A report of the IDS' findings
Exemplo n.º 1
0
        private bool ShowReport(Report report)
        {
            if (report == null) return false;

            if (report.Events.Count > 0)
            {
                string output = "";

                //Found a malicious string
                foreach (Event ev in report.Events)
                {
                    
                    output += "<div class=\"result\"><h3>found injection: <br/>";

                    if (ev.Name.Length >= 60)
                    {
                        output += "param: " + Server.HtmlEncode(ev.Name.Substring(0, 60)) + "...<br/>";
                    }
                    else
                    {
                        output += "param: " + Server.HtmlEncode(ev.Name) + "<br/>";
                    }

                    if (ev.Value.Length >= 60)
                    {
                        output += "value: " + Server.HtmlEncode(ev.Value.Substring(0, 60)) + "...</h3></div>";
                    }
                    else
                    {
                        output += "value: " + Server.HtmlEncode(ev.Value) + "</h3></div>";
                    }

                    int impact = 0;

                    foreach (Filter f in ev.Filters)
                    {
                        impact += f.Impact;

                        if (f.Rule.Length > 60)
                        {
                            output += "<div class=\"result\">rule: " + Server.HtmlEncode(f.Rule.Substring(0, 60)) + "...<br />rule-description: <i>" + Server.HtmlEncode(f.Description) + "</i><br />impact: " + f.Impact + "</div>";
                        }
                        else
                        {
                            output += "<div class=\"result\">rule: " + Server.HtmlEncode(f.Rule) + "<br />rule-description: <i>" + Server.HtmlEncode(f.Description) + "</i><br />impact: " + f.Impact + "</div>";
                        }


                    }

                    output += "<div class=\"result\"><h3>Overall impact: <strong style=\"color:red;\">" + ev.Impact + "</strong></h3></div>";
                }

                Literal foundblock = new Literal();
                foundblock.Text = output;

                idsoutput.Controls.Add(foundblock);

                return true;
            }

            return false;

        }
Exemplo n.º 2
0
        public void IDSEventHandler(Report report, IScanRunner Sender)
        {
            switch (report.RequestType)
            {
                case RequestType.Get:
                    if (!ShowReport(report))
                    {
                        WriteAllClearGet(report);
                    }
                    else
                    {
                        _found = true;
                    }
                   
                    break;
                case RequestType.Post:
                    if (!ShowReport(report))
                    {
                        WriteAllClearPost(report);
                    }
                    else
                    {
                        _found = true;
                    }
                    
                    break;
                case RequestType.Cookie:
                    if (!ShowReport(report))
                    {
                        WriteAllClearCookie(report);
                    }
                    else
                    {
                        _found = true;
                    }
                    break;
                case RequestType.Header:
                    if (!ShowReport(report))
                    {
                        WriteAllClearHeader(report);
                    }
                    else
                    {
                        _found = true;
                    }

                    if (!_found)
                    {
                        //NOW WRITE THE SPACE FOR THE OUTPUT PARAMETER
                        Literal outputspace = new Literal();
                        outputspace.Text = WriteAllClearFragmented();
                        _replace = outputspace.Text;
                        idsoutput.Controls.Add(outputspace);
                    }
                    else
                    {
                        //NOW WRITE THE SPACE FOR THE OUTPUT PARAMETER
                        Literal outputspace = new Literal();
                        outputspace.Text = "<h3 class=\"clean\">Fragmented input not written because non-fragmented events were detected.</h3><br/>";
                        _replace = outputspace.Text;
                        idsoutput.Controls.Add(outputspace);
                    }
                    break;
                case RequestType.Output:
                    if (report.Events.Count == 0)
                    {
                        //Write new output with concaternated strings
                        Sender.WriteResponse();
                    }
                    else
                    {
                        if (!_found)
                        {
                            WriteFragmented(report, Sender);
                        }
                        else
                        {
                            Sender.WriteResponse();
                        }
                    }
                    break;
            }
        }
Exemplo n.º 3
0
        private void WriteFragmented(Report report, IScanRunner Sender)
        {
            if (report.Events.Count > 0)
            {
                string output = "";

                //Found a malicious string
                foreach (Event ev in report.Events)
                {
                    output += "<div class=\"result\"><h3>found fragmented injection: </h3></div>";
                    //output += "<div class=\"value\">value: " + Server.HtmlEncode(ev.Value) + "</div>";
                    int impact = 0;

                    foreach (Filter f in ev.Filters)
                    {
                        impact += f.Impact;

                        if (f.Rule.Length > 60)
                        {
                            output += "<div class=\"result\">rule: " + Server.HtmlEncode(f.Rule.Substring(0, 60)) + "...<br />rule-description: <i>" + Server.HtmlEncode(f.Description) + "</i><br />impact: " + f.Impact + "</div>";
                        }
                        else
                        {
                            output += "<div class=\"result\">rule: " + Server.HtmlEncode(f.Rule) + "<br />rule-description: <i>" + Server.HtmlEncode(f.Description) + "</i><br />impact: " + f.Impact + "</div>";
                        }

                    }

                    output += "<div class=\"result\"><h3>Overall impact: <strong style=\"color:red;\">" + ev.Impact + "</strong></h3></div>";
                }

                if (_replace != string.Empty)
                {
                    string newoutput = PageHTML.Replace(_replace, output);
                    Sender.WriteResponse(newoutput);
                }
                else
                {
                    Sender.WriteResponse();
                }

            }
        }
Exemplo n.º 4
0
 private void WriteAllClearPost(Report report)
 {
     foreach (string s in Request.Form.AllKeys)
     {
         if (!report.Exclusions.Contains(s))
         {
             values.Add(Request.Form[s]);
             Literal clean = new Literal();
             clean.Text = "<h3 class=\"clean\">Clean POST parameter: " + s + "</h3><table class=\"clean\"><tr><td><strong>HTML injection</strong></td><td>" + Request.Form[s] + "</td></tr><tr><td><strong>a href doublequoted</strong></td><td><a href=\"SmokeTest.aspx?test=" + Request.Form[s] + "\">click</a></td></tr><tr><td><strong>a href singlequoted</strong></td><td><a href='SmokeTest.aspx?test=" + Request.Form[s] + "'>click</a></td></tr><tr><td><strong>a href no quotes</strong></td><td><a href=SmokeTest.aspx?test=" + Request.Form[s] + ">click</a></td></tr></table>";
             idsoutput.Controls.Add(clean);
         }
     }
 }
Exemplo n.º 5
0
 /// <summary>
 /// Initialise the IDS to scan cookies using the same filters as an already existing IDS object
 /// </summary>
 /// <param name="cookies">The cookie collection to detect intrusions within</param>
 /// <param name="ids">The IDS containing the preloaded filters</param>
 public IDS(System.Web.HttpCookieCollection cookies, IDS ids)
 {
     _store = ids._store;
     _cookies = cookies;
     _report = new Report(RequestType.Cookie);
     
     IsCookie = true;
 }
Exemplo n.º 6
0
        /// <summary>
        /// Initialise the IDS to scan cookies
        /// </summary>
        /// <param name="cookies">The cookie collection to detect intrusions within</param>
        /// <param name="xmlPath">The path to the filters file</param>
        public IDS(System.Web.HttpCookieCollection cookies, string xmlPath)
        {
            XmlDocument xd = new XmlDocument();
            xd.Load(xmlPath);
            _store = new Storage(xd, typeof(RegexFilter));
            _cookies = cookies;
            _report = new Report(RequestType.Cookie);

            IsCookie = true;
        }
Exemplo n.º 7
0
        /// <summary>
        /// Initialise the IDS to scan a GET, POST or other request
        /// </summary>
        /// <param name="request">The Name-Value collection to detect intrusions within</param>
        /// <param name="xmlPath">The path to the filters file</param>
        /// <param name="requestType">Indicates What type of request this is and therefore whether to exclude certain parameters.</param>
        public IDS(NameValueCollection request, string xmlPath, RequestType requestType)
        {
            XmlDocument xd = new XmlDocument();
            xd.Load(xmlPath);
            _store = new Storage(xd, typeof(RegexFilter));
            _request = request;
            _report = new Report(requestType);

            switch (requestType)
            {
                case RequestType.Cookie:
                    IsCookie = true;
                    break;
                case RequestType.Post:
                    IsForm = true;
                    break;
                case RequestType.Header:
                    IsHeader = true;
                    break;
            }
            
        }
Exemplo n.º 8
0
        /// <summary>
        /// Initialise the IDS to scan a GET, POST or other request using the same filters as an already existing IDS object
        /// </summary>
        /// <param name="request">The Name-Value collection to detect intrusions within</param>
        /// <param name="ids">The IDS containing the preloaded filters</param>
        /// <param name="requestType">Indicates What type of request this is and therefore whether to exclude certain parameters.</param>
        public IDS(NameValueCollection request, IDS ids, RequestType requestType)
        {
            _store = ids._store;
            _request = request;
            _report = new Report(requestType);

            switch (requestType)
            {
                case RequestType.Cookie:
                    IsCookie = true;
                    break;
                case RequestType.Post:
                    IsForm = true;
                    break;
                case RequestType.Header:
                    IsHeader = true;
                    break;
            }

        }
Exemplo n.º 9
0
        /// <summary>
        /// Initialise the IDS to scan a GET, POST or other request
        /// </summary>
        /// <param name="request">The Name-Value collection to detect intrusions within</param>
        /// <param name="requestType">Indicates What type of request this is and therefore whether to exclude certain parameters.</param>
        public IDS(NameValueCollection request, RequestType requestType)
        {
            XmlDocument xd = new XmlDocument();
            xd.Load(this.GetType().Assembly.GetManifestResourceStream("IDS.default_filter.xml"));
            _store = new Storage(xd, typeof(RegexFilter));
            _request = request;
            _report = new Report(requestType);

            switch (requestType)
            {
                case RequestType.Cookie:
                    IsCookie = true;
                    break;
                case RequestType.Post:
                    IsForm = true;
                    break;
                case RequestType.Header:
                    IsHeader = true;
                    break;
            }

        }
Exemplo n.º 10
0
 /// <summary>
 /// Initialise the IDS to scan a GET request using the same filters as an already existing IDS object
 /// </summary>
 /// <param name="request">The Name-Value collection to detect intrusions within</param>
 /// <param name="ids">The IDS containing the preloaded filters</param>
 public IDS(NameValueCollection request, IDS ids)
 {
     _store = ids._store;
     _request = request;
     _report = new Report(RequestType.Get);
 }
Exemplo n.º 11
0
 /// <summary>
 /// Initialise the IDS to scan a GET request
 /// </summary>
 /// <param name="request">The Name-Value collection to detect intrusions within</param>
 /// <param name="xmlPath">The path to the filters file</param>
 public IDS(NameValueCollection request, string xmlPath)
 {
     XmlDocument xd = new XmlDocument();
     xd.Load(xmlPath);
     _store = new Storage(xd, typeof(RegexFilter));
     _request = request;
     _report = new Report(RequestType.Get);
 }
Exemplo n.º 12
0
 /// <summary>
 /// Initialise the IDS to scan a GET request
 /// </summary>
 /// <param name="request">The Name-Value collection to detect intrusions within</param>
 public IDS(NameValueCollection request)
 {
     XmlDocument xd = new XmlDocument();
     xd.Load(this.GetType().Assembly.GetManifestResourceStream("IDS.default_filter.xml"));
     _store = new Storage(xd, typeof(RegexFilter));
     _request = request;
     _report = new Report(RequestType.Get);
 }
Exemplo n.º 13
0
 /// <summary>
 /// Initialise the IDS to scan output
 /// </summary>
 /// <param name="oF">An OutputFilter</param>
 internal IDS(OutputFilter oF)
 {
     _store = oF._store;
     _pageOutput = oF.Output;
     _page = oF.Page;
     _report = new Report(RequestType.Output);
     _isRaw = true;
     _oF = oF;
 }