void LoadRecording(object XmlObj) { try { Recording Rec = Recording.FromXml(XmlObj.ToString()); if (Recording.Has(Rec.Name)) { ShowMessage(true, "Unable to load this recording, a recording with this name is already loaded."); } if (Rec.IsLoginRecordingReplayable()) { Recording.Add(Rec); ShowMessage(false, "Recording loaded successfully! Now you can make use of it in scans and tests."); } else { ShowMessage(true, "Unable to load this recording, attempt to replay it failed."); } } catch (ThreadAbortException) { } catch (Exception Exp) { IronException.Report("Error loading Recording File", Exp); ShowMessage(true, "Invalid recording! Could not be loaded."); } }
void GetInitialScopeValuesFromDB() { try { List <string> Hosts = IronDB.GetUniqueHostsFromProxyLog(); List <string> Files = IronDB.GetUniqueFilesFromProxyLog(); ShowConfigScopeValues(Hosts, Files); } catch (ThreadAbortException) { } catch (Exception Exp) { IronException.Report("Error reading host and file values from DB", Exp); } }
static void RunScript(string ScriptFile, ScriptEngine Engine) { try { ScriptSource PluginSource; CompiledCode CompiledPlugin; ScriptErrorReporter CompileErrors = new ScriptErrorReporter(); string ErrorMessage = ""; if (ScriptFile.EndsWith(".py", StringComparison.CurrentCultureIgnoreCase)) { Engine.Runtime.TryGetEngine("py", out Engine); PluginSource = Engine.CreateScriptSourceFromFile(ScriptFile); string IndentError = PluginEditor.CheckPythonIndentation(PluginSource.GetCode())[1]; if (IndentError.Length > 0) { string UpdatedCode = PluginEditor.FixPythonIndentation(PluginSource.GetCode()); PluginSource = Engine.CreateScriptSourceFromString(UpdatedCode); //ErrorMessage = string.Format("{0}\r\n{1}", IndentError, ErrorMessage); } CompiledPlugin = PluginSource.Compile(CompileErrors); ErrorMessage = CompileErrors.GetErrors(); if (ErrorMessage.Length > 0 && IndentError.Length > 0) { ErrorMessage = string.Format("{0}\r\n{1}", IndentError, ErrorMessage); } if (ErrorMessage.Length == 0) { PluginSource.ExecuteProgram(); } } else if (ScriptFile.EndsWith(".rb", StringComparison.CurrentCultureIgnoreCase)) { Engine.Runtime.TryGetEngine("rb", out Engine); PluginSource = Engine.CreateScriptSourceFromFile(ScriptFile); CompiledPlugin = PluginSource.Compile(CompileErrors); ErrorMessage = CompileErrors.GetErrors(); if (ErrorMessage.Length == 0) { PluginSource.ExecuteProgram(); } } if (ErrorMessage.Length > 0) { IronException.Report("Syntax error in API Script - " + ScriptFile, ErrorMessage); } } catch (Exception Exp) { IronException.Report("Error loading script - " + ScriptFile, Exp.Message, Exp.StackTrace); } }
static void DoScan() { try { List <int[]> WorkFlowMarkers = new List <int[]>(); List <string> HostsToScan = new List <string>(); lock (WorkFlows) { foreach (int[] Marker in WorkFlows) { WorkFlowMarkers.Add(Marker); } WorkFlows.Clear(); } lock (AllowedHosts) { foreach (string Host in AllowedHosts) { HostsToScan.Add(Host); } AllowedHosts.Clear(); } foreach (int[] Marker in WorkFlowMarkers) { Analysis.LogAnalyzer Analyzer = new Analysis.LogAnalyzer(); Dictionary <string, Analysis.LogAssociations> AssociationsDict = Analyzer.Analyze(Marker[0], Marker[1], "Proxy"); foreach (string Ua in AssociationsDict.Keys) { ScanAssociation(AssociationsDict[Ua], HostsToScan, Marker); } } WorkflowScannerWindow.UpdateScanStatusInUi(false, "Scan complete"); } catch (ThreadAbortException) { } catch (Exception Exp) { IronException.Report("Error scanning workflows", Exp); } }
void DoAnalysis() { int i = 1; try { File.WriteAllText(string.Format("{0}\\style.css", OutputDir.FullName), Css); while (i < Config.LastProxyLogId) { if (!AnalyzedLogs.Contains(i)) { AnalyzeLogId(i); } i++; } CreateIndex(); } catch (ThreadAbortException) { } catch (Exception Exp) { IronException.Report("Error in DOM XSS Analyzer", Exp); } ShowAnalysisEndInUi(); }
void DoAnalysisOfRecording() { try { Analysis.LogAnalyzer LogAna = new Analysis.LogAnalyzer(); //Dictionary<string, Analysis.LogAssociations> LoginAssosDict = LogAna.Analyze(RecordingStartLogId, LoginRecordingDoneLogId, "Proxy"); //Check if the last log has been written to the db //We wait for max of 10 seconds if it is still not written then we proceed further so that an exception is thrown when processing int WaitTime = 0; while (WaitTime < 10000) { try { Session.FromProxyLog(RecordingCompleteLogId); break; } catch { } Thread.Sleep(1000); WaitTime = WaitTime + 1000; } Dictionary<string, Analysis.LogAssociations> LoginAssosDict = LogAna.Analyze(RecordingStartLogId, RecordingCompleteLogId, "Proxy"); List<string> Creds = new List<string>() { Username, Password }; string CorrectUa = ""; Analysis.LogAssociations LoginAssos = null; foreach (string Ua in LoginAssosDict.Keys) { if (LoginAssosDict[Ua].GetAssociationsWithParameterValues(Creds).Count > 0) { CorrectUa = Ua; LoginAssos = LoginAssosDict[Ua]; break; } } if (LoginAssos == null) { HandleAnalysisResult(false); return; } /* Dictionary<string, Analysis.LogAssociations> CsrfAssosDict = LogAna.Analyze(LoginRecordingDoneLogId, CsrfParameterRecordingDoneLogId, "Proxy"); Analysis.LogAssociations CsrfAssos = null; if (CsrfAssosDict.ContainsKey(CorrectUa)) { CsrfAssos = CsrfAssosDict[CorrectUa]; } if (CsrfParameterName.Length > 0 && CsrfAssos == null) { HandleAnalysisResult(false); return; } */ CurrentRecording = new Recording(LoginAssos, Username, Password, CsrfParameterName); if (!CurrentRecording.IsLoginRecordingReplayable()) { HandleAnalysisResult(false); return; } CurrentRecording.DoLogin(); if (CsrfParameterName.Length > 0) { string CT = CurrentRecording.GetCsrfToken(); if (CT.Length == 0) { HandleAnalysisResult(false); return; } } } catch (ThreadAbortException) { }//Ingore them catch (Exception Exp) { IronException.Report("Error analyzing recording", Exp); HandleAnalysisResult(false); return; } Workflow.Workflow Flow = CurrentRecording.ToWorkflow(); HandleAnalysisResult(true); }
void DoAnalysis() { WebSocketSessions Sessions = new WebSocketSessions(); try { File.WriteAllText(string.Format("{0}\\style.css", OutputDir.FullName), Css); int LogId = 1; while (LogId <= Config.GetLastLogId("WebSocket")) { try { Session Sess = Session.FromLog(LogId, "WebSocket"); if (Sess.Response == null) { Sessions.AddMessage(Sess.Request); } else { Sessions.AddMessage(Sess.Request, Sess.Response); } } catch (Exception Exp) { IronException.Report("Could not load WebSocket Message in to Message Extractor", Exp); //This could happen when the most recent messages have not yet been written to the DB by the LogCount has been incremented } LogId++; } StringBuilder IndexPage = new StringBuilder(IndexPageTop); int SessionCount = 0; foreach (string SessionId in Sessions.SessionIdsList) { WebSocketSession WS = Sessions.GetSession(SessionId); SessionCount++; IndexPage.AppendLine("<li>"); IndexPage.AppendLine(string.Format("<a href='{0}.html'>{1}</a>", SessionCount, WS.Url)); IndexPage.AppendLine("<table cellpadding='1' cellspacing='1'>"); IndexPage.AppendLine(string.Format("<tr><td><span class='stat_name_mts'>Messages to Server: </span><span class='stat_value'>{0}</span></td></tr>", WS.Requests.Count)); IndexPage.AppendLine(string.Format("<tr><td><span class='stat_name_mtc'>Messages to Client: </span><span class='stat_value'>{0}</span></td></tr>", WS.Responses.Count)); IndexPage.AppendLine("</table>"); IndexPage.AppendLine("</li>"); AnalyzeSession(WS, SessionCount); } IndexPage.AppendLine(IndexPageBottom); File.WriteAllText(string.Format("{0}\\index.html", OutputDir.FullName), IndexPage.ToString()); ShowStatusMsg("Open the below file in browser to view the analysis results"); ShowOutputFile(string.Format("{0}\\index.html", OutputDir.FullName)); } catch (ThreadAbortException) { } catch (Exception Exp) { IronException.Report("Error in WebSocket Message Analyzer", Exp); ShowStatusMsg("Error!! Check the exceptions area for error details."); } ShowAnalysisEndInUi(); }