Example 6 with InjectionFailureException
use of com.jsql.model.exception.InjectionFailureException in project jsql-injection by ron190.
the class InjectionModel method testStrategies.
/**
* Find the insertion character, test each strategy, inject metadata and list databases.
* @param isParamByUser true if mode standard/JSON/full, false if injection point
* @param isJson true if param contains JSON
* @param parameter to be tested, null when injection point
* @return true when successful injection
* @throws JSqlException when no params' integrity, process stopped by user, or injection failure
*/
// TODO Merge isParamByUser and parameter: isParamByUser = parameter != null
private boolean testStrategies(boolean isParamByUser, boolean isJson, SimpleEntry<String, String> parameter) throws JSqlException {
// Define insertionCharacter, i.e, -1 in "[..].php?id=-1 union select[..]",
LOGGER.trace(I18n.valueByKey("LOG_GET_INSERTION_CHARACTER"));
// Test for params integrity
String characterInsertionByUser = ParameterUtil.checkParametersFormat(false, isParamByUser, parameter);
// Force to insertion char otherwise.
if (parameter != null) {
String charInsertion = new SuspendableGetCharInsertion().run(characterInsertionByUser, parameter, isJson);
LOGGER.info(I18n.valueByKey("LOG_USING_INSERTION_CHARACTER") + " [" + charInsertion.replace(InjectionModel.STAR, "") + "]");
}
// Fingerprint database
this.vendor = new SuspendableGetVendor().run();
// Test each injection strategies: time, blind, error, normal
StrategyInjection.TIME.instance().checkApplicability();
StrategyInjection.BLIND.instance().checkApplicability();
StrategyInjection.ERROR.instance().checkApplicability();
StrategyInjection.NORMAL.instance().checkApplicability();
// Choose the most efficient strategy: normal > error > blind > time
if (StrategyInjection.NORMAL.instance().isApplicable()) {
StrategyInjection.NORMAL.instance().activateStrategy();
} else if (StrategyInjection.ERROR.instance().isApplicable()) {
StrategyInjection.ERROR.instance().activateStrategy();
} else if (StrategyInjection.BLIND.instance().isApplicable()) {
StrategyInjection.BLIND.instance().activateStrategy();
} else if (StrategyInjection.TIME.instance().isApplicable()) {
StrategyInjection.TIME.instance().activateStrategy();
} else if (PreferencesUtil.isEvasionEnabled() && this.stepSecurity < 3) {
// No injection possible, increase evasion level and restart whole process
this.stepSecurity++;
LOGGER.warn("Injection failed, testing evasion level " + this.stepSecurity + "...");
Request request = new Request();
request.setMessage(Interaction.RESET_STRATEGY_LABEL);
this.sendToViews(request);
// sinon perte de insertionCharacter entre 2 injections
// ConnectionUtil.setQueryString(ConnectionUtil.getQueryString() + this.charInsertion);
this.beginInjection();
return false;
} else {
throw new InjectionFailureException("No injection found");
}
if (!this.isScanning) {
if (!PreferencesUtil.isNotInjectingMetadata()) {
DataAccess.getDatabaseInfos();
}
DataAccess.listDatabases();
}
return true;
}
Also used :
SuspendableGetVendor(com.jsql.model.suspendable.SuspendableGetVendor)
SuspendableGetCharInsertion(com.jsql.model.suspendable.SuspendableGetCharInsertion)
Request(com.jsql.model.bean.util.Request)
InjectionFailureException(com.jsql.model.exception.InjectionFailureException)
Example 7 with InjectionFailureException
use of com.jsql.model.exception.InjectionFailureException in project jsql-injection by ron190.
the class DataAccess method listDatabases.
/**
* Get database names and table counts and send them to the view.<br>
* Use readable text (not hexa) and parse this pattern:<br>
* => hh[database name 1]jj[table count]hhgghh[database name 2]jj[table count]hhggh...hi<br>
* Data window can be cut before the end of the request but the process helps to obtain
* the rest of the unreachable data. The process can be interrupted by the user (stop/pause).
* @return list of databases found
* @throws JSqlException when injection failure or stopped by user
*/
public static List<Database> listDatabases() throws JSqlException {
LOGGER.trace(I18n.valueByKey("LOG_FETCHING_DATABASES"));
List<Database> databases = new ArrayList<>();
String resultToParse = "";
try {
String[] sourcePage = { "" };
resultToParse = new SuspendableGetRows().run(MediatorModel.model().getVendor().instance().sqlDatabases(), sourcePage, true, 0, null);
} catch (SlidingException e) {
LOGGER.warn(e.getMessage(), e);
// Get pieces of data already retreived instead of losing them
if (!"".equals(e.getSlidingWindowAllRows())) {
resultToParse = e.getSlidingWindowAllRows();
} else if (!"".equals(e.getSlidingWindowCurrentRows())) {
resultToParse = e.getSlidingWindowCurrentRows();
}
} catch (Exception e) {
LOGGER.warn(e.getMessage(), e);
}
// Parse all data we have retrieved
Matcher regexSearch = Pattern.compile(MODE + ENCLOSE_VALUE_RGX + CELL_TABLE + ENCLOSE_VALUE_RGX).matcher(resultToParse);
if (!regexSearch.find()) {
throw new InjectionFailureException();
}
regexSearch.reset();
// Build an array of Database objects from the data we have parsed
while (regexSearch.find()) {
String databaseName = regexSearch.group(1);
String tableCount = regexSearch.group(2);
Database newDatabase = new Database(databaseName, tableCount);
databases.add(newDatabase);
}
Request request = new Request();
request.setMessage(Interaction.ADD_DATABASES);
request.setParameters(databases);
MediatorModel.model().sendToViews(request);
return databases;
}
Also used :
SlidingException(com.jsql.model.exception.SlidingException)
SuspendableGetRows(com.jsql.model.suspendable.SuspendableGetRows)
Matcher(java.util.regex.Matcher)
AbstractElementDatabase(com.jsql.model.bean.database.AbstractElementDatabase)
Database(com.jsql.model.bean.database.Database)
ArrayList(java.util.ArrayList)
Request(com.jsql.model.bean.util.Request)
SlidingException(com.jsql.model.exception.SlidingException)
IgnoreMessageException(com.jsql.model.exception.IgnoreMessageException)
JSqlException(com.jsql.model.exception.JSqlException)
InjectionFailureException(com.jsql.model.exception.InjectionFailureException)
InjectionFailureException(com.jsql.model.exception.InjectionFailureException)
Example 8 with InjectionFailureException
use of com.jsql.model.exception.InjectionFailureException in project jsql-injection by ron190.
the class DataAccess method listTables.
/**
* Get tables name and row count and send them to the view.<br>
* Use readable text (not hexa) and parse this pattern:<br>
* => hh[table name 1]jj[rows count]hhgghh[table name 2]jj[rows count]hhggh...hi<br>
* Data window can be cut before the end of the request but the process helps to obtain
* the rest of the unreachable data. The process can be interrupted by the user (stop/pause).
* @param database which contains tables to find
* @return list of tables found
* @throws JSqlException when injection failure or stopped by user
*/
public static List<Table> listTables(Database database) throws JSqlException {
// Reset stoppedByUser if list of Databases is partial
// and some Tables are still reachable
MediatorModel.model().setIsStoppedByUser(false);
List<Table> tables = new ArrayList<>();
// Inform the view that database has just been used
Request requestStartProgress = new Request();
requestStartProgress.setMessage(Interaction.START_PROGRESS);
requestStartProgress.setParameters(database);
MediatorModel.model().sendToViews(requestStartProgress);
String tableCount = Integer.toString(database.getChildCount());
String resultToParse = "";
try {
String[] pageSource = { "" };
resultToParse = new SuspendableGetRows().run(MediatorModel.model().getVendor().instance().sqlTables(database), pageSource, true, Integer.parseInt(tableCount), database);
} catch (SlidingException e) {
LOGGER.warn(e.getMessage(), e);
// Get pieces of data already retreived instead of losing them
if (!"".equals(e.getSlidingWindowAllRows())) {
resultToParse = e.getSlidingWindowAllRows();
} else if (!"".equals(e.getSlidingWindowCurrentRows())) {
resultToParse = e.getSlidingWindowCurrentRows();
}
} catch (Exception e) {
LOGGER.warn(e.getMessage(), e);
}
// Parse all the data we have retrieved
Matcher regexSearch = Pattern.compile(MODE + ENCLOSE_VALUE_RGX + CELL_TABLE + ENCLOSE_VALUE_RGX).matcher(resultToParse);
Request requestEndProgress = new Request();
requestEndProgress.setMessage(Interaction.END_PROGRESS);
requestEndProgress.setParameters(database);
MediatorModel.model().sendToViews(requestEndProgress);
if (!regexSearch.find()) {
throw new InjectionFailureException();
}
regexSearch.reset();
// Build an array of Table objects from the data we have parsed
while (regexSearch.find()) {
String tableName = regexSearch.group(1);
String rowCount = regexSearch.group(2);
Table newTable = new Table(tableName, rowCount, database);
tables.add(newTable);
}
Request requestAddTables = new Request();
requestAddTables.setMessage(Interaction.ADD_TABLES);
requestAddTables.setParameters(tables);
MediatorModel.model().sendToViews(requestAddTables);
return tables;
}
Also used :
Table(com.jsql.model.bean.database.Table)
SlidingException(com.jsql.model.exception.SlidingException)
SuspendableGetRows(com.jsql.model.suspendable.SuspendableGetRows)
Matcher(java.util.regex.Matcher)
ArrayList(java.util.ArrayList)
Request(com.jsql.model.bean.util.Request)
SlidingException(com.jsql.model.exception.SlidingException)
IgnoreMessageException(com.jsql.model.exception.IgnoreMessageException)
JSqlException(com.jsql.model.exception.JSqlException)
InjectionFailureException(com.jsql.model.exception.InjectionFailureException)
InjectionFailureException(com.jsql.model.exception.InjectionFailureException)
Example 9 with InjectionFailureException
use of com.jsql.model.exception.InjectionFailureException in project jsql-injection by ron190.
the class ConnectionUtil method testConnection.
/**
* Check that the connection to the website is working correctly.
* It uses authentication defined by user, with fixed timeout, and warn
* user in case of authentication detected.
* @throws InjectionFailureException when any error occurs during the connection
*/
public static void testConnection() throws InjectionFailureException {
if (PreferencesUtil.isProcessingCookies()) {
CookieManager cookieManager = new CookieManager();
CookieHandler.setDefault(cookieManager);
} else {
CookieHandler.setDefault(null);
}
// Test the HTTP connection
HttpURLConnection connection = null;
try {
if (AuthenticationUtil.isKerberos()) {
String loginKerberos = Pattern.compile("(?s)\\{.*").matcher(StringUtils.join(Files.readAllLines(Paths.get(AuthenticationUtil.getPathKerberosLogin()), Charset.defaultCharset()), "")).replaceAll("").trim();
SpnegoHttpURLConnection spnego = new SpnegoHttpURLConnection(loginKerberos);
connection = spnego.connect(new URL(ConnectionUtil.getUrlByUser()));
} else {
connection = (HttpURLConnection) new URL(ConnectionUtil.getUrlByUser().replace(InjectionModel.STAR, "")).openConnection();
}
connection.setReadTimeout(ConnectionUtil.getTimeout());
connection.setConnectTimeout(ConnectionUtil.getTimeout());
connection.setDefaultUseCaches(false);
connection.setRequestProperty("Pragma", "no-cache");
connection.setRequestProperty("Cache-Control", "no-cache");
connection.setRequestProperty("Expires", "-1");
ConnectionUtil.fixJcifsTimeout(connection);
// Add headers if exists (Authorization:Basic, etc)
for (SimpleEntry<String, String> header : ParameterUtil.getHeader()) {
HeaderUtil.sanitizeHeaders(connection, header);
}
HeaderUtil.checkResponseHeader(connection, ConnectionUtil.getUrlByUser().replace(InjectionModel.STAR, ""));
// Calling connection.disconnect() is not required, further calls will follow
} catch (Exception e) {
String message = Optional.ofNullable(e.getMessage()).orElse("");
throw new InjectionFailureException("Connection failed: " + message.replace(e.getClass().getName() + ": ", ""), e);
}
}
Also used :
HttpURLConnection(java.net.HttpURLConnection)
SpnegoHttpURLConnection(net.sourceforge.spnego.SpnegoHttpURLConnection)
SpnegoHttpURLConnection(net.sourceforge.spnego.SpnegoHttpURLConnection)
CookieManager(java.net.CookieManager)
URL(java.net.URL)
InjectionFailureException(com.jsql.model.exception.InjectionFailureException)
IgnoreMessageException(com.jsql.model.exception.IgnoreMessageException)
IOException(java.io.IOException)
ProtocolException(java.net.ProtocolException)
InjectionFailureException(com.jsql.model.exception.InjectionFailureException)
Aggregations
InjectionFailureException (com.jsql.model.exception.InjectionFailureException)9
Request (com.jsql.model.bean.util.Request)6
IgnoreMessageException (com.jsql.model.exception.IgnoreMessageException)6
SlidingException (com.jsql.model.exception.SlidingException)5
Matcher (java.util.regex.Matcher)5
JSqlException (com.jsql.model.exception.JSqlException)4
SuspendableGetRows (com.jsql.model.suspendable.SuspendableGetRows)4
ArrayList (java.util.ArrayList)4
AbstractElementDatabase (com.jsql.model.bean.database.AbstractElementDatabase)3
Table (com.jsql.model.bean.database.Table)3
Database (com.jsql.model.bean.database.Database)2
StoppedByUserSlidingException (com.jsql.model.exception.StoppedByUserSlidingException)2
Column (com.jsql.model.bean.database.Column)1
LoopDetectedSlidingException (com.jsql.model.exception.LoopDetectedSlidingException)1
AbstractStrategy (com.jsql.model.injection.strategy.AbstractStrategy)1
SuspendableGetCharInsertion (com.jsql.model.suspendable.SuspendableGetCharInsertion)1
SuspendableGetVendor (com.jsql.model.suspendable.SuspendableGetVendor)1
IOException (java.io.IOException)1
CookieManager (java.net.CookieManager)1
HttpURLConnection (java.net.HttpURLConnection)1
