Search in sources :

Example 1 with HttpMalformedHeaderException

use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.

the class FilterReplaceResponseHeader method onHttpResponseReceive.

@Override
public void onHttpResponseReceive(HttpMessage msg) {
    if (getPattern() == null) {
        return;
    } else if (msg.getResponseHeader().isEmpty()) {
        return;
    }
    Matcher matcher = getPattern().matcher(msg.getResponseHeader().toString());
    String result = matcher.replaceAll(getReplaceText());
    try {
        msg.getResponseHeader().setMessage(result);
    } catch (HttpMalformedHeaderException e) {
    }
}
Also used : Matcher(java.util.regex.Matcher) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)

Example 2 with HttpMalformedHeaderException

use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.

the class ExtensionAntiCSRF method registerAntiCsrfToken.

public void registerAntiCsrfToken(AntiCsrfToken token) {
    log.debug("registerAntiCsrfToken " + token.getMsg().getRequestHeader().getURI().toString() + " " + token.getValue());
    synchronized (valueToToken) {
        try {
            HistoryReference hRef = token.getMsg().getHistoryRef();
            if (hRef == null) {
                hRef = new HistoryReference(getModel().getSession(), HistoryReference.TYPE_TEMPORARY, token.getMsg());
                token.getMsg().setHistoryRef(null);
            }
            token.setHistoryReferenceId(hRef.getHistoryId());
            valueToToken.put(getURLEncode(token.getValue()), token);
        } catch (HttpMalformedHeaderException | DatabaseException e) {
            log.error("Failed to persist the message: ", e);
        }
    }
}
Also used : HistoryReference(org.parosproxy.paros.model.HistoryReference) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) DatabaseException(org.parosproxy.paros.db.DatabaseException)

Example 3 with HttpMalformedHeaderException

use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.

the class ExtensionAntiCSRF method sessionChanged.

@Override
public void sessionChanged(Session session) {
    if (session == null) {
        // Closedown
        return;
    }
    synchronized (valueToToken) {
        valueToToken.clear();
    }
    // search for tokens...
    try {
        List<Integer> list = getModel().getDb().getTableHistory().getHistoryIdsOfHistType(session.getSessionId(), HistoryReference.TYPE_PROXIED, HistoryReference.TYPE_ZAP_USER);
        HistoryFilter filter = new HistoryFilter();
        filter.setTags(Arrays.asList(new String[] { TAG }));
        AntiCsrfDetectScanner antiCsrfDetectScanner = new AntiCsrfDetectScanner(this);
        for (Integer i : list) {
            HistoryReference hRef = historyReferenceFactory.createHistoryReference(i);
            if (filter.matches(hRef)) {
                HttpMessage msg = hRef.getHttpMessage();
                Source src = new Source(msg.getResponseBody().toString());
                if (msg.isResponseFromTargetHost()) {
                    antiCsrfDetectScanner.scanHttpResponseReceive(msg, hRef.getHistoryId(), src);
                }
            }
        }
    } catch (DatabaseException | HttpMalformedHeaderException e) {
        log.error(e.getMessage(), e);
    }
}
Also used : HistoryFilter(org.parosproxy.paros.extension.history.HistoryFilter) HistoryReference(org.parosproxy.paros.model.HistoryReference) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) HttpMessage(org.parosproxy.paros.network.HttpMessage) DatabaseException(org.parosproxy.paros.db.DatabaseException) Source(net.htmlparser.jericho.Source)

Example 4 with HttpMalformedHeaderException

use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.

the class AntiCsrfAPI method handleApiOther.

@Override
public HttpMessage handleApiOther(HttpMessage msg, String name, JSONObject params) throws ApiException {
    if (OTHER_GENERATE_FORM.equals(name)) {
        String hrefIdStr = params.getString(OTHER_GENERATE_FORM_PARAM_HREFID);
        if (hrefIdStr == null || hrefIdStr.length() == 0) {
            throw new ApiException(ApiException.Type.MISSING_PARAMETER, OTHER_GENERATE_FORM_PARAM_HREFID);
        }
        int hrefId;
        try {
            hrefId = Integer.parseInt(hrefIdStr);
        } catch (NumberFormatException e) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, OTHER_GENERATE_FORM_PARAM_HREFID, e);
        }
        try {
            HttpMessage originalMessage = new HistoryReference(hrefId, true).getHttpMessage();
            String response = extension.generateForm(originalMessage);
            // Get the charset from the original message
            String charset = originalMessage.getResponseHeader().getCharset();
            if (charset == null || charset.length() == 0) {
                charset = "";
            } else {
                charset = " charset=" + charset;
            }
            msg.setResponseHeader(API.getDefaultResponseHeader("text/html; " + charset));
            msg.setResponseBody(response);
            msg.getResponseHeader().setContentLength(msg.getResponseBody().length());
        } catch (HttpMalformedHeaderException e) {
            throw new ApiException(ApiException.Type.HREF_NOT_FOUND, hrefIdStr, e);
        } catch (Exception e) {
            throw new ApiException(ApiException.Type.INTERNAL_ERROR, e);
        }
    } else {
        throw new ApiException(ApiException.Type.BAD_OTHER, name);
    }
    return msg;
}
Also used : HistoryReference(org.parosproxy.paros.model.HistoryReference) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) HttpMessage(org.parosproxy.paros.network.HttpMessage) ApiException(org.zaproxy.zap.extension.api.ApiException) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 5 with HttpMalformedHeaderException

use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.

the class HostProcess method filterNode.

private boolean filterNode(StructuralNode node) {
    for (ScanFilter scanFilter : parentScanner.getScanFilters()) {
        try {
            FilterResult filterResult = scanFilter.isFiltered(node);
            if (filterResult.isFiltered()) {
                try {
                    HttpMessage msg = node.getHistoryReference().getHttpMessage();
                    parentScanner.notifyFilteredMessage(msg, filterResult.getReason());
                } catch (HttpMalformedHeaderException | DatabaseException e) {
                    log.warn("Error while getting httpmessage from history reference: " + e.getMessage(), e);
                }
                if (log.isDebugEnabled()) {
                    log.debug("Ignoring filtered node: " + node.getName() + " Reason: " + filterResult.getReason());
                }
                return true;
            }
        } catch (Exception ex) {
            log.error(ex.getMessage(), ex);
        }
    }
    return false;
}
Also used : ScanFilter(org.zaproxy.zap.extension.ascan.filters.ScanFilter) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) FilterResult(org.zaproxy.zap.extension.ascan.filters.FilterResult) HttpMessage(org.parosproxy.paros.network.HttpMessage) DatabaseException(org.parosproxy.paros.db.DatabaseException) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) IOException(java.io.IOException) DatabaseException(org.parosproxy.paros.db.DatabaseException)

Aggregations

HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)41 DatabaseException (org.parosproxy.paros.db.DatabaseException)24 HttpMessage (org.parosproxy.paros.network.HttpMessage)20 HistoryReference (org.parosproxy.paros.model.HistoryReference)10 IOException (java.io.IOException)8 URI (org.apache.commons.httpclient.URI)5 URIException (org.apache.commons.httpclient.URIException)5 RecordHistory (org.parosproxy.paros.db.RecordHistory)5 ApiException (org.zaproxy.zap.extension.api.ApiException)5 Matcher (java.util.regex.Matcher)4 ExtensionHistory (org.parosproxy.paros.extension.history.ExtensionHistory)4 Session (org.parosproxy.paros.model.Session)4 HttpRequestHeader (org.parosproxy.paros.network.HttpRequestHeader)4 InvalidMessageDataException (org.zaproxy.zap.extension.httppanel.InvalidMessageDataException)4 PatternSyntaxException (java.util.regex.PatternSyntaxException)3 TableHistory (org.parosproxy.paros.db.TableHistory)3 SiteNode (org.parosproxy.paros.model.SiteNode)3 SSLContextManager (ch.csnc.extension.httpclient.SSLContextManager)2 HarEntries (edu.umass.cs.benchlab.har.HarEntries)2 HarLog (edu.umass.cs.benchlab.har.HarLog)2