public static string CreateRegexFromChar(UAUnicodeChar c) { return(UnicodeTestCase.CreateRegexFromList(new List <UAUnicodeChar>() { c })); }
public string CreateTargetRepresentationsRegex() { List <UAUnicodeChar> list = new List <UAUnicodeChar>(); list.Add(this.Target); return(UnicodeTestCase.CreateRegexFromList(list)); }
private Transformation DeduceTransformation(string context, UnicodeTestCase tc, string canary) { //If the or clause is hit that also means that encoding occured.. we might want to display that info //at some point.. *Shrug* if (context.Contains(canary + tc.SourcePoint.Chr)) { return(Transformation.None); } else if (DoesRegexMatch(context, tc.CreateSourceRepresentationsRegex(), canary)) { return(Transformation.Encoded); } else if (tc.Target != null && context.Contains(canary + tc.Target.Chr)) { return(Transformation.Transformed); } else if (tc.Target != null && DoesRegexMatch(context, tc.CreateTargetRepresentationsRegex(), canary)) { //Should this be Normalization (Now transformation of some kind happend with encoding). return(Transformation.Transformed | Transformation.Encoded); } //Was replaced by the UNICODE and other Suggested REplacement Chars Such as ; ? 0xFFFD etc. foreach (UAUnicodeChar ch in UnicodeTestCase.GetReplacementCharList()) { if (context.Contains(canary + ch.Chr)) { return(Transformation.Replacement); } } foreach (UAUnicodeChar ch in UnicodeTestCase.GetReplacementCharList()) { if (DoesRegexMatch(context, UnicodeTestCase.CreateRegexFromChar(ch), canary)) { return(Transformation.Replacement | Transformation.Encoded); } } return(Transformation.Unknown); }
/// <summary> /// This method is where result "confidence" is calculated. A list of all the occurences of the "canary" should be passed in. /// </summary> /// <param name="s">Session object with request/response</param> /// <param name="matches">These are the canary matches..</param> /// <param name="lookAheadFromMatchLoc"></param> /// <returns></returns> public List <ResponseResult> CalcResults(Session s, MatchCollection matches, UnicodeTestCases mappings, string canary, int lookAheadFromMatchLoc) { List <ResponseResult> ret = new List <ResponseResult>(); //BUGBUG: Chris says he's getting an exception because the unicode char is not being associated with the session.. if (s.Chr == null) { return(ret); } foreach (ResponseHeaderMatch hMatch in matches.GetMatchesInHeaders()) { ResponseResult rr = new ResponseResult(hMatch); //Get the match context in each header. Multipule headers could have the same key.. so //a list is returned that contains each "string value" to a given key. Each element representing a different //value for the same key. foreach (string headerValue in s.Response.Headers[hMatch.HeaderName]) { int forwardDif = 0; int offset = hMatch.Offset + hMatch.Token.TokenLength + lookAheadFromMatchLoc; if (offset > headerValue.Length) { forwardDif = offset - headerValue.Length; } string context = headerValue.Substring(hMatch.Offset - 4, hMatch.Token.TokenLength + lookAheadFromMatchLoc - forwardDif); UnicodeTestCase mapping = mappings.GetMappingFromSourceCodePoint(s.Chr.CodePoint); // At this point i have the context of the "canary" + 5 chars ahead.. this is where logic can be introduced // to determine "the type of match" rr.Chr = mapping.SourcePoint; rr.Transformation = this.DeduceTransformation(context, mapping, canary); rr.Context = context; rr.TestCase = mapping; //Add to result list System.Diagnostics.Debug.Write(s.Fsession.fullUrl); ret.Add(rr); } } //This will change.. the response should be responsible for returning bytes based off detected encoding.. //That logic will be moved into the Response class at a later point. string body = Encoding.UTF8.GetString(s.Response.BodyBytes); //Now we find matches in the body.. foreach (BodyMatch bMatch in matches.GetMatchesInBody()) { ResponseResult rr = new ResponseResult(bMatch); //Get the match context. int dif = 0; int offset = bMatch.Offset + lookAheadFromMatchLoc + bMatch.Token.TokenLength; if (offset > body.Length) { dif = offset - body.Length; } string context = body.Substring(bMatch.Offset - 4, bMatch.Token.TokenLength + lookAheadFromMatchLoc - dif); UnicodeTestCase mapping = mappings.GetMappingFromSourceCodePoint(s.Chr.CodePoint); rr.Context = context; rr.Chr = mapping.SourcePoint; rr.Transformation = this.DeduceTransformation(context, mapping, canary); rr.TestCase = mapping; //System.Diagnostics.Debug.Write(s.Fsession.fullUrl); ret.Add(rr); } //Add to result list. return(ret); }
private Transformation DeduceTransformation(string context, UnicodeTestCase tc, string canary) { //If the or clause is hit that also means that encoding occured.. we might want to display that info //at some point.. *Shrug* if (context.Contains(canary + tc.SourcePoint.Chr)){ return Transformation.None; }else if(DoesRegexMatch(context, tc.CreateSourceRepresentationsRegex(), canary)){ return Transformation.Encoded; }else if (tc.Target != null && context.Contains(canary + tc.Target.Chr)){ return Transformation.Transformed; }else if(tc.Target != null && DoesRegexMatch(context, tc.CreateTargetRepresentationsRegex(), canary)){ //Should this be Normalization (Now transformation of some kind happend with encoding). return Transformation.Transformed | Transformation.Encoded; } //Was replaced by the UNICODE and other Suggested REplacement Chars Such as ; ? 0xFFFD etc. foreach( UAUnicodeChar ch in UnicodeTestCase.GetReplacementCharList()){ if (context.Contains(canary + ch.Chr)) { return Transformation.Replacement; } } foreach (UAUnicodeChar ch in UnicodeTestCase.GetReplacementCharList()) { if (DoesRegexMatch(context, UnicodeTestCase.CreateRegexFromChar(ch), canary)) { return Transformation.Replacement | Transformation.Encoded; } } return Transformation.Unknown; }