/*
* void Main()
* {
* Console.WriteLine(FindNum(1398));
* }
*
* // Define other methods and classes here
*
* public bool Check(string Operator, int ToCheck, int Num)
* {
* Console.Write(string.Format("{0}{1}{2} - ", ToCheck, Operator, Num));
* if(Operator == "=")
* {
* return (ToCheck == Num);
* }
* else if (Operator == ">")
* {
* return (ToCheck > Num);
* }
* else
* {
* return (ToCheck < Num);
* }
* }
* public int FindNum(int Num)
* {
* int UpperLimit = 0;
* int LowerLimit = 1;
*
* while (true)
* {
* int ToCheck = 0;
* string Operator = "<";
* if (UpperLimit == 0)
* {
* ToCheck = LowerLimit * 10;
* }
* else if (UpperLimit - LowerLimit == 1)
* {
* Operator = "=";
* ToCheck = UpperLimit;
* }
* else
* {
* ToCheck = ((UpperLimit - LowerLimit) / 2) + LowerLimit;
* }
* Console.WriteLine(string.Format("Upper: {0} Lower: {1}", UpperLimit, LowerLimit));
* if (Check(Operator, ToCheck, Num))
* {
* Console.WriteLine("true");
* if (Operator == "=")
* {
* return ToCheck;
* }
* else
* {
* LowerLimit = ToCheck;
* }
* }
* else
* {
* Console.WriteLine("false");
* if (Operator == "=" && UpperLimit - LowerLimit == 1)
* {
* return -1;
* }
* else
* {
* UpperLimit = ToCheck;
* }
* }
* }
* }
*
*/
public string FindChar(PayloadGenerator PayGenFunction, object Info, Fuzzer F, string Chars)
{
foreach (char C in Chars)
{
string Payload = PayGenFunction(Info, "=", C.ToString());
if (IsPayloadResponseTrue(F, Payload))
{
return(C.ToString());
}
}
return("�");
}
public string FindCharByCode(PayloadGenerator PayGenFunction, object Info, Fuzzer F)
{
int CharCode = FindNum(PayGenFunction, Info, F);
if (CharCode == -1)
{
return("");
}
else
{
try
{
return(Convert.ToChar(CharCode).ToString());
}
catch
{
return("");
}
}
}
private void FinalBtn_Click(object sender, EventArgs e)
{
if (FinalBtn.Text.Equals("Close"))
{
this.Close();
}
else
{
try
{
FinalBtn.Enabled = false;
if (this.ScanJobMode)
{
Step3StatusTB.Text = "Creating scan job, please wait...";
}
else
{
Step3StatusTB.Text = "Reading your inputs, please wait...";
}
Scanner NewScanner = new Scanner(RequestToScan);
string SessionPluginName = SessionPluginsCombo.Text;
if (SessionPluginName.Length > 0)
{
if (SessionPlugin.List().Contains(SessionPluginName))
{
if (ScanThreadLimitCB.Checked)
{
Scanner.MaxParallelScanCount = 1;
IronUI.UpdateScannerSettingsInUIFromConfig();
IronDB.StoreScannerSettings();
}
}
else
{
Step3StatusTB.Text = "Invalid Session Plugin name selected.";
FinalBtn.Enabled = true;
return;
}
}
//
//No updates to the NewScanner object must be done before calling this.UpdateScannerFromUi method.
//There is a chance that this method might create a new scanner object and return it (when custom body injection points is selected).
//Any updates to NewScanner made before this method are lost if a new scanner object is returned
//
if (ScanJobMode)
{
NewScanner = this.UpdateScannerFromUi(NewScanner, SessionPluginName);
}
else
{
this.Fuzz = (Fuzzer) this.UpdateScannerFromUi(this.Fuzz, SessionPluginName);
}
if (ScanJobMode)
{
int ScanID = NewScanner.LaunchScan();
Step3StatusTB.Text = string.Format("Scan has been started. The ID for this scan job is {0}.\r\n\r\nThe status of this scan job can be checked in the 'Automated Scanning' tab, this window can be closed.", ScanID);
FinalBtn.Text = "Close";
StepFourPreviousBtn.Enabled = false;
FinalBtn.Enabled = true;
}
else
{
this.Close();
}
}
catch (Exception Exp)
{
if (this.ScanJobMode)
{
IronException.Report("Error starting a configured scan", Exp.Message, Exp.StackTrace);
Step3StatusTB.Text = "Error Starting Scan!";
}
else
{
IronException.Report("Error getting injection points from UI", Exp.Message, Exp.StackTrace);
Step3StatusTB.Text = "Error reading Injecton Points";
}
FinalBtn.Enabled = true;
}
}
}
Scanner UpdateScannerFromUi(Scanner NewScanner, string SessionPluginName)
{
//Body must come above everything else because for a custom injection marker selection a new scanner object is created.
int SubParameterPosition = 0;
string ParameterName = "";
#region BodyInjectionPoints
if (BodyTypeNormalRB.Checked)
{
SubParameterPosition = 0;
ParameterName = "";
foreach (DataGridViewRow Row in this.ScanBodyTypeNormalGrid.Rows)
{
string CurrentParameterName = Row.Cells[1].Value.ToString();
if (ParameterName.Equals(CurrentParameterName))
{
SubParameterPosition++;
}
else
{
ParameterName = CurrentParameterName;
SubParameterPosition = 0;
}
if ((bool)Row.Cells[0].Value)
{
NewScanner.InjectBody(ParameterName, SubParameterPosition);
}
}
}
else if (BodyTypeFormatPluginRB.Checked)
{
bool FormatPluginSelected = false;
bool FormatPluginInjectionPointSelected = false;
foreach (DataGridViewRow Row in FormatPluginsGrid.Rows)
{
if ((bool)Row.Cells[0].Value)
{
NewScanner.BodyFormat = FormatPlugin.Get(Row.Cells[1].Value.ToString());
FormatPluginSelected = true;
break;
}
}
foreach (DataGridViewRow Row in this.BodyTypeFormatPluginGrid.Rows)
{
if ((bool)Row.Cells[0].Value)
{
FormatPluginInjectionPointSelected = true;
break;
}
}
if (FormatPluginSelected && FormatPluginInjectionPointSelected)
{
NewScanner.InjectionArrayXML = FormatXMLTB.Text;
NewScanner.XmlInjectionArray = new string[BodyTypeFormatPluginGrid.Rows.Count, 2];
NewScanner.BodyXmlInjectionParameters = new Parameters();
for (int i = 0; i < BodyTypeFormatPluginGrid.Rows.Count; i++)
{
NewScanner.XmlInjectionArray[i, 0] = BodyTypeFormatPluginGrid.Rows[i].Cells[1].Value.ToString();
NewScanner.XmlInjectionArray[i, 1] = BodyTypeFormatPluginGrid.Rows[i].Cells[2].Value.ToString();
NewScanner.BodyXmlInjectionParameters.Add(NewScanner.XmlInjectionArray[i, 0], NewScanner.XmlInjectionArray[i, 1]);
}
foreach (DataGridViewRow Row in this.BodyTypeFormatPluginGrid.Rows)
{
if ((bool)Row.Cells[0].Value)
{
NewScanner.InjectBody(Row.Index);
}
}
}
}
else if (BodyTypeCustomRB.Checked)
{
if (ScanBodyCB.Checked)
{
Request RequestToScanClone = RequestToScan.GetClone();
RequestToScanClone.BodyString = SetCustomInjectionPointsSTB.Text;
if (ScanJobMode)
{
NewScanner = new Scanner(RequestToScanClone);
}
else
{
NewScanner = new Fuzzer(RequestToScanClone);
this.Fuzz = (Fuzzer) NewScanner;
}
NewScanner.InjectBody(CurrentStartMarker, CurrentEndMarker);
lock (Scanner.UserSpecifiedEncodingRuleList)
{
Scanner.UserSpecifiedEncodingRuleList.Clear();
foreach (DataGridViewRow Row in CharacterEscapingGrid.Rows)
{
Scanner.UserSpecifiedEncodingRuleList.Add(new string[] { Row.Cells[1].Value.ToString(), Row.Cells[3].Value.ToString() });
if ((bool)Row.Cells[0].Value)
NewScanner.AddEscapeRule(Row.Cells[1].Value.ToString(), Row.Cells[3].Value.ToString());
}
}
IronDB.StoreCharacterEscapingRules();
}
else
{
NewScanner.CustomInjectionPointStartMarker = "";
NewScanner.CustomInjectionPointEndMarker = "";
}
}
#endregion
#region UrlPathPartsInjectionPoints
for (int i = 0; i < this.ScanURLGrid.Rows.Count; i++)
{
if ((bool)this.ScanURLGrid.Rows[i].Cells[0].Value)
{
NewScanner.InjectUrl(i);
}
}
#endregion
#region QueryInjectionPoints
SubParameterPosition = 0;
ParameterName = "";
foreach (DataGridViewRow Row in this.ScanQueryGrid.Rows)
{
string CurrentParameterName = Row.Cells[1].Value.ToString();
if (ParameterName.Equals(CurrentParameterName))
{
SubParameterPosition++;
}
else
{
ParameterName = CurrentParameterName;
SubParameterPosition = 0;
}
if ((bool)Row.Cells[0].Value)
{
NewScanner.InjectQuery(ParameterName, SubParameterPosition);
}
}
#endregion
#region CookieInjectionPoints
SubParameterPosition = 0;
ParameterName = "";
foreach (DataGridViewRow Row in this.ScanCookieGrid.Rows)
{
string CurrentParameterName = Row.Cells[1].Value.ToString();
if (ParameterName.Equals(CurrentParameterName))
{
SubParameterPosition++;
}
else
{
ParameterName = CurrentParameterName;
SubParameterPosition = 0;
}
if ((bool)Row.Cells[0].Value)
{
NewScanner.InjectCookie(ParameterName, SubParameterPosition);
}
}
#endregion
#region HeaderInjectionPoints
SubParameterPosition = 0;
ParameterName = "";
foreach (DataGridViewRow Row in this.ScanHeadersGrid.Rows)
{
string CurrentParameterName = Row.Cells[1].Value.ToString();
if (ParameterName.Equals(CurrentParameterName))
{
SubParameterPosition++;
}
else
{
ParameterName = CurrentParameterName;
SubParameterPosition = 0;
}
if ((bool)Row.Cells[0].Value)
{
NewScanner.InjectHeaders(ParameterName, SubParameterPosition);
}
}
#endregion
#region ParameterNameInjectionPoints
if (ScanQueryParameterNameCB.Checked)
{
NewScanner.InjectParameterName("Query");
}
if (ScanBodyParameterNameCB.Checked)
{
NewScanner.InjectParameterName("Body");
}
if (ScanCookieParameterNameCB.Checked)
{
NewScanner.InjectParameterName("Cookie");
}
if (ScanHeadersParameterNameCB.Checked)
{
NewScanner.InjectParameterName("Headers");
}
#endregion
#region SetSessionPlugin
SessionPluginName = SessionPluginsCombo.Text;
if (SessionPluginName.Length > 0)
{
NewScanner.SessionHandler = SessionPlugin.Get(SessionPluginName);
}
#endregion
#region SetChecks
if (this.ScanJobMode)
{
foreach (DataGridViewRow Row in ScanPluginsGrid.Rows)
{
if ((bool)Row.Cells[0].Value) NewScanner.AddCheck(Row.Cells[1].Value.ToString());
}
}
#endregion
return NewScanner;
}
internal void SetFuzzer(Fuzzer Fuzz)
{
this.Fuzz = Fuzz;
this.SetRequest(Fuzz.OriginalRequest);
this.ScanJobMode = false;
this.ScanThreadLimitCB.Visible = false;
BaseTabs.TabPages.RemoveAt(1);
FinalBtn.Text = "Done";
this.Text = "Configure Scan/Fuzz Settings";
this.Step2TopMsgTB.Text = @"Select which parameters and sections of the Request must be scanned.
You can either select all parameters or entire sections for scanning. Or go through the different tabs below and select the exact parameters you want be to scanned to perform a high precision scan.";
}
public static Fuzzer FromUi(Request Req)
{
Fuzzer F = new Fuzzer(Req);
return(F.UpdateFromUi());
}
public static Fuzzer FromUi(Request Req)
{
Fuzzer F = new Fuzzer(Req);
return F.UpdateFromUi();
}
public int FindNum(PayloadGenerator PayGenFunction, object Info, Fuzzer F)
{
int UpperLimit = 0;
int LowerLimit = 1;
string Payload = "";
bool IsZero = false;
bool IsOne = false;
if (IsPayloadResponseTrue(F, PayGenFunction(Info, "=", "0")))
{
IsZero = true;
}
if (IsPayloadResponseTrue(F, PayGenFunction(Info, "=", "1")))
{
IsOne = true;
}
if (IsOne && IsZero)
{
throw new Exception("Injection does not work");
}
else if (IsOne)
{
return(1);
}
else if (IsZero)
{
return(0);
}
for (int i = 0; i < 100; i++)
//while (true)
{
if (i == 20 || i == 40 || i == 60 || i == 80)
{
if (IsPayloadResponseTrue(F, PayGenFunction(Info, "=", "0")))
{
throw new Exception("Injection does not work");
}
}
int ToCheck = 0;
string Operator = "<";
if (UpperLimit == 0)
{
ToCheck = LowerLimit * 10;
}
else if (UpperLimit - LowerLimit == 1)
{
Operator = "=";
ToCheck = LowerLimit;
}
else
{
ToCheck = ((UpperLimit - LowerLimit) / 2) + LowerLimit;
}
Payload = PayGenFunction(Info, Operator, ToCheck.ToString());
if (IsPayloadResponseTrue(F, Payload))
{
if (Operator == "=")
{
return(ToCheck);
}
else
{
UpperLimit = ToCheck;
}
}
else
{
if (Operator == "=" && UpperLimit - LowerLimit == 1)
{
return(-1);
}
else
{
LowerLimit = ToCheck;
}
}
}
return(-1);
}
bool IsPayloadResponseTrue(Fuzzer F, string Payload)
{
Response Res = F.Inject(Payload);
return(IsTrue(Payload, Res));
}
