static void DownloadIronWASPFile(string FileName, string PseudoName) { Request IronWASPFileFetchReq = new Request(IronWASPDownloadBaseUrl + PseudoName); IronWASPFileFetchReq.Source = RequestSource.Stealth; Response IronWASPFileFetchRes = IronWASPFileFetchReq.Send(); if (!IronWASPFileFetchRes.IsSslValid) { throw new Exception("Invalid SSL Certificate provided by the server"); } if (IronWASPFileFetchRes.Code != 200) { throw new Exception("Downloading updated IronWASP version failed"); } if (FileName.Equals("Updater.exe")) { try { File.Delete(Config.Path + "\\Updater.exe"); } catch { } IronWASPFileFetchRes.SaveBody(Config.Path + "\\Updater.exe"); } else { IronWASPFileFetchRes.SaveBody(Config.Path + "\\updates\\ironwasp\\" + FileName); } NewUpdateAvailable = true; }
public Response Follow(Response Res) { Request RedirectReq = GetRedirect(Res); if (RedirectReq == null) { return(Res); } else { return(RedirectReq.Send()); } }
void CheckTargetConnectivity() { try { BaseRequest.Source = RequestSource.Probe; Response Res = BaseRequest.Send(); this.ConnectivityCheckEnd(true); } catch (Exception Exp) { IronUI.ShowConsoleStatus(string.Format("Url is not reachable. Error: {0}", Exp.Message), true); this.ConnectivityCheckEnd(false); } }
static void StartCheck() { try { Request PluginManifestReq = new Request(PluginManifestUrl); PluginManifestReq.Source = RequestSource.Stealth; PluginManifestReq.Headers.Set("User-Agent", "IronWASP v" + CurrentVersion); Response PluginManifestRes = PluginManifestReq.Send(); if (!PluginManifestRes.IsSslValid) { throw new Exception("Invalid SSL Certificate provided by the server"); } PluginManifestFile = PluginManifestRes.BodyString; Request IronWASPManifestReq = new Request(IronWASPManifestUrl); IronWASPManifestReq.Source = RequestSource.Stealth; IronWASPManifestReq.Headers.Set("User-Agent", "IronWASP v" + CurrentVersion); Response IronWASPManifestRes = IronWASPManifestReq.Send(); if (!IronWASPManifestRes.IsSslValid) { throw new Exception("Invalid SSL Certificate provided by the server"); } IronWASPManifestFile = IronWASPManifestRes.BodyString; SetUpUpdateDirs(); GetNewPlugins(); GetNewIronWASP(); if (NewUpdateAvailable) { try { Tools.Run(Config.RootDir + "/" + "Updater.exe"); } catch (Exception Exp) { IronException.Report("Unable to Open IronWASP Updater", Exp); } } } catch (ThreadAbortException) { } catch (Exception Exp) { IronException.Report("Software Update Failed", Exp); } }
static void DownloadPlugin(string PluginType, string FileName, string PseudoName) { Request PluginFetchReq = new Request(PluginDownloadBaseUrl + PluginType + "/" + PseudoName); PluginFetchReq.Source = RequestSource.Stealth; Response PluginFetchRes = PluginFetchReq.Send(); if (!PluginFetchRes.IsSslValid) { throw new Exception("Invalid SSL Certificate provided by the server"); } if (PluginFetchRes.Code != 200) { throw new Exception("Downloading updated plugins failed"); } try { PluginFetchRes.SaveBody(Config.Path + "\\updates\\plugins\\" + PluginType + "\\" + FileName); NewUpdateAvailable = true; } catch (Exception Exp) { IronException.Report(string.Format("Error Downloading Plugin: {0} - {1} - {2}", PluginType, FileName, PseudoName), Exp); } }
public Response Inject(Request RequestToInject) { RequestToInject.Source = RequestSource.Scan; RequestToInject.ScanID = this.ScanID; Response ResponseFromInjection = RequestToInject.Send(); return SessionHandler.GetInterestingResponse(RequestToInject, ResponseFromInjection); }
static void StartCheck() { try { Request IronWASPManifestReq = new Request(IronWASPManifestUrl); IronWASPManifestReq.Source = RequestSource.Stealth; IronWASPManifestReq.Headers.Set("User-Agent", "IronWASP v" + CurrentVersion); Response IronWASPManifestRes = IronWASPManifestReq.Send(); if (!IronWASPManifestRes.IsSslValid) { throw new Exception("Invalid SSL Certificate provided by the server"); } IronWASPManifestFile = IronWASPManifestRes.BodyString; Request ModulesDbReq = new Request(ModulesDbUrl); ModulesDbReq.Source = RequestSource.Stealth; ModulesDbReq.Headers.Set("User-Agent", "IronWASP v" + CurrentVersion); Response ModulesDbRes = ModulesDbReq.Send(); if (!ModulesDbRes.IsSslValid) { throw new Exception("Invalid SSL Certificate provided by the server"); } //The ASCII conversion and substring is done to remove the unicode characters introduced at the beginning of the xml. Must find out why this happens. ModulesDbFile = Encoding.ASCII.GetString(ModulesDbRes.BodyArray); ModulesDbFile = ModulesDbFile.Substring(ModulesDbFile.IndexOf('<')); Request PluginManifestReq = new Request(PluginManifestUrl); PluginManifestReq.Source = RequestSource.Stealth; PluginManifestReq.Headers.Set("User-Agent", "IronWASP v" + CurrentVersion); Response PluginManifestRes = PluginManifestReq.Send(); if (!PluginManifestRes.IsSslValid) { throw new Exception("Invalid SSL Certificate provided by the server"); } PluginManifestFile = PluginManifestRes.BodyString; Request ModuleManifestReq = new Request(ModuleManifestUrl); ModuleManifestReq.Source = RequestSource.Stealth; ModuleManifestReq.Headers.Set("User-Agent", "IronWASP v" + CurrentVersion); Response ModuleManifestRes = ModuleManifestReq.Send(); if (!ModuleManifestRes.IsSslValid) { throw new Exception("Invalid SSL Certificate provided by the server"); } ModuleManifestFile = ModuleManifestRes.BodyString; SetUpUpdateDirs(); GetNewIronWASP(); GetNewModulesDb(); GetNewPlugins(); GetNewModules(); if (NewUpdateAvailable) { try { Tools.Run(string.Format("{0}\\Updater.exe", Config.RootDir)); } catch (Exception Exp) { IronException.Report("Unable to Open IronWASP Updater", Exp); } } } catch (ThreadAbortException) { } catch (Exception Exp) { IronException.Report("Software Update Failed", Exp); } }
bool IsA404(Request Req, Response Res) { Response NotFoundResponse = null; lock (NotFoundSignatures) { if (NotFoundSignatures.ContainsKey(Req.SSL.ToString() + Req.Host + Req.UrlDir + Req.File)) { NotFoundResponse = NotFoundSignatures[Req.SSL.ToString() + Req.Host + Req.UrlDir + Req.File]; } } if (NotFoundResponse == null) { Request NotFoundGetter = Req.GetClone(); NotFoundGetter.Method = "GET"; NotFoundGetter.Body.RemoveAll(); if (Req.File.Length > 0) { NotFoundGetter.Url = NotFoundGetter.UrlDir + "should_not_xist_" + Tools.GetRandomString(10, 15) + "." + Req.File; } else { NotFoundGetter.Url = NotFoundGetter.UrlDir + "should_not_xist_" + Tools.GetRandomString(10, 15); } NotFoundResponse = NotFoundGetter.Send(); if (Stopped) { return(true); } NotFoundResponse.BodyString = ""; List <string> HeaderNames = NotFoundResponse.Headers.GetNames(); foreach (string HeaderName in HeaderNames) { if (!HeaderName.Equals("Location")) { NotFoundResponse.Headers.Remove(HeaderName); } } NotFoundResponse.Flags.Add("Url", NotFoundGetter.Url); lock (NotFoundSignatures) { if (!NotFoundSignatures.ContainsKey(Req.SSL.ToString() + Req.Host + Req.UrlDir + Req.File)) { NotFoundSignatures.Add(Req.SSL.ToString() + Req.Host + Req.UrlDir + Req.File, NotFoundResponse); } } } if (Res.Code == 200 && NotFoundResponse.Code != 200) { return(false); } if (Res.Code == 404) { return(true); } if (Res.Code > 400) { if (NotFoundResponse.Code == Res.Code) { return(true); } else { return(false); } } string NotFoundGetterUrl = NotFoundResponse.Flags["Url"].ToString(); if (Res.Code == 301 || Res.Code == 302 || Res.Code == 303 || Res.Code == 307) { string RedirectedUrl = Res.Headers.Get("Location"); if (NotFoundResponse.Code == 301 || NotFoundResponse.Code == 302 || NotFoundResponse.Code == 303 || NotFoundResponse.Code == 307) { string NotFoundRedirectedUrl = NotFoundResponse.Headers.Get("Location"); if (RedirectedUrl.ToLower().Equals(NotFoundRedirectedUrl.ToLower())) { return(true); } else if (Regex.IsMatch(RedirectedUrl, @".*not\Wfound.*", RegexOptions.IgnoreCase)) { return(true); } else if (NotFoundRedirectedUrl.Replace(NotFoundGetterUrl, "").Equals(RedirectedUrl.Replace(Req.Url, ""))) { return(true); } else { Request RedirectedLocationReq; if (RedirectedUrl.StartsWith("http://") || RedirectedUrl.StartsWith("https://")) { RedirectedLocationReq = new Request(RedirectedUrl); } else if (RedirectedUrl.StartsWith("/")) { RedirectedLocationReq = Req.GetClone(); RedirectedLocationReq.Url = RedirectedUrl; } else { return(true); } Request NotFoundRedirectedLocationReq; if (NotFoundRedirectedUrl.StartsWith("http://") || NotFoundRedirectedUrl.StartsWith("https://")) { NotFoundRedirectedLocationReq = new Request(NotFoundRedirectedUrl); } else if (NotFoundRedirectedUrl.StartsWith("/")) { NotFoundRedirectedLocationReq = Req.GetClone(); NotFoundRedirectedLocationReq.Url = NotFoundRedirectedUrl; } else { return(false); } if (RedirectedLocationReq.Url.Equals(NotFoundRedirectedLocationReq.Url)) { return(true); } } } else { return(false); } } return(false); }
void Crawl(Request Req, int Depth, bool Scraped) { if (Stopped) { return; } if (Depth > MaxDepth) { return; } if (WasCrawled(Req)) { return; } if (!CanCrawl(Req)) { return; } lock (PageSignatures) { PageSignatures.Add(GetPageSignature(Req)); } Req.Source = RequestSource.Probe; Req.SetCookie(Cookies); if (UserAgent.Length > 0) { Req.Headers.Set("User-Agent", UserAgent); } if (SpecialHeader[0] != null) { Req.Headers.Set(SpecialHeader[0], SpecialHeader[1]); } if (Stopped) { return; } Response Res = Req.Send(); if (Stopped) { return; } Cookies.Add(Req, Res); bool Is404File = IsA404(Req, Res); if (!Res.IsHtml) { return; } if (Depth + 1 > MaxDepth) { return; } List <Request> Redirects = GetRedirects(Req, Res); foreach (Request Redirect in Redirects) { AddToCrawlQueue(Redirect, Depth + 1, true); } List <Request> LinkClicks = GetLinkClicks(Req, Res); foreach (Request LinkClick in LinkClicks) { AddToCrawlQueue(LinkClick, Depth + 1, true); } List <Request> FormSubmissions = GetFormSubmissions(Req, Res); foreach (Request FormSubmission in FormSubmissions) { AddToCrawlQueue(FormSubmission, Depth + 1, true); } Request DirCheck = Req.GetClone(); DirCheck.Method = "GET"; DirCheck.Body.RemoveAll(); DirCheck.Url = DirCheck.UrlDir; if (!Req.Url.EndsWith("/")) { AddToCrawlQueue(DirCheck, Depth + 1, false); } if (PerformDirAndFileGuessing && !Is404File) { foreach (string File in FileNamesToCheck) { Request FileCheck = DirCheck.GetClone(); FileCheck.Url = FileCheck.Url + File; AddToCrawlQueue(FileCheck, Depth + 1, false); } foreach (string Dir in DirNamesToCheck) { Request DirectoryCheck = DirCheck.GetClone(); DirectoryCheck.Url = DirectoryCheck.Url + Dir + "/"; AddToCrawlQueue(DirectoryCheck, Depth + 1, false); } } if (Stopped) { return; } if (Scraped || !Is404File) { lock (CrawledRequests) { CrawledRequests.Enqueue(Req); } IronUpdater.AddToSiteMap(Req); } }
Response SendRequest(Request Req) { if(SessionHandler != null && SessionHandler.Name.Length > 0) Req = SessionHandler.DoBeforeSending(Req, null); Req.SetSource(TesterLogSourceAttributeValue); return Req.Send(); }
void Crawl(Request Req, int Depth, bool Scraped) { if (Stopped) return; if (Depth > MaxDepth) return; if (WasCrawled(Req)) return; if (!CanCrawl(Req)) return; lock (PageSignatures) { PageSignatures.Add(GetPageSignature(Req)); } Req.Source = RequestSource.Probe; Req.SetCookie(Cookies); if (UserAgent.Length > 0) Req.Headers.Set("User-Agent", UserAgent); Response Res = Req.Send(); Cookies.Add(Req, Res); bool Is404File = IsA404(Req, Res); if (!Res.IsHtml) { try { Res.ProcessHtml(); } catch { return; } } if (Depth + 1 > MaxDepth) return; List<Request> LinkClicks = GetLinkClicks(Req, Res); foreach (Request LinkClick in LinkClicks) { AddToCrawlQueue(LinkClick, Depth + 1, true); } List<Request> FormSubmissions = GetFormSubmissionRequests(Req, Res); foreach (Request FormSubmission in FormSubmissions) { AddToCrawlQueue(FormSubmission, Depth + 1, true); } Request DirCheck = Req.GetClone(); DirCheck.Method = "GET"; DirCheck.Body.RemoveAll(); DirCheck.Url = DirCheck.UrlDir; if (!Req.Url.EndsWith("/")) { AddToCrawlQueue(DirCheck, Depth + 1, false); } if (PerformDirAndFileGuessing && !Is404File) { foreach (string File in FileNamesToCheck) { Request FileCheck = DirCheck.GetClone(); FileCheck.Url = FileCheck.Url + File; AddToCrawlQueue(FileCheck, Depth + 1, false); } foreach (string Dir in DirNamesToCheck) { Request DirectoryCheck = DirCheck.GetClone(); DirectoryCheck.Url = DirectoryCheck.Url + Dir + "/"; AddToCrawlQueue(DirectoryCheck, Depth + 1, false); } } if (Scraped || !Is404File) { lock (CrawledRequests) { CrawledRequests.Enqueue(Req); } IronUpdater.AddToSiteMap(Req); } }
static void StartCheck() { try { Request IronWASPManifestReq = new Request(IronWASPManifestUrl); IronWASPManifestReq.Source = RequestSource.Stealth; IronWASPManifestReq.Headers.Set("User-Agent", "IronWASP v" + CurrentVersion); Response IronWASPManifestRes = IronWASPManifestReq.Send(); if (!IronWASPManifestRes.IsSslValid) { throw new Exception("Invalid SSL Certificate provided by the server"); } IronWASPManifestFile = IronWASPManifestRes.BodyString; Request ModulesDbReq = new Request(ModulesDbUrl); ModulesDbReq.Source = RequestSource.Stealth; ModulesDbReq.Headers.Set("User-Agent", "IronWASP v" + CurrentVersion); Response ModulesDbRes = ModulesDbReq.Send(); if (!ModulesDbRes.IsSslValid) { throw new Exception("Invalid SSL Certificate provided by the server"); } //The ASCII conversion and substring is done to remove the unicode characters introduced at the beginning of the xml. Must find out why this happens. ModulesDbFile = Encoding.ASCII.GetString(ModulesDbRes.BodyArray); ModulesDbFile = ModulesDbFile.Substring(ModulesDbFile.IndexOf('<')); Request PluginManifestReq = new Request(PluginManifestUrl); PluginManifestReq.Source = RequestSource.Stealth; PluginManifestReq.Headers.Set("User-Agent","IronWASP v" + CurrentVersion); Response PluginManifestRes = PluginManifestReq.Send(); if (!PluginManifestRes.IsSslValid) { throw new Exception("Invalid SSL Certificate provided by the server"); } PluginManifestFile = PluginManifestRes.BodyString; Request ModuleManifestReq = new Request(ModuleManifestUrl); ModuleManifestReq.Source = RequestSource.Stealth; ModuleManifestReq.Headers.Set("User-Agent", "IronWASP v" + CurrentVersion); Response ModuleManifestRes = ModuleManifestReq.Send(); if (!ModuleManifestRes.IsSslValid) { throw new Exception("Invalid SSL Certificate provided by the server"); } ModuleManifestFile = ModuleManifestRes.BodyString; SetUpUpdateDirs(); GetNewIronWASP(); GetNewModulesDb(); GetNewPlugins(); GetNewModules(); if (NewUpdateAvailable) { try { Tools.Run(string.Format("{0}\\Updater.exe", Config.RootDir)); } catch (Exception Exp) { IronException.Report("Unable to Open IronWASP Updater", Exp); } } } catch(ThreadAbortException) { } catch(Exception Exp) { IronException.Report("Software Update Failed", Exp); } }
static void DownloadModule(string ModuleName, string PseudoName) { Request ModuleFetchReq = new Request(ModuleDownloadBaseUrl + "/" + PseudoName); ModuleFetchReq.Source = RequestSource.Stealth; Response ModuleFetchRes = ModuleFetchReq.Send(); if (!ModuleFetchRes.IsSslValid) { throw new Exception("Invalid SSL Certificate provided by the server"); } if (ModuleFetchRes.Code != 200) { throw new Exception("Downloading updated modules failed"); } try { ModuleFetchRes.SaveBody(Config.Path + "\\updates\\modules\\" + ModuleName + ".zip"); using (ZipFile ZF = ZipFile.Read(Config.Path + "\\updates\\modules\\" + ModuleName + ".zip")) { ZF.ExtractAll(Config.Path + "\\updates\\modules\\"); } NewUpdateAvailable = true; } catch (Exception Exp) { IronException.Report(string.Format("Error Downloading Module: {0} - {1} ", ModuleName, PseudoName), Exp); } }
static void StartCheck() { try { Request PluginManifestReq = new Request(PluginManifestUrl); PluginManifestReq.Source = RequestSource.Stealth; PluginManifestReq.Headers.Set("User-Agent","IronWASP v" + CurrentVersion); Response PluginManifestRes = PluginManifestReq.Send(); if (!PluginManifestRes.IsSslValid) { throw new Exception("Invalid SSL Certificate provided by the server"); } PluginManifestFile = PluginManifestRes.BodyString; Request IronWASPManifestReq = new Request(IronWASPManifestUrl); IronWASPManifestReq.Source = RequestSource.Stealth; IronWASPManifestReq.Headers.Set("User-Agent", "IronWASP v" + CurrentVersion); Response IronWASPManifestRes = IronWASPManifestReq.Send(); if (!IronWASPManifestRes.IsSslValid) { throw new Exception("Invalid SSL Certificate provided by the server"); } IronWASPManifestFile = IronWASPManifestRes.BodyString; SetUpUpdateDirs(); GetNewPlugins(); GetNewIronWASP(); if (NewUpdateAvailable) { try { Tools.Run(Config.RootDir + "/" + "Updater.exe"); } catch (Exception Exp) { IronException.Report("Unable to Open IronWASP Updater", Exp); } } } catch(ThreadAbortException) { } catch(Exception Exp) { IronException.Report("Software Update Failed", Exp); } }