Example 6 with HtmlParameter
use of org.parosproxy.paros.network.HtmlParameter in project zaproxy by zaproxy.
the class HarUtils method createHarRequest.
public static HarRequest createHarRequest(HttpMessage httpMessage) {
HttpRequestHeader requestHeader = httpMessage.getRequestHeader();
HarCookies harCookies = new HarCookies();
try {
for (HttpCookie cookie : requestHeader.getHttpCookies()) {
harCookies.addCookie(new HarCookie(cookie.getName(), cookie.getValue()));
}
} catch (IllegalArgumentException e) {
LOGGER.warn("Ignoring cookies for HAR (\"request\") \"cookies\" list. Request contains invalid cookie: " + e.getMessage());
}
HarQueryString harQueryString = new HarQueryString();
for (HtmlParameter param : httpMessage.getUrlParams()) {
harQueryString.addQueryParam(new HarQueryParam(param.getName(), param.getValue()));
}
HarPostData harPostData = null;
HttpRequestBody requestBody = httpMessage.getRequestBody();
if (requestBody.length() >= 0) {
HarPostDataParams params = new HarPostDataParams();
String text = "";
String contentType = requestHeader.getHeader(HttpHeader.CONTENT_TYPE);
if (contentType == null) {
contentType = "";
text = requestBody.toString();
} else {
if (StringUtils.startsWithIgnoreCase(contentType.trim(), HttpHeader.FORM_URLENCODED_CONTENT_TYPE)) {
for (HtmlParameter param : httpMessage.getFormParams()) {
params.addPostDataParam(new HarPostDataParam(param.getName(), param.getValue()));
}
} else {
text = requestBody.toString();
}
}
harPostData = new HarPostData(contentType, params, text, null);
}
return new HarRequest(requestHeader.getMethod(), requestHeader.getURI().toString(), requestHeader.getVersion(), harCookies, createHarHeaders(requestHeader), harQueryString, harPostData, requestHeader.toString().length(), httpMessage.getRequestBody().length(), null);
}
Also used :
HarCookie(edu.umass.cs.benchlab.har.HarCookie)
HarQueryString(edu.umass.cs.benchlab.har.HarQueryString)
HarCookies(edu.umass.cs.benchlab.har.HarCookies)
HarQueryString(edu.umass.cs.benchlab.har.HarQueryString)
HttpRequestHeader(org.parosproxy.paros.network.HttpRequestHeader)
HarQueryParam(edu.umass.cs.benchlab.har.HarQueryParam)
HarPostData(edu.umass.cs.benchlab.har.HarPostData)
HttpRequestBody(org.zaproxy.zap.network.HttpRequestBody)
HarRequest(edu.umass.cs.benchlab.har.HarRequest)
HtmlParameter(org.parosproxy.paros.network.HtmlParameter)
HarPostDataParams(edu.umass.cs.benchlab.har.HarPostDataParams)
HttpCookie(java.net.HttpCookie)
HarPostDataParam(edu.umass.cs.benchlab.har.HarPostDataParam)
Example 7 with HtmlParameter
use of org.parosproxy.paros.network.HtmlParameter in project zaproxy by zaproxy.
the class SpiderHtmlFormParser method parseResource.
@Override
public boolean parseResource(HttpMessage message, Source source, int depth) {
log.debug("Parsing an HTML message for forms...");
// If form processing is disabled, don't parse anything
if (!param.isProcessForm()) {
return false;
}
// Prepare the source, if not provided
if (source == null) {
source = new Source(message.getResponseBody().toString());
}
// Get the context (base url)
String baseURL = message.getRequestHeader().getURI().toString();
uri = message.getRequestHeader().getURI();
// Try to see if there's any BASE tag that could change the base URL
Element base = source.getFirstElement(HTMLElementName.BASE);
if (base != null) {
if (log.isDebugEnabled()) {
log.debug("Base tag was found in HTML: " + base.getDebugInfo());
}
String href = base.getAttributeValue("href");
if (href != null && !href.isEmpty()) {
baseURL = URLCanonicalizer.getCanonicalURL(href, baseURL);
}
}
// Go through the forms
List<Element> forms = source.getAllElements(HTMLElementName.FORM);
for (Element form : forms) {
//Clear the attributes for each form and store their key and values
envAttributes.clear();
for (Attribute att : form.getAttributes()) {
envAttributes.put(att.getKey(), att.getValue());
}
// Get method and action
String method = form.getAttributeValue("method");
String action = form.getAttributeValue("action");
log.debug("Found new form with method: '" + method + "' and action: " + action);
// If no action, skip the form
if (action == null) {
log.debug("No form 'action' defined. Using base URL: " + baseURL);
action = baseURL;
}
// If POSTing forms is not enabled, skip processing of forms with POST method
if (!param.isPostForm() && method != null && method.trim().equalsIgnoreCase(METHOD_POST)) {
log.debug("Skipping form with POST method because of user settings.");
continue;
}
// Clear the fragment, if any, as it does not have any relevance for the server
if (action.contains("#")) {
int fs = action.lastIndexOf("#");
action = action.substring(0, fs);
}
url = URLCanonicalizer.getCanonicalURL(action, baseURL);
FormData formData = prepareFormDataSet(form.getFormFields());
// Process the case of a POST method
if (method != null && method.trim().equalsIgnoreCase(METHOD_POST)) {
// Build the absolute canonical URL
String fullURL = URLCanonicalizer.getCanonicalURL(action, baseURL);
if (fullURL == null) {
return false;
}
log.debug("Canonical URL constructed using '" + action + "': " + fullURL);
/*
* Ignore encoding, as we will not POST files anyway, so using
* "application/x-www-form-urlencoded" is adequate
*/
// String encoding = form.getAttributeValue("enctype");
// if (encoding != null && encoding.equals("multipart/form-data"))
String baseRequestBody = buildEncodedUrlQuery(formData.getFields());
if (formData.getSubmitFields().isEmpty()) {
notifyPostResourceFound(message, depth, fullURL, baseRequestBody);
continue;
}
for (HtmlParameter submitField : formData.getSubmitFields()) {
notifyPostResourceFound(message, depth, fullURL, appendEncodedUrlQueryParameter(baseRequestBody, submitField));
}
} else // Process anything else as a GET method
{
// Process the final URL
if (action.contains("?")) {
if (action.endsWith("?")) {
processGetForm(message, depth, action, baseURL, formData);
} else {
processGetForm(message, depth, action + "&", baseURL, formData);
}
} else {
processGetForm(message, depth, action + "?", baseURL, formData);
}
}
}
return false;
}
Also used :
Attribute(net.htmlparser.jericho.Attribute)
Element(net.htmlparser.jericho.Element)
HtmlParameter(org.parosproxy.paros.network.HtmlParameter)
Source(net.htmlparser.jericho.Source)
Example 8 with HtmlParameter
use of org.parosproxy.paros.network.HtmlParameter in project zaproxy by zaproxy.
the class SpiderHtmlFormParser method buildEncodedUrlQuery.
/**
* Builds the query, encoded with "application/x-www-form-urlencoded".
*
* @see <a href="https://www.w3.org/TR/REC-html40/interact/forms.html#form-content-type">HTML 4.01 Specification - 17.13.4
* Form content types</a>
* @param formDataSet the form data set
* @return the query
*/
private String buildEncodedUrlQuery(List<HtmlParameter> formDataSet) {
StringBuilder request = new StringBuilder();
// Build the query
for (HtmlParameter p : formDataSet) {
String v;
try {
v = URLEncoder.encode(p.getName(), ENCODING_TYPE);
request.append(v);
request.append("=");
v = URLEncoder.encode(p.getValue(), ENCODING_TYPE);
request.append(v);
} catch (UnsupportedEncodingException e) {
log.warn("Error while encoding query for form.", e);
}
request.append("&");
}
// Delete the last ampersand
if (request.length() > 0) {
request.deleteCharAt(request.length() - 1);
}
return request.toString();
}
Also used :
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
HtmlParameter(org.parosproxy.paros.network.HtmlParameter)
Example 9 with HtmlParameter
use of org.parosproxy.paros.network.HtmlParameter in project zaproxy by zaproxy.
the class ExtensionParams method onHttpRequestSend.
public boolean onHttpRequestSend(HttpMessage msg) {
// Check we know the site
String site = msg.getRequestHeader().getHostName() + ":" + msg.getRequestHeader().getHostPort();
if (getView() != null) {
this.getParamsPanel().addSite(site);
}
SiteParameters sps = this.siteParamsMap.get(site);
if (sps == null) {
sps = new SiteParameters(this, site);
this.siteParamsMap.put(site, sps);
}
// Cookie Parameters
TreeSet<HtmlParameter> params;
Iterator<HtmlParameter> iter;
try {
params = msg.getCookieParams();
iter = params.iterator();
while (iter.hasNext()) {
persist(sps.addParam(site, iter.next(), msg));
}
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
// URL Parameters
params = msg.getUrlParams();
iter = params.iterator();
while (iter.hasNext()) {
persist(sps.addParam(site, iter.next(), msg));
}
// Form Parameters
// TODO flag anti csrf url ones too?
ExtensionAntiCSRF extAntiCSRF = (ExtensionAntiCSRF) Control.getSingleton().getExtensionLoader().getExtension(ExtensionAntiCSRF.NAME);
params = msg.getFormParams();
iter = params.iterator();
HtmlParameter param;
while (iter.hasNext()) {
param = iter.next();
if (extAntiCSRF != null && extAntiCSRF.isAntiCsrfToken(param.getName())) {
param.addFlag(HtmlParameter.Flags.anticsrf.name());
}
persist(sps.addParam(site, param, msg));
}
return true;
}
Also used :
ExtensionAntiCSRF(org.zaproxy.zap.extension.anticsrf.ExtensionAntiCSRF)
HtmlParameter(org.parosproxy.paros.network.HtmlParameter)
MalformedURLException(java.net.MalformedURLException)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
Aggregations
HtmlParameter (org.parosproxy.paros.network.HtmlParameter)9
UnsupportedEncodingException (java.io.UnsupportedEncodingException)2
HarCookie (edu.umass.cs.benchlab.har.HarCookie)1
HarCookies (edu.umass.cs.benchlab.har.HarCookies)1
HarPostData (edu.umass.cs.benchlab.har.HarPostData)1
HarPostDataParam (edu.umass.cs.benchlab.har.HarPostDataParam)1
HarPostDataParams (edu.umass.cs.benchlab.har.HarPostDataParams)1
HarQueryParam (edu.umass.cs.benchlab.har.HarQueryParam)1
HarQueryString (edu.umass.cs.benchlab.har.HarQueryString)1
HarRequest (edu.umass.cs.benchlab.har.HarRequest)1
HttpCookie (java.net.HttpCookie)1
MalformedURLException (java.net.MalformedURLException)1
ArrayList (java.util.ArrayList)1
LinkedList (java.util.LinkedList)1
Attribute (net.htmlparser.jericho.Attribute)1
Element (net.htmlparser.jericho.Element)1
FormField (net.htmlparser.jericho.FormField)1
Source (net.htmlparser.jericho.Source)1
DatabaseException (org.parosproxy.paros.db.DatabaseException)1
ExtensionHistory (org.parosproxy.paros.extension.history.ExtensionHistory)1
