Search in sources :

Example 16 with HttpMessage

use of org.parosproxy.paros.network.HttpMessage in project zaproxy by zaproxy.

the class HttpBreakpointManagementDaemonImpl method setMessage.

@Override
public void setMessage(Message msg, boolean isRequest) {
    if (msg instanceof HttpMessage) {
        switch(Control.getSingleton().getMode()) {
            case safe:
                throw new IllegalStateException("Not allowed in safe mode");
            case protect:
                if (!msg.isInScope()) {
                    throw new IllegalStateException("Not allowed in protected mode for out of scope message");
                }
                break;
            case standard:
                break;
            case attack:
                break;
        }
        HttpMessage httpMsg = (HttpMessage) msg;
        if (this.msg == null) {
            this.msg = httpMsg;
            this.request = isRequest;
        } else {
            if (isRequest) {
                this.msg.setRequestHeader(httpMsg.getRequestHeader());
                this.msg.setRequestBody(httpMsg.getRequestBody());
            } else {
                this.msg.setResponseHeader(httpMsg.getResponseHeader());
                this.msg.setResponseBody(httpMsg.getResponseBody());
            }
        }
    } else {
        throw new IllegalArgumentException("Not an HttpMessage");
    }
}
Also used : HttpMessage(org.parosproxy.paros.network.HttpMessage)

Example 17 with HttpMessage

use of org.parosproxy.paros.network.HttpMessage in project zaproxy by zaproxy.

the class HttpBreakpointMessage method match.

@Override
public boolean match(Message aMessage, boolean isRequest, boolean onlyIfInScope) {
    if (aMessage instanceof HttpMessage) {
        HttpMessage messge = (HttpMessage) aMessage;
        try {
            String uri = messge.getRequestHeader().getURI().toString();
            if (onlyIfInScope) {
                if (!Model.getSingleton().getSession().isInScope(uri)) {
                    return false;
                }
            }
            String src = null;
            switch(location) {
                case url:
                    src = uri;
                    break;
                case request_header:
                    if (!isRequest) {
                        return false;
                    }
                    src = messge.getRequestHeader().toString();
                    break;
                case request_body:
                    if (!isRequest) {
                        return false;
                    }
                    src = messge.getRequestBody().toString();
                    break;
                case response_header:
                    if (isRequest) {
                        return false;
                    }
                    src = messge.getResponseHeader().toString();
                    break;
                case response_body:
                    if (isRequest) {
                        return false;
                    }
                    src = messge.getResponseBody().toString();
                    break;
            }
            boolean res;
            if (Match.contains.equals(this.match)) {
                if (ignoreCase) {
                    res = src.toLowerCase().contains(string.toLowerCase());
                } else {
                    res = src.contains(string);
                }
            } else {
                res = pattern.matcher(src).find();
            }
            if (inverse) {
                return !res;
            } else {
                return res;
            }
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        }
    }
    return false;
}
Also used : HttpMessage(org.parosproxy.paros.network.HttpMessage)

Example 18 with HttpMessage

use of org.parosproxy.paros.network.HttpMessage in project zaproxy by zaproxy.

the class CustomScanDialog method populateRequestField.

private void populateRequestField(SiteNode node) {
    try {
        if (node == null || node.getHistoryReference() == null || node.getHistoryReference().getHttpMessage() == null) {
            this.getRequestField().setText("");
        } else {
            // Populate the custom vectors http pane
            HttpMessage msg = node.getHistoryReference().getHttpMessage();
            String header = msg.getRequestHeader().toString();
            StringBuilder sb = new StringBuilder();
            sb.append(header);
            this.headerLength = header.length();
            // Ignore <METHOD> http(s)://host:port/
            this.urlPathStart = header.indexOf("/", header.indexOf("://") + 2) + 1;
            sb.append(msg.getRequestBody().toString());
            this.getRequestField().setText(sb.toString());
            // Only set the recurse option if the node has children, and disable it otherwise
            JCheckBox recurseChk = (JCheckBox) this.getField(FIELD_RECURSE);
            recurseChk.setEnabled(node.getChildCount() > 0);
            recurseChk.setSelected(node.getChildCount() > 0);
        }
        this.setFieldStates();
    } catch (HttpMalformedHeaderException | DatabaseException e) {
        // 
        this.getRequestField().setText("");
    }
}
Also used : JCheckBox(javax.swing.JCheckBox) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) HttpMessage(org.parosproxy.paros.network.HttpMessage) DatabaseException(org.parosproxy.paros.db.DatabaseException)

Example 19 with HttpMessage

use of org.parosproxy.paros.network.HttpMessage in project zaproxy by zaproxy.

the class View method displayMessage.

/**
     * {@inheritDoc}
     * <p>
     * <strong>Note:</strong> Current implementation just supports {@link HttpMessage HTTP messages}. Attempting to display
     * other message types has no effect.
     */
@Override
public void displayMessage(Message message) {
    if (message == null) {
        getRequestPanel().clearView(true);
        getResponsePanel().clearView(false);
        return;
    }
    if (!(message instanceof HttpMessage)) {
        logger.warn("Unable to display message: " + message.getClass().getCanonicalName());
        return;
    }
    HttpMessage httpMessage = (HttpMessage) message;
    if (httpMessage.getRequestHeader().isEmpty()) {
        getRequestPanel().clearView(true);
    } else {
        getRequestPanel().setMessage(httpMessage);
    }
    if (httpMessage.getResponseHeader().isEmpty()) {
        getResponsePanel().clearView(false);
    } else {
        getResponsePanel().setMessage(httpMessage, true);
    }
}
Also used : HttpMessage(org.parosproxy.paros.network.HttpMessage)

Example 20 with HttpMessage

use of org.parosproxy.paros.network.HttpMessage in project zaproxy by zaproxy.

the class SessionStructure method addStructure.

private static RecordStructure addStructure(Session session, String host, HttpMessage msg, List<String> paths, int size, int historyId) throws DatabaseException, URIException {
    //String nodeUrl = pathsToUrl(host, paths, size);
    String nodeName = getNodeName(session, host, msg, paths, size);
    String parentName = pathsToUrl(host, paths, size - 1);
    String url = "";
    if (msg != null) {
        url = msg.getRequestHeader().getURI().toString();
        String params = getParams(session, msg);
        if (params.length() > 0) {
            nodeName = nodeName + " " + params;
        }
    }
    String method = HttpRequestHeader.GET;
    if (msg != null) {
        method = msg.getRequestHeader().getMethod();
    }
    RecordStructure msgRs = Model.getSingleton().getDb().getTableStructure().find(session.getSessionId(), nodeName, method);
    if (msgRs == null) {
        long parentId = -1;
        if (!nodeName.equals("Root")) {
            HttpMessage tmpMsg = null;
            int parentHistoryId = -1;
            if (!parentName.equals("Root")) {
                tmpMsg = getTempHttpMessage(session, parentName, msg);
                parentHistoryId = tmpMsg.getHistoryRef().getHistoryId();
            }
            RecordStructure parentRs = addStructure(session, host, tmpMsg, paths, size - 1, parentHistoryId);
            parentId = parentRs.getStructureId();
        }
        msgRs = Model.getSingleton().getDb().getTableStructure().insert(session.getSessionId(), parentId, historyId, nodeName, url, method);
    }
    return msgRs;
}
Also used : RecordStructure(org.parosproxy.paros.db.RecordStructure) HttpMessage(org.parosproxy.paros.network.HttpMessage)

Aggregations

HttpMessage (org.parosproxy.paros.network.HttpMessage)205 Test (org.junit.Test)144 Source (net.htmlparser.jericho.Source)73 SpiderParam (org.zaproxy.zap.spider.SpiderParam)29 HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)22 DatabaseException (org.parosproxy.paros.db.DatabaseException)19 IOException (java.io.IOException)14 URI (org.apache.commons.httpclient.URI)10 URIException (org.apache.commons.httpclient.URIException)10 HttpException (org.apache.commons.httpclient.HttpException)7 HistoryReference (org.parosproxy.paros.model.HistoryReference)6 HttpRequestHeader (org.parosproxy.paros.network.HttpRequestHeader)6 WithConfigsTest (org.zaproxy.zap.WithConfigsTest)6 DefaultValueGenerator (org.zaproxy.zap.model.DefaultValueGenerator)6 SocketTimeoutException (java.net.SocketTimeoutException)5 RecordHistory (org.parosproxy.paros.db.RecordHistory)4 HttpResponseHeader (org.parosproxy.paros.network.HttpResponseHeader)4 File (java.io.File)3 SocketException (java.net.SocketException)3 UnknownHostException (java.net.UnknownHostException)3