Example 1 with ProxyParam
use of org.parosproxy.paros.core.proxy.ProxyParam in project zaproxy by zaproxy.
the class OptionsLocalProxyPanel method saveParam.
@Override
public void saveParam(Object obj) throws Exception {
OptionsParam optionsParam = (OptionsParam) obj;
ProxyParam proxyParam = optionsParam.getProxyParam();
proxyParam.setProxyIp(txtProxyIp.getText());
// ZAP: Do not allow invalid port numbers
proxyParam.setProxyPort(spinnerProxyPort.getValue());
proxyParam.setRemoveUnsupportedEncodings(getChkRemoveUnsupportedEncodings().isSelected());
// TODO hacking
proxyParam.setAlwaysDecodeGzip(getChkAlwaysDecodeGzip().isSelected());
proxyParam.setReverseProxyIp(txtReverseProxyIp.getText());
// ZAP: Do not allow invalid port numbers
proxyParam.setReverseProxyHttpPort(spinnerReverseProxyHttpPort.getValue());
proxyParam.setReverseProxyHttpsPort(spinnerReverseProxyHttpsPort.getValue());
proxyParam.setUseReverseProxy(getChkReverseProxy().isSelected());
proxyParam.setSecurityProtocolsEnabled(securityProtocolsPanel.getSelectedProtocols());
}
Also used :
OptionsParam(org.parosproxy.paros.model.OptionsParam)
ProxyParam(org.parosproxy.paros.core.proxy.ProxyParam)
Example 2 with ProxyParam
use of org.parosproxy.paros.core.proxy.ProxyParam in project zaproxy by zaproxy.
the class CoreAPI method handleApiOther.
@Override
public HttpMessage handleApiOther(HttpMessage msg, String name, JSONObject params) throws ApiException {
if (OTHER_PROXY_PAC.equals(name)) {
final ProxyParam proxyParam = Model.getSingleton().getOptionsParam().getProxyParam();
final int port = proxyParam.getProxyPort();
try {
String domain = null;
if (proxyParam.isProxyIpAnyLocalAddress()) {
String localDomain = msg.getRequestHeader().getHostName();
if (!API.API_DOMAIN.equals(localDomain)) {
domain = localDomain;
}
}
if (domain == null) {
domain = proxyParam.getProxyIp();
}
String response = this.getPacFile(domain, port);
msg.setResponseHeader(API.getDefaultResponseHeader("text/html", response.length()));
msg.setResponseBody(response);
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
return msg;
} else if (OTHER_SET_PROXY.equals(name)) {
/* JSON string:
* {"type":1,
* "http": {"host":"proxy.corp.com","port":80},
* "ssl": {"host":"proxy.corp.com","port":80},
* "ftp":{"host":"proxy.corp.com","port":80},
* "socks":{"host":"proxy.corp.com","port":80},
* "shareSettings":true,"socksVersion":5,
* "proxyExcludes":"localhost, 127.0.0.1"}
*/
String proxyDetails = params.getString(PARAM_PROXY_DETAILS);
String response = "OK";
try {
try {
JSONObject json = JSONObject.fromObject(proxyDetails);
if (json.getInt("type") == 1) {
JSONObject httpJson = JSONObject.fromObject(json.get("http"));
String proxyHost = httpJson.getString("host");
int proxyPort = httpJson.getInt("port");
if (proxyHost != null && proxyHost.length() > 0 && proxyPort > 0) {
Model.getSingleton().getOptionsParam().getConnectionParam().setProxyChainName(proxyHost);
Model.getSingleton().getOptionsParam().getConnectionParam().setProxyChainPort(proxyPort);
}
}
} catch (JSONException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_PROXY_DETAILS);
}
msg.setResponseHeader(API.getDefaultResponseHeader("text/html", response.length()));
msg.setResponseBody(response);
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
return msg;
} else if (OTHER_ROOT_CERT.equals(name)) {
ExtensionDynSSL extDynSSL = (ExtensionDynSSL) Control.getSingleton().getExtensionLoader().getExtension(ExtensionDynSSL.EXTENSION_ID);
if (extDynSSL != null) {
try {
Certificate rootCA = extDynSSL.getRootCA();
if (rootCA == null) {
throw new ApiException(ApiException.Type.DOES_NOT_EXIST);
}
final StringWriter sw = new StringWriter();
try (final PemWriter pw = new PemWriter(sw)) {
pw.writeObject(new JcaMiscPEMGenerator(rootCA));
pw.flush();
}
String response = sw.toString();
msg.setResponseHeader(API.getDefaultResponseHeader("application/pkix-cert;", response.length()));
msg.setResponseBody(response);
} catch (Exception e) {
logger.error(e.getMessage(), e);
throw new ApiException(ApiException.Type.INTERNAL_ERROR);
}
} else {
throw new ApiException(ApiException.Type.DOES_NOT_EXIST);
}
return msg;
} else if (OTHER_XML_REPORT.equals(name)) {
try {
writeReportLastScanTo(msg, ScanReportType.XML);
return msg;
} catch (Exception e) {
logger.error(e.getMessage(), e);
throw new ApiException(ApiException.Type.INTERNAL_ERROR);
}
} else if (OTHER_HTML_REPORT.equals(name)) {
try {
writeReportLastScanTo(msg, ScanReportType.HTML);
return msg;
} catch (Exception e) {
logger.error(e.getMessage(), e);
throw new ApiException(ApiException.Type.INTERNAL_ERROR);
}
} else if (OTHER_MD_REPORT.equals(name)) {
try {
writeReportLastScanTo(msg, ScanReportType.MD);
return msg;
} catch (Exception e) {
logger.error(e.getMessage(), e);
throw new ApiException(ApiException.Type.INTERNAL_ERROR);
}
} else if (OTHER_MESSAGE_HAR.equals(name)) {
byte[] responseBody;
try {
final HarEntries entries = new HarEntries();
TableHistory tableHistory = Model.getSingleton().getDb().getTableHistory();
RecordHistory recordHistory;
try {
recordHistory = tableHistory.read(this.getParam(params, PARAM_ID, -1));
} catch (HttpMalformedHeaderException | DatabaseException e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR);
}
if (recordHistory == null || recordHistory.getHistoryType() == HistoryReference.TYPE_TEMPORARY) {
throw new ApiException(ApiException.Type.DOES_NOT_EXIST);
}
entries.addEntry(HarUtils.createHarEntry(recordHistory.getHttpMessage()));
HarLog harLog = HarUtils.createZapHarLog();
harLog.setEntries(entries);
responseBody = HarUtils.harLogToByteArray(harLog);
} catch (Exception e) {
logger.error(e.getMessage(), e);
ApiException apiException = new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
responseBody = apiException.toString(API.Format.JSON, incErrorDetails()).getBytes(StandardCharsets.UTF_8);
}
try {
msg.setResponseHeader(API.getDefaultResponseHeader("application/json; charset=UTF-8", responseBody.length));
} catch (HttpMalformedHeaderException e) {
logger.error("Failed to create response header: " + e.getMessage(), e);
}
msg.setResponseBody(responseBody);
return msg;
} else if (OTHER_MESSAGES_HAR.equals(name)) {
byte[] responseBody;
try {
final HarEntries entries = new HarEntries();
processHttpMessages(this.getParam(params, PARAM_BASE_URL, (String) null), this.getParam(params, PARAM_START, -1), this.getParam(params, PARAM_COUNT, -1), new Processor<RecordHistory>() {
@Override
public void process(RecordHistory recordHistory) {
entries.addEntry(HarUtils.createHarEntry(recordHistory.getHttpMessage()));
}
});
HarLog harLog = HarUtils.createZapHarLog();
harLog.setEntries(entries);
responseBody = HarUtils.harLogToByteArray(harLog);
} catch (Exception e) {
logger.error(e.getMessage(), e);
ApiException apiException = new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
responseBody = apiException.toString(API.Format.JSON, incErrorDetails()).getBytes(StandardCharsets.UTF_8);
}
try {
msg.setResponseHeader(API.getDefaultResponseHeader("application/json; charset=UTF-8", responseBody.length));
} catch (HttpMalformedHeaderException e) {
logger.error("Failed to create response header: " + e.getMessage(), e);
}
msg.setResponseBody(responseBody);
return msg;
} else if (OTHER_SEND_HAR_REQUEST.equals(name)) {
byte[] responseBody = {};
HttpMessage request = null;
try {
request = HarUtils.createHttpMessage(params.getString(PARAM_REQUEST));
} catch (IOException e) {
ApiException apiException = new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_REQUEST, e);
responseBody = apiException.toString(API.Format.JSON, incErrorDetails()).getBytes(StandardCharsets.UTF_8);
}
if (request != null) {
if (!isValidForCurrentMode(request.getRequestHeader().getURI())) {
ApiException apiException = new ApiException(ApiException.Type.MODE_VIOLATION);
responseBody = apiException.toString(API.Format.JSON, incErrorDetails()).getBytes(StandardCharsets.UTF_8);
} else {
boolean followRedirects = getParam(params, PARAM_FOLLOW_REDIRECTS, false);
try {
final HarEntries entries = new HarEntries();
sendRequest(request, followRedirects, new Processor<HttpMessage>() {
@Override
public void process(HttpMessage msg) {
entries.addEntry(HarUtils.createHarEntry(msg));
}
});
HarLog harLog = HarUtils.createZapHarLog();
harLog.setEntries(entries);
responseBody = HarUtils.harLogToByteArray(harLog);
} catch (ApiException e) {
responseBody = e.toString(API.Format.JSON, incErrorDetails()).getBytes(StandardCharsets.UTF_8);
} catch (Exception e) {
logger.error(e.getMessage(), e);
ApiException apiException = new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
responseBody = apiException.toString(API.Format.JSON, incErrorDetails()).getBytes(StandardCharsets.UTF_8);
}
}
}
try {
msg.setResponseHeader(API.getDefaultResponseHeader("application/json; charset=UTF-8", responseBody.length));
} catch (HttpMalformedHeaderException e) {
logger.error("Failed to create response header: " + e.getMessage(), e);
}
msg.setResponseBody(responseBody);
return msg;
} else if (OTHER_SCRIPT_JS.equals(name)) {
try {
msg.setResponseBody(API_SCRIPT);
// Allow caching
msg.setResponseHeader(API.getDefaultResponseHeader("text/javascript", API_SCRIPT.length(), true));
msg.getResponseHeader().addHeader(HttpResponseHeader.CACHE_CONTROL, API_SCRIPT_CACHE_CONTROL);
} catch (HttpMalformedHeaderException e) {
logger.error("Failed to create response header: " + e.getMessage(), e);
}
return msg;
} else {
throw new ApiException(ApiException.Type.BAD_OTHER);
}
}
Also used :
ExtensionDynSSL(org.zaproxy.zap.extension.dynssl.ExtensionDynSSL)
JcaMiscPEMGenerator(org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator)
StringWriter(java.io.StringWriter)
ProxyParam(org.parosproxy.paros.core.proxy.ProxyParam)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
RecordHistory(org.parosproxy.paros.db.RecordHistory)
HarEntries(edu.umass.cs.benchlab.har.HarEntries)
HarLog(edu.umass.cs.benchlab.har.HarLog)
PemWriter(org.bouncycastle.util.io.pem.PemWriter)
JSONException(net.sf.json.JSONException)
IOException(java.io.IOException)
URIException(org.apache.commons.httpclient.URIException)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
PatternSyntaxException(java.util.regex.PatternSyntaxException)
JSONException(net.sf.json.JSONException)
IOException(java.io.IOException)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
JSONObject(net.sf.json.JSONObject)
TableHistory(org.parosproxy.paros.db.TableHistory)
HttpMessage(org.parosproxy.paros.network.HttpMessage)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
Certificate(java.security.cert.Certificate)
Example 3 with ProxyParam
use of org.parosproxy.paros.core.proxy.ProxyParam in project zaproxy by zaproxy.
the class API method getBaseURL.
/**
* Returns a URI for the specified parameters. The API key will be added if required
* @param format the format of the API response
* @param prefix the prefix of the API implementor
* @param type the request type
* @param name the name of the endpoint
* @param proxy if true then the URI returned will only work if proxying via ZAP, ie it will start with http://zap/..
* @return the URL to access the defined endpoint
*/
public String getBaseURL(API.Format format, String prefix, API.RequestType type, String name, boolean proxy) {
String apiPath = format.name() + "/" + prefix + "/" + type.name() + "/" + name + "/";
String base = API_URL;
if (getOptionsParamApi().isSecureOnly()) {
base = API_URL_S;
}
if (!proxy) {
ProxyParam proxyParam = Model.getSingleton().getOptionsParam().getProxyParam();
if (getOptionsParamApi().isSecureOnly()) {
base = "https://" + proxyParam.getProxyIp() + ":" + proxyParam.getProxyPort() + "/";
} else {
base = "http://" + proxyParam.getProxyIp() + ":" + proxyParam.getProxyPort() + "/";
}
}
if (!RequestType.view.equals(type)) {
return base + apiPath + "/?" + API_NONCE_PARAM + "=" + this.getOneTimeNonce(apiPath) + "&";
} else {
return base + apiPath;
}
}
Also used :
ProxyParam(org.parosproxy.paros.core.proxy.ProxyParam)
Example 4 with ProxyParam
use of org.parosproxy.paros.core.proxy.ProxyParam in project zaproxy by zaproxy.
the class OptionsLocalProxyPanel method initParam.
@Override
public void initParam(Object obj) {
OptionsParam optionsParam = (OptionsParam) obj;
ProxyParam proxyParam = optionsParam.getProxyParam();
// set Local Proxy parameters
// ZAP: in the Options dialog we can show the real value of the field
// and null means that the listener should be bound to all interfaces
txtProxyIp.setText(proxyParam.getRawProxyIP());
txtProxyIp.discardAllEdits();
// ZAP: Do not allow invalid port numbers
spinnerProxyPort.setValue(proxyParam.getProxyPort());
chkRemoveUnsupportedEncodings.setSelected(proxyParam.isRemoveUnsupportedEncodings());
chkAlwaysDecodeGzip.setSelected(proxyParam.isAlwaysDecodeGzip());
// set reverse proxy param
txtReverseProxyIp.setText(proxyParam.getReverseProxyIp());
txtReverseProxyIp.discardAllEdits();
// ZAP: Do not allow invalid port numbers
spinnerReverseProxyHttpPort.setValue(proxyParam.getReverseProxyHttpPort());
spinnerReverseProxyHttpsPort.setValue(proxyParam.getReverseProxyHttpsPort());
chkReverseProxy.setSelected(proxyParam.isUseReverseProxy());
setReverseProxyEnabled(proxyParam.isUseReverseProxy());
securityProtocolsPanel.setSecurityProtocolsEnabled(proxyParam.getSecurityProtocolsEnabled());
}
Also used :
OptionsParam(org.parosproxy.paros.model.OptionsParam)
ProxyParam(org.parosproxy.paros.core.proxy.ProxyParam)
Aggregations
ProxyParam (org.parosproxy.paros.core.proxy.ProxyParam)4
OptionsParam (org.parosproxy.paros.model.OptionsParam)2
HarEntries (edu.umass.cs.benchlab.har.HarEntries)1
HarLog (edu.umass.cs.benchlab.har.HarLog)1
IOException (java.io.IOException)1
StringWriter (java.io.StringWriter)1
Certificate (java.security.cert.Certificate)1
PatternSyntaxException (java.util.regex.PatternSyntaxException)1
JSONException (net.sf.json.JSONException)1
JSONObject (net.sf.json.JSONObject)1
URIException (org.apache.commons.httpclient.URIException)1
JcaMiscPEMGenerator (org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator)1
PemWriter (org.bouncycastle.util.io.pem.PemWriter)1
DatabaseException (org.parosproxy.paros.db.DatabaseException)1
RecordHistory (org.parosproxy.paros.db.RecordHistory)1
TableHistory (org.parosproxy.paros.db.TableHistory)1
HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)1
HttpMessage (org.parosproxy.paros.network.HttpMessage)1
ExtensionDynSSL (org.zaproxy.zap.extension.dynssl.ExtensionDynSSL)1
