static IHttpRequestResponse highlightRequestResponse(IHttpRequestResponse attack, String responseHighlight, String requestHighlight, IScannerInsertionPoint insertionPoint) { List<int[]> requestMarkers = new ArrayList<>(1); if (requestHighlight != null && requestHighlight.length() > 2) { requestMarkers.add(insertionPoint.getPayloadOffsets(requestHighlight.getBytes())); } List<int[]> responseMarkers = new ArrayList<>(1); if (responseHighlight != null) { responseMarkers = getMatches(attack.getResponse(), responseHighlight.getBytes(), -1); } attack = callbacks.applyMarkers(attack, requestMarkers, responseMarkers); return attack; }
private HashSet<String> getTransformationResults(String leftAnchor, String rightAnchor, byte[] response) { List<int[]> leftAnchorReflections = Utilities.getMatches(response, leftAnchor.getBytes(), -1); HashSet<String> results = new HashSet<>(); for (int[] reflection_location : leftAnchorReflections) { byte[] reflection = Arrays.copyOfRange(response, reflection_location[1], reflection_location[1] + 20); List<int[]> matches = Utilities.getMatches(reflection, rightAnchor.getBytes(), -1); int reflection_end; if (matches.isEmpty()) { results.add("Truncated"); //+StringEscapeUtils.unescapeHtml4(helpers.bytesToString(Arrays.copyOfRange(reflection, 0, 8)))); } else { reflection_end = matches.get(0)[0]; results.add(StringEscapeUtils.unescapeHtml4(helpers.bytesToString(Arrays.copyOfRange(reflection, 0, reflection_end)))); } } if (leftAnchorReflections.isEmpty()) { results.add("Reflection disappeared"); } return results; }
static IHttpRequestResponse highlightRequestResponse(IHttpRequestResponse attack, String responseHighlight, String requestHighlight, IScannerInsertionPoint insertionPoint) { List<int[]> requestMarkers = new ArrayList<>(1); if (requestHighlight != null && requestHighlight.length() > 2) { requestMarkers.add(insertionPoint.getPayloadOffsets(requestHighlight.getBytes())); } List<int[]> responseMarkers = new ArrayList<>(1); if (responseHighlight != null) { responseMarkers = getMatches(attack.getResponse(), responseHighlight.getBytes(), -1); } attack = callbacks.applyMarkers(attack, requestMarkers, responseMarkers); return attack; }
private static byte[] replace(byte[] request, byte[] find, byte[] replace, int limit) { List<int[]> matches = getMatches(request, find, -1); if (limit != -1) { matches = matches.subList(0, limit); } try { ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); for (int i=0;i<matches.size();i++) { if (i == 0) { outputStream.write(Arrays.copyOfRange(request, 0, matches.get(i)[0])); } else { outputStream.write(Arrays.copyOfRange(request, matches.get(i-1)[1], matches.get(i)[0])); } outputStream.write(replace); if (i==matches.size()-1) { outputStream.write(Arrays.copyOfRange(request, matches.get(i)[1], request.length)); break; } } request = outputStream.toByteArray(); } catch (IOException e) { return null; } return request; }
static byte[] replace(byte[] request, byte[] find, byte[] replace) { List<int[]> matches = getMatches(request, find, -1); try { ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); for (int i=0;i<matches.size();i++) { if (i == 0) { outputStream.write(Arrays.copyOfRange(request, 0, matches.get(i)[0])); } else { outputStream.write(Arrays.copyOfRange(request, matches.get(i-1)[1], matches.get(i)[0])); } outputStream.write(replace); if (i==matches.size()-1) { outputStream.write(Arrays.copyOfRange(request, matches.get(i)[1], request.length)); break; } } request = outputStream.toByteArray(); } catch (IOException e) { return null; } return request; }
String rightAnchor = "z" + Utilities.randomString(2); Attack basicAttack = Utilities.buildTransformationAttack(baseRequestResponse, insertionPoint, leftAnchor, "\\\\", rightAnchor); if (Utilities.getMatches(Utilities.filterResponse(basicAttack.getFirstRequest().getResponse()), (leftAnchor + "\\" + rightAnchor).getBytes(), -1).isEmpty()) { return null;