public Trigger(string RequestTrigger, Request Req, string ResponseTrigger, Response Res)
{
this.RequestTrigger = RequestTrigger;
this.Request = Req.GetClone();
this.ResponseTrigger = ResponseTrigger;
this.Response = Res.GetClone();
}
internal BodyFormatParamters(Request Request, FormatPlugin Plugin, List<bool>CheckStatus, bool CheckAll)
{
this.Request = Request;
this.Plugin = Plugin;
this.CheckStatus = CheckStatus;
this.CheckAll = CheckAll;
}
public override bool Is(Request Req)
{
try
{
return Tools.IsSoap(Req.BodyString.Trim());
}
catch { return false; }
}
public override bool Is(Request Req)
{
try
{
return Tools.IsJson(Req.BodyString);
}
catch { return false; }
}
public void Add(string RequestTrigger, string RequestTriggerDescription, Request Req, string ResponseTrigger, string ResponseTriggerDescription, Response Res)
{
if (Req != null || Res != null)
{
Trigger T = new Trigger(RequestTrigger, RequestTriggerDescription, Req, ResponseTrigger, ResponseTriggerDescription, Res);
this.TriggerList.Add(T);
}
}
public static void AddProbeString(string ProbeString, Request InjectedRequest)
{
Request ClonedReq = InjectedRequest.GetClone();
lock (ProbeStrings)
{
ProbeStrings.Add(ProbeString, ClonedReq);
}
}
public void Add(string RequestTrigger, string RequestTriggerDescription, Request Req)
{
if (Req != null)
{
Trigger T = new Trigger(RequestTrigger, RequestTriggerDescription, Req);
this.TriggerList.Add(T);
}
}
public void Add(Request Req, Response Res)
{
List<string> CookieStrings = new List<string>();
foreach (SetCookie SC in Res.SetCookies)
{
CookieStrings.Add(SC.FullString);
}
Add(Req.Host, CookieStrings);
}
public static List<FormatPlugin> Get(Request Request)
{
List<FormatPlugin> RightPlugins = new List<FormatPlugin>();
foreach (string Name in List())
{
if (Get(Name).Is(Request)) RightPlugins.Add(Get(Name));
}
return RightPlugins;
}
public Session(Fiddler.Session _FiddlerSession)
{
this.FiddlerSession = _FiddlerSession;
this.Request = new Request(this.FiddlerSession);
if (this.FiddlerSession.bHasResponse)
{
this.Response = new Response(this.FiddlerSession);
}
}
public Trigger(string RequestTrigger, string RequestTriggerDescription, Request Req, string ResponseTrigger, string ResponseTriggerDescription, Response Res)
{
this.RequestTrigger = RequestTrigger;
this.RequestTriggerDescription = RequestTriggerDescription;
this.Request = Req.GetClone();
this.ResponseTrigger = ResponseTrigger;
this.RawResponseTriggerDescription = ResponseTriggerDescription;
this.Response = Res.GetClone();
}
public static List<FormatPlugin> Get(Request Request, List<string> FormatsToCheckFor)
{
List<FormatPlugin> RightPlugins = new List<FormatPlugin>();
foreach (string Name in List())
{
if (!FormatsToCheckFor.Contains(Name)) continue;
if (Get(Name).Is(Request)) RightPlugins.Add(Get(Name));
}
return RightPlugins;
}
void AddToTriggers(string RequestTrigger, string RequestTriggerDesc, Request TriggerRequest, string ResponseTrigger, string ResponseTriggerDesc, Response TriggerResponse)
{
this.RequestTriggers.Add(RequestTrigger);
this.ResponseTriggers.Add(ResponseTrigger);
this.RequestTriggerDescs.Add(RequestTriggerDesc);
this.ResponseTriggerDescs.Add(ResponseTriggerDesc);
this.TriggerRequests.Add(TriggerRequest);
this.TriggerResponses.Add(TriggerResponse);
this.TriggerCount = this.TriggerCount + 1;
}
public static string Highlight(Request Req, List<string> ToHighlight)
{
string ReqHeader = Req.GetHeadersAsString();
string Body = Req.BodyString;
ReqHeader = InsertHighlights(ReqHeader, ToHighlight);
Body = InsertHighlights(Body, ToHighlight);
StringBuilder SB = new StringBuilder();
SB.Append(SnipHeaderSection(ReqHeader));
SB.AppendLine(); SB.AppendLine();
SB.Append(SnipBodySection(Body));
return SB.ToString();
}
public override bool Is(Request Req)
{
try
{
if (Req.Headers.Has("Content-Type"))
{
if (Req.Headers.Get("Content-Type").Trim().StartsWith("multipart", StringComparison.OrdinalIgnoreCase))
{
return true;
}
}
return false;
}
catch { return false; }
}
List<string> GetMismatchedQueryParameterNames(Request ReqOne, Request ReqTwo)
{
List<string> ParamNames = new List<string>();
foreach (string Name in ReqOne.Query.GetNames())
{
if (!AreListValuesSame(ReqOne.Query.GetAll(Name), ReqTwo.Query.GetAll(Name)))
{
ParamNames.Add(Name);
}
}
return ParamNames;
}
static Request GetRequest(string RequestHeaders, string RequestBody, bool IsRequestBinary)
{
Request Req;
if (IsRequestBinary)
{
if (RequestBody.Length > 0)
{
byte[] BodyArray;
try
{
BodyArray = Convert.FromBase64String(RequestBody);
}
catch (Exception Exp)
{
throw new Exception("Error retriving body array from base64 string", Exp);
}
Req = new Request(RequestHeaders, BodyArray);
}
else
{
Req = new Request(RequestHeaders, false, true);
}
}
else
{
Req = new Request(RequestHeaders + RequestBody, false, true);
}
return Req;
}
static Request ReadBurpRequest(string RequestString, string MetaLine)
{
string[] MetaParts = MetaLine.Split(new string[] { "://" }, StringSplitOptions.RemoveEmptyEntries);
if (MetaParts.Length != 2) return null;
bool SSL = false;
if (MetaParts[0].EndsWith("https")) SSL = true;
try
{
Request Req = new Request(RequestString, SSL);
return Req;
}
catch
{
return null;
}
}
internal static bool CanInterceptBasedOnFilter(Request Req, Response Res)
{
if (RequestRulesOnResponse)
{
if (!CanInterceptBasedOnFilter(Req)) return false;
}
//Check Hostnames
if (InterceptCheckHostNames)
{
if (InterceptCheckHostNamesPlus && InterceptHostNames.Count > 0)
{
bool Match = false;
foreach (string HostName in InterceptHostNames)
{
if (Res.Host.Equals(HostName, StringComparison.InvariantCultureIgnoreCase))
{
Match = true;
break;
}
}
if (!Match)
{
return false;
}
}
if (InterceptCheckHostNamesMinus && DontInterceptHostNames.Count > 0)
{
foreach (string HostName in DontInterceptHostNames)
{
if (Res.Host.Equals(HostName, StringComparison.InvariantCultureIgnoreCase))
{
return false;
}
}
}
}
//Check Methods Rule
int Code = Res.Code;
switch (Code)
{
case 200:
if (!Intercept200)
return false;
break;
case 301:
case 302:
if (!Intercept301_2)
return false;
break;
case 403:
if (!Intercept403)
return false;
break;
case 500:
if (!Intercept500)
return false;
break;
default:
if (Code > 199 && Code < 300)
{
if (!Intercept2xx)
return false;
}
else if (Code > 299 && Code < 400)
{
if (!Intercept3xx)
return false;
}
else if (Code > 399 && Code < 500)
{
if (!Intercept500)
return false;
}
else if (Code > 499 && Code < 600)
{
if (!Intercept5xx)
return false;
}
break;
}
if (Res.BodyLength > 0)
{
if (Res.ContentType.ToLower().Contains("html"))
{
if (!InterceptHTML) return false;
}
else if (Res.ContentType.ToLower().Contains("css"))
{
if (!InterceptCSS) return false;
}
else if (Res.ContentType.ToLower().Contains("javascript"))
{
if (!InterceptJS) return false;
}
else if (Res.ContentType.ToLower().Contains("xml"))
{
if (!InterceptXML) return false;
}
else if (Res.ContentType.ToLower().Contains("json"))
{
if (!InterceptJSON) return false;
}
else if (Res.ContentType.ToLower().Contains("text"))
{
if (!InterceptOtherText) return false;
}
else if (Res.ContentType.ToLower().Contains("jpg") || Res.ContentType.ToLower().Contains("png") || Res.ContentType.ToLower().Contains("jpeg") || Res.ContentType.ToLower().Contains("gif") || Res.ContentType.ToLower().Contains("ico"))
{
if (!InterceptImg) return false;
}
else
{
if (!InterceptOtherBinary) return false;
}
}
//Check Keyword
if (InterceptCheckResponseWithKeyword)
{
if (InterceptCheckResponseWithKeywordPlus && InterceptResponseWithKeyword.Length > 0)
{
if (!Res.ToString().Contains(InterceptResponseWithKeyword))
{
return false;
}
}
if (InterceptCheckResponseWithKeywordMinus && DontInterceptResponseWithKeyword.Length > 0)
{
if (Res.ToString().Contains(DontInterceptResponseWithKeyword))
{
return false;
}
}
}
return true;
}
internal static bool CanInterceptBasedOnFilter(Request Req)
{
//Check Hostnames
if (InterceptCheckHostNames)
{
if (InterceptCheckHostNamesPlus && InterceptHostNames.Count > 0)
{
bool Match = false;
foreach (string HostName in InterceptHostNames)
{
if (Req.Host.Equals(HostName, StringComparison.InvariantCultureIgnoreCase))
{
Match = true;
break;
}
}
if (!Match)
{
return false;
}
}
if (InterceptCheckHostNamesMinus && DontInterceptHostNames.Count > 0)
{
foreach (string HostName in DontInterceptHostNames)
{
if (Req.Host.Equals(HostName, StringComparison.InvariantCultureIgnoreCase))
{
return false;
}
}
}
}
//Check Methods Rule
if (!InterceptGET)
{
if (Req.Method.Equals("GET", StringComparison.CurrentCultureIgnoreCase))
{
return false;
}
}
if (!InterceptPOST)
{
if (Req.Method.Equals("POST", StringComparison.CurrentCultureIgnoreCase))
{
return false;
}
}
if (!InterceptOtherMethods)
{
if (!(Req.Method.Equals("GET", StringComparison.CurrentCultureIgnoreCase) || Req.Method.Equals("POST", StringComparison.CurrentCultureIgnoreCase)))
{
return false;
}
}
//Check File Extensions
Req.StoredFile = Req.File;
if (InterceptCheckFileExtensions && Req.StoredFile.Length > 0)
{
if (InterceptCheckFileExtensionsPlus && InterceptFileExtensions.Count > 0)
{
bool Match = false;
foreach (string File in InterceptFileExtensions)
{
if (Req.StoredFile.Equals(File, StringComparison.InvariantCultureIgnoreCase))
{
Match = true;
break;
}
}
if (!Match)
{
return false;
}
}
if (InterceptCheckFileExtensionsMinus && DontInterceptFileExtensions.Count > 0)
{
foreach (string File in DontInterceptFileExtensions)
{
if (Req.StoredFile.Equals(File, StringComparison.InvariantCultureIgnoreCase))
{
return false;
}
}
}
}
//Check Keyword
if (InterceptCheckRequestWithKeyword)
{
if (InterceptCheckRequestWithKeywordPlus && InterceptRequestWithKeyword.Length > 0)
{
if (!Req.ToString().Contains(InterceptRequestWithKeyword))
{
return false;
}
}
if (InterceptCheckRequestWithKeywordMinus && DontInterceptRequestWithKeyword.Length > 0)
{
if (Req.ToString().Contains(DontInterceptRequestWithKeyword))
{
return false;
}
}
}
return true;
}
//internal static void UpdateCurrentSessionWithNewRequestHeader(string HeaderString)
//{
// string NewRequestHeaders = HeaderString.TrimEnd(new char[]{'\r','\n'});
// NewRequestHeaders += "\r\n\r\n";
// IronProxy.CurrentSession.Request = new Request(NewRequestHeaders, IronProxy.CurrentSession.Request.SSL, false);
// IronProxy.CurrentSession.Request.ID = IronProxy.CurrentSession.OriginalRequest.ID;
// byte[] OldBody = new byte[IronProxy.CurrentSession.OriginalRequest.BodyArray.Length];
// IronProxy.CurrentSession.OriginalRequest.BodyArray.CopyTo(OldBody, 0);
// IronProxy.CurrentSession.Request.BodyArray = OldBody;
// IronProxy.CurrentSession.FiddlerSession.oRequest.headers.AssignFromString(IronProxy.CurrentSession.Request.GetHeadersAsString());
//}
//internal static void UpdateFiddlerSessionWithNewRequestHeader()
//{
// IronProxy.CurrentSession.FiddlerSession.oRequest.headers.AssignFromString(IronProxy.CurrentSession.Request.GetHeadersAsString());
//}
//internal static void UpdateCurrentSessionWithNewRequestBodyText(string BodyString)
//{
// if (IronProxy.CurrentSession.Request.IsBinary)
// {
// IronProxy.CurrentSession.Request.BodyArray = Encoding.UTF8.GetBytes(BodyString);
// }
// else
// {
// IronProxy.CurrentSession.Request.BodyString = BodyString;
// }
// IronProxy.CurrentSession.FiddlerSession.utilSetRequestBody(IronProxy.CurrentSession.Request.BodyString);
//}
//internal static void UpdateFiddlerSessionWithNewRequestBody()
//{
// IronProxy.CurrentSession.FiddlerSession.utilSetRequestBody(IronProxy.CurrentSession.Request.BodyString);
//}
internal static void UpdateCurrentSessionWithNewRequest(Request Req)
{
IronProxy.CurrentSession.Request = Req;
IronProxy.CurrentSession.Request.ID = IronProxy.CurrentSession.OriginalRequest.ID;
//UpdateFiddlerSessionWithNewRequest();
}
internal static void UpdateScan(int ScanID, Request Req, string Status, string InjectionPoints, string FormatPlugin, string ScanPlugins, string SessionPlugin)
{
using(SQLiteConnection DB = new SQLiteConnection("data source=" + IronProjectFile))
{
DB.Open();
using(SQLiteCommand Cmd = DB.CreateCommand())
{
Cmd.CommandText = "UPDATE ScanQueue SET RequestHeaders=@RequestHeaders, RequestBody=@RequestBody, BinaryRequest=@BinaryRequest, Status=@Status, Method=@Method, URL=@URL, SessionPlugin=@SessionPlugin, InjectionPoints=@InjectionPoints, FormatPlugin=@FormatPlugin, ScanPlugins=@ScanPlugins WHERE ScanID=@ScanID";
Cmd.Parameters.AddWithValue("@ScanID", ScanID);
Cmd.Parameters.AddWithValue("@RequestHeaders", Req.GetHeadersAsString());
if(Req.IsBinary)
Cmd.Parameters.AddWithValue("@RequestBody", Req.BinaryBodyString);
else
Cmd.Parameters.AddWithValue("@RequestBody", Req.BodyString);
Cmd.Parameters.AddWithValue("@BinaryRequest", AsInt(Req.IsBinary));
Cmd.Parameters.AddWithValue("@Status", Status);
Cmd.Parameters.AddWithValue("@Method", Req.Method);
Cmd.Parameters.AddWithValue("@URL", Req.FullUrl);
Cmd.Parameters.AddWithValue("@SessionPlugin", SessionPlugin);
Cmd.Parameters.AddWithValue("@InjectionPoints", InjectionPoints);
Cmd.Parameters.AddWithValue("@FormatPlugin", FormatPlugin);
Cmd.Parameters.AddWithValue("@ScanPlugins", ScanPlugins);
Cmd.ExecuteNonQuery();
}
}
}
internal static void CreateScan(int ScanID, Request Req)
{
using(SQLiteConnection DB = new SQLiteConnection("data source=" + IronProjectFile))
{
DB.Open();
using (SQLiteCommand Cmd = DB.CreateCommand())
{
Cmd.CommandText = "INSERT INTO ScanQueue (ScanID, RequestHeaders, RequestBody, BinaryRequest, Status, Method, URL) VALUES (@ScanID, @RequestHeaders, @RequestBody, @BinaryRequest, @Status, @Method, @URL)";
Cmd.Parameters.AddWithValue("@ScanID", ScanID);
Cmd.Parameters.AddWithValue("@RequestHeaders", Req.GetHeadersAsString());
if (Req.IsBinary)
Cmd.Parameters.AddWithValue("@RequestBody", Req.BinaryBodyString);
else
Cmd.Parameters.AddWithValue("@RequestBody", Req.BodyString);
Cmd.Parameters.AddWithValue("@BinaryRequest", AsInt(Req.IsBinary));
Cmd.Parameters.AddWithValue("@Status", "Not Started");
Cmd.Parameters.AddWithValue("@Method", Req.Method);
Cmd.Parameters.AddWithValue("@URL", Req.FullUrl);
Cmd.ExecuteNonQuery();
}
}
//CreateScan(ScanID, Req, "Not Started", "", "", "", "");
}
public Session(string RequestString)
{
this.FiddlerSession = Session.CreateFiddlerSessionFromRequestString(RequestString);
this.Request = new Request(this.FiddlerSession);
}
public Session(string RequestString, string ResponseString)
{
this.Request = new Request(RequestString,false,true);
this.Response = new Response(ResponseString);
this.FiddlerSession = new Fiddler.Session(this.Request.GetFullRequestAsByteArray(), this.Response.GetFullResponseAsByteArray());
}
internal void ReloadRequestFromString(string RequestString)
{
this.OriginalRequest = new Request(RequestString, false, true);
this.OriginalRequest.ScanID = this.ScanID;
}
public Session(Request Request, Response Response)
{
this.Request = Request;
this.Response = Response;
this.FiddlerSession = new Fiddler.Session(this.Request.GetFullRequestAsByteArray(), this.Response.GetFullResponseAsByteArray());
}
internal bool IsUniqueToScan(Request Req, List<Request> ScannedRequests, bool IgnoreUrl )
{
int DuplicateNamesMatchCounter = 0;
foreach (Request RR in ScannedRequests)
{
if (!Req.Method.Equals(RR.Method)) continue;
if (Req.HasBody != RR.HasBody) continue;
if (Req.UrlPathParts.Count != RR.UrlPathParts.Count) continue;
if (Req.Query.Count != RR.Query.Count) continue;
if (Req.HasBody)
{
if (Req.Body.Count != RR.Body.Count) continue;
}
if (Req.URLPath.Equals(RR.URLPath))
{
List<string> ReqQueryNames = Req.Query.GetNames();
List<string> RRQueryNames = RR.Query.GetNames();
if (AreListValuesSame(ReqQueryNames, RRQueryNames))
{
if (PromptUser)
{
List<string> MismatchedParameters = GetMismatchedQueryParameterNames(Req, RR);
if (IsAnyQueryParameterUnique(MismatchedParameters))
return true;
else if (AreAllQueryParametersNonUnique(MismatchedParameters))
{
if (!Req.HasBody) return false;
}
else
{
StringBuilder Message = new StringBuilder();
Message.Append("<i<b>><i<cg>>Request A:<i</cg>><i</b>><i<br>>");
Message.Append(" "); Message.Append(RR.Method); Message.Append(" "); Message.Append(RR.UrlPath); Message.Append("?");
foreach (string Name in RR.Query.GetNames())
{
foreach (string Value in RR.Query.GetAll(Name))
{
if (MismatchedParameters.Contains(Name)) Message.Append("<i<hlo>>");
Message.Append(Name); Message.Append("="); Message.Append(Value);
if (MismatchedParameters.Contains(Name)) Message.Append("<i</hlo>>");
Message.Append("&");
}
}
if (Message.ToString().EndsWith("&")) Message.Remove(Message.Length - 1, 1);
Message.Append("<i<br>>");
Message.Append("<i<b>><i<cg>>Request B:<i</cg>><i</b>><i<br>>");
Message.Append(" "); Message.Append(Req.Method); Message.Append(" "); Message.Append(Req.UrlPath); Message.Append("?");
foreach (string Name in Req.Query.GetNames())
{
foreach (string Value in Req.Query.GetAll(Name))
{
if (MismatchedParameters.Contains(Name)) Message.Append("<i<hlo>>");
Message.Append(Name); Message.Append("="); Message.Append(Value);
if (MismatchedParameters.Contains(Name)) Message.Append("<i</hlo>>");
Message.Append("&");
}
}
if (Message.ToString().EndsWith("&")) Message.Remove(Message.Length - 1, 1);
Message.Append("<i<br>>");
Message.Append("<i<br>>");
Message.Append(@"Request A has been sent for scanning already. Request B is being considered for scanning.<i<br>>
Request A & Request B have the same Query parameter names but some parameters have different values.<i<br>>
If Request B can be considered a duplicate of A and not scanned then just hit 'Submit'.<i<br>>
If the values of some the mis-matched parameters makes Request B unique then select those Query Paramters from the provided list and then hit 'Submit'");
List<int> AskUserResponse = AskUser.ForList("Duplicate Scan Item Check", Message.ToString(), "Scan Request B", "Don't scan Request B", "Scan Request B and set these parameters as unique", MismatchedParameters);
List<string> UniqueParams = new List<string>();
for (int i = 2; i < AskUserResponse.Count; i++)
{
UniqueParams.Add(MismatchedParameters[AskUserResponse[i]]);
}
if (UniqueParams.Count > 0 || AskUserResponse[0] == 1)
{
UniqueQueryParameters.AddRange(UniqueParams);
return true;
}
else
{
NonUniqueQueryParameters.AddRange(MismatchedParameters);
if (!Req.HasBody) return false;
}
}
}
else
{
if (!Req.HasBody)
{
DuplicateNamesMatchCounter++;
if (DuplicateNamesMatchCounter > 20)
{
return false;
}
}
}
}
else
{
continue;
}
if (Req.HasBody)
{
List<string> ReqBodyNames = Req.Body.GetNames();
List<string> RRBodyNames = RR.Body.GetNames();
if (AreListValuesSame(ReqBodyNames, RRBodyNames))
{
if (PromptUser)
{
List<string> MismatchedParameters = GetMismatchedBodyParameterNames(Req, RR);
if (IsAnyBodyParameterUnique(MismatchedParameters))
return true;
else if (AreAllBodyParametersNonUnique(MismatchedParameters))
{
return false;
}
else
{
StringBuilder Message = new StringBuilder();
Message.Append("<i<b>><i<cg>>Request A:<i</cg>><i</b>><i<br>>");
Message.Append(" "); Message.Append(RR.Method); Message.Append(" "); Message.Append(RR.Url); Message.Append("<i<br>><i<br>>"); Message.Append(" ");
foreach (string Name in RR.Body.GetNames())
{
foreach (string Value in RR.Body.GetAll(Name))
{
if (MismatchedParameters.Contains(Name)) Message.Append("<i<hlo>>");
Message.Append(Name); Message.Append("="); Message.Append(Value);
if (MismatchedParameters.Contains(Name)) Message.Append("<i</hlo>>");
Message.Append("&");
}
}
if (Message.ToString().EndsWith("&")) Message.Remove(Message.Length - 1, 1);
Message.Append("<i<br>>");
Message.Append("<i<br>>");
Message.Append("<i<b>><i<cg>>Request B:<i</cg>><i</b>><i<br>>");
Message.Append(" "); Message.Append(Req.Method); Message.Append(" "); Message.Append(Req.Url); Message.Append("<i<br>><i<br>>"); Message.Append(" ");
foreach (string Name in Req.Body.GetNames())
{
foreach (string Value in Req.Body.GetAll(Name))
{
if (MismatchedParameters.Contains(Name)) Message.Append("<i<hlo>>");
Message.Append(Name); Message.Append("="); Message.Append(Value);
if (MismatchedParameters.Contains(Name)) Message.Append("<i</hlo>>");
Message.Append("&");
}
}
if (Message.ToString().EndsWith("&")) Message.Remove(Message.Length - 1, 1);
Message.Append("<i<br>>");
Message.Append("<i<br>>");
Message.Append(@"Request A has been sent for scanning already. Request B is being considered for scanning.<i<br>>
Request A & Request B have the same Body parameter names but some parameters have different values.<i<br>>
If Request B can be considered a duplicate of A and not scanned then just hit 'Submit'.<i<br>>
If the values of some the mis-matched parameters makes Request B unique then select those Body Paramters from the provided list and then hit 'Submit'");
List<int> AskUserResponse = AskUser.ForList("Duplicate Scan Item Check", Message.ToString(), "Scan Request B", "Don't scan Request B", "Scan Request B and set these parameters as unique", MismatchedParameters);
List<string> UniqueParams = new List<string>();
for (int i = 2; i < AskUserResponse.Count; i++)
{
UniqueParams.Add(MismatchedParameters[AskUserResponse[i]]);
}
if (UniqueParams.Count > 0 || AskUserResponse[0] == 1)
{
UniqueBodyParameters.AddRange(UniqueParams);
return true;
}
else
{
NonUniqueBodyParameters.AddRange(MismatchedParameters);
return false;
}
}
}
else
{
DuplicateNamesMatchCounter++;
if (DuplicateNamesMatchCounter > 20)
{
return false;
}
}
}
else
{
continue;
}
}
}
else
{
if (!PromptUser) return true;
if (IgnoreUrl) return false;
if (!(Req.File.Equals("") && RR.File.Equals(""))) continue;
List<string> PathPartMatch = new List<string>();
List<string> ReqUrlPathParts = new List<string>(Req.UrlPathParts);
List<string> RRUrlPathParts = new List<string>(RR.UrlPathParts);
List<string> MatchUrlPathParts = new List<string>();
List<string> MatchedParts = new List<string>();
List<string> ReqAMismatchedParts = new List<string>();
List<string> ReqBMismatchedParts = new List<string>();
bool LastMatch = true;
for (int i = 0; i < ReqUrlPathParts.Count; i++)
{
if (LastMatch)
{
if (ReqUrlPathParts[i].Equals(RRUrlPathParts[i]))
{
MatchUrlPathParts.Add(ReqUrlPathParts[i]);
MatchedParts.Add(ReqUrlPathParts[i]);
}
else
{
LastMatch = false;
MatchUrlPathParts.Add("*");
ReqAMismatchedParts.Add(RRUrlPathParts[i]);
ReqBMismatchedParts.Add(ReqUrlPathParts[i]);
}
}
else
{
MatchUrlPathParts.Add("*");
ReqAMismatchedParts.Add(RRUrlPathParts[i]);
ReqBMismatchedParts.Add(ReqUrlPathParts[i]);
}
}
if (MatchedParts.Count == 0) continue;
List<string> MatchUrlPathSignatures = UniqueUrlSignatureGenerator(MatchedParts, ReqBMismatchedParts);
string MatchUrlPathSignature = "/" + String.Join("/", MatchUrlPathParts.ToArray()) + "/";
if (IsUrlPathSignatureUnique(MatchUrlPathSignatures)) return true;
if (IsUrlPathSignatureNonUnique(MatchUrlPathSignatures)) return false;
StringBuilder Message = new StringBuilder();
Message.Append("<i<b>><i<cg>>Request A:<i</cg>><i</b>><i<br>>");
Message.Append(" "); Message.Append(RR.Method); Message.Append(" ");
foreach (string Part in MatchedParts)
{
Message.Append("/"); Message.Append(Part);
}
foreach (string Part in ReqAMismatchedParts)
{
Message.Append("/"); Message.Append("<i<hlo>>"); Message.Append(Part); Message.Append("<i</hlo>>");
}
if (RR.Url.EndsWith("/")) Message.Append("/");
Message.Append("<i<br>>");
Message.Append("<i<br>>");
Message.Append("<i<b>><i<cg>>Request B:<i</cg>><i</b>><i<br>>");
Message.Append(" "); Message.Append(Req.Method); Message.Append(" ");
foreach (string Part in MatchedParts)
{
Message.Append("/"); Message.Append(Part);
}
foreach (string Part in ReqBMismatchedParts)
{
Message.Append("/"); Message.Append("<i<hlo>>"); Message.Append(Part); Message.Append("<i</hlo>>");
}
if (Req.Url.EndsWith("/")) Message.Append("/");
Message.Append("<i<br>>");
Message.Append("<i<br>>");
Message.Append(@"Request A has been sent for scanning already. Request B is being considered for scanning.<i<br>>
Request A & Request B have the same starting URL but some sections of the URL differ, this could probably be a case of URL re-writing.<i<br>>
If Request B can be considered a duplicate of A and not scanned then just hit 'Submit'.<i<br>>
If some sections of the URL path make Request B unique then select those sections from the provided list and then hit 'Submit'");
List<int> AskUserResponse = AskUser.ForList("Duplicate Scan Item Check", Message.ToString(), "Scan Request B", "Don't scan Request B", "Scan Request B and set these parameters as unique", ReqBMismatchedParts);
List<int> UniquePathPartPositions = new List<int>();
for (int i = 2; i < AskUserResponse.Count; i++)
{
UniquePathPartPositions.Add(AskUserResponse[i]);
}
if (UniquePathPartPositions.Count == 0 && AskUserResponse[1] == 1)
{
NonUniqueUrlParameters.Add(MatchUrlPathSignature);
return false;
}
else
{
if(UniquePathPartPositions.Count > 0)
{
List<string> NewSignatureList = new List<string>(MatchedParts);
for (int ii = 0; ii < ReqBMismatchedParts.Count; ii++)
{
if (UniquePathPartPositions.Contains(ii))
NewSignatureList.Add(ReqBMismatchedParts[ii]);
else
NewSignatureList.Add("*");
}
NonUniqueUrlParameters.Add("/" + string.Join("/", NewSignatureList.ToArray()) + "/");
}
return true;
}
}
}
return true;
}
public Session(Request Req)
{
this.FiddlerSession = Req.ReturnAsFiddlerSession();
this.Request = Req;
}
internal static void LogMTRequest(Request Request)
{
using (SQLiteConnection MT_DB = new SQLiteConnection("data source=" + TestLogFile))
{
MT_DB.Open();
using (SQLiteCommand Cmd = MT_DB.CreateCommand())
{
Cmd.CommandText = "INSERT INTO TestLog (ID, SSL, HostName, Method, URL, File, Parameters, RequestHeaders, RequestBody, BinaryRequest, Notes) VALUES (@ID, @SSL, @HostName, @Method, @URL, @File, @Parameters, @RequestHeaders, @RequestBody, @BinaryRequest, @Notes)";
Cmd.Parameters.AddWithValue("@ID", Request.ID);
Cmd.Parameters.AddWithValue("@SSL", AsInt(Request.SSL));
Cmd.Parameters.AddWithValue("@HostName", Request.Host);
Cmd.Parameters.AddWithValue("@Method", Request.Method);
Cmd.Parameters.AddWithValue("@URL", Request.URL);
Cmd.Parameters.AddWithValue("@File", Request.File);
Cmd.Parameters.AddWithValue("@Parameters", Request.GetParametersString());
//Cmd.Parameters.AddWithValue("@RequestHeaders", Request.GetHeadersAsStringWithoutFullURL());
Cmd.Parameters.AddWithValue("@RequestHeaders", Request.GetHeadersAsString());
if (Request.IsBinary)
Cmd.Parameters.AddWithValue("@RequestBody", Request.BinaryBodyString);
else
Cmd.Parameters.AddWithValue("@RequestBody", Request.BodyString);
//Cmd.Parameters.AddWithValue("@RequestBody", Request.BodyString);
Cmd.Parameters.AddWithValue("@BinaryRequest", AsInt(Request.IsBinary));
Cmd.Parameters.AddWithValue("@Notes", "Some Notes");
Cmd.ExecuteNonQuery();
}
}
}