public void CustomTestProxy_TestPatternEntityExclusion() { MockProxy mockSite; string first, second, third; InitMockSite(out mockSite, out first, out second, out third); CustomTestsFile testFile = GetCustomTestFile(); TrafficViewerFile testDataStore = new TrafficViewerFile(); MockTestController mockTestController = new MockTestController(); testFile.PatternEntityExclusion = "p2"; DriveByAttackProxy testProxy = new DriveByAttackProxy(mockTestController, testFile, testDataStore); testProxy.Start(); SendRequestThroughTestProxy(first, testProxy, mockSite); SendRequestThroughTestProxy(second, testProxy, mockSite); SendRequestThroughTestProxy(third, testProxy, mockSite); Thread.Sleep(1000); testProxy.Stop(); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("p1")); Assert.IsFalse(mockTestController.IssuesFound.ContainsKey("p2")); }
public void CustomTestProxy_TestFirstRequestRegex() { MockProxy mockSite = new MockProxy(); string first = "GET / HTTP/1.1\r\n"; string second = "POST /r1 HTTP/1.1\r\n\r\np1=1234\r\n"; string third = "POST /r2 HTTP/1.1\r\n\r\np2=1234\r\n\r\n"; mockSite.MockSite.AddRequestResponse(first, "HTTP/1.1 200 OK\r\n\r\nbla"); mockSite.MockSite.AddRequestResponse(second, "HTTP/1.1 200 OK\r\n\r\nroot:0:0"); mockSite.MockSite.AddRequestResponse(third, "HTTP/1.1 200 OK\r\n\r\nroot:0:0"); mockSite.Start(); CustomTestsFile testFile = GetCustomTestFile(); TrafficViewerFile testDataStore = new TrafficViewerFile(); MockTestController mockTestController = new MockTestController(); SequentialAttackProxy testProxy = new SequentialAttackProxy(mockTestController, testFile, testDataStore); testFile.PatternOfFirstRequestToTest = "r2"; testProxy.Start(); SendRequestThroughTestProxy(first, testProxy, mockSite); SendRequestThroughTestProxy(second, testProxy, mockSite); SendRequestThroughTestProxy(third, testProxy, mockSite); testProxy.Stop(); Assert.IsFalse(mockTestController.IssuesFound.ContainsKey("p1")); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("p2")); }
public void CustomTester_ParametersWithSameValue() { MockTestController mockTestController = new MockTestController(); string testRequest = "GET /search.jsp?a=1&b=1 HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n"; string paramName1 = "a"; string paramName2 = "b"; CustomTestsFile file = GetCustomTestFile(); Tester tester = new Tester(mockTestController, file); CustomTestDef def = file.GetCustomTests()["Path Traversal"]; HttpRequestInfo original = new HttpRequestInfo(testRequest, true); Uri uri = new Uri(original.FullUrl); tester.ExecuteTests(testRequest, "", uri, paramName1, null, RequestLocation.Query, def); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey(paramName1)); string mutReq = mockTestController.MutatedRequests[0]; HttpRequestInfo mutReqInfo = new HttpRequestInfo(mutReq); Assert.AreEqual(MockTestController.PATH_TRAVERSAL, mutReqInfo.QueryVariables[paramName1], "Invalid mutation for " + paramName1); Assert.AreEqual("1", mutReqInfo.QueryVariables[paramName2], "Invalid value for " + paramName2); tester.ExecuteTests(testRequest, "", uri, paramName2, null, RequestLocation.Query, def); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey(paramName2)); mutReq = mockTestController.MutatedRequests[1]; mutReqInfo = new HttpRequestInfo(mutReq); Assert.AreEqual("1", mutReqInfo.QueryVariables[paramName1], "Invalid value for " + paramName1); Assert.AreEqual(MockTestController.PATH_TRAVERSAL, mutReqInfo.QueryVariables[paramName2], "Invalid mutation for " + paramName2); }
public void CustomTestProxy_TestPatternToTest() { MockProxy mockSite; string first, second, third; InitMockSite(out mockSite, out first, out second, out third); CustomTestsFile testFile = GetCustomTestFile(); TrafficViewerFile testDataStore = new TrafficViewerFile(); MockTestController mockTestController = new MockTestController(); var targetList = new Dictionary <string, AttackTarget>(); targetList.Add("r1", new AttackTarget("r1", "Enabled", "r1")); testFile.SetAttackTargetList(targetList); DriveByAttackProxy testProxy = new DriveByAttackProxy(mockTestController, testFile, testDataStore); testProxy.Start(); SendRequestThroughTestProxy(first, testProxy, mockSite); SendRequestThroughTestProxy(second, testProxy, mockSite); SendRequestThroughTestProxy(third, testProxy, mockSite); Thread.Sleep(1000); testProxy.Stop(); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("p1")); Assert.IsFalse(mockTestController.IssuesFound.ContainsKey("p2")); }
public void CustomTester_SingleCharacterValue() { TrafficViewerFile mockSite = new TrafficViewerFile(); MockTestController mockTestController = new MockTestController(mockSite); string testRequest = "GET /search.aspx?txtSearch=a&a1=a HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n"; string paramName = "txtSearch"; string paramName2 = "a1"; CustomTestsFile file = GetCustomTestFile(); Tester tester = new Tester(mockTestController, file); CustomTestDef def = file.GetCustomTests()["Path Traversal"]; HttpRequestInfo original = new HttpRequestInfo(testRequest, true); Uri uri = new Uri(original.FullUrl); string entityId = tester.GetEntityId(uri, paramName); string entityString = tester.GetEntityString(testRequest, uri, paramName, original.QueryVariables[paramName]); TestJob testJob = new TestJob(paramName, original.QueryVariables[paramName], RequestLocation.Query, def); string mutatedRequest = tester.GenerateMutatedRequestList(testRequest, testJob, entityString, entityId)[0]; HttpRequestInfo mutatedReqInfo = new HttpRequestInfo(mutatedRequest, true); Assert.IsTrue(mutatedReqInfo.QueryVariables.ContainsKey(paramName), "Could no longer find parameter"); Assert.AreEqual(original.QueryVariables[paramName] + MockTestController.PATH_TRAVERSAL, mutatedReqInfo.QueryVariables[paramName], "Incorrect test value"); Assert.AreEqual(original.QueryVariables[paramName2], mutatedReqInfo.QueryVariables[paramName2], "Incorrect non-test value"); }
public void CustomTester_MatchHeaderValidation() { TrafficViewerFile mockSite = new TrafficViewerFile(); MockTestController mockTestController = new MockTestController(mockSite); string testRequest = "GET /search.aspx?txtSearch=a&a1=a HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n"; string paramName = "txtSearch"; CustomTestsFile file = GetCustomTestFile(); Tester tester = new Tester(mockTestController, file); CustomTestDef def = file.GetCustomTests()["Path Traversal"]; def.Validation = "$header=" + "root:\\s?:"; HttpRequestInfo original = new HttpRequestInfo(testRequest, true); Uri uri = new Uri(original.FullUrl); string entityId = tester.GetEntityId(uri, paramName); string entityString = tester.GetEntityString(testRequest, uri, paramName, original.QueryVariables[paramName]); TestJob testJob = new TestJob(paramName, original.QueryVariables[paramName], RequestLocation.Query, def); string mutatedRequest = tester.GenerateMutatedRequestList(testRequest, testJob, entityString, entityId)[0]; Assert.IsFalse(tester.ValidateSingleTest(testRequest, "HTTP/1.1 200 OK\r\nbla", new Uri("http://demo.testfire.net/search.aspx"), paramName, entityId, def, mutatedRequest, "HTTP/1.1 200 OK\r\n\r\nroot::")); Assert.IsTrue(tester.ValidateSingleTest(testRequest, "HTTP/1.1 200 OK\r\nbla", new Uri("http://demo.testfire.net/search.aspx"), paramName, entityId, def, mutatedRequest, "HTTP/1.1 200 OK\r\nroot::\r\n\r\nbody")); }
public void CustomTestProxy_BodyParamUnitTest() { MockTestController mockTestController = new MockTestController(); string testRequest = "POST /search.aspx HTTP/1.1\r\n\r\ntxtSearch=1234\r\n\r\n"; HttpResponseInfo testResponse = CustomTestUnitExecution(testRequest, mockTestController); Assert.AreEqual(1, mockTestController.IssuesFound.Count, "No issues found"); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("txtSearch"), "Incorrect parameter found"); Assert.AreEqual("Path Traversal", mockTestController.IssuesFound["txtSearch"], "Incorrect issue found"); }
public void CustomTestProxy_TestJSValidation() { MockProxy mockSite = new MockProxy(); string testReq = "GET /r1?p1=test HTTP/1.1\r\n"; mockSite.MockSite.AddRequestResponse(testReq, "HTTP/1.1 200 OK\r\n\r\nFound user test"); mockSite.Start(); CustomTestsFile testFile = GetCustomTestFile(); var tests = testFile.GetCustomTests(); tests.Clear(); tests.Add("PathTraversal", new CustomTestDef("PathTraversal", "Path Traversal", "$original/" + MockTestController.PATH_TRAVERSAL, "$js_code=function Callback(response){var found = false; if(response.indexOf('root')>-1) found=true; return found;}")); testFile.SetCustomTests(tests); testFile.Save(); TrafficViewerFile testDataStore = new TrafficViewerFile(); MockTestController mockTestController = new MockTestController(mockSite.MockSite); var targetList = new Dictionary <string, AttackTarget>(); targetList.Add("r1", new AttackTarget("r1", "Enabled", "r1")); testFile.SetAttackTargetList(targetList); DriveByAttackProxy testProxy = new DriveByAttackProxy(mockTestController, testFile, testDataStore); testProxy.Start(); SendRequestThroughTestProxy(testReq, testProxy, mockSite); Thread.Sleep(100); testProxy.Stop(); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("p1")); }
public void CustomTester_EmptyQueryParamUnitTest() { TrafficViewerFile mockSite = new TrafficViewerFile(); mockSite.AddRequestResponse(String.Format("GET /search.jsp?query={0} HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n", MockTestController.PATH_TRAVERSAL), MockTestController.PATH_TRAVERSAL_RESPONSE); MockTestController mockTestController = new MockTestController(mockSite); string testRequest = "GET /search.jsp?query= HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n"; string paramName = "query"; CustomTestsFile file = GetCustomTestFile(); Tester tester = new Tester(mockTestController, file); CustomTestDef def = file.GetCustomTests()["Path Traversal"]; HttpRequestInfo original = new HttpRequestInfo(testRequest, true); Uri uri = new Uri(original.FullUrl); tester.ExecuteTests(testRequest, "", uri, paramName, null, RequestLocation.Query, def); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey(paramName)); }
public void CustomTester_DynamicValue() { MockTestController mockTestController = new MockTestController(); string testRequest = "GET /search.jsp?query= HTTP/1.1\r\nDyn:__dynamic_value__ticks__\r\nHost: 127.0.0.1\r\n\r\n"; string paramName = "query"; CustomTestsFile file = GetCustomTestFile(); Tester tester = new Tester(mockTestController, file); CustomTestDef def = file.GetCustomTests()["Path Traversal"]; HttpRequestInfo original = new HttpRequestInfo(testRequest, true); Uri uri = new Uri(original.FullUrl); tester.ExecuteTests(testRequest, "", uri, paramName, null, RequestLocation.Query, def); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey(paramName)); Assert.AreEqual(1, mockTestController.MutatedRequests.Count, "Incorrect number of mutated requests"); HttpRequestInfo mutatedRequest = new HttpRequestInfo(mockTestController.MutatedRequests[0]); Assert.IsTrue(Utils.IsMatch(mutatedRequest.Headers["Dyn"], "\\d+"), "Incorrect dynamic header value"); }
public void CustomTestProxy_500Error() { MockProxy mockSite = new MockProxy(); string first = "GET / HTTP/1.1\r\n"; string second = Resources.IdeasPmc; string third = "POST /r2 HTTP/1.1\r\n\r\np2=1234\r\n\r\n"; mockSite.MockSite.AddRequestResponse(first, "HTTP/1.1 200 OK\r\n\r\nbla"); mockSite.MockSite.AddRequestResponse(second, "HTTP/1.1 200 OK\r\n\r\nroot:0:0"); mockSite.MockSite.AddRequestResponse(third, "HTTP/1.1 200 OK\r\n\r\nbla"); mockSite.Start(); CustomTestsFile testFile = GetCustomTestFile(); TrafficViewerFile testDataStore = new TrafficViewerFile(); MockTestController mockTestController = new MockTestController(); SequentialAttackProxy testProxy = new SequentialAttackProxy(mockTestController, testFile, testDataStore); testFile.PatternOfFirstRequestToTest = ".*pmc"; testProxy.Start(); HttpResponseInfo respInfo; for (int i = 0; i < 2; i++) { respInfo = SendRequestThroughTestProxy(first, testProxy, mockSite); Assert.AreNotEqual(500, respInfo.Status); SendRequestThroughTestProxy(second, testProxy, mockSite); Assert.AreNotEqual(500, respInfo.Status); SendRequestThroughTestProxy(third, testProxy, mockSite); Assert.AreNotEqual(500, respInfo.Status); } testProxy.Stop(); Assert.IsFalse(mockTestController.IssuesFound.ContainsKey("p2")); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("itoken")); }
public HttpResponseInfo CustomTestUnitExecution(string request, MockTestController mockTestController, SequentialAttackProxy testProxy = null, MockProxy mockSite = null) { bool shouldStopMockSite = false; if (mockSite == null) { shouldStopMockSite = true; mockSite = new MockProxy(request, "HTTP/1.1 200 OK\r\n\r\nroot:0:0"); mockSite.Start(); } CustomTestsFile testFile = GetCustomTestFile(); bool shouldStopTestProxy = false; if (testProxy == null) { shouldStopTestProxy = true; TrafficViewerFile testDataStore = new TrafficViewerFile(); testProxy = new SequentialAttackProxy(mockTestController, testFile, testDataStore); testProxy.Start(); } var response = SendRequestThroughTestProxy(request, testProxy, mockSite); if (shouldStopMockSite) { mockSite.Stop(); } if (shouldStopTestProxy) { testProxy.Stop(); } return(response); }