public void CheckXSTVulns(RESTApi restDesc, VulnerabilitiesVulnerability vuln, WSDescriberForReport WSItemVulnerabilities, ReportObject reportObject, bool isDebug, ref List <Param> respHeader, RestHTTPHelper HttpHelper, string customRequestHeader) { CheckWebServerVulns(restDesc, vuln, WSItemVulnerabilities, reportObject, isDebug, ref respHeader, HttpHelper, customRequestHeader, "Cross Site Tracing", "TRACE"); }
private void AddProblemButton_Click(object sender, RoutedEventArgs e) { Problem problem = new Problem(); problem.Subject = SubjectTB.Text; problem.TeacherId = LoginPage.LogUser.Id; problem.InputArgs = InputArgsTB.Text; problem.Description = DescriptionTB.Text; List <Problem> problems = new List <Problem>(); List <User> users = new List <User>(); problems.Add(problem); string path = "/problems"; problems = JsonConvert.DeserializeObject <List <Problem> >(RESTApi.Post <Problem>(path, problems)); path = "/users?GroupId=" + ((ComboBoxItem)GroupsCB.SelectedItem).Tag; users = JsonConvert.DeserializeObject <List <User> >(RESTApi.Get(path)); List <State> states = new List <State>(); foreach (User item in users) { State state = new State(); state.ProblemId = problems[0].Id; state.UserId = item.Id; state.Status = "Undone"; states.Add(state); } path = "/states"; RESTApi.Post <State>(path, states); RefreshPage(); }
public void CheckHTTPOptionsVulns(RESTApi restDesc, VulnerabilitiesVulnerability vuln, WSDescriberForReport WSItemVulnerabilities, ReportObject reportObject, bool isDebug, ref List <Param> respHeader, RestHTTPHelper HttpHelper, string customRequestHeader) { CheckWebServerVulns(restDesc, vuln, WSItemVulnerabilities, reportObject, isDebug, ref respHeader, HttpHelper, customRequestHeader, "HTTP OPTIONS", "OPTIONS"); }
public HttpWebResponseWrapper GetHttpWebResponse(RESTApi restDesc, string url, string postData, bool useAuthIfExists, ref List <Param> respHeader, string customRequestHeader) { HttpWebResponseWrapper resp = null; HttpWebRequest wr = GetHttpWebReq(restDesc, url, postData, useAuthIfExists, customRequestHeader); HttpWebResponse wres = null; try { wres = (HttpWebResponse)wr.GetResponse(); } catch (Exception wex) { throw wex; } if (wres != null) { SetHeader(wres, ref respHeader); StreamReader streamReader = new StreamReader(wres.GetResponseStream()); resp = new HttpWebResponseWrapper(); resp.WebResponse = wres; resp.ResponseBody = streamReader.ReadToEnd(); } return(resp); }
public MainPage() { InitializeComponent(); FileToSend = new StudentFile(); RESTApi.ServerUrl = "http://localhost:8082"; List <State> states; List <StudentFile> problemStates = new List <StudentFile>(); string path = "/states?UserId=" + LoginPage.LogUser.Id; states = JsonConvert.DeserializeObject <List <State> >(RESTApi.Get(path)); foreach (State state in states) { StudentFile ps = new StudentFile(); path = "/problems?Id=" + state.ProblemId; ps.problem = JsonConvert.DeserializeObject <List <Problem> >(RESTApi.Get(path))[0]; ps.state = state; ps.user = LoginPage.LogUser; problemStates.Add(ps); } ProblesListView.ItemsSource = problemStates; }
private string ParseURLParameters(ref RESTApi restDesc, string url) { string result = url; if (!string.IsNullOrEmpty(url)) { MatchCollection coll = Regex.Matches(result, @"\$([^$]*)\$"); if (coll != null && coll.Count > 0) { restDesc.UrlParameters = new List <WSParameter>(); int tmp = 0; int i = 0; foreach (Match m in coll) { WSParameter prm = new WSParameter(); prm.Index = i; prm.Name = "Url"; prm.TypeName = GetTypeName(m.Value.Trim().Replace("$", "").ToLower()); string newVal = "{" + i.ToString() + "}"; result = result.Substring(0, m.Index - tmp) + newVal + result.Substring(m.Index + m.Length - tmp); i++; tmp += m.Value.Length - newVal.Length; restDesc.UrlParameters.Add(prm); } } } return(result); }
public async Task <IActionResult> CreateConAccessPolicy(int Id) { var deployTypes = _context.DeployTypes.Include(d => d.Tennants).Where(d => d.DeployTypeID == Id).FirstOrDefault(); var policyPath = _context.TennantParams.Where(t => t.ParamName == "PolicyPath").FirstOrDefault(); string path = policyPath.ParamValue; var tokenResults = RESTApi.GraphToken(deployTypes.Tennants.AzureTennantID, deployTypes.Tennants.AzureClientID, deployTypes.Tennants.AzureClientSecret); RESTApi.AccessToken AccessToken = JsonConvert.DeserializeObject <RESTApi.AccessToken>(tokenResults.Result); string accesstoken = AccessToken.access_token; string uri = "https://graph.microsoft.com/beta/conditionalAccess/Policies"; var restAPI = new RESTApi(_storageConfig, hostingEnv); var result = await restAPI.GraphPostAction(accesstoken, uri, path); string filename = path; filename = hostingEnv.WebRootPath + $@"\csv\{filename}"; if (!System.IO.File.Exists(filename)) { System.IO.File.WriteAllText(filename, result); } deployTypes.DeploySaved = "N/A"; deployTypes.DeployResult = result; deployTypes.DeployState = "N/A"; deployTypes.DeployState = "Deployed"; _context.Update(deployTypes); await _context.SaveChangesAsync(); return(RedirectToAction("Index", "DeployTypes", new { Id = deployTypes.TennantID })); }
//######################################### //## GetDeploy ## //######################################### public async Task GetDeploy(int Id) { var deployTypes = _context.DeployTypes.Include(d => d.Tennant).Where(d => d.DeployTypeId == Id).FirstOrDefault(); string tennantID = deployTypes.Tennant.AzureTennantId; string clientID = deployTypes.Tennant.AzureClientId; string secret = deployTypes.Tennant.AzureClientSecret; string subscriptionID = deployTypes.Tennant.AzureSubscriptionId; string resourcegroupname = deployTypes.ResourceGroupName; if (string.IsNullOrEmpty(resourcegroupname) == true) { resourcegroupname = deployTypes.Tennant.ResourceGroupName; } string resourcegroup = deployTypes.Tennant.ResourceGroupName; string azuredeploy = deployTypes.AzureDeployName; var results = RESTApi.PostAction(tennantID, clientID, secret); RESTApi.AccessToken AccessToken = JsonConvert.DeserializeObject <RESTApi.AccessToken>(results.Result); string accesstoken = AccessToken.access_token; var getcontent = RESTApi.GetAsync(subscriptionID, resourcegroupname, accesstoken, azuredeploy); if (await getcontent == null) { deployTypes.DeployResult = ""; } else { deployTypes.DeployResult = await getcontent; } _context.Update(deployTypes); await _context.SaveChangesAsync(); }
public async Task <IActionResult> Edit(TennantDeployParams tennantDeployParams) { var encrypt = new RESTApi(_storageConfig, hostingEnv); string[] Keys = await encrypt.EncryptionKeys(); var encryption = new Encryption(Keys[1], Keys[0], 1, Keys[2], 256); if (ModelState.IsValid) { for (var i = 0; i < tennantDeployParams.ParamName.Count(); i++) { var tennantparam = new TennantParam(); tennantparam.TennantParamID = tennantDeployParams.TennantParamID[i]; tennantparam.ParamName = tennantDeployParams.ParamName[i]; if (tennantDeployParams.ParamType[i] == "password") { var encrypted = encryption.EncryptString(tennantDeployParams.ParamValue[i]); tennantparam.ParamValue = encrypted; } else { tennantparam.ParamValue = tennantDeployParams.ParamValue[i]; } tennantparam.ParamToolTip = tennantDeployParams.ParamToolTip[i]; tennantparam.DeployTypeID = tennantDeployParams.DeployTypeID; tennantparam.ParamType = tennantDeployParams.ParamType[i]; tennantparam.DeployParamID = tennantDeployParams.DeployParamID[i]; var deployTypes = _context.DeployTypes.Where(d => d.DeployTypeID == tennantDeployParams.DeployTypeID).FirstOrDefault(); deployTypes.DeploySaved = "No"; deployTypes.DeployState = ""; deployTypes.DeployResult = ""; _context.Update(deployTypes); await _context.SaveChangesAsync(); try { _context.Update(tennantparam); await _context.SaveChangesAsync(); } catch (DbUpdateConcurrencyException) { if (!TennantParamExists(tennantparam.TennantParamID)) { return(NotFound()); } else { throw; } } } return(RedirectToAction("Index", "DeployTypes", new { id = tennantDeployParams.TennantID })); } return(RedirectToAction("Index", "DeployTypes", new { id = tennantDeployParams.TennantID })); }
private void CheckVulnsExceptAuth(RESTApi restDesc, VulnerabilitiesVulnerability vuln, WSDescriberForReport WSItemVulnerabilities, ReportObject reportObject, bool isDebug, ref List <Param> respHeader, RestHTTPHelper HttpHelper, string customRequestHeader) { CheckVulnsForURLParams(restDesc, vuln, WSItemVulnerabilities, reportObject, isDebug, ref respHeader, HttpHelper, customRequestHeader); CheckVulnsForPostParams(restDesc, vuln, WSItemVulnerabilities, reportObject, isDebug, ref respHeader, HttpHelper, customRequestHeader); }
private void CheckUnAuthenticatedMethod(RESTApi restDesc, VulnerabilitiesVulnerability vuln, WSDescriberForReport WSItemVulnerabilities, ReportObject reportObject, bool isDebug, ref List <Param> respHeader, RestHTTPHelper HttpHelper, string customRequestHeader) { HttpWebResponseWrapper response = null; try { reportObject.TotalRequestCount++; response = HttpHelper.GetHttpWebResponseWithDefaultParams(restDesc, false, ref respHeader, customRequestHeader); } catch (WebException wEx) { //if (wEx.Response.s) bool authErrorReceived = false; try { HttpWebResponse wr = (HttpWebResponse)wEx.Response; if (vuln.statusCode.Equals(((int)wr.StatusCode).ToString())) { authErrorReceived = true; } } catch { } if (!authErrorReceived) { SetWebException(restDesc.NormalizedURL, wEx, WSItemVulnerabilities, "Web Exception During Authentication Check", isDebug); } } catch (Exception ex) { throw ex; } if (response != null && response.WebResponse != null) { if (!vuln.statusCode.Equals(((int)response.WebResponse.StatusCode).ToString())) // status code != 401, no redirection { VulnerabilityForReport authVuln = new VulnerabilityForReport(); authVuln.Vuln = MainForm.vulnerabilities.Vulnerability.Where(v => v.id == 1).FirstOrDefault(); authVuln.VulnerableMethodName = restDesc.Url.AbsoluteUri; authVuln.VulnerableParamName = ""; authVuln.Payload = ""; authVuln.Response = response.ResponseBody; authVuln.StatusCode = response.WebResponse.StatusCode.ToString(); WSItemVulnerabilities.Vulns.Add(authVuln); mainForm.Log(" Auth Vulnerability Found: " + response.ResponseBody + " - status code is : " + response.WebResponse.StatusCode.ToString(), FontStyle.Bold, true, false); } } }
public static void RefreshPage() { List <Group> groups; List <Problem> problems; RESTApi.ServerUrl = "http://localhost:8082"; string path = "/groups"; groups = JsonConvert.DeserializeObject <List <Group> >(RESTApi.Get(path)); cb.Items.Clear(); foreach (Group item in groups) { ComboBoxItem combo = new ComboBoxItem(); combo.Content = item.Name; combo.Tag = item.Id; cb.Items.Add(combo); } // lv.Items.Clear(); path = "/problems?TeacherId=" + LoginPage.LogUser.Id; problems = JsonConvert.DeserializeObject <List <Problem> >(RESTApi.Get(path)); lv.ItemsSource = problems; List <Arguments> args = new List <Arguments>(); Arguments arg = new Arguments(); arg.className = "MyNamespace.MyClass"; arg.methodName = "MyMethod"; Argument argument = new Argument(); argument.type = typeof(int).FullName; argument.value = (int)6; arg.args.Add(argument); argument = new Argument(); argument.type = typeof(string).FullName; argument.value = (string)"hello"; arg.args.Add(argument); argument = new Argument(); argument.type = typeof(string).FullName; argument.value = (string)"hi"; arg.result = argument; args.Add(arg); InTB.Text = JsonConvert.SerializeObject(args); }
private void CheckVulnsForURLParams(RESTApi restDesc, VulnerabilitiesVulnerability vuln, WSDescriberForReport WSItemVulnerabilities, ReportObject reportObject, bool isDebug, ref List <Param> respHeader, RestHTTPHelper HttpHelper, string customRequestHeader) { //CheckVulnsForParams(restDesc.NormalizedURL, restDesc.UrlParameters, vuln, WSItemVulnerabilities, // reportObject, isDebug, ref respHeader); if (restDesc.UrlParameters != null && restDesc.UrlParameters.Count > 0) { string postDataWithDefault = HttpHelper.GetDefaultValuesForParam(restDesc.NormalizedPostData, restDesc.PostParameters, true); for (int i = 0; i < restDesc.UrlParameters.Count; i++) { if (i == restDesc.UrlParameters[i].Index) { foreach (string payload in vuln.request) { bool vulnFoundForParam = false; string newUrl = restDesc.NormalizedURL.Replace("{" + i + "}", payload.Trim()); newUrl = SetParameterDefaultValue(newUrl, restDesc.UrlParameters, restDesc.UrlParameters[i].Index, isDebug, false); HttpWebResponseWrapper response = null; try { reportObject.TotalRequestCount++; response = HttpHelper.GetHttpWebResponse(restDesc, newUrl, postDataWithDefault, true, ref respHeader, customRequestHeader); } catch (WebException wEx) { SetWebException(newUrl, wEx, WSItemVulnerabilities, payload, isDebug); } catch (Exception ex) { throw ex; } if (response != null && response.WebResponse != null) { SearcForVuln(response, WSItemVulnerabilities, vuln, payload, ref vulnFoundForParam, newUrl, isDebug, restDesc.UrlParameters[i].Index); } if (vulnFoundForParam) { break; } } } } } }
// GET: TennantParams/Edit/5 public async Task <IActionResult> Edit(int Id) { var encrypt = new RESTApi(_storageConfig, hostingEnv); string[] Keys = await encrypt.EncryptionKeys(); var encryption = new Encryption(Keys[1], Keys[0], 1, Keys[2], 256); var deploy = _context.DeployTypes.Include(d => d.Tennants).Where(d => d.DeployTypeID == Id).FirstOrDefault(); var viewModel = new TennantDeployParams(); viewModel.DeployTypeID = Id; viewModel.DeployName = deploy.DeployName; viewModel.DeploySaved = deploy.DeploySaved; var TenantParams = await _service.GetTenantParams(Id); var parameters = TenantParams.TennantParams.ToList(); viewModel.DeployName = TenantParams.DeployName; viewModel.DeployParams = new List <DeployParam>(); viewModel.TennantName = deploy.Tennants.TennantName; viewModel.TennantID = deploy.Tennants.TennantID; viewModel.DeployParamID = new List <int>(); viewModel.ParamName = new List <string>(); viewModel.ParamValue = new List <string>(); viewModel.ParamType = new List <string>(); viewModel.ParamToolTip = new List <string>(); viewModel.TennantParamID = new List <int>(); viewModel.DeployParamID = new List <int>(); foreach (var param in parameters) { viewModel.TennantParamID.Add(param.TennantParamID); viewModel.DeployParamID.Add(param.DeployParamID); viewModel.ParamName.Add(param.ParamName); if (param.ParamType == "password") { var decrypted = encryption.DecryptString(param.ParamValue); viewModel.ParamValue.Add(param.ParamValue = decrypted); } else { viewModel.ParamValue.Add(param.ParamValue); } viewModel.ParamType.Add(param.ParamType); viewModel.ParamToolTip.Add(param.ParamToolTip); } return(View(viewModel)); }
public async Task Execute(IJobExecutionContext context) { RESTApi.ServerUrl = "http://*****:*****@gmail.com"); //msg.To.Add(users[0].Email); msg.To.Add("*****@*****.**"); msg.Subject = "Stats - " + DateTime.Now.ToString(); foreach (StudentFile sf in item.Value) { msg.Body += sf.user.FullName + ", " + sf.problem.Subject + " " + sf.state.Status + "\n"; } SmtpClient client = new SmtpClient(); client.UseDefaultCredentials = true; client.Host = "smtp.gmail.com"; client.Port = 587; client.EnableSsl = true; client.DeliveryMethod = SmtpDeliveryMethod.Network; client.Credentials = new NetworkCredential("*****@*****.**", "Qwerty`123"); client.Timeout = 20000; try { client.Send(msg); Console.WriteLine("Mail with stats has been successfully sent!"); } catch (Exception ex) { Console.WriteLine("Fail Has error" + ex.Message); } finally { msg.Dispose(); } item.Value.Clear(); } } }
public void ScanVulnerabilities(VulnerabilitiesVulnerability vuln, RESTApi restDesc, WSDescriberForReport WSItemVulnerabilities, ReportObject reportObject, bool isDebug, ref List <Param> respHeader, RestHTTPHelper HttpHelper, string customRequestHeader) { if (vuln.id == 1) // check authentication { CheckUnAuthenticatedMethod(restDesc, vuln, WSItemVulnerabilities, reportObject, isDebug, ref respHeader, HttpHelper, customRequestHeader); } else { CheckVulnsExceptAuth(restDesc, vuln, WSItemVulnerabilities, reportObject, isDebug, ref respHeader, HttpHelper, customRequestHeader); } }
public LoginPage() { InitializeComponent(); string path = "/users?IsTeacher=true"; RESTApi.ServerUrl = "http://localhost:8082"; users = JsonConvert.DeserializeObject <List <User> >(RESTApi.Get(path)); foreach (User item in users) { ComboBoxItem combo = new ComboBoxItem(); combo.Content = item.FullName; combo.FontSize = 25; combo.Tag = item.Id; TeacherComboBox.Items.Add(combo); } }
public LoginPage() { InitializeComponent(); RESTApi.ServerUrl = "http://localhost:8082"; string path = "/groups"; List <Group> groups; groups = JsonConvert.DeserializeObject <List <Group> >(RESTApi.Get(path)); foreach (Group item in groups) { ComboBoxItem combo = new ComboBoxItem(); combo.Content = item.Name; combo.Tag = item.Id; GroupComboBox.Items.Add(combo); } }
private void GroupComboBox_SelectionChanged(object sender, SelectionChangedEventArgs e) { StudentComboBox.Items.Clear(); if (GroupComboBox.SelectedIndex != -1) { string path = "/users?GroupId=" + ((ComboBoxItem)GroupComboBox.SelectedItem).Tag; List <User> users; users = JsonConvert.DeserializeObject <List <User> >(RESTApi.Get(path)); foreach (User item in users) { ComboBoxItem combo = new ComboBoxItem(); combo.Content = item.FullName; combo.Tag = item.Id; StudentComboBox.Items.Add(combo); } } }
private void LoginButton_Click(object sender, RoutedEventArgs e) { if (StudentComboBox.SelectedIndex != -1) { string path = "/users?Id=" + ((ComboBoxItem)StudentComboBox.SelectedItem).Tag; List <User> users; users = JsonConvert.DeserializeObject <List <User> >(RESTApi.Get(path)); if (users[0].Password == PasswordPB.Password) { LogUser = users[0]; MainWindow.mf.Source = new Uri("View/MainPage.xaml", UriKind.RelativeOrAbsolute); } else { MessageBox.Show("Wrong password"); } } }
public async Task <IActionResult> Create(TennantDeployParams tennantDeployParams) { var encrypt = new RESTApi(_storageConfig, hostingEnv); string [] Keys = await encrypt.EncryptionKeys(); var encryption = new Encryption(Keys[1], Keys[0], 1, Keys[2], 256); if (ModelState.IsValid) { for (var i = 0; i < tennantDeployParams.DeployParamID.Count(); i++) { var tennantparam = new TennantParam(); if (tennantDeployParams.ParamType[i] == "password") { var encrypted = encryption.EncryptString(tennantDeployParams.ParamValue[i]); tennantparam.ParamValue = encrypted; } else { tennantparam.ParamValue = tennantDeployParams.ParamValue[i]; } tennantparam.DeployParamID = tennantDeployParams.DeployParamID[i]; tennantparam.ParamName = tennantDeployParams.ParamName[i]; tennantparam.ParamType = tennantDeployParams.ParamType[i]; tennantparam.DeployTypeID = tennantDeployParams.DeployTypeID; tennantparam.ParamToolTip = tennantDeployParams.ParamToolTip[i]; if (TryValidateModel(tennantparam)) { _context.Add(tennantparam); await _context.SaveChangesAsync(); } await _context.SaveChangesAsync(); } return(RedirectToAction("Index", "DeployTypes", new { id = tennantDeployParams.TennantID })); } return(RedirectToAction("Index", "DeployTypes", new { id = tennantDeployParams.TennantID })); }
public async Task <IActionResult> GetConAccessPolicy(int Id) { var deployTypes = _context.DeployTypes.Include(d => d.Tennants).Where(d => d.DeployTypeID == Id).FirstOrDefault(); var tokenResults = RESTApi.GraphToken(deployTypes.Tennants.AzureTennantID, deployTypes.Tennants.AzureClientID, deployTypes.Tennants.AzureClientSecret); RESTApi.AccessToken AccessToken = JsonConvert.DeserializeObject <RESTApi.AccessToken>(tokenResults.Result); string accesstoken = AccessToken.access_token; string uri = "https://graph.microsoft.com/beta/conditionalAccess/Policies"; var result = await RESTApi.GraphGetAction(accesstoken, uri); JObject o = JObject.Parse(result); deployTypes.DeploySaved = "N/A"; deployTypes.DeployResult = result; deployTypes.DeployState = "N/A"; deployTypes.DeployState = "Deployed"; _context.Update(deployTypes); await _context.SaveChangesAsync(); return(RedirectToAction("Index", "DeployTypes", new { Id = deployTypes.TennantID })); }
private HttpWebRequest GetHttpWebReq(RESTApi restDesc, string url, string postData, bool useAuthIfExists, string customRequestHeader) { HttpWebRequest wr = (HttpWebRequest)HttpWebRequest.Create(url); wr.ContentType = restDesc.ContentType; wr.Method = restDesc.Method; wr.UserAgent = MainForm.UserAgentHeader; //wr.Connection = "keep-alive"; wr.Proxy = WebRequest.DefaultWebProxy; wr.Credentials = System.Net.CredentialCache.DefaultCredentials; wr.Proxy.Credentials = System.Net.CredentialCache.DefaultCredentials; if (!string.IsNullOrEmpty(customRequestHeader)) { wr.Headers.Add(customRequestHeader); } if (useAuthIfExists) { if (restDesc.BasicAuthentication != null && !string.IsNullOrEmpty(restDesc.BasicAuthentication.Username)) { wr.Credentials = new NetworkCredential(restDesc.BasicAuthentication.Username, restDesc.BasicAuthentication.Password); } } if (!string.IsNullOrEmpty(postData)) { wr.ContentLength = Encoding.UTF8.GetByteCount(postData); using (Stream stream = wr.GetRequestStream()) { stream.Write(Encoding.UTF8.GetBytes(postData), 0, Encoding.UTF8.GetByteCount(postData)); stream.Close(); } } return(wr); }
//########################################## //## CheckQueue ## //########################################## public async Task <string> CheckQueue(int Id) { var QueueList = _context.Queue.Include(q => q.DeployType).Where(q => q.DeployTypeId == Id).FirstOrDefault(); string tennantID = QueueList.DeployType.Tennant.AzureTennantId; string clientID = QueueList.DeployType.Tennant.AzureClientId; string secret = QueueList.DeployType.Tennant.AzureClientSecret; string subscriptionID = QueueList.DeployType.Tennant.AzureSubscriptionId; string resourcegroup = QueueList.Resourcegroup; if (string.IsNullOrEmpty(resourcegroup) == true) { resourcegroup = QueueList.DeployType.Tennant.ResourceGroupName; } string azuredeploy = QueueList.Azuredeploy; var results = RESTApi.PostAction(tennantID, clientID, secret); RESTApi.AccessToken AccessToken = JsonConvert.DeserializeObject <RESTApi.AccessToken>(results.Result); string accesstoken = AccessToken.access_token; var getcontent = RESTApi.GetAsync(subscriptionID, resourcegroup, accesstoken, azuredeploy); if (await getcontent == null) { QueueList.DeployType.DeployResult = ""; } else { QueueList.DeployType.DeployResult = await getcontent; } _context.Update(QueueList.DeployType); await _context.SaveChangesAsync(); var content = await getcontent; return(content); }
public RestHTTPHelper(ref RESTApi restDesc, ref bool untrustedSSLSecureChannel, ref List <Param> respHeader, string customRequestHeader) { HttpWebRequest wr = GetHttpWebReqWithDefaultParams(restDesc, true, customRequestHeader); HttpWebResponse wres = null; try { wres = (HttpWebResponse)wr.GetResponse(); } catch (WebException wex) { if (wex.Status == WebExceptionStatus.TrustFailure) { ServicePointManager.ServerCertificateValidationCallback = delegate { return(true); }; wr = GetHttpWebReqWithDefaultParams(restDesc, true, customRequestHeader); wres = (HttpWebResponse)wr.GetResponse(); untrustedSSLSecureChannel = true; } } if (wres != null) { for (int i = 0; i < wres.Headers.Count; ++i) { respHeader.Add(new Param() { Name = wres.Headers.Keys[i].ToLowerInvariant(), Value = wres.Headers[i].ToLowerInvariant() }); } StreamReader streamReader = new StreamReader(wres.GetResponseStream()); string response = streamReader.ReadToEnd(); } }
public StatesPage() { InitializeComponent(); int ProblemId = ((Problem)ProblemPage.lv.SelectedItem).Id; List <User> users = new List <User>(); string path = "/users"; users = JsonConvert.DeserializeObject <List <User> >(RESTApi.Get(path)); List <State> states = new List <State>(); path = "/states?ProblemId=" + ProblemId; states = JsonConvert.DeserializeObject <List <State> >(RESTApi.Get(path)); List <Group> groups = new List <Group>(); path = "/groups"; groups = JsonConvert.DeserializeObject <List <Group> >(RESTApi.Get(path)); List <UserState> userstates = new List <UserState>(); foreach (State item in states) { UserState tmp = new UserState(); tmp.StateStatus = item.Status; tmp.UserGroupId = users.FirstOrDefault(x => x.Id == item.UserId).GroupId; tmp.UserName = users.FirstOrDefault(x => x.Id == item.UserId).FullName; tmp.GroupName = groups.FirstOrDefault(x => x.Id == tmp.UserGroupId).Name; userstates.Add(tmp); } UserStatesLV.ItemsSource = userstates; }
private void CheckWebServerVulns(RESTApi restDesc, VulnerabilitiesVulnerability vuln, WSDescriberForReport WSItemVulnerabilities, ReportObject reportObject, bool isDebug, ref List <Param> respHeader, RestHTTPHelper HttpHelper, string customRequestHeader, string methodName, string httpMethodName) { HttpWebResponseWrapper response = null; try { reportObject.TotalRequestCount++; response = HttpHelper.GetHttpWebResponseForWebServerVuln(restDesc.Url.Scheme + "://" + restDesc.Url.Host + ":" + restDesc.Url.Port, restDesc.BasicAuthentication, ref respHeader, customRequestHeader, httpMethodName); } catch (Exception ex) { mainForm.Log(" " + methodName + " - Exception: " + ex.ToString(), FontStyle.Regular, true, true); } if (response != null && response.WebResponse != null) { if (vuln.statusCode.Equals(((int)response.WebResponse.StatusCode).ToString())) // status code == 200 { VulnerabilityForReport newVuln = new VulnerabilityForReport(); newVuln.Vuln = vuln; newVuln.VulnerableMethodName = restDesc.Url.AbsoluteUri + ":" + restDesc.Url.Port; newVuln.VulnerableParamName = ""; newVuln.Payload = ""; newVuln.Response = response.ResponseBody; newVuln.StatusCode = response.WebResponse.StatusCode.ToString(); WSItemVulnerabilities.Vulns.Add(newVuln); mainForm.Log(" " + methodName + " is enabled: " + response.ResponseBody + " - status code is : " + response.WebResponse.StatusCode.ToString(), FontStyle.Bold, true, false); } } }
public HttpWebResponseWrapper GetHttpWebResponseWithDefaultParams(RESTApi restDesc, bool useAuthIfExists, ref List <Param> respHeader, string customRequestHeader) { return(GetHttpWebResponse(restDesc, GetDefaultValuesForParam(restDesc.NormalizedURL, restDesc.UrlParameters, false), GetDefaultValuesForParam(restDesc.NormalizedPostData, restDesc.PostParameters, true), useAuthIfExists, ref respHeader, customRequestHeader)); }
public RESTInfoEntry(MainForm mainForm, RESTApi restAPI) { InitializeComponent(); this.mainForm = mainForm; this.restAPI = restAPI; }
private HttpWebRequest GetHttpWebReqWithDefaultParams(RESTApi restDesc, bool useAuthIfExists, string customRequestHeader) { return(GetHttpWebReq(restDesc, GetDefaultValuesForParam(restDesc.NormalizedURL, restDesc.UrlParameters, false), GetDefaultValuesForParam(restDesc.NormalizedPostData, restDesc.PostParameters, true), useAuthIfExists, customRequestHeader)); }