use of java.net.HttpCookie in project zaproxy by zaproxy.
the class ExtensionHttpSessions method onHttpResponseReceive.
@Override
public void onHttpResponseReceive(HttpMessage msg, int initiator, HttpSender sender) {
if (initiator == HttpSender.ACTIVE_SCANNER_INITIATOR || initiator == HttpSender.SPIDER_INITIATOR || initiator == HttpSender.AJAX_SPIDER_INITIATOR || initiator == HttpSender.FORCED_BROWSE_INITIATOR || initiator == HttpSender.CHECK_FOR_UPDATES_INITIATOR || initiator == HttpSender.FUZZER_INITIATOR || initiator == HttpSender.AUTHENTICATION_INITIATOR) {
// Not a session we care about
return;
}
// Check if we know the site and add it otherwise
String site = msg.getRequestHeader().getHostName() + ":" + msg.getRequestHeader().getHostPort();
site = ScanPanel.cleanSiteName(site, true);
if (getView() != null) {
this.getHttpSessionsPanel().addSiteAsynchronously(site);
}
// Check if it's enabled for proxy only
if (getParam().isEnabledProxyOnly() && initiator != HttpSender.PROXY_INITIATOR) {
return;
}
// Check for default tokens set in response messages
List<HttpCookie> responseCookies = msg.getResponseHeader().getHttpCookies(msg.getRequestHeader().getHostName());
for (HttpCookie cookie : responseCookies) {
// not previously removed by the user
if (this.isDefaultSessionToken(cookie.getName()) && !this.isSessionToken(site, cookie.getName()) && !this.isRemovedDefaultSessionToken(site, cookie.getName())) {
this.addHttpSessionToken(site, cookie.getName());
}
}
// Forward the request for proper processing
HttpSessionsSite sessionsSite = getHttpSessionsSite(site);
sessionsSite.processHttpResponseMessage(msg);
}
use of java.net.HttpCookie in project zaproxy by zaproxy.
the class HarUtils method createHarResponse.
public static HarResponse createHarResponse(HttpMessage httpMessage) {
HttpResponseHeader responseHeader = httpMessage.getResponseHeader();
HarCookies harCookies = new HarCookies();
long whenCreated = System.currentTimeMillis();
for (HttpCookie cookie : responseHeader.getHttpCookies(httpMessage.getRequestHeader().getHostName())) {
Date expires;
if (cookie.getVersion() == 0) {
expires = new Date(whenCreated + (cookie.getMaxAge() * 1000));
} else {
expires = new Date(httpMessage.getTimeSentMillis() + httpMessage.getTimeElapsedMillis() + (cookie.getMaxAge() * 1000));
}
harCookies.addCookie(new HarCookie(cookie.getName(), cookie.getValue(), cookie.getPath(), cookie.getDomain(), expires, cookie.isHttpOnly(), cookie.getSecure(), null));
}
String text = null;
String encoding = null;
String contentType = responseHeader.getHeader(HttpHeader.CONTENT_TYPE);
if (contentType == null) {
contentType = "";
} else if (!contentType.isEmpty()) {
String lcContentType = contentType.toLowerCase(Locale.ROOT);
final int pos = lcContentType.indexOf(';');
if (pos != -1) {
lcContentType = lcContentType.substring(0, pos).trim();
}
if (!lcContentType.startsWith("text")) {
encoding = "base64";
text = Base64.encodeBytes(httpMessage.getResponseBody().getBytes());
} else {
text = httpMessage.getResponseBody().toString();
}
}
HarContent harContent = new HarContent(httpMessage.getResponseBody().length(), 0, contentType, text, encoding, null);
String redirectUrl = responseHeader.getHeader(HttpHeader.LOCATION);
return new HarResponse(responseHeader.getStatusCode(), responseHeader.getReasonPhrase(), responseHeader.getVersion(), harCookies, createHarHeaders(responseHeader), harContent, redirectUrl == null ? "" : redirectUrl, responseHeader.toString().length(), httpMessage.getResponseBody().length(), null);
}
use of java.net.HttpCookie in project zaproxy by zaproxy.
the class ExtensionHttpSessions method onHttpRequestSend.
@Override
public void onHttpRequestSend(HttpMessage msg, int initiator, HttpSender sender) {
if (initiator == HttpSender.CHECK_FOR_UPDATES_INITIATOR || initiator == HttpSender.AUTHENTICATION_INITIATOR) {
return;
}
// Check if we know the site and add it otherwise
String site = msg.getRequestHeader().getHostName() + ":" + msg.getRequestHeader().getHostPort();
site = ScanPanel.cleanSiteName(site, true);
if (getView() != null) {
this.getHttpSessionsPanel().addSiteAsynchronously(site);
}
// Check if it's enabled for proxy only
if (getParam().isEnabledProxyOnly() && initiator != HttpSender.PROXY_INITIATOR)
return;
// Check for default tokens in request messages
List<HttpCookie> requestCookies = msg.getRequestHeader().getHttpCookies();
for (HttpCookie cookie : requestCookies) {
// not previously removed by the user
if (this.isDefaultSessionToken(cookie.getName()) && !this.isSessionToken(site, cookie.getName()) && !this.isRemovedDefaultSessionToken(site, cookie.getName())) {
this.addHttpSessionToken(site, cookie.getName());
}
}
// Forward the request for proper processing
HttpSessionsSite session = getHttpSessionsSite(site);
session.processHttpRequestMessage(msg);
}
use of java.net.HttpCookie in project jdk8u_jdk by JetBrains.
the class NullUriCookieTest method checkCookieNullUri.
static void checkCookieNullUri() throws Exception {
//get a cookie store implementation and add a cookie to the store with null URI
CookieStore cookieStore = (new CookieManager()).getCookieStore();
//Check if removeAll() retrurns false on an empty CookieStore
if (cookieStore.removeAll()) {
fail = true;
}
checkFail("removeAll on empty store should return false");
HttpCookie cookie = new HttpCookie("MY_COOKIE", "MY_COOKIE_VALUE");
cookie.setDomain("foo.com");
cookieStore.add(null, cookie);
//Retrieve added cookie
URI uri = new URI("http://foo.com");
List<HttpCookie> addedCookieList = cookieStore.get(uri);
//Verify CookieStore behaves well
if (addedCookieList.size() != 1) {
fail = true;
}
checkFail("Abnormal size of cookie jar");
for (HttpCookie chip : addedCookieList) {
if (!chip.equals(cookie)) {
fail = true;
}
}
checkFail("Cookie not retrieved from Cookie Jar");
boolean ret = cookieStore.remove(null, cookie);
if (!ret) {
fail = true;
}
checkFail("Abnormal removal behaviour from Cookie Jar");
}
use of java.net.HttpCookie in project jdk8u_jdk by JetBrains.
the class TestHttpCookie method misc.
static void misc() {
header("Test equals()");
// test equals()
HttpCookie c1 = new HttpCookie("Customer", "WILE_E_COYOTE");
c1.setDomain(".coyote.org");
c1.setPath("/acme");
HttpCookie c2 = (HttpCookie) c1.clone();
eq(c1, c2, true);
// test equals() when domain and path are null
c1 = new HttpCookie("Customer", "WILE_E_COYOTE");
c2 = new HttpCookie("CUSTOMER", "WILE_E_COYOTE");
eq(c1, c2, true);
// path is case-sensitive
c1 = new HttpCookie("Customer", "WILE_E_COYOTE");
c2 = new HttpCookie("CUSTOMER", "WILE_E_COYOTE");
c1.setPath("/acme");
c2.setPath("/ACME");
eq(c1, c2, false);
header("Test domainMatches()");
dm(".foo.com", "y.x.foo.com", false);
dm(".foo.com", "x.foo.com", true);
dm(".com", "whatever.com", false);
dm(".com.", "whatever.com", false);
dm(".ajax.com", "ajax.com", true);
dm(".local", "example.local", true);
dm("example.local", "example", true);
// bug 6277808
testCount++;
try {
c1 = new HttpCookie("", "whatever");
} catch (IllegalArgumentException ignored) {
// expected exception; no-op
}
// CR 6692802: HttpOnly flag
test("set-cookie: CUSTOMER=WILE_E_COYOTE;HttpOnly").httpOnly(true);
test("set-cookie: CUSTOMER=WILE_E_COYOTE").httpOnly(false);
// space disallowed in name (both Netscape and RFC2965)
test("set-cookie: CUST OMER=WILE_E_COYOTE").nil();
}
Aggregations