use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.
the class ExtensionAntiCSRF method registerAntiCsrfToken.
public void registerAntiCsrfToken(AntiCsrfToken token) {
log.debug("registerAntiCsrfToken " + token.getMsg().getRequestHeader().getURI().toString() + " " + token.getValue());
synchronized (valueToToken) {
try {
HistoryReference hRef = token.getMsg().getHistoryRef();
if (hRef == null) {
hRef = new HistoryReference(getModel().getSession(), HistoryReference.TYPE_TEMPORARY, token.getMsg());
token.getMsg().setHistoryRef(null);
}
token.setHistoryReferenceId(hRef.getHistoryId());
valueToToken.put(encoder.getURLEncode(token.getValue()), token);
} catch (HttpMalformedHeaderException | DatabaseException e) {
log.error("Failed to persist the message: ", e);
}
}
}
use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.
the class ExtensionAntiCSRF method sessionChanged.
@Override
public void sessionChanged(Session session) {
if (session == null) {
// Closedown
return;
}
synchronized (valueToToken) {
valueToToken.clear();
}
// search for tokens...
try {
List<Integer> list = getModel().getDb().getTableHistory().getHistoryIdsOfHistType(session.getSessionId(), HistoryReference.TYPE_PROXIED, HistoryReference.TYPE_ZAP_USER);
HistoryFilter filter = new HistoryFilter();
filter.setTags(Arrays.asList(new String[] { TAG }));
AntiCsrfDetectScanner antiCsrfDetectScanner = new AntiCsrfDetectScanner(this);
for (Integer i : list) {
HistoryReference hRef = historyReferenceFactory.createHistoryReference(i.intValue());
if (filter.matches(hRef)) {
HttpMessage msg = hRef.getHttpMessage();
String response = msg.getResponseHeader().toString() + msg.getResponseBody().toString();
Source src = new Source(response);
if (msg.isResponseFromTargetHost()) {
antiCsrfDetectScanner.scanHttpResponseReceive(msg, hRef.getHistoryId(), src);
}
}
}
} catch (DatabaseException | HttpMalformedHeaderException e) {
log.error(e.getMessage(), e);
}
}
use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.
the class BreakAPI method handleApiAction.
@Override
public ApiResponse handleApiAction(String name, JSONObject params) throws ApiException {
if (ACTION_BREAK.equals(name)) {
String type = params.getString(PARAM_TYPE).toLowerCase();
if (type.equals(VALUE_TYPE_HTTP_ALL)) {
extension.setBreakAllRequests(params.getBoolean(PARAM_STATE));
extension.setBreakAllResponses(params.getBoolean(PARAM_STATE));
} else if (type.equals(VALUE_TYPE_HTTP_REQUESTS)) {
extension.setBreakAllRequests(params.getBoolean(PARAM_STATE));
} else if (type.equals(VALUE_TYPE_HTTP_RESPONSES)) {
extension.setBreakAllResponses(params.getBoolean(PARAM_STATE));
} else {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_TYPE + " not in [" + VALUE_TYPE_HTTP_ALL + "," + VALUE_TYPE_HTTP_REQUESTS + "," + VALUE_TYPE_HTTP_RESPONSES + "]");
}
} else if (ACTION_BREAK_ON_ID.equals(name)) {
extension.setBreakOnId(params.getString(PARAM_KEY), params.getString(PARAM_STATE).toLowerCase().equals("on"));
} else if (ACTION_CONTINUE.equals(name)) {
extension.getBreakpointManagementInterface().cont();
} else if (ACTION_STEP.equals(name)) {
extension.getBreakpointManagementInterface().step();
} else if (ACTION_DROP.equals(name)) {
extension.getBreakpointManagementInterface().drop();
} else if (ACTION_SET_HTTP_MESSAGE.equals(name)) {
if (extension.getBreakpointManagementInterface().getMessage() == null) {
// We've not got an intercepted message
throw new ApiException(ApiException.Type.DOES_NOT_EXIST);
}
String header = params.getString(PARAM_HTTP_HEADER);
String body = this.getParam(params, PARAM_HTTP_BODY, "");
if (header.indexOf(HttpHeader.CRLF) < 0) {
if (header.indexOf("\\n") >= 0) {
// Makes it easier to use via API UI
header = header.replace("\\r", "\r").replace("\\n", "\n");
}
}
Message msg = extension.getBreakpointManagementInterface().getMessage();
if (msg instanceof HttpMessage) {
HttpMessage httpMsg = (HttpMessage) msg;
if (extension.getBreakpointManagementInterface().isRequest()) {
try {
httpMsg.setRequestHeader(header);
httpMsg.setRequestBody(body);
extension.getBreakpointManagementInterface().setMessage(httpMsg, true);
} catch (HttpMalformedHeaderException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, e.getMessage());
}
} else {
try {
httpMsg.setResponseHeader(header);
httpMsg.setResponseBody(body);
extension.getBreakpointManagementInterface().setMessage(httpMsg, false);
} catch (HttpMalformedHeaderException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, e.getMessage());
}
}
}
} else if (ACTION_ADD_HTTP_BREAK_POINT.equals(name)) {
try {
extension.addHttpBreakpoint(params.getString(PARAM_STRING), params.getString(PARAM_LOCATION), params.getString(PARAM_MATCH), params.getBoolean(PARAM_INVERSE), params.getBoolean(PARAM_IGNORECASE));
} catch (Exception e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, e.getMessage());
}
} else if (ACTION_REM_HTTP_BREAK_POINT.equals(name)) {
try {
extension.removeHttpBreakpoint(params.getString(PARAM_STRING), params.getString(PARAM_LOCATION), params.getString(PARAM_MATCH), params.getBoolean(PARAM_INVERSE), params.getBoolean(PARAM_IGNORECASE));
} catch (Exception e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, e.getMessage());
}
} else {
throw new ApiException(ApiException.Type.BAD_ACTION);
}
return ApiResponseElement.OK;
}
use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.
the class CustomScanDialog method populateRequestField.
private void populateRequestField(SiteNode node) {
try {
if (node == null || node.getHistoryReference() == null || node.getHistoryReference().getHttpMessage() == null) {
this.getRequestField().setText("");
} else {
// Populate the custom vectors http pane
HttpMessage msg = node.getHistoryReference().getHttpMessage();
String header = msg.getRequestHeader().toString();
StringBuilder sb = new StringBuilder();
sb.append(header);
this.headerLength = header.length();
// Ignore <METHOD> http(s)://host:port/
this.urlPathStart = header.indexOf("/", header.indexOf("://") + 2) + 1;
sb.append(msg.getRequestBody().toString());
this.getRequestField().setText(sb.toString());
// Only set the recurse option if the node has children, and disable it otherwise
JCheckBox recurseChk = (JCheckBox) this.getField(FIELD_RECURSE);
recurseChk.setEnabled(node.getChildCount() > 0);
recurseChk.setSelected(node.getChildCount() > 0);
}
this.setFieldStates();
} catch (HttpMalformedHeaderException | DatabaseException e) {
//
this.getRequestField().setText("");
}
}
use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.
the class KeyboardAPI method handleApiOther.
@Override
public HttpMessage handleApiOther(HttpMessage msg, String name, JSONObject params) throws ApiException {
if (OTHER_CHEETSHEET_ACTION_ORDER.equals(name) || OTHER_CHEETSHEET_KEY_ORDER.equals(name)) {
List<KeyboardShortcut> shortcuts = this.extension.getShortcuts();
if (OTHER_CHEETSHEET_ACTION_ORDER.equals(name)) {
Collections.sort(shortcuts, new Comparator<KeyboardShortcut>() {
@Override
public int compare(KeyboardShortcut o1, KeyboardShortcut o2) {
return o1.getName().compareTo(o2.getName());
}
});
} else {
Collections.sort(shortcuts, new Comparator<KeyboardShortcut>() {
@Override
public int compare(KeyboardShortcut o1, KeyboardShortcut o2) {
return o1.getKeyStrokeKeyCodeString().compareTo(o2.getKeyStrokeKeyCodeString());
}
});
}
StringBuilder response = new StringBuilder();
response.append(Constant.messages.getString("keyboard.api.cheatsheet.header"));
boolean incUnset = this.getParam(params, PARAM_INC_UNSET, false);
for (KeyboardShortcut shortcut : shortcuts) {
if (incUnset || shortcut.getKeyStrokeKeyCodeString().length() > 0) {
// Only show actions with actual shortcuts
response.append(MessageFormat.format(Constant.messages.getString("keyboard.api.cheatsheet.tablerow"), shortcut.getName(), shortcut.getKeyStrokeModifiersString(), shortcut.getKeyStrokeKeyCodeString()));
}
}
response.append(Constant.messages.getString("keyboard.api.cheatsheet.footer"));
try {
msg.setResponseHeader(API.getDefaultResponseHeader("text/html", response.length()));
} catch (HttpMalformedHeaderException e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR, name, e);
}
msg.setResponseBody(response.toString());
return msg;
} else {
throw new ApiException(ApiException.Type.BAD_OTHER, name);
}
}
Aggregations