-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathFPDDiger.cs
124 lines (112 loc) · 5.51 KB
/
FPDDiger.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using Fiddler;
using System.Collections;
using System.Text.RegularExpressions;
using System.Collections.Specialized;
[assembly: Fiddler.RequiredVersion("4.6.0.2")]
namespace FPDDiger
{
public class Demo : IAutoTamper, IFiddlerExtension
{
private UserInterface ui;
private bool bLoaded;
private ArrayList geturlList;
private ArrayList posturlList;
private ArrayList xGETurlList;
private ArrayList xPOSTdataList;
private Regex regex;
private Match m;
private string strParams = string.Empty;
public Demo() { }
public void OnLoad()
{
this.ui = new UserInterface();
this.bLoaded = true;
this.geturlList = new ArrayList();
this.posturlList = new ArrayList();
this.xGETurlList = new ArrayList();
this.xPOSTdataList = new ArrayList();
}
public void OnBeforeUnload(){ /*noop*/ }
public void AutoTamperRequestBefore(Session oSession)
{
if (this.bLoaded && this.ui.bEnabled)
{
this.regex = new Regex(@"\/\S*\?");
this.m = this.regex.Match(oSession.url);
if (m.Success)
{
try
{
if(oSession.RequestMethod == "GET")
{
if (this.geturlList.Contains(oSession.url) || this.xGETurlList.Contains(oSession.url))
return;
this.geturlList.Add(oSession.url);
this.strParams = oSession.url.Split('?')[1];
string[] Params = strParams.Split('&');
foreach (string strParamname in Params)
{
string strUrl = oSession.url;
strUrl = strUrl.Replace(strParamname.Split('=')[0], strParamname.Split('=')[0] + "[]");
this.xGETurlList.Add(strUrl);
FiddlerApplication.oProxy.InjectCustomRequest(oSession.ToString().Replace(oSession.url, strUrl));
}
}
else if(oSession.RequestMethod == "POST")
{
if (this.posturlList.Contains(oSession.url) && this.xPOSTdataList.Contains(oSession.GetRequestBodyEncoding().GetString(oSession.requestBodyBytes)))
return;
this.posturlList.Add(oSession.url);
this.xPOSTdataList.Add(oSession.GetRequestBodyEncoding().GetString(oSession.requestBodyBytes));
this.strParams = oSession.GetRequestBodyEncoding().GetString(oSession.requestBodyBytes);
string[] Params = strParams.Split('&');
foreach (string strParamname in Params)
{
String strData = oSession.ToString();
strData = this.strParams.Replace(strParamname.Split('=')[0], strParamname.Split('=')[0] + "[]");
this.xPOSTdataList.Add(this.strParams.Replace(strParamname.Split('=')[0], strParamname.Split('=')[0] + "[]"));
StringDictionary dictionary = new StringDictionary();
dictionary["Flag"] = "FreeBuf";
FiddlerApplication.oProxy.InjectCustomRequest(oSession.oRequest.headers, oSession.GetRequestBodyEncoding().GetBytes(strData), dictionary);
}
}
}catch { }
}
}
}
public void AutoTamperRequestAfter(Session oSession) { /* noop */ }
public void AutoTamperResponseBefore(Session oSession)
{
if (this.bLoaded && this.ui.bEnabled)
{
if (oSession.responseCode == 404)
return;
if (this.xGETurlList.Contains(oSession.url) || this.posturlList.Contains(oSession.url))
{
string strResponse = oSession.GetResponseBodyAsString().Replace('\\', '/');
this.regex = new Regex(@"PHP\s*\w*\:.*\/\w*.php");
this.m = this.regex.Match(strResponse);
if (this.m.Success)
{
if (oSession.RequestMethod == "GET")
this.ui.AddResult("[" + oSession.RequestMethod + "] " + oSession.url);
else if (oSession.RequestMethod == "POST")
{
this.ui.AddResult("[" + oSession.RequestMethod + "] " + oSession.url);
this.ui.AddResult("[POST Data:] " + oSession.GetRequestBodyEncoding().GetString(oSession.requestBodyBytes));
}
}
else return ;
}
}
}
public void AutoTamperResponseAfter(Session oSession) { /* noop */ }
public void OnBeforeReturningError(Session oSession) { /* noop */ }
}
}