Examples with ExtensionHistory org.parosproxy.paros.extension.history.ExtensionHistory used on opensource projects

Search in sources :

Example 1 with ExtensionHistory

use of org.parosproxy.paros.extension.history.ExtensionHistory in project zaproxy by zaproxy.

the class ExtensionAntiCSRF method generateForm.

public String generateForm(int hrefId) throws Exception {
    ExtensionHistory extHist = (ExtensionHistory) Control.getSingleton().getExtensionLoader().getExtension(ExtensionHistory.NAME);
    if (extHist != null) {
        HistoryReference hr = extHist.getHistoryReference(hrefId);
        if (hr == null) {
            return null;
        }
        HttpMessage msg = hr.getHttpMessage();
        StringBuilder sb = new StringBuilder(300);
        sb.append("<html>\n");
        sb.append("<body>\n");
        sb.append("<h3>");
        sb.append(msg.getRequestHeader().getURI());
        sb.append("</h3>");
        sb.append("<form id=\"f1\" method=\"POST\" action=\"" + hr.getURI() + "\">\n");
        sb.append("<table>\n");
        TreeSet<HtmlParameter> params = msg.getFormParams();
        // Let the message be GC'ed as it's no longer needed.
        msg = null;
        Iterator<HtmlParameter> iter = params.iterator();
        while (iter.hasNext()) {
            HtmlParameter htmlParam = iter.next();
            String name = URLDecoder.decode(htmlParam.getName(), "UTF-8");
            String value = URLDecoder.decode(htmlParam.getValue(), "UTF-8");
            sb.append("<tr><td>\n");
            sb.append(name);
            sb.append("<td>");
            sb.append("<input name=\"");
            sb.append(name);
            sb.append("\" value=\"");
            sb.append(value);
            sb.append("\" size=\"100\">");
            sb.append("</tr>\n");
        }
        sb.append("</table>\n");
        sb.append("<input id=\"submit\" type=\"submit\" value=\"Submit\"/>\n");
        sb.append("</form>\n");
        sb.append("</body>\n");
        sb.append("</html>\n");
        return sb.toString();
    }
    return null;
}
Also used : HistoryReference(org.parosproxy.paros.model.HistoryReference) ExtensionHistory(org.parosproxy.paros.extension.history.ExtensionHistory) HtmlParameter(org.parosproxy.paros.network.HtmlParameter) HttpMessage(org.parosproxy.paros.network.HttpMessage)

Example 2 with ExtensionHistory

use of org.parosproxy.paros.extension.history.ExtensionHistory in project zaproxy by zaproxy.

the class AntiCsrfAPI method handleApiOther.

@Override
public HttpMessage handleApiOther(HttpMessage msg, String name, JSONObject params) throws ApiException {
    if (OTHER_GENERATE_FORM.equals(name)) {
        String hrefIdStr = params.getString(OTHER_GENERATE_FORM_PARAM_HREFID);
        if (hrefIdStr == null || hrefIdStr.length() == 0) {
            throw new ApiException(ApiException.Type.MISSING_PARAMETER, OTHER_GENERATE_FORM_PARAM_HREFID);
        }
        int hrefId;
        try {
            hrefId = Integer.parseInt(hrefIdStr);
            String response = extension.generateForm(hrefId);
            if (response == null) {
                throw new ApiException(ApiException.Type.HREF_NOT_FOUND, hrefIdStr);
            }
            // Get the charset from the original message
            ExtensionHistory extHist = (ExtensionHistory) Control.getSingleton().getExtensionLoader().getExtension(ExtensionHistory.NAME);
            String charset = extHist.getHistoryReference(hrefId).getHttpMessage().getResponseHeader().getCharset();
            if (charset == null || charset.length() == 0) {
                charset = "";
            } else {
                charset = " charset=" + charset;
            }
            msg.setResponseHeader(API.getDefaultResponseHeader("text/html; " + charset, response.length()));
            msg.setResponseBody(response);
        } catch (NumberFormatException e) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, OTHER_GENERATE_FORM_PARAM_HREFID);
        } catch (ApiException e) {
            throw e;
        } catch (Exception e) {
            throw new ApiException(ApiException.Type.INTERNAL_ERROR);
        }
    } else {
        throw new ApiException(ApiException.Type.BAD_OTHER, name);
    }
    return msg;
}
Also used : ExtensionHistory(org.parosproxy.paros.extension.history.ExtensionHistory) ApiException(org.zaproxy.zap.extension.api.ApiException) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 3 with ExtensionHistory

use of org.parosproxy.paros.extension.history.ExtensionHistory in project zaproxy by zaproxy.

the class HttpPanelSender method handleSendMessage.

@Override
public void handleSendMessage(Message aMessage) throws IllegalArgumentException, IOException {
    final HttpMessage httpMessage = (HttpMessage) aMessage;
    try {
        final ModeRedirectionValidator redirectionValidator = new ModeRedirectionValidator();
        if (getButtonFollowRedirects().isSelected()) {
            getDelegate().sendAndReceive(httpMessage, redirectionValidator);
        } else {
            getDelegate().sendAndReceive(httpMessage, false);
        }
        EventQueue.invokeAndWait(new Runnable() {

            @Override
            public void run() {
                if (!httpMessage.getResponseHeader().isEmpty()) {
                    // Indicate UI new response arrived
                    responsePanel.updateContent();
                    try {
                        Session session = Model.getSingleton().getSession();
                        HistoryReference ref = new HistoryReference(session, HistoryReference.TYPE_ZAP_USER, httpMessage);
                        final ExtensionHistory extHistory = getHistoryExtension();
                        if (extHistory != null) {
                            extHistory.addHistory(ref);
                        }
                        SessionStructure.addPath(session, ref, httpMessage);
                    } catch (final Exception e) {
                        logger.error(e.getMessage(), e);
                    }
                    if (!redirectionValidator.isRequestValid()) {
                        View.getSingleton().showWarningDialog(Constant.messages.getString("manReq.outofscope.redirection.warning", redirectionValidator.getInvalidRedirection()));
                    }
                }
            }
        });
        ZapGetMethod method = (ZapGetMethod) httpMessage.getUserObject();
        notifyPersistentConnectionListener(httpMessage, null, method);
    } catch (final HttpMalformedHeaderException mhe) {
        throw new IllegalArgumentException("Malformed header error.", mhe);
    } catch (final UnknownHostException uhe) {
        throw new IOException("Error forwarding to an Unknown host: " + uhe.getMessage(), uhe);
    } catch (final SSLException sslEx) {
        throw sslEx;
    } catch (final IOException ioe) {
        throw new IOException("IO error in sending request: " + ioe.getClass() + ": " + ioe.getMessage(), ioe);
    } catch (final Exception e) {
        logger.error(e.getMessage(), e);
    }
}
Also used : ZapGetMethod(org.zaproxy.zap.ZapGetMethod) UnknownHostException(java.net.UnknownHostException) ExtensionHistory(org.parosproxy.paros.extension.history.ExtensionHistory) IOException(java.io.IOException) SSLException(javax.net.ssl.SSLException) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException) SSLException(javax.net.ssl.SSLException) HistoryReference(org.parosproxy.paros.model.HistoryReference) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) HttpMessage(org.parosproxy.paros.network.HttpMessage) Session(org.parosproxy.paros.model.Session)

Example 4 with ExtensionHistory

use of org.parosproxy.paros.extension.history.ExtensionHistory in project zaproxy by zaproxy.

the class ExtensionPassiveScan method getPassiveScanThread.

private PassiveScanThread getPassiveScanThread() {
    if (pst == null) {
        final ExtensionLoader extensionLoader = Control.getSingleton().getExtensionLoader();
        final ExtensionHistory extHist = (ExtensionHistory) extensionLoader.getExtension(ExtensionHistory.NAME);
        final ExtensionAlert extAlert = (ExtensionAlert) extensionLoader.getExtension(ExtensionAlert.NAME);
        pst = new PassiveScanThread(getPassiveScannerList(), extHist, extAlert, getPassiveScanParam());
        pst.start();
    }
    return pst;
}
Also used : ExtensionHistory(org.parosproxy.paros.extension.history.ExtensionHistory) ExtensionAlert(org.zaproxy.zap.extension.alert.ExtensionAlert) ExtensionLoader(org.parosproxy.paros.extension.ExtensionLoader)

Example 5 with ExtensionHistory

use of org.parosproxy.paros.extension.history.ExtensionHistory in project zaproxy by zaproxy.

the class PopupExcludeFromProxyMenu method performAction.

@Override
public void performAction(SiteNode sn) {
    try {
        Session session = Model.getSingleton().getSession();
        session.getExcludeFromProxyRegexs().add(new StructuralSiteNode(sn).getRegexPattern());
        SiteMap map = (SiteMap) View.getSingleton().getSiteTreePanel().getTreeSite().getModel();
        ExtensionHistory extHistory = Control.getSingleton().getExtensionLoader().getExtension(ExtensionHistory.class);
        if (extHistory != null) {
            extHistory.purge(map, sn);
        }
    } catch (DatabaseException e) {
    // Ignore
    }
}
Also used : StructuralSiteNode(org.zaproxy.zap.model.StructuralSiteNode) SiteMap(org.parosproxy.paros.model.SiteMap) ExtensionHistory(org.parosproxy.paros.extension.history.ExtensionHistory) DatabaseException(org.parosproxy.paros.db.DatabaseException) Session(org.parosproxy.paros.model.Session)

Aggregations

ExtensionHistory (org.parosproxy.paros.extension.history.ExtensionHistory)8 HistoryReference (org.parosproxy.paros.model.HistoryReference)5 IOException (java.io.IOException)2 DatabaseException (org.parosproxy.paros.db.DatabaseException)2 Session (org.parosproxy.paros.model.Session)2 SiteMap (org.parosproxy.paros.model.SiteMap)2 HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)2 HttpMessage (org.parosproxy.paros.network.HttpMessage)2 UnknownHostException (java.net.UnknownHostException)1 SSLException (javax.net.ssl.SSLException)1 URIException (org.apache.commons.httpclient.URIException)1 Alert (org.parosproxy.paros.core.scanner.Alert)1 RecordAlert (org.parosproxy.paros.db.RecordAlert)1 TableAlert (org.parosproxy.paros.db.TableAlert)1 ExtensionLoader (org.parosproxy.paros.extension.ExtensionLoader)1 HtmlParameter (org.parosproxy.paros.network.HtmlParameter)1 ZapGetMethod (org.zaproxy.zap.ZapGetMethod)1 ExtensionAlert (org.zaproxy.zap.extension.alert.ExtensionAlert)1 ApiException (org.zaproxy.zap.extension.api.ApiException)1 ExtensionPassiveScan (org.zaproxy.zap.extension.pscan.ExtensionPassiveScan)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial