示例#1
0
        //Test script injection
        //Insert script to read the Browser URL and send it back to proxy
        public void OnResponse(object sender, SessionEventArgs e)
        {
            try
            {

                if (e.ProxyRequest.Method == "GET" || e.ProxyRequest.Method == "POST")
                {
                    if (e.ServerResponse.StatusCode == HttpStatusCode.OK)
                    {
                        if (e.ServerResponse.ContentType.Trim().ToLower().Contains("text/html"))
                        {
                            string c = e.ServerResponse.GetResponseHeader("X-Requested-With");
                            if (e.ServerResponse.GetResponseHeader("X-Requested-With") == "")
                            {
                                e.GetResponseBody();

                                string functioname = "fr" + RandomString(10);
                                string VisitedURL = RandomString(5);

                                string RequestVariable = "c" + RandomString(5);
                                string RandomURLEnding = RandomString(25);
                                string RandomLastRequest = RandomString(10);
                                string LocalRequest;

                                if (e.IsSecure)
                                    LocalRequest = "https://" + e.Hostname + "/" + RandomURLEnding;
                                else
                                    LocalRequest = "http://" + e.Hostname + "/" + RandomURLEnding;

                                string script = "var " + RandomLastRequest + " = null;" +
                                 "if(window.top==self) { " + "\n" +
                                  " " + functioname + "();" +
                                 "setInterval(" + functioname + ",500); " + "\n" + "}" +
                                 "function " + functioname + "(){ " + "\n" +
                                 "var " + RequestVariable + " = new XMLHttpRequest(); " + "\n" +
                                 "var " + VisitedURL + " = null;" + "\n" +
                                 "if(window.top.location.href!=null) " + "\n" +
                                 "" + VisitedURL + " = window.top.location.href; else " + "\n" +
                                "" + VisitedURL + " = document.referrer; " +
                                "if(" + RandomLastRequest + "!= " + VisitedURL + ") {" +
                                 RequestVariable + ".open(\"POST\",\"" + LocalRequest + "\", true); " + "\n" +
                                 RequestVariable + ".send(" + VisitedURL + ");} " + RandomLastRequest + " = " + VisitedURL + "}";

                                string response = e.ResponseString;
                                Regex RE = new Regex("</body>", RegexOptions.RightToLeft | RegexOptions.IgnoreCase | RegexOptions.Multiline);

                                string replaced = RE.Replace(response, "<script type =\"text/javascript\">" + script + "</script></body>", 1);
                                if (replaced.Length != response.Length)
                                {
                                    e.ResponseString = replaced;
                                    _URLList.Add(RandomURLEnding);

                                }

                            }
                        }
                    }
                }
            }
            catch { }
        }