public void attack() { DB.PagesManager pagesManager = new DB.PagesManager(); SqlInjectionAttack sql = new SqlInjectionAttack(this._profileID); XssAttack xss = new XssAttack(this._profileID); RfiAttack rfi = new RfiAttack(this._profileID); //xss if (this._xssTest) { if (!this.deepScan) // normal mode { xss.attackAllInputfields(this._url); xss.attackAllQueryStrings(this._url); } else // deep scan mode { xss.attackEachInputfield(this._url); xss.attackEachQueryString(this._url); } pagesManager.setHasXSSed(true, this._url); } // sql injection if (this._sqlTest) { if (!this.deepScan) { sql.attackAllInputfields(this._url); sql.attackAllQueryStrings(this._url); } else { sql.attackEachInputfield(this._url); sql.attackEachQueryString(this._url); } pagesManager.setHasSQLInjection(true, this._url); } // rfi if (this._rfiTest) { if (!this.deepScan) { rfi.attackAllInputfields(this._url); rfi.attackAllQueryStrings(this._url); } else { rfi.attackEachInputfield(this._url); rfi.attackEachQueryString(this._url); } pagesManager.setHasRFIed(true, this._url); } // update gui GUIs.SharedVariables.myTestingForm.refreshExploits(); }
private void newScanPhase() { using (OleDbConnection con = new OleDbConnection(myConnectionString)) { //fetch and analyse phase using (OleDbCommand cmd = new OleDbCommand("SELECT * FROM `page` WHERE `profileID` = ? AND (IsNull(`pageContent`) OR `pageContent`='NULL')", con)) { con.Open(); cmd.Parameters.AddWithValue("?", this._profileID); using (OleDbDataReader dr = cmd.ExecuteReader()) { if (dr.HasRows) { while (dr.Read()) { if (_isStoped || _isPaused) { threadFinished(); return; } //fetch page content GUIs.SharedVariables.myTestingForm.setStatus("fetching..."); Web.WebCrawler crawler = new Web.WebCrawler(dr.GetString(1)); DB.PagesManager pagesManager = new DB.PagesManager(); GUIs.SharedVariables.myTestingForm.displayOutputActivity("fetching the page : " + dr.GetString(1) + " \n\r"); string pageContent = crawler.fetchPage(); pagesManager.editPageContent(dr.GetString(1), pageContent); if (_isStoped || _isPaused) { threadFinished(); return; } //analyse page GUIs.SharedVariables.myTestingForm.setStatus("analaysing..."); GUIs.SharedVariables.myTestingForm.displayOutputActivity("analysing the page : " + dr.GetString(1) + " \n\r"); Web.HtmlParser parser = new Web.HtmlParser(dr.GetString(1), pageContent); List<string> links = parser.getInternalLinks(); GUIs.SharedVariables.myTestingForm.displayOutputActivity("found (" + links.Count + ") links in the page : " + dr.GetString(1) + " \n\r"); foreach (string l in links) { if (!pagesManager.isPageExist(l.ToLower())) { pagesManager.addPage(l.ToLower(), this._profileID.ToString(), "NULL"); } } pagesManager.setHasAnalysed(true, dr.GetString(1)); if (_isStoped || _isPaused) { threadFinished(); return; } //attack page GUIs.SharedVariables.myTestingForm.setStatus("attacking..."); FullAttack p = new FullAttack(this._profileID, dr.GetString(1), this._xssTest, this._sqlTest, this._rfiTest, this._deepScan); p.attack(); } } else { threadFinished(); } } } } newScanPhase(); }