use of org.parosproxy.paros.network.HtmlParameter in project zaproxy by zaproxy.
the class SpiderHtmlFormParser method prepareFormDataSet.
/**
* Prepares the form data set. A form data set is a sequence of control-name/current-value pairs
* constructed from successful controls, which will be sent with a GET/POST request for a form.
*
* @see <a href="https://www.w3.org/TR/REC-html40/interact/forms.html#form-data-set">HTML 4.01 Specification - 17.13.3
* Processing form data</a>
* @see <a href="https://html.spec.whatwg.org/multipage/forms.html#association-of-controls-and-forms">HTML 5 - 4.10.18.3
* Association of controls and forms</a>
* @param form the form
* @return the list
*/
private FormData prepareFormDataSet(FormFields form) {
List<HtmlParameter> formDataSet = new LinkedList<>();
List<HtmlParameter> submitFields = new ArrayList<>();
// Process each form field
Iterator<FormField> it = form.iterator();
while (it.hasNext()) {
FormField field = it.next();
if (log.isDebugEnabled()) {
log.debug("New form field: " + field.getDebugInfo());
}
List<HtmlParameter> currentList = formDataSet;
if (field.getFormControl().getFormControlType().isSubmit()) {
currentList = submitFields;
}
for (String value : getDefaultTextValue(field)) {
currentList.add(new HtmlParameter(Type.form, field.getName(), value));
}
}
return new FormData(formDataSet, submitFields);
}
use of org.parosproxy.paros.network.HtmlParameter in project zaproxy by zaproxy.
the class SpiderHtmlFormParser method processGetForm.
/**
* Processes the given GET form data into, possibly, several URLs.
* <p>
* For each submit field present in the form data is processed one URL, which includes remaining normal fields.
*
* @param message the source message
* @param depth the current depth
* @param action the action
* @param baseURL the base URL
* @param formData the GET form data
* @see #processURL(HttpMessage, int, String, String)
*/
private void processGetForm(HttpMessage message, int depth, String action, String baseURL, FormData formData) {
String baseQuery = buildEncodedUrlQuery(formData.getFields());
if (formData.getSubmitFields().isEmpty()) {
log.debug("Submiting form with GET method and query with form parameters: " + baseQuery);
processURL(message, depth, action + baseQuery, baseURL);
} else {
for (HtmlParameter submitField : formData.getSubmitFields()) {
String query = appendEncodedUrlQueryParameter(baseQuery, submitField);
log.debug("Submiting form with GET method and query with form parameters: " + query);
processURL(message, depth, action + query, baseURL);
}
}
}
use of org.parosproxy.paros.network.HtmlParameter in project zaproxy by zaproxy.
the class ExtensionAntiCSRF method generateForm.
public String generateForm(int hrefId) throws Exception {
ExtensionHistory extHist = (ExtensionHistory) Control.getSingleton().getExtensionLoader().getExtension(ExtensionHistory.NAME);
if (extHist != null) {
HistoryReference hr = extHist.getHistoryReference(hrefId);
if (hr == null) {
return null;
}
HttpMessage msg = hr.getHttpMessage();
StringBuilder sb = new StringBuilder(300);
sb.append("<html>\n");
sb.append("<body>\n");
sb.append("<h3>");
sb.append(msg.getRequestHeader().getURI());
sb.append("</h3>");
sb.append("<form id=\"f1\" method=\"POST\" action=\"" + hr.getURI() + "\">\n");
sb.append("<table>\n");
TreeSet<HtmlParameter> params = msg.getFormParams();
// Let the message be GC'ed as it's no longer needed.
msg = null;
Iterator<HtmlParameter> iter = params.iterator();
while (iter.hasNext()) {
HtmlParameter htmlParam = iter.next();
String name = URLDecoder.decode(htmlParam.getName(), "UTF-8");
String value = URLDecoder.decode(htmlParam.getValue(), "UTF-8");
sb.append("<tr><td>\n");
sb.append(name);
sb.append("<td>");
sb.append("<input name=\"");
sb.append(name);
sb.append("\" value=\"");
sb.append(value);
sb.append("\" size=\"100\">");
sb.append("</tr>\n");
}
sb.append("</table>\n");
sb.append("<input id=\"submit\" type=\"submit\" value=\"Submit\"/>\n");
sb.append("</form>\n");
sb.append("</body>\n");
sb.append("</html>\n");
return sb.toString();
}
return null;
}
use of org.parosproxy.paros.network.HtmlParameter in project zaproxy by zaproxy.
the class HttpPanelParamTableModel method setValueAt.
@Override
public void setValueAt(Object value, int row, int col) {
boolean changed = false;
HtmlParameter htmlParameter = allParams.get(row);
if (col == 0) {
htmlParameter.setType((HtmlParameter.Type) value);
changed = true;
} else if (col == 1) {
htmlParameter.setName((String) value);
changed = true;
} else if (col == 2) {
htmlParameter.setValue((String) value);
changed = true;
} else if (col == 3) {
if (value instanceof ParamAddinInterface) {
try {
htmlParameter.setValue(((ParamAddinInterface) value).convertData(htmlParameter.getValue()));
changed = true;
col = 2;
} catch (UnsupportedEncodingException e) {
log.warn(e.getMessage(), e);
}
}
}
if (changed) {
hasChanged = true;
this.fireTableCellUpdated(row, col);
}
if (row == allParams.size() - 1) {
htmlParameter = allParams.getLast();
if (!(htmlParameter.getName().isEmpty() && htmlParameter.getValue().isEmpty())) {
allParams.add(getDefaultHtmlParameter());
this.fireTableRowsInserted(row + 1, row + 1);
}
}
}
use of org.parosproxy.paros.network.HtmlParameter in project zaproxy by zaproxy.
the class HttpRequestBody method setFormParams.
// Construct a HTTP POST Body from the variables in postParams
public void setFormParams(TreeSet<HtmlParameter> postParams) {
if (postParams.isEmpty()) {
this.setBody("");
return;
}
StringBuilder postData = new StringBuilder();
for (HtmlParameter parameter : postParams) {
if (parameter.getType() != HtmlParameter.Type.form) {
continue;
}
postData.append(parameter.getName());
postData.append('=');
postData.append(parameter.getValue());
postData.append('&');
}
String data = "";
if (postData.length() != 0) {
data = postData.substring(0, postData.length() - 1);
}
this.setBody(data);
}
Aggregations