Search in sources :

Example 1 with ProxyParam

use of org.parosproxy.paros.core.proxy.ProxyParam in project zaproxy by zaproxy.

the class OptionsLocalProxyPanel method saveParam.

@Override
public void saveParam(Object obj) throws Exception {
    OptionsParam optionsParam = (OptionsParam) obj;
    ProxyParam proxyParam = optionsParam.getProxyParam();
    proxyParam.setProxyIp(txtProxyIp.getText());
    // ZAP: Do not allow invalid port numbers
    proxyParam.setProxyPort(spinnerProxyPort.getValue());
    proxyParam.setRemoveUnsupportedEncodings(getChkRemoveUnsupportedEncodings().isSelected());
    // TODO hacking
    proxyParam.setAlwaysDecodeGzip(getChkAlwaysDecodeGzip().isSelected());
    proxyParam.setReverseProxyIp(txtReverseProxyIp.getText());
    // ZAP: Do not allow invalid port numbers
    proxyParam.setReverseProxyHttpPort(spinnerReverseProxyHttpPort.getValue());
    proxyParam.setReverseProxyHttpsPort(spinnerReverseProxyHttpsPort.getValue());
    proxyParam.setUseReverseProxy(getChkReverseProxy().isSelected());
    proxyParam.setSecurityProtocolsEnabled(securityProtocolsPanel.getSelectedProtocols());
}
Also used : OptionsParam(org.parosproxy.paros.model.OptionsParam) ProxyParam(org.parosproxy.paros.core.proxy.ProxyParam)

Example 2 with ProxyParam

use of org.parosproxy.paros.core.proxy.ProxyParam in project zaproxy by zaproxy.

the class CoreAPI method handleApiOther.

@Override
public HttpMessage handleApiOther(HttpMessage msg, String name, JSONObject params) throws ApiException {
    if (OTHER_PROXY_PAC.equals(name)) {
        final ProxyParam proxyParam = Model.getSingleton().getOptionsParam().getProxyParam();
        final int port = proxyParam.getProxyPort();
        try {
            String domain = null;
            if (proxyParam.isProxyIpAnyLocalAddress()) {
                String localDomain = msg.getRequestHeader().getHostName();
                if (!API.API_DOMAIN.equals(localDomain)) {
                    domain = localDomain;
                }
            }
            if (domain == null) {
                domain = proxyParam.getProxyIp();
            }
            String response = this.getPacFile(domain, port);
            msg.setResponseHeader(API.getDefaultResponseHeader("text/html", response.length()));
            msg.setResponseBody(response);
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        }
        return msg;
    } else if (OTHER_SET_PROXY.equals(name)) {
        /* JSON string:
			 *  {"type":1,
			 *  "http":	{"host":"proxy.corp.com","port":80},
			 *  "ssl":	{"host":"proxy.corp.com","port":80},
			 *  "ftp":{"host":"proxy.corp.com","port":80},
			 *  "socks":{"host":"proxy.corp.com","port":80},
			 *  "shareSettings":true,"socksVersion":5,
			 *  "proxyExcludes":"localhost, 127.0.0.1"}
			 */
        String proxyDetails = params.getString(PARAM_PROXY_DETAILS);
        String response = "OK";
        try {
            try {
                JSONObject json = JSONObject.fromObject(proxyDetails);
                if (json.getInt("type") == 1) {
                    JSONObject httpJson = JSONObject.fromObject(json.get("http"));
                    String proxyHost = httpJson.getString("host");
                    int proxyPort = httpJson.getInt("port");
                    if (proxyHost != null && proxyHost.length() > 0 && proxyPort > 0) {
                        Model.getSingleton().getOptionsParam().getConnectionParam().setProxyChainName(proxyHost);
                        Model.getSingleton().getOptionsParam().getConnectionParam().setProxyChainPort(proxyPort);
                    }
                }
            } catch (JSONException e) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_PROXY_DETAILS);
            }
            msg.setResponseHeader(API.getDefaultResponseHeader("text/html", response.length()));
            msg.setResponseBody(response);
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        }
        return msg;
    } else if (OTHER_ROOT_CERT.equals(name)) {
        ExtensionDynSSL extDynSSL = (ExtensionDynSSL) Control.getSingleton().getExtensionLoader().getExtension(ExtensionDynSSL.EXTENSION_ID);
        if (extDynSSL != null) {
            try {
                Certificate rootCA = extDynSSL.getRootCA();
                if (rootCA == null) {
                    throw new ApiException(ApiException.Type.DOES_NOT_EXIST);
                }
                final StringWriter sw = new StringWriter();
                try (final PemWriter pw = new PemWriter(sw)) {
                    pw.writeObject(new JcaMiscPEMGenerator(rootCA));
                    pw.flush();
                }
                String response = sw.toString();
                msg.setResponseHeader(API.getDefaultResponseHeader("application/pkix-cert;", response.length()));
                msg.setResponseBody(response);
            } catch (Exception e) {
                logger.error(e.getMessage(), e);
                throw new ApiException(ApiException.Type.INTERNAL_ERROR);
            }
        } else {
            throw new ApiException(ApiException.Type.DOES_NOT_EXIST);
        }
        return msg;
    } else if (OTHER_XML_REPORT.equals(name)) {
        try {
            writeReportLastScanTo(msg, ScanReportType.XML);
            return msg;
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
            throw new ApiException(ApiException.Type.INTERNAL_ERROR);
        }
    } else if (OTHER_HTML_REPORT.equals(name)) {
        try {
            writeReportLastScanTo(msg, ScanReportType.HTML);
            return msg;
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
            throw new ApiException(ApiException.Type.INTERNAL_ERROR);
        }
    } else if (OTHER_MD_REPORT.equals(name)) {
        try {
            writeReportLastScanTo(msg, ScanReportType.MD);
            return msg;
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
            throw new ApiException(ApiException.Type.INTERNAL_ERROR);
        }
    } else if (OTHER_MESSAGE_HAR.equals(name)) {
        byte[] responseBody;
        try {
            final HarEntries entries = new HarEntries();
            TableHistory tableHistory = Model.getSingleton().getDb().getTableHistory();
            RecordHistory recordHistory;
            try {
                recordHistory = tableHistory.read(this.getParam(params, PARAM_ID, -1));
            } catch (HttpMalformedHeaderException | DatabaseException e) {
                throw new ApiException(ApiException.Type.INTERNAL_ERROR);
            }
            if (recordHistory == null || recordHistory.getHistoryType() == HistoryReference.TYPE_TEMPORARY) {
                throw new ApiException(ApiException.Type.DOES_NOT_EXIST);
            }
            entries.addEntry(HarUtils.createHarEntry(recordHistory.getHttpMessage()));
            HarLog harLog = HarUtils.createZapHarLog();
            harLog.setEntries(entries);
            responseBody = HarUtils.harLogToByteArray(harLog);
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
            ApiException apiException = new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
            responseBody = apiException.toString(API.Format.JSON, incErrorDetails()).getBytes(StandardCharsets.UTF_8);
        }
        try {
            msg.setResponseHeader(API.getDefaultResponseHeader("application/json; charset=UTF-8", responseBody.length));
        } catch (HttpMalformedHeaderException e) {
            logger.error("Failed to create response header: " + e.getMessage(), e);
        }
        msg.setResponseBody(responseBody);
        return msg;
    } else if (OTHER_MESSAGES_HAR.equals(name)) {
        byte[] responseBody;
        try {
            final HarEntries entries = new HarEntries();
            processHttpMessages(this.getParam(params, PARAM_BASE_URL, (String) null), this.getParam(params, PARAM_START, -1), this.getParam(params, PARAM_COUNT, -1), new Processor<RecordHistory>() {

                @Override
                public void process(RecordHistory recordHistory) {
                    entries.addEntry(HarUtils.createHarEntry(recordHistory.getHttpMessage()));
                }
            });
            HarLog harLog = HarUtils.createZapHarLog();
            harLog.setEntries(entries);
            responseBody = HarUtils.harLogToByteArray(harLog);
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
            ApiException apiException = new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
            responseBody = apiException.toString(API.Format.JSON, incErrorDetails()).getBytes(StandardCharsets.UTF_8);
        }
        try {
            msg.setResponseHeader(API.getDefaultResponseHeader("application/json; charset=UTF-8", responseBody.length));
        } catch (HttpMalformedHeaderException e) {
            logger.error("Failed to create response header: " + e.getMessage(), e);
        }
        msg.setResponseBody(responseBody);
        return msg;
    } else if (OTHER_SEND_HAR_REQUEST.equals(name)) {
        byte[] responseBody = {};
        HttpMessage request = null;
        try {
            request = HarUtils.createHttpMessage(params.getString(PARAM_REQUEST));
        } catch (IOException e) {
            ApiException apiException = new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_REQUEST, e);
            responseBody = apiException.toString(API.Format.JSON, incErrorDetails()).getBytes(StandardCharsets.UTF_8);
        }
        if (request != null) {
            if (!isValidForCurrentMode(request.getRequestHeader().getURI())) {
                ApiException apiException = new ApiException(ApiException.Type.MODE_VIOLATION);
                responseBody = apiException.toString(API.Format.JSON, incErrorDetails()).getBytes(StandardCharsets.UTF_8);
            } else {
                boolean followRedirects = getParam(params, PARAM_FOLLOW_REDIRECTS, false);
                try {
                    final HarEntries entries = new HarEntries();
                    sendRequest(request, followRedirects, new Processor<HttpMessage>() {

                        @Override
                        public void process(HttpMessage msg) {
                            entries.addEntry(HarUtils.createHarEntry(msg));
                        }
                    });
                    HarLog harLog = HarUtils.createZapHarLog();
                    harLog.setEntries(entries);
                    responseBody = HarUtils.harLogToByteArray(harLog);
                } catch (ApiException e) {
                    responseBody = e.toString(API.Format.JSON, incErrorDetails()).getBytes(StandardCharsets.UTF_8);
                } catch (Exception e) {
                    logger.error(e.getMessage(), e);
                    ApiException apiException = new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
                    responseBody = apiException.toString(API.Format.JSON, incErrorDetails()).getBytes(StandardCharsets.UTF_8);
                }
            }
        }
        try {
            msg.setResponseHeader(API.getDefaultResponseHeader("application/json; charset=UTF-8", responseBody.length));
        } catch (HttpMalformedHeaderException e) {
            logger.error("Failed to create response header: " + e.getMessage(), e);
        }
        msg.setResponseBody(responseBody);
        return msg;
    } else if (OTHER_SCRIPT_JS.equals(name)) {
        try {
            msg.setResponseBody(API_SCRIPT);
            // Allow caching
            msg.setResponseHeader(API.getDefaultResponseHeader("text/javascript", API_SCRIPT.length(), true));
            msg.getResponseHeader().addHeader(HttpResponseHeader.CACHE_CONTROL, API_SCRIPT_CACHE_CONTROL);
        } catch (HttpMalformedHeaderException e) {
            logger.error("Failed to create response header: " + e.getMessage(), e);
        }
        return msg;
    } else {
        throw new ApiException(ApiException.Type.BAD_OTHER);
    }
}
Also used : ExtensionDynSSL(org.zaproxy.zap.extension.dynssl.ExtensionDynSSL) JcaMiscPEMGenerator(org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator) StringWriter(java.io.StringWriter) ProxyParam(org.parosproxy.paros.core.proxy.ProxyParam) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) RecordHistory(org.parosproxy.paros.db.RecordHistory) HarEntries(edu.umass.cs.benchlab.har.HarEntries) HarLog(edu.umass.cs.benchlab.har.HarLog) PemWriter(org.bouncycastle.util.io.pem.PemWriter) JSONException(net.sf.json.JSONException) IOException(java.io.IOException) URIException(org.apache.commons.httpclient.URIException) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) PatternSyntaxException(java.util.regex.PatternSyntaxException) JSONException(net.sf.json.JSONException) IOException(java.io.IOException) DatabaseException(org.parosproxy.paros.db.DatabaseException) JSONObject(net.sf.json.JSONObject) TableHistory(org.parosproxy.paros.db.TableHistory) HttpMessage(org.parosproxy.paros.network.HttpMessage) DatabaseException(org.parosproxy.paros.db.DatabaseException) Certificate(java.security.cert.Certificate)

Example 3 with ProxyParam

use of org.parosproxy.paros.core.proxy.ProxyParam in project zaproxy by zaproxy.

the class API method getBaseURL.

/**
	 * Returns a URI for the specified parameters. The API key will be added if required
	 * @param format the format of the API response
	 * @param prefix the prefix of the API implementor
	 * @param type the request type
	 * @param name the name of the endpoint
	 * @param proxy if true then the URI returned will only work if proxying via ZAP, ie it will start with http://zap/..
	 * @return the URL to access the defined endpoint
	 */
public String getBaseURL(API.Format format, String prefix, API.RequestType type, String name, boolean proxy) {
    String apiPath = format.name() + "/" + prefix + "/" + type.name() + "/" + name + "/";
    String base = API_URL;
    if (getOptionsParamApi().isSecureOnly()) {
        base = API_URL_S;
    }
    if (!proxy) {
        ProxyParam proxyParam = Model.getSingleton().getOptionsParam().getProxyParam();
        if (getOptionsParamApi().isSecureOnly()) {
            base = "https://" + proxyParam.getProxyIp() + ":" + proxyParam.getProxyPort() + "/";
        } else {
            base = "http://" + proxyParam.getProxyIp() + ":" + proxyParam.getProxyPort() + "/";
        }
    }
    if (!RequestType.view.equals(type)) {
        return base + apiPath + "/?" + API_NONCE_PARAM + "=" + this.getOneTimeNonce(apiPath) + "&";
    } else {
        return base + apiPath;
    }
}
Also used : ProxyParam(org.parosproxy.paros.core.proxy.ProxyParam)

Example 4 with ProxyParam

use of org.parosproxy.paros.core.proxy.ProxyParam in project zaproxy by zaproxy.

the class OptionsLocalProxyPanel method initParam.

@Override
public void initParam(Object obj) {
    OptionsParam optionsParam = (OptionsParam) obj;
    ProxyParam proxyParam = optionsParam.getProxyParam();
    // set Local Proxy parameters
    // ZAP: in the Options dialog we can show the real value of the field
    // and null means that the listener should be bound to all interfaces
    txtProxyIp.setText(proxyParam.getRawProxyIP());
    txtProxyIp.discardAllEdits();
    // ZAP: Do not allow invalid port numbers
    spinnerProxyPort.setValue(proxyParam.getProxyPort());
    chkRemoveUnsupportedEncodings.setSelected(proxyParam.isRemoveUnsupportedEncodings());
    chkAlwaysDecodeGzip.setSelected(proxyParam.isAlwaysDecodeGzip());
    // set reverse proxy param
    txtReverseProxyIp.setText(proxyParam.getReverseProxyIp());
    txtReverseProxyIp.discardAllEdits();
    // ZAP: Do not allow invalid port numbers
    spinnerReverseProxyHttpPort.setValue(proxyParam.getReverseProxyHttpPort());
    spinnerReverseProxyHttpsPort.setValue(proxyParam.getReverseProxyHttpsPort());
    chkReverseProxy.setSelected(proxyParam.isUseReverseProxy());
    setReverseProxyEnabled(proxyParam.isUseReverseProxy());
    securityProtocolsPanel.setSecurityProtocolsEnabled(proxyParam.getSecurityProtocolsEnabled());
}
Also used : OptionsParam(org.parosproxy.paros.model.OptionsParam) ProxyParam(org.parosproxy.paros.core.proxy.ProxyParam)

Aggregations

ProxyParam (org.parosproxy.paros.core.proxy.ProxyParam)4 OptionsParam (org.parosproxy.paros.model.OptionsParam)2 HarEntries (edu.umass.cs.benchlab.har.HarEntries)1 HarLog (edu.umass.cs.benchlab.har.HarLog)1 IOException (java.io.IOException)1 StringWriter (java.io.StringWriter)1 Certificate (java.security.cert.Certificate)1 PatternSyntaxException (java.util.regex.PatternSyntaxException)1 JSONException (net.sf.json.JSONException)1 JSONObject (net.sf.json.JSONObject)1 URIException (org.apache.commons.httpclient.URIException)1 JcaMiscPEMGenerator (org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator)1 PemWriter (org.bouncycastle.util.io.pem.PemWriter)1 DatabaseException (org.parosproxy.paros.db.DatabaseException)1 RecordHistory (org.parosproxy.paros.db.RecordHistory)1 TableHistory (org.parosproxy.paros.db.TableHistory)1 HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)1 HttpMessage (org.parosproxy.paros.network.HttpMessage)1 ExtensionDynSSL (org.zaproxy.zap.extension.dynssl.ExtensionDynSSL)1