private void btStartXSSProc_Click(object sender, EventArgs e)
{
if (!started)
{
foreach (FilterByPassObject item in ByPassFilter.Filter)
{
_xSSEvalForm.AddListViewItem(item);
_xSSEvalForm.UpdateStatus(item.ID, "started");
}
started = true;
}
}
public async Task <string> POSTAttack(FilterByPassObject byPassObject, FormContainer item)
{
// Update Status des FilterByPassObject (Logging)
_responseForm.UpdateStatus(byPassObject.ID, "running request...");
string[] inputs = item.GetInputs().ToArray <string>();
using (var client = new HttpClient())
{
var values = new Dictionary <string, string>();
try
{
if (inputs != null)
{
foreach (string input in inputs)
{
if (input.ToLower() != "submit")
{
values.Add(input, byPassObject.ByPassString);
}
}
}
}
catch (Exception e)
{
return("d");
}
// Submit gesetzt? bei Self-Calling Sites
string[] submit = item.GetSubmit();
if (submit != null)
{
values.Add(submit[0], submit[1]);
}
var content = new FormUrlEncodedContent(values);
var response = await client.PostAsync(item.Action, content);
// Update Status des FilterByPassObject (Logging)
_responseForm.UpdateStatus(byPassObject.ID, "continue ...");
// Das FilterByPassObject selbst aktualisieren
byPassObject.ResponseContent = response.ToString() + Environment.NewLine + response.RequestMessage + Environment.NewLine + await response.Content.ReadAsStringAsync();
return("d");
}
}
public void PerformAnalyzation()
{
foreach (var byPassObject in ByPassFilter.Filter)
{
// Update Status des FilterByPassObject (Logging)
_responseForm.UpdateStatus(byPassObject.ID, "analyzing...");
bool success = false;
if (byPassObject.ResponseContent.Contains(byPassObject.ByPassString))
{
success = true;
}
// Set Result und Ende
_responseForm.SetResult(byPassObject.ID, success);
_responseForm.UpdateStatus(byPassObject.ID, "...done");
}
}
