Examples with HttpMalformedHeaderException org.parosproxy.paros.network.HttpMalformedHeaderException used on opensource projects

Search in sources :

Example 6 with HttpMalformedHeaderException

use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.

the class ExtensionAntiCSRF method registerAntiCsrfToken.

public void registerAntiCsrfToken(AntiCsrfToken token) {
    log.debug("registerAntiCsrfToken " + token.getMsg().getRequestHeader().getURI().toString() + " " + token.getValue());
    synchronized (valueToToken) {
        try {
            HistoryReference hRef = token.getMsg().getHistoryRef();
            if (hRef == null) {
                hRef = new HistoryReference(getModel().getSession(), HistoryReference.TYPE_TEMPORARY, token.getMsg());
                token.getMsg().setHistoryRef(null);
            }
            token.setHistoryReferenceId(hRef.getHistoryId());
            valueToToken.put(encoder.getURLEncode(token.getValue()), token);
        } catch (HttpMalformedHeaderException | DatabaseException e) {
            log.error("Failed to persist the message: ", e);
        }
    }
}
Also used : HistoryReference(org.parosproxy.paros.model.HistoryReference) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) DatabaseException(org.parosproxy.paros.db.DatabaseException)

Example 7 with HttpMalformedHeaderException

use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.

the class ExtensionAntiCSRF method sessionChanged.

@Override
public void sessionChanged(Session session) {
    if (session == null) {
        // Closedown
        return;
    }
    synchronized (valueToToken) {
        valueToToken.clear();
    }
    // search for tokens...
    try {
        List<Integer> list = getModel().getDb().getTableHistory().getHistoryIdsOfHistType(session.getSessionId(), HistoryReference.TYPE_PROXIED, HistoryReference.TYPE_ZAP_USER);
        HistoryFilter filter = new HistoryFilter();
        filter.setTags(Arrays.asList(new String[] { TAG }));
        AntiCsrfDetectScanner antiCsrfDetectScanner = new AntiCsrfDetectScanner(this);
        for (Integer i : list) {
            HistoryReference hRef = historyReferenceFactory.createHistoryReference(i.intValue());
            if (filter.matches(hRef)) {
                HttpMessage msg = hRef.getHttpMessage();
                String response = msg.getResponseHeader().toString() + msg.getResponseBody().toString();
                Source src = new Source(response);
                if (msg.isResponseFromTargetHost()) {
                    antiCsrfDetectScanner.scanHttpResponseReceive(msg, hRef.getHistoryId(), src);
                }
            }
        }
    } catch (DatabaseException | HttpMalformedHeaderException e) {
        log.error(e.getMessage(), e);
    }
}
Also used : HistoryFilter(org.parosproxy.paros.extension.history.HistoryFilter) HistoryReference(org.parosproxy.paros.model.HistoryReference) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) HttpMessage(org.parosproxy.paros.network.HttpMessage) DatabaseException(org.parosproxy.paros.db.DatabaseException) Source(net.htmlparser.jericho.Source)

Example 8 with HttpMalformedHeaderException

use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.

the class BreakAPI method handleApiAction.

@Override
public ApiResponse handleApiAction(String name, JSONObject params) throws ApiException {
    if (ACTION_BREAK.equals(name)) {
        String type = params.getString(PARAM_TYPE).toLowerCase();
        if (type.equals(VALUE_TYPE_HTTP_ALL)) {
            extension.setBreakAllRequests(params.getBoolean(PARAM_STATE));
            extension.setBreakAllResponses(params.getBoolean(PARAM_STATE));
        } else if (type.equals(VALUE_TYPE_HTTP_REQUESTS)) {
            extension.setBreakAllRequests(params.getBoolean(PARAM_STATE));
        } else if (type.equals(VALUE_TYPE_HTTP_RESPONSES)) {
            extension.setBreakAllResponses(params.getBoolean(PARAM_STATE));
        } else {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_TYPE + " not in [" + VALUE_TYPE_HTTP_ALL + "," + VALUE_TYPE_HTTP_REQUESTS + "," + VALUE_TYPE_HTTP_RESPONSES + "]");
        }
    } else if (ACTION_BREAK_ON_ID.equals(name)) {
        extension.setBreakOnId(params.getString(PARAM_KEY), params.getString(PARAM_STATE).toLowerCase().equals("on"));
    } else if (ACTION_CONTINUE.equals(name)) {
        extension.getBreakpointManagementInterface().cont();
    } else if (ACTION_STEP.equals(name)) {
        extension.getBreakpointManagementInterface().step();
    } else if (ACTION_DROP.equals(name)) {
        extension.getBreakpointManagementInterface().drop();
    } else if (ACTION_SET_HTTP_MESSAGE.equals(name)) {
        if (extension.getBreakpointManagementInterface().getMessage() == null) {
            // We've not got an intercepted message
            throw new ApiException(ApiException.Type.DOES_NOT_EXIST);
        }
        String header = params.getString(PARAM_HTTP_HEADER);
        String body = this.getParam(params, PARAM_HTTP_BODY, "");
        if (header.indexOf(HttpHeader.CRLF) < 0) {
            if (header.indexOf("\\n") >= 0) {
                // Makes it easier to use via API UI
                header = header.replace("\\r", "\r").replace("\\n", "\n");
            }
        }
        Message msg = extension.getBreakpointManagementInterface().getMessage();
        if (msg instanceof HttpMessage) {
            HttpMessage httpMsg = (HttpMessage) msg;
            if (extension.getBreakpointManagementInterface().isRequest()) {
                try {
                    httpMsg.setRequestHeader(header);
                    httpMsg.setRequestBody(body);
                    extension.getBreakpointManagementInterface().setMessage(httpMsg, true);
                } catch (HttpMalformedHeaderException e) {
                    throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, e.getMessage());
                }
            } else {
                try {
                    httpMsg.setResponseHeader(header);
                    httpMsg.setResponseBody(body);
                    extension.getBreakpointManagementInterface().setMessage(httpMsg, false);
                } catch (HttpMalformedHeaderException e) {
                    throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, e.getMessage());
                }
            }
        }
    } else if (ACTION_ADD_HTTP_BREAK_POINT.equals(name)) {
        try {
            extension.addHttpBreakpoint(params.getString(PARAM_STRING), params.getString(PARAM_LOCATION), params.getString(PARAM_MATCH), params.getBoolean(PARAM_INVERSE), params.getBoolean(PARAM_IGNORECASE));
        } catch (Exception e) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, e.getMessage());
        }
    } else if (ACTION_REM_HTTP_BREAK_POINT.equals(name)) {
        try {
            extension.removeHttpBreakpoint(params.getString(PARAM_STRING), params.getString(PARAM_LOCATION), params.getString(PARAM_MATCH), params.getBoolean(PARAM_INVERSE), params.getBoolean(PARAM_IGNORECASE));
        } catch (Exception e) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, e.getMessage());
        }
    } else {
        throw new ApiException(ApiException.Type.BAD_ACTION);
    }
    return ApiResponseElement.OK;
}
Also used : Message(org.zaproxy.zap.extension.httppanel.Message) HttpMessage(org.parosproxy.paros.network.HttpMessage) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) HttpMessage(org.parosproxy.paros.network.HttpMessage) ApiException(org.zaproxy.zap.extension.api.ApiException) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 9 with HttpMalformedHeaderException

use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.

the class CustomScanDialog method populateRequestField.

private void populateRequestField(SiteNode node) {
    try {
        if (node == null || node.getHistoryReference() == null || node.getHistoryReference().getHttpMessage() == null) {
            this.getRequestField().setText("");
        } else {
            // Populate the custom vectors http pane
            HttpMessage msg = node.getHistoryReference().getHttpMessage();
            String header = msg.getRequestHeader().toString();
            StringBuilder sb = new StringBuilder();
            sb.append(header);
            this.headerLength = header.length();
            // Ignore <METHOD> http(s)://host:port/
            this.urlPathStart = header.indexOf("/", header.indexOf("://") + 2) + 1;
            sb.append(msg.getRequestBody().toString());
            this.getRequestField().setText(sb.toString());
            // Only set the recurse option if the node has children, and disable it otherwise
            JCheckBox recurseChk = (JCheckBox) this.getField(FIELD_RECURSE);
            recurseChk.setEnabled(node.getChildCount() > 0);
            recurseChk.setSelected(node.getChildCount() > 0);
        }
        this.setFieldStates();
    } catch (HttpMalformedHeaderException | DatabaseException e) {
        // 
        this.getRequestField().setText("");
    }
}
Also used : JCheckBox(javax.swing.JCheckBox) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) HttpMessage(org.parosproxy.paros.network.HttpMessage) DatabaseException(org.parosproxy.paros.db.DatabaseException)

Example 10 with HttpMalformedHeaderException

use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.

the class KeyboardAPI method handleApiOther.

@Override
public HttpMessage handleApiOther(HttpMessage msg, String name, JSONObject params) throws ApiException {
    if (OTHER_CHEETSHEET_ACTION_ORDER.equals(name) || OTHER_CHEETSHEET_KEY_ORDER.equals(name)) {
        List<KeyboardShortcut> shortcuts = this.extension.getShortcuts();
        if (OTHER_CHEETSHEET_ACTION_ORDER.equals(name)) {
            Collections.sort(shortcuts, new Comparator<KeyboardShortcut>() {

                @Override
                public int compare(KeyboardShortcut o1, KeyboardShortcut o2) {
                    return o1.getName().compareTo(o2.getName());
                }
            });
        } else {
            Collections.sort(shortcuts, new Comparator<KeyboardShortcut>() {

                @Override
                public int compare(KeyboardShortcut o1, KeyboardShortcut o2) {
                    return o1.getKeyStrokeKeyCodeString().compareTo(o2.getKeyStrokeKeyCodeString());
                }
            });
        }
        StringBuilder response = new StringBuilder();
        response.append(Constant.messages.getString("keyboard.api.cheatsheet.header"));
        boolean incUnset = this.getParam(params, PARAM_INC_UNSET, false);
        for (KeyboardShortcut shortcut : shortcuts) {
            if (incUnset || shortcut.getKeyStrokeKeyCodeString().length() > 0) {
                // Only show actions with actual shortcuts
                response.append(MessageFormat.format(Constant.messages.getString("keyboard.api.cheatsheet.tablerow"), shortcut.getName(), shortcut.getKeyStrokeModifiersString(), shortcut.getKeyStrokeKeyCodeString()));
            }
        }
        response.append(Constant.messages.getString("keyboard.api.cheatsheet.footer"));
        try {
            msg.setResponseHeader(API.getDefaultResponseHeader("text/html", response.length()));
        } catch (HttpMalformedHeaderException e) {
            throw new ApiException(ApiException.Type.INTERNAL_ERROR, name, e);
        }
        msg.setResponseBody(response.toString());
        return msg;
    } else {
        throw new ApiException(ApiException.Type.BAD_OTHER, name);
    }
}
Also used : HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) ApiException(org.zaproxy.zap.extension.api.ApiException)

Aggregations

HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)28 DatabaseException (org.parosproxy.paros.db.DatabaseException)17 HttpMessage (org.parosproxy.paros.network.HttpMessage)14 RecordHistory (org.parosproxy.paros.db.RecordHistory)7 IOException (java.io.IOException)6 HistoryReference (org.parosproxy.paros.model.HistoryReference)6 Matcher (java.util.regex.Matcher)4 URIException (org.apache.commons.httpclient.URIException)4 TableHistory (org.parosproxy.paros.db.TableHistory)4 Session (org.parosproxy.paros.model.Session)4 PatternSyntaxException (java.util.regex.PatternSyntaxException)3 URI (org.apache.commons.httpclient.URI)3 ApiException (org.zaproxy.zap.extension.api.ApiException)3 HarEntries (edu.umass.cs.benchlab.har.HarEntries)2 HarLog (edu.umass.cs.benchlab.har.HarLog)2 PreparedStatement (java.sql.PreparedStatement)2 ResultSet (java.sql.ResultSet)2 SQLException (java.sql.SQLException)2 ArrayList (java.util.ArrayList)2 List (java.util.List)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial