Search in sources :

Example 71 with HttpMessage

use of org.parosproxy.paros.network.HttpMessage in project zaproxy by zaproxy.

the class VariantCookieUnitTest method shouldNotInjectCookieModificationsIfPositionOfCookieDoesNotExist.

@Test
void shouldNotInjectCookieModificationsIfPositionOfCookieDoesNotExist() {
    // Given
    VariantCookie variantCookie = new VariantCookie();
    HttpMessage message = createMessageWithCookies("a=b; c=d");
    variantCookie.setMessage(message);
    // When
    variantCookie.setParameter(message, cookie("c", "d", 3), "y", "z");
    // Then
    assertThat(message, containsCookieHeader("a=b; c=d"));
}
Also used : HttpMessage(org.parosproxy.paros.network.HttpMessage) Test(org.junit.jupiter.api.Test)

Example 72 with HttpMessage

use of org.parosproxy.paros.network.HttpMessage in project zaproxy by zaproxy.

the class VariantCookieUnitTest method shouldInjectCookieModificationOnMalformedHeader.

@Test
void shouldInjectCookieModificationOnMalformedHeader() {
    // Given
    VariantCookie variantCookie = new VariantCookie();
    HttpMessage message = createMessageWithCookies("a; =b; =d; e=;");
    variantCookie.setMessage(message);
    // When
    String injectedCookie = variantCookie.setParameter(message, cookie(null, "b", 1), "y", "z");
    // Then
    assertThat(injectedCookie, is(equalTo("y=z")));
    assertThat(message, containsCookieHeader("a; y=z; d; e="));
}
Also used : HttpMessage(org.parosproxy.paros.network.HttpMessage) Test(org.junit.jupiter.api.Test)

Example 73 with HttpMessage

use of org.parosproxy.paros.network.HttpMessage in project zaproxy by zaproxy.

the class VariantCookieUnitTest method shouldExtractParametersFromMalformedCookieHeaders.

@Test
void shouldExtractParametersFromMalformedCookieHeaders() {
    // Given
    VariantCookie variantCookie = new VariantCookie();
    HttpMessage messageWithCookies = createMessageWithCookies("a=;=d; e", "g; =j;l=", "n=\"", "=\"");
    // When
    variantCookie.setMessage(messageWithCookies);
    // Then
    assertThat(variantCookie.getParamList().size(), is(equalTo(8)));
    assertThat(variantCookie.getParamList(), contains(cookie("a", "", 0), cookie("", "d", 1), cookie(null, "e", 2), cookie(null, "g", 3), cookie("", "j", 4), cookie("l", "", 5), cookie("n", "\"", 6), cookie("", "\"", 7)));
}
Also used : HttpMessage(org.parosproxy.paros.network.HttpMessage) Test(org.junit.jupiter.api.Test)

Example 74 with HttpMessage

use of org.parosproxy.paros.network.HttpMessage in project zaproxy by zaproxy.

the class ProxyThread method processHttp.

protected void processHttp(HttpRequestHeader requestHeader, boolean isSecure) throws IOException {
    HttpRequestBody reqBody = // ZAP: Replaced the class HttpBody with the class HttpRequestBody.
    null;
    boolean isFirstRequest = true;
    HttpMessage msg = null;
    // reduce socket timeout after first read
    inSocket.setSoTimeout(2500);
    do {
        if (isFirstRequest) {
            isFirstRequest = false;
        } else {
            try {
                requestHeader = httpIn.readRequestHeader(isSecure);
                requestHeader.setSenderAddress(inSocket.getInetAddress());
            } catch (SocketTimeoutException e) {
                // ZAP: Log the exception
                if (log.isDebugEnabled()) {
                    log.debug("Timed out while reading a new HTTP request.");
                }
                return;
            }
        }
        if (parentServer.isEnableApi()) {
            msg = API.getInstance().handleApiRequest(requestHeader, httpIn, httpOut, isRecursive(requestHeader));
            if (msg != null) {
                if (msg.getRequestHeader().isEmpty()) {
                    return;
                }
                ZapGetMethod method = new ZapGetMethod();
                method.setUpgradedSocket(inSocket);
                method.setUpgradedInputStream(httpIn);
                keepSocketOpen = notifyPersistentConnectionListener(msg, inSocket, method);
                return;
            }
        }
        msg = new HttpMessage();
        msg.setRequestHeader(requestHeader);
        if (msg.getRequestHeader().getContentLength() > 0) {
            reqBody = httpIn.readRequestBody(// ZAP: Changed to call the method readRequestBody.
            requestHeader);
            msg.setRequestBody(reqBody);
        }
        if (proxyParam.isRemoveUnsupportedEncodings()) {
            removeUnsupportedEncodings(msg);
        }
        if (isProcessCache(msg)) {
            continue;
        }
        if (parentServer.isSerialize()) {
            semaphore = semaphoreSingleton;
        } else {
            semaphore = this;
        }
        boolean send = true;
        boolean excluded = parentServer.excludeUrl(msg.getRequestHeader().getURI());
        synchronized (semaphore) {
            if (!excluded) {
                if (notifyOverrideListenersRequestSend(msg)) {
                    send = false;
                } else if (!notifyListenerRequestSend(msg)) {
                    // One of the listeners has told us to drop the request
                    return;
                }
            }
            try {
                // getHttpSender().sendAndReceive(msg, httpOut, buffer);
                if (excluded) {
                    getHttpSender().sendAndReceive(msg, EXCLUDED_REQ_CONFIG);
                } else if (send) {
                    if (msg.getResponseHeader().isEmpty()) {
                        // Normally the response is empty.
                        // The only reason it wont be is if a script or other ext has
                        // deliberately 'hijacked' this request
                        // We dont jsut set send=false as this then means it wont appear in the
                        // History tab
                        getHttpSender().sendAndReceive(msg);
                    }
                    if (proxyParam.isAlwaysDecodeGzip()) {
                        decodeResponseIfNeeded(msg);
                    }
                    if (!notifyOverrideListenersResponseReceived(msg)) {
                        if (!notifyListenerResponseReceive(msg)) {
                            // One of the listeners has told us to drop the response
                            return;
                        }
                    }
                }
            // notifyWrittenToForwardProxy();
            } catch (HttpException e) {
                // System.out.println("HttpException");
                throw e;
            } catch (SocketTimeoutException e) {
                String message = Constant.messages.getString("proxy.error.readtimeout", msg.getRequestHeader().getURI(), connectionParam.getTimeoutInSecs());
                log.warn(message);
                setErrorResponse(msg, GATEWAY_TIMEOUT_RESPONSE_STATUS, message);
                if (!excluded) {
                    notifyListenerResponseReceive(msg);
                }
            } catch (IOException e) {
                setErrorResponse(msg, BAD_GATEWAY_RESPONSE_STATUS, e);
                if (!excluded) {
                    notifyListenerResponseReceive(msg);
                }
            // throw e;
            }
            try {
                writeHttpResponse(msg, httpOut);
            } catch (IOException e) {
                StringBuilder strBuilder = new StringBuilder(200);
                strBuilder.append("Failed to write/forward the HTTP response to the client: ");
                strBuilder.append(e.getClass().getName());
                if (e.getMessage() != null) {
                    strBuilder.append(": ").append(e.getMessage());
                }
                log.warn(strBuilder.toString());
            }
        }
        // release semaphore
        ZapGetMethod method = (ZapGetMethod) msg.getUserObject();
        keepSocketOpen = notifyPersistentConnectionListener(msg, inSocket, method);
        if (keepSocketOpen) {
            // do not wait for close
            break;
        }
    } while (!isConnectionClose(msg) && !inSocket.isClosed());
}
Also used : ZapGetMethod(org.zaproxy.zap.ZapGetMethod) HttpRequestBody(org.zaproxy.zap.network.HttpRequestBody) SocketTimeoutException(java.net.SocketTimeoutException) HttpException(org.apache.commons.httpclient.HttpException) IOException(java.io.IOException) HttpMessage(org.parosproxy.paros.network.HttpMessage)

Example 75 with HttpMessage

use of org.parosproxy.paros.network.HttpMessage in project zaproxy by zaproxy.

the class ProxyThread method isProcessCache.

protected boolean isProcessCache(HttpMessage msg) throws IOException {
    if (!parentServer.isEnableCacheProcessing()) {
        return false;
    }
    if (parentServer.getCacheProcessingList().isEmpty()) {
        return false;
    }
    CacheProcessingItem item = parentServer.getCacheProcessingList().get(0);
    if (msg.equals(item.message)) {
        HttpMessage newMsg = item.message.cloneAll();
        msg.setResponseHeader(newMsg.getResponseHeader());
        msg.setResponseBody(newMsg.getResponseBody());
        writeHttpResponse(msg, httpOut);
        return true;
    } else {
        try {
            RecordHistory history = Model.getSingleton().getDb().getTableHistory().getHistoryCache(item.reference, msg);
            if (history == null) {
                return false;
            }
            msg.setResponseHeader(history.getHttpMessage().getResponseHeader());
            msg.setResponseBody(history.getHttpMessage().getResponseBody());
            writeHttpResponse(msg, httpOut);
            return true;
        } catch (Exception e) {
            return true;
        }
    }
// return false;
}
Also used : HttpMessage(org.parosproxy.paros.network.HttpMessage) RecordHistory(org.parosproxy.paros.db.RecordHistory) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) SocketException(java.net.SocketException) SocketTimeoutException(java.net.SocketTimeoutException) HttpException(org.apache.commons.httpclient.HttpException) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException) SSLException(javax.net.ssl.SSLException)

Aggregations

HttpMessage (org.parosproxy.paros.network.HttpMessage)460 Test (org.junit.jupiter.api.Test)360 Source (net.htmlparser.jericho.Source)86 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)86 WithConfigsTest (org.zaproxy.zap.WithConfigsTest)57 CustomPage (org.zaproxy.zap.extension.custompages.CustomPage)48 SpiderParam (org.zaproxy.zap.spider.SpiderParam)36 URI (org.apache.commons.httpclient.URI)34 HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)32 IOException (java.io.IOException)26 DatabaseException (org.parosproxy.paros.db.DatabaseException)26 ArrayList (java.util.ArrayList)24 HashMap (java.util.HashMap)17 FilterResult (org.zaproxy.zap.spider.filters.ParseFilter.FilterResult)17 HistoryReference (org.parosproxy.paros.model.HistoryReference)14 HttpRequestHeader (org.parosproxy.paros.network.HttpRequestHeader)14 AuthenticationState (org.zaproxy.zap.users.AuthenticationState)14 URIException (org.apache.commons.httpclient.URIException)13 User (org.zaproxy.zap.users.User)13 IHTTPSession (fi.iki.elonen.NanoHTTPD.IHTTPSession)11