public PassiveCheckResult RunCheck(Fiddler.Session fiddlerSession)
        {
            if (fiddlerSession.isHTTPS && fiddlerSession.oResponse.headers.Exists("set-cookie"))
            {
                string cookie = fiddlerSession.oResponse.headers["set-cookie"];

                if (cookie != null && cookie.Length > 0)
                {
                    string[] parts      = cookie.Split(';');
                    string   cookiename = parts[0];
                    cookiename = cookiename.Split('=')[0];

                    if (parts != null && parts.Length > 0)
                    {
                        bool isDomainSet = false;

                        parts.ForEach(v =>
                        {
                            if (v.Trim().ToLower().StartsWith("domain"))
                            {
                                isDomainSet = true;
                            }
                        });

                        if (!isDomainSet)
                        {
                            return(PassiveCheckResult.CreateFailure(this, fiddlerSession.fullUrl, "Cookie not marked with domain"));
                        }
                    }
                }
            }

            return(PassiveCheckResult.CreatePass(this, fiddlerSession.fullUrl));
        }
Exemplo n.º 2
0
        public PassiveCheckResult RunCheck(Session fiddlerSession)
        {
            if (!fiddlerSession.isHTTPS)
            {
                if (fiddlerSession.uriContains("login"))
                {
                    return(PassiveCheckResult.CreateFailure(this, fiddlerSession.url));
                }
            }

            return(PassiveCheckResult.CreatePass(this, fiddlerSession.url));
        }
Exemplo n.º 3
0
        private void FiddlerApplication_AfterSessionComplete(Fiddler.Session oSession)
        {
            logger.Trace("{0} {1} {2}\n{3} {4} {5}\n\n", oSession.id, oSession.oRequest.headers.HTTPMethod, Ellipsize(oSession.fullUrl, 60), oSession.responseCode, oSession.GetResponseContentType(), oSession.ResponseBody.Length);

            checkList.ForEach(v =>
            {
                try
                {
                    logger.Trace("Running audit: " + v.Name);
                    PassiveCheckResult result = v.RunCheck(oSession);
                    if (!result.Passed)
                    {
                        logger.Warn("{0} failed for {1}", v.Name, oSession.fullUrl);
                    }

                    resultList.Add(result);
                }
                catch (Exception ex)
                {
                    logger.Error(ex);
                }
            });
        }
        public PassiveCheckResult RunCheck(Fiddler.Session fiddlerSession)
        {
            if (fiddlerSession.isHTTPS)
            {
                if (fiddlerSession.oResponse.headers.Exists("cache-control"))
                {
                    string cc = fiddlerSession.oResponse.headers["cache-control"].Trim().ToLower();
                    if (!cc.Contains("no-store"))
                    {
                        return(PassiveCheckResult.CreateFailure(this, fiddlerSession.url, "Cache-Control header does not contain 'no-store'"));
                    }
                    else if (!cc.Contains("no-cache"))
                    {
                        return(PassiveCheckResult.CreateFailure(this, fiddlerSession.url, "Cache-Control header does not contain 'no-cache'"));
                    }
                }
                else
                {
                    return(PassiveCheckResult.CreateFailure(this, fiddlerSession.url, "No Cache-Control header found"));
                }
            }

            return(PassiveCheckResult.CreatePass(this, fiddlerSession.url));
        }
Exemplo n.º 5
0
 public PassiveCheckResult RunCheck(Fiddler.Session fiddlerSession)
 {
     return(fiddlerSession.isHTTPS ? PassiveCheckResult.CreatePass(this, fiddlerSession.url) : PassiveCheckResult.CreateFailure(this, fiddlerSession.url));
 }