public void CustomTestProxy_TestPatternEntityExclusion() { MockProxy mockSite; string first, second, third; InitMockSite(out mockSite, out first, out second, out third); CustomTestsFile testFile = GetCustomTestFile(); TrafficViewerFile testDataStore = new TrafficViewerFile(); MockTestController mockTestController = new MockTestController(); testFile.PatternEntityExclusion = "p2"; DriveByAttackProxy testProxy = new DriveByAttackProxy(mockTestController, testFile, testDataStore); testProxy.Start(); SendRequestThroughTestProxy(first, testProxy, mockSite); SendRequestThroughTestProxy(second, testProxy, mockSite); SendRequestThroughTestProxy(third, testProxy, mockSite); Thread.Sleep(1000); testProxy.Stop(); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("p1")); Assert.IsFalse(mockTestController.IssuesFound.ContainsKey("p2")); }
public void CustomTestProxy_TestPatternToTest() { MockProxy mockSite; string first, second, third; InitMockSite(out mockSite, out first, out second, out third); CustomTestsFile testFile = GetCustomTestFile(); TrafficViewerFile testDataStore = new TrafficViewerFile(); MockTestController mockTestController = new MockTestController(); var targetList = new Dictionary <string, AttackTarget>(); targetList.Add("r1", new AttackTarget("r1", "Enabled", "r1")); testFile.SetAttackTargetList(targetList); DriveByAttackProxy testProxy = new DriveByAttackProxy(mockTestController, testFile, testDataStore); testProxy.Start(); SendRequestThroughTestProxy(first, testProxy, mockSite); SendRequestThroughTestProxy(second, testProxy, mockSite); SendRequestThroughTestProxy(third, testProxy, mockSite); Thread.Sleep(1000); testProxy.Stop(); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("p1")); Assert.IsFalse(mockTestController.IssuesFound.ContainsKey("p2")); }
public BaseAttackProxy GetTestProxy(INetworkSettings networkSettings, bool isSequential) { BaseAttackProxy testProxy; if (isSequential) { testProxy = new SequentialAttackProxy(this, _testFile, _trafficFile, TrafficViewerOptions.Instance.TrafficServerIp, TrafficViewerOptions.Instance.TrafficServerPort); } else { testProxy = new DriveByAttackProxy(this, _testFile, _trafficFile, TrafficViewerOptions.Instance.TrafficServerIp, TrafficViewerOptions.Instance.TrafficServerPort); } testProxy.NetworkSettings.WebProxy = networkSettings.WebProxy; testProxy.NetworkSettings.CertificateValidationCallback = networkSettings.CertificateValidationCallback; return(testProxy); }
public void CustomTestProxy_TestJSValidation() { MockProxy mockSite = new MockProxy(); string testReq = "GET /r1?p1=test HTTP/1.1\r\n"; mockSite.MockSite.AddRequestResponse(testReq, "HTTP/1.1 200 OK\r\n\r\nFound user test"); mockSite.Start(); CustomTestsFile testFile = GetCustomTestFile(); var tests = testFile.GetCustomTests(); tests.Clear(); tests.Add("PathTraversal", new CustomTestDef("PathTraversal", "Path Traversal", "$original/" + MockTestController.PATH_TRAVERSAL, "$js_code=function Callback(response){var found = false; if(response.indexOf('root')>-1) found=true; return found;}")); testFile.SetCustomTests(tests); testFile.Save(); TrafficViewerFile testDataStore = new TrafficViewerFile(); MockTestController mockTestController = new MockTestController(mockSite.MockSite); var targetList = new Dictionary <string, AttackTarget>(); targetList.Add("r1", new AttackTarget("r1", "Enabled", "r1")); testFile.SetAttackTargetList(targetList); DriveByAttackProxy testProxy = new DriveByAttackProxy(mockTestController, testFile, testDataStore); testProxy.Start(); SendRequestThroughTestProxy(testReq, testProxy, mockSite); Thread.Sleep(100); testProxy.Stop(); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("p1")); }
public IHttpProxy MakeProxy(string type) { HttpServerConsole.Instance.WriteLine(LogMessageType.Information, "Created proxy '{0}'", type); string host = TrafficViewerOptions.Instance.TrafficServerIp; int port = TrafficViewerOptions.Instance.TrafficServerPort; int securePort = TrafficViewerOptions.Instance.TrafficServerPortSecure; ITrafficDataAccessor dataStore = TrafficViewer.Instance.TrafficViewerFile; var exploiter = new CustomTestsExploiter(); IHttpProxy result = null; if (type.Equals(Resources.CaptureProxy)) { result = new AdvancedExploreProxy(host, port, dataStore); } else if (type.Equals(Resources.DriveByAttackProxy)) { result = new DriveByAttackProxy(exploiter, dataStore, host, port); } else if (type.Equals(Resources.SequentialAttackProxy)) { result = new SequentialAttackProxy(exploiter, dataStore, host, port); } else if (type.Equals(Resources.ReverseProxy)) { result = new ReverseProxy(host, port, securePort, dataStore); } else if (type.Equals(Resources.TrafficFileProxy)) { result = new TrafficStoreProxy(dataStore, dataStore, host, port, securePort); } else if (type.Equals(Resources.BinaryReverseProxy)) { result = new BinaryReverseProxy(host, port, securePort, dataStore); } else if (type.Equals(Resources.TrackingProxy)) { result = new TrackingReverseProxy(host, port, securePort, dataStore); } if (result != null) { if (!(result is TrafficStoreProxy)) { if (TrafficViewerOptions.Instance.UseProxy) { WebProxy proxy = new WebProxy(TrafficViewerOptions.Instance.HttpProxyServer, TrafficViewerOptions.Instance.HttpProxyPort); result.NetworkSettings.WebProxy = proxy; } result.NetworkSettings.CertificateValidationCallback = new RemoteCertificateValidationCallback(SSLValidationCallback.ValidateRemoteCertificate); } if (result is BaseAttackProxy) { result.ExtraOptions[BaseAttackProxy.TEST_FILE_PATH] = Path.Combine(TrafficViewerOptions.TrafficViewerAppDataDir, "CustomTests.xml"); } if (result is ReverseProxy || result is BinaryReverseProxy) { result.ExtraOptions[ReverseProxy.FORWARDING_HOST_OPT] = TrafficViewerOptions.Instance.ForwardingHost; result.ExtraOptions[ReverseProxy.FORWARDING_PORT_OPT] = TrafficViewerOptions.Instance.ForwardingPort.ToString(); } } return(result); }
private HttpResponseInfo StartProxy(HttpRequestInfo requestInfo) { IHttpProxy proxy; //get the port from the url string portString = null; requestInfo.QueryVariables.TryGetValue("port", out portString); //optional secret to protect the recording session string secret = null; requestInfo.QueryVariables.TryGetValue("secret", out secret); //the host to record traffic for string targetHost = null; requestInfo.QueryVariables.TryGetValue("targetHost", out targetHost); //whether to execute inline tests string test = null; requestInfo.QueryVariables.TryGetValue("test", out test); int port; if (int.TryParse(portString, out port) && port >= 0 && port <= 65535) { if (CollectorProxyList.Instance.ProxyList.ContainsKey(port)) { return(GetResponse(400, "Bad Request", "Port in use.")); } if (targetHost == null) { return(GetResponse(400, "Bad Request", "'targetHost' parameter is not specified.")); } if (!Utils.IsMatch(targetHost, "^[\\w._-]+$") || !Utils.IsMatch(targetHost, TrafficCollectorSettings.Instance.AllowedHostsPattern)) { return(GetResponse(400, "Bad Request", "Invalid target host!")); } try { TrafficViewerFile trafficFile = new TrafficViewerFile(); trafficFile.Profile = ParsingOptions.GetRawProfile(); //optional secret to prevent others stopping the recording if (!String.IsNullOrWhiteSpace(secret)) { trafficFile.Profile.SetSingleValueOption("secret", secret); } trafficFile.Profile.SetSingleValueOption("targetHost", targetHost); if (test != null && test.Equals("true")) { CustomTestsFile testsFile = new CustomTestsFile(); testsFile.Load(TrafficCollectorSettings.Instance.TestFile); Dictionary <string, AttackTarget> targetDef = new Dictionary <string, AttackTarget>(); targetDef.Add("targetHost", new AttackTarget("targetHost", "Enabled", String.Format("Host:\\s*{0}", targetHost))); testsFile.SetAttackTargetList(targetDef); proxy = new DriveByAttackProxy(new TestController(trafficFile), testsFile, trafficFile, TrafficCollectorSettings.Instance.Ip, port); } else { proxy = new AdvancedExploreProxy(TrafficCollectorSettings.Instance.Ip, port, trafficFile); } proxy.NetworkSettings.CertificateValidationCallback = new RemoteCertificateValidationCallback(CollectorAPIController.ValidateServerCertificate); proxy.NetworkSettings.WebProxy = HttpWebRequest.GetSystemWebProxy(); proxy.Start(); CollectorProxyList.Instance.ProxyList.Add(proxy.Port, proxy); } catch (Exception ex) { return(GetResponse(500, "Unexpected error.", ex.Message)); } } else { return(GetResponse(400, "Bad Request", "Invalid 'port' parameter.")); } return(GetResponse(200, "OK", "Proxy is listening on port: {0}.", proxy.Port)); }
private HttpResponseInfo StopProxy(HttpRequestInfo requestInfo) { string report = ""; //get the port from the url string portString = null; requestInfo.QueryVariables.TryGetValue("port", out portString); //optional secret to protect the recording session string secret = null; requestInfo.QueryVariables.TryGetValue("secret", out secret); //optional flag indicating if similar requests should be skiped string skipSimilar = null; requestInfo.QueryVariables.TryGetValue("skipSimilar", out skipSimilar); //the file to save to string fileName = null; requestInfo.QueryVariables.TryGetValue("fileName", out fileName); //optional parameter to cancel the scan string cancel = null; requestInfo.QueryVariables.TryGetValue("cancel", out cancel); if (fileName == null) { //assign a random file name fileName = DateTime.Now.Ticks.ToString(); } if (!Utils.IsMatch(fileName, "^[\\w._-]+$")) { return(GetResponse(400, "Bad Request", "Invalid file name.")); } int port; if (int.TryParse(portString, out port)) { if (!CollectorProxyList.Instance.ProxyList.ContainsKey(port)) { return(GetResponse(400, "Bad Request", "Port not found.")); } else { IHttpProxy proxy = CollectorProxyList.Instance.ProxyList[port]; TrafficViewerFile trafficFile = (proxy as ManualExploreProxy).TrafficDataStore as TrafficViewerFile; //check the secret if it exists string configuredSecret = trafficFile.Profile.GetOption("secret") as String; if (!String.IsNullOrWhiteSpace(configuredSecret) && !configuredSecret.Equals(secret)) { return(GetResponse(401, "Unauthorized", "Invalid secret.")); } string filePath = Path.Combine(TrafficCollectorSettings.Instance.DumpDir, fileName + ".htd"); if (proxy is DriveByAttackProxy) { DriveByAttackProxy dProx = proxy as DriveByAttackProxy; int requestsLeft = dProx.RequestsLeft; if (requestsLeft > 0 && (cancel == null || !cancel.Equals("true"))) { return(GetResponse(206, "Partial Content", "Please wait... {0} request(s) left, {1} test job(s) in queue", requestsLeft, dProx.TestCount)); } else { int id = -1; TVRequestInfo info = null; report = "\r\n\r\nVulnerability List\r\n"; report += "============================\r\n"; int count = 0; while ((info = trafficFile.GetNext(ref id)) != null) { if (info.Description.Contains("Vulnerability")) { count++; report += String.Format("Request {0} - {1} ({2})\r\n", info.RequestLine, info.Description, info.Validation); } } report += String.Format("Total: {0}\r\n", count); } } if (File.Exists(filePath)) //load the existing file and check the secret { TrafficViewerFile existingFile = new TrafficViewerFile(); existingFile.Open(filePath); configuredSecret = existingFile.Profile.GetOption("secret") as String; existingFile.Close(false); if (String.IsNullOrWhiteSpace(configuredSecret) || String.IsNullOrWhiteSpace(secret) || !configuredSecret.Equals(secret)) { return(GetResponse(401, "Unauthorized", "Cannot override existing file.")); } } proxy.Stop(); CollectorProxyList.Instance.ProxyList.Remove(port); if (trafficFile.RequestCount > 0) { if (skipSimilar != null && skipSimilar.Equals("true", StringComparison.OrdinalIgnoreCase)) { trafficFile = removeSimilar(trafficFile); } trafficFile.Save(filePath); report += String.Format("Traffic file saved at '{0}'\r\n", filePath); } else { report += "Nothing recorded."; } } } else { return(GetResponse(400, "Bad Request", "Invalid 'port' parameter.")); } return(GetResponse(200, "OK", "Proxy stopped. {0}", report)); }