private void CheckUnAuthenticatedMethod(RESTApi restDesc, VulnerabilitiesVulnerability vuln, WSDescriberForReport WSItemVulnerabilities, ReportObject reportObject, bool isDebug, ref List <Param> respHeader, RestHTTPHelper HttpHelper, string customRequestHeader) { HttpWebResponseWrapper response = null; try { reportObject.TotalRequestCount++; response = HttpHelper.GetHttpWebResponseWithDefaultParams(restDesc, false, ref respHeader, customRequestHeader); } catch (WebException wEx) { //if (wEx.Response.s) bool authErrorReceived = false; try { HttpWebResponse wr = (HttpWebResponse)wEx.Response; if (vuln.statusCode.Equals(((int)wr.StatusCode).ToString())) { authErrorReceived = true; } } catch { } if (!authErrorReceived) { SetWebException(restDesc.NormalizedURL, wEx, WSItemVulnerabilities, "Web Exception During Authentication Check", isDebug); } } catch (Exception ex) { throw ex; } if (response != null && response.WebResponse != null) { if (!vuln.statusCode.Equals(((int)response.WebResponse.StatusCode).ToString())) // status code != 401, no redirection { VulnerabilityForReport authVuln = new VulnerabilityForReport(); authVuln.Vuln = MainForm.vulnerabilities.Vulnerability.Where(v => v.id == 1).FirstOrDefault(); authVuln.VulnerableMethodName = restDesc.Url.AbsoluteUri; authVuln.VulnerableParamName = ""; authVuln.Payload = ""; authVuln.Response = response.ResponseBody; authVuln.StatusCode = response.WebResponse.StatusCode.ToString(); WSItemVulnerabilities.Vulns.Add(authVuln); mainForm.Log(" Auth Vulnerability Found: " + response.ResponseBody + " - status code is : " + response.WebResponse.StatusCode.ToString(), FontStyle.Bold, true, false); } } }
private void AddSSLRelatedVulnerability(WSDescriberForReport WSItemVulnerabilities, int vulnId) { VulnerabilityForReport sslVuln = new VulnerabilityForReport(); sslVuln.Vuln = vulnerabilities.Vulnerability.Where(v => v.id == vulnId).FirstOrDefault(); sslVuln.VulnerableMethodName = ""; sslVuln.VulnerableParamName = ""; sslVuln.Payload = ""; sslVuln.Response = ""; sslVuln.StatusCode = ""; WSItemVulnerabilities.Vulns.Add(sslVuln); }
private void SetVuln(WebServiceToInvoke wsInvoker, WSDescriberForReport WSItemVulnerabilities, VulnerabilitiesVulnerability vuln, WSOperation operation, string payload, string paramName, string logStr) { mainForm.Log(logStr, FontStyle.Bold, true, false); VulnerabilityForReport vulnRep = new VulnerabilityForReport(); vulnRep.Vuln = vuln; vulnRep.VulnerableMethodName = operation.MethodName; vulnRep.VulnerableParamName = paramName; vulnRep.Payload = payload; vulnRep.Response = wsInvoker.ResultString; vulnRep.StatusCode = wsInvoker.StatusCode.ToString(); WSItemVulnerabilities.Vulns.Add(vulnRep); }
private void SetVuln(HttpWebResponseWrapper response, WSDescriberForReport WSItemVulnerabilities, VulnerabilitiesVulnerability vuln, string methodName, string payload, int paramIndex, string logStr) { mainForm.Log(logStr, FontStyle.Bold, true, false); VulnerabilityForReport vulnRep = new VulnerabilityForReport(); vulnRep.Vuln = vuln; vulnRep.VulnerableMethodName = methodName; vulnRep.VulnerableParamName = paramIndex.ToString(); vulnRep.Payload = payload; vulnRep.Response = response.ResponseBody; vulnRep.StatusCode = response.WebResponse.StatusCode.ToString(); WSItemVulnerabilities.Vulns.Add(vulnRep); }
public void SetSoapFaultException(WSOperation operation, SoapException soapEx, WSDescriberForReport WSItemVulnerabilities, bool isDebug) { if (WSItemVulnerabilities.Vulns.Where(v => v.VulnerableMethodName.Equals(operation.MethodName) && v.Vuln.id == 7).Count() <= 0) // aynı method için sadece 1 tane soap fault zafiyeti yaz { mainForm.Log(" Soap Exception: " + soapEx.ToString(), FontStyle.Regular, isDebug, false); VulnerabilityForReport soapFaultVuln = new VulnerabilityForReport(); soapFaultVuln.Vuln = MainForm.vulnerabilities.Vulnerability.Where(v => v.id == 7).FirstOrDefault(); soapFaultVuln.VulnerableMethodName = operation.MethodName; soapFaultVuln.VulnerableParamName = ""; soapFaultVuln.Payload = ""; soapFaultVuln.Response = soapEx.Message; soapFaultVuln.StatusCode = ""; WSItemVulnerabilities.Vulns.Add(soapFaultVuln); } }
public void SetWebException(string method, WebException wEx, WSDescriberForReport WSItemVulnerabilities, string payload, bool isDebug) { if (WSItemVulnerabilities.Vulns.Where(v => v.Vuln.id == 8).Count() <= 0) // add only one web fault vulnerability { mainForm.Log(" Web Exception: " + wEx.ToString(), FontStyle.Regular, isDebug, false); VulnerabilityForReport webExceptionVuln = new VulnerabilityForReport(); webExceptionVuln.Vuln = MainForm.vulnerabilities.Vulnerability.Where(v => v.id == 8).FirstOrDefault(); webExceptionVuln.VulnerableMethodName = method; webExceptionVuln.VulnerableParamName = ""; webExceptionVuln.Payload = payload; webExceptionVuln.Response = wEx.Message; webExceptionVuln.StatusCode = ""; WSItemVulnerabilities.Vulns.Add(webExceptionVuln); } }
private void CheckUnAuthenticatedMethod(WebServiceToInvoke wsInvoker, WSOperation operation, VulnerabilitiesVulnerability vuln, string targetNameSpace, WSDescriberForReport WSItemVulnerabilities, ReportObject reportObject, bool isDebug, ref List <Param> respHeader, string customSoapHeaderTags, string customSoapBodyTags, string customRequestHeader) { for (int j = 0; j < operation.Parameters.Count; j++) { SetParameterDefaultValue(wsInvoker, operation.Parameters[j], isDebug); } try { try { reportObject.TotalRequestCount++; wsInvoker.InvokeMethod(operation.MethodName, targetNameSpace, null, ref respHeader, customSoapHeaderTags, customSoapBodyTags, customRequestHeader); } catch (SoapException soapEx) { //throw ex; SetSoapFaultException(operation, soapEx, WSItemVulnerabilities, isDebug); } catch (Exception ex) { throw ex; } } finally { wsInvoker.PosInvoke(); } if (!vuln.statusCode.Equals(wsInvoker.StatusCode.ToString())) // status code != 401, no redirection { VulnerabilityForReport authVuln = new VulnerabilityForReport(); authVuln.Vuln = MainForm.vulnerabilities.Vulnerability.Where(v => v.id == 1).FirstOrDefault(); authVuln.VulnerableMethodName = operation.MethodName; authVuln.VulnerableParamName = ""; authVuln.Payload = ""; authVuln.Response = wsInvoker.ResultString; authVuln.StatusCode = wsInvoker.StatusCode.ToString(); WSItemVulnerabilities.Vulns.Add(authVuln); mainForm.Log(" Auth Vulnerability Found: " + wsInvoker.ResultString + " - status code is : " + wsInvoker.StatusCode.ToString(), FontStyle.Bold, true, false); } }
private void CheckWebServerVulns(WSDescriber wsDesc, VulnerabilitiesVulnerability vuln, WSDescriberForReport WSItemVulnerabilities, ReportObject reportObject, bool isDebug, ref List <Param> respHeader, string customRequestHeader, string methodName, string httpMethodName) { HttpWebResponseWrapper response = null; try { RestHTTPHelper HttpHelper = new RestHTTPHelper(); reportObject.TotalRequestCount++; response = HttpHelper.GetHttpWebResponseForWebServerVuln(wsDesc.WSUri.Scheme + "://" + wsDesc.WSUri.Host + ":" + wsDesc.WSUri.Port, wsDesc.BasicAuthentication, ref respHeader, customRequestHeader, httpMethodName); } catch (Exception ex) { throw ex; } if (response != null && response.WebResponse != null) { if (vuln.statusCode.Equals(((int)response.WebResponse.StatusCode).ToString())) // status code == 200 { VulnerabilityForReport optionsVuln = new VulnerabilityForReport(); optionsVuln.Vuln = vuln; optionsVuln.VulnerableMethodName = wsDesc.WSUri.Host + ":" + wsDesc.WSUri.Port; optionsVuln.VulnerableParamName = ""; optionsVuln.Payload = ""; optionsVuln.Response = response.ResponseBody; optionsVuln.StatusCode = response.WebResponse.StatusCode.ToString(); WSItemVulnerabilities.Vulns.Add(optionsVuln); mainForm.Log(" " + methodName + " is enabled: " + response.ResponseBody + " - status code is : " + response.WebResponse.StatusCode.ToString(), FontStyle.Bold, true, false); } } }