public Trigger(string RequestTrigger, Request Req, string ResponseTrigger, Response Res)
{
this.RequestTrigger = RequestTrigger;
this.Request = Req.GetClone();
this.ResponseTrigger = ResponseTrigger;
this.Response = Res.GetClone();
}
internal SimilarityCheckerItem(string Key, Response Res, string Payload)
{
this.Key = Key;
this.Res = Res;
this.Payload = Payload;
this.isPayloadSet = true;
this.ProcessedBodyString = this.Res.BodyString.Replace(Payload, "").Replace(Tools.UrlEncode(Payload), "").Replace(Tools.HtmlEncode(Payload), "");
}
public override bool Is(Response Res)
{
try
{
return Tools.IsSoap(Res.BodyString.Trim());
}
catch { return false; }
}
public void Add(string Key, Response Item)
{
if (ItemsDictionary.ContainsKey(Key))
{
throw new Exception(string.Format("Key-{0} already exists!", Key));
}
ItemsDictionary[Key] = new SimilarityCheckerItem(Key, Item);
}
public override bool Is(Response Res)
{
try
{
return Tools.IsJson(Res.BodyString);
}
catch { return false; }
}
public void Add(string RequestTrigger, string RequestTriggerDescription, Request Req, string ResponseTrigger, string ResponseTriggerDescription, Response Res)
{
if (Req != null || Res != null)
{
Trigger T = new Trigger(RequestTrigger, RequestTriggerDescription, Req, ResponseTrigger, ResponseTriggerDescription, Res);
this.TriggerList.Add(T);
}
}
public void Add(Request Req, Response Res)
{
List<string> CookieStrings = new List<string>();
foreach (SetCookie SC in Res.SetCookies)
{
CookieStrings.Add(SC.FullString);
}
Add(Req.Host, CookieStrings);
}
public static List<FormatPlugin> Get(Response Response)
{
List<FormatPlugin> RightPlugins = new List<FormatPlugin>();
foreach (string Name in List())
{
if (Get(Name).Is(Response)) RightPlugins.Add(Get(Name));
}
return RightPlugins;
}
public Session(Fiddler.Session _FiddlerSession)
{
this.FiddlerSession = _FiddlerSession;
this.Request = new Request(this.FiddlerSession);
if (this.FiddlerSession.bHasResponse)
{
this.Response = new Response(this.FiddlerSession);
}
}
public Trigger(string RequestTrigger, string RequestTriggerDescription, Request Req, string ResponseTrigger, string ResponseTriggerDescription, Response Res)
{
this.RequestTrigger = RequestTrigger;
this.RequestTriggerDescription = RequestTriggerDescription;
this.Request = Req.GetClone();
this.ResponseTrigger = ResponseTrigger;
this.RawResponseTriggerDescription = ResponseTriggerDescription;
this.Response = Res.GetClone();
}
void AddToTriggers(string RequestTrigger, string RequestTriggerDesc, Request TriggerRequest, string ResponseTrigger, string ResponseTriggerDesc, Response TriggerResponse)
{
this.RequestTriggers.Add(RequestTrigger);
this.ResponseTriggers.Add(ResponseTrigger);
this.RequestTriggerDescs.Add(RequestTriggerDesc);
this.ResponseTriggerDescs.Add(ResponseTriggerDesc);
this.TriggerRequests.Add(TriggerRequest);
this.TriggerResponses.Add(TriggerResponse);
this.TriggerCount = this.TriggerCount + 1;
}
public static string Highlight(Response Res, List<string> ToHighlight)
{
string ResHeader = Res.GetHeadersAsString();
string Body = Res.BodyString;
ResHeader = InsertHighlights(ResHeader, ToHighlight);
Body = InsertHighlights(Body, ToHighlight);
StringBuilder SB = new StringBuilder();
SB.Append(SnipHeaderSection(ResHeader));
SB.AppendLine(); SB.AppendLine();
SB.Append(SnipBodySection(Body));
return SB.ToString();
}
public override bool Is(Response Res)
{
try
{
if (Res.Headers.Has("Content-Type"))
{
if (Res.Headers.Get("Content-Type").Trim().StartsWith("multipart", StringComparison.OrdinalIgnoreCase))
{
return true;
}
}
return false;
}
catch { return false; }
}
//Override the Check method of the base class with custom functionlity
public override void Check(Scanner Scnr)
{
this.Scnr = Scnr;
this.RequestTriggers = new List<string>();
this.ResponseTriggers = new List<string>();
this.RequestTriggerDescs = new List<string>();
this.ResponseTriggerDescs = new List<string>();
this.TriggerRequests = new List<Request>();
this.TriggerResponses = new List<Response>();
this.TriggerCount = 0;
this.reasons = new List<FindingReason>();
this.ConfidenceLevel = 0;
this.base_response = this.Scnr.BaseResponse;
this.ErrorCount = new int[] { 0, 0, 0 };
this.Errors = new List<string>();
this.ErrorTriggerCount = 0;
this.Scnr.Trace("<i<br>><i<h>>Checking for SQL Injection:<i</h>>");
int overall_error_score = this.CheckForErrorBasedSQLi();
int overall_blind_score = this.CheckForBlindSQLi();
int overall_score = overall_error_score + overall_blind_score;
if (this.RequestTriggers.Count == this.ErrorTriggerCount && (this.ErrorCount[0] + this.ErrorCount[1] + this.ErrorCount[2]) > 0 && (this.ErrorCount[0] == this.ErrorCount[1] && this.ErrorCount[1] == this.ErrorCount[2]))
{
this.ReportSQLError(this.Errors);
}
else if (overall_score > 7)
{
this.ReportSQLInjection(FindingConfidence.High);
}
else if (overall_score > 4)
{
this.ReportSQLInjection(FindingConfidence.Medium);
}
else if (overall_score > 3)
{
this.ReportSQLInjection(FindingConfidence.Low);
}
//overall_blind_score = this.CheckForBlindSQLi(Request, Scanner)
//overall_score = overall_error_score + overall_blind_score
//if(overall_score == 0):
// return
}
static void ProcessBurpMessage(string BurpMessage, string MetaLine)
{
string[] BurpMessageParts = BurpMessage.Split(new string[] { "\r\n======================================================\r\n" }, 2, StringSplitOptions.RemoveEmptyEntries);
Session IrSe = null;
if (BurpMessageParts.Length > 0)
{
Request Req = ReadBurpRequest(BurpMessageParts[0], MetaLine);
if (Req != null)
{
IrSe = new Session(Req);
IrSe.ID = Interlocked.Increment(ref Config.ProxyRequestsCount);
IronUpdater.AddProxyRequest(IrSe.Request.GetClone(true));
PassiveChecker.AddToCheckRequest(IrSe);
}
}
if (BurpMessageParts.Length == 2)
{
if (IrSe != null)
{
try
{
Response Res = new Response(BurpMessageParts[1]);
IrSe.Response = Res;
IrSe.Response.ID = IrSe.Request.ID;
IronUpdater.AddProxyResponse(IrSe.Response.GetClone(true));
PassiveChecker.AddToCheckResponse(IrSe);
}
catch
{
}
}
}
}
internal static bool CanInterceptBasedOnFilter(Request Req, Response Res)
{
if (RequestRulesOnResponse)
{
if (!CanInterceptBasedOnFilter(Req)) return false;
}
//Check Hostnames
if (InterceptCheckHostNames)
{
if (InterceptCheckHostNamesPlus && InterceptHostNames.Count > 0)
{
bool Match = false;
foreach (string HostName in InterceptHostNames)
{
if (Res.Host.Equals(HostName, StringComparison.InvariantCultureIgnoreCase))
{
Match = true;
break;
}
}
if (!Match)
{
return false;
}
}
if (InterceptCheckHostNamesMinus && DontInterceptHostNames.Count > 0)
{
foreach (string HostName in DontInterceptHostNames)
{
if (Res.Host.Equals(HostName, StringComparison.InvariantCultureIgnoreCase))
{
return false;
}
}
}
}
//Check Methods Rule
int Code = Res.Code;
switch (Code)
{
case 200:
if (!Intercept200)
return false;
break;
case 301:
case 302:
if (!Intercept301_2)
return false;
break;
case 403:
if (!Intercept403)
return false;
break;
case 500:
if (!Intercept500)
return false;
break;
default:
if (Code > 199 && Code < 300)
{
if (!Intercept2xx)
return false;
}
else if (Code > 299 && Code < 400)
{
if (!Intercept3xx)
return false;
}
else if (Code > 399 && Code < 500)
{
if (!Intercept500)
return false;
}
else if (Code > 499 && Code < 600)
{
if (!Intercept5xx)
return false;
}
break;
}
if (Res.BodyLength > 0)
{
if (Res.ContentType.ToLower().Contains("html"))
{
if (!InterceptHTML) return false;
}
else if (Res.ContentType.ToLower().Contains("css"))
{
if (!InterceptCSS) return false;
}
else if (Res.ContentType.ToLower().Contains("javascript"))
{
if (!InterceptJS) return false;
}
else if (Res.ContentType.ToLower().Contains("xml"))
{
if (!InterceptXML) return false;
}
else if (Res.ContentType.ToLower().Contains("json"))
{
if (!InterceptJSON) return false;
}
else if (Res.ContentType.ToLower().Contains("text"))
{
if (!InterceptOtherText) return false;
}
else if (Res.ContentType.ToLower().Contains("jpg") || Res.ContentType.ToLower().Contains("png") || Res.ContentType.ToLower().Contains("jpeg") || Res.ContentType.ToLower().Contains("gif") || Res.ContentType.ToLower().Contains("ico"))
{
if (!InterceptImg) return false;
}
else
{
if (!InterceptOtherBinary) return false;
}
}
//Check Keyword
if (InterceptCheckResponseWithKeyword)
{
if (InterceptCheckResponseWithKeywordPlus && InterceptResponseWithKeyword.Length > 0)
{
if (!Res.ToString().Contains(InterceptResponseWithKeyword))
{
return false;
}
}
if (InterceptCheckResponseWithKeywordMinus && DontInterceptResponseWithKeyword.Length > 0)
{
if (Res.ToString().Contains(DontInterceptResponseWithKeyword))
{
return false;
}
}
}
return true;
}
//internal static void UpdateFiddlerSessionWithNewRequest()
//{
// IronProxy.CurrentSession.FiddlerSession.oRequest.headers.AssignFromString(IronProxy.CurrentSession.Request.GetHeadersAsString());
// IronProxy.CurrentSession.FiddlerSession.requestBodyBytes = IronProxy.CurrentSession.Request.BodyArray;
//}
//internal static void UpdateCurrentSessionWithNewResponseHeader(string HeaderString)
//{
// string NewResponseHeaders = HeaderString.TrimEnd(new char[]{'\r','\n'});
// NewResponseHeaders += "\r\n\r\n";
// IronProxy.CurrentSession.Response = new Response(NewResponseHeaders);
// IronProxy.CurrentSession.Response.ID = IronProxy.CurrentSession.OriginalResponse.ID;
// IronProxy.CurrentSession.Response.BodyArray = new byte[IronProxy.CurrentSession.OriginalResponse.BodyArray.Length];
// IronProxy.CurrentSession.OriginalResponse.BodyArray.CopyTo(IronProxy.CurrentSession.Response.BodyArray, 0);
// IronProxy.CurrentSession.FiddlerSession.oResponse.headers.AssignFromString(IronProxy.CurrentSession.Response.GetHeadersAsString());
//}
//internal static void UpdateCurrentSessionWithNewResponseBodyText(string BodyString)
//{
// IronProxy.CurrentSession.Response.BodyString = BodyString;
// IronProxy.CurrentSession.FiddlerSession.utilSetResponseBody(IronProxy.CurrentSession.Response.BodyString);
//}
internal static void UpdateCurrentSessionWithNewResponse(Response Res)
{
IronProxy.CurrentSession.Response = Res;
IronProxy.CurrentSession.Response.ID = IronProxy.CurrentSession.OriginalResponse.ID;
//UpdateFiddlerSessionWithNewResponse();
}
internal static void LogMTResponse(Response Response)
{
using (SQLiteConnection MT_DB = new SQLiteConnection("data source=" + TestLogFile))
{
MT_DB.Open();
using (SQLiteCommand Cmd = MT_DB.CreateCommand())
{
Cmd.CommandText = "UPDATE TestLog SET Code=@Code, Length=@Length, MIME=@MIME, SetCookie=@SetCookie, ResponseHeaders=@ResponseHeaders, ResponseBody=@ResponseBody, BinaryResponse=@BinaryResponse, RoundTrip=@RoundTrip, Notes=@Notes WHERE ID=@ID";
Cmd.Parameters.AddWithValue("@Code", Response.Code);
Cmd.Parameters.AddWithValue("@Length", Response.BodyLength);
Cmd.Parameters.AddWithValue("@MIME", Response.ContentType);
Cmd.Parameters.AddWithValue("@SetCookie", AsInt((Response.SetCookies.Count > 0)));
Cmd.Parameters.AddWithValue("@ResponseHeaders", Response.GetHeadersAsString());
if (Response.IsBinary)
Cmd.Parameters.AddWithValue("@ResponseBody", Response.BinaryBodyString);
else
Cmd.Parameters.AddWithValue("@ResponseBody", Response.BodyString);
//Cmd.Parameters.AddWithValue("@ResponseBody", Response.BodyString);
Cmd.Parameters.AddWithValue("@BinaryResponse", AsInt(Response.IsBinary));
Cmd.Parameters.AddWithValue("@RoundTrip", Response.RoundTrip);
Cmd.Parameters.AddWithValue("@Notes", "Some Notes");
Cmd.Parameters.AddWithValue("@ID", Response.ID);
Cmd.ExecuteNonQuery();
}
}
}
internal Response GetClone(bool CopyID)
{
Response ClonedResponse = new Response(this.ToString());
if (CopyID) ClonedResponse.ID = this.ID;
ClonedResponse.TTL = this.TTL;
ClonedResponse.Source = this.Source;
return ClonedResponse;
}
public void Scan()
{
try
{
if (this.StartedFromASTab) AddActiveScanID(this.ScanID);
this.OriginalRequest.SessionHandler = this.SessionHandler;
this.OriginalResponse = this.OriginalRequest.Send();//this is just a temp value since calling inject from GetBaseLine would require a response object
this.TestResponse = this.OriginalResponse;
this.CurrentRequest = this.OriginalRequest;
this.OriginalResponse = SessionHandler.GetBaseLine(this, this.OriginalRequest);
this.CurrentRequest = this.OriginalRequest;
this.TestResponse = this.OriginalResponse;
foreach (ActivePlugin AP in this.Plugins.Values)
{
this.CurrentPlugin = AP.Name;
this.CurrentSection = "URL";
foreach (int URLPartPosition in this.URLInjections)
{
this.CurrentURLPartPosition = URLPartPosition;
this.CurrentParameterName = "";
this.CurrentSubParameterPosition = 0;
this.CurrentParameterValue = this.CurrentRequest.UrlPathParts[URLPartPosition];
this.CheckWithActivePlugin(AP);
}
this.CurrentSection = "Query";
foreach (string ParameterName in this.QueryInjections.GetAll())
{
this.CurrentParameterName = ParameterName;
foreach (int SubParameterPosition in this.QueryInjections.GetAll(ParameterName))
{
this.CurrentSubParameterPosition = SubParameterPosition;
this.CurrentParameterValue = this.CurrentRequest.Query.GetAll(ParameterName)[SubParameterPosition];
this.CheckWithActivePlugin(AP);
}
}
this.CurrentSection = "Body";
if (BodyFormat.Name.Length == 0)
{
foreach (string ParameterName in this.BodyInjections.GetAll())
{
this.CurrentParameterName = ParameterName;
foreach (int SubParameterPosition in this.BodyInjections.GetAll(ParameterName))
{
this.CurrentSubParameterPosition = SubParameterPosition;
this.CurrentParameterValue = this.CurrentRequest.Body.GetAll(ParameterName)[SubParameterPosition];
this.CheckWithActivePlugin(AP);
}
}
}
else
{
if (this.BodyXmlInjections.Count != XmlInjectionArray.GetLength(0) || !XmlInjectionSignature.Equals(Tools.MD5("Name:" + BodyFormat.Name + "|Body" + this.OriginalRequest.BodyString)))
{
string Xml = BodyFormat.ToXmlFromRequest(this.OriginalRequest);
XmlInjectionArray = FormatPlugin.XmlToArray(Xml);
XmlInjectionSignature = Tools.MD5("Name:" + BodyFormat.Name + "|Body" + this.OriginalRequest.BodyString);
}
foreach (int BodyXmlPosition in this.BodyXmlInjections)
{
this.CurrentBodyXmlPosition = BodyXmlPosition;
if (XmlInjectionArray.GetLength(0) > BodyXmlPosition)
{
this.CurrentParameterName = XmlInjectionArray[BodyXmlPosition, 0];
this.CurrentParameterValue = XmlInjectionArray[BodyXmlPosition, 1];
}
else
{
this.CurrentParameterName = "";
this.CurrentParameterValue = "";
}
this.CurrentSubParameterPosition = 0;
this.CheckWithActivePlugin(AP);
}
}
this.CurrentSection = "Cookie";
foreach (string ParameterName in this.CookieInjections.GetAll())
{
this.CurrentParameterName = ParameterName;
foreach (int SubParameterPosition in this.CookieInjections.GetAll(ParameterName))
{
this.CurrentSubParameterPosition = SubParameterPosition;
this.CurrentParameterValue = this.CurrentRequest.Cookie.GetAll(ParameterName)[SubParameterPosition];
this.CheckWithActivePlugin(AP);
}
}
this.CurrentSection = "Headers";
foreach (string ParameterName in this.HeadersInjections.GetAll())
{
this.CurrentParameterName = ParameterName;
foreach (int SubParameterPosition in this.HeadersInjections.GetAll(ParameterName))
{
this.CurrentSubParameterPosition = SubParameterPosition;
this.CurrentParameterValue = this.CurrentRequest.Headers.GetAll(ParameterName)[SubParameterPosition];
this.CheckWithActivePlugin(AP);
}
}
}
if (this.StartedFromASTab)
{
Interlocked.Decrement(ref Config.ActiveScansCount);
IronUI.UpdateScanQueueStatus(this.ScanID, "Completed");
IronDB.UpdateScanStatus(this.ScanID, "Completed");
try
{
lock (CompletedScanIDs)
{
CompletedScanIDs.Enqueue(this.ScanID);
}
}
catch { }
this.DequeueAndStartScan();
}
}
catch (ThreadAbortException ThExp)
{
HandleScannerException(false, ThExp);
}
catch (Exception Exp)
{
HandleScannerException(true, Exp);
}
}
private Response Inject(string RawPayload, int ReDoCount, bool DummmyInjection)
{
this.CurrentRequest = SessionHandler.Update(this.CurrentRequest, this.TestResponse);
this.TestRequest = SessionHandler.PrepareForInjection(this.CurrentRequest.GetClone());
string Payload = "";
if (!DummmyInjection) Payload = SessionHandler.ProcessInjection(this, this.TestRequest, RawPayload);
List<string> SubValues = new List<string>();
if (!DummmyInjection)
{
if (this.CurrentSection.Equals("URL"))
{
List<string> URLParts = this.TestRequest.URLPathParts;
URLParts[this.CurrentURLPartPosition] = Payload;
this.TestRequest.URLPathParts = URLParts;
}
else if (this.CurrentSection.Equals("Query"))
{
SubValues = this.TestRequest.Query.GetAll(this.CurrentParameterName);
SubValues[this.CurrentSubParameterPosition] = Payload;
this.TestRequest.Query.Set(this.CurrentParameterName, SubValues);
}
else if (this.CurrentSection.Equals("Body"))
{
if (BodyFormat.Name.Length == 0)
{
SubValues = this.TestRequest.Body.GetAll(this.CurrentParameterName);
SubValues[this.CurrentSubParameterPosition] = Payload;
this.TestRequest.Body.Set(this.CurrentParameterName, SubValues);
}
else
{
string InjectedBodyXml = FormatPlugin.InjectInXml(BodyFormat.ToXmlFromRequest(this.TestRequest), this.CurrentBodyXmlPosition, Payload);
this.TestRequest = BodyFormat.ToRequestFromXml(this.TestRequest, InjectedBodyXml);
}
}
else if (this.CurrentSection.Equals("Cookie"))
{
SubValues = this.TestRequest.Cookie.GetAll(this.CurrentParameterName);
SubValues[this.CurrentSubParameterPosition] = Payload;
this.TestRequest.Cookie.Set(this.CurrentParameterName, SubValues);
}
else if (this.CurrentSection.Equals("Headers"))
{
SubValues = this.TestRequest.Headers.GetAll(this.CurrentParameterName);
SubValues[this.CurrentSubParameterPosition] = Payload;
this.TestRequest.Headers.Set(this.CurrentParameterName, SubValues);
}
}
this.TestResponse = this.TestRequest.Send();
if(!DummmyInjection) this.Trace(" " + this.TestResponse.ID.ToString() + " | " + this.RequestTraceMsg);
Response InterestingResponse = SessionHandler.GetInterestingResponse(this.TestRequest, this.TestResponse);
if (!DummmyInjection && SessionHandler.ShouldReDo(this, this.TestRequest, InterestingResponse))
{
if (SessionHandler.MaxReDoCount > ReDoCount)
{
return Inject(Payload, ReDoCount + 1, false);
}
else
{
throw new Exception("Unable to get valid Response for Injection, ReDoCount exceeded maximum value");
}
}
else
{
return InterestingResponse;
}
}
public void SetCookie(Response Res)
{
this.SetCookie(Res.SetCookies);
}
public Session(string RequestString, string ResponseString)
{
this.Request = new Request(RequestString,false,true);
this.Response = new Response(ResponseString);
this.FiddlerSession = new Fiddler.Session(this.Request.GetFullRequestAsByteArray(), this.Response.GetFullResponseAsByteArray());
}
internal void SetResponse(Response Res)
{
this.response = Res;
}
static Response GetResponse(string ResponseHeaders, string ResponseBody, bool IsResponseBinary)
{
Response Res;
if (IsResponseBinary)
{
if (ResponseBody.Length > 0)
{
byte[] BodyArray;
try
{
BodyArray = Convert.FromBase64String(ResponseBody);
}
catch (Exception Exp)
{
throw new Exception("Error retriving body array from base64 string", Exp);
}
Res = new Response(ResponseHeaders, BodyArray);
}
else
{
Res = new Response(ResponseHeaders);
}
}
else
{
Res = new Response(ResponseHeaders + ResponseBody);
}
return Res;
}
string GetDownloadedFileInfo(Response res, string file)
{
string bs = res.BodyString;
string bbs = this.BaseResponse.BodyString;
if (file == "etc/passwd")
{
int bs_c = Regex.Matches(bs, Regex.Escape("root:x:0:0:"), RegexOptions.IgnoreCase).Count;
int bbs_c = Regex.Matches(bbs, Regex.Escape("root:x:0:0:"), RegexOptions.IgnoreCase).Count;
if (bs_c > bbs_c)
{
return "root:x:0:0:";
}
else if (bs_c == bbs_c && Regex.Matches(this.Scnr.PreInjectionParameterValue, Regex.Escape("etc/passwd"), RegexOptions.IgnoreCase).Count > 0)
{
return "root:x:0:0:";
}
bs_c = Regex.Matches(bs, Regex.Escape("root:!:x:0:0:"), RegexOptions.IgnoreCase).Count;
bbs_c = Regex.Matches(bbs, Regex.Escape("root:!:x:0:0:"), RegexOptions.IgnoreCase).Count;
if (bs_c > bbs_c)
{
return "root:!:x:0:0:";
}
else if (bs_c == bbs_c && Regex.Matches(this.Scnr.PreInjectionParameterValue, Regex.Escape("etc/passwd"), RegexOptions.IgnoreCase).Count > 0)
{
return "root:!:x:0:0:";
}
}
else if (file == "win.ini")
{
int bs_c = Regex.Matches(bs, Regex.Escape("[fonts]"), RegexOptions.IgnoreCase).Count;
int bbs_c = Regex.Matches(bbs, Regex.Escape("[fonts]"), RegexOptions.IgnoreCase).Count;
if (bs_c > bbs_c)
{
return "[fonts]";
}
else if (bs_c == bbs_c && Regex.Matches(this.Scnr.PreInjectionParameterValue, Regex.Escape("win.ini"), RegexOptions.IgnoreCase).Count > 0)
{
return "[fonts]";
}
}
return "";
}
public Response Follow(Response Res)
{
Request RedirectReq = GetRedirect(Res);
if (RedirectReq == null)
return Res;
else
return RedirectReq.Send();
}
public static bool IsSame(Response A, Response B)
{
try
{
if (!A.GetHeadersAsString().Equals(B.GetHeadersAsString())) return false;
if (A.BodyLength != B.BodyLength) return false;
for (int i = 0; i < A.BodyLength; i++)
{
if (A.BodyArray[i] != B.BodyArray[i]) return false;
}
}
catch { return false; }
return true;
}
public Session(Request Request, Response Response)
{
this.Request = Request;
this.Response = Response;
this.FiddlerSession = new Fiddler.Session(this.Request.GetFullRequestAsByteArray(), this.Response.GetFullResponseAsByteArray());
}
public Request GetRedirect(Response Res)
{
if (Res.Code == 301 || Res.Code == 302 || Res.Code == 303 || Res.Code == 307)
{
if (Res.Headers.Has("Location"))
{
string NewUrl = Res.Headers.Get("Location");
Request NewReq = new Request(this.FullURL);
if (NewUrl.StartsWith("/"))
{
NewReq.URL = NewUrl;
}
else if (NewUrl.StartsWith("http://") || NewUrl.StartsWith("https://"))
{
NewReq.FullURL = NewUrl;
}
else if (NewUrl.StartsWith(".."))
{
int DirBackNumber = 0;
List<string> UpdatedNewUrlPathParts = NewReq.UrlPathParts;
List<string> NewUrlPathParts = new List<string>(NewUrl.Split('/'));
if (!NewReq.Url.EndsWith("/") && UpdatedNewUrlPathParts.Count > 0) UpdatedNewUrlPathParts.RemoveAt(UpdatedNewUrlPathParts.Count - 1);
foreach (string NewUrlPathPart in NewUrlPathParts)
{
if (NewUrlPathPart.Equals(".."))
DirBackNumber++;
else
break;
}
while (UpdatedNewUrlPathParts.Count > 0 && DirBackNumber > 0)
{
UpdatedNewUrlPathParts.RemoveAt(UpdatedNewUrlPathParts.Count - 1);
if (NewUrlPathParts.Count > 0) NewUrlPathParts.RemoveAt(0);
DirBackNumber--;
}
UpdatedNewUrlPathParts.AddRange(NewUrlPathParts);
NewReq.UrlPathParts = UpdatedNewUrlPathParts;
if (NewUrl.EndsWith("/"))
{
if (!NewReq.Url.EndsWith("/")) NewReq.Url = NewReq.Url + "/";
}
else
{
if (NewReq.Url.EndsWith("/") && NewReq.Url.Length > 1) NewReq.Url = NewReq.Url.TrimEnd(new char[] { '/' });
}
}
else
{
List<string> NewUrlPathParts = NewReq.UrlPathParts;
if (!NewReq.Url.EndsWith("/") && NewUrlPathParts.Count > 0) NewUrlPathParts.RemoveAt(NewUrlPathParts.Count - 1);
NewReq.UrlPathParts = NewUrlPathParts;
if (!NewReq.Url.EndsWith("/")) NewReq.Url = NewReq.Url + "/";
NewReq.Url = NewReq.Url + NewUrl;
}
//this check is needed since sometimes the redirect can go to a different domain
if (this.Host == NewReq.Host)
{
NewReq.CookieString = this.CookieString;
NewReq.SetCookie(Res.SetCookies);
}
return NewReq;
}
}
return null;
}