private string DoAttack(Form form, string attackContent)
        {
            try
            {

                SimpleXssAttackAnnounceItem announceItem = new SimpleXssAttackAnnounceItem(_xAttack, SimpleXssAttackStatus.AttackStarted, _sharedResource, "", DateTime.Now);
                OnAgentAttackAnnounced(announceItem);

                HttpWebRequest request = null;

                if (form.Method == "get")
                    request = WebRequest.Create(form.Action + attackContent) as HttpWebRequest;
                else
                    request = WebRequest.Create(form.Action) as HttpWebRequest;

                request.Timeout = 100000;
                request.UserAgent = "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)";
                request.AllowAutoRedirect = true;
                request.KeepAlive = false;

                if(form.Method=="post")
                {
                    request.ContentType = "";
                    byte[] data = Encoding.UTF8.GetBytes(attackContent);
                    request.ContentLength = data.Length;

                    using(Stream stream=request.GetRequestStream())
                    {
                        stream.Write(data,0,data.Length);
                    }
                }

                using (HttpWebResponse response = request.GetResponse() as HttpWebResponse)
                {
                    if (
                        (response.StatusCode != HttpStatusCode.NotFound
                        || response.StatusCode != HttpStatusCode.BadGateway
                        || response.StatusCode != HttpStatusCode.BadRequest
                        || response.StatusCode != HttpStatusCode.Forbidden
                        || response.StatusCode != HttpStatusCode.GatewayTimeout
                        || response.StatusCode != HttpStatusCode.Gone
                        || response.StatusCode != HttpStatusCode.InternalServerError
                        || response.StatusCode != HttpStatusCode.NotAcceptable)
                        && (response.ContentType.Contains("text/html"))
                        )
                    {
                        using (StreamReader sr = new StreamReader(response.GetResponseStream()))
                        {
                            string resp=sr.ReadToEnd();

                            _sharedResource.IncrementAttacks();
                            announceItem = new SimpleXssAttackAnnounceItem(_xAttack, SimpleXssAttackStatus.AttackFinished, _sharedResource, "", DateTime.Now);
                            OnAgentAttackAnnounced(announceItem);

                            return resp;
                        }
                    }
                    else
                    {
                        announceItem = new SimpleXssAttackAnnounceItem(_xAttack, SimpleXssAttackStatus.AttackHalted, _sharedResource, "", DateTime.Now);
                        OnAgentAttackAnnounced(announceItem);
                        return null;
                    }
                }
            }
            catch (WebException ex)
            {
                SimpleXssAttackAnnounceItem announceItem = new SimpleXssAttackAnnounceItem(_xAttack, SimpleXssAttackStatus.AttackHalted, _sharedResource, "", DateTime.Now);
                OnAgentAttackAnnounced(announceItem);
                return null;
            }
        }
示例#2
0
 internal SimpleXssAttackAnnouncedEventArgs(SimpleXssAttackAnnounceItem announceItem)
     : base(announceItem)
 {
 }
        private string DoAttack(Form form, string attackContent)
        {
            try
            {
                SimpleXssAttackAnnounceItem announceItem = new SimpleXssAttackAnnounceItem(_xAttack, SimpleXssAttackStatus.AttackStarted, _sharedResource, "", DateTime.Now);
                OnAgentAttackAnnounced(announceItem);

                HttpWebRequest request = null;

                if (form.Method == "get")
                {
                    request = WebRequest.Create(form.Action + attackContent) as HttpWebRequest;
                }
                else
                {
                    request = WebRequest.Create(form.Action) as HttpWebRequest;
                }

                request.Timeout           = 100000;
                request.UserAgent         = "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)";
                request.AllowAutoRedirect = true;
                request.KeepAlive         = false;

                if (form.Method == "post")
                {
                    request.ContentType = "";
                    byte[] data = Encoding.UTF8.GetBytes(attackContent);
                    request.ContentLength = data.Length;

                    using (Stream stream = request.GetRequestStream())
                    {
                        stream.Write(data, 0, data.Length);
                    }
                }

                using (HttpWebResponse response = request.GetResponse() as HttpWebResponse)
                {
                    if (
                        (response.StatusCode != HttpStatusCode.NotFound ||
                         response.StatusCode != HttpStatusCode.BadGateway ||
                         response.StatusCode != HttpStatusCode.BadRequest ||
                         response.StatusCode != HttpStatusCode.Forbidden ||
                         response.StatusCode != HttpStatusCode.GatewayTimeout ||
                         response.StatusCode != HttpStatusCode.Gone ||
                         response.StatusCode != HttpStatusCode.InternalServerError ||
                         response.StatusCode != HttpStatusCode.NotAcceptable) &&
                        (response.ContentType.Contains("text/html"))
                        )
                    {
                        using (StreamReader sr = new StreamReader(response.GetResponseStream()))
                        {
                            string resp = sr.ReadToEnd();

                            _sharedResource.IncrementAttacks();
                            announceItem = new SimpleXssAttackAnnounceItem(_xAttack, SimpleXssAttackStatus.AttackFinished, _sharedResource, "", DateTime.Now);
                            OnAgentAttackAnnounced(announceItem);

                            return(resp);
                        }
                    }
                    else
                    {
                        announceItem = new SimpleXssAttackAnnounceItem(_xAttack, SimpleXssAttackStatus.AttackHalted, _sharedResource, "", DateTime.Now);
                        OnAgentAttackAnnounced(announceItem);
                        return(null);
                    }
                }
            }
            catch (WebException ex)
            {
                SimpleXssAttackAnnounceItem announceItem = new SimpleXssAttackAnnounceItem(_xAttack, SimpleXssAttackStatus.AttackHalted, _sharedResource, "", DateTime.Now);
                OnAgentAttackAnnounced(announceItem);
                return(null);
            }
        }
 internal SimpleXssAttackAnnouncedEventArgs(SimpleXssAttackAnnounceItem announceItem)
     : base(announceItem)
 {
 }