Пример #1
0
 internal static void AddToCheckResponse(Session Sess)
 {
     lock (CheckResponse)
     {
         CheckResponse.Enqueue(Sess);
     }
 }
Пример #2
0
 internal static void AddToCheckRequest(Session Sess)
 {
     lock (CheckRequest)
     {
         CheckRequest.Enqueue(Sess);
     }
 }
Пример #3
0
        static void ProcessBurpMessage(string BurpMessage, string MetaLine)
        {
            string[] BurpMessageParts = BurpMessage.Split(new string[] { "\r\n======================================================\r\n" }, 2, StringSplitOptions.RemoveEmptyEntries);
            Session IrSe = null;
            if (BurpMessageParts.Length > 0)
            {
                Request Req = ReadBurpRequest(BurpMessageParts[0], MetaLine);
                if (Req != null)
                {
                    IrSe = new Session(Req);
                    IrSe.ID = Interlocked.Increment(ref Config.ProxyRequestsCount);
                    IronUpdater.AddProxyRequest(IrSe.Request.GetClone(true));
                    PassiveChecker.AddToCheckRequest(IrSe);
                }
            }
            if (BurpMessageParts.Length == 2)
            {
                if (IrSe != null)
                {
                    try
                    {
                        Response Res = new Response(BurpMessageParts[1]);
                        IrSe.Response = Res;
                        IrSe.Response.ID = IrSe.Request.ID;
                        IronUpdater.AddProxyResponse(IrSe.Response.GetClone(true));
                        PassiveChecker.AddToCheckResponse(IrSe);
                    }
                    catch
                    {

                    }
                }
            }
        }
Пример #4
0
 internal static void AddToCheckRequest(Session Sess)
 {
     switch (Sess.Request.Source)
     {
         case RequestSource.Proxy:
             if (!RunOnProxyTraffic) return;
             break;
         case RequestSource.Shell:
             if (!RunOnShellTraffic) return;
             break;
         case RequestSource.Test:
             if (!RunOnTestTraffic) return;
             break;
         case RequestSource.Scan:
             if (!RunOnScanTraffic) return;
             break;
         case RequestSource.Probe:
             if (!RunOnProbeTraffic) return;
             break;
         default:
             if (!Sess.Request.CanRunPassivePlugins) return;
             break;
     }
     lock (CheckRequest)
     {
         CheckRequest.Enqueue(Sess);
     }
 }
Пример #5
0
 public bool DoesMatchResponseInterceptionRules(Session Sess)
 {
     if (Sess.Response == null)
     {
         return false;
     }
     else
     {
         return IronProxy.CanInterceptBasedOnFilter(Sess.Request, Sess.Response);
     }
 }
Пример #6
0
 public bool DoesMatchRules(Session Sess)
 {
     if (Sess.Response == null)
     {
         return this.DoesMatchRequestInterceptionRules(Sess);
     }
     else
     {
         return this.DoesMatchResponseInterceptionRules(Sess);
     }
 }
Пример #7
0
 public static void RunAllRequestBasedInlinePassivePlugins(Session IrSe)
 {
     foreach (string Name in PassivePlugin.GetInLinePluginsForRequest())
     {
         PassivePlugin P = PassivePlugin.Get(Name);
         if ((P.WorksOn == PluginWorksOn.Request) || (P.WorksOn == PluginWorksOn.Both))
         {
             if (P.CallingState == PluginCallingState.Inline)
             {
                 try
                 {
                     PluginEngine.RunPassivePlugin(P, IrSe);
                 }
                 catch (Exception Exp)
                 {
                     IronException.Report("Error executing 'BeforeRequestInterception' Passive Plugin - " + Name, Exp.Message, Exp.StackTrace);
                 }
             }
         }
     }
 }
Пример #8
0
 public static void RunAllPassivePluginsAfterRequestInterception(Session IrSe)
 {
     foreach (string Name in PassivePlugin.List())
     {
         PassivePlugin P = PassivePlugin.Get(Name);
         if ((P.WorksOn == PluginWorksOn.Request) || (P.WorksOn == PluginWorksOn.Both))
         {
             if ((P.CallingState == PluginCallingState.AfterInterception) || (P.CallingState == PluginCallingState.Both))
             {
                 try
                 {
                     PluginStore.RunPassivePlugin(P, IrSe);
                 }
                 catch(Exception Exp)
                 {
                     IronException.Report("Error executing 'AfterRequestInterception' Passive Plugin - " + Name, Exp.Message, Exp.StackTrace);
                 }
             }
         }
     }
 }
Пример #9
0
 internal static void SendSessionToProxy(Session IrSe)
 {
     if (UI.ProxyInterceptTabs.InvokeRequired)
     {
         SendSessionToProxy_d sstp_d = new SendSessionToProxy_d(SendSessionToProxy);
         UI.Invoke(sstp_d, new object[] { IrSe });
     }
     else
     {
         if (IronProxy.ManualTamperingFree)
         {
             FillInterceptorTab(IrSe);
             if (!UI.main_tab.SelectedTab.Name.Equals("mt_proxy")) UI.main_tab.SelectTab("mt_proxy");
             MakeUiTopMost(true);
         }
         else
         {
             string ID = IrSe.ID.ToString();
             if (IrSe.FiddlerSession.state == Fiddler.SessionStates.HandTamperRequest)
             {
                 ID = ID + "-Request";
             }
             else
             {
                 ID = ID + "-Response";
             }
             lock (IronProxy.SessionsQ)
             {
                 IronProxy.SessionsQ.Enqueue(ID);
             }
         }
     }
 }
Пример #10
0
        internal static void FillInterceptorTab(Session IrSe)
        {
            IronProxy.ManualTamperingFree = false;
            IronProxy.CurrentSession = IrSe;
            ResetProxyInterceptionFields();

            if (IrSe.FiddlerSession.state == Fiddler.SessionStates.HandTamperRequest)
            {
                UI.ProxyInterceptTabs.SelectedIndex = 0;
                IronProxy.CurrentSession.OriginalRequest = IrSe.Request.GetClone(true);
                FillProxyFields(IrSe.Request);
                MakeProxyRequestFieldsReadOnly(false);
            }
            else
            {
                UI.ProxyInterceptTabs.SelectedIndex = 1;
                IronProxy.CurrentSession.OriginalResponse = IrSe.Response.GetClone(true);
                FillProxyFields(IrSe.Response, IrSe.Request);
                FillProxyFields(IrSe.Request);
                MakeProxyResponseFieldsReadOnly(false);
            }
            IronProxy.ResetChangedStatus();
            UI.ProxyBaseSplit.Panel1.BackColor = Color.SkyBlue;
            UI.ProxySendBtn.Enabled = true;
            UI.ProxyDropBtn.Enabled = true;
        }
Пример #11
0
 public static PluginResults RunPassivePlugin(PassivePlugin P, Session Irse)
 {
     PluginResults Results = new PluginResults();
     P.Check(Irse, Results);
     foreach (PluginResult PR in Results.GetAll())
     {
         PR.Plugin = P.Name;
         IronUpdater.AddPluginResult(PR);
     }
     return Results;
 }
Пример #12
0
 internal static void FillLogDisplayFields(Session IrSe)
 {
     if (UI.LogDisplayTabs.InvokeRequired)
     {
         FillLogDisplayFields_d FLDF_d = new FillLogDisplayFields_d(FillLogDisplayFields);
         UI.Invoke(FLDF_d, new object[] { IrSe });
     }
     else
     {
         if (IrSe == null) return;
         if (IrSe.Request != null) FillLogFields(IrSe.Request);
         if (IrSe.Response != null) FillLogFields(IrSe.Response, IrSe.Request);
         //FillLogReflection(Reflection);
         try
         {
             UI.LogSourceLbl.Text = "Source: " + IronLog.CurrentSourceName;
             UI.LogIDLbl.Text = "ID: " + IronLog.CurrentID.ToString();
         }
         catch { }
         UI.ProxyShowOriginalRequestCB.Checked = false;
         UI.ProxyShowOriginalResponseCB.Checked = false;
         UI.ProxyShowOriginalRequestCB.Visible = IrSe.OriginalRequest != null;
         UI.ProxyShowOriginalResponseCB.Visible = IrSe.OriginalResponse != null;
         IronUI.ResetLogStatus();
     }
 }
Пример #13
0
 public Session GetClone()
 {
     Session ClonedIrSe = null;
     if (this.Response != null)
     {
         ClonedIrSe = new Session(this.Request.GetClone(), this.Response.GetClone());
     }
     else
     {
         ClonedIrSe = new Session(this.Request.GetClone());
     }
     return ClonedIrSe;
 }
Пример #14
0
        internal static void BeforeRequest(Fiddler.Session Sess)
        {
            if (Sess.HTTPMethodIs("Connect"))
            {
                if (IronProxy.UseUpstreamProxy)
                {
                    string UpstreamProxyString = string.Format("{0}:{1}", IronProxy.UpstreamProxyIP, IronProxy.UpstreamProxyPort.ToString());
                    Sess.oFlags.Add("x-overrideGateway", UpstreamProxyString);
                }
                if (Config.HasFiddlerFlags)
                {
                    string[,] Flags = Config.GetFiddlerFlags();
                    for (int i = 0; i < Flags.GetLength(0); i++)
                    {
                        Sess.oFlags.Add(Flags[i, 0], Flags[i, 1]);
                    }
                }
                return;
            }
            if(Sess.oFlags.ContainsKey("IronFlag-BuiltBy"))
            {
                if (Sess.oFlags["IronFlag-BuiltBy"].Equals("Stealth"))
                {
                    if (IronProxy.UseUpstreamProxy)
                    {
                        string UpstreamProxyString = string.Format("{0}:{1}", IronProxy.UpstreamProxyIP, IronProxy.UpstreamProxyPort.ToString());
                        Sess.oFlags.Add("x-overrideGateway", UpstreamProxyString);
                    }
                    if (Config.HasFiddlerFlags)
                    {
                        string[,] Flags = Config.GetFiddlerFlags();
                        for (int i = 0; i < Flags.GetLength(0); i++)
                        {
                            Sess.oFlags.Add(Flags[i, 0], Flags[i, 1]);
                        }
                    }
                    return;
                }
            }
            Session IrSe;
            try
            {
                IrSe = new Session(Sess);
            }
            catch(Exception Exp)
            {
                IronException.Report("Error reading Request", Exp.Message, Exp.StackTrace);
                return;
            }
            if (IrSe == null)
            {
                IronException.Report("Error reading Request", "", "");
                return;
            }
            if (IrSe.Request == null)
            {
                IronException.Report("Error reading Request", "", "");
                return;
            }
            if (IrSe.FiddlerSession == null)
            {
                IronException.Report("Error reading Request", "", "");
                return;
            }

            //Needs to be turned on to read the response body
            IrSe.FiddlerSession.bBufferResponse = true;

            IrSe.Request.TimeObject = DateTime.Now;
            if (Sess.oFlags.ContainsKey("IronFlag-Ticks"))
            {
                IrSe.FiddlerSession.oFlags["IronFlag-Ticks"] = IrSe.Request.TimeObject.Ticks.ToString();
            }
            else
            {
                IrSe.FiddlerSession.oFlags.Add("IronFlag-Ticks", IrSe.Request.TimeObject.Ticks.ToString());
            }

            //try
            //{
            //    Session ClonedIronSessionWithRequest = IrSe.GetClone();
            //    if (ClonedIronSessionWithRequest != null && ClonedIronSessionWithRequest.Request != null)
            //        PassiveChecker.AddToCheckRequest(ClonedIronSessionWithRequest);
            //    else
            //        IronException.Report("IronSession Request Couldn't be cloned at ID - " + IrSe.ID.ToString(),"","");
            //}
            //catch(Exception Exp)
            //{
            //    IronException.Report("Error Cloning IronSession in BeforeRequest", Exp.Message, Exp.StackTrace);
            //}

            if (PluginEngine.ShouldRunRequestBasedPassivePlugins())
            {
                try
                {
                    PluginEngine.RunAllRequestBasedInlinePassivePlugins(IrSe);
                    IrSe.UpdateFiddlerSessionFromIronSession();
                }
                catch (Exception Exp)
                {
                    IronException.Report("Error running 'Inline' Passive plugins on Request", Exp.Message, Exp.StackTrace);
                }
            }

            if (!IrSe.FiddlerSession.isFlagSet(Fiddler.SessionFlags.RequestGeneratedByFiddler))
            {
                IrSe.ID = Interlocked.Increment(ref Config.ProxyRequestsCount);
                IrSe.OriginalRequest = IrSe.Request.GetClone(true);
                //IronUpdater.AddProxyRequest(IrSe.Request);
                if(CanInterceptRequest(IrSe))
                {
                    IrSe.MSR = new ManualResetEvent(false);
                    InterceptedSessions.Add(IrSe.ID + "-Request", IrSe);
                    IrSe.FiddlerSession.state = Fiddler.SessionStates.HandTamperRequest;
                    IronUI.SendSessionToProxy(IrSe);
                    InterceptedSessions[IrSe.ID + "-Request"].MSR.WaitOne();
                    InterceptedSessions.Remove(IrSe.ID + "-Request");

                    IrSe.UpdateFiddlerSessionFromIronSession();
                }
                else if (ScriptedInterceptionEnabled)
                {
                    IrSe.UpdateFiddlerSessionFromIronSession();
                }
                else
                {
                    IrSe.FiddlerSession.state = Fiddler.SessionStates.AutoTamperRequestBefore;
                }

                if (ScriptedInterceptionEnabled && ScInt.CallAfterInterception)
                {
                    try
                    {
                        ScInt.AfterInterception = true;
                        ScInt.ShouldIntercept(IrSe);
                    }
                    catch (Exception Exp)
                    {
                        IronUI.ShowProxyException("Error in Scripted Interception Script");
                        IronException.Report("Error in Scripted Interception Script", Exp);
                    }
                    ScInt.AfterInterception = false;
                    IrSe.UpdateFiddlerSessionFromIronSession();
                }

                if (IronProxy.WasRequestChanged(IrSe))
                {
                    Request ClonedRequest = IrSe.Request.GetClone(true);
                    //IronUpdater.AddProxyRequestsAfterEdit(IrSe.OriginalRequest.GetClone(true), ClonedRequest);
                    //IronUI.UpdateEditedProxyLogRequestEntry(ClonedRequest);
                    IronUpdater.AddProxyRequests(new Request[] { IrSe.OriginalRequest, IrSe.Request });
                }
                else
                {
                    IronUpdater.AddProxyRequests(new Request[] { null, IrSe.Request });
                }
            }
            else
            {
                if (Sess.oFlags["IronFlag-BuiltBy"].Equals("Shell"))
                {
                    IronUpdater.AddShellRequest(IrSe.Request);
                }
                else if (Sess.oFlags["IronFlag-BuiltBy"].Equals("Scan"))
                {
                    IronUpdater.AddScanRequest(IrSe.Request);
                }
                else if (Sess.oFlags["IronFlag-BuiltBy"].Equals("Probe"))
                {
                    IronUpdater.AddProbeRequest(IrSe.Request);
                }
                else if (Config.IsSourcePresent(Sess.oFlags["IronFlag-BuiltBy"]))
                {
                    IronUpdater.AddOtherSourceRequest(IrSe.Request);
                }
            }

            //try
            //{
            //    PluginStore.RunAllPassivePluginsAfterRequestInterception(IrSe);
            //}
            //catch (Exception Exp)
            //{
            //    IronException.Report("Error running 'AfterInterception' Passive plugins on Request", Exp.Message, Exp.StackTrace);
            //}

            if (IronProxy.UseUpstreamProxy)
            {
                string UpstreamProxyString = string.Format("{0}:{1}", IronProxy.UpstreamProxyIP, IronProxy.UpstreamProxyPort.ToString());
                IrSe.FiddlerSession.oFlags.Add("x-overrideGateway", UpstreamProxyString);
            }
            if (Config.HasFiddlerFlags)
            {
                string[,] Flags = Config.GetFiddlerFlags();
                for (int i = 0; i < Flags.GetLength(0); i++)
                {
                    IrSe.FiddlerSession.oFlags.Add(Flags[i, 0], Flags[i, 1]);
                }
            }
        }
Пример #15
0
 static bool CanInterceptResponse(Session Sess)
 {
     if (ScriptedInterceptionEnabled)
     {
         try
         {
             return ScInt.ShouldIntercept(Sess);
         }
         catch (Exception Exp)
         {
             IronUI.ShowProxyException("Error in Scripted Interception Script");
             IronException.Report("Error in Scripted Interception Script", Exp);
             return false;
         }
     }
     else if (InterceptResponse)
     {
         return CanInterceptBasedOnFilter(Sess.Request, Sess.Response);
     }
     else
     {
         return false;
     }
 }
Пример #16
0
 internal static bool WasRequestChanged(Session Sess)
 {
     try
     {
         return !Sess.Request.ToString().Equals(Sess.OriginalRequest.ToString());
     }
     catch { return true; }
 }
Пример #17
0
 internal static void DropInterceptedMessage()
 {
     if (IronProxy.ManualTamperingFree == true)
     {
         return;
     }
     string ID = IronProxy.CurrentSession.ID.ToString();
     if (IronProxy.CurrentSession.FiddlerSession.state == Fiddler.SessionStates.HandTamperRequest)
     {
         ID = ID + "-Request";
         IronProxy.InterceptedSessions[ID].MSR.Set();
         IronProxy.CurrentSession.FiddlerSession.oRequest.FailSession(200, "OK", "Request Dropped By the User");
     }
     else
     {
         ID = ID + "-Response";
         IronProxy.CurrentSession.FiddlerSession.utilSetResponseBody("Response Dropped By the User");
         IronProxy.CurrentSession.FiddlerSession.responseCode = 200;
         IronProxy.InterceptedSessions[ID].MSR.Set();
     }
     IronUI.ResetProxyInterceptionFields();
     IronProxy.ManualTamperingFree = true;
     IronProxy.CurrentSession = null;
 }
Пример #18
0
 internal static void FillMTFields(Session IrSe)
 {
     IronUI.FillMTFields(IrSe.Request);
     ManualTesting.SetCurrentID(IrSe.Request.ID);
     if (IrSe.Response != null) IronUI.FillMTFields(IrSe.Response, IrSe.Request);
     UI.TestIDLbl.Text = "ID: " + IrSe.Request.ID.ToString();
     string Group = IrSe.Flags["Group"].ToString();
     UI.MTCurrentGroupNameTB.Text = Group;
     foreach (DataGridViewRow Row in UI.TestGroupLogGrid.Rows)
     {
         if (Row.Cells[1].Value.ToString().Equals(IrSe.Request.ID.ToString()))
         {
             Row.Selected = true;
             try
             {
                 UI.TestGroupLogGrid.FirstDisplayedScrollingRowIndex = Row.Index;
             }
             catch { }
             break;
         }
     }
     //switch (GroupColor)
     //{
     //    case("Red"):
     //        UI.TestIDLbl.BackColor = Color.Red;
     //        break;
     //    case ("Blue"):
     //        UI.TestIDLbl.BackColor = Color.RoyalBlue;
     //        break;
     //    case ("Green"):
     //        UI.TestIDLbl.BackColor = Color.Green;
     //        break;
     //    case ("Gray"):
     //        UI.TestIDLbl.BackColor = Color.Gray;
     //        break;
     //    case ("Brown"):
     //        UI.TestIDLbl.BackColor = Color.Brown;
     //        break;
     //}
 }
Пример #19
0
 //internal static void UpdateFiddlerSessionWithNewResponse()
 //{
 //    IronProxy.CurrentSession.FiddlerSession.oResponse.headers.AssignFromString(IronProxy.CurrentSession.Response.GetHeadersAsString());
 //    IronProxy.CurrentSession.FiddlerSession.responseBodyBytes = IronProxy.CurrentSession.Response.BodyArray;
 //}
 internal static void ForwardInterceptedMessage()
 {
     if (IronProxy.ManualTamperingFree == true)
     {
         return;
     }
     string ID = IronProxy.CurrentSession.ID.ToString();
     if (IronProxy.CurrentSession.FiddlerSession.state == Fiddler.SessionStates.HandTamperRequest)
     {
         ID = ID + "-Request";
     }
     else
     {
         ID = ID + "-Response";
     }
     IronProxy.InterceptedSessions[ID].MSR.Set();
     IronUI.ResetProxyInterceptionFields();
     IronProxy.ManualTamperingFree = true;
     IronProxy.CurrentSession = null;
 }
Пример #20
0
 internal static void UpdateTestGroupLogGridWithRequest(Session IrSe)
 {
     if (UI.TestGroupLogGrid.InvokeRequired)
     {
         UpdateTestGroupLogGridWithRequest_d UTGLGWR_d = new UpdateTestGroupLogGridWithRequest_d(UpdateTestGroupLogGridWithRequest);
         UI.Invoke(UTGLGWR_d, new object[] { IrSe });
     }
     else
     {
         if (!ManualTesting.CurrentGroup.Equals(IrSe.Flags["Group"].ToString())) return;
         try
         {
             UI.TestGroupLogGrid.Rows.Add(new object[] {false, IrSe.Request.ID, IrSe.Request.Host, IrSe.Request.Method, IrSe.Request.URL, IrSe.Request.SSL });
         }
         catch (Exception Exp)
         {
             IronException.Report("Error Updating Test Grid with Request", Exp.Message, Exp.StackTrace);
         }
     }
 }
Пример #21
0
 internal static bool WasResponseChanged(Session Sess)
 {
     try
     {
         string ResStr = Sess.Response.ToString();
         string OriResStr = Sess.OriginalResponse.ToString();
         if (ResStr.Equals(OriResStr))
         {
             return false;
         }
         else
         {
             return true;
         }
     }
     catch { return true; }
 }
Пример #22
0
        internal static void UpdateTestGroupLogGridWithResponse(Session IrSe)
        {
            if (UI.TestGroupLogGrid.InvokeRequired)
            {
                UpdateTestGroupLogGridWithResponse_d UTGLGWR_d = new UpdateTestGroupLogGridWithResponse_d(UpdateTestGroupLogGridWithResponse);
                UI.Invoke(UTGLGWR_d, new object[] { IrSe });
            }
            else
            {
                try
                {
                    if (!ManualTesting.CurrentGroup.Equals(IrSe.Flags["Group"].ToString())) return;

                    int GridID = 0;
                    foreach (DataGridViewRow Row in UI.TestGroupLogGrid.Rows)
                    {
                        if ((int)Row.Cells["TestGroupLogGridForID"].Value == IrSe.Request.ID)
                        {
                            GridID = Row.Index;
                            break;
                        }
                    }
                    UI.TestGroupLogGrid.Rows[GridID].Cells["TestGroupLogGridForCode"].Value = IrSe.Response.Code;
                    UI.TestGroupLogGrid.Rows[GridID].Cells["TestGroupLogGridForLength"].Value = IrSe.Response.BodyArray.Length;
                    UI.TestGroupLogGrid.Rows[GridID].Cells["TestGroupLogGridForMIME"].Value = IrSe.Response.ContentType;
                    UI.TestGroupLogGrid.Rows[GridID].Cells["TestGroupLogGridForSetCookie"].Value = (IrSe.Response.SetCookies.Count > 0);
                    if(IrSe.Flags.ContainsKey("Reflecton"))
                        UpdateManualTestingResponse(IrSe.Response, IrSe.Request, IrSe.Flags["Reflecton"].ToString());
                    else
                        UpdateManualTestingResponse(IrSe.Response, IrSe.Request, "");

                }
                catch (Exception Exp)
                {
                    IronException.Report("Error updating MT Response in Grid", Exp.Message, Exp.StackTrace);
                }
            }
        }
Пример #23
0
        internal static void AfterSessionComplete(Fiddler.Session Sess)
        {
            if (Sess.HTTPMethodIs("Connect")) return;
            if (Sess.isFlagSet(Fiddler.SessionFlags.RequestGeneratedByFiddler))
            {
                Session IrSe;
                try
                {
                    IrSe = new Session(Sess);
                }
                catch(Exception Exp)
                {
                    IronException.Report("Error handling Response", Exp.Message, Exp.StackTrace);
                    return;
                }
                if (IrSe == null)
                {
                    IronException.Report("Error handling Response", "", "");
                    return;
                }
                if (IrSe.FiddlerSession == null)
                {
                    IronException.Report("Error handling Response", "", "");
                    return;
                }
                if (IrSe.Response == null)
                {
                    IronException.Report("Error handling Response", "", "");
                    return;
                }

                if (Sess.oFlags["IronFlag-BuiltBy"] == "ManualTestingSection")
                {
                    try
                    {
                        ManualTesting.HandleResponse(IrSe);
                    }
                    catch(Exception Exp)
                    {
                        IronException.Report("Error handling 'Manual Testing' Response", Exp.Message, Exp.StackTrace);
                    }
                }
                else if (Sess.oFlags["IronFlag-BuiltBy"].Equals("Shell") || Sess.oFlags["IronFlag-BuiltBy"].Equals("Scan") || Sess.oFlags["IronFlag-BuiltBy"].Equals("Probe") || Sess.oFlags["IronFlag-BuiltBy"].Equals("Stealth") || Config.IsSourcePresent(Sess.oFlags["IronFlag-BuiltBy"]))
                {
                    try
                    {
                        string DictID = "";
                        if (Sess.oFlags["IronFlag-BuiltBy"].Equals("Shell"))
                        {
                            try
                            {
                                IronUpdater.AddShellResponse(IrSe.Response);
                                DictID = Sess.oFlags["IronFlag-ID"] + "-Shell";
                            }
                            catch (Exception Exp)
                            {
                                IronException.Report("Error handling 'Scripting Shell' Response", Exp.Message, Exp.StackTrace);
                            }
                        }
                        else if (Sess.oFlags["IronFlag-BuiltBy"].Equals("Probe"))
                        {
                            try
                            {
                                IronUpdater.AddProbeResponse(IrSe.Response);
                                DictID = Sess.oFlags["IronFlag-ID"] + "-Probe";
                            }
                            catch (Exception Exp)
                            {
                                IronException.Report("Error handling 'Probe' Response", Exp.Message, Exp.StackTrace);
                            }
                        }
                        else if (Sess.oFlags["IronFlag-BuiltBy"].Equals("Stealth"))
                        {
                            try
                            {
                                DictID = Sess.oFlags["IronFlag-ID"] + "-Stealth";
                            }
                            catch (Exception Exp)
                            {
                                IronException.Report("Error handling 'Stealth' Response", Exp.Message, Exp.StackTrace);
                            }
                        }
                        else if (Sess.oFlags["IronFlag-BuiltBy"].Equals("Scan"))
                        {
                            try
                            {
                                IronUpdater.AddScanResponse(IrSe.Response);
                                DictID = Sess.oFlags["IronFlag-ID"] + "-Scan";
                            }
                            catch (Exception Exp)
                            {
                                IronException.Report("Error handling 'Automated Scanning' Response", Exp.Message, Exp.StackTrace);
                            }
                        }
                        else
                        {
                            try
                            {
                                IronUpdater.AddOtherSourceResponse(IrSe.Response);
                                DictID = string.Format("{0}-{1}", Sess.oFlags["IronFlag-ID"], Sess.oFlags["IronFlag-BuiltBy"]);
                            }
                            catch (Exception Exp)
                            {
                                IronException.Report(string.Format("Error handling '{0}' Response", Sess.oFlags["IronFlag-BuiltBy"]), Exp.Message, Exp.StackTrace);
                            }
                        }
                        Config.APIResponseDict[DictID].SetResponse(IrSe.Response);
                        Config.APIResponseDict[DictID].MSR.Set();
                    }
                    catch (Exception MainExp)
                    {
                        IronException.Report("Error handling 'Scripting Shell/Automated Scanning/Probe' Response", MainExp.Message, MainExp.StackTrace);
                    }
                }
            }
        }
Пример #24
0
 static Session GetLog(RequestSource Source, int ID)
 {
     Session IrSe = null;
     switch (Source)
     {
         case RequestSource.Proxy:
             IrSe = Session.FromProxyLog(ID);
             break;
         case RequestSource.Scan:
             IrSe = Session.FromScanLog(ID);
             break;
         case RequestSource.Shell:
             IrSe = Session.FromShellLog(ID);
             break;
         case RequestSource.Test:
             IrSe = Session.FromTestLog(ID);
             break;
         case RequestSource.Probe:
             IrSe = Session.FromProbeLog(ID);
             break;
         case RequestSource.Trigger:
             Trigger SelectedTrigger = PluginResult.CurrentPluginResult.Triggers.GetTrigger(ID -1);
             if (SelectedTrigger.Request != null)
             {
                 if (SelectedTrigger.Response == null)
                     IrSe = new Session(SelectedTrigger.Request);
                 else
                     IrSe = new Session(SelectedTrigger.Request, SelectedTrigger.Response);
             }
             break;
         case RequestSource.TestGroup:
             if (ManualTesting.RedGroupSessions.ContainsKey(ID)) return ManualTesting.RedGroupSessions[ID].GetClone();
             if (ManualTesting.BlueGroupSessions.ContainsKey(ID)) return ManualTesting.BlueGroupSessions[ID].GetClone();
             if (ManualTesting.GreenGroupSessions.ContainsKey(ID)) return ManualTesting.GreenGroupSessions[ID].GetClone();
             if (ManualTesting.GrayGroupSessions.ContainsKey(ID)) return ManualTesting.GrayGroupSessions[ID].GetClone();
             if (ManualTesting.BrownGroupSessions.ContainsKey(ID)) return ManualTesting.BrownGroupSessions[ID].GetClone();
             break;
         case RequestSource.SelectedLogEntry:
             return IronLog.CurrentSession.GetClone();
         case RequestSource.CurrentProxyInterception:
             return IronProxy.CurrentSession.GetClone();
     }
     return IrSe;
 }
Пример #25
0
        internal static void BeforeResponse(Fiddler.Session Sess)
        {
            if (Sess.HTTPMethodIs("Connect")) return;
            if (Sess.oFlags.ContainsKey("IronFlag-BuiltBy"))
            {
                if (Sess.oFlags["IronFlag-BuiltBy"].Equals("Stealth")) return;
            }
            Session IrSe;
            try
            {
                Sess.utilDecodeResponse();
                IrSe = new Session(Sess);
            }
            catch(Exception Exp)
            {
                IronException.Report("Error reading Response", Exp.Message, Exp.StackTrace);
                return;
            }
            if (IrSe == null)
            {
                IronException.Report("Error reading Response", "", "");
                return;
            }
            if (IrSe.Response == null)
            {
                IronException.Report("Error reading Response", "", "");
                return;
            }
            if (IrSe.FiddlerSession == null)
            {
                IronException.Report("Error reading Response", "", "");
                return;
            }
            long TTL = DateTime.Now.Ticks - IrSe.Request.TimeObject.Ticks;
            IrSe.Response.TTL = (int)(TTL / 10000);
            if (Sess.oFlags.ContainsKey("IronFlag-TTL"))
            {
                IrSe.FiddlerSession.oFlags["IronFlag-TTL"] = IrSe.Response.TTL.ToString();
            }
            else
            {
                IrSe.FiddlerSession.oFlags.Add("IronFlag-TTL", IrSe.Response.TTL.ToString());
            }
            try
            {
                Session ClonedIronSessionWithResponse = IrSe.GetClone();
                if (ClonedIronSessionWithResponse != null && ClonedIronSessionWithResponse.Response != null)
                {
                    PassiveChecker.AddToCheckResponse(ClonedIronSessionWithResponse);
                }
                else
                    IronException.Report("IronSession with Response Couldn't be cloned at ID - " + IrSe.ID.ToString(), "", "");
            }
            catch (Exception Exp)
            {
                IronException.Report("Error Cloning IronSession in BeforeRequest", Exp.Message, Exp.StackTrace);
            }

            if (!IrSe.FiddlerSession.isFlagSet(Fiddler.SessionFlags.RequestGeneratedByFiddler))
            {
                //IronUpdater.AddProxyResponse(IrSe.Response);
            }

            if (!IrSe.FiddlerSession.isFlagSet(Fiddler.SessionFlags.RequestGeneratedByFiddler))
            {
                IrSe.Response.Host = IrSe.Request.Host;
                IrSe.OriginalResponse = IrSe.Response.GetClone(true);
                if(CanInterceptResponse(IrSe))
                {
                    IrSe.MSR = new ManualResetEvent(false);
                    IrSe.FiddlerSession.state = Fiddler.SessionStates.HandTamperResponse;
                    InterceptedSessions.Add(IrSe.ID + "-Response", IrSe);
                    IronUI.SendSessionToProxy(IrSe);
                    InterceptedSessions[IrSe.ID + "-Response"].MSR.WaitOne();
                    InterceptedSessions.Remove(IrSe.ID + "-Response");

                    IrSe.UpdateFiddlerSessionFromIronSession();
                }
                else if (ScriptedInterceptionEnabled)
                {
                    IrSe.UpdateFiddlerSessionFromIronSession();
                }
                else
                {
                    IrSe.FiddlerSession.state = Fiddler.SessionStates.AutoTamperResponseBefore;
                }

                if (ScriptedInterceptionEnabled && ScInt.CallAfterInterception)
                {
                    try
                    {
                        ScInt.AfterInterception = true;
                        ScInt.ShouldIntercept(IrSe);
                    }
                    catch (Exception Exp)
                    {
                        IronUI.ShowProxyException("Error in Scripted Interception Script");
                        IronException.Report("Error in Scripted Interception Script", Exp);
                    }
                    ScInt.AfterInterception = false;
                    IrSe.UpdateFiddlerSessionFromIronSession();
                }

                if (IronProxy.WasResponseChanged(IrSe))
                {
                    Response ClonedResponse = IrSe.Response.GetClone(true);
                    //IronUpdater.AddProxyResponsesAfterEdit(IrSe.OriginalResponse.GetClone(true), ClonedResponse);
                    //IronUI.UpdateEditedProxyLogResponseEntry(ClonedResponse);
                    IronUpdater.AddProxyResponses(new Response[] { IrSe.OriginalResponse, IrSe.Response });
                }
                else
                {
                    IronUpdater.AddProxyResponses(new Response[] { null, IrSe.Response });
                }
            }

            if (PluginEngine.ShouldRunResponseBasedPassivePlugins())
            {
                try
                {
                    PluginEngine.RunAllResponseBasedInlinePassivePlugins(IrSe);
                    IrSe.UpdateFiddlerSessionFromIronSession();
                }
                catch (Exception Exp)
                {
                    IronException.Report("Error running 'BeforeInterception' Passive plugins on Response", Exp.Message, Exp.StackTrace);
                }
            }
        }
Пример #26
0
 internal static Session GetLog(string Source, int ID)
 {
     Session IrSe = null;
     switch (Source)
     {
         case RequestSource.Proxy:
             IrSe = Session.FromProxyLog(ID);
             break;
         case RequestSource.Scan:
             IrSe = Session.FromScanLog(ID);
             break;
         case RequestSource.Shell:
             IrSe = Session.FromShellLog(ID);
             break;
         case RequestSource.Test:
             IrSe = Session.FromTestLog(ID);
             break;
         case RequestSource.Probe:
             IrSe = Session.FromProbeLog(ID);
             break;
         case RequestSource.Trigger:
             if (ID == 0)
             {
                 IrSe = new Session(Finding.CurrentPluginResult.BaseRequest, Finding.CurrentPluginResult.BaseResponse);
             }
             else
             {
                 Trigger SelectedTrigger = Finding.CurrentPluginResult.Triggers.GetTrigger(ID - 1);
                 if (SelectedTrigger.Request != null)
                 {
                     if (SelectedTrigger.Response == null)
                         IrSe = new Session(SelectedTrigger.Request);
                     else
                         IrSe = new Session(SelectedTrigger.Request, SelectedTrigger.Response);
                 }
             }
             break;
         case RequestSource.TestGroup:
             //if (ManualTesting.RedGroupSessions.ContainsKey(ID)) return ManualTesting.RedGroupSessions[ID].GetClone();
             //if (ManualTesting.BlueGroupSessions.ContainsKey(ID)) return ManualTesting.BlueGroupSessions[ID].GetClone();
             //if (ManualTesting.GreenGroupSessions.ContainsKey(ID)) return ManualTesting.GreenGroupSessions[ID].GetClone();
             //if (ManualTesting.GrayGroupSessions.ContainsKey(ID)) return ManualTesting.GrayGroupSessions[ID].GetClone();
             //if (ManualTesting.BrownGroupSessions.ContainsKey(ID)) return ManualTesting.BrownGroupSessions[ID].GetClone();
             foreach (string Group in ManualTesting.GroupSessions.Keys)
             {
                 if(ManualTesting.GroupSessions[Group].ContainsKey(ID))
                     return ManualTesting.GroupSessions[Group][ID].GetClone();
             }
             break;
         case RequestSource.SelectedLogEntry:
             return IronLog.CurrentSession.GetClone();
         case RequestSource.CurrentProxyInterception:
             return IronProxy.CurrentSession.GetClone();
         default:
             IrSe = Session.FromLog(ID, Source);
             break;
     }
     return IrSe;
 }
Пример #27
0
 public static Session CreateSessionFromRequestString(string RequestString)
 {
     Fiddler.Session Sess = Session.CreateFiddlerSessionFromRequestString(RequestString);
     Session IrSe = new Session(Sess);
     return IrSe;
 }
Пример #28
0
 static void ShowLog()
 {
     try
     {
         Session IrSe = GetLog(CurrentSource, CurrentID);
         CurrentSession = IrSe;
         IronUI.FillLogDisplayFields(IrSe);
     }
     catch(Exception Exp)
     {
         if (Exp.Message.Equals("ID not found in DB"))
         {
             IronUI.ShowLogStatus(string.Format("Record ID - {0} not found in DB",CurrentID.ToString()), true);
         }
         else
         {
             IronUI.ShowLogStatus("Unable to load Request/Response from Log", true);
             IronException.Report("Error reading from " + SourceName(CurrentSource) + " log", Exp.Message, Exp.StackTrace);
         }
     }
 }
Пример #29
0
        internal static Session GetIronSessionFromIronLogRecord(IronLogRecord ILR, bool IsFromProxy, int ID)
        {
            Session IrSe;
            Request Req = GetRequest(ILR.RequestHeaders, ILR.RequestBody, ILR.IsRequestBinary);
            Req.ID = ID;

            if (ILR.ResponseHeaders.Length > 0)
            {
                Response Res = GetResponse(ILR.ResponseHeaders, ILR.ResponseBody, ILR.IsResponseBinary);
                Res.TTL = ILR.RoundTrip;
                IrSe = new Session(Req, Res);
                IrSe.Request.ID = ID;
            }
            else
            {
                IrSe = new Session(Req);
                IrSe.Request.ID = ID;
            }
            if (IsFromProxy)
            {
                if (ILR.OriginalRequestHeaders.Length > 0)
                {
                    IrSe.OriginalRequest = GetRequest(ILR.OriginalRequestHeaders, ILR.OriginalRequestBody, ILR.IsOriginalRequestBinary);
                    IrSe.OriginalRequest.ID = ID;
                }
                else
                {
                    IrSe.OriginalRequest = null;
                }
                if (ILR.OriginalResponseHeaders.Length > 0)
                {
                    IrSe.OriginalResponse = GetResponse(ILR.OriginalResponseHeaders, ILR.OriginalResponseBody, ILR.IsOriginalResponseBinary);
                    IrSe.OriginalResponse.TTL = ILR.RoundTrip;
                    IrSe.OriginalResponse.ID = ID;
                }
                else
                {
                    IrSe.OriginalResponse = null;
                }
            }
            return IrSe;
        }
Пример #30
0
 public static void RunAllResponseBasedOfflinePassivePlugins(Session IrSe)
 {
     foreach (string Name in PassivePlugin.List())
     {
         PassivePlugin P = PassivePlugin.Get(Name);
         if ((P.WorksOn == PluginWorksOn.Response) || (P.WorksOn == PluginWorksOn.Both))
         {
             if (P.CallingState == PluginCallingState.Offline)
             {
                 try
                 {
                     PluginStore.RunPassivePlugin(P, IrSe);
                 }
                 catch (Exception Exp)
                 {
                     IronException.Report("Error executing 'Offline' Passive Plugin : " + Name, Exp.Message, Exp.StackTrace);
                 }
             }
         }
     }
 }