Search in sources :

Example 6 with HttpMalformedHeaderException

use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.

the class ExtensionAntiCSRF method registerAntiCsrfToken.

public void registerAntiCsrfToken(AntiCsrfToken token) {
    log.debug("registerAntiCsrfToken " + token.getMsg().getRequestHeader().getURI().toString() + " " + token.getValue());
    synchronized (valueToToken) {
        try {
            HistoryReference hRef = token.getMsg().getHistoryRef();
            if (hRef == null) {
                hRef = new HistoryReference(getModel().getSession(), HistoryReference.TYPE_TEMPORARY, token.getMsg());
                token.getMsg().setHistoryRef(null);
            }
            token.setHistoryReferenceId(hRef.getHistoryId());
            valueToToken.put(encoder.getURLEncode(token.getValue()), token);
        } catch (HttpMalformedHeaderException | DatabaseException e) {
            log.error("Failed to persist the message: ", e);
        }
    }
}
Also used : HistoryReference(org.parosproxy.paros.model.HistoryReference) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) DatabaseException(org.parosproxy.paros.db.DatabaseException)

Example 7 with HttpMalformedHeaderException

use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.

the class ExtensionAntiCSRF method sessionChanged.

@Override
public void sessionChanged(Session session) {
    if (session == null) {
        // Closedown
        return;
    }
    synchronized (valueToToken) {
        valueToToken.clear();
    }
    // search for tokens...
    try {
        List<Integer> list = getModel().getDb().getTableHistory().getHistoryIdsOfHistType(session.getSessionId(), HistoryReference.TYPE_PROXIED, HistoryReference.TYPE_ZAP_USER);
        HistoryFilter filter = new HistoryFilter();
        filter.setTags(Arrays.asList(new String[] { TAG }));
        AntiCsrfDetectScanner antiCsrfDetectScanner = new AntiCsrfDetectScanner(this);
        for (Integer i : list) {
            HistoryReference hRef = historyReferenceFactory.createHistoryReference(i.intValue());
            if (filter.matches(hRef)) {
                HttpMessage msg = hRef.getHttpMessage();
                String response = msg.getResponseHeader().toString() + msg.getResponseBody().toString();
                Source src = new Source(response);
                if (msg.isResponseFromTargetHost()) {
                    antiCsrfDetectScanner.scanHttpResponseReceive(msg, hRef.getHistoryId(), src);
                }
            }
        }
    } catch (DatabaseException | HttpMalformedHeaderException e) {
        log.error(e.getMessage(), e);
    }
}
Also used : HistoryFilter(org.parosproxy.paros.extension.history.HistoryFilter) HistoryReference(org.parosproxy.paros.model.HistoryReference) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) HttpMessage(org.parosproxy.paros.network.HttpMessage) DatabaseException(org.parosproxy.paros.db.DatabaseException) Source(net.htmlparser.jericho.Source)

Example 8 with HttpMalformedHeaderException

use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.

the class BreakAPI method handleApiAction.

@Override
public ApiResponse handleApiAction(String name, JSONObject params) throws ApiException {
    if (ACTION_BREAK.equals(name)) {
        String type = params.getString(PARAM_TYPE).toLowerCase();
        if (type.equals(VALUE_TYPE_HTTP_ALL)) {
            extension.setBreakAllRequests(params.getBoolean(PARAM_STATE));
            extension.setBreakAllResponses(params.getBoolean(PARAM_STATE));
        } else if (type.equals(VALUE_TYPE_HTTP_REQUESTS)) {
            extension.setBreakAllRequests(params.getBoolean(PARAM_STATE));
        } else if (type.equals(VALUE_TYPE_HTTP_RESPONSES)) {
            extension.setBreakAllResponses(params.getBoolean(PARAM_STATE));
        } else {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_TYPE + " not in [" + VALUE_TYPE_HTTP_ALL + "," + VALUE_TYPE_HTTP_REQUESTS + "," + VALUE_TYPE_HTTP_RESPONSES + "]");
        }
    } else if (ACTION_BREAK_ON_ID.equals(name)) {
        extension.setBreakOnId(params.getString(PARAM_KEY), params.getString(PARAM_STATE).toLowerCase().equals("on"));
    } else if (ACTION_CONTINUE.equals(name)) {
        extension.getBreakpointManagementInterface().cont();
    } else if (ACTION_STEP.equals(name)) {
        extension.getBreakpointManagementInterface().step();
    } else if (ACTION_DROP.equals(name)) {
        extension.getBreakpointManagementInterface().drop();
    } else if (ACTION_SET_HTTP_MESSAGE.equals(name)) {
        if (extension.getBreakpointManagementInterface().getMessage() == null) {
            // We've not got an intercepted message
            throw new ApiException(ApiException.Type.DOES_NOT_EXIST);
        }
        String header = params.getString(PARAM_HTTP_HEADER);
        String body = this.getParam(params, PARAM_HTTP_BODY, "");
        if (header.indexOf(HttpHeader.CRLF) < 0) {
            if (header.indexOf("\\n") >= 0) {
                // Makes it easier to use via API UI
                header = header.replace("\\r", "\r").replace("\\n", "\n");
            }
        }
        Message msg = extension.getBreakpointManagementInterface().getMessage();
        if (msg instanceof HttpMessage) {
            HttpMessage httpMsg = (HttpMessage) msg;
            if (extension.getBreakpointManagementInterface().isRequest()) {
                try {
                    httpMsg.setRequestHeader(header);
                    httpMsg.setRequestBody(body);
                    extension.getBreakpointManagementInterface().setMessage(httpMsg, true);
                } catch (HttpMalformedHeaderException e) {
                    throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, e.getMessage());
                }
            } else {
                try {
                    httpMsg.setResponseHeader(header);
                    httpMsg.setResponseBody(body);
                    extension.getBreakpointManagementInterface().setMessage(httpMsg, false);
                } catch (HttpMalformedHeaderException e) {
                    throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, e.getMessage());
                }
            }
        }
    } else if (ACTION_ADD_HTTP_BREAK_POINT.equals(name)) {
        try {
            extension.addHttpBreakpoint(params.getString(PARAM_STRING), params.getString(PARAM_LOCATION), params.getString(PARAM_MATCH), params.getBoolean(PARAM_INVERSE), params.getBoolean(PARAM_IGNORECASE));
        } catch (Exception e) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, e.getMessage());
        }
    } else if (ACTION_REM_HTTP_BREAK_POINT.equals(name)) {
        try {
            extension.removeHttpBreakpoint(params.getString(PARAM_STRING), params.getString(PARAM_LOCATION), params.getString(PARAM_MATCH), params.getBoolean(PARAM_INVERSE), params.getBoolean(PARAM_IGNORECASE));
        } catch (Exception e) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, e.getMessage());
        }
    } else {
        throw new ApiException(ApiException.Type.BAD_ACTION);
    }
    return ApiResponseElement.OK;
}
Also used : Message(org.zaproxy.zap.extension.httppanel.Message) HttpMessage(org.parosproxy.paros.network.HttpMessage) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) HttpMessage(org.parosproxy.paros.network.HttpMessage) ApiException(org.zaproxy.zap.extension.api.ApiException) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 9 with HttpMalformedHeaderException

use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.

the class CustomScanDialog method populateRequestField.

private void populateRequestField(SiteNode node) {
    try {
        if (node == null || node.getHistoryReference() == null || node.getHistoryReference().getHttpMessage() == null) {
            this.getRequestField().setText("");
        } else {
            // Populate the custom vectors http pane
            HttpMessage msg = node.getHistoryReference().getHttpMessage();
            String header = msg.getRequestHeader().toString();
            StringBuilder sb = new StringBuilder();
            sb.append(header);
            this.headerLength = header.length();
            // Ignore <METHOD> http(s)://host:port/
            this.urlPathStart = header.indexOf("/", header.indexOf("://") + 2) + 1;
            sb.append(msg.getRequestBody().toString());
            this.getRequestField().setText(sb.toString());
            // Only set the recurse option if the node has children, and disable it otherwise
            JCheckBox recurseChk = (JCheckBox) this.getField(FIELD_RECURSE);
            recurseChk.setEnabled(node.getChildCount() > 0);
            recurseChk.setSelected(node.getChildCount() > 0);
        }
        this.setFieldStates();
    } catch (HttpMalformedHeaderException | DatabaseException e) {
        // 
        this.getRequestField().setText("");
    }
}
Also used : JCheckBox(javax.swing.JCheckBox) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) HttpMessage(org.parosproxy.paros.network.HttpMessage) DatabaseException(org.parosproxy.paros.db.DatabaseException)

Example 10 with HttpMalformedHeaderException

use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.

the class KeyboardAPI method handleApiOther.

@Override
public HttpMessage handleApiOther(HttpMessage msg, String name, JSONObject params) throws ApiException {
    if (OTHER_CHEETSHEET_ACTION_ORDER.equals(name) || OTHER_CHEETSHEET_KEY_ORDER.equals(name)) {
        List<KeyboardShortcut> shortcuts = this.extension.getShortcuts();
        if (OTHER_CHEETSHEET_ACTION_ORDER.equals(name)) {
            Collections.sort(shortcuts, new Comparator<KeyboardShortcut>() {

                @Override
                public int compare(KeyboardShortcut o1, KeyboardShortcut o2) {
                    return o1.getName().compareTo(o2.getName());
                }
            });
        } else {
            Collections.sort(shortcuts, new Comparator<KeyboardShortcut>() {

                @Override
                public int compare(KeyboardShortcut o1, KeyboardShortcut o2) {
                    return o1.getKeyStrokeKeyCodeString().compareTo(o2.getKeyStrokeKeyCodeString());
                }
            });
        }
        StringBuilder response = new StringBuilder();
        response.append(Constant.messages.getString("keyboard.api.cheatsheet.header"));
        boolean incUnset = this.getParam(params, PARAM_INC_UNSET, false);
        for (KeyboardShortcut shortcut : shortcuts) {
            if (incUnset || shortcut.getKeyStrokeKeyCodeString().length() > 0) {
                // Only show actions with actual shortcuts
                response.append(MessageFormat.format(Constant.messages.getString("keyboard.api.cheatsheet.tablerow"), shortcut.getName(), shortcut.getKeyStrokeModifiersString(), shortcut.getKeyStrokeKeyCodeString()));
            }
        }
        response.append(Constant.messages.getString("keyboard.api.cheatsheet.footer"));
        try {
            msg.setResponseHeader(API.getDefaultResponseHeader("text/html", response.length()));
        } catch (HttpMalformedHeaderException e) {
            throw new ApiException(ApiException.Type.INTERNAL_ERROR, name, e);
        }
        msg.setResponseBody(response.toString());
        return msg;
    } else {
        throw new ApiException(ApiException.Type.BAD_OTHER, name);
    }
}
Also used : HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) ApiException(org.zaproxy.zap.extension.api.ApiException)

Aggregations

HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)28 DatabaseException (org.parosproxy.paros.db.DatabaseException)17 HttpMessage (org.parosproxy.paros.network.HttpMessage)14 RecordHistory (org.parosproxy.paros.db.RecordHistory)7 IOException (java.io.IOException)6 HistoryReference (org.parosproxy.paros.model.HistoryReference)6 Matcher (java.util.regex.Matcher)4 URIException (org.apache.commons.httpclient.URIException)4 TableHistory (org.parosproxy.paros.db.TableHistory)4 Session (org.parosproxy.paros.model.Session)4 PatternSyntaxException (java.util.regex.PatternSyntaxException)3 URI (org.apache.commons.httpclient.URI)3 ApiException (org.zaproxy.zap.extension.api.ApiException)3 HarEntries (edu.umass.cs.benchlab.har.HarEntries)2 HarLog (edu.umass.cs.benchlab.har.HarLog)2 PreparedStatement (java.sql.PreparedStatement)2 ResultSet (java.sql.ResultSet)2 SQLException (java.sql.SQLException)2 ArrayList (java.util.ArrayList)2 List (java.util.List)2