C# (CSharp) TrafficViewerFile.Open примеры использования

Пример #1

        //[TestMethod]
        public void TestLoginExportType()
        {
            TempFile temp = new TempFile();

            temp.Write(Resources.AltoroLogin);

            TrafficViewerFile origFile = new TrafficViewerFile();

            origFile.Open(temp.Path);

            Assert.AreEqual(4, origFile.RequestCount);

            //export

            IList <ITrafficExporter> exporters = TrafficViewer.Instance.TrafficExporters;

            ITrafficExporter loginExporter = null;

            foreach (ITrafficExporter exporter in exporters)
            {
                if (exporter.Caption == "ASE Login Files (.login)")
                {
                    loginExporter = exporter;
                }
            }

            Assert.IsNotNull(loginExporter);

            TempFile exportedFile = new TempFile("exporttest.login");
            Stream   stream       = exportedFile.OpenStream();

            loginExporter.Export(origFile, stream, "demo.testfire.net", 80);

            stream.Close();

            //import the exported file

            TrafficViewerFile import = new TrafficViewerFile();

            ITrafficParser configurationParser = TrafficViewer.Instance.GetParser("Configuration Parser");

            Assert.IsNotNull(configurationParser);

            configurationParser.Parse(exportedFile.Path, import, ParsingOptions.GetLegacyAppScanProfile());


            Assert.AreEqual(origFile.RequestCount, import.RequestCount);

            int           i = -1;
            TVRequestInfo origInfo;

            while ((origInfo = origFile.GetNext(ref i)) != null)
            {
                TVRequestInfo importInfo      = import.GetRequestInfo(origInfo.Id);
                string        origRequest     = Constants.DefaultEncoding.GetString(origFile.LoadRequestData(origInfo.Id));
                string        importedRequest = Constants.DefaultEncoding.GetString(import.LoadRequestData(origInfo.Id));

                Assert.AreEqual(origRequest, importedRequest);
            }
        }

Пример #2

        private void OpenTvf(object param)
        {
            string path = (string)param;


            _trafficViewerFile.Open(path);
        }

Пример #3

Файл: UnitTestUtils.cs Проект: paul-ion/HTTP-BlackOps

        public static TrafficViewerFile GenerateTestTvf()
        {
            TrafficViewerFile tvf  = new TrafficViewerFile();
            TempFile          temp = new TempFile(".tvf");

            temp.Write(Properties.Resources.altoro);
            tvf.Open(temp.Path);
            return(tvf);
        }

Пример #4

Файл: ImportersUnitTest.cs Проект: paul-ion/HTTP-BlackOps

        private static TrafficViewerFile GetCompareTVF(byte[] bytes)
        {
            TempFile compareTemp = new TempFile();

            compareTemp.Write(bytes);
            TrafficViewerFile compareTVF = new TrafficViewerFile();

            compareTVF.Open(compareTemp.Path);
            return(compareTVF);
        }

Пример #5

        public void SaveAndOpen()
        {
            TrafficViewerFile tvf  = MakeDummyTrafficFile();
            TempFile          temp = new TempFile(".tvf");

            tvf.Save(temp.Path);
            tvf.Close(false);
            //verfiy that we can open
            tvf.Open(temp.Path);
            //run all validations
            ValidateASEFile(tvf);
            tvf.Close(false);
        }

Пример #6

        //[TestMethod]
        public void TestVariableDefinitions()
        {
            TempFile temp = new TempFile();

            temp.Write(Resources.AltoroLogin);

            TrafficViewerFile origFile = new TrafficViewerFile();

            origFile.Open(temp.Path);

            Assert.AreEqual(4, origFile.RequestCount);

            //export

            IList <ITrafficExporter> exporters = TrafficViewer.Instance.TrafficExporters;

            ITrafficExporter loginExporter = null;

            foreach (ITrafficExporter exporter in exporters)
            {
                if (exporter.Caption == "AppScan Login Files (.login)")
                {
                    loginExporter = exporter;
                }
            }

            Assert.IsNotNull(loginExporter);

            TempFile exportedFile = new TempFile("exporttest.xml");
            Stream   stream       = exportedFile.OpenStream();

            loginExporter.Export(origFile, stream, "demo.testfire.net", 80);

            stream.Close();

            //import the exported file
            XmlDocument loginDoc = new XmlDocument();

            loginDoc.XmlResolver = null;

            loginDoc.Load(exportedFile.Path);

            XmlNode varDef = loginDoc.SelectSingleNode("//VariableDefinition[@Name='amSessionId']");

            Assert.IsNotNull(varDef);
            Assert.AreEqual("Cookie", varDef.SelectSingleNode("VariableType").InnerText);
            Assert.AreEqual("True", varDef.SelectSingleNode("SessionIDEnabled").InnerText);
        }

Пример #7

        public void SaveAndOpen()
        {
            string expectedRequest  = "GET / HTTP/1.1";
            string expectedResponse = "HTTP/1.1 200 OK";

            TrafficViewerFile file = new TrafficViewerFile();
            int reqId = file.AddRequestResponse(expectedRequest, expectedResponse);

            file.GetRequestInfo(reqId).IsHttps = true;

            Assert.AreEqual(1, file.RequestCount);

            TempFile temp = new TempFile(".tvf");

            file.Save(temp.Path);
            //verify that the file can be saved
            Assert.IsTrue(File.Exists(temp.Path), "Cannot save the file");

            file.Close(false);

            //make a new file and verify we can open
            TrafficViewerFile file2 = new TrafficViewerFile();

            file2.Open(temp.Path);
            //verify actual file was open
            Assert.AreEqual(1, file2.RequestCount, "Incorrect request count after opening saved file");
            //verify request data is correct
            int           requestId = -1;
            TVRequestInfo info      = file2.GetNext(ref requestId);

            Assert.IsNotNull(info, "Cannot obtain request info");

            //veryfy transport info
            Assert.IsTrue(info.IsHttps);

            //verify request data
            string loadedRequest = Encoding.UTF8.GetString(file2.LoadRequestData(info.Id));

            Assert.AreEqual(expectedRequest, loadedRequest);

            string loadedResponse = Encoding.UTF8.GetString(file2.LoadResponseData(info.Id));

            Assert.AreEqual(expectedResponse, loadedResponse);


            file2.Close(false);
        }

Пример #8

        public void TestEncryptedRequest()
        {
            TrafficViewerFile file      = new TrafficViewerFile();
            string            request1  = "GET /unencrypted HTTP/1.1";
            string            request2  = "GET /encrypted\r\n\r\nsecret=123456789 HTTP/1.1";
            string            response1 = "HTTP 200 OK\r\n\r\nUnencrypted Response";
            string            response2 = "HTTP 200 OK\r\n\r\nEncrypted Response (secret 1234567789)";

            file.AddRequestResponse(request1, response1);
            file.AddRequestResponse(request2, response2);

            var reqInfo = file.GetRequestInfo(1);

            Assert.IsFalse(reqInfo.IsEncrypted, "Default should be unencrypted");
            reqInfo.IsEncrypted = true;
            //resave the request
            file.SaveRequestResponse(1, request2, response2);
            TempFile tempFile = new TempFile();

            file.EnableDefrag = true; //defrag the raw file
            file.Save(tempFile.Path);

            file = new TrafficViewerFile();

            file.Open(tempFile.Path);


            Assert.IsFalse(file.GetRequestInfo(0).IsEncrypted, "First request should not be encrypted");
            Assert.IsTrue(file.GetRequestInfo(1).IsEncrypted, "Second request should be encrypted");


            string testRequest = Constants.DefaultEncoding.GetString(file.LoadRequestData(1));

            Assert.AreEqual(request2, testRequest);

            string testResponse = Constants.DefaultEncoding.GetString(file.LoadResponseData(1));

            Assert.AreEqual(response2, testResponse);
            file.Close(false);
            File.Delete(tempFile.Path);
        }

Пример #9

        //[TestMethod]
        public void ExportExdUtil()
        {
            string            sourcePath = @"c:\_transfer\jaguarmanualexplorefiltered.htd";
            TrafficViewerFile source     = new TrafficViewerFile();

            source.Open(sourcePath);

            int id            = -1;
            int index         = 0;
            int count         = source.RequestCount;
            int partNo        = 1;
            int numberOfParts = 6;

            int partSize = count / numberOfParts;

            TVRequestInfo     info;
            TrafficViewerFile currentPart = new TrafficViewerFile();

            while ((info = source.GetNext(ref id)) != null)
            {
                if (index < partSize * partNo)
                {
                    byte [] request  = source.LoadRequestData(info.Id);
                    byte [] response = source.LoadResponseData(info.Id);
                    currentPart.AddRequestResponse(request, response);
                }
                else
                {
                    ExportPart(partNo, currentPart);
                    currentPart.Close(false);
                    currentPart = new TrafficViewerFile();
                    partNo++;
                }
                index++;
            }

            if (currentPart.RequestCount > 0)
            {
                ExportPart(partNo, currentPart);
            }
        }

Пример #10

        public void Run()
        {
            _runnable = true;
            var    customTests = _testFile.GetCustomTests().Values;
            Tester tester      = new Tester(this, _testFile);

            if (_requestsToTest.Count == 0)
            {
                //load the requests to test
                foreach (var tvReqInfo in _selectedRequests)
                {
                    _requestsToTest.Enqueue(tvReqInfo);
                }
            }

            _trafficFile.SetState(AccessorState.Loading);

            while (_runnable && _requestsToTest.Count > 0)
            {
                TVRequestInfo workingEntry = _requestsToTest.Peek();
                //check the request;
                byte[]          reqBytes       = _trafficFile.LoadRequestData(workingEntry.Id);
                byte[]          respBytes      = _trafficFile.LoadResponseData(workingEntry.Id);
                HttpRequestInfo workingReqInfo = null;
                if (reqBytes == null)
                {
                    Log("SELECT A NEW REQUEST");
                    _requestsToTest.Dequeue(); //remove the request;
                    continue;
                }
                else
                {
                    workingReqInfo          = new HttpRequestInfo(reqBytes, true);
                    workingReqInfo.IsSecure = workingEntry.IsHttps;
                }


                string rawRequest  = workingReqInfo.ToString();
                string rawResponse = respBytes != null?Constants.DefaultEncoding.GetString(respBytes) : String.Empty;

                if (ShouldBeTested(rawRequest, _testFile.GetAttackTargetList()))
                {
                    MultiThreadedTestExecution testExecution = new MultiThreadedTestExecution(tester, rawRequest, rawResponse, new Uri(workingReqInfo.FullUrl), _testFile.NumberOfThreads);

                    bool containsFuzz = rawRequest.Contains(Constants.FUZZ_STRING);

                    foreach (CustomTestDef testDef in customTests)
                    {
                        if (containsFuzz)
                        {
                            testExecution.TestsQueue.Enqueue(new TestJob(String.Empty, String.Empty, RequestLocation.Path, testDef));
                        }
                        else
                        {
                            //iterate through parameters, cookies and headers
                            foreach (var parameter in workingReqInfo.PathVariables)
                            {
                                testExecution.TestsQueue.Enqueue(new TestJob(parameter.Key, parameter.Value, RequestLocation.Path, testDef));
                            }

                            foreach (var parameter in workingReqInfo.QueryVariables)
                            {
                                testExecution.TestsQueue.Enqueue(new TestJob(parameter.Key, parameter.Value, RequestLocation.Query, testDef));
                            }

                            foreach (var parameter in workingReqInfo.BodyVariables)
                            {
                                testExecution.TestsQueue.Enqueue(new TestJob(parameter.Key, parameter.Value, RequestLocation.Body, testDef));
                            }

                            if (!_testFile.TestOnlyParameters)
                            {
                                foreach (var header in workingReqInfo.Headers)
                                {
                                    if (!header.Name.Equals("Host"))
                                    {
                                        testExecution.TestsQueue.Enqueue(new TestJob(header.Name, header.Value, RequestLocation.Headers, testDef));
                                    }
                                }

                                foreach (var cookie in workingReqInfo.Cookies)
                                {
                                    testExecution.TestsQueue.Enqueue(new TestJob(cookie.Key, cookie.Value, RequestLocation.Cookies, testDef));
                                }
                            }
                        }
                        testExecution.StartTestsAsync();
                        while (testExecution.IsRunning)
                        {
                            if (!_runnable)
                            {
                                testExecution.CancelTests();
                            }
                            //wait for the test execution to complete
                            Thread.Sleep(10);
                        }
                    }
                }
                if (_requestsToTest.Count > 0)
                {
                    _requestsToTest.Dequeue();
                }
            }


            //we also initialize all multi-step operations
            List <string> multiStepList = _testFile.GetMultiStepList();

            _multiStepsToTest = new Queue <string>();


            foreach (string path in multiStepList)
            {
                if (File.Exists(path))
                {
                    _multiStepsToTest.Enqueue(path);
                }
                else
                {
                    SdkSettings.Instance.Logger.Log(TraceLevel.Error, "Multi-Step path '{0}' does not exist.", path);
                }
            }

            while (_multiStepsToTest.Count > 0)
            {
                if (!_runnable)
                {
                    return;
                }

                string path = _multiStepsToTest.Peek();

                bool isAbl            = path.EndsWith(".login");
                TrafficViewerFile htd = new TrafficViewerFile();
                if (isAbl)
                {
                    SdkSettings.Instance.Logger.Log(TraceLevel.Error, "ABL files are not supported");
                    continue;
                }
                else
                {
                    htd.Open(path);
                }



                SequentialAttackProxy proxy = GetTestProxy(_netSettings, true) as SequentialAttackProxy;
                proxy.Start();

                DefaultNetworkSettings netSettings = new DefaultNetworkSettings();
                netSettings.WebProxy = new WebProxy(proxy.Host, proxy.Port);
                netSettings.CertificateValidationCallback = _netSettings.CertificateValidationCallback;
                RequestSender.RequestSender reqSender = new RequestSender.RequestSender(netSettings);

                do
                {
                    reqSender.Send(htd);
                }while (!proxy.TestComplete && _runnable);

                proxy.Stop();

                if (_runnable)
                {
                    _multiStepsToTest.Dequeue();
                }
            }
            _trafficFile.SetState(AccessorState.Idle);
            _runnable = false;
        }

Пример #11

        private void TestMultiSteps()
        {
            //we also initialize all multi-step operations
            List <string> multiStepList = _testFile.GetMultiStepList();

            _multiStepsToTest = new Queue <string>();


            foreach (string path in multiStepList)
            {
                if (File.Exists(path))
                {
                    _multiStepsToTest.Enqueue(path);
                }
                else
                {
                    HttpServerConsole.Instance.WriteLine(LogMessageType.Error,
                                                         "Multi-Step path '{0}' does not exist.", path);
                }
            }

            while (_multiStepsToTest.Count > 0)
            {
                if (!_runnable)
                {
                    return;
                }

                string path = _multiStepsToTest.Peek();

                bool isAbl            = path.EndsWith(".login");
                TrafficViewerFile htd = new TrafficViewerFile();
                if (isAbl)
                {
                    HttpServerConsole.Instance.WriteLine(LogMessageType.Error, "ABL files are not supported");
                    continue;
                }
                else
                {
                    htd.Open(path);
                }

                SequentialAttackProxy proxy = GetTestProxy(_netSettings, true) as SequentialAttackProxy;
                proxy.Start();

                DefaultNetworkSettings netSettings = new DefaultNetworkSettings();
                netSettings.WebProxy = new WebProxy(proxy.Host, proxy.Port);
                netSettings.CertificateValidationCallback = _netSettings.CertificateValidationCallback;
                RequestSender.RequestSender reqSender = new RequestSender.RequestSender(netSettings);

                do
                {
                    reqSender.Send(htd);
                }while (!proxy.TestComplete && _runnable);

                proxy.Stop();

                if (_runnable)
                {
                    _multiStepsToTest.Dequeue();
                }
            }
        }

Пример #12

        private HttpResponseInfo StopProxy(HttpRequestInfo requestInfo)
        {
            string report = "";
            //get the port from the url
            string portString = null;

            requestInfo.QueryVariables.TryGetValue("port", out portString);
            //optional secret to protect the recording session
            string secret = null;

            requestInfo.QueryVariables.TryGetValue("secret", out secret);
            //optional flag indicating if similar requests should be skiped
            string skipSimilar = null;

            requestInfo.QueryVariables.TryGetValue("skipSimilar", out skipSimilar);
            //the file to save to
            string fileName = null;

            requestInfo.QueryVariables.TryGetValue("fileName", out fileName);
            //optional parameter to cancel the scan
            string cancel = null;

            requestInfo.QueryVariables.TryGetValue("cancel", out cancel);

            if (fileName == null)
            {
                //assign a random file name
                fileName = DateTime.Now.Ticks.ToString();
            }

            if (!Utils.IsMatch(fileName, "^[\\w._-]+$"))
            {
                return(GetResponse(400, "Bad Request", "Invalid file name."));
            }

            int port;

            if (int.TryParse(portString, out port))
            {
                if (!CollectorProxyList.Instance.ProxyList.ContainsKey(port))
                {
                    return(GetResponse(400, "Bad Request", "Port not found."));
                }
                else
                {
                    IHttpProxy        proxy       = CollectorProxyList.Instance.ProxyList[port];
                    TrafficViewerFile trafficFile = (proxy as ManualExploreProxy).TrafficDataStore as TrafficViewerFile;

                    //check the secret if it exists
                    string configuredSecret = trafficFile.Profile.GetOption("secret") as String;
                    if (!String.IsNullOrWhiteSpace(configuredSecret) && !configuredSecret.Equals(secret))
                    {
                        return(GetResponse(401, "Unauthorized", "Invalid secret."));
                    }

                    string filePath = Path.Combine(TrafficCollectorSettings.Instance.DumpDir, fileName + ".htd");


                    if (proxy is DriveByAttackProxy)
                    {
                        DriveByAttackProxy dProx = proxy as DriveByAttackProxy;
                        int requestsLeft         = dProx.RequestsLeft;
                        if (requestsLeft > 0 && (cancel == null || !cancel.Equals("true")))
                        {
                            return(GetResponse(206, "Partial Content", "Please wait... {0} request(s) left, {1} test job(s) in queue", requestsLeft, dProx.TestCount));
                        }
                        else
                        {
                            int           id   = -1;
                            TVRequestInfo info = null;
                            report  = "\r\n\r\nVulnerability List\r\n";
                            report += "============================\r\n";
                            int count = 0;
                            while ((info = trafficFile.GetNext(ref id)) != null)
                            {
                                if (info.Description.Contains("Vulnerability"))
                                {
                                    count++;
                                    report += String.Format("Request {0} - {1} ({2})\r\n", info.RequestLine, info.Description, info.Validation);
                                }
                            }
                            report += String.Format("Total: {0}\r\n", count);
                        }
                    }

                    if (File.Exists(filePath)) //load the existing file and check the secret
                    {
                        TrafficViewerFile existingFile = new TrafficViewerFile();
                        existingFile.Open(filePath);
                        configuredSecret = existingFile.Profile.GetOption("secret") as String;
                        existingFile.Close(false);

                        if (String.IsNullOrWhiteSpace(configuredSecret) || String.IsNullOrWhiteSpace(secret) || !configuredSecret.Equals(secret))
                        {
                            return(GetResponse(401, "Unauthorized", "Cannot override existing file."));
                        }
                    }


                    proxy.Stop();
                    CollectorProxyList.Instance.ProxyList.Remove(port);
                    if (trafficFile.RequestCount > 0)
                    {
                        if (skipSimilar != null && skipSimilar.Equals("true", StringComparison.OrdinalIgnoreCase))
                        {
                            trafficFile = removeSimilar(trafficFile);
                        }

                        trafficFile.Save(filePath);

                        report += String.Format("Traffic file saved at '{0}'\r\n", filePath);
                    }
                    else
                    {
                        report += "Nothing recorded.";
                    }
                }
            }
            else
            {
                return(GetResponse(400, "Bad Request", "Invalid 'port' parameter."));
            }

            return(GetResponse(200, "OK", "Proxy stopped. {0}", report));
        }

Пример #13

        static void Main(string[] args)
        {
            if (args.Length < 2)
            {
                Console.WriteLine("Usage: Traffic2Exd <traffic file path> <EXD file path>");
                Console.WriteLine("Supported import formats: .har, .txt, .htd");
                Console.WriteLine("If the EXD file already exists the tool will append to it.");

                Console.WriteLine("Exit codes: 1 - No args, 2 - Incorrect file path, 3 - Parsing error, 4 - Export error, 5 - Unsupported Exception.");
                Environment.ExitCode = 1;
            }
            else
            {
                string trafficFilePath = args[0];
                string exdFilePath     = args[1];
                if (!File.Exists(trafficFilePath))
                {
                    Console.WriteLine("Could not find har file: '{0}'", trafficFilePath);
                    Environment.ExitCode = 2;
                }
                else
                {
                    TrafficViewerFile tvf = new TrafficViewerFile();
                    try
                    {
                        if (File.Exists(exdFilePath))
                        {
                            Console.WriteLine("EXD file {0} already exists. Appending to it.", exdFilePath);
                            ConfigurationParser exdParser = new ConfigurationParser();
                            exdParser.Parse(exdFilePath, tvf, ParsingOptions.GetDefaultProfile());
                        }


                        Console.WriteLine("Importing from '{0}'...", trafficFilePath);
                        ITrafficParser parser = null;


                        if (trafficFilePath.ToLower().EndsWith(".har"))
                        {
                            parser = new HarParser();
                        }
                        else if (trafficFilePath.ToLower().EndsWith(".txt"))
                        {
                            parser = new DefaultTrafficParser();
                        }
                        else if (trafficFilePath.ToLower().EndsWith(".htd"))
                        {
                            TrafficViewerFile tvf2 = new TrafficViewerFile();
                            tvf2.Open(trafficFilePath);
                            int           id   = -1;
                            TVRequestInfo info = null;

                            while ((info = tvf2.GetNext(ref id)) != null)
                            {
                                tvf.AddRequestResponse(tvf2.LoadRequestData(info.Id), tvf2.LoadResponseData(info.Id));
                            }
                        }
                        else
                        {
                            Console.WriteLine("File extension is unsupported. Supported extensions/formats: .har, .txt, .htd");
                            Environment.ExitCode = 5;
                        }

                        if (parser != null)
                        {
                            parser.Parse(trafficFilePath, tvf, ParsingOptions.GetRawProfile());
                        }
                    }
                    catch (Exception ex)
                    {
                        Console.WriteLine("Parsing exception: '{0}'", ex.Message);
                        Environment.ExitCode = 3;
                    }
                    //now export

                    try
                    {
                        Console.WriteLine("Exporting to '{0}'...", exdFilePath);
                        var exporter = new ManualExploreExporter();
                        exporter.Export(tvf, new FileStream(exdFilePath, FileMode.Create, FileAccess.ReadWrite));
                    }
                    catch (Exception ex)
                    {
                        Console.WriteLine("Export exception: '{0}'", ex.Message);
                        Environment.ExitCode = 4;
                    }
                    tvf.Close(false);
                    Console.WriteLine("Done.");
                }
            }
        }