Example 6 with Request
use of com.jsql.model.bean.util.Request in project jsql-injection by ron190.
the class ObserverInteraction method update.
/**
* Observer pattern.<br>
* Receive an update order from the model:<br>
* - Use the Request message to get the Interaction class,<br>
* - Pass the parameters to that class.
*/
@Override
public void update(Observable model, Object newInteraction) {
Request interaction = (Request) newInteraction;
try {
Class<?> cl = Class.forName(this.packageInteraction + "." + interaction.getMessage());
Class<?>[] types = new Class[] { Object[].class };
Constructor<?> ct = cl.getConstructor(types);
InteractionCommand o2 = (InteractionCommand) ct.newInstance(new Object[] { interaction.getParameters() });
o2.execute();
} catch (ClassNotFoundException e) {
// Ignore unused interaction message
IgnoreMessageException ignore = new IgnoreMessageException(e);
LOGGER.trace(ignore, ignore);
} catch (InstantiationException | IllegalAccessException | NoSuchMethodException | SecurityException | IllegalArgumentException | InvocationTargetException e) {
LOGGER.error(e.getMessage(), e);
}
}
Also used :
Request(com.jsql.model.bean.util.Request)
IgnoreMessageException(com.jsql.model.exception.IgnoreMessageException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
Example 7 with Request
use of com.jsql.model.bean.util.Request in project jsql-injection by ron190.
the class InjectionModel method beginInjection.
/**
* Prepare the injection process, can be interrupted by the user (via shouldStopAll).
* Erase all attributes eventually defined in a previous injection.
* Run by Scan, Standard and TU.
*/
public void beginInjection() {
this.resetModel();
// TODO Extract in method
try {
// Test proxy connection
if (!ProxyUtil.isChecked(ShowOnConsole.YES)) {
return;
}
LOGGER.info(I18n.valueByKey("LOG_START_INJECTION") + ": " + ConnectionUtil.getUrlByUser());
// Check general integrity if user's parameters
ParameterUtil.checkParametersFormat(true, true, null);
// Check connection is working: define Cookie management, check HTTP status, parse <form> parameters, process CSRF
LOGGER.trace(I18n.valueByKey("LOG_CONNECTION_TEST"));
ConnectionUtil.testConnection();
boolean hasFoundInjection = false;
// Try to inject Query params
hasFoundInjection = this.testParameters(MethodInjection.QUERY, ParameterUtil.getQueryStringAsString(), ParameterUtil.getQueryString());
if (!hasFoundInjection) {
if (PreferencesUtil.isCheckingAllSOAPParam() && ParameterUtil.getRequestAsText().matches("^<\\?xml.*")) {
try {
Document doc = SoapUtil.convertStringToDocument(ParameterUtil.getRequestAsText());
LOGGER.trace("Parsing SOAP from Request...");
hasFoundInjection = SoapUtil.injectTextNodes(doc, doc.getDocumentElement());
} catch (Exception e) {
LOGGER.trace("SOAP not detected, checking standard Request parameters...");
// Try to inject Request params
hasFoundInjection = this.testParameters(MethodInjection.REQUEST, ParameterUtil.getRequestAsString(), ParameterUtil.getRequest());
}
} else {
LOGGER.trace("Checking standard Request parameters");
// Try to inject Request params
hasFoundInjection = this.testParameters(MethodInjection.REQUEST, ParameterUtil.getRequestAsString(), ParameterUtil.getRequest());
}
}
if (!hasFoundInjection) {
// Try to inject Header params
hasFoundInjection = this.testParameters(MethodInjection.HEADER, ParameterUtil.getHeaderAsString(), ParameterUtil.getHeader());
}
LOGGER.trace(I18n.valueByKey("LOG_DONE"));
this.injectionAlreadyBuilt = true;
} catch (JSqlException e) {
LOGGER.warn(e.getMessage(), e);
} finally {
Request request = new Request();
request.setMessage(Interaction.END_PREPARATION);
this.sendToViews(request);
}
}
Also used :
JSqlException(com.jsql.model.exception.JSqlException)
Request(com.jsql.model.bean.util.Request)
Document(org.w3c.dom.Document)
LoginException(javax.security.auth.login.LoginException)
InjectionFailureException(com.jsql.model.exception.InjectionFailureException)
JSONException(org.json.JSONException)
JSqlException(com.jsql.model.exception.JSqlException)
GSSException(org.ietf.jgss.GSSException)
PrivilegedActionException(java.security.PrivilegedActionException)
MalformedURLException(java.net.MalformedURLException)
IOException(java.io.IOException)
Example 8 with Request
use of com.jsql.model.bean.util.Request in project jsql-injection by ron190.
the class InjectionModel method controlInput.
/**
* Send each parameters from the GUI to the model in order to
* start the preparation of injection, the injection process is
* started in a new thread via model function inputValidation().
*/
public void controlInput(String urlQuery, String dataRequest, String dataHeader, MethodInjection methodInjection, String typeRequest, Boolean isScanning) {
try {
if (!urlQuery.isEmpty() && !urlQuery.matches("(?i)^https?://.*")) {
if (!urlQuery.matches("(?i)^\\w+://.*")) {
LOGGER.info("Undefined URL protocol, forcing to [http://]");
urlQuery = "http://" + urlQuery;
} else {
throw new MalformedURLException("unknown URL protocol");
}
}
ParameterUtil.initQueryString(urlQuery);
ParameterUtil.initRequest(dataRequest);
ParameterUtil.initHeader(dataHeader);
ConnectionUtil.setMethodInjection(methodInjection);
ConnectionUtil.setTypeRequest(typeRequest);
// Reset level of evasion
this.stepSecurity = 0;
// TODO separate method
if (isScanning) {
this.beginInjection();
} else {
// Start the model injection process in a thread
new Thread(InjectionModel.this::beginInjection, "ThreadBeginInjection").start();
}
} catch (MalformedURLException e) {
LOGGER.warn("Incorrect Url: " + e.getMessage(), e);
// Incorrect URL, reset the start button
Request request = new Request();
request.setMessage(Interaction.END_PREPARATION);
this.sendToViews(request);
}
}
Also used :
MalformedURLException(java.net.MalformedURLException)
Request(com.jsql.model.bean.util.Request)
Example 9 with Request
use of com.jsql.model.bean.util.Request in project jsql-injection by ron190.
the class CallableHttpHead method call.
/**
* Call URL to a administration page in HEAD mode and send the result back to view.
*/
@Override
public CallableHttpHead call() throws Exception {
boolean isUrlIncorrect = false;
URL targetUrl = null;
try {
targetUrl = new URL(this.urlAdminPage);
} catch (MalformedURLException e) {
isUrlIncorrect = true;
}
if (RessourceAccess.isSearchAdminStopped() || isUrlIncorrect || "".equals(targetUrl.getHost())) {
LOGGER.warn("Incorrect URL: " + this.urlAdminPage);
return this;
}
HttpURLConnection connection = (HttpURLConnection) targetUrl.openConnection();
connection.setRequestProperty("Pragma", "no-cache");
connection.setRequestProperty("Cache-Control", "no-cache");
connection.setRequestProperty("Expires", "-1");
connection.setRequestMethod("HEAD");
this.responseCodeHttp = ObjectUtils.firstNonNull(connection.getHeaderField(0), "");
Map<Header, Object> msgHeader = new EnumMap<>(Header.class);
msgHeader.put(Header.URL, this.urlAdminPage);
msgHeader.put(Header.POST, "");
msgHeader.put(Header.HEADER, "");
msgHeader.put(Header.RESPONSE, HeaderUtil.getHttpHeaders(connection));
Request request = new Request();
request.setMessage(Interaction.MESSAGE_HEADER);
request.setParameters(msgHeader);
MediatorModel.model().sendToViews(request);
return this;
}
Also used :
MalformedURLException(java.net.MalformedURLException)
HttpURLConnection(java.net.HttpURLConnection)
Header(com.jsql.model.bean.util.Header)
Request(com.jsql.model.bean.util.Request)
EnumMap(java.util.EnumMap)
URL(java.net.URL)
Example 10 with Request
use of com.jsql.model.bean.util.Request in project jsql-injection by ron190.
the class DataAccess method listColumns.
/**
* Get column names and send them to the view.<br>
* Use readable text (not hexa) and parse this pattern with 2nd member forced to 31 (1 in ascii):<br>
* => hh[column name 1]jj[31]hhgghh[column name 2]jj[31]hhggh...hi<br>
* Data window can be cut before the end of the request but the process helps to obtain
* the rest of the unreachable data. The process can be interrupted by the user (stop/pause).
* @param table which contains columns to find
* @return list of columns found
* @throws JSqlException when injection failure or stopped by user
*/
public static List<Column> listColumns(Table table) throws JSqlException {
List<Column> columns = new ArrayList<>();
// Inform the view that table has just been used
Request requestStartProgress = new Request();
requestStartProgress.setMessage(Interaction.START_INDETERMINATE_PROGRESS);
requestStartProgress.setParameters(table);
MediatorModel.model().sendToViews(requestStartProgress);
String resultToParse = "";
try {
String[] pageSource = { "" };
resultToParse = new SuspendableGetRows().run(MediatorModel.model().getVendor().instance().sqlColumns(table), pageSource, true, 0, table);
} catch (SlidingException e) {
LOGGER.warn(e.getMessage(), e);
// Get pieces of data already retreived instead of losing them
if (!"".equals(e.getSlidingWindowAllRows())) {
resultToParse = e.getSlidingWindowAllRows();
} else if (!"".equals(e.getSlidingWindowCurrentRows())) {
resultToParse = e.getSlidingWindowCurrentRows();
}
} catch (Exception e) {
LOGGER.warn(e.getMessage(), e);
}
// Build SQLite columns
if (MediatorModel.model().getVendor() == Vendor.SQLITE) {
resultToParse = Vendor.SQLITE.transform(resultToParse);
}
// Parse all the data we have retrieved
Matcher regexSearch = Pattern.compile(MODE + ENCLOSE_VALUE_RGX + CELL_TABLE + ENCLOSE_VALUE_RGX).matcher(resultToParse);
Request requestEndProgress = new Request();
requestEndProgress.setMessage(Interaction.END_INDETERMINATE_PROGRESS);
requestEndProgress.setParameters(table);
MediatorModel.model().sendToViews(requestEndProgress);
if (!regexSearch.find()) {
throw new InjectionFailureException();
}
regexSearch.reset();
// Build an array of Column objects from the data we have parsed
while (regexSearch.find()) {
String nameColumn = regexSearch.group(1);
Column column = new Column(nameColumn, table);
columns.add(column);
}
Request requestAddColumns = new Request();
requestAddColumns.setMessage(Interaction.ADD_COLUMNS);
requestAddColumns.setParameters(columns);
MediatorModel.model().sendToViews(requestAddColumns);
return columns;
}
Also used :
SlidingException(com.jsql.model.exception.SlidingException)
SuspendableGetRows(com.jsql.model.suspendable.SuspendableGetRows)
Column(com.jsql.model.bean.database.Column)
Matcher(java.util.regex.Matcher)
ArrayList(java.util.ArrayList)
Request(com.jsql.model.bean.util.Request)
SlidingException(com.jsql.model.exception.SlidingException)
IgnoreMessageException(com.jsql.model.exception.IgnoreMessageException)
JSqlException(com.jsql.model.exception.JSqlException)
InjectionFailureException(com.jsql.model.exception.InjectionFailureException)
InjectionFailureException(com.jsql.model.exception.InjectionFailureException)
Aggregations
Request (com.jsql.model.bean.util.Request)47
ArrayList (java.util.ArrayList)13
Header (com.jsql.model.bean.util.Header)12
EnumMap (java.util.EnumMap)12
ExecutorCompletionService (java.util.concurrent.ExecutorCompletionService)11
ExecutorService (java.util.concurrent.ExecutorService)11
JSqlException (com.jsql.model.exception.JSqlException)10
SuspendableGetRows (com.jsql.model.suspendable.SuspendableGetRows)9
IOException (java.io.IOException)9
ThreadFactoryCallable (com.jsql.model.suspendable.callable.ThreadFactoryCallable)8
ExecutionException (java.util.concurrent.ExecutionException)8
InjectionFailureException (com.jsql.model.exception.InjectionFailureException)7
ItemList (com.jsql.view.swing.list.ItemList)7
MalformedURLException (java.net.MalformedURLException)6
HttpRequest (java.net.http.HttpRequest)6
URL (java.net.URL)5
List (java.util.List)5
Matcher (java.util.regex.Matcher)5
IgnoreMessageException (com.jsql.model.exception.IgnoreMessageException)4
StoppedByUserSlidingException (com.jsql.model.exception.StoppedByUserSlidingException)4
