private string DoAttack(Form form, string attackContent)
{
try
{
SimpleXssAttackAnnounceItem announceItem = new SimpleXssAttackAnnounceItem(_xAttack, SimpleXssAttackStatus.AttackStarted, _sharedResource, "", DateTime.Now);
OnAgentAttackAnnounced(announceItem);
HttpWebRequest request = null;
if (form.Method == "get")
request = WebRequest.Create(form.Action + attackContent) as HttpWebRequest;
else
request = WebRequest.Create(form.Action) as HttpWebRequest;
request.Timeout = 100000;
request.UserAgent = "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)";
request.AllowAutoRedirect = true;
request.KeepAlive = false;
if(form.Method=="post")
{
request.ContentType = "";
byte[] data = Encoding.UTF8.GetBytes(attackContent);
request.ContentLength = data.Length;
using(Stream stream=request.GetRequestStream())
{
stream.Write(data,0,data.Length);
}
}
using (HttpWebResponse response = request.GetResponse() as HttpWebResponse)
{
if (
(response.StatusCode != HttpStatusCode.NotFound
|| response.StatusCode != HttpStatusCode.BadGateway
|| response.StatusCode != HttpStatusCode.BadRequest
|| response.StatusCode != HttpStatusCode.Forbidden
|| response.StatusCode != HttpStatusCode.GatewayTimeout
|| response.StatusCode != HttpStatusCode.Gone
|| response.StatusCode != HttpStatusCode.InternalServerError
|| response.StatusCode != HttpStatusCode.NotAcceptable)
&& (response.ContentType.Contains("text/html"))
)
{
using (StreamReader sr = new StreamReader(response.GetResponseStream()))
{
string resp=sr.ReadToEnd();
_sharedResource.IncrementAttacks();
announceItem = new SimpleXssAttackAnnounceItem(_xAttack, SimpleXssAttackStatus.AttackFinished, _sharedResource, "", DateTime.Now);
OnAgentAttackAnnounced(announceItem);
return resp;
}
}
else
{
announceItem = new SimpleXssAttackAnnounceItem(_xAttack, SimpleXssAttackStatus.AttackHalted, _sharedResource, "", DateTime.Now);
OnAgentAttackAnnounced(announceItem);
return null;
}
}
}
catch (WebException ex)
{
SimpleXssAttackAnnounceItem announceItem = new SimpleXssAttackAnnounceItem(_xAttack, SimpleXssAttackStatus.AttackHalted, _sharedResource, "", DateTime.Now);
OnAgentAttackAnnounced(announceItem);
return null;
}
}
internal SimpleXssAttackAnnouncedEventArgs(SimpleXssAttackAnnounceItem announceItem)
: base(announceItem)
{
}
private string DoAttack(Form form, string attackContent)
{
try
{
SimpleXssAttackAnnounceItem announceItem = new SimpleXssAttackAnnounceItem(_xAttack, SimpleXssAttackStatus.AttackStarted, _sharedResource, "", DateTime.Now);
OnAgentAttackAnnounced(announceItem);
HttpWebRequest request = null;
if (form.Method == "get")
{
request = WebRequest.Create(form.Action + attackContent) as HttpWebRequest;
}
else
{
request = WebRequest.Create(form.Action) as HttpWebRequest;
}
request.Timeout = 100000;
request.UserAgent = "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)";
request.AllowAutoRedirect = true;
request.KeepAlive = false;
if (form.Method == "post")
{
request.ContentType = "";
byte[] data = Encoding.UTF8.GetBytes(attackContent);
request.ContentLength = data.Length;
using (Stream stream = request.GetRequestStream())
{
stream.Write(data, 0, data.Length);
}
}
using (HttpWebResponse response = request.GetResponse() as HttpWebResponse)
{
if (
(response.StatusCode != HttpStatusCode.NotFound ||
response.StatusCode != HttpStatusCode.BadGateway ||
response.StatusCode != HttpStatusCode.BadRequest ||
response.StatusCode != HttpStatusCode.Forbidden ||
response.StatusCode != HttpStatusCode.GatewayTimeout ||
response.StatusCode != HttpStatusCode.Gone ||
response.StatusCode != HttpStatusCode.InternalServerError ||
response.StatusCode != HttpStatusCode.NotAcceptable) &&
(response.ContentType.Contains("text/html"))
)
{
using (StreamReader sr = new StreamReader(response.GetResponseStream()))
{
string resp = sr.ReadToEnd();
_sharedResource.IncrementAttacks();
announceItem = new SimpleXssAttackAnnounceItem(_xAttack, SimpleXssAttackStatus.AttackFinished, _sharedResource, "", DateTime.Now);
OnAgentAttackAnnounced(announceItem);
return(resp);
}
}
else
{
announceItem = new SimpleXssAttackAnnounceItem(_xAttack, SimpleXssAttackStatus.AttackHalted, _sharedResource, "", DateTime.Now);
OnAgentAttackAnnounced(announceItem);
return(null);
}
}
}
catch (WebException ex)
{
SimpleXssAttackAnnounceItem announceItem = new SimpleXssAttackAnnounceItem(_xAttack, SimpleXssAttackStatus.AttackHalted, _sharedResource, "", DateTime.Now);
OnAgentAttackAnnounced(announceItem);
return(null);
}
}
internal SimpleXssAttackAnnouncedEventArgs(SimpleXssAttackAnnounceItem announceItem)
: base(announceItem)
{
}