Search in sources :

Example 11 with HttpRequestHeader

use of org.parosproxy.paros.network.HttpRequestHeader in project zaproxy by zaproxy.

the class HarUtils method createHarRequest.

public static HarRequest createHarRequest(HttpMessage httpMessage) {
    HttpRequestHeader requestHeader = httpMessage.getRequestHeader();
    HarCookies harCookies = new HarCookies();
    try {
        for (HttpCookie cookie : requestHeader.getHttpCookies()) {
            harCookies.addCookie(new HarCookie(cookie.getName(), cookie.getValue()));
        }
    } catch (IllegalArgumentException e) {
        LOGGER.warn("Ignoring cookies for HAR (\"request\") \"cookies\" list. Request contains invalid cookie: " + e.getMessage());
    }
    HarQueryString harQueryString = new HarQueryString();
    for (HtmlParameter param : httpMessage.getUrlParams()) {
        harQueryString.addQueryParam(new HarQueryParam(param.getName(), param.getValue()));
    }
    HarPostData harPostData = null;
    HttpRequestBody requestBody = httpMessage.getRequestBody();
    if (requestBody.length() >= 0) {
        HarPostDataParams params = new HarPostDataParams();
        String text = "";
        String contentType = requestHeader.getHeader(HttpHeader.CONTENT_TYPE);
        if (contentType == null) {
            contentType = "";
            text = requestBody.toString();
        } else {
            if (StringUtils.startsWithIgnoreCase(contentType.trim(), HttpHeader.FORM_URLENCODED_CONTENT_TYPE)) {
                for (HtmlParameter param : httpMessage.getFormParams()) {
                    params.addPostDataParam(new HarPostDataParam(param.getName(), param.getValue()));
                }
            } else {
                text = requestBody.toString();
            }
        }
        harPostData = new HarPostData(contentType, params, text, null);
    }
    return new HarRequest(requestHeader.getMethod(), requestHeader.getURI().toString(), requestHeader.getVersion(), harCookies, createHarHeaders(requestHeader), harQueryString, harPostData, requestHeader.toString().length(), httpMessage.getRequestBody().length(), null);
}
Also used : HarCookie(edu.umass.cs.benchlab.har.HarCookie) HarQueryString(edu.umass.cs.benchlab.har.HarQueryString) HarCookies(edu.umass.cs.benchlab.har.HarCookies) HarQueryString(edu.umass.cs.benchlab.har.HarQueryString) HttpRequestHeader(org.parosproxy.paros.network.HttpRequestHeader) HarQueryParam(edu.umass.cs.benchlab.har.HarQueryParam) HarPostData(edu.umass.cs.benchlab.har.HarPostData) HttpRequestBody(org.zaproxy.zap.network.HttpRequestBody) HarRequest(edu.umass.cs.benchlab.har.HarRequest) HtmlParameter(org.parosproxy.paros.network.HtmlParameter) HarPostDataParams(edu.umass.cs.benchlab.har.HarPostDataParams) HttpCookie(java.net.HttpCookie) HarPostDataParam(edu.umass.cs.benchlab.har.HarPostDataParam)

Example 12 with HttpRequestHeader

use of org.parosproxy.paros.network.HttpRequestHeader in project zaproxy by zaproxy.

the class RequestUtils method changeMethod.

/*
	 * Change the HTTP Method in header to method.
	 * 
	 */
public static HttpRequestHeader changeMethod(String method, String header, String body) throws URIException, HttpMalformedHeaderException {
    HttpRequestHeader hrh = new HttpRequestHeader(header);
    URI uri = hrh.getURI();
    String prevMethod = hrh.getMethod();
    if (prevMethod.equalsIgnoreCase(method)) {
        return hrh;
    }
    if (prevMethod.equals(HttpRequestHeader.POST)) {
        // Was POST, move all params onto the URL
        if (body != null && body.length() > 0) {
            StringBuilder sb = new StringBuilder();
            if (uri.getQuery() != null) {
                sb.append(uri.getQuery());
            }
            String[] params = body.split("&");
            for (String param : params) {
                if (sb.length() > 0) {
                    sb.append('&');
                }
                String[] nv = param.split("=");
                if (nv.length == 1) {
                    // This effectively strips out the equals if theres no value 
                    sb.append(nv[0]);
                } else {
                    sb.append(param);
                }
            }
            uri.setQuery(sb.toString());
        }
        hrh.setURI(uri);
        // Clear the body
        body = "";
    } else if (method.equals(HttpRequestHeader.POST)) {
        // To be a port, move all URL query params into the body
        String query = uri.getQuery();
        if (query != null) {
            StringBuilder sb = new StringBuilder();
            String[] params = query.split("&");
            for (String param : params) {
                if (sb.length() > 0) {
                    sb.append('&');
                }
                sb.append(param);
                String[] nv = param.split("=");
                if (nv.length == 1) {
                    // Cope with URL params with no values e.g. http://www.example.com/test?key
                    sb.append('=');
                }
            }
            // fixed: dead store to variable body by commenting the following line
            // body = sb.toString();
            uri.setQuery(null);
            hrh.setURI(uri);
        }
    }
    hrh.setMethod(method);
    return hrh;
}
Also used : HttpRequestHeader(org.parosproxy.paros.network.HttpRequestHeader) URI(org.apache.commons.httpclient.URI)

Example 13 with HttpRequestHeader

use of org.parosproxy.paros.network.HttpRequestHeader in project zaproxy by zaproxy.

the class ManualHttpRequestEditorDialog method setDefaultMessage.

@Override
public void setDefaultMessage() {
    HttpMessage msg = new HttpMessage();
    try {
        URI uri = new URI("http://www.any_domain_name.org/path", true);
        msg.setRequestHeader(new HttpRequestHeader(HttpRequestHeader.GET, uri, HttpHeader.HTTP10, Model.getSingleton().getOptionsParam().getConnectionParam()));
        setMessage(msg);
    } catch (HttpMalformedHeaderException e) {
        logger.error(e.getMessage(), e);
    } catch (URIException e) {
        logger.error(e.getMessage(), e);
    }
}
Also used : URIException(org.apache.commons.httpclient.URIException) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) HttpMessage(org.parosproxy.paros.network.HttpMessage) HttpRequestHeader(org.parosproxy.paros.network.HttpRequestHeader) URI(org.apache.commons.httpclient.URI)

Example 14 with HttpRequestHeader

use of org.parosproxy.paros.network.HttpRequestHeader in project zaproxy by zaproxy.

the class APIUnitTest method createApiRequest.

private HttpRequestHeader createApiRequest(byte[] remoteAddress, String hostname, String requestUri) throws Exception {
    HttpRequestHeader httpRequestHeader = new HttpRequestHeader("GET " + requestUri + " HTTP/1.1\r\n" + "Host: " + hostname + "\r\n");
    httpRequestHeader.setSenderAddress(Inet4Address.getByAddress(remoteAddress));
    return httpRequestHeader;
}
Also used : HttpRequestHeader(org.parosproxy.paros.network.HttpRequestHeader)

Example 15 with HttpRequestHeader

use of org.parosproxy.paros.network.HttpRequestHeader in project zaproxy by zaproxy.

the class ProxyThread method run.

@Override
public void run() {
    proxyThreadList.add(thread);
    boolean isSecure = this instanceof ProxyThreadSSL;
    HttpRequestHeader firstHeader = null;
    try {
        BufferedInputStream bufferedInputStream = new BufferedInputStream(inSocket.getInputStream(), 2048);
        inSocket = new CustomStreamsSocket(inSocket, bufferedInputStream, inSocket.getOutputStream());
        httpIn = new HttpInputStream(inSocket);
        httpOut = new HttpOutputStream(inSocket.getOutputStream());
        firstHeader = httpIn.readRequestHeader(isSecure);
        firstHeader.setSenderAddress(inSocket.getInetAddress());
        if (firstHeader.getMethod().equalsIgnoreCase(HttpRequestHeader.CONNECT)) {
            HttpMessage connectMsg = new HttpMessage(firstHeader);
            connectMsg.setTimeSentMillis(System.currentTimeMillis());
            try {
                httpOut.write(CONNECT_HTTP_200);
                httpOut.flush();
                connectMsg.setResponseHeader(CONNECT_HTTP_200);
                connectMsg.setTimeElapsedMillis((int) (System.currentTimeMillis() - connectMsg.getTimeSentMillis()));
                notifyConnectMessage(connectMsg);
                byte[] bytes = new byte[3];
                bufferedInputStream.mark(3);
                bufferedInputStream.read(bytes);
                bufferedInputStream.reset();
                if (isSslTlsHandshake(bytes)) {
                    isSecure = true;
                    beginSSL(firstHeader.getHostName());
                }
                firstHeader = httpIn.readRequestHeader(isSecure);
                firstHeader.setSenderAddress(inSocket.getInetAddress());
                processHttp(firstHeader, isSecure);
            } catch (MissingRootCertificateException e) {
                // Unluckily Firefox and Internet Explorer will not show this message.
                // We should find a way to let the browsers display this error message.
                // May we can redirect to some kind of ZAP custom error page.
                final HttpMessage errmsg = new HttpMessage(firstHeader);
                setErrorResponse(errmsg, BAD_GATEWAY_RESPONSE_STATUS, e, "ZAP SSL Error");
                writeHttpResponse(errmsg, httpOut);
                throw new IOException(e);
            }
        } else {
            processHttp(firstHeader, isSecure);
        }
    } catch (SocketTimeoutException e) {
        // ZAP: Log the exception
        if (firstHeader != null) {
            if (HttpRequestHeader.CONNECT.equalsIgnoreCase(firstHeader.getMethod())) {
                log.warn("Timeout reading (client) message after CONNECT to " + firstHeader.getURI());
            } else {
                log.warn("Timeout accessing " + firstHeader.getURI());
            }
        } else {
            log.warn("Socket timeout while reading first message.");
            if (log.isDebugEnabled()) {
                log.debug(e, e);
            }
        }
    } catch (HttpMalformedHeaderException e) {
        log.warn("Malformed Header: ", e);
    } catch (HttpException e) {
        log.error(e.getMessage(), e);
    } catch (IOException e) {
        log.debug("IOException: ", e);
    } finally {
        proxyThreadList.remove(thread);
        // ZAP: do only close if flag is false
        if (!keepSocketOpen) {
            disconnect();
        }
    }
}
Also used : HttpOutputStream(org.parosproxy.paros.network.HttpOutputStream) IOException(java.io.IOException) HttpRequestHeader(org.parosproxy.paros.network.HttpRequestHeader) MissingRootCertificateException(org.parosproxy.paros.security.MissingRootCertificateException) SocketTimeoutException(java.net.SocketTimeoutException) BufferedInputStream(java.io.BufferedInputStream) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) HttpException(org.apache.commons.httpclient.HttpException) HttpInputStream(org.parosproxy.paros.network.HttpInputStream) HttpMessage(org.parosproxy.paros.network.HttpMessage)

Aggregations

HttpRequestHeader (org.parosproxy.paros.network.HttpRequestHeader)15 URI (org.apache.commons.httpclient.URI)8 HttpMessage (org.parosproxy.paros.network.HttpMessage)6 IOException (java.io.IOException)3 URIException (org.apache.commons.httpclient.URIException)3 HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)3 HarPostData (edu.umass.cs.benchlab.har.HarPostData)2 HarPostDataParam (edu.umass.cs.benchlab.har.HarPostDataParam)2 HarQueryString (edu.umass.cs.benchlab.har.HarQueryString)2 HttpRequestBody (org.zaproxy.zap.network.HttpRequestBody)2 HarCookie (edu.umass.cs.benchlab.har.HarCookie)1 HarCookies (edu.umass.cs.benchlab.har.HarCookies)1 HarHeader (edu.umass.cs.benchlab.har.HarHeader)1 HarPostDataParams (edu.umass.cs.benchlab.har.HarPostDataParams)1 HarQueryParam (edu.umass.cs.benchlab.har.HarQueryParam)1 HarRequest (edu.umass.cs.benchlab.har.HarRequest)1 BufferedInputStream (java.io.BufferedInputStream)1 File (java.io.File)1 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 HttpCookie (java.net.HttpCookie)1