Category: 3DW DevTools

Add controls to page dynamic c#

Here is a good way to add controls to the page

 

protected void TextBoxDependentNum_TextChanged(object sender, EventArgs e)
{
if (Convert.ToInt32(TextBoxDependentNum.Text) > 0)
{
for (int i = 0; i < Convert.ToInt32(TextBoxDependentNum.Text); i++)
{
PanelDependentInfo.Controls.Add(new LiteralControl(“<br />”));
TextBox MyTextBox = new TextBox();
Label MyLabel = new Label();
MyLabel.Text = “Dependent Name: “;
MyLabel.ID = “LabelDependentName” + i.ToString();
MyLabel.CssClass = “supercheckboxlabel”;
MyTextBox.ID = “TextBoxDependentName” + i.ToString();
PanelDependentInfo.Controls.Add(MyLabel);
PanelDependentInfo.Controls.Add(MyTextBox);
TextBox MyTextBox2 = new TextBox();
Label MyLabel2 = new Label();
MyLabel2.Text = “Dependent Birthdate: “;
MyLabel2.CssClass = “supercheckboxlabel”;
MyLabel2.ID = “LabelDependentBirthdate” + i.ToString();
MyTextBox2.ID = “TextBoxDependentBirthdate” + i.ToString();
PanelDependentInfo.Controls.Add(MyLabel2);
PanelDependentInfo.Controls.Add(MyTextBox2);
PanelDependentInfo.Controls.Add(new LiteralControl(“<br />”));
}
}
}

Vulnerability Scanners

http://www.openvas.org/

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The framework is part of Greenbone Networks‘ commercial vulnerability management solution from which developments are contributed to the Open Source community since 2009.

Firesheep is an extension for the Firefox web browser that uses a packet sniffer to intercept unencrypted session cookies from websites such as Facebook and Twitter. The plugin eavesdrops on Wi-Fi communications, listening for session cookies. When it detects a session cookie, the tool uses this cookie to obtain the identity belonging to that session. The collected identities (victims) are displayed in a side bar in Firefox. By clicking on a victim’s name, the victim’s session is taken over by the attacker.[

SQL Map Automatic SQL injection and database takeover tool

http://sqlmap.org/

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Cisco Umbrella Investigate

Investigate provides the most complete view of the relationships and evolution of domains, IPs, autonomous systems (ASNs), and file hashes. Accessible via web console and API, Investigate’s rich threat intelligence adds the security context needed to uncover and predict threats.

https://umbrella.cisco.com/products/threat-intelligence

****xerosploit

xxsstrike

Web Assembly compiler

There are some exciting new developments in the world of browser based programming.  WebAssembly or wasm is a new portable, size- and load-time-efficient format suitable for compilation to the web. WebAssembly is currently being designed as an open standard by a W3C Community Group that includes representatives from all major browsers.

http://webassembly.org/

I’m really excited to test this out. Unreal Engine 4 now supports the new WebAssembly standard (also known as WASM) for HTML5, the fastest and most efficient way to compile and run C++ for the web! They are using Mozilla’s latest Emscripten toolchain (v1.37.9).

Vectr – Free Vector Graphics Software

Vectr is a free graphics software used to create vector graphics easily and intuitively. It’s a simple yet powerful web and desktop cross-platform tool to bring your designs into reality.

https://vectr.com/

 

The coolest feature is the real time sharing. Send anyone a Vectr document for real-time collaboration without the wait. Others can watch you create and edit designs live, whether you’re in the web app or desktop version.

Send an HTML POST to api using basic authentication with C#

To secure your api, you need at least the basic authentication. Here is a way to post to the secure api

 

using (WebClient client = new WebClient())
{

// set the variables for the basic authentication needed
String userName = “myusername”;
String passWord = “mysecretpassword”;
// convert the auth vars into a credential string
string credentials = Convert.ToBase64String(Encoding.ASCII.GetBytes(userName + “:” + passWord));

// add the auth string to the request header
client.Headers[HttpRequestHeader.Authorization] = “Basic ” + credentials;
byte[] response =
client.UploadValues(“http://mySweetAPI.aspx”, new NameValueCollection()
{
{ “Title”, “The title of my post” },
{ “Body”, “The body of my post.” }
});

string result = System.Text.Encoding.UTF8.GetString(response);
LabelResponse.Text = result;
}

Send a JSON payload in C# using newtonsoft JSON package

To send and recieve JSON using C# in visual studio, you must install the NuGET package : Newtonsoft Json. Then you can use it to send a payload:

 

// set the text that will be the  json payload as a variable.
var TestJsonMessage = new { id = "8", text = "This is a test of the Newtonsoft package", sentDate = System.DateTime.Now };

// use a web client object
using (WebClient client = new WebClient())
            {
                // convert the variable into JSON
                var dataString = JsonConvert.SerializeObject(TestJsonMessage);
                 // add the content type headers !! super important 
                client.Headers.Add(HttpRequestHeader.ContentType, "application/json");

             // set a string to recieve the response, and send the payload to an api
               string theresponse =
                client.UploadString("http://someapiaddress", "POST", dataString);

                // display the response on the page for debugging.
                LabelResponse.Text = theresponse;
            }

 

 

Receive a JSON payload C#

I have been tasked to receive a JSON payload to my API that was made to recieve http post variables. We are going to receive the request stream and convert it into a byte array, then DeSerialize the JSON using the Newtonsoft JSON .Net package. When we are finished, we will have a Dictionary object with the contents of the JSON payload. This technique will only work for a single JSON object, as the dictionary can only hold a unique key and value (id:1, text:This is the text)

We will need to get the total number of bytes in the stream to set the array length.

// set a variable to hold the incoming stream.
System.IO.Stream str;

// set two variables for the stream array
Int32 strLen, strRead;

// Create a Stream object.
str = Request.InputStream;
// Find number of bytes in stream.
strLen = Convert.ToInt32(str.Length);
// Create a byte array.
byte[] strArr = new byte[strLen];
// Read stream into byte array.
strRead = str.Read(strArr, 0, strLen);
// change they bytes into UTF8 text
string response = Encoding.UTF8.GetString(strArr);
// convert the JSON object into a .net dictionary
Dictionary<string, string> MyData = JsonConvert.DeserializeObject<Dictionary<string, string>>(response);
// display the JSON payload for debugging
LabelPostVars.Text = response;

Asp array from comma delimited list

This is a handy snipped to create an array from a list of items separated by a comma, like you would get submitted from a checkbox group. Its as easy as using the “Split” function as so:

MyString = "ItemOne, ItemTwo, ItemThree"
MyArray= Split(MyString , ",")

 

You could then access the elements using the standard array language MyArray(x)

For x = LBound(MyArray) to UBound(MyArray)
    Response.Write MyArray(x)
Next