コード例 #1
0
ファイル: Trigger.cs プロジェクト: welias/IronWASP
 public Trigger(string RequestTrigger, Request Req, string ResponseTrigger, Response Res)
 {
     this.RequestTrigger = RequestTrigger;
     this.Request = Req.GetClone();
     this.ResponseTrigger = ResponseTrigger;
     this.Response = Res.GetClone();
 }
コード例 #2
0
 internal SimilarityCheckerItem(string Key, Response Res, string Payload)
 {
     this.Key = Key;
     this.Res = Res;
     this.Payload = Payload;
     this.isPayloadSet = true;
     this.ProcessedBodyString = this.Res.BodyString.Replace(Payload, "").Replace(Tools.UrlEncode(Payload), "").Replace(Tools.HtmlEncode(Payload), "");
 }
コード例 #3
0
ファイル: SoapFormatPlugin.cs プロジェクト: 0ks3ii/IronWASP
 public override bool Is(Response Res)
 {
     try
     {
         return Tools.IsSoap(Res.BodyString.Trim());
     }
     catch { return false; }
 }
コード例 #4
0
ファイル: SimilarityChecker.cs プロジェクト: moon2l/IronWASP
 public void Add(string Key, Response Item)
 {
     if (ItemsDictionary.ContainsKey(Key))
     {
         throw new Exception(string.Format("Key-{0} already exists!", Key));
     }
     ItemsDictionary[Key] = new SimilarityCheckerItem(Key, Item);
 }
コード例 #5
0
ファイル: JsonFormatPlugin.cs プロジェクト: 0ks3ii/IronWASP
 public override bool Is(Response Res)
 {
     try
     {
         return Tools.IsJson(Res.BodyString);
     }
     catch { return false; }
 }
コード例 #6
0
ファイル: Triggers.cs プロジェクト: 0ks3ii/IronWASP
 public void Add(string RequestTrigger, string RequestTriggerDescription, Request Req, string ResponseTrigger, string ResponseTriggerDescription, Response Res)
 {
     if (Req != null || Res != null)
     {
         Trigger T = new Trigger(RequestTrigger, RequestTriggerDescription, Req, ResponseTrigger, ResponseTriggerDescription, Res);
         this.TriggerList.Add(T);
     }
 }
コード例 #7
0
ファイル: CookieStore.cs プロジェクト: welias/IronWASP
 public void Add(Request Req, Response Res)
 {
     List<string> CookieStrings = new List<string>();
     foreach (SetCookie SC in Res.SetCookies)
     {
         CookieStrings.Add(SC.FullString);
     }
     Add(Req.Host, CookieStrings);
 }
コード例 #8
0
ファイル: FormatPlugin.cs プロジェクト: welias/IronWASP
 public static List<FormatPlugin> Get(Response Response)
 {
     List<FormatPlugin> RightPlugins = new List<FormatPlugin>();
     foreach (string Name in List())
     {
         if (Get(Name).Is(Response)) RightPlugins.Add(Get(Name));
     }
     return RightPlugins;
 }
コード例 #9
0
ファイル: Session.cs プロジェクト: 0ks3ii/IronWASP
 public Session(Fiddler.Session _FiddlerSession)
 {
     this.FiddlerSession = _FiddlerSession;
     this.Request = new Request(this.FiddlerSession);
     if (this.FiddlerSession.bHasResponse)
     {
         this.Response = new Response(this.FiddlerSession);
     }
 }
コード例 #10
0
ファイル: Trigger.cs プロジェクト: 0ks3ii/IronWASP
 public Trigger(string RequestTrigger, string RequestTriggerDescription, Request Req, string ResponseTrigger, string ResponseTriggerDescription, Response Res)
 {
     this.RequestTrigger = RequestTrigger;
     this.RequestTriggerDescription = RequestTriggerDescription;
     this.Request = Req.GetClone();
     this.ResponseTrigger = ResponseTrigger;
     this.RawResponseTriggerDescription = ResponseTriggerDescription;
     this.Response = Res.GetClone();
 }
コード例 #11
0
 void AddToTriggers(string RequestTrigger, string RequestTriggerDesc, Request TriggerRequest, string ResponseTrigger, string ResponseTriggerDesc, Response TriggerResponse)
 {
     this.RequestTriggers.Add(RequestTrigger);
     this.ResponseTriggers.Add(ResponseTrigger);
     this.RequestTriggerDescs.Add(RequestTriggerDesc);
     this.ResponseTriggerDescs.Add(ResponseTriggerDesc);
     this.TriggerRequests.Add(TriggerRequest);
     this.TriggerResponses.Add(TriggerResponse);
     this.TriggerCount = this.TriggerCount + 1;
 }
コード例 #12
0
ファイル: Highlighter.cs プロジェクト: 0ks3ii/IronWASP
        public static string Highlight(Response Res, List<string> ToHighlight)
        {
            string ResHeader = Res.GetHeadersAsString();
            string Body = Res.BodyString;

            ResHeader = InsertHighlights(ResHeader, ToHighlight);
            Body = InsertHighlights(Body, ToHighlight);

            StringBuilder SB = new StringBuilder();
            SB.Append(SnipHeaderSection(ResHeader));
            SB.AppendLine(); SB.AppendLine();
            SB.Append(SnipBodySection(Body));

            return SB.ToString();
        }
コード例 #13
0
 public override bool Is(Response Res)
 {
     try
     {
         if (Res.Headers.Has("Content-Type"))
         {
             if (Res.Headers.Get("Content-Type").Trim().StartsWith("multipart", StringComparison.OrdinalIgnoreCase))
             {
                 return true;
             }
         }
         return false;
     }
     catch { return false; }
 }
コード例 #14
0
ファイル: SqlInjectionCheck.cs プロジェクト: 0ks3ii/IronWASP
        //Override the Check method of the base class with custom functionlity
        public override void Check(Scanner Scnr)
        {
            this.Scnr = Scnr;
            this.RequestTriggers = new List<string>();
            this.ResponseTriggers = new List<string>();
            this.RequestTriggerDescs = new List<string>();
            this.ResponseTriggerDescs = new List<string>();
            this.TriggerRequests = new List<Request>();
            this.TriggerResponses = new List<Response>();
            this.TriggerCount = 0;
            this.reasons = new List<FindingReason>();
            this.ConfidenceLevel = 0;
            this.base_response = this.Scnr.BaseResponse;

            this.ErrorCount = new int[] { 0, 0, 0 };
            this.Errors = new List<string>();
            this.ErrorTriggerCount = 0;

            this.Scnr.Trace("<i<br>><i<h>>Checking for SQL Injection:<i</h>>");
            int overall_error_score = this.CheckForErrorBasedSQLi();
            int overall_blind_score = this.CheckForBlindSQLi();

            int overall_score = overall_error_score + overall_blind_score;

            if (this.RequestTriggers.Count == this.ErrorTriggerCount && (this.ErrorCount[0] + this.ErrorCount[1] + this.ErrorCount[2]) > 0 && (this.ErrorCount[0] == this.ErrorCount[1] && this.ErrorCount[1] == this.ErrorCount[2]))
            {
                this.ReportSQLError(this.Errors);
            }
            else if (overall_score > 7)
            {
                this.ReportSQLInjection(FindingConfidence.High);
            }
            else if (overall_score > 4)
            {
                this.ReportSQLInjection(FindingConfidence.Medium);
            }
            else if (overall_score > 3)
            {
                this.ReportSQLInjection(FindingConfidence.Low);
            }
            //overall_blind_score = this.CheckForBlindSQLi(Request, Scanner)
            //overall_score = overall_error_score + overall_blind_score
            //if(overall_score == 0):
            //	return
        }
コード例 #15
0
ファイル: Import.cs プロジェクト: moon2l/IronWASP
        static void ProcessBurpMessage(string BurpMessage, string MetaLine)
        {
            string[] BurpMessageParts = BurpMessage.Split(new string[] { "\r\n======================================================\r\n" }, 2, StringSplitOptions.RemoveEmptyEntries);
            Session IrSe = null;
            if (BurpMessageParts.Length > 0)
            {
                Request Req = ReadBurpRequest(BurpMessageParts[0], MetaLine);
                if (Req != null)
                {
                    IrSe = new Session(Req);
                    IrSe.ID = Interlocked.Increment(ref Config.ProxyRequestsCount);
                    IronUpdater.AddProxyRequest(IrSe.Request.GetClone(true));
                    PassiveChecker.AddToCheckRequest(IrSe);
                }
            }
            if (BurpMessageParts.Length == 2)
            {
                if (IrSe != null)
                {
                    try
                    {
                        Response Res = new Response(BurpMessageParts[1]);
                        IrSe.Response = Res;
                        IrSe.Response.ID = IrSe.Request.ID;
                        IronUpdater.AddProxyResponse(IrSe.Response.GetClone(true));
                        PassiveChecker.AddToCheckResponse(IrSe);
                    }
                    catch
                    {

                    }
                }
            }
        }
コード例 #16
0
ファイル: IronProxy.cs プロジェクト: herotheo/IronWASP
        internal static bool CanInterceptBasedOnFilter(Request Req, Response Res)
        {
            if (RequestRulesOnResponse)
            {
                if (!CanInterceptBasedOnFilter(Req)) return false;
            }

            //Check Hostnames
            if (InterceptCheckHostNames)
            {
                if (InterceptCheckHostNamesPlus && InterceptHostNames.Count > 0)
                {
                    bool Match = false;
                    foreach (string HostName in InterceptHostNames)
                    {
                        if (Res.Host.Equals(HostName, StringComparison.InvariantCultureIgnoreCase))
                        {
                            Match = true;
                            break;
                        }
                    }
                    if (!Match)
                    {
                        return false;
                    }
                }
                if (InterceptCheckHostNamesMinus && DontInterceptHostNames.Count > 0)
                {
                    foreach (string HostName in DontInterceptHostNames)
                    {
                        if (Res.Host.Equals(HostName, StringComparison.InvariantCultureIgnoreCase))
                        {
                            return false;
                        }
                    }
                }
            }

            //Check Methods Rule
            int Code = Res.Code;
            switch (Code)
            {
                case 200:
                    if (!Intercept200)
                        return false;
                    break;
                case 301:
                case 302:
                    if (!Intercept301_2)
                        return false;
                    break;
                case 403:
                    if (!Intercept403)
                        return false;
                    break;
                case 500:
                    if (!Intercept500)
                        return false;
                    break;
                default:
                    if (Code > 199 && Code < 300)
                    {
                        if (!Intercept2xx)
                            return false;
                    }
                    else if (Code > 299 && Code < 400)
                    {
                        if (!Intercept3xx)
                            return false;
                    }
                    else if (Code > 399 && Code < 500)
                    {
                        if (!Intercept500)
                            return false;
                    }
                    else if (Code > 499 && Code < 600)
                    {
                        if (!Intercept5xx)
                            return false;
                    }
                    break;
            }

            if (Res.BodyLength > 0)
            {
                if (Res.ContentType.ToLower().Contains("html"))
                {
                    if (!InterceptHTML) return false;
                }
                else if (Res.ContentType.ToLower().Contains("css"))
                {
                    if (!InterceptCSS) return false;
                }
                else if (Res.ContentType.ToLower().Contains("javascript"))
                {
                    if (!InterceptJS) return false;
                }
                else if (Res.ContentType.ToLower().Contains("xml"))
                {
                    if (!InterceptXML) return false;
                }
                else if (Res.ContentType.ToLower().Contains("json"))
                {
                    if (!InterceptJSON) return false;
                }
                else if (Res.ContentType.ToLower().Contains("text"))
                {
                    if (!InterceptOtherText) return false;
                }
                else if (Res.ContentType.ToLower().Contains("jpg") || Res.ContentType.ToLower().Contains("png") || Res.ContentType.ToLower().Contains("jpeg") || Res.ContentType.ToLower().Contains("gif") || Res.ContentType.ToLower().Contains("ico"))
                {
                    if (!InterceptImg) return false;
                }
                else
                {
                    if (!InterceptOtherBinary) return false;
                }
            }

            //Check Keyword
            if (InterceptCheckResponseWithKeyword)
            {
                if (InterceptCheckResponseWithKeywordPlus && InterceptResponseWithKeyword.Length > 0)
                {
                    if (!Res.ToString().Contains(InterceptResponseWithKeyword))
                    {
                        return false;
                    }
                }
                if (InterceptCheckResponseWithKeywordMinus && DontInterceptResponseWithKeyword.Length > 0)
                {
                    if (Res.ToString().Contains(DontInterceptResponseWithKeyword))
                    {
                        return false;
                    }
                }
            }

            return true;
        }
コード例 #17
0
ファイル: IronProxy.cs プロジェクト: herotheo/IronWASP
 //internal static void UpdateFiddlerSessionWithNewRequest()
 //{
 //    IronProxy.CurrentSession.FiddlerSession.oRequest.headers.AssignFromString(IronProxy.CurrentSession.Request.GetHeadersAsString());
 //    IronProxy.CurrentSession.FiddlerSession.requestBodyBytes = IronProxy.CurrentSession.Request.BodyArray;
 //}
 //internal static void UpdateCurrentSessionWithNewResponseHeader(string HeaderString)
 //{
 //    string NewResponseHeaders = HeaderString.TrimEnd(new char[]{'\r','\n'});
 //    NewResponseHeaders += "\r\n\r\n";
 //    IronProxy.CurrentSession.Response = new Response(NewResponseHeaders);
 //    IronProxy.CurrentSession.Response.ID = IronProxy.CurrentSession.OriginalResponse.ID;
 //    IronProxy.CurrentSession.Response.BodyArray = new byte[IronProxy.CurrentSession.OriginalResponse.BodyArray.Length];
 //    IronProxy.CurrentSession.OriginalResponse.BodyArray.CopyTo(IronProxy.CurrentSession.Response.BodyArray, 0);
 //    IronProxy.CurrentSession.FiddlerSession.oResponse.headers.AssignFromString(IronProxy.CurrentSession.Response.GetHeadersAsString());
 //}
 //internal static void UpdateCurrentSessionWithNewResponseBodyText(string BodyString)
 //{
 //    IronProxy.CurrentSession.Response.BodyString = BodyString;
 //    IronProxy.CurrentSession.FiddlerSession.utilSetResponseBody(IronProxy.CurrentSession.Response.BodyString);
 //}
 internal static void UpdateCurrentSessionWithNewResponse(Response Res)
 {
     IronProxy.CurrentSession.Response = Res;
     IronProxy.CurrentSession.Response.ID = IronProxy.CurrentSession.OriginalResponse.ID;
     //UpdateFiddlerSessionWithNewResponse();
 }
コード例 #18
0
ファイル: IronDB.cs プロジェクト: 0ks3ii/IronWASP
 internal static void LogMTResponse(Response Response)
 {
     using (SQLiteConnection MT_DB = new SQLiteConnection("data source=" + TestLogFile))
     {
         MT_DB.Open();
         using (SQLiteCommand Cmd = MT_DB.CreateCommand())
         {
             Cmd.CommandText = "UPDATE TestLog SET Code=@Code, Length=@Length, MIME=@MIME, SetCookie=@SetCookie, ResponseHeaders=@ResponseHeaders, ResponseBody=@ResponseBody, BinaryResponse=@BinaryResponse, RoundTrip=@RoundTrip, Notes=@Notes WHERE ID=@ID";
             Cmd.Parameters.AddWithValue("@Code", Response.Code);
             Cmd.Parameters.AddWithValue("@Length", Response.BodyLength);
             Cmd.Parameters.AddWithValue("@MIME", Response.ContentType);
             Cmd.Parameters.AddWithValue("@SetCookie", AsInt((Response.SetCookies.Count > 0)));
             Cmd.Parameters.AddWithValue("@ResponseHeaders", Response.GetHeadersAsString());
             if (Response.IsBinary)
                 Cmd.Parameters.AddWithValue("@ResponseBody", Response.BinaryBodyString);
             else
                 Cmd.Parameters.AddWithValue("@ResponseBody", Response.BodyString);
             //Cmd.Parameters.AddWithValue("@ResponseBody", Response.BodyString);
             Cmd.Parameters.AddWithValue("@BinaryResponse", AsInt(Response.IsBinary));
             Cmd.Parameters.AddWithValue("@RoundTrip", Response.RoundTrip);
             Cmd.Parameters.AddWithValue("@Notes", "Some Notes");
             Cmd.Parameters.AddWithValue("@ID", Response.ID);
             Cmd.ExecuteNonQuery();
         }
     }
 }
コード例 #19
0
ファイル: Response.cs プロジェクト: kartikeyap/IronWASP
 internal Response GetClone(bool CopyID)
 {
     Response ClonedResponse = new Response(this.ToString());
     if (CopyID) ClonedResponse.ID = this.ID;
     ClonedResponse.TTL = this.TTL;
     ClonedResponse.Source = this.Source;
     return ClonedResponse;
 }
コード例 #20
0
ファイル: Scanner.cs プロジェクト: welias/IronWASP
        public void Scan()
        {
            try
            {
                if (this.StartedFromASTab) AddActiveScanID(this.ScanID);

                this.OriginalRequest.SessionHandler = this.SessionHandler;
                this.OriginalResponse = this.OriginalRequest.Send();//this is just a temp value since calling inject from GetBaseLine would require a response object
                this.TestResponse = this.OriginalResponse;
                this.CurrentRequest = this.OriginalRequest;
                this.OriginalResponse = SessionHandler.GetBaseLine(this, this.OriginalRequest);
                this.CurrentRequest = this.OriginalRequest;
                this.TestResponse = this.OriginalResponse;

                foreach (ActivePlugin AP in this.Plugins.Values)
                {
                    this.CurrentPlugin = AP.Name;
                    this.CurrentSection = "URL";
                    foreach (int URLPartPosition in this.URLInjections)
                    {
                        this.CurrentURLPartPosition = URLPartPosition;
                        this.CurrentParameterName = "";
                        this.CurrentSubParameterPosition = 0;
                        this.CurrentParameterValue = this.CurrentRequest.UrlPathParts[URLPartPosition];
                        this.CheckWithActivePlugin(AP);
                    }
                    this.CurrentSection = "Query";
                    foreach (string ParameterName in this.QueryInjections.GetAll())
                    {
                        this.CurrentParameterName = ParameterName;
                        foreach (int SubParameterPosition in this.QueryInjections.GetAll(ParameterName))
                        {
                            this.CurrentSubParameterPosition = SubParameterPosition;
                            this.CurrentParameterValue = this.CurrentRequest.Query.GetAll(ParameterName)[SubParameterPosition];
                            this.CheckWithActivePlugin(AP);
                        }
                    }
                    this.CurrentSection = "Body";
                    if (BodyFormat.Name.Length == 0)
                    {
                        foreach (string ParameterName in this.BodyInjections.GetAll())
                        {
                            this.CurrentParameterName = ParameterName;
                            foreach (int SubParameterPosition in this.BodyInjections.GetAll(ParameterName))
                            {
                                this.CurrentSubParameterPosition = SubParameterPosition;
                                this.CurrentParameterValue = this.CurrentRequest.Body.GetAll(ParameterName)[SubParameterPosition];
                                this.CheckWithActivePlugin(AP);
                            }
                        }
                    }
                    else
                    {
                        if (this.BodyXmlInjections.Count != XmlInjectionArray.GetLength(0) || !XmlInjectionSignature.Equals(Tools.MD5("Name:" + BodyFormat.Name + "|Body" + this.OriginalRequest.BodyString)))
                        {
                            string Xml = BodyFormat.ToXmlFromRequest(this.OriginalRequest);
                            XmlInjectionArray = FormatPlugin.XmlToArray(Xml);
                            XmlInjectionSignature = Tools.MD5("Name:" + BodyFormat.Name + "|Body" + this.OriginalRequest.BodyString);
                        }
                        foreach (int BodyXmlPosition in this.BodyXmlInjections)
                        {
                            this.CurrentBodyXmlPosition = BodyXmlPosition;
                            if (XmlInjectionArray.GetLength(0) > BodyXmlPosition)
                            {
                                this.CurrentParameterName = XmlInjectionArray[BodyXmlPosition, 0];
                                this.CurrentParameterValue = XmlInjectionArray[BodyXmlPosition, 1];
                            }
                            else
                            {
                                this.CurrentParameterName = "";
                                this.CurrentParameterValue = "";
                            }
                            this.CurrentSubParameterPosition = 0;
                            this.CheckWithActivePlugin(AP);
                        }
                    }
                    this.CurrentSection = "Cookie";
                    foreach (string ParameterName in this.CookieInjections.GetAll())
                    {
                        this.CurrentParameterName = ParameterName;
                        foreach (int SubParameterPosition in this.CookieInjections.GetAll(ParameterName))
                        {
                            this.CurrentSubParameterPosition = SubParameterPosition;
                            this.CurrentParameterValue = this.CurrentRequest.Cookie.GetAll(ParameterName)[SubParameterPosition];
                            this.CheckWithActivePlugin(AP);
                        }
                    }
                    this.CurrentSection = "Headers";
                    foreach (string ParameterName in this.HeadersInjections.GetAll())
                    {
                        this.CurrentParameterName = ParameterName;
                        foreach (int SubParameterPosition in this.HeadersInjections.GetAll(ParameterName))
                        {
                            this.CurrentSubParameterPosition = SubParameterPosition;
                            this.CurrentParameterValue = this.CurrentRequest.Headers.GetAll(ParameterName)[SubParameterPosition];
                            this.CheckWithActivePlugin(AP);
                        }
                    }
                }
                if (this.StartedFromASTab)
                {
                    Interlocked.Decrement(ref Config.ActiveScansCount);
                    IronUI.UpdateScanQueueStatus(this.ScanID, "Completed");
                    IronDB.UpdateScanStatus(this.ScanID, "Completed");
                    try
                    {
                        lock (CompletedScanIDs)
                        {
                            CompletedScanIDs.Enqueue(this.ScanID);
                        }
                    }
                    catch { }
                    this.DequeueAndStartScan();
                }
            }
            catch (ThreadAbortException ThExp)
            {
                HandleScannerException(false, ThExp);
            }
            catch (Exception Exp)
            {
                HandleScannerException(true, Exp);
            }
        }
コード例 #21
0
ファイル: Scanner.cs プロジェクト: welias/IronWASP
 private Response Inject(string RawPayload, int ReDoCount, bool DummmyInjection)
 {
     this.CurrentRequest = SessionHandler.Update(this.CurrentRequest, this.TestResponse);
     this.TestRequest = SessionHandler.PrepareForInjection(this.CurrentRequest.GetClone());
     string Payload = "";
     if (!DummmyInjection) Payload = SessionHandler.ProcessInjection(this, this.TestRequest, RawPayload);
     List<string> SubValues = new List<string>();
     if (!DummmyInjection)
     {
         if (this.CurrentSection.Equals("URL"))
         {
             List<string> URLParts = this.TestRequest.URLPathParts;
             URLParts[this.CurrentURLPartPosition] = Payload;
             this.TestRequest.URLPathParts = URLParts;
         }
         else if (this.CurrentSection.Equals("Query"))
         {
             SubValues = this.TestRequest.Query.GetAll(this.CurrentParameterName);
             SubValues[this.CurrentSubParameterPosition] = Payload;
             this.TestRequest.Query.Set(this.CurrentParameterName, SubValues);
         }
         else if (this.CurrentSection.Equals("Body"))
         {
             if (BodyFormat.Name.Length == 0)
             {
                 SubValues = this.TestRequest.Body.GetAll(this.CurrentParameterName);
                 SubValues[this.CurrentSubParameterPosition] = Payload;
                 this.TestRequest.Body.Set(this.CurrentParameterName, SubValues);
             }
             else
             {
                 string InjectedBodyXml = FormatPlugin.InjectInXml(BodyFormat.ToXmlFromRequest(this.TestRequest), this.CurrentBodyXmlPosition, Payload);
                 this.TestRequest = BodyFormat.ToRequestFromXml(this.TestRequest, InjectedBodyXml);
             }
         }
         else if (this.CurrentSection.Equals("Cookie"))
         {
             SubValues = this.TestRequest.Cookie.GetAll(this.CurrentParameterName);
             SubValues[this.CurrentSubParameterPosition] = Payload;
             this.TestRequest.Cookie.Set(this.CurrentParameterName, SubValues);
         }
         else if (this.CurrentSection.Equals("Headers"))
         {
             SubValues = this.TestRequest.Headers.GetAll(this.CurrentParameterName);
             SubValues[this.CurrentSubParameterPosition] = Payload;
             this.TestRequest.Headers.Set(this.CurrentParameterName, SubValues);
         }
     }
     this.TestResponse = this.TestRequest.Send();
     if(!DummmyInjection) this.Trace("   " + this.TestResponse.ID.ToString() + " | " + this.RequestTraceMsg);
     Response InterestingResponse = SessionHandler.GetInterestingResponse(this.TestRequest, this.TestResponse);
     if (!DummmyInjection && SessionHandler.ShouldReDo(this, this.TestRequest, InterestingResponse))
     {
         if (SessionHandler.MaxReDoCount > ReDoCount)
         {
             return Inject(Payload, ReDoCount + 1, false);
         }
         else
         {
             throw new Exception("Unable to get valid Response for Injection, ReDoCount exceeded maximum value");
         }
     }
     else
     {
         return InterestingResponse;
     }
 }
コード例 #22
0
ファイル: Request.cs プロジェクト: moon2l/IronWASP
 public void SetCookie(Response Res)
 {
     this.SetCookie(Res.SetCookies);
 }
コード例 #23
0
ファイル: Session.cs プロジェクト: 0ks3ii/IronWASP
 public Session(string RequestString, string ResponseString)
 {
     this.Request = new Request(RequestString,false,true);
     this.Response = new Response(ResponseString);
     this.FiddlerSession = new Fiddler.Session(this.Request.GetFullRequestAsByteArray(), this.Response.GetFullResponseAsByteArray());
 }
コード例 #24
0
ファイル: Request.cs プロジェクト: moon2l/IronWASP
 internal void SetResponse(Response Res)
 {
     this.response = Res;
 }
コード例 #25
0
ファイル: Session.cs プロジェクト: 0ks3ii/IronWASP
 static Response GetResponse(string ResponseHeaders, string ResponseBody, bool IsResponseBinary)
 {
     Response Res;
     if (IsResponseBinary)
     {
         if (ResponseBody.Length > 0)
         {
             byte[] BodyArray;
             try
             {
                 BodyArray = Convert.FromBase64String(ResponseBody);
             }
             catch (Exception Exp)
             {
                 throw new Exception("Error retriving body array from base64 string", Exp);
             }
             Res = new Response(ResponseHeaders, BodyArray);
         }
         else
         {
             Res = new Response(ResponseHeaders);
         }
     }
     else
     {
         Res = new Response(ResponseHeaders + ResponseBody);
     }
     return Res;
 }
コード例 #26
0
        string GetDownloadedFileInfo(Response res, string file)
        {
            string bs = res.BodyString;
            string bbs = this.BaseResponse.BodyString;

            if (file == "etc/passwd")
            {
                int bs_c = Regex.Matches(bs, Regex.Escape("root:x:0:0:"), RegexOptions.IgnoreCase).Count;
                int bbs_c = Regex.Matches(bbs, Regex.Escape("root:x:0:0:"), RegexOptions.IgnoreCase).Count;
                if (bs_c > bbs_c)
                {
                    return "root:x:0:0:";
                }
                else if (bs_c == bbs_c && Regex.Matches(this.Scnr.PreInjectionParameterValue, Regex.Escape("etc/passwd"), RegexOptions.IgnoreCase).Count > 0)
                {
                    return "root:x:0:0:";
                }

                bs_c = Regex.Matches(bs, Regex.Escape("root:!:x:0:0:"), RegexOptions.IgnoreCase).Count;
                bbs_c = Regex.Matches(bbs, Regex.Escape("root:!:x:0:0:"), RegexOptions.IgnoreCase).Count;
                if (bs_c > bbs_c)
                {
                    return "root:!:x:0:0:";
                }
                else if (bs_c == bbs_c && Regex.Matches(this.Scnr.PreInjectionParameterValue, Regex.Escape("etc/passwd"), RegexOptions.IgnoreCase).Count > 0)
                {
                    return "root:!:x:0:0:";
                }
            }
            else if (file == "win.ini")
            {
                int bs_c = Regex.Matches(bs, Regex.Escape("[fonts]"), RegexOptions.IgnoreCase).Count;
                int bbs_c = Regex.Matches(bbs, Regex.Escape("[fonts]"), RegexOptions.IgnoreCase).Count;
                if (bs_c > bbs_c)
                {
                    return "[fonts]";
                }
                else if (bs_c == bbs_c && Regex.Matches(this.Scnr.PreInjectionParameterValue, Regex.Escape("win.ini"), RegexOptions.IgnoreCase).Count > 0)
                {
                    return "[fonts]";
                }
            }
            return "";
        }
コード例 #27
0
ファイル: Request.cs プロジェクト: moon2l/IronWASP
 public Response Follow(Response Res)
 {
     Request RedirectReq = GetRedirect(Res);
     if (RedirectReq == null)
         return Res;
     else
         return RedirectReq.Send();
 }
コード例 #28
0
ファイル: Response.cs プロジェクト: kartikeyap/IronWASP
 public static bool IsSame(Response A, Response B)
 {
     try
     {
         if (!A.GetHeadersAsString().Equals(B.GetHeadersAsString())) return false;
         if (A.BodyLength != B.BodyLength) return false;
         for (int i = 0; i < A.BodyLength; i++)
         {
             if (A.BodyArray[i] != B.BodyArray[i]) return false;
         }
     }
     catch { return false; }
     return true;
 }
コード例 #29
0
ファイル: Session.cs プロジェクト: 0ks3ii/IronWASP
 public Session(Request Request, Response Response)
 {
     this.Request = Request;
     this.Response = Response;
     this.FiddlerSession = new Fiddler.Session(this.Request.GetFullRequestAsByteArray(), this.Response.GetFullResponseAsByteArray());
 }
コード例 #30
0
ファイル: Request.cs プロジェクト: moon2l/IronWASP
        public Request GetRedirect(Response Res)
        {
            if (Res.Code == 301 || Res.Code == 302 || Res.Code == 303 || Res.Code == 307)
            {
                if (Res.Headers.Has("Location"))
                {
                    string NewUrl = Res.Headers.Get("Location");
                    Request NewReq = new Request(this.FullURL);
                    if (NewUrl.StartsWith("/"))
                    {
                        NewReq.URL = NewUrl;
                    }
                    else if (NewUrl.StartsWith("http://") || NewUrl.StartsWith("https://"))
                    {
                        NewReq.FullURL = NewUrl;
                    }
                    else if (NewUrl.StartsWith(".."))
                    {
                        int DirBackNumber = 0;
                        List<string> UpdatedNewUrlPathParts = NewReq.UrlPathParts;
                        List<string> NewUrlPathParts = new List<string>(NewUrl.Split('/'));
                        if (!NewReq.Url.EndsWith("/") && UpdatedNewUrlPathParts.Count > 0) UpdatedNewUrlPathParts.RemoveAt(UpdatedNewUrlPathParts.Count - 1);
                        foreach (string NewUrlPathPart in NewUrlPathParts)
                        {
                            if (NewUrlPathPart.Equals(".."))
                                DirBackNumber++;
                            else
                                break;
                        }

                        while (UpdatedNewUrlPathParts.Count > 0 && DirBackNumber > 0)
                        {
                            UpdatedNewUrlPathParts.RemoveAt(UpdatedNewUrlPathParts.Count - 1);
                            if (NewUrlPathParts.Count > 0) NewUrlPathParts.RemoveAt(0);
                            DirBackNumber--;
                        }
                        UpdatedNewUrlPathParts.AddRange(NewUrlPathParts);
                        NewReq.UrlPathParts = UpdatedNewUrlPathParts;
                        if (NewUrl.EndsWith("/"))
                        {
                            if (!NewReq.Url.EndsWith("/")) NewReq.Url = NewReq.Url + "/";
                        }
                        else
                        {
                            if (NewReq.Url.EndsWith("/") && NewReq.Url.Length > 1) NewReq.Url = NewReq.Url.TrimEnd(new char[] { '/' });
                        }
                    }
                    else
                    {
                        List<string> NewUrlPathParts = NewReq.UrlPathParts;
                        if (!NewReq.Url.EndsWith("/") && NewUrlPathParts.Count > 0) NewUrlPathParts.RemoveAt(NewUrlPathParts.Count - 1);
                        NewReq.UrlPathParts = NewUrlPathParts;
                        if (!NewReq.Url.EndsWith("/")) NewReq.Url = NewReq.Url + "/";
                        NewReq.Url = NewReq.Url + NewUrl;
                    }
                    //this check is needed since sometimes the redirect can go to a different domain
                    if (this.Host == NewReq.Host)
                    {
                        NewReq.CookieString = this.CookieString;
                        NewReq.SetCookie(Res.SetCookies);
                    }
                    return NewReq;
                }
            }
            return null;
        }