public void CustomTestProxy_TestFirstRequestRegex() { MockProxy mockSite = new MockProxy(); string first = "GET / HTTP/1.1\r\n"; string second = "POST /r1 HTTP/1.1\r\n\r\np1=1234\r\n"; string third = "POST /r2 HTTP/1.1\r\n\r\np2=1234\r\n\r\n"; mockSite.MockSite.AddRequestResponse(first, "HTTP/1.1 200 OK\r\n\r\nbla"); mockSite.MockSite.AddRequestResponse(second, "HTTP/1.1 200 OK\r\n\r\nroot:0:0"); mockSite.MockSite.AddRequestResponse(third, "HTTP/1.1 200 OK\r\n\r\nroot:0:0"); mockSite.Start(); CustomTestsFile testFile = GetCustomTestFile(); TrafficViewerFile testDataStore = new TrafficViewerFile(); MockTestController mockTestController = new MockTestController(); SequentialAttackProxy testProxy = new SequentialAttackProxy(mockTestController, testFile, testDataStore); testFile.PatternOfFirstRequestToTest = "r2"; testProxy.Start(); SendRequestThroughTestProxy(first, testProxy, mockSite); SendRequestThroughTestProxy(second, testProxy, mockSite); SendRequestThroughTestProxy(third, testProxy, mockSite); testProxy.Stop(); Assert.IsFalse(mockTestController.IssuesFound.ContainsKey("p1")); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("p2")); }
public BaseAttackProxy GetTestProxy(INetworkSettings networkSettings, bool isSequential) { BaseAttackProxy testProxy; if (isSequential) { testProxy = new SequentialAttackProxy(this, _testFile, _trafficFile, TrafficViewerOptions.Instance.TrafficServerIp, TrafficViewerOptions.Instance.TrafficServerPort); } else { testProxy = new DriveByAttackProxy(this, _testFile, _trafficFile, TrafficViewerOptions.Instance.TrafficServerIp, TrafficViewerOptions.Instance.TrafficServerPort); } testProxy.NetworkSettings.WebProxy = networkSettings.WebProxy; testProxy.NetworkSettings.CertificateValidationCallback = networkSettings.CertificateValidationCallback; return(testProxy); }
public void CustomTestProxy_500Error() { MockProxy mockSite = new MockProxy(); string first = "GET / HTTP/1.1\r\n"; string second = Resources.IdeasPmc; string third = "POST /r2 HTTP/1.1\r\n\r\np2=1234\r\n\r\n"; mockSite.MockSite.AddRequestResponse(first, "HTTP/1.1 200 OK\r\n\r\nbla"); mockSite.MockSite.AddRequestResponse(second, "HTTP/1.1 200 OK\r\n\r\nroot:0:0"); mockSite.MockSite.AddRequestResponse(third, "HTTP/1.1 200 OK\r\n\r\nbla"); mockSite.Start(); CustomTestsFile testFile = GetCustomTestFile(); TrafficViewerFile testDataStore = new TrafficViewerFile(); MockTestController mockTestController = new MockTestController(); SequentialAttackProxy testProxy = new SequentialAttackProxy(mockTestController, testFile, testDataStore); testFile.PatternOfFirstRequestToTest = ".*pmc"; testProxy.Start(); HttpResponseInfo respInfo; for (int i = 0; i < 2; i++) { respInfo = SendRequestThroughTestProxy(first, testProxy, mockSite); Assert.AreNotEqual(500, respInfo.Status); SendRequestThroughTestProxy(second, testProxy, mockSite); Assert.AreNotEqual(500, respInfo.Status); SendRequestThroughTestProxy(third, testProxy, mockSite); Assert.AreNotEqual(500, respInfo.Status); } testProxy.Stop(); Assert.IsFalse(mockTestController.IssuesFound.ContainsKey("p2")); Assert.IsTrue(mockTestController.IssuesFound.ContainsKey("itoken")); }
public HttpResponseInfo CustomTestUnitExecution(string request, MockTestController mockTestController, SequentialAttackProxy testProxy = null, MockProxy mockSite = null) { bool shouldStopMockSite = false; if (mockSite == null) { shouldStopMockSite = true; mockSite = new MockProxy(request, "HTTP/1.1 200 OK\r\n\r\nroot:0:0"); mockSite.Start(); } CustomTestsFile testFile = GetCustomTestFile(); bool shouldStopTestProxy = false; if (testProxy == null) { shouldStopTestProxy = true; TrafficViewerFile testDataStore = new TrafficViewerFile(); testProxy = new SequentialAttackProxy(mockTestController, testFile, testDataStore); testProxy.Start(); } var response = SendRequestThroughTestProxy(request, testProxy, mockSite); if (shouldStopMockSite) { mockSite.Stop(); } if (shouldStopTestProxy) { testProxy.Stop(); } return(response); }
public IHttpProxy MakeProxy(string type) { HttpServerConsole.Instance.WriteLine(LogMessageType.Information, "Created proxy '{0}'", type); string host = TrafficViewerOptions.Instance.TrafficServerIp; int port = TrafficViewerOptions.Instance.TrafficServerPort; int securePort = TrafficViewerOptions.Instance.TrafficServerPortSecure; ITrafficDataAccessor dataStore = TrafficViewer.Instance.TrafficViewerFile; var exploiter = new CustomTestsExploiter(); IHttpProxy result = null; if (type.Equals(Resources.CaptureProxy)) { result = new AdvancedExploreProxy(host, port, dataStore); } else if (type.Equals(Resources.DriveByAttackProxy)) { result = new DriveByAttackProxy(exploiter, dataStore, host, port); } else if (type.Equals(Resources.SequentialAttackProxy)) { result = new SequentialAttackProxy(exploiter, dataStore, host, port); } else if (type.Equals(Resources.ReverseProxy)) { result = new ReverseProxy(host, port, securePort, dataStore); } else if (type.Equals(Resources.TrafficFileProxy)) { result = new TrafficStoreProxy(dataStore, dataStore, host, port, securePort); } else if (type.Equals(Resources.BinaryReverseProxy)) { result = new BinaryReverseProxy(host, port, securePort, dataStore); } else if (type.Equals(Resources.TrackingProxy)) { result = new TrackingReverseProxy(host, port, securePort, dataStore); } if (result != null) { if (!(result is TrafficStoreProxy)) { if (TrafficViewerOptions.Instance.UseProxy) { WebProxy proxy = new WebProxy(TrafficViewerOptions.Instance.HttpProxyServer, TrafficViewerOptions.Instance.HttpProxyPort); result.NetworkSettings.WebProxy = proxy; } result.NetworkSettings.CertificateValidationCallback = new RemoteCertificateValidationCallback(SSLValidationCallback.ValidateRemoteCertificate); } if (result is BaseAttackProxy) { result.ExtraOptions[BaseAttackProxy.TEST_FILE_PATH] = Path.Combine(TrafficViewerOptions.TrafficViewerAppDataDir, "CustomTests.xml"); } if (result is ReverseProxy || result is BinaryReverseProxy) { result.ExtraOptions[ReverseProxy.FORWARDING_HOST_OPT] = TrafficViewerOptions.Instance.ForwardingHost; result.ExtraOptions[ReverseProxy.FORWARDING_PORT_OPT] = TrafficViewerOptions.Instance.ForwardingPort.ToString(); } } return(result); }
public void Run() { _runnable = true; var customTests = _testFile.GetCustomTests().Values; Tester tester = new Tester(this, _testFile); if (_requestsToTest.Count == 0) { //load the requests to test foreach (var tvReqInfo in _selectedRequests) { _requestsToTest.Enqueue(tvReqInfo); } } _trafficFile.SetState(AccessorState.Loading); while (_runnable && _requestsToTest.Count > 0) { TVRequestInfo workingEntry = _requestsToTest.Peek(); //check the request; byte[] reqBytes = _trafficFile.LoadRequestData(workingEntry.Id); byte[] respBytes = _trafficFile.LoadResponseData(workingEntry.Id); HttpRequestInfo workingReqInfo = null; if (reqBytes == null) { Log("SELECT A NEW REQUEST"); _requestsToTest.Dequeue(); //remove the request; continue; } else { workingReqInfo = new HttpRequestInfo(reqBytes, true); workingReqInfo.IsSecure = workingEntry.IsHttps; } string rawRequest = workingReqInfo.ToString(); string rawResponse = respBytes != null?Constants.DefaultEncoding.GetString(respBytes) : String.Empty; if (ShouldBeTested(rawRequest, _testFile.GetAttackTargetList())) { MultiThreadedTestExecution testExecution = new MultiThreadedTestExecution(tester, rawRequest, rawResponse, new Uri(workingReqInfo.FullUrl), _testFile.NumberOfThreads); bool containsFuzz = rawRequest.Contains(Constants.FUZZ_STRING); foreach (CustomTestDef testDef in customTests) { if (containsFuzz) { testExecution.TestsQueue.Enqueue(new TestJob(String.Empty, String.Empty, RequestLocation.Path, testDef)); } else { //iterate through parameters, cookies and headers foreach (var parameter in workingReqInfo.PathVariables) { testExecution.TestsQueue.Enqueue(new TestJob(parameter.Key, parameter.Value, RequestLocation.Path, testDef)); } foreach (var parameter in workingReqInfo.QueryVariables) { testExecution.TestsQueue.Enqueue(new TestJob(parameter.Key, parameter.Value, RequestLocation.Query, testDef)); } foreach (var parameter in workingReqInfo.BodyVariables) { testExecution.TestsQueue.Enqueue(new TestJob(parameter.Key, parameter.Value, RequestLocation.Body, testDef)); } if (!_testFile.TestOnlyParameters) { foreach (var header in workingReqInfo.Headers) { if (!header.Name.Equals("Host")) { testExecution.TestsQueue.Enqueue(new TestJob(header.Name, header.Value, RequestLocation.Headers, testDef)); } } foreach (var cookie in workingReqInfo.Cookies) { testExecution.TestsQueue.Enqueue(new TestJob(cookie.Key, cookie.Value, RequestLocation.Cookies, testDef)); } } } testExecution.StartTestsAsync(); while (testExecution.IsRunning) { if (!_runnable) { testExecution.CancelTests(); } //wait for the test execution to complete Thread.Sleep(10); } } } if (_requestsToTest.Count > 0) { _requestsToTest.Dequeue(); } } //we also initialize all multi-step operations List <string> multiStepList = _testFile.GetMultiStepList(); _multiStepsToTest = new Queue <string>(); foreach (string path in multiStepList) { if (File.Exists(path)) { _multiStepsToTest.Enqueue(path); } else { SdkSettings.Instance.Logger.Log(TraceLevel.Error, "Multi-Step path '{0}' does not exist.", path); } } while (_multiStepsToTest.Count > 0) { if (!_runnable) { return; } string path = _multiStepsToTest.Peek(); bool isAbl = path.EndsWith(".login"); TrafficViewerFile htd = new TrafficViewerFile(); if (isAbl) { SdkSettings.Instance.Logger.Log(TraceLevel.Error, "ABL files are not supported"); continue; } else { htd.Open(path); } SequentialAttackProxy proxy = GetTestProxy(_netSettings, true) as SequentialAttackProxy; proxy.Start(); DefaultNetworkSettings netSettings = new DefaultNetworkSettings(); netSettings.WebProxy = new WebProxy(proxy.Host, proxy.Port); netSettings.CertificateValidationCallback = _netSettings.CertificateValidationCallback; RequestSender.RequestSender reqSender = new RequestSender.RequestSender(netSettings); do { reqSender.Send(htd); }while (!proxy.TestComplete && _runnable); proxy.Stop(); if (_runnable) { _multiStepsToTest.Dequeue(); } } _trafficFile.SetState(AccessorState.Idle); _runnable = false; }
private void TestMultiSteps() { //we also initialize all multi-step operations List <string> multiStepList = _testFile.GetMultiStepList(); _multiStepsToTest = new Queue <string>(); foreach (string path in multiStepList) { if (File.Exists(path)) { _multiStepsToTest.Enqueue(path); } else { HttpServerConsole.Instance.WriteLine(LogMessageType.Error, "Multi-Step path '{0}' does not exist.", path); } } while (_multiStepsToTest.Count > 0) { if (!_runnable) { return; } string path = _multiStepsToTest.Peek(); bool isAbl = path.EndsWith(".login"); TrafficViewerFile htd = new TrafficViewerFile(); if (isAbl) { HttpServerConsole.Instance.WriteLine(LogMessageType.Error, "ABL files are not supported"); continue; } else { htd.Open(path); } SequentialAttackProxy proxy = GetTestProxy(_netSettings, true) as SequentialAttackProxy; proxy.Start(); DefaultNetworkSettings netSettings = new DefaultNetworkSettings(); netSettings.WebProxy = new WebProxy(proxy.Host, proxy.Port); netSettings.CertificateValidationCallback = _netSettings.CertificateValidationCallback; RequestSender.RequestSender reqSender = new RequestSender.RequestSender(netSettings); do { reqSender.Send(htd); }while (!proxy.TestComplete && _runnable); proxy.Stop(); if (_runnable) { _multiStepsToTest.Dequeue(); } } }