Search in sources :

Example 1 with ZapHttpConnectionManager

use of org.zaproxy.zap.ZapHttpConnectionManager in project zaproxy by zaproxy.

the class HttpSender method executeMethod.

public int executeMethod(HttpMethod method, HttpState state) throws IOException {
    int responseCode = -1;
    String hostName;
    hostName = method.getURI().getHost();
    method.setDoAuthentication(true);
    HostConfiguration hc = null;
    HttpClient requestClient;
    if (isConnectionUpgrade(method)) {
        requestClient = new HttpClient(new ZapHttpConnectionManager());
        if (param.isUseProxy(hostName)) {
            requestClient.getHostConfiguration().setProxy(param.getProxyChainName(), param.getProxyChainPort());
            if (param.isUseProxyChainAuth()) {
                requestClient.getState().setProxyCredentials(getAuthScope(param), getNTCredentials(param));
            }
        }
    } else if (param.isUseProxy(hostName)) {
        requestClient = clientViaProxy;
    } else {
        requestClient = client;
    }
    if (this.initiator == CHECK_FOR_UPDATES_INITIATOR) {
        // Use the 'strict' SSLConnector, ie one that performs all the usual cert checks
        // The 'standard' one 'trusts' everything
        // This is to ensure that all 'check-for update' calls are made to the expected https urls
        // without this is would be possible to intercept and change the response which could result
        // in the user downloading and installing a malicious add-on
        hc = new HostConfiguration() {

            @Override
            public synchronized void setHost(URI uri) {
                try {
                    setHost(new HttpHost(uri.getHost(), uri.getPort(), getProtocol()));
                } catch (URIException e) {
                    throw new IllegalArgumentException(e.toString());
                }
            }

            ;
        };
        hc.setHost(hostName, method.getURI().getPort(), new Protocol("https", (ProtocolSocketFactory) new SSLConnector(false), 443));
        if (param.isUseProxy(hostName)) {
            hc.setProxyHost(new ProxyHost(param.getProxyChainName(), param.getProxyChainPort()));
            if (param.isUseProxyChainAuth()) {
                requestClient.getState().setProxyCredentials(getAuthScope(param), getNTCredentials(param));
            }
        }
    }
    // ZAP: Check if a custom state is being used
    if (state != null) {
        // Make sure cookies are enabled
        method.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY);
    }
    responseCode = requestClient.executeMethod(hc, method, state);
    return responseCode;
}
Also used : HostConfiguration(org.apache.commons.httpclient.HostConfiguration) ZapHttpConnectionManager(org.zaproxy.zap.ZapHttpConnectionManager) URI(org.apache.commons.httpclient.URI) ProtocolSocketFactory(org.apache.commons.httpclient.protocol.ProtocolSocketFactory) URIException(org.apache.commons.httpclient.URIException) HttpHost(org.apache.commons.httpclient.HttpHost) HttpClient(org.apache.commons.httpclient.HttpClient) ProxyHost(org.apache.commons.httpclient.ProxyHost) Protocol(org.apache.commons.httpclient.protocol.Protocol)

Aggregations

HostConfiguration (org.apache.commons.httpclient.HostConfiguration)1 HttpClient (org.apache.commons.httpclient.HttpClient)1 HttpHost (org.apache.commons.httpclient.HttpHost)1 ProxyHost (org.apache.commons.httpclient.ProxyHost)1 URI (org.apache.commons.httpclient.URI)1 URIException (org.apache.commons.httpclient.URIException)1 Protocol (org.apache.commons.httpclient.protocol.Protocol)1 ProtocolSocketFactory (org.apache.commons.httpclient.protocol.ProtocolSocketFactory)1 ZapHttpConnectionManager (org.zaproxy.zap.ZapHttpConnectionManager)1