internal static HttpWebRequest GenerateRequest(string uri, string content, string method, string login, string password, bool allowAutoRedirect) { if (uri == null) { throw new ArgumentNullException("uri"); } // Create a request using a URL that can receive a post. HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(uri); request.Headers.Add("Cookie", "hello"); // Set the Method property of the request to POST. request.Method = method; // Manage_Gen mg = new Manage_Gen(uri, method); /* * Gen gen = new Gen(); * gen.httprequest = request; * request= mg.behavoiur_mutation(gen).httprequest; * * // string userag = "aaa' or 1/*"; * //request.UserAgent = userag; * * string userreferer = "http://www.yaboukur.com"; * request.Referer = userreferer; * * // Set cookie container to maintain cookies * * request.CookieContainer = cookies; * // request.CookieContainer.Add(new Uri(uri), new Cookie("id", "1234\r ' or 1=1")); * request.AllowAutoRedirect = allowAutoRedirect; * // If login is empty use defaul credentials * if (string.IsNullOrEmpty(login)) * { * request.Credentials = CredentialCache.DefaultNetworkCredentials; * } * else * { * request.Credentials = new NetworkCredential(login, password); * } * if (method == "POST") * { * // Convert POST data to a byte array. * byte[] byteArray = Encoding.UTF8.GetBytes(content); * // Set the ContentType property of the WebRequest. * request.ContentType = "application/x-www-form-urlencoded"; * // Set the ContentLength property of the WebRequest. * request.ContentLength = byteArray.Length; * // Get the request stream. * Stream dataStream = request.GetRequestStream(); * // Write the data to the request stream. * dataStream.Write(byteArray, 0, byteArray.Length); * // Close the Stream object. * dataStream.Close(); * } */ return(request); }
/// <summary> /// mutate inpute child by the way of way_of_mutation! /// </summary> /// <param name="children"></param> /// <param name="way_of_mutation">index of mutation type: 1=behavoiur chang, 2=syntax repair, 3=obfuscation</param> /// <returns>return mutated gen</returns> public void Mutation(Manage_Gen mg) { // Gen mutated_gen = new Gen(); Random r = new Random(Guid.NewGuid().GetHashCode()); int random; int rand_for_choose_to_be_behavoiur_or_not = 0; rand_for_choose_to_be_behavoiur_or_not = r.Next(0, 1); int mutation_approach; for (int i = 0; i < n; i++) { random = r.Next(1, 11); //1-10 //30% percent of gens will be mutated (maybe 40%) if (random <= 3) //60% just for test { //choose random mutation approach if (rand_for_choose_to_be_behavoiur_or_not == 1) { mutation_approach = 1; } else { mutation_approach = r.Next(1, 4);//either syntax or obfuscation } switch (mutation_approach) { case 1: //behavoiur mg.gen_pool[i] = behavoiur_mutation(mg.gen_pool[i]); break; case 2: //syntax mg.gen_pool[i] = syntax_repairing(mg.gen_pool[i]); break; case 3: //obfuscation mg.gen_pool[i] = obfuscation(mg.gen_pool[i]); break; } } // else // mutated_gen = mg.gen_pool[i];//return gen without any mutation } //return mutated_gen; }//end mutation func
public int[,] generate_testcase_by_genetic(int round, string uri, string method) { Manage_Gen mg = new Manage_Gen(uri, method); //********************************** ServicePointManager.UseNagleAlgorithm = true; ServicePointManager.Expect100Continue = true; ServicePointManager.CheckCertificateRevocationList = true; // ServicePointManager.DefaultConnectionLimit = ServicePointManager.DefaultPersistentConnectionLimit; ServicePointManager.DefaultConnectionLimit = 6000;//300 gen per 200 round of genetics //********************************** Gen[] children = new Gen[2]; int[] parent_index = new int[] { -1, -1 }; HttpWebResponse response; int sqli = 0; int Nsqli = 0; int notset = 0; int[,] statistic = new int[3, round]; //***************************************** for (int i = 0; i < round; i++) { // for(int c=0;c<mg.n;c++) mg.Mutation(mg);//mutate 30% of gens. for (int k = 0; k < mg.n; k++) { // Console.WriteLine(k); try { response = mg.GetResponse(mg.gen_pool[k].httprequest); //****************** if (response.Headers.Get("Sqli") == null) { notset++; } else if (response.Headers.Get("Sqli") == "SQLi!") { sqli++; } else if (response.Headers.Get("Sqli") == "No SQLi!") { Nsqli++; } //****************** mg.gen_pool[k].suitability = mg.update_suitability(k, response); } catch (Exception e) { Console.WriteLine("exception accured during update suitability: " + e.ToString()); } } //************************************ Console.WriteLine("number of sqli" + sqli); Console.WriteLine("number of Not sqli" + Nsqli); Console.WriteLine("number of allal badal" + notset); statistic[0, i] = sqli; statistic[1, i] = Nsqli; statistic[2, i] = notset; sqli = Nsqli = notset = 0; //************************************* //Console.WriteLine("finish getting response"); //sort gen-pool by their suitability for (int j = 0; j < mg.n / 2; j++) { // Console.WriteLine(j + "choose parent"); parent_index = mg.Choose_Parent(); // Console.WriteLine("p1: "+parent_index[0] + " p2: "+ parent_index[1]); if (parent_index[0] == -1 || parent_index[1] == -1) { //something wrongs happened Console.WriteLine("choose parent be ga raft"); } else { // Console.WriteLine("before merge parents"); children = mg.Merg_parents(mg.gen_pool[parent_index[0]], mg.gen_pool[parent_index[1]]); } // Console.WriteLine("merginf successfully"); mg.update_gens(children); } }//end genetic rounds for (int k = 0; k < mg.n; k++) { mg.fill_empty_header(mg.gen_pool[k]); } Console.WriteLine("******************************************"); for (int i = 0; i < mg.n; i++) { if (mg.gen_pool[i] == null) { Console.WriteLine("gen " + i + " : is empty"); } else { Console.WriteLine("gen " + i + " : is "); if (mg.gen_pool[i].mutated_header[0]) { Console.WriteLine("referer : " + mg.gen_pool[i].httprequest.Referer); } if (mg.gen_pool[i].mutated_header[1]) { Console.WriteLine("Cookie : " + mg.gen_pool[i].httprequest.Headers["Cookie"]); } if (mg.gen_pool[i].mutated_header[2]) { Console.WriteLine("user-aganet : " + mg.gen_pool[i].httprequest.UserAgent); } } } Console.WriteLine("*********"); /* * for (int i=0;i<mg.n;i++) * { * if(mg.gen_pool[i]!= null) * { * if (mg.gen_pool[i].httprequest.Headers.Get("Sqli") == null) * notset++; * else if (mg.gen_pool[i].httprequest.Headers.Get("Sqli") == "SQLi!") * sqli++; * else if (mg.gen_pool[i].httprequest.Headers.Get("Sqli") == "No SQLi!") * Nsqli++; * } * } * Console.WriteLine("number of sqli" + sqli); * Console.WriteLine("number of Not sqli" + Nsqli); * Console.WriteLine("number of allal badal" + notset); */ for (int j = 0; j < round; j++) { Console.WriteLine("number of sqli" + statistic[0, j]); Console.WriteLine("number of Not sqli" + statistic[1, j]); Console.WriteLine("number of allal badal" + statistic[2, j]); Console.WriteLine("*********"); } return(statistic); }//end function