry).ToString();
String str = Regex.Replace(newResponseBody.Replace(@"\\", @"\"), @"\s *", "").Replace(",\"", ", \"").Replace("\":", "\": ");
oSession.responseBodyBytes = Encoding.Default.GetBytes(str);
logger.Log("RessembleJson:\n" + str + "\n");
}
}
}
}
public void AutoTamperRequestBefore(Session oSession)
{
if (bAutotestEnabled)
{
if (oSession.uriContains(strModifyResponseAPI))
{
MockResponseRules rule = APIRequestAnalyzer.analyzeConsoleAPI(Encoding.UTF8.GetString(oSession.RequestBody), logger);
oSession.state = SessionStates.Done;
oSession["ui-hide"] = "true";
if (rule != null)
{
rules.Add(rule.RuleName, rule);
}
}
}
}
internal void Evaluate(Session session)
{
if (m_isEnabled)
{
using (m_lock.ReadLock())
{
m_segmentMatchers
.Where(x => session.uriContains(x.Key))
.ForEach(x => x.Value.AddMatch(
new Match(){
Url = session.url,
Data =session.requestBodyBytes
},
LowWaterMark, HighWaterMark
));
}
}
}
