internal static void Start()
{
if (!EventHandlersAssigned)
{
Fiddler.FiddlerApplication.AfterSessionComplete += delegate(Fiddler.Session Sess)
{
IronProxy.AfterSessionComplete(Sess);
};
Fiddler.FiddlerApplication.BeforeRequest += delegate(Fiddler.Session Sess)
{
IronProxy.BeforeRequest(Sess);
};
Fiddler.FiddlerApplication.BeforeResponse += delegate(Fiddler.Session Sess)
{
IronProxy.BeforeResponse(Sess);
};
Fiddler.FiddlerApplication.OverrideServerCertificateValidation += delegate(Fiddler.Session Sess, string sExpectedCN, X509Certificate ServerCertificate, X509Chain ServerCertificateChain, SslPolicyErrors sslPolicyErrors, out bool bTreatCertificateAsValid)
{
string SSLError = sslPolicyErrors.ToString();
if (!SSLError.Equals("None"))
{
PluginResult PR = new PluginResult(Sess.host);
PR.Plugin = "Internal SSL Checker";
PR.Severity = PluginResultSeverity.Medium;
PR.Confidence = PluginResultConfidence.High;
PR.Title = string.Format("SSL Certificate Error for {0}:{1} ", new object[]{Sess.host, Sess.port.ToString()});
PR.Summary = string.Format("The remote server running Host: {0} and Port: {1} returned an invalid SSL certificate.<i<br>> <i<h>>Error:<i</h>> {2}. <i<br>> <i<h>>Certificate Details:<i</h>> {3}", new object[] { Sess.host, Sess.port.ToString() , sslPolicyErrors.ToString(), ServerCertificate.Subject });
PR.Signature = string.Format("SSLCertificateChecker|{0}|{1}|{2}", new object[] { Sess.host, Sess.port.ToString(), sslPolicyErrors.ToString() });
IronUpdater.AddPluginResult(PR);
bTreatCertificateAsValid = false;
Sess.oFlags.Add("IronFlag-SslError", "Yes");
return false;
}
else
{
bTreatCertificateAsValid = true;
return true;
}
};
Fiddler.FiddlerApplication.OnNotification += delegate(object Sender, Fiddler.NotificationEventArgs Args)
{
if (Args.NotifyString.Contains("Unable to bind to port"))
{
IronProxy.Stop();
IronException.Report("Proxy could not be stared", "Listening Proxy could not be started. Likely reason could be the use of the port by another process","");
IronUI.ShowProxyStoppedError("Proxy Not Started! All features depend on the proxy, start proxy to activate them.");
}
};
EventHandlersAssigned = true;
}
Fiddler.CONFIG.IgnoreServerCertErrors = true;
IronUI.UpdateProxyStatusInConfigPanel(true);
if (IronProxy.LoopBackOnly)
{
Fiddler.FiddlerApplication.Startup(IronProxy.Port, Fiddler.FiddlerCoreStartupFlags.DecryptSSL);
}
else
{
Fiddler.FiddlerApplication.Startup(IronProxy.Port, Fiddler.FiddlerCoreStartupFlags.DecryptSSL | Fiddler.FiddlerCoreStartupFlags.AllowRemoteClients);
}
}
public void AddResult(PluginResult PR)
{
this.PRs.Add(PR);
PR.Plugin = this.ActivePluginName;
IronUpdater.AddPluginResult(PR);
}
internal static void AddPluginResult(PluginResult PR)
{
if (PR != null)
{
lock (PluginResultQ)
{
PluginResultQ.Enqueue(PR);
}
}
}
public void AddResult(PluginResult PR)
{
this.PRs.Add(PR);
PR.Plugin = this.ActivePluginName;
PR.Report();
}
internal static List<PluginResult> GetPluginResultsLogRecords(int StartID)
{
List<PluginResult> PluginResultsLogRecords = new List<PluginResult>();
SQLiteConnection DB = new SQLiteConnection("data source=" + PluginResultsLogFile);
DB.Open();
SQLiteCommand cmd = DB.CreateCommand();
cmd.CommandText = "SELECT ID, HostName, Title, Plugin, UniquenessString, Severity, Confidence, Type FROM PluginResult WHERE ID > @StartID LIMIT 1000";
cmd.Parameters.AddWithValue("@StartID", StartID);
SQLiteDataReader result = cmd.ExecuteReader();
while (result.Read())
{
PluginResult PR = new PluginResult(result["HostName"].ToString());
PR.Id = Int32.Parse(result["ID"].ToString());
PR.Title = result["Title"].ToString();
PR.Plugin = result["Plugin"].ToString();
PR.AffectedHost = result["HostName"].ToString();
PR.Severity = GetSeverity(Int32.Parse(result["Severity"].ToString()));
PR.Confidence = GetConfidence(Int32.Parse(result["Confidence"].ToString()));
PR.ResultType = GetResultType(Int32.Parse(result["Type"].ToString()));
PR.Signature = result["UniquenessString"].ToString();
PluginResultsLogRecords.Add(PR);
}
result.Close();
DB.Close();
return PluginResultsLogRecords;
}
internal static void UpdateResultsTab(PluginResult PR)
{
if (UI.ResultsDisplayRTB.InvokeRequired)
{
UpdateResultsTab_d URT_d = new UpdateResultsTab_d(UpdateResultsTab);
UI.Invoke(URT_d, new object[] { PR });
}
else
{
ResetPluginResultsTab();
StringBuilder SB = new StringBuilder(@"{\rtf1{\colortbl ;\red0\green77\blue187;\red247\green150\blue70;\red255\green0\blue0;\red0\green200\blue50;}");
SB.Append(@" \b \fs30"); SB.Append(Tools.RtfSafe(PR.Title)); SB.Append(@"\b0 \fs20 \par \par");
SB.Append(@" \cf1 \b ID: \b0 \cf0 "); SB.AppendLine(Tools.RtfSafe(PR.Id.ToString())); SB.Append(@" \par");
SB.Append(@" \cf1 \b Plugin: \b0 \cf0 "); SB.AppendLine(Tools.RtfSafe(PR.Plugin)); SB.Append(@" \par");
if (PR.ResultType == PluginResultType.Vulnerability)
{
SB.Append(@" \cf1 \b Severity: \b0 \cf0 "); SB.AppendLine(Tools.RtfSafe(PR.Severity.ToString())); SB.Append(@" \par");
SB.Append(@" \cf1 \b Confidence: \b0 \cf0 "); SB.AppendLine(Tools.RtfSafe(PR.Confidence.ToString())); SB.Append(@" \par");
}
SB.Append(@" \par");
SB.Append(@" \cf1 \b Summary: \b0 \cf0 \par ");
SB.AppendLine(Tools.RtfSafe(PR.Summary));
SB.Append(@" \par \par");
UI.ResultsDisplayRTB.Rtf = SB.ToString();
for (int i=0; i < PR.Triggers.GetTriggers().Count; i++ )
{
UI.ResultsTriggersGrid.Rows.Add(new object[] { (i + 1).ToString() });
}
if (UI.ResultsTriggersGrid.Rows.Count > 0)
{
UI.ResultsTriggersGrid.Rows[0].Selected = true;
DisplayPluginResultsTrigger(0);
}
if (!UI.main_tab.SelectedTab.Name.Equals("mt_results")) UI.main_tab.SelectTab("mt_results");
}
}
public void Remove(PluginResult PR)
{
this.ResultList.Remove(PR);
}
internal static PluginResult GetPluginResultFromDB(int ID)
{
SQLiteConnection DB = new SQLiteConnection("data source=" + PluginResultsLogFile);
DB.Open();
SQLiteCommand cmd = DB.CreateCommand();
cmd.CommandText = "SELECT HostName, Title, Plugin, Summary, Severity, Confidence, Type, UniquenessString FROM PluginResult WHERE ID=@ID LIMIT 1";
cmd.Parameters.AddWithValue("@ID", ID);
SQLiteDataReader result = cmd.ExecuteReader();
PluginResult PR = new PluginResult(result["HostName"].ToString());
PR.Id = ID;
PR.Title = result["Title"].ToString();
PR.Plugin = result["Plugin"].ToString();
PR.Summary = result["Summary"].ToString();
PR.Severity = GetSeverity(Int32.Parse(result["Severity"].ToString()));
PR.Confidence = GetConfidence(Int32.Parse(result["Confidence"].ToString()));
PR.ResultType = GetResultType(Int32.Parse(result["Type"].ToString()));
PR.Signature = result["UniquenessString"].ToString();
result.Close();
cmd.CommandText = "SELECT RequestTrigger, RequestHeaders, RequestBody, BinaryRequest, ResponseTrigger, ResponseHeaders, ResponseBody, BinaryResponse FROM Triggers WHERE ID=@ID";
cmd.Parameters.AddWithValue("@ID", ID);
result = cmd.ExecuteReader();
while (result.Read())
{
string RequestTrigger = result["RequestTrigger"].ToString();
string ResponseTrigger = result["ResponseTrigger"].ToString();
IronLogRecord ILR = new IronLogRecord();
ILR.RequestHeaders = result["RequestHeaders"].ToString();
ILR.RequestBody = result["RequestBody"].ToString();
ILR.IsRequestBinary = (result["BinaryRequest"].ToString().Equals("1"));
ILR.ResponseHeaders = result["ResponseHeaders"].ToString();
ILR.ResponseBody = result["ResponseBody"].ToString();
ILR.IsResponseBinary = (result["BinaryResponse"].ToString().Equals("1"));
Session IrSe = Session.GetIronSessionFromIronLogRecord(ILR,0);
if (IrSe.Response != null)
{
PR.Triggers.Add(RequestTrigger, IrSe.Request, ResponseTrigger, IrSe.Response);
}
else
{
PR.Triggers.Add(RequestTrigger, IrSe.Request);
}
}
result.Close();
DB.Close();
return PR;
}
public void Add(PluginResult PR)
{
this.ResultList.Add(PR);
}
public void Remove(PluginResult PR)
{
this.ResultList.Remove(PR);
}
public void Add(PluginResult PR)
{
this.ResultList.Add(PR);
}
public List <string> GetSignatureList(string Host, PluginResultType Type)
{
return(PluginResult.GetSignatureList(this.Name, Host, Type));
}
public bool IsSignatureUnique(string Host, PluginResultType Type, string Signature)
{
return(PluginResult.IsSignatureUnique(this.Name, Host, Type, Signature));
}