private Attack add(byte[] response, String anchor) { assert (firstRequest != null); response = Utilities.filterResponse(response); responseKeywords.updateWith(response); responseDetails.updateWith(response); if(anchor.equals("")) { responseReflections = INCALCULABLE; } else { int reflections = Utilities.countMatches(response, anchor.getBytes()); if (responseReflections == UNINITIALISED) { responseReflections = reflections; } else if (responseReflections != reflections && responseReflections != INCALCULABLE) { responseReflections = DYNAMIC; } } regeneratePrint(); return this; }
private Attack add(byte[] response, String anchor) { assert (firstRequest != null); response = Utilities.filterResponse(response); responseKeywords.updateWith(response); responseDetails.updateWith(response); if(anchor.equals("")) { responseReflections = INCALCULABLE; } else { int reflections = Utilities.countMatches(response, anchor.getBytes()); if (responseReflections == UNINITIALISED) { responseReflections = reflections; } else if (responseReflections != reflections && responseReflections != INCALCULABLE) { responseReflections = DYNAMIC; } } regeneratePrint(); return this; }
private HashSet<String> recordHandling(IHttpRequestResponse baseRequestResponse, IScannerInsertionPoint insertionPoint, String probe) { String leftAnchor = Utilities.randomString(3); String middleAnchor = "z"+Integer.toString(Utilities.rnd.nextInt(9)); String rightAnchor = "z"+Utilities.randomString(3); String payload = leftAnchor + "\\\\" + middleAnchor + probe + rightAnchor; IHttpRequestResponse attack = callbacks.makeHttpRequest( baseRequestResponse.getHttpService(), insertionPoint.buildRequest(payload.getBytes())); // Utilities.buildRequest(baseRequestResponse, insertionPoint, payload) return getTransformationResults(leftAnchor + "\\" + middleAnchor, rightAnchor, helpers.stringToBytes(helpers.bytesToString(Utilities.filterResponse(attack.getResponse())))); }
String rightAnchor = "z" + Utilities.randomString(2); Attack basicAttack = Utilities.buildTransformationAttack(baseRequestResponse, insertionPoint, leftAnchor, "\\\\", rightAnchor); if (Utilities.getMatches(Utilities.filterResponse(basicAttack.getFirstRequest().getResponse()), (leftAnchor + "\\" + rightAnchor).getBytes(), -1).isEmpty()) { return null;