public void AddFinding(Finding F)
{
F.ScanId = this.ID;
F.AffectedSection = this.InjectedSection;
F.AffectedParameter = this.InjectedParameter;
F.FinderName = this.ActivePluginName;
F.FinderType = "ActivePlugin";
F.BaseRequest = this.BaseRequest;
F.BaseResponse = this.BaseResponse;
this.PRs.Add(F);
F.Report();
}
internal static void Start()
{
ProxyRunning = true;
if (!EventHandlersAssigned)
{
Fiddler.FiddlerApplication.AfterSessionComplete += delegate(Fiddler.Session Sess)
{
IronProxy.AfterSessionComplete(Sess);
};
Fiddler.FiddlerApplication.BeforeRequest += delegate(Fiddler.Session Sess)
{
IronProxy.BeforeRequest(Sess);
};
Fiddler.FiddlerApplication.BeforeResponse += delegate(Fiddler.Session Sess)
{
IronProxy.BeforeResponse(Sess);
};
Fiddler.FiddlerApplication.OnValidateServerCertificate += delegate(object sender, Fiddler.ValidateServerCertificateEventArgs e)
{
if(e.CertificatePolicyErrors != SslPolicyErrors.None)
{
string PluginName = "Internal SSL Checker";
string Signature = string.Format("SSLCertificateChecker|{0}|{1}|{2}", new object[] { e.Session.host, e.Session.port.ToString(), e.CertificatePolicyErrors.ToString() });
if (Finding.IsSignatureUnique(PluginName, e.Session.host, FindingType.Vulnerability, Signature))
{
Finding PR = new Finding(e.Session.host);
PR.Plugin = PluginName;
PR.Severity = FindingSeverity.Medium;
PR.Confidence = FindingConfidence.High;
PR.Title = string.Format("SSL Certificate Error for {0}:{1} ", new object[] { e.Session.host, e.Session.port.ToString() });
PR.Summary = string.Format("The remote server running Host: {0} and Port: {1} returned an invalid SSL certificate.<i<br>> <i<h>>Error:<i</h>> {2}. <i<br>> <i<h>>Certificate Details:<i</h>> {3}", new object[] { e.Session.host, e.Session.port.ToString(), e.CertificatePolicyErrors.ToString(), e.ServerCertificate.Subject });
PR.Signature = Signature;
PR.Report();
}
e.Session.oFlags.Add("IronFlag-SslError", "Yes");
}
//string SSLError = sslPolicyErrors.ToString();
//if (!SSLError.Equals("None"))
//{
// string PluginName = "Internal SSL Checker";
// string Signature = string.Format("SSLCertificateChecker|{0}|{1}|{2}", new object[] { Sess.host, Sess.port.ToString(), sslPolicyErrors.ToString() });
// if (Finding.IsSignatureUnique(PluginName, Sess.host, FindingType.Vulnerability, Signature))
// {
// Finding PR = new Finding(Sess.host);
// PR.Plugin = PluginName;
// PR.Severity = FindingSeverity.Medium;
// PR.Confidence = FindingConfidence.High;
// PR.Title = string.Format("SSL Certificate Error for {0}:{1} ", new object[] { Sess.host, Sess.port.ToString() });
// PR.Summary = string.Format("The remote server running Host: {0} and Port: {1} returned an invalid SSL certificate.<i<br>> <i<h>>Error:<i</h>> {2}. <i<br>> <i<h>>Certificate Details:<i</h>> {3}", new object[] { Sess.host, Sess.port.ToString(), sslPolicyErrors.ToString(), ServerCertificate.Subject });
// PR.Signature = Signature;
// PR.Report();
// }
// Sess.oFlags.Add("IronFlag-SslError", "Yes");
// bTreatCertificateAsValid = false;
// return false;
//}
//else
//{
// bTreatCertificateAsValid = true;
// return true;
//}
};
//Fiddler.FiddlerApplication.OnValidateServerCertificate.OverrideServerCertificateValidation += delegate(Fiddler.Session Sess, string sExpectedCN, X509Certificate ServerCertificate, X509Chain ServerCertificateChain, SslPolicyErrors sslPolicyErrors, out bool bTreatCertificateAsValid)
//{
// string SSLError = sslPolicyErrors.ToString();
// if (!SSLError.Equals("None"))
// {
// string PluginName = "Internal SSL Checker";
// string Signature = string.Format("SSLCertificateChecker|{0}|{1}|{2}", new object[] { Sess.host, Sess.port.ToString(), sslPolicyErrors.ToString() });
// if (Finding.IsSignatureUnique(PluginName, Sess.host, FindingType.Vulnerability, Signature))
// {
// Finding PR = new Finding(Sess.host);
// PR.Plugin = PluginName;
// PR.Severity = FindingSeverity.Medium;
// PR.Confidence = FindingConfidence.High;
// PR.Title = string.Format("SSL Certificate Error for {0}:{1} ", new object[] { Sess.host, Sess.port.ToString() });
// PR.Summary = string.Format("The remote server running Host: {0} and Port: {1} returned an invalid SSL certificate.<i<br>> <i<h>>Error:<i</h>> {2}. <i<br>> <i<h>>Certificate Details:<i</h>> {3}", new object[] { Sess.host, Sess.port.ToString(), sslPolicyErrors.ToString(), ServerCertificate.Subject });
// PR.Signature = Signature;
// PR.Report();
// }
// Sess.oFlags.Add("IronFlag-SslError", "Yes");
// bTreatCertificateAsValid = false;
// return false;
// }
// else
// {
// bTreatCertificateAsValid = true;
// return true;
// }
//};
Fiddler.FiddlerApplication.OnNotification += delegate(object Sender, Fiddler.NotificationEventArgs Args)
{
if (Args.NotifyString.Contains("Unable to bind to port"))
{
IronProxy.Stop();
IronException.Report("Proxy could not be stared", "Listening Proxy could not be started. Likely reason could be the use of the port by another process","");
IronUI.ShowProxyStoppedError("Proxy Not Started! All features depend on the proxy, start proxy to activate them.");
}
};
EventHandlersAssigned = true;
}
Fiddler.CONFIG.IgnoreServerCertErrors = true;
//Fiddler.CONFIG.bReuseServerSockets = false;
IronUI.UpdateProxyStatusInConfigPanel(true);
if (IronProxy.LoopBackOnly)
{
Fiddler.FiddlerApplication.Startup(IronProxy.Port, Fiddler.FiddlerCoreStartupFlags.Default & ~ Fiddler.FiddlerCoreStartupFlags.AllowRemoteClients & ~Fiddler.FiddlerCoreStartupFlags.RegisterAsSystemProxy);
//Fiddler.FiddlerApplication.Startup(IronProxy.Port, Fiddler.FiddlerCoreStartupFlags.Default);
}
else
{
Fiddler.FiddlerApplication.Startup(IronProxy.Port, Fiddler.FiddlerCoreStartupFlags.Default & ~Fiddler.FiddlerCoreStartupFlags.RegisterAsSystemProxy & ~Fiddler.FiddlerCoreStartupFlags.ChainToUpstreamGateway);
}
}
public void AddFinding(Finding PR)
{
this.PRs.Add(PR);
PR.Plugin = this.ActivePluginName;
PR.Report();
}
