public void Run(IScriptableComponent component)
{
int i = 0, j = 0, hits = 0;
//int Red = -65536; //fu system.drawing cant be found...
Form1 f = component.Parent;
string pDir = Path.GetDirectoryName(f.txtPcap.Text);
string rep = pDir + "\\sqli.txt";
if (File.Exists(rep))
{
File.Delete(rep);
}
StreamWriter w = File.AppendText(rep);
foreach (TreeNode n in f.tv.Nodes)
{
i++;
f.setpb(i, f.tv.Nodes.Count, 1);
n.Checked = false;
foreach (TreeNode nn in n.Nodes)
{
j++;
f.setpb(j, n.Nodes.Count, 2);
nn.Checked = false;
DataBlock db = (DataBlock)nn.Tag;
if (db.LoadData())
{
string body = db.GetBody();
string fl = db.HttpFirstLine;
if (body.IndexOf("SqlException", StringComparison.CurrentCultureIgnoreCase) > 0)
{
//mssql and oracle
f.setNodeColor(nn, 1);
f.setNodeColor(n, 2);
w.Write("SQLException Found in: " + n.Text + "\r\n" + nn.Text + "\r\n\r\n");
hits++;
nn.Checked = true;
}
else if (body.IndexOf("SQL syntax", StringComparison.CurrentCultureIgnoreCase) > 0)
{
//mysql
f.setNodeColor(nn, 1);
f.setNodeColor(n, 2);
w.Write("SQLException Found in: " + n.Text + "\r\n" + nn.Text + "\r\n\r\n");
hits++;
nn.Checked = true;
}
//if (AnyInstr(fl,"500,408,401,403")) //error,timeout,unauthorized,forbidden //413 Entity to large? 405 Method Not Allowed
if (AnyInstr(fl, "500,408,401"))
{
f.setNodeColor(nn, 1);
f.setNodeColor(n, 2);
w.Write("Http Error code found in: " + n.Text + "\r\n" + nn.Text + "\r\n\r\n");
hits++;
nn.Checked = true;
}
db.FreeData();
}
}
}
f.pb.Value = 0;
f.pb2.Value = 0;
w.Close();
if (hits > 0)
{
MessageBox.Show(hits.ToString() + " results found. The nodes have been checked.\n\nYou can prune tree using right click menu");
}
else
{
MessageBox.Show("quick scan had no results...");
}
}
public void Run(IScriptableComponent component)
{
int i = 0, j = 0, hits = 0;
Form1 f = component.Parent;
string pDir = Path.GetDirectoryName(f.txtPcap.Text);
string rep = pDir + "\\exploits.txt";
//if (File.Exists(rep)) File.Delete(rep);
StreamWriter w = File.AppendText(rep);
foreach (TreeNode n in f.tv.Nodes)
{
i++;
f.setpb(i, f.tv.Nodes.Count, 1);
n.Checked = false;
foreach (TreeNode nn in n.Nodes)
{
j++;
f.setpb(j, n.Nodes.Count, 2);
nn.Checked = false;
DataBlock db = (DataBlock)nn.Tag;
if (db.LoadData())
{
string fl = db.HttpFirstLine;
//response codes that may indicate a problem to look at...
if (db.DataType == DataBlock.DataTypes.dtHttpResp)
{
if (AnyInstr(fl, "500,408,401,403,413,405,400")) //error,timeout,unauthorized,forbidden,413 Entity to large,405 Method Not Allowed, 400 bad req
{
f.setNodeColor(nn, 1);
f.setNodeColor(n, 2);
w.Write("Http Error code found in: " + n.Text + "\r\n" + nn.Text + "\r\n\r\n");
hits++;
nn.Checked = true;
}
}
//http requests to flag as suspecious..
if (db.DataType == DataBlock.DataTypes.dtHttpReq)
{
string body = db.GetBody();
if (body.IndexOf("SqlException", StringComparison.CurrentCultureIgnoreCase) > 0)
{
//mssql and oracle
f.setNodeColor(nn, 1);
f.setNodeColor(n, 2);
w.Write("SQLException Found in: " + n.Text + "\r\n" + nn.Text + "\r\n\r\n");
hits++;
nn.Checked = true;
}
//if (AnyInstr(fl,"500,408,401,403")) //error,timeout,unauthorized,forbidden //413 Entity to large? 405 Method Not Allowed
if (AnyInstr(fl, "..,script,bak,~,java.lang,jboss.,%252e,passwd,2d%64+%61"))
{
f.setNodeColor(nn, 1);
f.setNodeColor(n, 2);
w.Write("Http Error code found in: " + n.Text + "\r\n" + nn.Text + "\r\n\r\n");
hits++;
nn.Checked = true;
}
}
db.FreeData();
}
}
}
f.pb.Value = 0;
f.pb2.Value = 0;
w.Close();
if (hits > 0)
{
MessageBox.Show(hits.ToString() + " results found. The nodes have been checked.\n\nYou can prune tree using right click menu");
}
else
{
MessageBox.Show("quick scan had no results...");
}
}
