protected override HttpRequestInfo OnBeforeRequestToSite(HttpRequestInfo requestInfo)
{
requestInfo = base.OnBeforeRequestToSite(requestInfo);
if (!_isNonEssential)
{
bool mutated;
requestInfo = _parentProxy.HandleRequest(requestInfo, out mutated);
if (mutated)
{
CurrDataStoreRequestInfo.Description = "Custom Test";
}
TrafficDataStore.SaveRequest(CurrDataStoreRequestInfo.Id, requestInfo.ToArray(false));
TrafficDataStore.UpdateRequestInfo(CurrDataStoreRequestInfo);
}
return(requestInfo);
}
protected override HttpResponseInfo OnBeforeResponseToClient(HttpResponseInfo responseInfo)
{
responseInfo = base.OnBeforeResponseToClient(responseInfo);
if (!_isNonEssential)
{
//validate if the test was successful
if (_parentProxy.ValidateResponse(responseInfo))
{
//the test was found
CurrDataStoreRequestInfo.Description = "Vulnerable Response";
TrafficDataStore.UpdateRequestInfo(CurrDataStoreRequestInfo);
}
}
return(responseInfo);
}
private void TrackRequestContext(HttpRequestInfo requestInfo)
{
foreach (TrackingPattern pattern in _autoTrackingPatternList.Values)
{
string rawRequest = requestInfo.ToString();
string needle = Utils.RegexFirstGroupValue(rawRequest, pattern.RequestPattern);
if (String.IsNullOrWhiteSpace(needle))
{
continue;
}
//first search for the path of the current request in responses
LineMatches results = SearchParameterValue(needle);
if (results.Count == 0)
{
needle = Utils.UrlDecode(needle);
results = SearchParameterValue(needle);
}
//if any of the two searches returned results
if (results.Count != 0)
{
//get the last match to extract the request context
var match = results[results.Count - 1];
CurrDataStoreRequestInfo.RefererId = match.RequestId;
//replace the path in the match
string requestContext = match.Line.Replace(needle, REQ_CONTEXT_ID);
if (requestContext.Length > MAX_REQUEST_CONTEXT_SIZE)
{
requestContext = TrimRequestContext(requestContext);
}
//also replace hexadecimal values
requestContext = Regex.Replace(requestContext, HEX_REGEX, HEX_VAL);
//escape the line
requestContext = Regex.Escape(requestContext);
//insert the group
requestContext = requestContext.Replace(REQ_CONTEXT_ID, RX_GROUP);
//insert the HEX regex
requestContext = requestContext.Replace(HEX_VAL, HEX_REGEX);
CurrDataStoreRequestInfo.RequestContext = requestContext;
CurrDataStoreRequestInfo.TrackingPattern = pattern.Name;
TrafficDataStore.UpdateRequestInfo(CurrDataStoreRequestInfo);
string originalPath = requestInfo.Path;
CurrDataStoreRequestInfo.UpdatedPath = originalPath;
//change the path of the request
HttpRequestInfo newReq = new HttpRequestInfo(requestInfo.ToArray(false), false);
//we are only replacing the last portion of the path and the query string to prevent relative path issues and also cookie path issues
int lastIndexOfSlash = originalPath.LastIndexOf('/');
if (lastIndexOfSlash >= 0)
{
originalPath = originalPath.Substring(0, lastIndexOfSlash + 1);
}
newReq.Path = String.Format("{0}{1}{2}", originalPath, REQ_ID_STRING, CurrDataStoreRequestInfo.Id);
TrafficDataStore.SaveRequest(CurrDataStoreRequestInfo.Id, newReq.ToArray(false));
HttpServerConsole.Instance.WriteLine
("Found request context for request '{0}' id: {1}, referer id:{2}",
requestInfo.Path, CurrDataStoreRequestInfo.Id, CurrDataStoreRequestInfo.RefererId);
HttpServerConsole.Instance.WriteLine
(requestContext);
return; //we can only have one tracking pattern per request
}
}
}
