Example 76 with URI
use of org.apache.commons.httpclient.URI in project zaproxy by zaproxy.
the class HttpRequestHeader method parseURI.
public static URI parseURI(String sUri) throws URIException {
URI uri;
int len = sUri.length();
StringBuilder sb = new StringBuilder(len);
char[] charray = new char[1];
String s;
for (int i = 0; i < len; i++) {
char ch = sUri.charAt(i);
//String ch = sUri.substring(i, i+1);
if (DELIM_UNWISE.indexOf(ch) >= 0) {
// check if unwise or delim in RFC. If so, encode it.
charray[0] = ch;
s = new String(charray);
try {
s = URLEncoder.encode(s, "UTF8");
} catch (UnsupportedEncodingException e1) {
}
sb.append(s);
} else if (ch == '%') {
try {
String hex = sUri.substring(i + 1, i + 3);
Integer.parseInt(hex, 16);
sb.append(ch);
} catch (Exception e) {
charray[0] = ch;
s = new String(charray);
try {
s = URLEncoder.encode(s, "UTF8");
} catch (UnsupportedEncodingException e1) {
}
sb.append(s);
}
} else if (ch == ' ') {
// if URLencode, '+' will be appended.
sb.append("%20");
} else {
sb.append(ch);
}
}
uri = new URI(sb.toString(), true);
return uri;
}
Also used :
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
URI(org.apache.commons.httpclient.URI)
URIException(org.apache.commons.httpclient.URIException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Example 77 with URI
use of org.apache.commons.httpclient.URI in project zaproxy by zaproxy.
the class HttpRequestHeader method parse.
/**
* Parse this request header.
*
* @param isSecure {@code true} if the request is secure, {@code false} otherwise
* @throws URIException if failed to parse the URI
* @throws HttpMalformedHeaderException if the request being parsed is malformed
*/
private void parse(boolean isSecure) throws URIException, HttpMalformedHeaderException {
mIsSecure = isSecure;
Matcher matcher = patternRequestLine.matcher(mStartLine);
if (!matcher.find()) {
mMalformedHeader = true;
throw new HttpMalformedHeaderException("Failed to find pattern: " + patternRequestLine);
}
mMethod = matcher.group(1);
String sUri = matcher.group(2);
mVersion = matcher.group(3);
if (!mVersion.equalsIgnoreCase(HTTP09) && !mVersion.equalsIgnoreCase(HTTP10) && !mVersion.equalsIgnoreCase(HTTP11)) {
mMalformedHeader = true;
throw new HttpMalformedHeaderException("Unexpected version: " + mVersion);
}
mUri = parseURI(sUri);
if (mUri.getScheme() == null || mUri.getScheme().equals("")) {
mUri = new URI(HTTP + "://" + getHeader(HOST) + mUri.toString(), true);
}
if (isSecure() && mUri.getScheme().equalsIgnoreCase(HTTP)) {
mUri = new URI(mUri.toString().replaceFirst(HTTP, HTTPS), true);
}
if (mUri.getScheme().equalsIgnoreCase(HTTPS)) {
setSecure(true);
}
String hostHeader;
if (mMethod.equalsIgnoreCase(CONNECT)) {
hostHeader = sUri;
parseHostName(hostHeader);
} else {
mHostName = mUri.getHost();
setHostPort(mUri.getPort());
}
}Example 78 with URI
use of org.apache.commons.httpclient.URI in project zaproxy by zaproxy.
the class HttpSender method followRedirections.
/**
* Follows redirections using the response of the given {@code message}. The given {@code validator} will be called for each
* redirection received. After the call to this method the given {@code message} will have the contents of the last response
* received (possibly the response of a redirection).
* <p>
* The validator is notified of each message sent and received (first message and redirections followed, if any).
*
* @param message the message that will be sent, must not be {@code null}
* @param validator the validator responsible for validation of redirections, must not be {@code null}
* @throws IOException if an error occurred while sending the message or following the redirections
* @see #isRedirectionNeeded(int)
*/
private void followRedirections(HttpMessage message, RedirectionValidator validator) throws IOException {
HttpMessage redirectMessage = message;
int maxRedirections = client.getParams().getIntParameter(HttpClientParams.MAX_REDIRECTS, 100);
for (int i = 0; i < maxRedirections && isRedirectionNeeded(redirectMessage.getResponseHeader().getStatusCode()); i++) {
URI newLocation = extractRedirectLocation(redirectMessage);
if (newLocation == null || !validator.isValid(newLocation)) {
return;
}
redirectMessage = redirectMessage.cloneAll();
redirectMessage.getRequestHeader().setURI(newLocation);
if (isRequestRewriteNeeded(redirectMessage.getResponseHeader().getStatusCode())) {
redirectMessage.getRequestHeader().setMethod(HttpRequestHeader.GET);
redirectMessage.getRequestHeader().setHeader(HttpHeader.CONTENT_TYPE, null);
redirectMessage.getRequestHeader().setHeader(HttpHeader.CONTENT_LENGTH, null);
redirectMessage.setRequestBody("");
}
sendAndReceive(redirectMessage, false);
validator.notifyMessageReceived(redirectMessage);
// Update the response of the (original) message
message.setResponseHeader(redirectMessage.getResponseHeader());
message.setResponseBody(redirectMessage.getResponseBody());
}
}
Also used :
URI(org.apache.commons.httpclient.URI)
Example 79 with URI
use of org.apache.commons.httpclient.URI in project zaproxy by zaproxy.
the class HttpSender method executeMethod.
public int executeMethod(HttpMethod method, HttpState state) throws IOException {
int responseCode = -1;
String hostName;
hostName = method.getURI().getHost();
method.setDoAuthentication(true);
HostConfiguration hc = null;
HttpClient requestClient;
if (isConnectionUpgrade(method)) {
requestClient = new HttpClient(new ZapHttpConnectionManager());
if (param.isUseProxy(hostName)) {
requestClient.getHostConfiguration().setProxy(param.getProxyChainName(), param.getProxyChainPort());
if (param.isUseProxyChainAuth()) {
requestClient.getState().setProxyCredentials(getAuthScope(param), getNTCredentials(param));
}
}
} else if (param.isUseProxy(hostName)) {
requestClient = clientViaProxy;
} else {
requestClient = client;
}
if (this.initiator == CHECK_FOR_UPDATES_INITIATOR) {
// Use the 'strict' SSLConnector, ie one that performs all the usual cert checks
// The 'standard' one 'trusts' everything
// This is to ensure that all 'check-for update' calls are made to the expected https urls
// without this is would be possible to intercept and change the response which could result
// in the user downloading and installing a malicious add-on
hc = new HostConfiguration() {
@Override
public synchronized void setHost(URI uri) {
try {
setHost(new HttpHost(uri.getHost(), uri.getPort(), getProtocol()));
} catch (URIException e) {
throw new IllegalArgumentException(e.toString());
}
}
;
};
hc.setHost(hostName, method.getURI().getPort(), new Protocol("https", (ProtocolSocketFactory) new SSLConnector(false), 443));
if (param.isUseProxy(hostName)) {
hc.setProxyHost(new ProxyHost(param.getProxyChainName(), param.getProxyChainPort()));
if (param.isUseProxyChainAuth()) {
requestClient.getState().setProxyCredentials(getAuthScope(param), getNTCredentials(param));
}
}
}
// ZAP: Check if a custom state is being used
if (state != null) {
// Make sure cookies are enabled
method.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY);
}
responseCode = requestClient.executeMethod(hc, method, state);
return responseCode;
}
Also used :
HostConfiguration(org.apache.commons.httpclient.HostConfiguration)
ZapHttpConnectionManager(org.zaproxy.zap.ZapHttpConnectionManager)
URI(org.apache.commons.httpclient.URI)
ProtocolSocketFactory(org.apache.commons.httpclient.protocol.ProtocolSocketFactory)
URIException(org.apache.commons.httpclient.URIException)
HttpHost(org.apache.commons.httpclient.HttpHost)
HttpClient(org.apache.commons.httpclient.HttpClient)
ProxyHost(org.apache.commons.httpclient.ProxyHost)
Protocol(org.apache.commons.httpclient.protocol.Protocol)
Example 80 with URI
use of org.apache.commons.httpclient.URI in project zaproxy by zaproxy.
the class FilterLogCookie method onHttpRequestSend.
@Override
public void onHttpRequestSend(HttpMessage msg) {
HttpRequestHeader header = msg.getRequestHeader();
if (header != null) {
String cookie = header.getHeader("Cookie");
synchronized (cookieList) {
if (cookie != null && cookieList.indexOf(cookie) == -1) {
try {
// ZAP: catch CloneNotSupportedException as introduced with version 3.1 of HttpClient
URI uri;
try {
uri = (URI) header.getURI().clone();
} catch (CloneNotSupportedException e) {
throw new URIException(e.getMessage());
}
uri.setQuery(null);
String sUri = uri.toString();
cookieList.add(cookie);
getView().getOutputPanel().append(sUri + DELIM + cookie + "\n");
} catch (URIException e) {
// ZAP: Print stack trace to Output tab
getView().getOutputPanel().append(e);
}
}
}
}
}
Also used :
URIException(org.apache.commons.httpclient.URIException)
HttpRequestHeader(org.parosproxy.paros.network.HttpRequestHeader)
URI(org.apache.commons.httpclient.URI)
Aggregations
URI (org.apache.commons.httpclient.URI)129
Test (org.junit.Test)72
FetchStatus (org.zaproxy.zap.spider.filters.FetchFilter.FetchStatus)33
URIException (org.apache.commons.httpclient.URIException)28
HttpMessage (org.parosproxy.paros.network.HttpMessage)10
ArrayList (java.util.ArrayList)9
HttpRequestHeader (org.parosproxy.paros.network.HttpRequestHeader)8
DatabaseException (org.parosproxy.paros.db.DatabaseException)7
HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)6
HandleParametersOption (org.zaproxy.zap.spider.SpiderParam.HandleParametersOption)6
IOException (java.io.IOException)5
Header (org.apache.commons.httpclient.Header)4
InvalidParameterException (java.security.InvalidParameterException)3
Matcher (java.util.regex.Matcher)3
Pattern (java.util.regex.Pattern)3
PatternSyntaxException (java.util.regex.PatternSyntaxException)3
JSONException (net.sf.json.JSONException)3
StructuralNode (org.zaproxy.zap.model.StructuralNode)3
File (java.io.File)2
List (java.util.List)2
