private void GetResponseHeaders()
{
try
{
HttpWebRequest myRequest = (HttpWebRequest)WebRequest.Create(txtURL.Text);
myRequest.Method = "GET";
HttpWebResponse myResponse = (HttpWebResponse)myRequest.GetResponse();
WebHeaderCollection myHeaders = myResponse.Headers;
txtReport.Text = "Adres: " + txtURL.Text;
txtReport.AppendText(Environment.NewLine);
txtReport.AppendText(Environment.NewLine);
txtReport.AppendText("Title Information:");
txtReport.AppendText(Environment.NewLine);
__HTTTPAttack_ a = new __HTTTPAttack_(txtURL.Text);
a.LoadFromSettings(false);
a.SendRequest();
txtReport.AppendText(a.ReturnResponseHeaders());
this.DocumentText = a.DocumentText;
this.addAttack(a);
progressBar1.Value += 100;
}
catch
{
this.SetNotfictaion("URL incorrect or unreachable");
}
}
private void btnProceed_Click(object sender, EventArgs e)
{
string inj = "";
__HTTTPAttack_ h = new __HTTTPAttack_();
if (checkBoxGet.Checked)
{
h.ParameterizeGET(textBox1.Text);
foreach (StrBool s in this.Get_Pars)
{
if (s.statue_)
{
h.AddGetparameter(s.string_, s.string_ + inj);
}
}
h.GET_XSSER();
MessageBox.Show(h.GetXsserSummary());
if (h.Succeeded)
{
this.setNotification("Succeeeded");
}
}
else
{
// post
}
}
public FrmAttacks(List <__HTTTPAttack_> AttaksListp, string id = "", int im = -1)
{
int selind = -1;
InitializeComponent();
__Attacks_List.Clear();
foreach (__HTTTPAttack_ h in AttaksListp)
{
__Attacks_List.Add(__HTTTPAttack_.Copy(h));
}
/// setting up grid
SetUpGrid();
SetGridSize();
dataGridView1.Rows.Clear();
FillGrid(this.__Attacks_List);
int AskedIndex = GetIndexOfAttack(id);
if (id == "")
{
selind = im;
}
if (__Attacks_List.Count > 0)
{
__Selected_Attack = __HTTTPAttack_.Copy(__Attacks_List[0]);
LoadDetailsOfCurrentAttack();
}
SelectThisIndex(-1);
txbxSearchReQuest_TextChanged(null, null);
txbxSearchResponse_TextChanged(null, null);
}
internal void AddNewRecord(__HTTTPAttack_ h)
{
this.__Attacks_List.Add(__HTTTPAttack_.Copy(h));
if (this.GridHasSetUp == false)
{
this.SetUpGrid();
}
dataGridView1.Rows.Add(dataGridView1.Rows.Count + 1, h._Url, h.statueCode, h._Method, h.infected, h.Id, h.owner);
}
private void _____ATTACK___(AttackDetails _Atk_details, ref Label L_statue, ref Label L_code, ref LinkLabel L_source, ref Label hint, string attacker = "")
{
Notify(_Atk_details.Target + " Attacking ");
L_statue.Text = L_code.Text = "...";
__HTTTPAttack_ at = new __HTTTPAttack_();
at.Payload = _Atk_details.Payload;
at._Url = _Atk_details.URL;
at.SetTargetHeader(_Atk_details.Target);
at.Attack_Current_Header();
at.owner = _Atk_details.Owner;
if (at.Succeeded)
{
if (at.IsCurrentHeaderVulnerable())
{
L_statue.Text = "Vulnerable " + Payloads.Percent(at.Payload);
}
else
{
L_statue.Text = "Not Vulnerable";
}
}
else
{
L_statue.Text = "Error ";
}
L_code.Text = at.statueCode;
AddAttackToList(at);
L_code.Visible = true;
switch (attacker.ToLower().Trim())
{
case "cus": __CustomAttack = __HTTTPAttack_.Copy(at); break;
case "xf":
case "x-forwarded-for": __XfrwrdAttack = __HTTTPAttack_.Copy(at); break;
case "c*k":
case "cookie": __CookieAttack = __HTTTPAttack_.Copy(at); break;
case "ua":
case "useragent":
case "user-agent": __UserAgentAttack = __HTTTPAttack_.Copy(at); break;
case "ref":
case "referer": __RefererAttack = __HTTTPAttack_.Copy(at); break;
case "mul":
case "multi": __MultidAttack = __HTTTPAttack_.Copy(at); break;
}
hint.Text = at.Message;
hint.Visible = true;
this.Notify(at.Summary(), 3000);
}
bool loadOriginalDocument()
{
__HTTTPAttack_ h = new __HTTTPAttack_(textBox1.Text);
h.LoadFromSettings(false);
h.SendRequest();
this.rtxbx_document.Text = this.Original_document.Document = h.DocumentText;
ScriptAnalysiz a = AnalyzlDocument(rtxbx_document.Text);
return(h.Succeeded);
}
private void dataGridView1_SelectionChanged(object sender, EventArgs e)
{
try
{
if (dataGridView1.CurrentCell.RowIndex < 0)
{
return;
}
__Selected_Attack = __HTTTPAttack_.Copy(__Attacks_List[dataGridView1.CurrentCell.RowIndex]);
LoadDetailsOfCurrentAttack();
}
catch { }
}
private void _____ATTACK___(AttackDetails _Atk_details, ref Label L_statue, ref Label L_code, ref LinkLabel L_source, ref Label hint, string attacker = "")
{
Notify(_Atk_details.Target + " Attacking ", Color.Yellow);
L_statue.Text = L_code.Text = "...";
__HTTTPAttack_ at = new __HTTTPAttack_();
at.Payload = _Atk_details.Payload;
at._Url = _Atk_details.URL;
at.SetTargetHeader(_Atk_details.Target);
at.Attack_Current_Header();
if (at.IsCurrentHeaderVulnerable())
{
L_statue.Text = "Vulnerable";
}
else
{
L_statue.Text = "Not Vulnerable";
}
L_code.Text = at.statueCode;
_AtacksList_.Add(L_source.Name + _AtacksList_.Count.ToString(), at);
switch (attacker.ToLower().Trim())
{
case "cus": __CustomAttack = __HTTTPAttack_.Copy(at); break;
case "xf":
case "x-forwarded-for": __XfrwrdAttack = __HTTTPAttack_.Copy(at); break;
case "c*k":
case "cookie": __CookieAttack = __HTTTPAttack_.Copy(at); break;
case "ua":
case "useragent":
case "user-agent": __UserAgentAttack = __HTTTPAttack_.Copy(at); break;
case "ref":
case "referer": __RefererAttack = __HTTTPAttack_.Copy(at); break;
case "mul":
case "multi": __MultidAttack = __HTTTPAttack_.Copy(at); break;
}
hint.Text = at.Message;
hint.Visible = true;
}
private void LoadRequest(__HTTTPAttack_ a)
{
this.atk = __HTTTPAttack_.Copy(a);
RtxbxRequest.Text = atk.GetMethod() + atk._Url.GetPage() + " /HTTP/1.1" + Environment.NewLine;
RtxbxRequest.Text += "User-Agent:" + atk._UserAgentString + Environment.NewLine;
if (a._Url.Trim() != "")
{
RtxbxRequest.Text += "Host:" + atk._Url.GetHost() + Environment.NewLine;
}
foreach (KeyValuePair <string, string> h in atk.Request_Headers)
{
if (h.Key.ToLower().Trim() != "user-agent")
{
RtxbxRequest.Text += (h.Key + ": " + h.Value + Environment.NewLine);
}
}
}
private void SendRequest()
{
__HTTTPAttack_ a = new __HTTTPAttack_();
a.SetFromHoleRequest(RtxbxRequest.Lines);
a._Url = this.HostAndPort.GetUrl();
a.TimeOut = HostAndPort.TimeOut;
a.SendRequest();
Thread.Sleep(100);
if (a.Succeeded)
{
rtxbx_response.Text = a.ReturnHoleResponse();
this.DocumentText = a.DocumentText;
a.owner = "Repeater";
((FormMain)this.Owner).AddNewAttack(a);
}
this.SetNotification(a.Message);
}
public void LoadRepeaterTab(__HTTTPAttack_ h, bool navigate = false)
{
if (IsOpenedBefore(TabPageType.repeater, h.Id))
{
flashTabpage(h.Id);
int broth = BrotherIndex(TabPageType.repeater);
return;
}
TabPage tp = new TabPage();
tp.Text = "Repeater";
tp.ToolTipText = TabPageType.repeater.ToString();
tp.Name = h.Id;
Panel cont = new Panel();
cont.Dock = DockStyle.Fill;
tabControl1.TabPages.Add(tp);
int selind = tabControl1.TabCount - 1;
//FrmRepeater_Object
FrmRepeater FrmRepeater_Object = new FrmRepeater(h); FrmRepeater_Object.Owner = this;
this.IsMdiContainer = true;
FrmRepeater_Object.TopLevel = false;
this.tabControl1.TabPages[selind].Controls.Clear();
this.tabControl1.TabPages[selind].Controls.Add(cont);
this.tabControl1.TabPages[selind].Controls[0].Controls.Add(FrmRepeater_Object);
FrmRepeater_Object.FormBorderStyle = System.Windows.Forms.FormBorderStyle.None;
FrmRepeater_Object.Dock = DockStyle.Fill;
FrmRepeater_Object.Show();
if (navigate)
{
tabControl1.SelectedIndex = selind;
}
}
internal void AddNewAttack(__HTTTPAttack_ at)
{
_Atacks_List_.Add(__HTTTPAttack_.Copy(at));
requestsToolStripMenuItem.Enabled = _Atacks_List_.Count > 0;
this.__Attacks_Frm_Obj.AddNewRecord(at);
}
void ProcessClient(object state)
{
client = (TcpClient)state;
var buffer = new byte[1024];
var clientData = new StringBuilder();
var isRequestCompleted = false;
using (var stream = client.GetStream())
{
// Loop to receive all the data sent by the client.
int bytesRead = 0;
do
{
// read the data
try
{
bytesRead = stream.Read(buffer, 0, buffer.Length);
if (bytesRead > 0)
{
// Translate data bytes to an ASCII string and append
clientData.Append(
Encoding.ASCII.GetString(buffer, 0, bytesRead));
}
}
catch (IOException ioe)
{
// read timed out, all data has been retrieved
Console.WriteLine("Read timed out: {0}", ioe.ToString());
bytesRead = 0;
}
isRequestCompleted = buffer.Contains((byte)10);
}while (bytesRead == buffer.Length || !isRequestCompleted);
frm_obj.Notify("Client says: " + clientData.ToString());
string st = /*"HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\n\r\n" +*/ clientData.ToString();
long id = Extender.CurrentStamp();
// Send back a response.
//var request = Encoding.ASCII.GetBytes(st);
//stream.Write(request, 0, request.Length);
frm_obj.AddRequest(st, id);
while (true)
{
if (frm_obj.IsBusyNow())
{
Thread.Sleep(1000);
}
RequestStatue r = frm_obj.GetStatue(id);
if (r == RequestStatue.Pass || r == RequestStatue.InterceptResponse)
{
st = frm_obj.GetRequest();
__HTTTPAttack_ h = new __HTTTPAttack_();
h.SetFromHoleRequest(st.Split(new char[] { '\n' }), true);
frm_obj.SaveAttack(h);
string resp = h.DocumentText;
if (r == RequestStatue.Pass)
{
frm_obj.setCurrentInterceptedResponse(resp);
while (true)
{
if (frm_obj.proceed_Response_Interception())
{
break;
}
resp = frm_obj.Return_Intercepted_response();
Thread.Sleep(2000);
}
}
var request = Encoding.ASCII.GetBytes(resp);
stream.Write(request, 0, request.Length);
frm_obj.Proceed();
return;
}
else if (r == RequestStatue.Wait)
{
Thread.Sleep(1000);
}
else
{
string resp = "<body><div id=\"container\"><div class=\"title\"><h2>Web_Gunners Professional</h2></div><h3>Error</h3><p>Request was dropped by user.</p><p> </p></div></body>";
var request = Encoding.ASCII.GetBytes(resp);
stream.Write(request, 0, request.Length);
frm_obj.Proceed();
// frm_obj.WriteLine("Rejected");
return;
}
}
// File.WriteAllText(Application.StartupPath + "\\prox", st);
}
}
internal void SaveAttack(__HTTTPAttack_ h)
{
}
public void CallRepeater(__HTTTPAttack_ atk)
{
Forms.Tools.FrmRepeater FormRepeater = new Forms.Tools.FrmRepeater(atk);
FormRepeater.Show();
}
private void AddAttackToList(__HTTTPAttack_ at)
{
((FormMain)this.Owner).AddNewAttack(at);
}
private void button1_Click(object sender, EventArgs e)
{
AttackDetails _Atk_details = new AttackDetails();
_Atk_details.LoadFromSettings();
_Atk_details.Owner = "Reflector";
_Atk_details.Payload = GetPayload();
Notify("");
Thread.Sleep(100);
// allow user to customize Attack
if (checkBox_Adv.Checked)
{
FrmAttackPrefix a = new FrmAttackPrefix(_Atk_details);
if (a.ShowDialog() == DialogResult.OK)
{
_Atk_details = a.Curent_atack_Dtals;
}
else
{
return;
}
}
_Atk_details.URL = TxbxUrl.Text;
if (Rb_Multi.Checked)
{
if (_Atk_details.UseAdvInjection == false || _Atk_details.Payload == "")
{
_Atk_details.Payload = Payloads.GetPayload(Payload_.string_);
}
__HTTTPAttack_ at = new __HTTTPAttack_();
at.Payload = _Atk_details.Payload;
at._Url = _Atk_details.URL;
at.SetTargetedHeaders(this.multi_headers);
at.owner = _Atk_details.Owner;
lbl_all_statue.Text = at.Attack_All_Headers()?("Vulnerable" + Payloads.Percent(at.Payload)):"Not vulnerable";
if (at.HasError)
{
lbl_all_statue.Text = "Error " + at.Message;
}
lbl_all_code.Text = at.statueCode;
lbl_hint_all.Text = at.Message;
lbl_hint_all.Visible = true;
AddAttackToList(at);
__MultidAttack = __HTTTPAttack_.Copy(at);
this.Notify(at.Summary(), 3000);
}
else if (RB_X_Forwarded_For.Checked)
{
if (_Atk_details.UseAdvInjection == false || _Atk_details.Payload == "")
{
_Atk_details.Payload = Payloads.GetPayload(Payload_.ip);
}
_Atk_details.Target = "X-Forwarded-For";
_____ATTACK___(_Atk_details, ref lbl_XforwardedFor_statue, ref lbl_Xforwarded_Code, ref _lnklbl_XForwardedFor_Details, ref lbl_hint_xf, "xf"); // //
}
else if (RB_Referer.Checked)
{
if (_Atk_details.UseAdvInjection == false || _Atk_details.Payload == "")
{
_Atk_details.Payload = Payloads.GetPayload(Payload_.url);
}
_Atk_details.Target = "Referer";
_____ATTACK___(_Atk_details, ref lbl_Referer_Statue, ref lbl_Referer_code, ref _lnklbl_Referer_Details, ref lbl_hint_referer, "ref"); // //
}
else if (RBCookie.Checked)
{
if (_Atk_details.UseAdvInjection == false || _Atk_details.Payload == "")
{
_Atk_details.Payload = Payloads.GetPayload(Payload_.cookie);
}
_Atk_details.Target = "cookie";
_____ATTACK___(_Atk_details, ref lbl_Cookie_statue, ref lbl_Cookie_code, ref _lnklbl_Cookie_Details, ref lbl_hint_cookie, "c*k"); // //
}
else if (rbUserAgent.Checked) // user agent
{
if (_Atk_details.UseAdvInjection == false || _Atk_details.Payload == "")
{
_Atk_details.Payload = Payloads.GetPayload(Payload_.string_);
}
_Atk_details.Target = "User-Agent";
_____ATTACK___(_Atk_details, ref lbl_useragent_statue, ref lbl_useragent_code, ref _lnklbl_useragent_Details, ref lbl_hint_agent, "ua"); // //
}
else if (rbCust.Checked) // cutome header
{
_Atk_details.Target = rbCust.Text;
if (_Atk_details.UseAdvInjection == false || _Atk_details.Payload == "")
{
_Atk_details.Payload = Payloads.GuessPayload(_Atk_details.Target);
}
_____ATTACK___(_Atk_details, ref lbl_cust_statue, ref lbl_cust_code, ref _lnklbl_custom_Details, ref lbl_hint_Cust, "cus"); // //
}
Thread.Sleep(1000);
CheckAttacksDetails();
}
private void addAttack(__HTTTPAttack_ a)
{
((FormMain)this.Owner).AddNewAttack(a);
}
public FrmRepeater(__HTTTPAttack_ atk)
{
InitializeComponent();
LoadRequest(atk);
lblHost.Text = atk.GetURI();
}
private void button1_Click(object sender, EventArgs e)
{
//MessageBox.Show("You havve downloaded the up to dated version :( it is under developing");
AttackDetails _Atk_details = new AttackDetails();
_Atk_details.LoadFromSettings(); // cookie ___user-agent ___auth
foreach (Control cint in GPXResult.Controls)
{
if (cint is RadioButton)
{
if ((cint as RadioButton).Checked && Rb_Multi.Checked == false)
{
_Atk_details.Payload = Payloads.GuessPayload((cint as RadioButton).Text);
}
}
}
// editing attack details before launching
if (checkBox_Adv.Checked)
{
FrmAttackPrefix a = new FrmAttackPrefix(_Atk_details);
if (a.ShowDialog() == DialogResult.OK)
{
_Atk_details = a.Curent_atack_Dtals;
}
}
_Atk_details.URL = TxbxUrl.Text;
Thread.Sleep(100);
if (Rb_Multi.Checked)
{
if (_Atk_details.UseAdvInjection == false || _Atk_details.Payload == "")
{
_Atk_details.Payload = Payloads.GetPayload(Payload_.string_);
}
__HTTTPAttack_ at = new __HTTTPAttack_();
at.Payload = _Atk_details.Payload;
at._Url = _Atk_details.URL;
at.SetTargetedHeaders(this.multi_headers);
lbl_all_statue.Text = at.Attack_All_Headers()?("Vulnerable="):"Not vulnerable";
lbl_all_code.Text = at.statueCode;
lbl_hint_all.Text = at.Message;
lbl_hint_all.Visible = true;
_AtacksList_.Add(lnklbl_all_Details.Name + this._AtacksList_.Count.ToString(), at);
__MultidAttack = __HTTTPAttack_.Copy(at);
}
else if (RB_X_Forwarded_For.Checked)
{
if (_Atk_details.UseAdvInjection == false || _Atk_details.Payload == "")
{
_Atk_details.Payload = Payloads.GetPayload(Payload_.ip);
}
_Atk_details.Target = "X-Forwarded-For";
_____ATTACK___(_Atk_details, ref lbl_XforwardedFor_statue, ref lbl_Xforwarded_Code, ref lnklbl_XForwardedFor_Details, ref lbl_hint_xf, "xf"); // //
}
else if (RB_Referer.Checked)
{
if (_Atk_details.UseAdvInjection == false || _Atk_details.Payload == "")
{
_Atk_details.Payload = Payloads.GetPayload(Payload_.url);
}
_Atk_details.Target = "Referer";
_____ATTACK___(_Atk_details, ref lbl_Referer_Statue, ref lbl_Referer_code, ref lnklblReferer_Details, ref lbl_hint_referer, "ref"); // //
}
else if (RBCookie.Checked)
{
if (_Atk_details.UseAdvInjection == false || _Atk_details.Payload == "")
{
_Atk_details.Payload = Payloads.GetPayload(Payload_.cookie);
}
_Atk_details.Target = "cookie";
_____ATTACK___(_Atk_details, ref lbl_Cookie_statue, ref lbl_Cookie_code, ref lnklblCookie_Details, ref lbl_hint_cookie, "c*k"); // //
}
else if (rbUserAgent.Checked) // user agent
{
if (_Atk_details.UseAdvInjection == false || _Atk_details.Payload == "")
{
_Atk_details.Payload = Payloads.GetPayload(Payload_.string_);
}
_Atk_details.Target = "User-Agent";
_____ATTACK___(_Atk_details, ref lbl_useragent_statue, ref lbl_useragent_code, ref lnklbluseragent_Details, ref lbl_hint_agent, "ua"); // //
}
else if (rbCust.Checked) // cutome header
{
_Atk_details.Target = rbCust.Text;
if (_Atk_details.UseAdvInjection == false || _Atk_details.Payload == "")
{
_Atk_details.Payload = Payloads.GuessPayload(_Atk_details.Target);
}
_____ATTACK___(_Atk_details, ref lbl_cust_statue, ref lbl_cust_code, ref lnklbl_custom_Details, ref lbl_hint_Ref, "cus"); // //
}
Thread.Sleep(1000);
Notify("Ready", notflbl.ForeColor);
}
