public void CustomTestProxy_TestPatternToTest() { MockProxy mockSite; string first, second, third; InitMockSite(out mockSite, out first, out second, out third); CustomTestsFile testFile = GetCustomTestFile(); TrafficViewerFile testDataStore = new TrafficViewerFile(); MockTestController mockTestController = new MockTestController(); var targetList = new Dictionary <string, AttackTarget>(); targetList.Add("r1", new AttackTarget("r1", "Enabled", "r1")); testFile.SetAttackTargetList(targetList); DriveByAttackProxy testProxy = new DriveByAttackProxy(mockTestController, testFile, testDataStore); testProxy.Start(); SendRequestThroughTestProxy(first, testProxy, mockSite); SendRequestThroughTestProxy(second, testProxy, mockSite); SendRequestThroughTestProxy(third, testProxy, mockSite); Thread.Sleep(1000); testProxy.Stop(); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("p1")); Assert.IsFalse(mockTestController.IssuesFound.ContainsKey("p2")); }
private static CustomTestsFile GetCustomTestFile() { CustomTestsFile testFile = new CustomTestsFile(); var customTests = testFile.GetCustomTests(); customTests.Clear(); customTests.Add("Path Traversal", new CustomTestDef("Path Traversal", "Path Traversal", "$original" + MockTestController.PATH_TRAVERSAL, "root\\:")); testFile.SetCustomTests(customTests); testFile.LoginBeforeTests = false; testFile.TestOnlyParameters = true; var targetList = testFile.GetAttackTargetList(); targetList.Add("all", new AttackTarget("all", "Enabled", ".*")); testFile.SetAttackTargetList(targetList); return(testFile); }
public void CustomTestProxy_TestJSValidation() { MockProxy mockSite = new MockProxy(); string testReq = "GET /r1?p1=test HTTP/1.1\r\n"; mockSite.MockSite.AddRequestResponse(testReq, "HTTP/1.1 200 OK\r\n\r\nFound user test"); mockSite.Start(); CustomTestsFile testFile = GetCustomTestFile(); var tests = testFile.GetCustomTests(); tests.Clear(); tests.Add("PathTraversal", new CustomTestDef("PathTraversal", "Path Traversal", "$original/" + MockTestController.PATH_TRAVERSAL, "$js_code=function Callback(response){var found = false; if(response.indexOf('root')>-1) found=true; return found;}")); testFile.SetCustomTests(tests); testFile.Save(); TrafficViewerFile testDataStore = new TrafficViewerFile(); MockTestController mockTestController = new MockTestController(mockSite.MockSite); var targetList = new Dictionary <string, AttackTarget>(); targetList.Add("r1", new AttackTarget("r1", "Enabled", "r1")); testFile.SetAttackTargetList(targetList); DriveByAttackProxy testProxy = new DriveByAttackProxy(mockTestController, testFile, testDataStore); testProxy.Start(); SendRequestThroughTestProxy(testReq, testProxy, mockSite); Thread.Sleep(100); testProxy.Stop(); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("p1")); }
private void runToolStripMenuItem1_Click(object sender, EventArgs e) { var attackTargetList = _testFile.GetAttackTargetList(); if (attackTargetList.Count == 0) //if still not set { string pattern = _testRunner.GetPatternOfRequestsToTest(); if (String.IsNullOrWhiteSpace(pattern)) { ErrorBox.ShowDialog(Resources.ErrorTestPatternMissing); return; } else { attackTargetList.Add("Default", new AttackTarget("Default", "Enabled", pattern)); _testFile.SetAttackTargetList(attackTargetList); } } SaveCurrent(); StartUI(); backgroundWorker1.RunWorkerAsync(); }
private void _buttonOK_Click(object sender, EventArgs e) { _testFile.SetAttackTargetList(_attackTargetListGrid.GetValues()); _testFile.Save(); this.Hide(); }
private HttpResponseInfo StartProxy(HttpRequestInfo requestInfo) { IHttpProxy proxy; //get the port from the url string portString = null; requestInfo.QueryVariables.TryGetValue("port", out portString); //optional secret to protect the recording session string secret = null; requestInfo.QueryVariables.TryGetValue("secret", out secret); //the host to record traffic for string targetHost = null; requestInfo.QueryVariables.TryGetValue("targetHost", out targetHost); //whether to execute inline tests string test = null; requestInfo.QueryVariables.TryGetValue("test", out test); int port; if (int.TryParse(portString, out port) && port >= 0 && port <= 65535) { if (CollectorProxyList.Instance.ProxyList.ContainsKey(port)) { return(GetResponse(400, "Bad Request", "Port in use.")); } if (targetHost == null) { return(GetResponse(400, "Bad Request", "'targetHost' parameter is not specified.")); } if (!Utils.IsMatch(targetHost, "^[\\w._-]+$") || !Utils.IsMatch(targetHost, TrafficCollectorSettings.Instance.AllowedHostsPattern)) { return(GetResponse(400, "Bad Request", "Invalid target host!")); } try { TrafficViewerFile trafficFile = new TrafficViewerFile(); trafficFile.Profile = ParsingOptions.GetRawProfile(); //optional secret to prevent others stopping the recording if (!String.IsNullOrWhiteSpace(secret)) { trafficFile.Profile.SetSingleValueOption("secret", secret); } trafficFile.Profile.SetSingleValueOption("targetHost", targetHost); if (test != null && test.Equals("true")) { CustomTestsFile testsFile = new CustomTestsFile(); testsFile.Load(TrafficCollectorSettings.Instance.TestFile); Dictionary <string, AttackTarget> targetDef = new Dictionary <string, AttackTarget>(); targetDef.Add("targetHost", new AttackTarget("targetHost", "Enabled", String.Format("Host:\\s*{0}", targetHost))); testsFile.SetAttackTargetList(targetDef); proxy = new DriveByAttackProxy(new TestController(trafficFile), testsFile, trafficFile, TrafficCollectorSettings.Instance.Ip, port); } else { proxy = new AdvancedExploreProxy(TrafficCollectorSettings.Instance.Ip, port, trafficFile); } proxy.NetworkSettings.CertificateValidationCallback = new RemoteCertificateValidationCallback(CollectorAPIController.ValidateServerCertificate); proxy.NetworkSettings.WebProxy = HttpWebRequest.GetSystemWebProxy(); proxy.Start(); CollectorProxyList.Instance.ProxyList.Add(proxy.Port, proxy); } catch (Exception ex) { return(GetResponse(500, "Unexpected error.", ex.Message)); } } else { return(GetResponse(400, "Bad Request", "Invalid 'port' parameter.")); } return(GetResponse(200, "OK", "Proxy is listening on port: {0}.", proxy.Port)); }