Package org.owasp.webscarab.model

Examples of org.owasp.webscarab.model.NamedValue

232
233
234
235
236
237
238
239
240
241
242
243
244
245
            stringBuffer.append(values[i].getValue());
        }
        if (null != additionalAttributes) {
            Iterator additionalAttributesIter = additionalAttributes.iterator();
            while (additionalAttributesIter.hasNext()) {
                NamedValue namedValue = (NamedValue) additionalAttributesIter.next();
                stringBuffer.append("&");
                stringBuffer.append(namedValue.getName());
                stringBuffer.append("=");
                stringBuffer.append(namedValue.getValue());
            }
        }
        request.setURL(new HttpUrl(httpUrl.getSHPP() + stringBuffer.toString()));
    }
View Full Code Here
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
            requiredValue += (String) requiredIter.next();
            if (requiredIter.hasNext()) {
                requiredValue += ",";
            }
        }
        values[requiredIdx] = new NamedValue(values[requiredIdx].getName(), requiredValue);

        optionalAttributeAliases.remove(attributeAlias);
        Iterator optionalIter = optionalAttributeAliases.iterator();
        String optionalValue = "";
        while (optionalIter.hasNext()) {
            optionalValue += (String) optionalIter.next();
            if (optionalIter.hasNext()) {
                optionalValue += ",";
            }
        }
        values[optionalIdx] = new NamedValue(values[optionalIdx].getName(), optionalValue);

        updateParameters(values, request);
        return "removed attribute request;";
    }
View Full Code Here
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
            }
        }
        List additionalParameters = new LinkedList();
        if (null == axAlias) {
            axAlias = "ax";
            additionalParameters.add(new NamedValue("openid.ns." + axAlias, "http://openid.net/srv/ax/1.0"));
            additionalParameters.add(new NamedValue("openid." + axAlias + ".mode", "fetch_response"));
        }
        String attributeAlias = this.openIdProxyConfig.getAppendAttributeAlias();
        String attributeType = this.openIdProxyConfig.getAppendAttributeType();
        String attributeValue = this.openIdProxyConfig.getAppendAttributeValue();
        additionalParameters.add(new NamedValue("openid." + axAlias + ".type." + attributeAlias, Encoding.urlEncode(attributeType)));
        additionalParameters.add(new NamedValue("openid." + axAlias + ".value." + attributeAlias, Encoding.urlEncode(attributeValue)));
       
        updateParameters(values, additionalParameters, request);
        return "add attribute response;";
    }
View Full Code Here
882
883
884
885
886
887
888
    private void addHeaderButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_addHeaderButtonActionPerformed
        int row = headerTable.getSelectedRow();
        if (row == -1) {
            row = headerTable.getRowCount();
        }
        _model.addFuzzHeader(row, new NamedValue("Header", "Value"));
    }//GEN-LAST:event_addHeaderButtonActionPerformed
View Full Code Here
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
        public int getRowCount() {
            return _model.getFuzzHeaderCount();
        }
       
        public Object getValueAt(int rowIndex, int columnIndex) {
            NamedValue header = _model.getFuzzHeader(rowIndex);
            if (columnIndex == 0) {
                return header.getName();
            } else {
                return header.getValue();
            }
        }
View Full Code Here
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
        public boolean isCellEditable(int rowIndex, int ColumnIndex) {
            return true;
        }
       
        public void setValueAt(Object aValue, int rowIndex, int colIndex) {
            NamedValue header = _model.getFuzzHeader(rowIndex);
            switch (colIndex) {
                case 0: header = new NamedValue((String) aValue, header.getValue()); break;
                case 1: header = new NamedValue(header.getName(), (String) aValue); break;
            }
            _model.setFuzzHeader(rowIndex, header);
        }
View Full Code Here
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
        String samlProxyHeader = "";
        for (int idx = 0; idx < namedValues.length; idx++) {
            if ("RelayState".equals(namedValues[idx].getName())) {
                if (this.samlProxyConfig.doInjectRelayState()) {
                    String newRelayState = getInjectedRelayState();
                    namedValues[idx] = new NamedValue(namedValues[idx].getName(), newRelayState);
                    samlProxyHeader += "injected relay state;";
                }
            }

            if (false == "SAMLResponse".equals(namedValues[idx].getName())) {
                continue;
            }
            samlResponseMessage = true;

            try {
                if (this.samlProxyConfig.doReplay()) {
                    String newSamlResponse = replaySamlResponse();
                    namedValues[idx] = new NamedValue(namedValues[idx].getName(), newSamlResponse);
                    samlProxyHeader += "replayed;";
                }

                if (this.samlProxyConfig.doSignWrapAttack()) {
                    String newSamlResponse = signatureWrapping(namedValues[idx].getValue());
                    namedValues[idx] = new NamedValue(namedValues[idx].getName(), newSamlResponse);
                    samlProxyHeader += "signature wrapping;";
                }

                if (this.samlProxyConfig.doInjectAttribute()) {
                    String newSamlResponse = injectAttribute(namedValues[idx].getValue());
                    namedValues[idx] = new NamedValue(namedValues[idx].getName(), newSamlResponse);
                    samlProxyHeader += "injected attribute;";
                }
                if (this.samlProxyConfig.doInjectSubject()) {
                    String newSamlResponse = injectSubject(namedValues[idx].getValue());
                    namedValues[idx] = new NamedValue(namedValues[idx].getName(), newSamlResponse);
                    samlProxyHeader += "injected subject;";
                }
                if (this.samlProxyConfig.doInjectPublicDoctype()) {
                    String newSamlResponse = injectPublicDoctype(namedValues[idx].getValue());
                    namedValues[idx] = new NamedValue(namedValues[idx].getName(), newSamlResponse);
                    samlProxyHeader += "injected public doctype;";
                }
                if (this.samlProxyConfig.doRemoveAssertionSignature()) {
                    String newSamlResponse = removeSamlAssertionSignature(namedValues[idx].getValue());
                    namedValues[idx] = new NamedValue(namedValues[idx].getName(), newSamlResponse);
                    samlProxyHeader += "removed assertion signature;";
                }

                if (this.samlProxyConfig.doSignSamlMessage()) {
                    String newSamlResponse = signSamlMessage(namedValues[idx].getValue());
                    namedValues[idx] = new NamedValue(namedValues[idx].getName(), newSamlResponse);
                    samlProxyHeader += "sign;";
                } else if (this.samlProxyConfig.doRemoveSignature()) {
                    String newSamlResponse = removeSamlResponseSignature(namedValues[idx].getValue());
                    namedValues[idx] = new NamedValue(namedValues[idx].getName(), newSamlResponse);
                    samlProxyHeader += "removed signature;";
                } else {
                    if (this.samlProxyConfig.doCorruptSignature()) {
                        String newSamlResponse = corruptSamlResponseSignature(namedValues[idx].getValue());
                        namedValues[idx] = new NamedValue(namedValues[idx].getName(), newSamlResponse);
                        samlProxyHeader += "corrupted signature;";
                    }
                    if (this.samlProxyConfig.doInjectRemoteReference()) {
                        String newSamlResponse = injectRemoteReference(namedValues[idx].getValue());
                        namedValues[idx] = new NamedValue(namedValues[idx].getName(), newSamlResponse);
                        samlProxyHeader += "injected remote reference;";
                    }
                }
            } catch (Exception ex) {
                this._logger.log(Level.WARNING, "could not corrupt the SAML Response signature: {0}", ex.getMessage());
                continue;
            }
        }
        if (false == samlResponseMessage) {
            return;
        }

        StringBuilder newBody = new StringBuilder();
        for (int idx = 0; idx < namedValues.length; idx++) {
            NamedValue namedValue = namedValues[idx];
            if (0 != newBody.length()) {
                newBody.append("&");
            }
            newBody.append(namedValue.getName());
            newBody.append("=");
            newBody.append(namedValue.getValue());
        }
        request.setContent(newBody.toString().getBytes());

        if (samlProxyHeader.length() > 0) {
            request.addHeader("X-SAMLProxy", samlProxyHeader);
View Full Code Here
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
            return null;
        }
        if (rowIndex >= this.parameters.size()) {
            return null;
        }
        NamedValue namedValue = (NamedValue) this.parameters.get(rowIndex);
        switch (columnIndex) {
            case 0:
                return namedValue.getName();
            case 1:
                return namedValue.getValue();
            default:
                return null;
        }
    }
View Full Code Here
141
142
143
144
145
146
147
148
149
150
151
152
153
        if (null == values) {
            return Collections.emptyList();
        }
        for (int idx = 0; idx < values.length; idx++) {
            NamedValue namedValue = values[idx];
            String name = namedValue.getName();
            String value = Encoding.urlDecode(namedValue.getValue());
            namedValue = new NamedValue(name, value);
            values[idx] = namedValue;
        }
        return Arrays.asList(values);
    }
View Full Code Here
192
193
194
195
196
197
198
199
200
201
            if (0 == attributeValueNodeList.getLength()) {
                continue;
            }
            Element attributeValueElement = (Element) attributeValueNodeList.item(0);
            String attributeValue = attributeValueElement.getChildNodes().item(0).getNodeValue();
            NamedValue attribute = new NamedValue(attributeName, attributeValue);
            samlAttributes.add(attribute);
        }
        return samlAttributes;
    }
View Full Code Here
TOP

Related Classes of org.owasp.webscarab.model.NamedValue

  • org.owasp.webscarab.plugin.fuzz.swing.FuzzerPanel
  • org.owasp.webscarab.plugin.fuzz.swing.FuzzerPanel$HeaderTableModel
  • org.owasp.webscarab.plugin.identity.CookieTokenParser
  • org.owasp.webscarab.plugin.identity.swing.IdentityPanel$AddIdentityAction
  • org.owasp.webscarab.plugin.identity.swing.SelectTokenDialog
  • org.owasp.webscarab.plugin.identity.swing.SelectTokenDialog$TokenTableModel
  • org.owasp.webscarab.plugin.manualrequest.ManualRequest
  • org.owasp.webscarab.plugin.openid.OpenIdHTTPClient
  • org.owasp.webscarab.plugin.openid.OpenIdModel
  • org.owasp.webscarab.plugin.openid.swing.ParametersTableModel
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.