static IHttpRequestResponse highlightRequestResponse(IHttpRequestResponse attack, String responseHighlight, String requestHighlight, IScannerInsertionPoint insertionPoint) { List<int[]> requestMarkers = new ArrayList<>(1); if (requestHighlight != null && requestHighlight.length() > 2) { requestMarkers.add(insertionPoint.getPayloadOffsets(requestHighlight.getBytes())); } List<int[]> responseMarkers = new ArrayList<>(1); if (responseHighlight != null) { responseMarkers = getMatches(attack.getResponse(), responseHighlight.getBytes(), -1); } attack = callbacks.applyMarkers(attack, requestMarkers, responseMarkers); return attack; }
static IHttpRequestResponse highlightRequestResponse(IHttpRequestResponse attack, String responseHighlight, String requestHighlight, IScannerInsertionPoint insertionPoint) { List<int[]> requestMarkers = new ArrayList<>(1); if (requestHighlight != null && requestHighlight.length() > 2) { requestMarkers.add(insertionPoint.getPayloadOffsets(requestHighlight.getBytes())); } List<int[]> responseMarkers = new ArrayList<>(1); if (responseHighlight != null) { responseMarkers = getMatches(attack.getResponse(), responseHighlight.getBytes(), -1); } attack = callbacks.applyMarkers(attack, requestMarkers, responseMarkers); return attack; }
private IParameter getParameterFromInsertionPoint(IScannerInsertionPoint insertionPoint, byte[] request) { IParameter baseParam = null; int basePayloadStart = insertionPoint.getPayloadOffsets("x".getBytes())[0]; List<IParameter> params = helpers.analyzeRequest(request).getParameters(); for (IParameter param : params) { if (param.getValueStart() == basePayloadStart && insertionPoint.getBaseValue().equals(param.getValue())) { baseParam = param; break; } } return baseParam; }
List requestMarkers = new ArrayList(1); List responseMarkers = new ArrayList(1); requestMarkers.add(insertionPoint.getPayloadOffsets(this.helpers.stringToBytes(finalPayload))); responseMarkers.add(new int[]{body.indexOf(CRLFHeader), body.indexOf(CRLFHeader) + CRLFHeader.length()}); List requestMarkers = new ArrayList(1); List responseMarkers = new ArrayList(1); requestMarkers.add(insertionPoint.getPayloadOffsets(this.helpers.stringToBytes(finalPayload))); responseMarkers.add(new int[]{body.indexOf(CRLFHeader), body.indexOf(CRLFHeader) + CRLFHeader.length()});
currentMarkers = p.findIndicator(responseStr); if (currentMarkers != null && currentMarkers.size() > 0) { reqMarkers.add(insertionPoint.getPayloadOffsets(payloadBytes)); issues.add(createActiveScanExceptionBasedIssue(baseReqRes, newReqRes, reqMarkers, currentMarkers)); break; requestTime = System.currentTimeMillis() - requestStartTime; if (newReqRes.getResponse() != null && requestTime > (baseRequestTime + p.getTimeDelay())) { reqMarkers.add(insertionPoint.getPayloadOffsets(payloadBytes)); issues.add(createActiveScanTimeBasedIssue(baseReqRes, newReqRes, reqMarkers, baseRequestTime, requestTime)); break; reqMarkers.add(insertionPoint.getPayloadOffsets(payloadBytes)); _collabRecords.add(new CollaboratorRecord(collabId, collabId + "." + _collabContext.getCollaboratorServerLocation(), baseReqRes, newReqRes, reqMarkers, true)); reqMarkers.add(insertionPoint.getPayloadOffsets(payloadBytes)); _collabRecords.add(new CollaboratorRecord(collabId, collabId + "." + _collabContext.getCollaboratorServerLocation(), baseReqRes, newReqRes, reqMarkers, true));
Utilities.doActiveScan(Utilities.attemptRequest(injector.getService(), valueInsertionPoint.buildRequest(baseValue.getBytes())), valueInsertionPoint.getPayloadOffsets(baseValue.getBytes()));