import Meddler; import System; import System.Net.Sockets; import System.Windows.Forms; class Handlers { static var sInstanceID = "0"; static function HeaderIfNotEmpty(oRH: Meddler.Headers, sHeader: String) { if (!oRH.Exists(sHeader)) return ""; return (sHeader + ": " + oRH[sHeader] + "; "); } static function OnConnection(oSession: Session) { try { if (oSession.ReadRequest()) { // Log the request MeddlerObject.Log.LogString(oSession.id.ToString() + ": " + oSession.requestHeaders.Method + " " + oSession.requestHeaders.Path + "; " + HeaderIfNotEmpty(oSession.requestHeaders, "If-None-Match") + HeaderIfNotEmpty(oSession.requestHeaders, "Range") + HeaderIfNotEmpty(oSession.requestHeaders, "If-Range")); var oHeaders: ResponseHeaders = new ResponseHeaders(); oHeaders.Status = "200 OK"; oHeaders["Accept-Ranges"] = "bytes"; oHeaders["Connection"] = "close"; // Prevent parser restarts oHeaders["X-UA-Compatible"] = "IE=edge"; if (oSession.urlContains("SCRIPTPretendingToBeAImg.js")) { var sHeader = "if (" + oSession.id.ToString() + " > iPageSessionId) alert('FAIL: Script Prefetched-via-IMG downloaded after this page.');\n" + "alert('Enter script #" + oSession.id.ToString() +" Prefetched-via-IMG');\n/*"; var sFooter = "*/\nalert('Exit script #"+ oSession.id.ToString() +" Prefetched-via-IMG');"; oHeaders["Content-Type"] = "text/javascript"; oHeaders["Cache-Control"] = "max-age=2500, public"; oHeaders["ETag"] = '"' + sInstanceID + '"'; // Give the client the opportunity to do ranged-requests oHeaders["Content-Length"] = sHeader.Length + sFooter.Length + (2 * 4096); // Send the Headers oSession.WriteString(oHeaders); // Send the script body with a short delay in the middle oSession.WriteString(sHeader); oSession.WriteString(Meddler.Fuzz.NewString(4096)); System.Threading.Thread.Sleep(1000); oSession.WriteString(Meddler.Fuzz.NewString(4096)); oSession.WriteString(sFooter); } else if (oSession.urlContains("SCRIPTNOTPretendingToBeAImg.js")) { oHeaders["Content-Type"] = "text/javascript"; oHeaders["Cache-Control"] = "max-age=2500, public"; oHeaders["ETag"] = '"' + sInstanceID + '"'; oSession.WriteString(oHeaders); oSession.WriteString("if (iPageId===2) alert('Enter script #"+ oSession.id.ToString() +" Prefetched-via-SCRIPT');"); oSession.WriteString("if (iPageId===1) alert('SCRIPT prefetched by SCRIPT tag ran.');"); oSession.WriteString("/*"); oSession.WriteString(Meddler.Fuzz.NewString(4096)); oSession.WriteString(Meddler.Fuzz.NewString(4096)); System.Threading.Thread.Sleep(500); oSession.WriteString(Meddler.Fuzz.NewString(4096)); oSession.WriteString(Meddler.Fuzz.NewString(4096)); oSession.WriteString(Meddler.Fuzz.NewString(4096)); oSession.WriteString(Meddler.Fuzz.NewString(4096)); oSession.WriteString("*/"); oSession.WriteString("if (iPageId===2) alert('Exit script #"+ oSession.id.ToString() +" Prefetched-via-SCRIPT');"); } else if (oSession.urlContains("UseTheScript.htm")) { oHeaders["Content-Type"] = "text/html"; oSession.WriteString(oHeaders); oSession.WriteString("
"); oSession.WriteString("This page uses the Scripts referenced by the previous page: