Search in sources :

Example 51 with HttpCookie

use of java.net.HttpCookie in project zaproxy by zaproxy.

the class ExtensionHttpSessions method onHttpResponseReceive.

@Override
public void onHttpResponseReceive(HttpMessage msg, int initiator, HttpSender sender) {
    if (initiator == HttpSender.ACTIVE_SCANNER_INITIATOR || initiator == HttpSender.SPIDER_INITIATOR || initiator == HttpSender.AJAX_SPIDER_INITIATOR || initiator == HttpSender.FORCED_BROWSE_INITIATOR || initiator == HttpSender.CHECK_FOR_UPDATES_INITIATOR || initiator == HttpSender.FUZZER_INITIATOR || initiator == HttpSender.AUTHENTICATION_INITIATOR) {
        // Not a session we care about
        return;
    }
    // Check if we know the site and add it otherwise
    String site = msg.getRequestHeader().getHostName() + ":" + msg.getRequestHeader().getHostPort();
    site = ScanPanel.cleanSiteName(site, true);
    if (getView() != null) {
        this.getHttpSessionsPanel().addSiteAsynchronously(site);
    }
    // Check if it's enabled for proxy only
    if (getParam().isEnabledProxyOnly() && initiator != HttpSender.PROXY_INITIATOR) {
        return;
    }
    // Check for default tokens set in response messages
    List<HttpCookie> responseCookies = msg.getResponseHeader().getHttpCookies(msg.getRequestHeader().getHostName());
    for (HttpCookie cookie : responseCookies) {
        // not previously removed by the user
        if (this.isDefaultSessionToken(cookie.getName()) && !this.isSessionToken(site, cookie.getName()) && !this.isRemovedDefaultSessionToken(site, cookie.getName())) {
            this.addHttpSessionToken(site, cookie.getName());
        }
    }
    // Forward the request for proper processing
    HttpSessionsSite sessionsSite = getHttpSessionsSite(site);
    sessionsSite.processHttpResponseMessage(msg);
}
Also used : HttpCookie(java.net.HttpCookie)

Example 52 with HttpCookie

use of java.net.HttpCookie in project zaproxy by zaproxy.

the class HarUtils method createHarResponse.

public static HarResponse createHarResponse(HttpMessage httpMessage) {
    HttpResponseHeader responseHeader = httpMessage.getResponseHeader();
    HarCookies harCookies = new HarCookies();
    long whenCreated = System.currentTimeMillis();
    for (HttpCookie cookie : responseHeader.getHttpCookies(httpMessage.getRequestHeader().getHostName())) {
        Date expires;
        if (cookie.getVersion() == 0) {
            expires = new Date(whenCreated + (cookie.getMaxAge() * 1000));
        } else {
            expires = new Date(httpMessage.getTimeSentMillis() + httpMessage.getTimeElapsedMillis() + (cookie.getMaxAge() * 1000));
        }
        harCookies.addCookie(new HarCookie(cookie.getName(), cookie.getValue(), cookie.getPath(), cookie.getDomain(), expires, cookie.isHttpOnly(), cookie.getSecure(), null));
    }
    String text = null;
    String encoding = null;
    String contentType = responseHeader.getHeader(HttpHeader.CONTENT_TYPE);
    if (contentType == null) {
        contentType = "";
    } else if (!contentType.isEmpty()) {
        String lcContentType = contentType.toLowerCase(Locale.ROOT);
        final int pos = lcContentType.indexOf(';');
        if (pos != -1) {
            lcContentType = lcContentType.substring(0, pos).trim();
        }
        if (!lcContentType.startsWith("text")) {
            encoding = "base64";
            text = Base64.encodeBytes(httpMessage.getResponseBody().getBytes());
        } else {
            text = httpMessage.getResponseBody().toString();
        }
    }
    HarContent harContent = new HarContent(httpMessage.getResponseBody().length(), 0, contentType, text, encoding, null);
    String redirectUrl = responseHeader.getHeader(HttpHeader.LOCATION);
    return new HarResponse(responseHeader.getStatusCode(), responseHeader.getReasonPhrase(), responseHeader.getVersion(), harCookies, createHarHeaders(responseHeader), harContent, redirectUrl == null ? "" : redirectUrl, responseHeader.toString().length(), httpMessage.getResponseBody().length(), null);
}
Also used : HarCookie(edu.umass.cs.benchlab.har.HarCookie) HttpResponseHeader(org.parosproxy.paros.network.HttpResponseHeader) HarCookies(edu.umass.cs.benchlab.har.HarCookies) HarQueryString(edu.umass.cs.benchlab.har.HarQueryString) HarContent(edu.umass.cs.benchlab.har.HarContent) HarResponse(edu.umass.cs.benchlab.har.HarResponse) HttpCookie(java.net.HttpCookie) Date(java.util.Date)

Example 53 with HttpCookie

use of java.net.HttpCookie in project zaproxy by zaproxy.

the class ExtensionHttpSessions method onHttpRequestSend.

@Override
public void onHttpRequestSend(HttpMessage msg, int initiator, HttpSender sender) {
    if (initiator == HttpSender.CHECK_FOR_UPDATES_INITIATOR || initiator == HttpSender.AUTHENTICATION_INITIATOR) {
        return;
    }
    // Check if we know the site and add it otherwise
    String site = msg.getRequestHeader().getHostName() + ":" + msg.getRequestHeader().getHostPort();
    site = ScanPanel.cleanSiteName(site, true);
    if (getView() != null) {
        this.getHttpSessionsPanel().addSiteAsynchronously(site);
    }
    // Check if it's enabled for proxy only
    if (getParam().isEnabledProxyOnly() && initiator != HttpSender.PROXY_INITIATOR)
        return;
    // Check for default tokens in request messages
    List<HttpCookie> requestCookies = msg.getRequestHeader().getHttpCookies();
    for (HttpCookie cookie : requestCookies) {
        // not previously removed by the user
        if (this.isDefaultSessionToken(cookie.getName()) && !this.isSessionToken(site, cookie.getName()) && !this.isRemovedDefaultSessionToken(site, cookie.getName())) {
            this.addHttpSessionToken(site, cookie.getName());
        }
    }
    // Forward the request for proper processing
    HttpSessionsSite session = getHttpSessionsSite(site);
    session.processHttpRequestMessage(msg);
}
Also used : HttpCookie(java.net.HttpCookie)

Example 54 with HttpCookie

use of java.net.HttpCookie in project jdk8u_jdk by JetBrains.

the class NullUriCookieTest method checkCookieNullUri.

static void checkCookieNullUri() throws Exception {
    //get a cookie store implementation and add a cookie to the store with null URI
    CookieStore cookieStore = (new CookieManager()).getCookieStore();
    //Check if removeAll() retrurns false on an empty CookieStore
    if (cookieStore.removeAll()) {
        fail = true;
    }
    checkFail("removeAll on empty store should return false");
    HttpCookie cookie = new HttpCookie("MY_COOKIE", "MY_COOKIE_VALUE");
    cookie.setDomain("foo.com");
    cookieStore.add(null, cookie);
    //Retrieve added cookie
    URI uri = new URI("http://foo.com");
    List<HttpCookie> addedCookieList = cookieStore.get(uri);
    //Verify CookieStore behaves well
    if (addedCookieList.size() != 1) {
        fail = true;
    }
    checkFail("Abnormal size of cookie jar");
    for (HttpCookie chip : addedCookieList) {
        if (!chip.equals(cookie)) {
            fail = true;
        }
    }
    checkFail("Cookie not retrieved from Cookie Jar");
    boolean ret = cookieStore.remove(null, cookie);
    if (!ret) {
        fail = true;
    }
    checkFail("Abnormal removal behaviour from Cookie Jar");
}
Also used : CookieStore(java.net.CookieStore) HttpCookie(java.net.HttpCookie) URI(java.net.URI) CookieManager(java.net.CookieManager)

Example 55 with HttpCookie

use of java.net.HttpCookie in project jdk8u_jdk by JetBrains.

the class TestHttpCookie method misc.

static void misc() {
    header("Test equals()");
    // test equals()
    HttpCookie c1 = new HttpCookie("Customer", "WILE_E_COYOTE");
    c1.setDomain(".coyote.org");
    c1.setPath("/acme");
    HttpCookie c2 = (HttpCookie) c1.clone();
    eq(c1, c2, true);
    // test equals() when domain and path are null
    c1 = new HttpCookie("Customer", "WILE_E_COYOTE");
    c2 = new HttpCookie("CUSTOMER", "WILE_E_COYOTE");
    eq(c1, c2, true);
    // path is case-sensitive
    c1 = new HttpCookie("Customer", "WILE_E_COYOTE");
    c2 = new HttpCookie("CUSTOMER", "WILE_E_COYOTE");
    c1.setPath("/acme");
    c2.setPath("/ACME");
    eq(c1, c2, false);
    header("Test domainMatches()");
    dm(".foo.com", "y.x.foo.com", false);
    dm(".foo.com", "x.foo.com", true);
    dm(".com", "whatever.com", false);
    dm(".com.", "whatever.com", false);
    dm(".ajax.com", "ajax.com", true);
    dm(".local", "example.local", true);
    dm("example.local", "example", true);
    // bug 6277808
    testCount++;
    try {
        c1 = new HttpCookie("", "whatever");
    } catch (IllegalArgumentException ignored) {
    // expected exception; no-op
    }
    // CR 6692802: HttpOnly flag
    test("set-cookie: CUSTOMER=WILE_E_COYOTE;HttpOnly").httpOnly(true);
    test("set-cookie: CUSTOMER=WILE_E_COYOTE").httpOnly(false);
    // space disallowed in name (both Netscape and RFC2965)
    test("set-cookie: CUST OMER=WILE_E_COYOTE").nil();
}
Also used : HttpCookie(java.net.HttpCookie)

Aggregations

HttpCookie (java.net.HttpCookie)151 CookieManager (java.net.CookieManager)49 CookieStore (java.net.CookieStore)33 URI (java.net.URI)32 Test (org.junit.Test)31 IOException (java.io.IOException)16 Test (org.testng.annotations.Test)13 MockResponse (com.google.mockwebserver.MockResponse)11 MockWebServer (com.google.mockwebserver.MockWebServer)11 ArrayList (java.util.ArrayList)11 HashMap (java.util.HashMap)6 Map (java.util.Map)6 Project (com.kickstarter.models.Project)5 RestResponse (com.linkedin.r2.message.rest.RestResponse)5 Cookie (javax.servlet.http.Cookie)5 HttpServletResponse (javax.servlet.http.HttpServletResponse)5 MockResponse (okhttp3.mockwebserver.MockResponse)5 MockWebServer (okhttp3.mockwebserver.MockWebServer)5 ContentResponse (org.eclipse.jetty.client.api.ContentResponse)5 ByteString (com.linkedin.data.ByteString)4