public PassiveCheckResult RunCheck(Fiddler.Session fiddlerSession)
{
if (fiddlerSession.isHTTPS && fiddlerSession.oResponse.headers.Exists("set-cookie"))
{
string cookie = fiddlerSession.oResponse.headers["set-cookie"];
if (cookie != null && cookie.Length > 0)
{
string[] parts = cookie.Split(';');
string cookiename = parts[0];
cookiename = cookiename.Split('=')[0];
if (parts != null && parts.Length > 0)
{
bool isDomainSet = false;
parts.ForEach(v =>
{
if (v.Trim().ToLower().StartsWith("domain"))
{
isDomainSet = true;
}
});
if (!isDomainSet)
{
return(PassiveCheckResult.CreateFailure(this, fiddlerSession.fullUrl, "Cookie not marked with domain"));
}
}
}
}
return(PassiveCheckResult.CreatePass(this, fiddlerSession.fullUrl));
}
public PassiveCheckResult RunCheck(Session fiddlerSession)
{
if (!fiddlerSession.isHTTPS)
{
if (fiddlerSession.uriContains("login"))
{
return(PassiveCheckResult.CreateFailure(this, fiddlerSession.url));
}
}
return(PassiveCheckResult.CreatePass(this, fiddlerSession.url));
}
private void FiddlerApplication_AfterSessionComplete(Fiddler.Session oSession)
{
logger.Trace("{0} {1} {2}\n{3} {4} {5}\n\n", oSession.id, oSession.oRequest.headers.HTTPMethod, Ellipsize(oSession.fullUrl, 60), oSession.responseCode, oSession.GetResponseContentType(), oSession.ResponseBody.Length);
checkList.ForEach(v =>
{
try
{
logger.Trace("Running audit: " + v.Name);
PassiveCheckResult result = v.RunCheck(oSession);
if (!result.Passed)
{
logger.Warn("{0} failed for {1}", v.Name, oSession.fullUrl);
}
resultList.Add(result);
}
catch (Exception ex)
{
logger.Error(ex);
}
});
}
public PassiveCheckResult RunCheck(Fiddler.Session fiddlerSession)
{
if (fiddlerSession.isHTTPS)
{
if (fiddlerSession.oResponse.headers.Exists("cache-control"))
{
string cc = fiddlerSession.oResponse.headers["cache-control"].Trim().ToLower();
if (!cc.Contains("no-store"))
{
return(PassiveCheckResult.CreateFailure(this, fiddlerSession.url, "Cache-Control header does not contain 'no-store'"));
}
else if (!cc.Contains("no-cache"))
{
return(PassiveCheckResult.CreateFailure(this, fiddlerSession.url, "Cache-Control header does not contain 'no-cache'"));
}
}
else
{
return(PassiveCheckResult.CreateFailure(this, fiddlerSession.url, "No Cache-Control header found"));
}
}
return(PassiveCheckResult.CreatePass(this, fiddlerSession.url));
}
public PassiveCheckResult RunCheck(Fiddler.Session fiddlerSession)
{
return(fiddlerSession.isHTTPS ? PassiveCheckResult.CreatePass(this, fiddlerSession.url) : PassiveCheckResult.CreateFailure(this, fiddlerSession.url));
}
