Examples of org.owasp.webscarab.model.Request

• org.owasp.webscarab.model.Request
  This class represents a request that can be sent to an HTTP server. @author rdawes

        initComponents();

        _manualRequest = manualRequest;
        _model = _manualRequest.getModel();

        Request request = new Request();
        request.setMethod("GET");
        request.setVersion("HTTP/1.0");
        _requestPanel = new RequestPanel();
        _requestPanel.setEditable(true);
        _requestPanel.setRequest(request);
        _requestPanel.setBorder(new TitledBorder("Request"));
        conversationSplitPane.setLeftComponent(_requestPanel);

    private void requestComboBoxActionPerformed(java.awt.event.ActionEvent evt) {
        Object o = requestComboBox.getSelectedItem();
        if (o instanceof ConversationID) {
            ConversationID id = (ConversationID) o;
            Request request = _model.getConversationModel().getRequest(id);
            _manualRequest.setRequest(request);
        }
    }

        _manualRequest.updateCookies();
    }//GEN-LAST:event_updateCookiesButtonActionPerformed

    private void getCookieButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_getCookieButtonActionPerformed
        try {
            Request request = _requestPanel.getRequest();
            if (request != null && request.getURL() != null) {
                _manualRequest.setRequest(request);
                _manualRequest.addRequestCookies();
            }
        } catch (MalformedURLException mue) {
            JOptionPane.showMessageDialog(this, new String[] {"The URL requested is malformed", mue.getMessage()}, "Malformed URL", JOptionPane.ERROR_MESSAGE);

        }
    }//GEN-LAST:event_getCookieButtonActionPerformed

    private void fetchResponseButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_fetchResponseButtonActionPerformed
        try {
            Request request = _requestPanel.getRequest();
            fetchResponse(request);
        } catch (MalformedURLException mue) {
            JOptionPane.showMessageDialog(this, new String[] {"The URL requested is malformed", mue.getMessage()}, "Malformed URL", JOptionPane.ERROR_MESSAGE);
        } catch (ParseException pe) {
            JOptionPane.showMessageDialog(this, new String[] {"The request is malformed", pe.getMessage()}, "Malformed Request", JOptionPane.ERROR_MESSAGE);

        }
    }

    public Map<String, SessionID> getIDsFromResponse(Response response, String name, String regex) {
        Map<String, SessionID> ids = new TreeMap<String, SessionID>();
        Request request = response.getRequest();
        if (request == null) {
            System.out.println("Request was null?");
            return ids;
        }
        HttpUrl url = request.getURL();
        Date date = new Date();
        NamedValue[] headers = response.getHeaders();
        if (name != null && !name.equals("") && regex != null) {
            String location = response.getHeader("Location");
            if (location != null) {

        public void run() {
            if (null == this.id) {
                return;
            }
            Request request = _model.getRequest(id);
            Response response = _model.getResponse(id);
            String origin = _model.getConversationOrigin(id);
            Iterator<Plugin> it = _plugins.iterator();
            while (it.hasNext()) {
                Plugin plugin = it.next();

          + ioe);
      return;
    }
    ConversationID id = null;
    try {
      Request request = null;
      // if we do not already have a base URL (i.e. we operate as a normal
      // proxy rather than a reverse proxy), check for a CONNECT
      if (_base == null) {
        try {
          request = new Request();
          request.read(_clientIn);
        } catch (IOException ioe) {
          _logger.severe("Error reading the initial request" + ioe);
          return;
        }
      }
      // if we are a normal proxy (because request is not null)
      // and the request is a CONNECT, get the base URL from the request
      // and send the OK back. We set request to null so we read a new
      // one from the SSL socket later
      // If it exists, we pull the ProxyAuthorization header from the
      // CONNECT
      // so that we can use it upstream.
      String proxyAuth = null;
      if (request != null) {
        String method = request.getMethod();
        if (method == null) {
          return;
        } else if (method.equals("CONNECT")) {
          if (_clientOut != null) {
            try {
              _clientOut.write(("HTTP/1.0 200 Ok\r\n\r\n")
                  .getBytes());
              _clientOut.flush();
            } catch (IOException ioe) {
              _logger
                  .severe("IOException writing the CONNECT OK Response to the browser "
                      + ioe);
              return;
            }
          }
          _base = request.getURL();
          proxyAuth = request.getHeader("Proxy-Authorization");
          request = null;
        }
      }

      if (_httpClient == null)
        _httpClient = HTTPClientFactory.getInstance().getHTTPClient();

      HTTPClient hc = _httpClient;

      // if we are servicing a CONNECT, or operating as a reverse
      // proxy with an https:// base URL, negotiate SSL
      if (_base != null) {
        // There are two certificates involved in a connection: one for the
        // requested server, one for the client. First, the actual host must
        // be determined from the client (SNI). Next, that host name must be
        // taken to the server so it can return an appropriate certificate.
        // Finally, the attributes from that server cert (mainly Subject and
        // subjectAlternateName) can be copied back to the certificate
        // presented to the client.
        if (_base.getScheme().equals("https")) {
          _logger.fine("Intercepting SSL connection!");
          X509Certificate baseCrt = null;
          // Connect early so some SSL details can be copied into new cert
          URLFetcher uf = (URLFetcher) hc;
          try {
            uf.connect(_base);
          } catch (IOException ioe) {
            _logger.severe("Could not connect to remote server "
                + _base.toString() + ": " + ioe);
            return;
          }
          baseCrt = uf.getCertificate();
          _logger.log(Level.FINEST, "Certificate: {0}",
              baseCrt == null ? "null" :
              baseCrt.getSubjectX500Principal().getName());
          _sock = negotiateSSL(_sock, _base.getHost(), baseCrt);
          _clientIn = _sock.getInputStream();
          _clientOut = _sock.getOutputStream();
        }
      }

      // Maybe set SSL ProxyAuthorization here at a connection level?
      // I prefer it in the Request itself, since it gets archived, and
      // can be replayed trivially using netcat

      // layer the proxy plugins onto the recorder. We do this
      // in reverse order so that they operate intuitively
      // the first plugin in the array gets the first chance to modify
      // the request, and the last chance to modify the response
      if (_plugins != null) {
        for (int i = _plugins.length - 1; i >= 0; i--) {
          hc = _plugins[i].getProxyPlugin(hc);
        }
      }

      // do we add an X-Forwarded-For header?
      String from = _sock.getInetAddress().getHostAddress();
      if (from.equals("127.0.0.1"))
        from = null;

      // do we keep-alive?
      String keepAlive = null;
      String version = null;

      do {
        id = null;
        // if we are reading the first from a reverse proxy, or the
        // continuation of a CONNECT from a normal proxy
        // read the request, otherwise we already have it.
        if (request == null) {
          request = new Request();
          _logger.fine("Reading request from the browser");
          request.read(_clientIn, _base);
          if (request.getMethod() == null || request.getURL() == null) {
            return;
          }
          if (proxyAuth != null) {
            request.addHeader("Proxy-Authorization", proxyAuth);
          }
        }
        if (from != null) {
          request.addHeader("X-Forwarded-For", from);
        }
        try {
        _logger.fine("Browser requested : " + request.getMethod() + " "
            + request.getURL().toString());
        } catch (NullPointerException npe) {
          System.out.println("Request is: " + request);
        }
        // report the request to the listener, and get the allocated ID
        id = _proxy.gotRequest(request);

        // pass the request for possible modification or analysis
        connection.setRequest(request);
        connection.setResponse(null);
        _proxy.interceptRequest(connection);
        request = connection.getRequest();
        Response response = connection.getResponse();

        if (request == null)
          throw new IOException("Request was cancelled");
        if (response != null) {
          _proxy.failedResponse(id, "Response provided by script");
          _proxy = null;
        } else {

          // pass the request through the plugins, and return the
          // response
          try {
            response = hc.fetchResponse(request);
            if (response != null && response.getRequest() != null)
              request = response.getRequest();
          } catch (IOException ioe) {
            _logger
                .severe("IOException retrieving the response for "
                    + request.getURL() + " : " + ioe);
            ioe.printStackTrace();
            response = errorResponse(request, ioe);
            // prevent the conversation from being
            // submitted/recorded
            _proxy.failedResponse(id, ioe.toString());
            _proxy = null;
          }
          if (response == null) {
            _logger.severe("Got a null response from the fetcher");
            _proxy.failedResponse(id, "Null response");
            return;
          }
        }

        if (_proxy != null) {
          // pass the response for analysis or modification by the
          // scripts
          connection.setResponse(response);
          _proxy.interceptResponse(connection);
          response = connection.getResponse();
        }

        if (response == null)
          throw new IOException("Response was cancelled");

        try {
          if (_clientOut != null) {
            _logger.fine("Writing the response to the browser");
            response.write(_clientOut);
            _logger
                .fine("Finished writing the response to the browser");
          }
        } catch (IOException ioe) {
          _logger
              .severe("Error writing back to the browser : "
                  + ioe);
        } finally {
          response.flushContentStream(); // this simply flushes the
                          // content from the server
        }
        // this should not happen, but might if a proxy plugin is
        // careless
        if (response.getRequest() == null) {
          _logger.warning("Response had no associated request!");
          response.setRequest(request);
        }
        if (_proxy != null && !request.getMethod().equals("CONNECT")) {
          _proxy.gotResponse(id, response);
        }

        keepAlive = response.getHeader("Connection");
        version = response.getVersion();

    }

    public List getParameters(ConversationID id) {
        NamedValue[] values = null;

        Request request = this.model.getRequest(id);
        String method = request.getMethod();
        if (method.equals("GET")) {
            HttpUrl url = request.getURL();
            String query = url.getQuery();
            if (null != query) {
                values = NamedValue.splitNamedValues(query, "&", "=");
            }
        } else if (method.equals("POST")) {
            byte[] requestContent = request.getContent();
            if (requestContent != null && requestContent.length > 0) {
                String body = new String(requestContent);
                values = NamedValue.splitNamedValues(
                        body, "&", "=");
            }

        return "Unknown";
    }

    public List getParameters(ConversationID id) {
        List parameters = new LinkedList();
        Request request = this.model.getRequest(id);
        NamedValue[] values = null;
        String method = request.getMethod();
        if ("GET".equals(method)) {
            HttpUrl url = request.getURL();
            String query = url.getQuery();
            if (null != query) {
                values = NamedValue.splitNamedValues(query, "&", "=");
            }
        } else if ("POST".equals(method)) {
            byte[] requestContent = request.getContent();
            if (requestContent != null && requestContent.length > 0) {
                String body = new String(requestContent);
                values = NamedValue.splitNamedValues(
                        body, "&", "=");
            }

            Link link = _model.dequeueLink();
            if (link == null) {
                _logger.warning("Got a null link from the link queue");
                return false;
            }
            Request request = newGetRequest(link);
            if (_model.getCookieSync()) {
                Cookie[] cookies = _model.getCookiesForUrl(request.getURL());
                if (cookies.length>0) {
                    StringBuffer buff = new StringBuffer();
                    buff.append(cookies[0].getName()).append("=").append(cookies[0].getValue());
                    for (int i=1; i<cookies.length; i++) {
                        buff.append("; ").append(cookies[i].getName()).append("=").append(cookies[i].getValue());
                    }
                    request.setHeader("Cookie", buff.toString());
                }
            }
            _fetcherQueue.submit(request);
        }
        return true;