//cookieからhashtableへ
public static Hashtable makeCookieTable(string stringCookies)
{
Hashtable cookietable = new Hashtable();
if (stringCookies != null)
{
String[] splitcookie = Regex.Split(stringCookies, "(?<!expires=[^ ]{3}),", RegexOptions.IgnoreCase);
for (int i = 0; i < splitcookie.Length; ++i)
{
String[] namevalues = splitcookie[i].Split(new String[] { "; " }, StringSplitOptions.None);
CookieData cookiemake = new CookieData();
for (int t = 0; t < namevalues.Length; ++t)
{
String[] tmp = namevalues[t].Split('=');
/*
* if (tmp.Length == 1)
* {
* cookiemake.name = tmp[0];
* cookiemake.value = "";
* }
* */
if (tmp[0].ToLower() == "path")
{
cookiemake.path = tmp[1];
}
else if (tmp[0].ToLower() == "domain")
{
cookiemake.domain = tmp[1];
}
else if (tmp[0].ToLower() == "httponly")
{
cookiemake.httponly = true;
}
else if (tmp[0].ToLower() == "secure")
{
cookiemake.secure = true;
}
else if (tmp[0].ToLower() == "expires")
{
cookiemake.expires = tmp[1];
}
else
{
cookiemake.name = tmp[0];
cookiemake.value = tmp.Length > 1 ? tmp[1] : "";
cookiemake.fix = false;
}
}
cookietable[cookiemake.name] = cookiemake;
}
}
return(cookietable);
}
public bool nvEqual(CookieData a)
{
if (a == null)
{
return(false);
}
if (this.name == a.name && this.value == a.value)
{
return(true);
}
return(false);
}
//セッションっぽいものならTrueを返す
public virtual bool isSession(CookieData data)
{
if (data == null)
{
return(false);
}
if (
data.name.ToLower().IndexOf("phpsessid") != -1 ||
data.name.IndexOf("jsessionid") != -1 ||
data.name.ToLower().IndexOf("asp.net_sessionid") != -1 ||
System.Text.RegularExpressions.Regex.IsMatch(data.value, @"^[0-9abcdef]{16,}$")
)
{
return(true);
}
return(false);
}
/// <summary>
/// 実際にチェックを行うメソッド
/// </summary>
public void checkSessions()
{
//LoginURL Test
//ログイン前に振ってる物のチェック
//CheckerWebResponse firstResponse = getResponse(loginUrl, null, null);
//HomeURL Test
//ログイン前に振った物をそのまま利用してるもの
String formText = "";
foreach (KeyValuePair <string, FormInput> pair in formdata.table)
{
if (pair.Key != null && !pair.Key.Equals(""))
{
formText += Uri.EscapeDataString(pair.Key) + "=" + Uri.EscapeDataString(pair.Value.value) + "&";
}
}
formText = formText.Substring(0, formText.Length - 1);
CheckerWebResponse secondResponse = getResponse(homeUrl, formText, firstResponse.cookieContainer, loginUrl);
//セッションアダプション用
//振るタイミングは、ログイン画面を開いた後から、ログインをクリックする前までの間
CookieContainer cookieCont = copyContainer(secondResponse.cookieContainer, homeUrl);
Hashtable randomSessiontable = new Hashtable();
bool checkRand = false;
Hashtable mergeTable = new Hashtable();
foreach (DictionaryEntry dic in firstResponse.cookietable)
{
mergeTable[dic.Key] = dic.Value;
}
foreach (DictionaryEntry dic in secondResponse.cookietable)
{
mergeTable[dic.Key] = dic.Value;
}
foreach (DictionaryEntry dic in mergeTable)
{
CookieData tmp = (CookieData)dic.Value;
if (isSession(tmp))
{
checkRand = true;
Random rand = new Random();
String randst = "";
char[] randchar = new char[tmp.value.Length];
for (int i = 0; i < tmp.value.Length; ++i)
{
randst += rand.Next(9);
}
cookieCont.GetCookies(new Uri(homeUrl))[tmp.name].Value = randst;
randomSessiontable.Add(tmp.name, randst);
}
}
CheckerWebResponse secondRandomSessionResponse = null;
if (checkRand)
{
secondRandomSessionResponse = getResponse(homeUrl, formText, cookieCont, loginUrl);
}
else
{
secondRandomSessionResponse = new CheckerWebResponse();
secondRandomSessionResponse.body = null;
}
//セッションが一画面ごとに変わっていないかチェックするためのもの
CheckerWebResponse secondResponseFixedCheckResult = null;
if (secondResponse.statusCode >= 300 && secondResponse.statusCode <= 399)
{
secondResponseFixedCheckResult = getResponse(secondResponse.location, null, secondResponse.cookieContainer, loginUrl);
}
else if (getOnlyUrl != null)
{
secondResponseFixedCheckResult = getResponse(getOnlyUrl, null, secondResponse.cookieContainer, loginUrl);
}
//Check
Hashtable firstCookietable = firstResponse.cookietable;
Hashtable secondCookietable = secondResponse.cookietable;
Hashtable secondResponseFixedChecktable = null;
Hashtable secondRandomCookietable = secondRandomSessionResponse.cookietable;
//ログイン前に割り振ったセッションをそのまま利用していないかのチェック
fixChecker(firstCookietable, secondCookietable);
//ログイン後にセッションを毎回変えているかのチェック
if (secondResponseFixedCheckResult != null)
{
secondResponseFixedChecktable = secondResponseFixedCheckResult.cookietable;
fixChecker(secondCookietable, secondResponseFixedChecktable);
}
//ログイン直前に割り振られた偽セッションをそのまま利用していないかのチェック
foreach (DictionaryEntry dic in randomSessiontable)
{
String key = (String)dic.Key;
if (secondRandomCookietable.ContainsKey(key))
{
if ((String)randomSessiontable[key] == ((CookieData)secondRandomCookietable[key]).value)
{
((CookieData)secondRandomCookietable[key]).fix = true;
}
}
else
{
secondRandomCookietable.Add(key, new CookieData(key, (String)randomSessiontable[key], null, null, null, false, false));
((CookieData)secondRandomCookietable[key]).fix = true;
}
}
//レスポンス生成
CheckResult retCheck = new CheckResult();
//Set body
retCheck.firstBody = firstResponse.body;
retCheck.secondBody = secondResponse.body;
if (secondResponseFixedCheckResult != null)
{
retCheck.secondResponseFixedCheckBody = secondResponseFixedCheckResult.body;
}
retCheck.secondRandomBody = secondRandomSessionResponse.body;
//レスポンスにセット
retCheck.firstCookieCheck = firstCookietable;
retCheck.secondCookieCheck = secondCookietable;
retCheck.secondRandomCookieCheck = secondRandomCookietable;
if (secondResponseFixedCheckResult != null)
{
retCheck.secondResponseFixedCheck = secondResponseFixedChecktable;
}
checkResult = retCheck;
}
public bool nvEqual(CookieData a)
{
if (a == null)
{
return false;
}
if (this.name == a.name && this.value == a.value)
{
return true;
}
return false;
}
//セッションっぽいものならTrueを返す
public virtual bool isSession(CookieData data)
{
if (data == null)
{
return false;
}
if (
data.name.ToLower().IndexOf("phpsessid") != -1 ||
data.name.IndexOf("jsessionid") != -1 ||
data.name.ToLower().IndexOf("asp.net_sessionid") != -1 ||
System.Text.RegularExpressions.Regex.IsMatch(data.value, @"^[0-9abcdef]{16,}$")
)
{
return true;
}
return false;
}
//cookieからhashtableへ
public static Hashtable makeCookieTable(string stringCookies)
{
Hashtable cookietable = new Hashtable();
if (stringCookies != null)
{
String[] splitcookie = Regex.Split(stringCookies, "(?<!expires=[^ ]{3}),",RegexOptions.IgnoreCase);
for (int i = 0; i < splitcookie.Length; ++i)
{
String[] namevalues = splitcookie[i].Split(new String[] { "; " }, StringSplitOptions.None);
CookieData cookiemake = new CookieData();
for (int t = 0; t < namevalues.Length; ++t)
{
String[] tmp = namevalues[t].Split('=');
/*
if (tmp.Length == 1)
{
cookiemake.name = tmp[0];
cookiemake.value = "";
}
* */
if (tmp[0].ToLower() == "path")
{
cookiemake.path = tmp[1];
}
else if (tmp[0].ToLower() == "domain")
{
cookiemake.domain = tmp[1];
}
else if (tmp[0].ToLower() == "httponly")
{
cookiemake.httponly = true;
}
else if (tmp[0].ToLower() == "secure")
{
cookiemake.secure = true;
}
else if (tmp[0].ToLower() == "expires")
{
cookiemake.expires = tmp[1];
}
else
{
cookiemake.name = tmp[0];
cookiemake.value = tmp.Length > 1 ? tmp[1] : "";
cookiemake.fix = false;
}
}
cookietable[cookiemake.name] = cookiemake;
}
}
return cookietable;
}
