예제 #1
0
 void LoadRecording(object XmlObj)
 {
     try
     {
         Recording Rec = Recording.FromXml(XmlObj.ToString());
         if (Recording.Has(Rec.Name))
         {
             ShowMessage(true, "Unable to load this recording, a recording with this name is already loaded.");
         }
         if (Rec.IsLoginRecordingReplayable())
         {
             Recording.Add(Rec);
             ShowMessage(false, "Recording loaded successfully! Now you can make use of it in scans and tests.");
         }
         else
         {
             ShowMessage(true, "Unable to load this recording, attempt to replay it failed.");
         }
     }
     catch (ThreadAbortException) { }
     catch (Exception Exp)
     {
         IronException.Report("Error loading Recording File", Exp);
         ShowMessage(true, "Invalid recording! Could not be loaded.");
     }
 }
예제 #2
0
 void GetInitialScopeValuesFromDB()
 {
     try
     {
         List <string> Hosts = IronDB.GetUniqueHostsFromProxyLog();
         List <string> Files = IronDB.GetUniqueFilesFromProxyLog();
         ShowConfigScopeValues(Hosts, Files);
     }
     catch (ThreadAbortException) { }
     catch (Exception Exp) { IronException.Report("Error reading host and file values from DB", Exp); }
 }
예제 #3
0
        static void RunScript(string ScriptFile, ScriptEngine Engine)
        {
            try
            {
                ScriptSource        PluginSource;
                CompiledCode        CompiledPlugin;
                ScriptErrorReporter CompileErrors = new ScriptErrorReporter();
                string ErrorMessage = "";

                if (ScriptFile.EndsWith(".py", StringComparison.CurrentCultureIgnoreCase))
                {
                    Engine.Runtime.TryGetEngine("py", out Engine);
                    PluginSource = Engine.CreateScriptSourceFromFile(ScriptFile);
                    string IndentError = PluginEditor.CheckPythonIndentation(PluginSource.GetCode())[1];
                    if (IndentError.Length > 0)
                    {
                        string UpdatedCode = PluginEditor.FixPythonIndentation(PluginSource.GetCode());
                        PluginSource = Engine.CreateScriptSourceFromString(UpdatedCode);
                        //ErrorMessage = string.Format("{0}\r\n{1}", IndentError, ErrorMessage);
                    }
                    CompiledPlugin = PluginSource.Compile(CompileErrors);
                    ErrorMessage   = CompileErrors.GetErrors();
                    if (ErrorMessage.Length > 0 && IndentError.Length > 0)
                    {
                        ErrorMessage = string.Format("{0}\r\n{1}", IndentError, ErrorMessage);
                    }
                    if (ErrorMessage.Length == 0)
                    {
                        PluginSource.ExecuteProgram();
                    }
                }
                else if (ScriptFile.EndsWith(".rb", StringComparison.CurrentCultureIgnoreCase))
                {
                    Engine.Runtime.TryGetEngine("rb", out Engine);
                    PluginSource   = Engine.CreateScriptSourceFromFile(ScriptFile);
                    CompiledPlugin = PluginSource.Compile(CompileErrors);
                    ErrorMessage   = CompileErrors.GetErrors();
                    if (ErrorMessage.Length == 0)
                    {
                        PluginSource.ExecuteProgram();
                    }
                }
                if (ErrorMessage.Length > 0)
                {
                    IronException.Report("Syntax error in API Script - " + ScriptFile, ErrorMessage);
                }
            }
            catch (Exception Exp)
            {
                IronException.Report("Error loading script - " + ScriptFile, Exp.Message, Exp.StackTrace);
            }
        }
예제 #4
0
 static void DoScan()
 {
     try
     {
         List <int[]>  WorkFlowMarkers = new List <int[]>();
         List <string> HostsToScan     = new List <string>();
         lock (WorkFlows)
         {
             foreach (int[] Marker in WorkFlows)
             {
                 WorkFlowMarkers.Add(Marker);
             }
             WorkFlows.Clear();
         }
         lock (AllowedHosts)
         {
             foreach (string Host in AllowedHosts)
             {
                 HostsToScan.Add(Host);
             }
             AllowedHosts.Clear();
         }
         foreach (int[] Marker in WorkFlowMarkers)
         {
             Analysis.LogAnalyzer Analyzer = new Analysis.LogAnalyzer();
             Dictionary <string, Analysis.LogAssociations> AssociationsDict = Analyzer.Analyze(Marker[0], Marker[1], "Proxy");
             foreach (string Ua in AssociationsDict.Keys)
             {
                 ScanAssociation(AssociationsDict[Ua], HostsToScan, Marker);
             }
         }
         WorkflowScannerWindow.UpdateScanStatusInUi(false, "Scan complete");
     }
     catch (ThreadAbortException) { }
     catch (Exception Exp)
     {
         IronException.Report("Error scanning workflows", Exp);
     }
 }
예제 #5
0
        void DoAnalysis()
        {
            int i = 1;

            try
            {
                File.WriteAllText(string.Format("{0}\\style.css", OutputDir.FullName), Css);
                while (i < Config.LastProxyLogId)
                {
                    if (!AnalyzedLogs.Contains(i))
                    {
                        AnalyzeLogId(i);
                    }
                    i++;
                }
                CreateIndex();
            }
            catch (ThreadAbortException) { }
            catch (Exception Exp)
            {
                IronException.Report("Error in DOM XSS Analyzer", Exp);
            }
            ShowAnalysisEndInUi();
        }
예제 #6
0
        void DoAnalysisOfRecording()
        {
            try
            {
                Analysis.LogAnalyzer LogAna = new Analysis.LogAnalyzer();
                //Dictionary<string, Analysis.LogAssociations> LoginAssosDict = LogAna.Analyze(RecordingStartLogId, LoginRecordingDoneLogId, "Proxy");
                
                //Check if the last log has been written to the db
                //We wait for max of 10 seconds if it is still not written then we proceed further so that an exception is thrown when processing
                int WaitTime = 0;
                while (WaitTime < 10000)
                {
                    try
                    {
                        Session.FromProxyLog(RecordingCompleteLogId);
                        break;
                    }
                    catch { }
                    Thread.Sleep(1000);
                    WaitTime = WaitTime + 1000;
                }

                Dictionary<string, Analysis.LogAssociations> LoginAssosDict = LogAna.Analyze(RecordingStartLogId, RecordingCompleteLogId, "Proxy");
                List<string> Creds = new List<string>() { Username, Password };
                string CorrectUa = "";
                Analysis.LogAssociations LoginAssos = null;
                foreach (string Ua in LoginAssosDict.Keys)
                {
                    if (LoginAssosDict[Ua].GetAssociationsWithParameterValues(Creds).Count > 0)
                    {
                        CorrectUa = Ua;
                        LoginAssos = LoginAssosDict[Ua];
                        break;
                    }
                }
                if (LoginAssos == null)
                {
                    HandleAnalysisResult(false);
                    return;
                }

                /*
                Dictionary<string, Analysis.LogAssociations> CsrfAssosDict = LogAna.Analyze(LoginRecordingDoneLogId, CsrfParameterRecordingDoneLogId, "Proxy");
                Analysis.LogAssociations CsrfAssos = null;
                if (CsrfAssosDict.ContainsKey(CorrectUa))
                {
                    CsrfAssos = CsrfAssosDict[CorrectUa];
                }
                if (CsrfParameterName.Length > 0 && CsrfAssos == null)
                {
                    HandleAnalysisResult(false);
                    return;
                }
                */
                 
                CurrentRecording = new Recording(LoginAssos, Username, Password, CsrfParameterName);
                if (!CurrentRecording.IsLoginRecordingReplayable())
                {
                    HandleAnalysisResult(false);
                    return;
                }
                CurrentRecording.DoLogin();
                if (CsrfParameterName.Length > 0)
                {
                    string CT = CurrentRecording.GetCsrfToken();
                    if (CT.Length == 0)
                    {
                        HandleAnalysisResult(false);
                        return;
                    }
                }
            }
            catch (ThreadAbortException) { }//Ingore them
            catch (Exception Exp)
            {
                IronException.Report("Error analyzing recording", Exp);
                HandleAnalysisResult(false);
                return;
            }
            Workflow.Workflow Flow = CurrentRecording.ToWorkflow();
            HandleAnalysisResult(true);
        }
        void DoAnalysis()
        {
            WebSocketSessions Sessions = new WebSocketSessions();

            try
            {
                File.WriteAllText(string.Format("{0}\\style.css", OutputDir.FullName), Css);

                int LogId = 1;
                while (LogId <= Config.GetLastLogId("WebSocket"))
                {
                    try
                    {
                        Session Sess = Session.FromLog(LogId, "WebSocket");
                        if (Sess.Response == null)
                        {
                            Sessions.AddMessage(Sess.Request);
                        }
                        else
                        {
                            Sessions.AddMessage(Sess.Request, Sess.Response);
                        }
                    }
                    catch (Exception Exp)
                    {
                        IronException.Report("Could not load WebSocket Message in to Message Extractor", Exp);
                        //This could happen when the most recent messages have not yet been written to the DB by the LogCount has been incremented
                    }
                    LogId++;
                }

                StringBuilder IndexPage = new StringBuilder(IndexPageTop);

                int SessionCount = 0;
                foreach (string SessionId in Sessions.SessionIdsList)
                {
                    WebSocketSession WS = Sessions.GetSession(SessionId);
                    SessionCount++;

                    IndexPage.AppendLine("<li>");
                    IndexPage.AppendLine(string.Format("<a href='{0}.html'>{1}</a>", SessionCount, WS.Url));
                    IndexPage.AppendLine("<table cellpadding='1' cellspacing='1'>");
                    IndexPage.AppendLine(string.Format("<tr><td><span class='stat_name_mts'>Messages to Server: </span><span class='stat_value'>{0}</span></td></tr>", WS.Requests.Count));
                    IndexPage.AppendLine(string.Format("<tr><td><span class='stat_name_mtc'>Messages to Client: </span><span class='stat_value'>{0}</span></td></tr>", WS.Responses.Count));
                    IndexPage.AppendLine("</table>");
                    IndexPage.AppendLine("</li>");

                    AnalyzeSession(WS, SessionCount);
                }

                IndexPage.AppendLine(IndexPageBottom);
                File.WriteAllText(string.Format("{0}\\index.html", OutputDir.FullName), IndexPage.ToString());
                ShowStatusMsg("Open the below file in browser to view the analysis results");
                ShowOutputFile(string.Format("{0}\\index.html", OutputDir.FullName));
            }
            catch (ThreadAbortException) { }
            catch (Exception Exp)
            {
                IronException.Report("Error in WebSocket Message Analyzer", Exp);
                ShowStatusMsg("Error!! Check the exceptions area for error details.");
            }
            ShowAnalysisEndInUi();
        }