Search in sources :

Example 1 with HtmlParameter

use of org.parosproxy.paros.network.HtmlParameter in project zaproxy by zaproxy.

the class SpiderHtmlFormParser method prepareFormDataSet.

/**
	 * Prepares the form data set. A form data set is a sequence of control-name/current-value pairs
	 * constructed from successful controls, which will be sent with a GET/POST request for a form.
	 * 
	 * @see <a href="https://www.w3.org/TR/REC-html40/interact/forms.html#form-data-set">HTML 4.01 Specification - 17.13.3
	 *      Processing form data</a>
	 * @see <a href="https://html.spec.whatwg.org/multipage/forms.html#association-of-controls-and-forms">HTML 5 - 4.10.18.3
	 *      Association of controls and forms</a>
	 * @param form the form
	 * @return the list
	 */
private FormData prepareFormDataSet(FormFields form) {
    List<HtmlParameter> formDataSet = new LinkedList<>();
    List<HtmlParameter> submitFields = new ArrayList<>();
    // Process each form field
    Iterator<FormField> it = form.iterator();
    while (it.hasNext()) {
        FormField field = it.next();
        if (log.isDebugEnabled()) {
            log.debug("New form field: " + field.getDebugInfo());
        }
        List<HtmlParameter> currentList = formDataSet;
        if (field.getFormControl().getFormControlType().isSubmit()) {
            currentList = submitFields;
        }
        for (String value : getDefaultTextValue(field)) {
            currentList.add(new HtmlParameter(Type.form, field.getName(), value));
        }
    }
    return new FormData(formDataSet, submitFields);
}
Also used : ArrayList(java.util.ArrayList) HtmlParameter(org.parosproxy.paros.network.HtmlParameter) FormField(net.htmlparser.jericho.FormField) LinkedList(java.util.LinkedList)

Example 2 with HtmlParameter

use of org.parosproxy.paros.network.HtmlParameter in project zaproxy by zaproxy.

the class SpiderHtmlFormParser method processGetForm.

/**
	 * Processes the given GET form data into, possibly, several URLs.
	 * <p>
	 * For each submit field present in the form data is processed one URL, which includes remaining normal fields.
	 *
	 * @param message the source message
	 * @param depth the current depth
	 * @param action the action
	 * @param baseURL the base URL
	 * @param formData the GET form data
	 * @see #processURL(HttpMessage, int, String, String)
	 */
private void processGetForm(HttpMessage message, int depth, String action, String baseURL, FormData formData) {
    String baseQuery = buildEncodedUrlQuery(formData.getFields());
    if (formData.getSubmitFields().isEmpty()) {
        log.debug("Submiting form with GET method and query with form parameters: " + baseQuery);
        processURL(message, depth, action + baseQuery, baseURL);
    } else {
        for (HtmlParameter submitField : formData.getSubmitFields()) {
            String query = appendEncodedUrlQueryParameter(baseQuery, submitField);
            log.debug("Submiting form with GET method and query with form parameters: " + query);
            processURL(message, depth, action + query, baseURL);
        }
    }
}
Also used : HtmlParameter(org.parosproxy.paros.network.HtmlParameter)

Example 3 with HtmlParameter

use of org.parosproxy.paros.network.HtmlParameter in project zaproxy by zaproxy.

the class ExtensionAntiCSRF method generateForm.

public String generateForm(int hrefId) throws Exception {
    ExtensionHistory extHist = (ExtensionHistory) Control.getSingleton().getExtensionLoader().getExtension(ExtensionHistory.NAME);
    if (extHist != null) {
        HistoryReference hr = extHist.getHistoryReference(hrefId);
        if (hr == null) {
            return null;
        }
        HttpMessage msg = hr.getHttpMessage();
        StringBuilder sb = new StringBuilder(300);
        sb.append("<html>\n");
        sb.append("<body>\n");
        sb.append("<h3>");
        sb.append(msg.getRequestHeader().getURI());
        sb.append("</h3>");
        sb.append("<form id=\"f1\" method=\"POST\" action=\"" + hr.getURI() + "\">\n");
        sb.append("<table>\n");
        TreeSet<HtmlParameter> params = msg.getFormParams();
        // Let the message be GC'ed as it's no longer needed.
        msg = null;
        Iterator<HtmlParameter> iter = params.iterator();
        while (iter.hasNext()) {
            HtmlParameter htmlParam = iter.next();
            String name = URLDecoder.decode(htmlParam.getName(), "UTF-8");
            String value = URLDecoder.decode(htmlParam.getValue(), "UTF-8");
            sb.append("<tr><td>\n");
            sb.append(name);
            sb.append("<td>");
            sb.append("<input name=\"");
            sb.append(name);
            sb.append("\" value=\"");
            sb.append(value);
            sb.append("\" size=\"100\">");
            sb.append("</tr>\n");
        }
        sb.append("</table>\n");
        sb.append("<input id=\"submit\" type=\"submit\" value=\"Submit\"/>\n");
        sb.append("</form>\n");
        sb.append("</body>\n");
        sb.append("</html>\n");
        return sb.toString();
    }
    return null;
}
Also used : HistoryReference(org.parosproxy.paros.model.HistoryReference) ExtensionHistory(org.parosproxy.paros.extension.history.ExtensionHistory) HtmlParameter(org.parosproxy.paros.network.HtmlParameter) HttpMessage(org.parosproxy.paros.network.HttpMessage)

Example 4 with HtmlParameter

use of org.parosproxy.paros.network.HtmlParameter in project zaproxy by zaproxy.

the class HttpPanelParamTableModel method setValueAt.

@Override
public void setValueAt(Object value, int row, int col) {
    boolean changed = false;
    HtmlParameter htmlParameter = allParams.get(row);
    if (col == 0) {
        htmlParameter.setType((HtmlParameter.Type) value);
        changed = true;
    } else if (col == 1) {
        htmlParameter.setName((String) value);
        changed = true;
    } else if (col == 2) {
        htmlParameter.setValue((String) value);
        changed = true;
    } else if (col == 3) {
        if (value instanceof ParamAddinInterface) {
            try {
                htmlParameter.setValue(((ParamAddinInterface) value).convertData(htmlParameter.getValue()));
                changed = true;
                col = 2;
            } catch (UnsupportedEncodingException e) {
                log.warn(e.getMessage(), e);
            }
        }
    }
    if (changed) {
        hasChanged = true;
        this.fireTableCellUpdated(row, col);
    }
    if (row == allParams.size() - 1) {
        htmlParameter = allParams.getLast();
        if (!(htmlParameter.getName().isEmpty() && htmlParameter.getValue().isEmpty())) {
            allParams.add(getDefaultHtmlParameter());
            this.fireTableRowsInserted(row + 1, row + 1);
        }
    }
}
Also used : ParamAddinInterface(org.zaproxy.zap.extension.httppanel.view.paramtable.addins.ParamAddinInterface) UnsupportedEncodingException(java.io.UnsupportedEncodingException) HtmlParameter(org.parosproxy.paros.network.HtmlParameter)

Example 5 with HtmlParameter

use of org.parosproxy.paros.network.HtmlParameter in project zaproxy by zaproxy.

the class HttpRequestBody method setFormParams.

// Construct a HTTP POST Body from the variables in postParams
public void setFormParams(TreeSet<HtmlParameter> postParams) {
    if (postParams.isEmpty()) {
        this.setBody("");
        return;
    }
    StringBuilder postData = new StringBuilder();
    for (HtmlParameter parameter : postParams) {
        if (parameter.getType() != HtmlParameter.Type.form) {
            continue;
        }
        postData.append(parameter.getName());
        postData.append('=');
        postData.append(parameter.getValue());
        postData.append('&');
    }
    String data = "";
    if (postData.length() != 0) {
        data = postData.substring(0, postData.length() - 1);
    }
    this.setBody(data);
}
Also used : HtmlParameter(org.parosproxy.paros.network.HtmlParameter)

Aggregations

HtmlParameter (org.parosproxy.paros.network.HtmlParameter)10 UnsupportedEncodingException (java.io.UnsupportedEncodingException)2 HarCookie (edu.umass.cs.benchlab.har.HarCookie)1 HarCookies (edu.umass.cs.benchlab.har.HarCookies)1 HarPostData (edu.umass.cs.benchlab.har.HarPostData)1 HarPostDataParam (edu.umass.cs.benchlab.har.HarPostDataParam)1 HarPostDataParams (edu.umass.cs.benchlab.har.HarPostDataParams)1 HarQueryParam (edu.umass.cs.benchlab.har.HarQueryParam)1 HarQueryString (edu.umass.cs.benchlab.har.HarQueryString)1 HarRequest (edu.umass.cs.benchlab.har.HarRequest)1 HttpCookie (java.net.HttpCookie)1 ArrayList (java.util.ArrayList)1 LinkedList (java.util.LinkedList)1 FormField (net.htmlparser.jericho.FormField)1 NameValuePair (org.parosproxy.paros.core.scanner.NameValuePair)1 VariantMultipartFormParameters (org.parosproxy.paros.core.scanner.VariantMultipartFormParameters)1 ExtensionHistory (org.parosproxy.paros.extension.history.ExtensionHistory)1 HistoryReference (org.parosproxy.paros.model.HistoryReference)1 HttpHeaderField (org.parosproxy.paros.network.HttpHeaderField)1 HttpMessage (org.parosproxy.paros.network.HttpMessage)1