package org.Firefuzzer.Fire;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URLEncoder;
import java.util.List;
import java.util.StringTokenizer;
import java.util.regex.Pattern;
import net.htmlparser.jericho.Attributes;
import net.htmlparser.jericho.HTMLElementName;
import net.htmlparser.jericho.Source;
import net.htmlparser.jericho.StartTag;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.cookie.CookieSpec;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.params.HttpMethodParams;

/* loaded from: input_file:org/Firefuzzer/Fire/SQLInjection.class */
class SQLInjection {
    private static String var;
    public static String globalURL;
    private static int countForms = 0;
    private static int countInputs = 0;
    private static int[] arrayBuffer = new int[5];
    public static boolean globalDetailFlag = false;
    public static boolean flipFlop = false;

    public SQLInjection() {
        for (int i = 0; i < arrayBuffer.length; i++) {
            arrayBuffer[i] = 0;
        }
    }

    public static void analyzeSQLInjection() {
        System.out.println("########################################################################################################################");
        System.out.println("<---SQL INJECTION ANALYSIS--->");
        System.out.println("Total # of Forms: " + countForms);
        System.out.println("<<-Categorizing the available data on basis of HTTP Status Codes->>");
        System.out.println("Informational Codes 1xx Series: " + arrayBuffer[0]);
        System.out.println("Successful Client Interaction related 2xx Series: " + arrayBuffer[1]);
        System.out.println("Redirection related 3xx Series: " + arrayBuffer[2]);
        System.out.println("Client Error related 4xx Series: " + arrayBuffer[3]);
        System.out.println("Server Error related 5xx Series: " + arrayBuffer[4]);
        System.out.println("########################################################################################################################");
        System.out.println("########################################################################################################################");
        System.out.println("For more Information on HTTP Status Code Series, refer the 'HTTP_STATUS_CODE.pdf' in Document folder.");
        System.out.println("########################################################################################################################");
    }

    private static void sendBack(String str) throws MalformedURLException, IOException {
        HttpClient httpClient = new HttpClient();
        httpClient.getParams().setParameter(HttpMethodParams.USER_AGENT, "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042708 Fedora/3.0.10-1.fc10 Firefox/3.0.10");
        if (globalDetailFlag) {
            System.out.println("URL: " + var);
        }
        PostMethod postMethod = new PostMethod(var);
        BufferedReader bufferedReader = null;
        StringTokenizer stringTokenizer = new StringTokenizer(str, "#");
        countInputs += stringTokenizer.countTokens();
        while (stringTokenizer.hasMoreTokens()) {
            try {
                StringTokenizer stringTokenizer2 = new StringTokenizer(stringTokenizer.nextToken(), ",");
                postMethod.addParameter(stringTokenizer2.nextToken(), stringTokenizer2.nextToken());
            } catch (Throwable th) {
                postMethod.releaseConnection();
                if (0 != 0) {
                    try {
                        bufferedReader.close();
                    } catch (Exception e) {
                    }
                }
                throw th;
            }
        }
        try {
            int executeMethod = httpClient.executeMethod(postMethod);
            if (globalDetailFlag) {
                System.out.println("Status: " + postMethod.getStatusCode());
            }
            int[] iArr = arrayBuffer;
            int statusCode = (postMethod.getStatusCode() / 100) - 1;
            iArr[statusCode] = iArr[statusCode] + 1;
            if (executeMethod == 501) {
                System.err.println("The Post method is not implemented by this URI");
                postMethod.getResponseBodyAsString();
            } else {
                bufferedReader = new BufferedReader(new InputStreamReader(postMethod.getResponseBodyAsStream()));
                PrintWriter printWriter = new PrintWriter("temp.html");
                printWriter.println("Address: " + var);
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    printWriter.println(readLine);
                    printWriter.flush();
                }
            }
            postMethod.releaseConnection();
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (Exception e2) {
                }
            }
        } catch (Exception e3) {
            System.err.println(e3);
            postMethod.releaseConnection();
            if (0 != 0) {
                try {
                    bufferedReader.close();
                } catch (Exception e4) {
                }
            }
        }
    }

    public static void parseInput() throws IOException {
        Source source = null;
        try {
            source = new Source(new FileReader("page.loaded"));
        } catch (FileNotFoundException e) {
            System.err.println("File not found. Error: " + e.getMessage());
        } catch (IOException e2) {
            System.err.println("IOException occurred. Error: " + e2.getMessage());
        }
        int i = 0;
        int i2 = 0;
        List<StartTag> allStartTags = source.getAllStartTags(HTMLElementName.FORM);
        countForms = allStartTags.size();
        System.out.println("########################################################################################################################");
        String str = String.valueOf(new File(".").getCanonicalPath()) + "/inject.conf";
        if (!new File(str).exists()) {
            System.out.println("\n\"inject.conf\" file does not exist.");
            System.out.println("Make sure it exists in the same folder as the runnable jar.");
            System.out.println("Please retry again");
            System.exit(0);
        }
        BufferedReader bufferedReader = new BufferedReader(new FileReader(str));
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                return;
            }
            if (!readLine.isEmpty()) {
                i++;
                for (StartTag startTag : allStartTags) {
                    i2++;
                    Attributes attributes = startTag.getAttributes();
                    String str2 = "";
                    List<StartTag> allStartTags2 = startTag.getElement().getAllStartTags(HTMLElementName.INPUT);
                    for (StartTag startTag2 : allStartTags2) {
                        Attributes attributes2 = startTag2.getAttributes();
                        String value = attributes2.getValue("type");
                        if (value != null && (value.equalsIgnoreCase("text") || value.equalsIgnoreCase("password"))) {
                            String startTag3 = startTag2.toString();
                            if (startTag3.contains("value")) {
                                StringTokenizer stringTokenizer = new StringTokenizer(attributes2.toString());
                                String str3 = "<input ";
                                while (stringTokenizer.hasMoreTokens()) {
                                    String nextToken = stringTokenizer.nextToken();
                                    if (!nextToken.contains("value")) {
                                        str3 = String.valueOf(str3) + nextToken + " ";
                                    }
                                }
                                String str4 = String.valueOf(str3) + "value=\"" + readLine + "\"/>";
                            } else if (Pattern.compile("/>").matcher(startTag3).find()) {
                                String[] split = startTag3.split(" ");
                                int length = split.length - 1;
                                split[length] = Pattern.compile("/>").matcher(split[length]).replaceFirst(" value=\"" + readLine + "\"/>");
                                String str5 = "";
                                for (String str6 : split) {
                                    str5 = String.valueOf(str5) + str6 + " ";
                                }
                            } else {
                                String[] split2 = startTag3.split(" ");
                                int length2 = split2.length - 1;
                                split2[length2] = Pattern.compile(">").matcher(split2[length2]).replaceFirst(" value=\"" + readLine + "\"/>");
                                String str7 = "";
                                for (String str8 : split2) {
                                    str7 = String.valueOf(str7) + str8 + " ";
                                }
                            }
                            try {
                                str2 = String.valueOf(str2) + URLEncoder.encode(attributes2.getValue("name"), "UTF-8") + "," + URLEncoder.encode(readLine, "UTF-8") + "#";
                            } catch (UnsupportedEncodingException e3) {
                                System.err.println("Unsupported error");
                            }
                        }
                    }
                    var = attributes.getValue("action");
                    if (var == null || var.equals("")) {
                        System.err.println("No URL specified in FORM TAG-ACTION field");
                    } else {
                        if (var.charAt(0) == '/') {
                            var = String.valueOf(globalURL) + var;
                        } else if ((!var.contains("http")) & (!var.contains("https")) & (!var.contains("www"))) {
                            int lastIndexOf = globalURL.lastIndexOf(CookieSpec.PATH_DELIM);
                            var = String.valueOf(lastIndexOf == globalURL.lastIndexOf("//") + 1 ? globalURL : globalURL.substring(0, lastIndexOf)) + '/' + var;
                        }
                        if (globalDetailFlag) {
                            System.out.println("data: " + str2);
                            System.out.println("SQL Injection #: " + i);
                        }
                        if (!globalDetailFlag) {
                            if (flipFlop) {
                                System.out.println("<<");
                                flipFlop = false;
                            } else {
                                System.out.println(">>");
                                flipFlop = true;
                            }
                        }
                        sendBack(str2);
                        if (globalDetailFlag) {
                            System.out.println("########################################################################################################################");
                        }
                    }
                }
            }
        }
    }
}
