Example 1 with ExtensionAntiCSRF
use of org.zaproxy.zap.extension.anticsrf.ExtensionAntiCSRF in project zaproxy by zaproxy.
the class ExtensionParams method onHttpRequestSend.
public boolean onHttpRequestSend(HttpMessage msg) {
// Check we know the site
String site = msg.getRequestHeader().getHostName() + ":" + msg.getRequestHeader().getHostPort();
if (getView() != null) {
this.getParamsPanel().addSite(site);
}
SiteParameters sps = this.siteParamsMap.get(site);
if (sps == null) {
sps = new SiteParameters(this, site);
this.siteParamsMap.put(site, sps);
}
// Cookie Parameters
TreeSet<HtmlParameter> params;
Iterator<HtmlParameter> iter;
try {
params = msg.getCookieParams();
iter = params.iterator();
while (iter.hasNext()) {
persist(sps.addParam(site, iter.next(), msg));
}
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
// URL Parameters
params = msg.getUrlParams();
iter = params.iterator();
while (iter.hasNext()) {
persist(sps.addParam(site, iter.next(), msg));
}
// Form Parameters
// TODO flag anti csrf url ones too?
ExtensionAntiCSRF extAntiCSRF = (ExtensionAntiCSRF) Control.getSingleton().getExtensionLoader().getExtension(ExtensionAntiCSRF.NAME);
params = msg.getFormParams();
iter = params.iterator();
HtmlParameter param;
while (iter.hasNext()) {
param = iter.next();
if (extAntiCSRF != null && extAntiCSRF.isAntiCsrfToken(param.getName())) {
param.addFlag(HtmlParameter.Flags.anticsrf.name());
}
persist(sps.addParam(site, param, msg));
}
return true;
}
Also used :
ExtensionAntiCSRF(org.zaproxy.zap.extension.anticsrf.ExtensionAntiCSRF)
HtmlParameter(org.parosproxy.paros.network.HtmlParameter)
MalformedURLException(java.net.MalformedURLException)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
Example 2 with ExtensionAntiCSRF
use of org.zaproxy.zap.extension.anticsrf.ExtensionAntiCSRF in project zaproxy by zaproxy.
the class ExtensionParams method removeAntiCsrfToken.
public void removeAntiCsrfToken() {
HtmlParameterStats item = this.getParamsPanel().getSelectedParam();
ExtensionAntiCSRF extAntiCSRF = (ExtensionAntiCSRF) Control.getSingleton().getExtensionLoader().getExtension(ExtensionAntiCSRF.NAME);
if (extAntiCSRF != null && item != null) {
extAntiCSRF.removeAntiCsrfTokenName(item.getName());
item.removeFlag(HtmlParameter.Flags.anticsrf.name());
// Repaint so change shows up
this.getParamsPanel().getParamsTable().repaint();
// Dont think we need to do this... at least until rescan option implemented ...
//Control.getSingleton().getMenuToolsControl().options(Constant.messages.getString("options.acsrf.title"));
}
}
Also used :
ExtensionAntiCSRF(org.zaproxy.zap.extension.anticsrf.ExtensionAntiCSRF)
Example 3 with ExtensionAntiCSRF
use of org.zaproxy.zap.extension.anticsrf.ExtensionAntiCSRF in project zaproxy by zaproxy.
the class ExtensionParams method addAntiCsrfToken.
public void addAntiCsrfToken() {
HtmlParameterStats item = this.getParamsPanel().getSelectedParam();
ExtensionAntiCSRF extAntiCSRF = (ExtensionAntiCSRF) Control.getSingleton().getExtensionLoader().getExtension(ExtensionAntiCSRF.NAME);
if (extAntiCSRF != null && item != null) {
extAntiCSRF.addAntiCsrfTokenName(item.getName());
item.addFlag(HtmlParameter.Flags.anticsrf.name());
// Repaint so change shows up
this.getParamsPanel().getParamsTable().repaint();
// Dont think we need to do this... at least until rescan option implemented ...
//Control.getSingleton().getMenuToolsControl().options(Constant.messages.getString("options.acsrf.title"));
}
}
Also used :
ExtensionAntiCSRF(org.zaproxy.zap.extension.anticsrf.ExtensionAntiCSRF)
Aggregations
ExtensionAntiCSRF (org.zaproxy.zap.extension.anticsrf.ExtensionAntiCSRF)3
MalformedURLException (java.net.MalformedURLException)1
DatabaseException (org.parosproxy.paros.db.DatabaseException)1
HtmlParameter (org.parosproxy.paros.network.HtmlParameter)1
