static void DownloadIronWASPFile(string FileName, string PseudoName)
{
Request IronWASPFileFetchReq = new Request(IronWASPDownloadBaseUrl + PseudoName);
IronWASPFileFetchReq.Source = RequestSource.Stealth;
Response IronWASPFileFetchRes = IronWASPFileFetchReq.Send();
if (!IronWASPFileFetchRes.IsSslValid)
{
throw new Exception("Invalid SSL Certificate provided by the server");
}
if (IronWASPFileFetchRes.Code != 200)
{
throw new Exception("Downloading updated IronWASP version failed");
}
if (FileName.Equals("Updater.exe"))
{
try
{
File.Delete(Config.Path + "\\Updater.exe");
}
catch { }
IronWASPFileFetchRes.SaveBody(Config.Path + "\\Updater.exe");
}
else
{
IronWASPFileFetchRes.SaveBody(Config.Path + "\\updates\\ironwasp\\" + FileName);
}
NewUpdateAvailable = true;
}
public Response Follow(Response Res)
{
Request RedirectReq = GetRedirect(Res);
if (RedirectReq == null)
{
return(Res);
}
else
{
return(RedirectReq.Send());
}
}
void CheckTargetConnectivity()
{
try
{
BaseRequest.Source = RequestSource.Probe;
Response Res = BaseRequest.Send();
this.ConnectivityCheckEnd(true);
}
catch (Exception Exp)
{
IronUI.ShowConsoleStatus(string.Format("Url is not reachable. Error: {0}", Exp.Message), true);
this.ConnectivityCheckEnd(false);
}
}
static void StartCheck()
{
try
{
Request PluginManifestReq = new Request(PluginManifestUrl);
PluginManifestReq.Source = RequestSource.Stealth;
PluginManifestReq.Headers.Set("User-Agent", "IronWASP v" + CurrentVersion);
Response PluginManifestRes = PluginManifestReq.Send();
if (!PluginManifestRes.IsSslValid)
{
throw new Exception("Invalid SSL Certificate provided by the server");
}
PluginManifestFile = PluginManifestRes.BodyString;
Request IronWASPManifestReq = new Request(IronWASPManifestUrl);
IronWASPManifestReq.Source = RequestSource.Stealth;
IronWASPManifestReq.Headers.Set("User-Agent", "IronWASP v" + CurrentVersion);
Response IronWASPManifestRes = IronWASPManifestReq.Send();
if (!IronWASPManifestRes.IsSslValid)
{
throw new Exception("Invalid SSL Certificate provided by the server");
}
IronWASPManifestFile = IronWASPManifestRes.BodyString;
SetUpUpdateDirs();
GetNewPlugins();
GetNewIronWASP();
if (NewUpdateAvailable)
{
try
{
Tools.Run(Config.RootDir + "/" + "Updater.exe");
}
catch (Exception Exp) { IronException.Report("Unable to Open IronWASP Updater", Exp); }
}
}
catch (ThreadAbortException) { }
catch (Exception Exp)
{
IronException.Report("Software Update Failed", Exp);
}
}
static void DownloadPlugin(string PluginType, string FileName, string PseudoName)
{
Request PluginFetchReq = new Request(PluginDownloadBaseUrl + PluginType + "/" + PseudoName);
PluginFetchReq.Source = RequestSource.Stealth;
Response PluginFetchRes = PluginFetchReq.Send();
if (!PluginFetchRes.IsSslValid)
{
throw new Exception("Invalid SSL Certificate provided by the server");
}
if (PluginFetchRes.Code != 200)
{
throw new Exception("Downloading updated plugins failed");
}
try
{
PluginFetchRes.SaveBody(Config.Path + "\\updates\\plugins\\" + PluginType + "\\" + FileName);
NewUpdateAvailable = true;
}
catch (Exception Exp) { IronException.Report(string.Format("Error Downloading Plugin: {0} - {1} - {2}", PluginType, FileName, PseudoName), Exp); }
}
public Response Inject(Request RequestToInject)
{
RequestToInject.Source = RequestSource.Scan;
RequestToInject.ScanID = this.ScanID;
Response ResponseFromInjection = RequestToInject.Send();
return SessionHandler.GetInterestingResponse(RequestToInject, ResponseFromInjection);
}
static void StartCheck()
{
try
{
Request IronWASPManifestReq = new Request(IronWASPManifestUrl);
IronWASPManifestReq.Source = RequestSource.Stealth;
IronWASPManifestReq.Headers.Set("User-Agent", "IronWASP v" + CurrentVersion);
Response IronWASPManifestRes = IronWASPManifestReq.Send();
if (!IronWASPManifestRes.IsSslValid)
{
throw new Exception("Invalid SSL Certificate provided by the server");
}
IronWASPManifestFile = IronWASPManifestRes.BodyString;
Request ModulesDbReq = new Request(ModulesDbUrl);
ModulesDbReq.Source = RequestSource.Stealth;
ModulesDbReq.Headers.Set("User-Agent", "IronWASP v" + CurrentVersion);
Response ModulesDbRes = ModulesDbReq.Send();
if (!ModulesDbRes.IsSslValid)
{
throw new Exception("Invalid SSL Certificate provided by the server");
}
//The ASCII conversion and substring is done to remove the unicode characters introduced at the beginning of the xml. Must find out why this happens.
ModulesDbFile = Encoding.ASCII.GetString(ModulesDbRes.BodyArray);
ModulesDbFile = ModulesDbFile.Substring(ModulesDbFile.IndexOf('<'));
Request PluginManifestReq = new Request(PluginManifestUrl);
PluginManifestReq.Source = RequestSource.Stealth;
PluginManifestReq.Headers.Set("User-Agent", "IronWASP v" + CurrentVersion);
Response PluginManifestRes = PluginManifestReq.Send();
if (!PluginManifestRes.IsSslValid)
{
throw new Exception("Invalid SSL Certificate provided by the server");
}
PluginManifestFile = PluginManifestRes.BodyString;
Request ModuleManifestReq = new Request(ModuleManifestUrl);
ModuleManifestReq.Source = RequestSource.Stealth;
ModuleManifestReq.Headers.Set("User-Agent", "IronWASP v" + CurrentVersion);
Response ModuleManifestRes = ModuleManifestReq.Send();
if (!ModuleManifestRes.IsSslValid)
{
throw new Exception("Invalid SSL Certificate provided by the server");
}
ModuleManifestFile = ModuleManifestRes.BodyString;
SetUpUpdateDirs();
GetNewIronWASP();
GetNewModulesDb();
GetNewPlugins();
GetNewModules();
if (NewUpdateAvailable)
{
try
{
Tools.Run(string.Format("{0}\\Updater.exe", Config.RootDir));
}
catch (Exception Exp) { IronException.Report("Unable to Open IronWASP Updater", Exp); }
}
}
catch (ThreadAbortException) { }
catch (Exception Exp)
{
IronException.Report("Software Update Failed", Exp);
}
}
bool IsA404(Request Req, Response Res)
{
Response NotFoundResponse = null;
lock (NotFoundSignatures)
{
if (NotFoundSignatures.ContainsKey(Req.SSL.ToString() + Req.Host + Req.UrlDir + Req.File))
{
NotFoundResponse = NotFoundSignatures[Req.SSL.ToString() + Req.Host + Req.UrlDir + Req.File];
}
}
if (NotFoundResponse == null)
{
Request NotFoundGetter = Req.GetClone();
NotFoundGetter.Method = "GET";
NotFoundGetter.Body.RemoveAll();
if (Req.File.Length > 0)
{
NotFoundGetter.Url = NotFoundGetter.UrlDir + "should_not_xist_" + Tools.GetRandomString(10, 15) + "." + Req.File;
}
else
{
NotFoundGetter.Url = NotFoundGetter.UrlDir + "should_not_xist_" + Tools.GetRandomString(10, 15);
}
NotFoundResponse = NotFoundGetter.Send();
if (Stopped)
{
return(true);
}
NotFoundResponse.BodyString = "";
List <string> HeaderNames = NotFoundResponse.Headers.GetNames();
foreach (string HeaderName in HeaderNames)
{
if (!HeaderName.Equals("Location"))
{
NotFoundResponse.Headers.Remove(HeaderName);
}
}
NotFoundResponse.Flags.Add("Url", NotFoundGetter.Url);
lock (NotFoundSignatures)
{
if (!NotFoundSignatures.ContainsKey(Req.SSL.ToString() + Req.Host + Req.UrlDir + Req.File))
{
NotFoundSignatures.Add(Req.SSL.ToString() + Req.Host + Req.UrlDir + Req.File, NotFoundResponse);
}
}
}
if (Res.Code == 200 && NotFoundResponse.Code != 200)
{
return(false);
}
if (Res.Code == 404)
{
return(true);
}
if (Res.Code > 400)
{
if (NotFoundResponse.Code == Res.Code)
{
return(true);
}
else
{
return(false);
}
}
string NotFoundGetterUrl = NotFoundResponse.Flags["Url"].ToString();
if (Res.Code == 301 || Res.Code == 302 || Res.Code == 303 || Res.Code == 307)
{
string RedirectedUrl = Res.Headers.Get("Location");
if (NotFoundResponse.Code == 301 || NotFoundResponse.Code == 302 || NotFoundResponse.Code == 303 || NotFoundResponse.Code == 307)
{
string NotFoundRedirectedUrl = NotFoundResponse.Headers.Get("Location");
if (RedirectedUrl.ToLower().Equals(NotFoundRedirectedUrl.ToLower()))
{
return(true);
}
else if (Regex.IsMatch(RedirectedUrl, @".*not\Wfound.*", RegexOptions.IgnoreCase))
{
return(true);
}
else if (NotFoundRedirectedUrl.Replace(NotFoundGetterUrl, "").Equals(RedirectedUrl.Replace(Req.Url, "")))
{
return(true);
}
else
{
Request RedirectedLocationReq;
if (RedirectedUrl.StartsWith("http://") || RedirectedUrl.StartsWith("https://"))
{
RedirectedLocationReq = new Request(RedirectedUrl);
}
else if (RedirectedUrl.StartsWith("/"))
{
RedirectedLocationReq = Req.GetClone();
RedirectedLocationReq.Url = RedirectedUrl;
}
else
{
return(true);
}
Request NotFoundRedirectedLocationReq;
if (NotFoundRedirectedUrl.StartsWith("http://") || NotFoundRedirectedUrl.StartsWith("https://"))
{
NotFoundRedirectedLocationReq = new Request(NotFoundRedirectedUrl);
}
else if (NotFoundRedirectedUrl.StartsWith("/"))
{
NotFoundRedirectedLocationReq = Req.GetClone();
NotFoundRedirectedLocationReq.Url = NotFoundRedirectedUrl;
}
else
{
return(false);
}
if (RedirectedLocationReq.Url.Equals(NotFoundRedirectedLocationReq.Url))
{
return(true);
}
}
}
else
{
return(false);
}
}
return(false);
}
void Crawl(Request Req, int Depth, bool Scraped)
{
if (Stopped)
{
return;
}
if (Depth > MaxDepth)
{
return;
}
if (WasCrawled(Req))
{
return;
}
if (!CanCrawl(Req))
{
return;
}
lock (PageSignatures)
{
PageSignatures.Add(GetPageSignature(Req));
}
Req.Source = RequestSource.Probe;
Req.SetCookie(Cookies);
if (UserAgent.Length > 0)
{
Req.Headers.Set("User-Agent", UserAgent);
}
if (SpecialHeader[0] != null)
{
Req.Headers.Set(SpecialHeader[0], SpecialHeader[1]);
}
if (Stopped)
{
return;
}
Response Res = Req.Send();
if (Stopped)
{
return;
}
Cookies.Add(Req, Res);
bool Is404File = IsA404(Req, Res);
if (!Res.IsHtml)
{
return;
}
if (Depth + 1 > MaxDepth)
{
return;
}
List <Request> Redirects = GetRedirects(Req, Res);
foreach (Request Redirect in Redirects)
{
AddToCrawlQueue(Redirect, Depth + 1, true);
}
List <Request> LinkClicks = GetLinkClicks(Req, Res);
foreach (Request LinkClick in LinkClicks)
{
AddToCrawlQueue(LinkClick, Depth + 1, true);
}
List <Request> FormSubmissions = GetFormSubmissions(Req, Res);
foreach (Request FormSubmission in FormSubmissions)
{
AddToCrawlQueue(FormSubmission, Depth + 1, true);
}
Request DirCheck = Req.GetClone();
DirCheck.Method = "GET";
DirCheck.Body.RemoveAll();
DirCheck.Url = DirCheck.UrlDir;
if (!Req.Url.EndsWith("/"))
{
AddToCrawlQueue(DirCheck, Depth + 1, false);
}
if (PerformDirAndFileGuessing && !Is404File)
{
foreach (string File in FileNamesToCheck)
{
Request FileCheck = DirCheck.GetClone();
FileCheck.Url = FileCheck.Url + File;
AddToCrawlQueue(FileCheck, Depth + 1, false);
}
foreach (string Dir in DirNamesToCheck)
{
Request DirectoryCheck = DirCheck.GetClone();
DirectoryCheck.Url = DirectoryCheck.Url + Dir + "/";
AddToCrawlQueue(DirectoryCheck, Depth + 1, false);
}
}
if (Stopped)
{
return;
}
if (Scraped || !Is404File)
{
lock (CrawledRequests)
{
CrawledRequests.Enqueue(Req);
}
IronUpdater.AddToSiteMap(Req);
}
}
Response SendRequest(Request Req)
{
if(SessionHandler != null && SessionHandler.Name.Length > 0)
Req = SessionHandler.DoBeforeSending(Req, null);
Req.SetSource(TesterLogSourceAttributeValue);
return Req.Send();
}
void Crawl(Request Req, int Depth, bool Scraped)
{
if (Stopped) return;
if (Depth > MaxDepth) return;
if (WasCrawled(Req)) return;
if (!CanCrawl(Req)) return;
lock (PageSignatures)
{
PageSignatures.Add(GetPageSignature(Req));
}
Req.Source = RequestSource.Probe;
Req.SetCookie(Cookies);
if (UserAgent.Length > 0) Req.Headers.Set("User-Agent", UserAgent);
Response Res = Req.Send();
Cookies.Add(Req, Res);
bool Is404File = IsA404(Req, Res);
if (!Res.IsHtml)
{
try
{
Res.ProcessHtml();
}
catch
{
return;
}
}
if (Depth + 1 > MaxDepth) return;
List<Request> LinkClicks = GetLinkClicks(Req, Res);
foreach (Request LinkClick in LinkClicks)
{
AddToCrawlQueue(LinkClick, Depth + 1, true);
}
List<Request> FormSubmissions = GetFormSubmissionRequests(Req, Res);
foreach (Request FormSubmission in FormSubmissions)
{
AddToCrawlQueue(FormSubmission, Depth + 1, true);
}
Request DirCheck = Req.GetClone();
DirCheck.Method = "GET";
DirCheck.Body.RemoveAll();
DirCheck.Url = DirCheck.UrlDir;
if (!Req.Url.EndsWith("/"))
{
AddToCrawlQueue(DirCheck, Depth + 1, false);
}
if (PerformDirAndFileGuessing && !Is404File)
{
foreach (string File in FileNamesToCheck)
{
Request FileCheck = DirCheck.GetClone();
FileCheck.Url = FileCheck.Url + File;
AddToCrawlQueue(FileCheck, Depth + 1, false);
}
foreach (string Dir in DirNamesToCheck)
{
Request DirectoryCheck = DirCheck.GetClone();
DirectoryCheck.Url = DirectoryCheck.Url + Dir + "/";
AddToCrawlQueue(DirectoryCheck, Depth + 1, false);
}
}
if (Scraped || !Is404File)
{
lock (CrawledRequests)
{
CrawledRequests.Enqueue(Req);
}
IronUpdater.AddToSiteMap(Req);
}
}
static void StartCheck()
{
try
{
Request IronWASPManifestReq = new Request(IronWASPManifestUrl);
IronWASPManifestReq.Source = RequestSource.Stealth;
IronWASPManifestReq.Headers.Set("User-Agent", "IronWASP v" + CurrentVersion);
Response IronWASPManifestRes = IronWASPManifestReq.Send();
if (!IronWASPManifestRes.IsSslValid)
{
throw new Exception("Invalid SSL Certificate provided by the server");
}
IronWASPManifestFile = IronWASPManifestRes.BodyString;
Request ModulesDbReq = new Request(ModulesDbUrl);
ModulesDbReq.Source = RequestSource.Stealth;
ModulesDbReq.Headers.Set("User-Agent", "IronWASP v" + CurrentVersion);
Response ModulesDbRes = ModulesDbReq.Send();
if (!ModulesDbRes.IsSslValid)
{
throw new Exception("Invalid SSL Certificate provided by the server");
}
//The ASCII conversion and substring is done to remove the unicode characters introduced at the beginning of the xml. Must find out why this happens.
ModulesDbFile = Encoding.ASCII.GetString(ModulesDbRes.BodyArray);
ModulesDbFile = ModulesDbFile.Substring(ModulesDbFile.IndexOf('<'));
Request PluginManifestReq = new Request(PluginManifestUrl);
PluginManifestReq.Source = RequestSource.Stealth;
PluginManifestReq.Headers.Set("User-Agent","IronWASP v" + CurrentVersion);
Response PluginManifestRes = PluginManifestReq.Send();
if (!PluginManifestRes.IsSslValid)
{
throw new Exception("Invalid SSL Certificate provided by the server");
}
PluginManifestFile = PluginManifestRes.BodyString;
Request ModuleManifestReq = new Request(ModuleManifestUrl);
ModuleManifestReq.Source = RequestSource.Stealth;
ModuleManifestReq.Headers.Set("User-Agent", "IronWASP v" + CurrentVersion);
Response ModuleManifestRes = ModuleManifestReq.Send();
if (!ModuleManifestRes.IsSslValid)
{
throw new Exception("Invalid SSL Certificate provided by the server");
}
ModuleManifestFile = ModuleManifestRes.BodyString;
SetUpUpdateDirs();
GetNewIronWASP();
GetNewModulesDb();
GetNewPlugins();
GetNewModules();
if (NewUpdateAvailable)
{
try
{
Tools.Run(string.Format("{0}\\Updater.exe", Config.RootDir));
}
catch (Exception Exp) { IronException.Report("Unable to Open IronWASP Updater", Exp); }
}
}
catch(ThreadAbortException) { }
catch(Exception Exp)
{
IronException.Report("Software Update Failed", Exp);
}
}
static void DownloadPlugin(string PluginType, string FileName, string PseudoName)
{
Request PluginFetchReq = new Request(PluginDownloadBaseUrl + PluginType + "/" + PseudoName);
PluginFetchReq.Source = RequestSource.Stealth;
Response PluginFetchRes = PluginFetchReq.Send();
if (!PluginFetchRes.IsSslValid)
{
throw new Exception("Invalid SSL Certificate provided by the server");
}
if (PluginFetchRes.Code != 200)
{
throw new Exception("Downloading updated plugins failed");
}
try
{
PluginFetchRes.SaveBody(Config.Path + "\\updates\\plugins\\" + PluginType + "\\" + FileName);
NewUpdateAvailable = true;
}
catch (Exception Exp) { IronException.Report(string.Format("Error Downloading Plugin: {0} - {1} - {2}", PluginType, FileName, PseudoName), Exp); }
}
static void DownloadModule(string ModuleName, string PseudoName)
{
Request ModuleFetchReq = new Request(ModuleDownloadBaseUrl + "/" + PseudoName);
ModuleFetchReq.Source = RequestSource.Stealth;
Response ModuleFetchRes = ModuleFetchReq.Send();
if (!ModuleFetchRes.IsSslValid)
{
throw new Exception("Invalid SSL Certificate provided by the server");
}
if (ModuleFetchRes.Code != 200)
{
throw new Exception("Downloading updated modules failed");
}
try
{
ModuleFetchRes.SaveBody(Config.Path + "\\updates\\modules\\" + ModuleName + ".zip");
using (ZipFile ZF = ZipFile.Read(Config.Path + "\\updates\\modules\\" + ModuleName + ".zip"))
{
ZF.ExtractAll(Config.Path + "\\updates\\modules\\");
}
NewUpdateAvailable = true;
}
catch (Exception Exp) { IronException.Report(string.Format("Error Downloading Module: {0} - {1} ", ModuleName, PseudoName), Exp); }
}
static void StartCheck()
{
try
{
Request PluginManifestReq = new Request(PluginManifestUrl);
PluginManifestReq.Source = RequestSource.Stealth;
PluginManifestReq.Headers.Set("User-Agent","IronWASP v" + CurrentVersion);
Response PluginManifestRes = PluginManifestReq.Send();
if (!PluginManifestRes.IsSslValid)
{
throw new Exception("Invalid SSL Certificate provided by the server");
}
PluginManifestFile = PluginManifestRes.BodyString;
Request IronWASPManifestReq = new Request(IronWASPManifestUrl);
IronWASPManifestReq.Source = RequestSource.Stealth;
IronWASPManifestReq.Headers.Set("User-Agent", "IronWASP v" + CurrentVersion);
Response IronWASPManifestRes = IronWASPManifestReq.Send();
if (!IronWASPManifestRes.IsSslValid)
{
throw new Exception("Invalid SSL Certificate provided by the server");
}
IronWASPManifestFile = IronWASPManifestRes.BodyString;
SetUpUpdateDirs();
GetNewPlugins();
GetNewIronWASP();
if (NewUpdateAvailable)
{
try
{
Tools.Run(Config.RootDir + "/" + "Updater.exe");
}
catch (Exception Exp) { IronException.Report("Unable to Open IronWASP Updater", Exp); }
}
}
catch(ThreadAbortException) { }
catch(Exception Exp)
{
IronException.Report("Software Update Failed", Exp);
}
}
