string line; var postData = ""; ServicePointManager.UseNagleAlgorithm = true; ServicePointManager.Expect100Continue = true; ServicePointManager.CheckCertificateRevocationList = true; ServicePointManager.DefaultConnectionLimit = ServicePointManager.DefaultPersistentConnectionLimit; //openning a writing stream to the output file StreamWriter xssOptionalfile = new StreamWriter(pathFile); //read the xxs payloads file and display it line by line. StreamReader file = new StreamReader("D:/USER/Desktop/xssStrings.txt"); string specificPayloadInputNames = ""; int countXss = 1;//will count our xss payloads string possibleXssPayload = "";//will store the xss payloads that worked //goes over all the xss payloads we have stored in a file, inserts them into the input vector //and checks what happens file.BaseStream.Position = 0;//return StreamReader to the beginning while ((line = file.ReadLine()) != null) { specificPayloadInputNames = ""; //creates the request WebRequest request = WebRequest.Create(URLaddress); //set the Method property of the request to POST. request.Method = "POST"; specificPayloadInputNames = ""; //goes over all the input vectors inorder to insert the xss payload to each one of them for (int i = 0; i < elements.Count; i++) { //Create POST data if (elements[i].Name.ToString() != "") postData = elements[i].Name.ToString() + "=" + line; else postData = ""; for (int j = 0; j < elements.Count; j++)// if (j != i && elements[j].Name.ToString()!="") { postData += ("&" + elements[j].Name.ToString() + "=" + "try"); } //convert the POST data to a byte array byte[] byteArray = Encoding.UTF8.GetBytes(postData); //set the ContentType property of the WebRequest request.ContentType = "text/xml; encoding='utf-8'"; //set the ContentLength property of the WebRequest request.ContentLength = byteArray.Length; //get the request stream Stream dataStream = request.GetRequestStream(); //write the data to the request stream dataStream.Write(byteArray, 0, byteArray.Length); //close the Stream object dataStream.Close(); //get the response WebResponse response = request.GetResponse(); //get the stream containing content returned by the server dataStream = response.GetResponseStream(); //open the stream using a StreamReader for easy access StreamReader reader = new StreamReader(dataStream); //read the content string responseFromServer = reader.ReadToEnd();
var
This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)