コード例 #1
0
ファイル: Trigger.cs プロジェクト: welias/IronWASP
 public Trigger(string RequestTrigger, Request Req, string ResponseTrigger, Response Res)
 {
     this.RequestTrigger = RequestTrigger;
     this.Request = Req.GetClone();
     this.ResponseTrigger = ResponseTrigger;
     this.Response = Res.GetClone();
 }
コード例 #2
0
 internal BodyFormatParamters(Request Request, FormatPlugin Plugin, List<bool>CheckStatus, bool CheckAll)
 {
     this.Request = Request;
     this.Plugin = Plugin;
     this.CheckStatus = CheckStatus;
     this.CheckAll = CheckAll;
 }
コード例 #3
0
ファイル: SoapFormatPlugin.cs プロジェクト: 0ks3ii/IronWASP
 public override bool Is(Request Req)
 {
     try
     {
         return Tools.IsSoap(Req.BodyString.Trim());
     }
     catch { return false; }
 }
コード例 #4
0
ファイル: JsonFormatPlugin.cs プロジェクト: 0ks3ii/IronWASP
 public override bool Is(Request Req)
 {
     try
     {
         return Tools.IsJson(Req.BodyString);
     }
     catch { return false; }
 }
コード例 #5
0
ファイル: Triggers.cs プロジェクト: 0ks3ii/IronWASP
 public void Add(string RequestTrigger, string RequestTriggerDescription, Request Req, string ResponseTrigger, string ResponseTriggerDescription, Response Res)
 {
     if (Req != null || Res != null)
     {
         Trigger T = new Trigger(RequestTrigger, RequestTriggerDescription, Req, ResponseTrigger, ResponseTriggerDescription, Res);
         this.TriggerList.Add(T);
     }
 }
コード例 #6
0
ファイル: Analyzer.cs プロジェクト: moon2l/IronWASP
 public static void AddProbeString(string ProbeString, Request InjectedRequest)
 {
     Request ClonedReq = InjectedRequest.GetClone();
     lock (ProbeStrings)
     {
         ProbeStrings.Add(ProbeString, ClonedReq);
     }
 }
コード例 #7
0
ファイル: Triggers.cs プロジェクト: 0ks3ii/IronWASP
 public void Add(string RequestTrigger, string RequestTriggerDescription, Request Req)
 {
     if (Req != null)
     {
         Trigger T = new Trigger(RequestTrigger, RequestTriggerDescription, Req);
         this.TriggerList.Add(T);
     }
 }
コード例 #8
0
ファイル: CookieStore.cs プロジェクト: welias/IronWASP
 public void Add(Request Req, Response Res)
 {
     List<string> CookieStrings = new List<string>();
     foreach (SetCookie SC in Res.SetCookies)
     {
         CookieStrings.Add(SC.FullString);
     }
     Add(Req.Host, CookieStrings);
 }
コード例 #9
0
ファイル: FormatPlugin.cs プロジェクト: welias/IronWASP
 public static List<FormatPlugin> Get(Request Request)
 {
     List<FormatPlugin> RightPlugins = new List<FormatPlugin>();
     foreach (string Name in List())
     {
         if (Get(Name).Is(Request)) RightPlugins.Add(Get(Name));
     }
     return RightPlugins;
 }
コード例 #10
0
ファイル: Session.cs プロジェクト: 0ks3ii/IronWASP
 public Session(Fiddler.Session _FiddlerSession)
 {
     this.FiddlerSession = _FiddlerSession;
     this.Request = new Request(this.FiddlerSession);
     if (this.FiddlerSession.bHasResponse)
     {
         this.Response = new Response(this.FiddlerSession);
     }
 }
コード例 #11
0
ファイル: Trigger.cs プロジェクト: 0ks3ii/IronWASP
 public Trigger(string RequestTrigger, string RequestTriggerDescription, Request Req, string ResponseTrigger, string ResponseTriggerDescription, Response Res)
 {
     this.RequestTrigger = RequestTrigger;
     this.RequestTriggerDescription = RequestTriggerDescription;
     this.Request = Req.GetClone();
     this.ResponseTrigger = ResponseTrigger;
     this.RawResponseTriggerDescription = ResponseTriggerDescription;
     this.Response = Res.GetClone();
 }
コード例 #12
0
ファイル: FormatPlugin.cs プロジェクト: kartikeyap/IronWASP
 public static List<FormatPlugin> Get(Request Request, List<string> FormatsToCheckFor)
 {
     List<FormatPlugin> RightPlugins = new List<FormatPlugin>();
     foreach (string Name in List())
     {
         if (!FormatsToCheckFor.Contains(Name)) continue;
         if (Get(Name).Is(Request)) RightPlugins.Add(Get(Name));
     }
     return RightPlugins;
 }
コード例 #13
0
 void AddToTriggers(string RequestTrigger, string RequestTriggerDesc, Request TriggerRequest, string ResponseTrigger, string ResponseTriggerDesc, Response TriggerResponse)
 {
     this.RequestTriggers.Add(RequestTrigger);
     this.ResponseTriggers.Add(ResponseTrigger);
     this.RequestTriggerDescs.Add(RequestTriggerDesc);
     this.ResponseTriggerDescs.Add(ResponseTriggerDesc);
     this.TriggerRequests.Add(TriggerRequest);
     this.TriggerResponses.Add(TriggerResponse);
     this.TriggerCount = this.TriggerCount + 1;
 }
コード例 #14
0
ファイル: Highlighter.cs プロジェクト: 0ks3ii/IronWASP
        public static string Highlight(Request Req, List<string> ToHighlight)
        {
            string ReqHeader = Req.GetHeadersAsString();
            string Body = Req.BodyString;

            ReqHeader = InsertHighlights(ReqHeader, ToHighlight);
            Body = InsertHighlights(Body, ToHighlight);

            StringBuilder SB = new StringBuilder();
            SB.Append(SnipHeaderSection(ReqHeader));
            SB.AppendLine(); SB.AppendLine();
            SB.Append(SnipBodySection(Body));

            return SB.ToString();
        }
コード例 #15
0
 public override bool Is(Request Req)
 {
     try
     {
         if (Req.Headers.Has("Content-Type"))
         {
             if (Req.Headers.Get("Content-Type").Trim().StartsWith("multipart", StringComparison.OrdinalIgnoreCase))
             {
                 return true;
             }
         }
         return false;
     }
     catch { return false; }
 }
コード例 #16
0
 List<string> GetMismatchedQueryParameterNames(Request ReqOne, Request ReqTwo)
 {
     List<string> ParamNames = new List<string>();
     foreach (string Name in ReqOne.Query.GetNames())
     {
         if (!AreListValuesSame(ReqOne.Query.GetAll(Name), ReqTwo.Query.GetAll(Name)))
         {
             ParamNames.Add(Name);
         }
     }
     return ParamNames;
 }
コード例 #17
0
ファイル: Session.cs プロジェクト: 0ks3ii/IronWASP
 static Request GetRequest(string RequestHeaders, string RequestBody, bool IsRequestBinary)
 {
     Request Req;
     if (IsRequestBinary)
     {
         if (RequestBody.Length > 0)
         {
             byte[] BodyArray;
             try
             {
                 BodyArray = Convert.FromBase64String(RequestBody);
             }
             catch (Exception Exp)
             {
                 throw new Exception("Error retriving body array from base64 string", Exp);
             }
             Req = new Request(RequestHeaders, BodyArray);
         }
         else
         {
             Req = new Request(RequestHeaders, false, true);
         }
     }
     else
     {
         Req = new Request(RequestHeaders + RequestBody, false, true);
     }
     return Req;
 }
コード例 #18
0
ファイル: Import.cs プロジェクト: moon2l/IronWASP
 static Request ReadBurpRequest(string RequestString, string MetaLine)
 {
     string[] MetaParts = MetaLine.Split(new string[] { "://" }, StringSplitOptions.RemoveEmptyEntries);
     if (MetaParts.Length != 2) return null;
     bool SSL = false;
     if (MetaParts[0].EndsWith("https")) SSL = true;
     try
     {
         Request Req = new Request(RequestString, SSL);
         return Req;
     }
     catch
     {
         return null;
     }
 }
コード例 #19
0
ファイル: IronProxy.cs プロジェクト: herotheo/IronWASP
        internal static bool CanInterceptBasedOnFilter(Request Req, Response Res)
        {
            if (RequestRulesOnResponse)
            {
                if (!CanInterceptBasedOnFilter(Req)) return false;
            }

            //Check Hostnames
            if (InterceptCheckHostNames)
            {
                if (InterceptCheckHostNamesPlus && InterceptHostNames.Count > 0)
                {
                    bool Match = false;
                    foreach (string HostName in InterceptHostNames)
                    {
                        if (Res.Host.Equals(HostName, StringComparison.InvariantCultureIgnoreCase))
                        {
                            Match = true;
                            break;
                        }
                    }
                    if (!Match)
                    {
                        return false;
                    }
                }
                if (InterceptCheckHostNamesMinus && DontInterceptHostNames.Count > 0)
                {
                    foreach (string HostName in DontInterceptHostNames)
                    {
                        if (Res.Host.Equals(HostName, StringComparison.InvariantCultureIgnoreCase))
                        {
                            return false;
                        }
                    }
                }
            }

            //Check Methods Rule
            int Code = Res.Code;
            switch (Code)
            {
                case 200:
                    if (!Intercept200)
                        return false;
                    break;
                case 301:
                case 302:
                    if (!Intercept301_2)
                        return false;
                    break;
                case 403:
                    if (!Intercept403)
                        return false;
                    break;
                case 500:
                    if (!Intercept500)
                        return false;
                    break;
                default:
                    if (Code > 199 && Code < 300)
                    {
                        if (!Intercept2xx)
                            return false;
                    }
                    else if (Code > 299 && Code < 400)
                    {
                        if (!Intercept3xx)
                            return false;
                    }
                    else if (Code > 399 && Code < 500)
                    {
                        if (!Intercept500)
                            return false;
                    }
                    else if (Code > 499 && Code < 600)
                    {
                        if (!Intercept5xx)
                            return false;
                    }
                    break;
            }

            if (Res.BodyLength > 0)
            {
                if (Res.ContentType.ToLower().Contains("html"))
                {
                    if (!InterceptHTML) return false;
                }
                else if (Res.ContentType.ToLower().Contains("css"))
                {
                    if (!InterceptCSS) return false;
                }
                else if (Res.ContentType.ToLower().Contains("javascript"))
                {
                    if (!InterceptJS) return false;
                }
                else if (Res.ContentType.ToLower().Contains("xml"))
                {
                    if (!InterceptXML) return false;
                }
                else if (Res.ContentType.ToLower().Contains("json"))
                {
                    if (!InterceptJSON) return false;
                }
                else if (Res.ContentType.ToLower().Contains("text"))
                {
                    if (!InterceptOtherText) return false;
                }
                else if (Res.ContentType.ToLower().Contains("jpg") || Res.ContentType.ToLower().Contains("png") || Res.ContentType.ToLower().Contains("jpeg") || Res.ContentType.ToLower().Contains("gif") || Res.ContentType.ToLower().Contains("ico"))
                {
                    if (!InterceptImg) return false;
                }
                else
                {
                    if (!InterceptOtherBinary) return false;
                }
            }

            //Check Keyword
            if (InterceptCheckResponseWithKeyword)
            {
                if (InterceptCheckResponseWithKeywordPlus && InterceptResponseWithKeyword.Length > 0)
                {
                    if (!Res.ToString().Contains(InterceptResponseWithKeyword))
                    {
                        return false;
                    }
                }
                if (InterceptCheckResponseWithKeywordMinus && DontInterceptResponseWithKeyword.Length > 0)
                {
                    if (Res.ToString().Contains(DontInterceptResponseWithKeyword))
                    {
                        return false;
                    }
                }
            }

            return true;
        }
コード例 #20
0
ファイル: IronProxy.cs プロジェクト: herotheo/IronWASP
        internal static bool CanInterceptBasedOnFilter(Request Req)
        {
            //Check Hostnames
            if (InterceptCheckHostNames)
            {
                if (InterceptCheckHostNamesPlus && InterceptHostNames.Count > 0)
                {
                    bool Match = false;
                    foreach (string HostName in InterceptHostNames)
                    {
                        if (Req.Host.Equals(HostName, StringComparison.InvariantCultureIgnoreCase))
                        {
                            Match = true;
                            break;
                        }
                    }
                    if (!Match)
                    {
                        return false;
                    }
                }
                if (InterceptCheckHostNamesMinus && DontInterceptHostNames.Count > 0)
                {
                    foreach (string HostName in DontInterceptHostNames)
                    {
                        if (Req.Host.Equals(HostName, StringComparison.InvariantCultureIgnoreCase))
                        {
                            return false;
                        }
                    }
                }
            }

            //Check Methods Rule
            if (!InterceptGET)
            {
                if (Req.Method.Equals("GET", StringComparison.CurrentCultureIgnoreCase))
                {
                    return false;
                }
            }
            if (!InterceptPOST)
            {
                if (Req.Method.Equals("POST", StringComparison.CurrentCultureIgnoreCase))
                {
                    return false;
                }
            }
            if (!InterceptOtherMethods)
            {
                if (!(Req.Method.Equals("GET", StringComparison.CurrentCultureIgnoreCase) || Req.Method.Equals("POST", StringComparison.CurrentCultureIgnoreCase)))
                {
                    return false;
                }
            }

            //Check File Extensions
            Req.StoredFile = Req.File;
            if (InterceptCheckFileExtensions && Req.StoredFile.Length > 0)
            {
                if (InterceptCheckFileExtensionsPlus && InterceptFileExtensions.Count > 0)
                {
                    bool Match = false;
                    foreach (string File in InterceptFileExtensions)
                    {
                        if (Req.StoredFile.Equals(File, StringComparison.InvariantCultureIgnoreCase))
                        {
                            Match = true;
                            break;
                        }
                    }
                    if (!Match)
                    {
                        return false;
                    }
                }
                if (InterceptCheckFileExtensionsMinus && DontInterceptFileExtensions.Count > 0)
                {
                    foreach (string File in DontInterceptFileExtensions)
                    {
                        if (Req.StoredFile.Equals(File, StringComparison.InvariantCultureIgnoreCase))
                        {
                            return false;
                        }
                    }
                }
            }

            //Check Keyword
            if (InterceptCheckRequestWithKeyword)
            {
                if (InterceptCheckRequestWithKeywordPlus && InterceptRequestWithKeyword.Length > 0)
                {
                    if (!Req.ToString().Contains(InterceptRequestWithKeyword))
                    {
                        return false;
                    }
                }
                if (InterceptCheckRequestWithKeywordMinus && DontInterceptRequestWithKeyword.Length > 0)
                {
                    if (Req.ToString().Contains(DontInterceptRequestWithKeyword))
                    {
                        return false;
                    }
                }
            }
            return true;
        }
コード例 #21
0
ファイル: IronProxy.cs プロジェクト: herotheo/IronWASP
 //internal static void UpdateCurrentSessionWithNewRequestHeader(string HeaderString)
 //{
 //    string NewRequestHeaders = HeaderString.TrimEnd(new char[]{'\r','\n'});
 //    NewRequestHeaders += "\r\n\r\n";
 //    IronProxy.CurrentSession.Request = new Request(NewRequestHeaders, IronProxy.CurrentSession.Request.SSL, false);
 //    IronProxy.CurrentSession.Request.ID = IronProxy.CurrentSession.OriginalRequest.ID;
 //    byte[] OldBody = new byte[IronProxy.CurrentSession.OriginalRequest.BodyArray.Length];
 //    IronProxy.CurrentSession.OriginalRequest.BodyArray.CopyTo(OldBody, 0);
 //    IronProxy.CurrentSession.Request.BodyArray = OldBody;
 //    IronProxy.CurrentSession.FiddlerSession.oRequest.headers.AssignFromString(IronProxy.CurrentSession.Request.GetHeadersAsString());
 //}
 //internal static void UpdateFiddlerSessionWithNewRequestHeader()
 //{
 //    IronProxy.CurrentSession.FiddlerSession.oRequest.headers.AssignFromString(IronProxy.CurrentSession.Request.GetHeadersAsString());
 //}
 //internal static void UpdateCurrentSessionWithNewRequestBodyText(string BodyString)
 //{
 //    if (IronProxy.CurrentSession.Request.IsBinary)
 //    {
 //        IronProxy.CurrentSession.Request.BodyArray = Encoding.UTF8.GetBytes(BodyString);
 //    }
 //    else
 //    {
 //        IronProxy.CurrentSession.Request.BodyString = BodyString;
 //    }
 //    IronProxy.CurrentSession.FiddlerSession.utilSetRequestBody(IronProxy.CurrentSession.Request.BodyString);
 //}
 //internal static void UpdateFiddlerSessionWithNewRequestBody()
 //{
 //    IronProxy.CurrentSession.FiddlerSession.utilSetRequestBody(IronProxy.CurrentSession.Request.BodyString);
 //}
 internal static void UpdateCurrentSessionWithNewRequest(Request Req)
 {
     IronProxy.CurrentSession.Request = Req;
     IronProxy.CurrentSession.Request.ID = IronProxy.CurrentSession.OriginalRequest.ID;
     //UpdateFiddlerSessionWithNewRequest();
 }
コード例 #22
0
ファイル: IronDB.cs プロジェクト: 0ks3ii/IronWASP
 internal static void UpdateScan(int ScanID, Request Req, string Status, string InjectionPoints, string FormatPlugin, string ScanPlugins, string SessionPlugin)
 {
     using(SQLiteConnection DB = new SQLiteConnection("data source=" + IronProjectFile))
     {
     DB.Open();
         using(SQLiteCommand Cmd = DB.CreateCommand())
         {
         Cmd.CommandText = "UPDATE ScanQueue SET RequestHeaders=@RequestHeaders, RequestBody=@RequestBody, BinaryRequest=@BinaryRequest, Status=@Status, Method=@Method, URL=@URL, SessionPlugin=@SessionPlugin, InjectionPoints=@InjectionPoints, FormatPlugin=@FormatPlugin, ScanPlugins=@ScanPlugins WHERE ScanID=@ScanID";
         Cmd.Parameters.AddWithValue("@ScanID", ScanID);
         Cmd.Parameters.AddWithValue("@RequestHeaders", Req.GetHeadersAsString());
         if(Req.IsBinary)
             Cmd.Parameters.AddWithValue("@RequestBody", Req.BinaryBodyString);
         else
             Cmd.Parameters.AddWithValue("@RequestBody", Req.BodyString);
         Cmd.Parameters.AddWithValue("@BinaryRequest", AsInt(Req.IsBinary));
         Cmd.Parameters.AddWithValue("@Status", Status);
         Cmd.Parameters.AddWithValue("@Method", Req.Method);
         Cmd.Parameters.AddWithValue("@URL", Req.FullUrl);
         Cmd.Parameters.AddWithValue("@SessionPlugin", SessionPlugin);
         Cmd.Parameters.AddWithValue("@InjectionPoints", InjectionPoints);
         Cmd.Parameters.AddWithValue("@FormatPlugin", FormatPlugin);
         Cmd.Parameters.AddWithValue("@ScanPlugins", ScanPlugins);
         Cmd.ExecuteNonQuery();
         }
     }
 }
コード例 #23
0
ファイル: IronDB.cs プロジェクト: 0ks3ii/IronWASP
 internal static void CreateScan(int ScanID, Request Req)
 {
     using(SQLiteConnection DB = new SQLiteConnection("data source=" + IronProjectFile))
     {
     DB.Open();
     using (SQLiteCommand Cmd = DB.CreateCommand())
     {
         Cmd.CommandText = "INSERT INTO ScanQueue (ScanID, RequestHeaders, RequestBody, BinaryRequest, Status, Method, URL) VALUES (@ScanID, @RequestHeaders, @RequestBody, @BinaryRequest, @Status, @Method, @URL)";
         Cmd.Parameters.AddWithValue("@ScanID", ScanID);
         Cmd.Parameters.AddWithValue("@RequestHeaders", Req.GetHeadersAsString());
         if (Req.IsBinary)
             Cmd.Parameters.AddWithValue("@RequestBody", Req.BinaryBodyString);
         else
             Cmd.Parameters.AddWithValue("@RequestBody", Req.BodyString);
         Cmd.Parameters.AddWithValue("@BinaryRequest", AsInt(Req.IsBinary));
         Cmd.Parameters.AddWithValue("@Status", "Not Started");
         Cmd.Parameters.AddWithValue("@Method", Req.Method);
         Cmd.Parameters.AddWithValue("@URL", Req.FullUrl);
         Cmd.ExecuteNonQuery();
     }
     }
     //CreateScan(ScanID, Req, "Not Started", "", "", "", "");
 }
コード例 #24
0
ファイル: Session.cs プロジェクト: 0ks3ii/IronWASP
 public Session(string RequestString)
 {
     this.FiddlerSession = Session.CreateFiddlerSessionFromRequestString(RequestString);
     this.Request = new Request(this.FiddlerSession);
 }
コード例 #25
0
ファイル: Session.cs プロジェクト: 0ks3ii/IronWASP
 public Session(string RequestString, string ResponseString)
 {
     this.Request = new Request(RequestString,false,true);
     this.Response = new Response(ResponseString);
     this.FiddlerSession = new Fiddler.Session(this.Request.GetFullRequestAsByteArray(), this.Response.GetFullResponseAsByteArray());
 }
コード例 #26
0
ファイル: Scanner.cs プロジェクト: welias/IronWASP
 internal void ReloadRequestFromString(string RequestString)
 {
     this.OriginalRequest = new Request(RequestString, false, true);
     this.OriginalRequest.ScanID = this.ScanID;
 }
コード例 #27
0
ファイル: Session.cs プロジェクト: 0ks3ii/IronWASP
 public Session(Request Request, Response Response)
 {
     this.Request = Request;
     this.Response = Response;
     this.FiddlerSession = new Fiddler.Session(this.Request.GetFullRequestAsByteArray(), this.Response.GetFullResponseAsByteArray());
 }
コード例 #28
0
        internal bool IsUniqueToScan(Request Req, List<Request> ScannedRequests, bool IgnoreUrl )
        {
            int DuplicateNamesMatchCounter = 0;
            foreach (Request RR in ScannedRequests)
            {
                if (!Req.Method.Equals(RR.Method)) continue;
                if (Req.HasBody != RR.HasBody) continue;
                if (Req.UrlPathParts.Count != RR.UrlPathParts.Count) continue;
                if (Req.Query.Count != RR.Query.Count) continue;
                if (Req.HasBody)
                {
                    if (Req.Body.Count != RR.Body.Count) continue;
                }
                if (Req.URLPath.Equals(RR.URLPath))
                {
                    List<string> ReqQueryNames = Req.Query.GetNames();
                    List<string> RRQueryNames = RR.Query.GetNames();
                    if (AreListValuesSame(ReqQueryNames, RRQueryNames))
                    {
                        if (PromptUser)
                        {
                            List<string> MismatchedParameters = GetMismatchedQueryParameterNames(Req, RR);
                            if (IsAnyQueryParameterUnique(MismatchedParameters))
                                return true;
                            else if (AreAllQueryParametersNonUnique(MismatchedParameters))
                            {
                                if (!Req.HasBody) return false;
                            }
                            else
                            {
                                StringBuilder Message = new StringBuilder();
                                Message.Append("<i<b>><i<cg>>Request A:<i</cg>><i</b>><i<br>>");
                                Message.Append("  "); Message.Append(RR.Method); Message.Append("  "); Message.Append(RR.UrlPath); Message.Append("?");
                                foreach (string Name in RR.Query.GetNames())
                                {
                                    foreach (string Value in RR.Query.GetAll(Name))
                                    {
                                        if (MismatchedParameters.Contains(Name)) Message.Append("<i<hlo>>");
                                        Message.Append(Name); Message.Append("="); Message.Append(Value);
                                        if (MismatchedParameters.Contains(Name)) Message.Append("<i</hlo>>");
                                        Message.Append("&");
                                    }
                                }
                                if (Message.ToString().EndsWith("&")) Message.Remove(Message.Length - 1, 1);
                                Message.Append("<i<br>>");
                                Message.Append("<i<b>><i<cg>>Request B:<i</cg>><i</b>><i<br>>");
                                Message.Append("  "); Message.Append(Req.Method); Message.Append("  "); Message.Append(Req.UrlPath); Message.Append("?");
                                foreach (string Name in Req.Query.GetNames())
                                {
                                    foreach (string Value in Req.Query.GetAll(Name))
                                    {
                                        if (MismatchedParameters.Contains(Name)) Message.Append("<i<hlo>>");
                                        Message.Append(Name); Message.Append("="); Message.Append(Value);
                                        if (MismatchedParameters.Contains(Name)) Message.Append("<i</hlo>>");
                                        Message.Append("&");
                                    }
                                }
                                if (Message.ToString().EndsWith("&")) Message.Remove(Message.Length - 1, 1);
                                Message.Append("<i<br>>");
                                Message.Append("<i<br>>");
                                Message.Append(@"Request A has been sent for scanning already. Request B is being considered for scanning.<i<br>>
            Request A & Request B have the same Query parameter names but some parameters have different values.<i<br>>
            If Request B can be considered a duplicate of A and not scanned then just hit 'Submit'.<i<br>>
            If the values of some the mis-matched parameters makes Request B unique then select those Query Paramters from the provided list and then hit 'Submit'");
                                List<int> AskUserResponse = AskUser.ForList("Duplicate Scan Item Check", Message.ToString(), "Scan Request B", "Don't scan Request B", "Scan Request B and set these parameters as unique", MismatchedParameters);
                                List<string> UniqueParams = new List<string>();
                                for (int i = 2; i < AskUserResponse.Count; i++)
                                {
                                    UniqueParams.Add(MismatchedParameters[AskUserResponse[i]]);
                                }

                                if (UniqueParams.Count > 0 || AskUserResponse[0] == 1)
                                {
                                    UniqueQueryParameters.AddRange(UniqueParams);
                                    return true;
                                }
                                else
                                {
                                    NonUniqueQueryParameters.AddRange(MismatchedParameters);
                                    if (!Req.HasBody) return false;
                                }
                            }
                        }
                        else
                        {
                            if (!Req.HasBody)
                            {
                                DuplicateNamesMatchCounter++;
                                if (DuplicateNamesMatchCounter > 20)
                                {
                                    return false;
                                }
                            }
                        }
                    }
                    else
                    {
                        continue;
                    }
                    if (Req.HasBody)
                    {
                        List<string> ReqBodyNames = Req.Body.GetNames();
                        List<string> RRBodyNames = RR.Body.GetNames();
                        if (AreListValuesSame(ReqBodyNames, RRBodyNames))
                        {
                            if (PromptUser)
                            {
                                List<string> MismatchedParameters = GetMismatchedBodyParameterNames(Req, RR);
                                if (IsAnyBodyParameterUnique(MismatchedParameters))
                                    return true;
                                else if (AreAllBodyParametersNonUnique(MismatchedParameters))
                                {
                                    return false;
                                }
                                else
                                {
                                    StringBuilder Message = new StringBuilder();
                                    Message.Append("<i<b>><i<cg>>Request A:<i</cg>><i</b>><i<br>>");
                                    Message.Append("  "); Message.Append(RR.Method); Message.Append("  "); Message.Append(RR.Url); Message.Append("<i<br>><i<br>>"); Message.Append("  ");
                                    foreach (string Name in RR.Body.GetNames())
                                    {
                                        foreach (string Value in RR.Body.GetAll(Name))
                                        {
                                            if (MismatchedParameters.Contains(Name)) Message.Append("<i<hlo>>");
                                            Message.Append(Name); Message.Append("="); Message.Append(Value);
                                            if (MismatchedParameters.Contains(Name)) Message.Append("<i</hlo>>");
                                            Message.Append("&");
                                        }
                                    }
                                    if (Message.ToString().EndsWith("&")) Message.Remove(Message.Length - 1, 1);
                                    Message.Append("<i<br>>");
                                    Message.Append("<i<br>>");
                                    Message.Append("<i<b>><i<cg>>Request B:<i</cg>><i</b>><i<br>>");
                                    Message.Append("  "); Message.Append(Req.Method); Message.Append("  "); Message.Append(Req.Url); Message.Append("<i<br>><i<br>>"); Message.Append("  ");
                                    foreach (string Name in Req.Body.GetNames())
                                    {
                                        foreach (string Value in Req.Body.GetAll(Name))
                                        {
                                            if (MismatchedParameters.Contains(Name)) Message.Append("<i<hlo>>");
                                            Message.Append(Name); Message.Append("="); Message.Append(Value);
                                            if (MismatchedParameters.Contains(Name)) Message.Append("<i</hlo>>");
                                            Message.Append("&");
                                        }
                                    }
                                    if (Message.ToString().EndsWith("&")) Message.Remove(Message.Length - 1, 1);
                                    Message.Append("<i<br>>");
                                    Message.Append("<i<br>>");
                                    Message.Append(@"Request A has been sent for scanning already. Request B is being considered for scanning.<i<br>>
            Request A & Request B have the same Body parameter names but some parameters have different values.<i<br>>
            If Request B can be considered a duplicate of A and not scanned then just hit 'Submit'.<i<br>>
            If the values of some the mis-matched parameters makes Request B unique then select those Body Paramters from the provided list and then hit 'Submit'");
                                    List<int> AskUserResponse = AskUser.ForList("Duplicate Scan Item Check", Message.ToString(), "Scan Request B", "Don't scan Request B", "Scan Request B and set these parameters as unique", MismatchedParameters);
                                    List<string> UniqueParams = new List<string>();
                                    for (int i = 2; i < AskUserResponse.Count; i++)
                                    {
                                        UniqueParams.Add(MismatchedParameters[AskUserResponse[i]]);
                                    }

                                    if (UniqueParams.Count > 0 || AskUserResponse[0] == 1)
                                    {
                                        UniqueBodyParameters.AddRange(UniqueParams);
                                        return true;
                                    }
                                    else
                                    {
                                        NonUniqueBodyParameters.AddRange(MismatchedParameters);
                                        return false;
                                    }
                                }
                            }
                            else
                            {
                                DuplicateNamesMatchCounter++;
                                if (DuplicateNamesMatchCounter > 20)
                                {
                                    return false;
                                }
                            }
                        }
                        else
                        {
                            continue;
                        }
                    }
                }
                else
                {
                    if (!PromptUser) return true;
                    if (IgnoreUrl) return false;
                    if (!(Req.File.Equals("") && RR.File.Equals(""))) continue;
                    List<string> PathPartMatch = new List<string>();
                    List<string> ReqUrlPathParts = new List<string>(Req.UrlPathParts);
                    List<string> RRUrlPathParts = new List<string>(RR.UrlPathParts);
                    List<string> MatchUrlPathParts = new List<string>();
                    List<string> MatchedParts = new List<string>();
                    List<string> ReqAMismatchedParts = new List<string>();
                    List<string> ReqBMismatchedParts = new List<string>();

                    bool LastMatch = true;
                    for (int i = 0; i < ReqUrlPathParts.Count; i++)
                    {
                        if (LastMatch)
                        {
                            if (ReqUrlPathParts[i].Equals(RRUrlPathParts[i]))
                            {
                                MatchUrlPathParts.Add(ReqUrlPathParts[i]);
                                MatchedParts.Add(ReqUrlPathParts[i]);
                            }
                            else
                            {
                                LastMatch = false;
                                MatchUrlPathParts.Add("*");
                                ReqAMismatchedParts.Add(RRUrlPathParts[i]);
                                ReqBMismatchedParts.Add(ReqUrlPathParts[i]);
                            }
                        }
                        else
                        {
                            MatchUrlPathParts.Add("*");
                            ReqAMismatchedParts.Add(RRUrlPathParts[i]);
                            ReqBMismatchedParts.Add(ReqUrlPathParts[i]);
                        }
                    }
                    if (MatchedParts.Count == 0) continue;
                    List<string> MatchUrlPathSignatures = UniqueUrlSignatureGenerator(MatchedParts, ReqBMismatchedParts);
                    string MatchUrlPathSignature = "/" + String.Join("/", MatchUrlPathParts.ToArray()) + "/";
                    if (IsUrlPathSignatureUnique(MatchUrlPathSignatures)) return true;
                    if (IsUrlPathSignatureNonUnique(MatchUrlPathSignatures)) return false;

                    StringBuilder Message = new StringBuilder();
                    Message.Append("<i<b>><i<cg>>Request A:<i</cg>><i</b>><i<br>>");
                    Message.Append("  "); Message.Append(RR.Method); Message.Append("  ");
                    foreach (string Part in MatchedParts)
                    {
                        Message.Append("/"); Message.Append(Part);
                    }
                    foreach (string Part in ReqAMismatchedParts)
                    {
                        Message.Append("/"); Message.Append("<i<hlo>>"); Message.Append(Part); Message.Append("<i</hlo>>");
                    }
                    if (RR.Url.EndsWith("/")) Message.Append("/");

                    Message.Append("<i<br>>");
                    Message.Append("<i<br>>");
                    Message.Append("<i<b>><i<cg>>Request B:<i</cg>><i</b>><i<br>>");
                    Message.Append("  "); Message.Append(Req.Method); Message.Append("  ");
                    foreach (string Part in MatchedParts)
                    {
                        Message.Append("/"); Message.Append(Part);
                    }
                    foreach (string Part in ReqBMismatchedParts)
                    {
                        Message.Append("/"); Message.Append("<i<hlo>>"); Message.Append(Part); Message.Append("<i</hlo>>");
                    }
                    if (Req.Url.EndsWith("/")) Message.Append("/");

                    Message.Append("<i<br>>");
                    Message.Append("<i<br>>");
                    Message.Append(@"Request A has been sent for scanning already. Request B is being considered for scanning.<i<br>>
            Request A & Request B have the same starting URL but some sections of the URL differ, this could probably be a case of URL re-writing.<i<br>>
            If Request B can be considered a duplicate of A and not scanned then just hit 'Submit'.<i<br>>
            If some sections of the URL path make Request B unique then select those sections from the provided list and then hit 'Submit'");
                    List<int> AskUserResponse = AskUser.ForList("Duplicate Scan Item Check", Message.ToString(), "Scan Request B", "Don't scan Request B", "Scan Request B and set these parameters as unique", ReqBMismatchedParts);
                    List<int> UniquePathPartPositions = new List<int>();
                    for (int i = 2; i < AskUserResponse.Count; i++)
                    {
                        UniquePathPartPositions.Add(AskUserResponse[i]);
                    }

                    if (UniquePathPartPositions.Count == 0 && AskUserResponse[1] == 1)
                    {
                        NonUniqueUrlParameters.Add(MatchUrlPathSignature);
                        return false;
                    }
                    else
                    {
                        if(UniquePathPartPositions.Count > 0)
                        {
                            List<string> NewSignatureList = new List<string>(MatchedParts);
                            for (int ii = 0; ii < ReqBMismatchedParts.Count; ii++)
                            {
                                if (UniquePathPartPositions.Contains(ii))
                                    NewSignatureList.Add(ReqBMismatchedParts[ii]);
                                else
                                    NewSignatureList.Add("*");
                            }
                            NonUniqueUrlParameters.Add("/" + string.Join("/", NewSignatureList.ToArray()) + "/");
                        }
                        return true;
                    }
                }
            }
            return true;
        }
コード例 #29
0
ファイル: Session.cs プロジェクト: 0ks3ii/IronWASP
 public Session(Request Req)
 {
     this.FiddlerSession = Req.ReturnAsFiddlerSession();
     this.Request = Req;
 }
コード例 #30
0
ファイル: IronDB.cs プロジェクト: 0ks3ii/IronWASP
 internal static void LogMTRequest(Request Request)
 {
     using (SQLiteConnection MT_DB = new SQLiteConnection("data source=" + TestLogFile))
     {
         MT_DB.Open();
         using (SQLiteCommand Cmd = MT_DB.CreateCommand())
         {
             Cmd.CommandText = "INSERT INTO TestLog (ID, SSL, HostName, Method, URL, File, Parameters, RequestHeaders, RequestBody, BinaryRequest, Notes) VALUES (@ID, @SSL, @HostName, @Method, @URL, @File, @Parameters, @RequestHeaders, @RequestBody, @BinaryRequest, @Notes)";
             Cmd.Parameters.AddWithValue("@ID", Request.ID);
             Cmd.Parameters.AddWithValue("@SSL", AsInt(Request.SSL));
             Cmd.Parameters.AddWithValue("@HostName", Request.Host);
             Cmd.Parameters.AddWithValue("@Method", Request.Method);
             Cmd.Parameters.AddWithValue("@URL", Request.URL);
             Cmd.Parameters.AddWithValue("@File", Request.File);
             Cmd.Parameters.AddWithValue("@Parameters", Request.GetParametersString());
             //Cmd.Parameters.AddWithValue("@RequestHeaders", Request.GetHeadersAsStringWithoutFullURL());
             Cmd.Parameters.AddWithValue("@RequestHeaders", Request.GetHeadersAsString());
             if (Request.IsBinary)
                 Cmd.Parameters.AddWithValue("@RequestBody", Request.BinaryBodyString);
             else
                 Cmd.Parameters.AddWithValue("@RequestBody", Request.BodyString);
             //Cmd.Parameters.AddWithValue("@RequestBody", Request.BodyString);
             Cmd.Parameters.AddWithValue("@BinaryRequest", AsInt(Request.IsBinary));
             Cmd.Parameters.AddWithValue("@Notes", "Some Notes");
             Cmd.ExecuteNonQuery();
         }
     }
 }