示例#1
0
        internal static void Start()
        {
            if (!EventHandlersAssigned)
            {
                Fiddler.FiddlerApplication.AfterSessionComplete += delegate(Fiddler.Session Sess)
                {
                    IronProxy.AfterSessionComplete(Sess);
                };

                Fiddler.FiddlerApplication.BeforeRequest += delegate(Fiddler.Session Sess)
                {
                    IronProxy.BeforeRequest(Sess);
                };

                Fiddler.FiddlerApplication.BeforeResponse += delegate(Fiddler.Session Sess)
                {
                    IronProxy.BeforeResponse(Sess);
                };

                Fiddler.FiddlerApplication.OverrideServerCertificateValidation += delegate(Fiddler.Session Sess, string sExpectedCN, X509Certificate ServerCertificate, X509Chain ServerCertificateChain, SslPolicyErrors sslPolicyErrors, out bool bTreatCertificateAsValid)
                {
                    string SSLError = sslPolicyErrors.ToString();
                    if (!SSLError.Equals("None"))
                    {
                        PluginResult PR = new PluginResult(Sess.host);
                        PR.Plugin = "Internal SSL Checker";
                        PR.Severity = PluginResultSeverity.Medium;
                        PR.Confidence = PluginResultConfidence.High;
                        PR.Title = string.Format("SSL Certificate Error for {0}:{1} ", new object[]{Sess.host, Sess.port.ToString()});
                        PR.Summary = string.Format("The remote server running Host: {0} and Port: {1} returned an invalid SSL certificate.<i<br>> <i<h>>Error:<i</h>> {2}. <i<br>> <i<h>>Certificate Details:<i</h>> {3}", new object[] { Sess.host, Sess.port.ToString() , sslPolicyErrors.ToString(), ServerCertificate.Subject });
                        PR.Signature = string.Format("SSLCertificateChecker|{0}|{1}|{2}", new object[] { Sess.host, Sess.port.ToString(), sslPolicyErrors.ToString() });
                        IronUpdater.AddPluginResult(PR);
                        bTreatCertificateAsValid = false;
                        Sess.oFlags.Add("IronFlag-SslError", "Yes");
                        return false;
                    }
                    else
                    {
                        bTreatCertificateAsValid = true;
                        return true;
                    }
                };

                Fiddler.FiddlerApplication.OnNotification += delegate(object Sender, Fiddler.NotificationEventArgs Args)
                {
                    if (Args.NotifyString.Contains("Unable to bind to port"))
                    {
                        IronProxy.Stop();
                        IronException.Report("Proxy could not be stared", "Listening Proxy could not be started. Likely reason could be the use of the port by another process","");
                        IronUI.ShowProxyStoppedError("Proxy Not Started! All features depend on the proxy, start proxy to activate them.");
                    }
                };

                EventHandlersAssigned = true;
            }

            Fiddler.CONFIG.IgnoreServerCertErrors = true;
            IronUI.UpdateProxyStatusInConfigPanel(true);
            if (IronProxy.LoopBackOnly)
            {
                Fiddler.FiddlerApplication.Startup(IronProxy.Port, Fiddler.FiddlerCoreStartupFlags.DecryptSSL);
            }
            else
            {
                Fiddler.FiddlerApplication.Startup(IronProxy.Port, Fiddler.FiddlerCoreStartupFlags.DecryptSSL | Fiddler.FiddlerCoreStartupFlags.AllowRemoteClients);
            }
        }
示例#2
0
 public void AddResult(PluginResult PR)
 {
     this.PRs.Add(PR);
     PR.Plugin = this.ActivePluginName;
     IronUpdater.AddPluginResult(PR);
 }
示例#3
0
 internal static void AddPluginResult(PluginResult PR)
 {
     if (PR != null)
     {
         lock (PluginResultQ)
         {
             PluginResultQ.Enqueue(PR);
         }
     }
 }
示例#4
0
 public void AddResult(PluginResult PR)
 {
     this.PRs.Add(PR);
     PR.Plugin = this.ActivePluginName;
     PR.Report();
 }
示例#5
0
文件: IronDB.cs 项目: mskr30/IronWASP
 internal static List<PluginResult> GetPluginResultsLogRecords(int StartID)
 {
     List<PluginResult> PluginResultsLogRecords = new List<PluginResult>();
     SQLiteConnection DB = new SQLiteConnection("data source=" + PluginResultsLogFile);
     DB.Open();
     SQLiteCommand cmd = DB.CreateCommand();
     cmd.CommandText = "SELECT ID, HostName, Title, Plugin, UniquenessString, Severity, Confidence, Type FROM PluginResult WHERE ID > @StartID LIMIT 1000";
     cmd.Parameters.AddWithValue("@StartID", StartID);
     SQLiteDataReader result = cmd.ExecuteReader();
     while (result.Read())
     {
         PluginResult PR = new PluginResult(result["HostName"].ToString());
         PR.Id = Int32.Parse(result["ID"].ToString());
         PR.Title = result["Title"].ToString();
         PR.Plugin = result["Plugin"].ToString();
         PR.AffectedHost = result["HostName"].ToString();
         PR.Severity = GetSeverity(Int32.Parse(result["Severity"].ToString()));
         PR.Confidence = GetConfidence(Int32.Parse(result["Confidence"].ToString()));
         PR.ResultType = GetResultType(Int32.Parse(result["Type"].ToString()));
         PR.Signature = result["UniquenessString"].ToString();
         PluginResultsLogRecords.Add(PR);
     }
     result.Close();
     DB.Close();
     return PluginResultsLogRecords;
 }
示例#6
0
文件: IronUI.cs 项目: welias/IronWASP
        internal static void UpdateResultsTab(PluginResult PR)
        {
            if (UI.ResultsDisplayRTB.InvokeRequired)
            {
                UpdateResultsTab_d URT_d = new UpdateResultsTab_d(UpdateResultsTab);
                UI.Invoke(URT_d, new object[] { PR });
            }
            else
            {
                ResetPluginResultsTab();
                StringBuilder SB = new StringBuilder(@"{\rtf1{\colortbl ;\red0\green77\blue187;\red247\green150\blue70;\red255\green0\blue0;\red0\green200\blue50;}");
                SB.Append(@" \b \fs30"); SB.Append(Tools.RtfSafe(PR.Title)); SB.Append(@"\b0  \fs20  \par  \par");
                SB.Append(@" \cf1 \b ID: \b0 \cf0 "); SB.AppendLine(Tools.RtfSafe(PR.Id.ToString())); SB.Append(@" \par");
                SB.Append(@" \cf1 \b Plugin: \b0 \cf0 "); SB.AppendLine(Tools.RtfSafe(PR.Plugin)); SB.Append(@" \par");
                if (PR.ResultType == PluginResultType.Vulnerability)
                {
                    SB.Append(@" \cf1 \b Severity: \b0 \cf0 "); SB.AppendLine(Tools.RtfSafe(PR.Severity.ToString())); SB.Append(@" \par");
                    SB.Append(@" \cf1 \b Confidence: \b0 \cf0 "); SB.AppendLine(Tools.RtfSafe(PR.Confidence.ToString())); SB.Append(@" \par");
                }
                SB.Append(@" \par");
                SB.Append(@" \cf1 \b Summary: \b0 \cf0  \par ");
                SB.AppendLine(Tools.RtfSafe(PR.Summary));
                SB.Append(@" \par \par");
                UI.ResultsDisplayRTB.Rtf = SB.ToString();

                for (int i=0; i < PR.Triggers.GetTriggers().Count; i++ )
                {
                    UI.ResultsTriggersGrid.Rows.Add(new object[] { (i + 1).ToString() });
                }
                if (UI.ResultsTriggersGrid.Rows.Count > 0)
                {
                    UI.ResultsTriggersGrid.Rows[0].Selected = true;
                    DisplayPluginResultsTrigger(0);
                }
                if (!UI.main_tab.SelectedTab.Name.Equals("mt_results")) UI.main_tab.SelectTab("mt_results");
            }
        }
示例#7
0
 public void Remove(PluginResult PR)
 {
     this.ResultList.Remove(PR);
 }
示例#8
0
文件: IronDB.cs 项目: mskr30/IronWASP
        internal static PluginResult GetPluginResultFromDB(int ID)
        {
            SQLiteConnection DB = new SQLiteConnection("data source=" + PluginResultsLogFile);
            DB.Open();
            SQLiteCommand cmd = DB.CreateCommand();
            cmd.CommandText = "SELECT HostName, Title, Plugin, Summary, Severity, Confidence, Type, UniquenessString FROM PluginResult WHERE ID=@ID LIMIT 1";
            cmd.Parameters.AddWithValue("@ID", ID);
            SQLiteDataReader result = cmd.ExecuteReader();
            PluginResult PR = new PluginResult(result["HostName"].ToString());
            PR.Id = ID;
            PR.Title = result["Title"].ToString();
            PR.Plugin = result["Plugin"].ToString();
            PR.Summary = result["Summary"].ToString();
            PR.Severity = GetSeverity(Int32.Parse(result["Severity"].ToString()));
            PR.Confidence = GetConfidence(Int32.Parse(result["Confidence"].ToString()));
            PR.ResultType = GetResultType(Int32.Parse(result["Type"].ToString()));
            PR.Signature = result["UniquenessString"].ToString();
            result.Close();
            cmd.CommandText = "SELECT RequestTrigger, RequestHeaders, RequestBody, BinaryRequest, ResponseTrigger, ResponseHeaders, ResponseBody, BinaryResponse  FROM Triggers WHERE ID=@ID";
            cmd.Parameters.AddWithValue("@ID", ID);
            result = cmd.ExecuteReader();
            while (result.Read())
            {
                string RequestTrigger = result["RequestTrigger"].ToString();
                string ResponseTrigger = result["ResponseTrigger"].ToString();

                IronLogRecord ILR = new IronLogRecord();
                ILR.RequestHeaders = result["RequestHeaders"].ToString();
                ILR.RequestBody = result["RequestBody"].ToString();
                ILR.IsRequestBinary = (result["BinaryRequest"].ToString().Equals("1"));

                ILR.ResponseHeaders = result["ResponseHeaders"].ToString();
                ILR.ResponseBody = result["ResponseBody"].ToString();
                ILR.IsResponseBinary = (result["BinaryResponse"].ToString().Equals("1"));

                Session IrSe = Session.GetIronSessionFromIronLogRecord(ILR,0);
                if (IrSe.Response != null)
                {
                    PR.Triggers.Add(RequestTrigger, IrSe.Request, ResponseTrigger, IrSe.Response);
                }
                else
                {
                    PR.Triggers.Add(RequestTrigger, IrSe.Request);
                }
            }
            result.Close();
            DB.Close();
            return PR;
        }
示例#9
0
 public void Add(PluginResult PR)
 {
     this.ResultList.Add(PR);
 }
示例#10
0
 public void Remove(PluginResult PR)
 {
     this.ResultList.Remove(PR);
 }
示例#11
0
 public void Add(PluginResult PR)
 {
     this.ResultList.Add(PR);
 }
示例#12
0
 public List <string> GetSignatureList(string Host, PluginResultType Type)
 {
     return(PluginResult.GetSignatureList(this.Name, Host, Type));
 }
示例#13
0
 public bool IsSignatureUnique(string Host, PluginResultType Type, string Signature)
 {
     return(PluginResult.IsSignatureUnique(this.Name, Host, Type, Signature));
 }