Examples of org.owasp.webscarab.model.Request

• org.owasp.webscarab.model.Request
  This class represents a request that can be sent to an HTTP server. @author rdawes

          + ioe);
      return;
    }
    ConversationID id = null;
    try {
      Request request = null;
      // if we do not already have a base URL (i.e. we operate as a normal
      // proxy rather than a reverse proxy), check for a CONNECT
      if (_base == null) {
        try {
          request = new Request();
          request.read(_clientIn);
        } catch (IOException ioe) {
          _logger.severe("Error reading the initial request" + ioe);
          return;
        }
      }
      // if we are a normal proxy (because request is not null)
      // and the request is a CONNECT, get the base URL from the request
      // and send the OK back. We set request to null so we read a new
      // one from the SSL socket later
      // If it exists, we pull the ProxyAuthorization header from the
      // CONNECT
      // so that we can use it upstream.
      String proxyAuth = null;
      if (request != null) {
        String method = request.getMethod();
        if (method == null) {
          return;
        } else if (method.equals("CONNECT")) {
          if (_clientOut != null) {
            try {
              _clientOut.write(("HTTP/1.0 200 Ok\r\n\r\n")
                  .getBytes());
              _clientOut.flush();
            } catch (IOException ioe) {
              _logger
                  .severe("IOException writing the CONNECT OK Response to the browser "
                      + ioe);
              return;
            }
          }
          _base = request.getURL();
          proxyAuth = request.getHeader("Proxy-Authorization");
          request = null;
        }
      }
      // if we are servicing a CONNECT, or operating as a reverse
      // proxy with an https:// base URL, negotiate SSL
      if (_base != null) {
        if (_base.getScheme().equals("https")) {
          _logger.fine("Intercepting SSL connection!");
          _sock = negotiateSSL(_sock, _base.getHost());
          _clientIn = _sock.getInputStream();
          _clientOut = _sock.getOutputStream();
        }
      }

      if (_httpClient == null)
        _httpClient = HTTPClientFactory.getInstance().getHTTPClient();

      HTTPClient hc = _httpClient;

      // Maybe set SSL ProxyAuthorization here at a connection level?
      // I prefer it in the Request itself, since it gets archived, and
      // can be replayed trivially using netcat

      // layer the proxy plugins onto the recorder. We do this
      // in reverse order so that they operate intuitively
      // the first plugin in the array gets the first chance to modify
      // the request, and the last chance to modify the response
      if (_plugins != null) {
        for (int i = _plugins.length - 1; i >= 0; i--) {
          hc = _plugins[i].getProxyPlugin(hc);
        }
      }

      // do we add an X-Forwarded-For header?
      String from = _sock.getInetAddress().getHostAddress();
      if (from.equals("127.0.0.1"))
        from = null;

      // do we keep-alive?
      String keepAlive = null;
      String version = null;

      do {
        id = null;
        // if we are reading the first from a reverse proxy, or the
        // continuation of a CONNECT from a normal proxy
        // read the request, otherwise we already have it.
        if (request == null) {
          request = new Request();
          _logger.fine("Reading request from the browser");
          request.read(_clientIn, _base);
          if (request.getMethod() == null || request.getURL() == null) {
            return;
          }
          if (proxyAuth != null) {
            request.addHeader("Proxy-Authorization", proxyAuth);
          }
        }
        if (from != null) {
          request.addHeader("X-Forwarded-For", from);
        }
        _logger.fine("Browser requested : " + request.getMethod() + " "
            + request.getURL().toString());

        // report the request to the listener, and get the allocated ID
        id = _proxy.gotRequest(request);

        // pass the request for possible modification or analysis
        connection.setRequest(request);
        connection.setResponse(null);
        _proxy.interceptRequest(connection);
        request = connection.getRequest();
        Response response = connection.getResponse();

        if (request == null)
          throw new IOException("Request was cancelled");
        if (response != null) {
          _proxy.failedResponse(id, "Response provided by script");
          _proxy = null;
        } else {

          // pass the request through the plugins, and return the
          // response
          try {
            response = hc.fetchResponse(request);
            if (response.getRequest() != null)
              request = response.getRequest();
          } catch (IOException ioe) {
            _logger
                .severe("IOException retrieving the response for "
                    + request.getURL() + " : " + ioe);
            ioe.printStackTrace();
            response = errorResponse(request, ioe);
            // prevent the conversation from being
            // submitted/recorded
            _proxy.failedResponse(id, ioe.toString());
            _proxy = null;
          }
          if (response == null) {
            _logger.severe("Got a null response from the fetcher");
            _proxy.failedResponse(id, "Null response");
            return;
          }
        }

        if (_proxy != null) {
          // pass the response for analysis or modification by the
          // scripts
          connection.setResponse(response);
          _proxy.interceptResponse(connection);
          response = connection.getResponse();
        }

        if (response == null)
          throw new IOException("Response was cancelled");

        try {
          if (_clientOut != null) {
            _logger.fine("Writing the response to the browser");
            response.write(_clientOut);
            _logger
                .fine("Finished writing the response to the browser");
          }
        } catch (IOException ioe) {
          _logger
              .severe("Error writing back to the browser : "
                  + ioe);
        } finally {
          response.flushContentStream(); // this simply flushes the
                          // content from the server
        }
        // this should not happen, but might if a proxy plugin is
        // careless
        if (response.getRequest() == null) {
          _logger.warning("Response had no associated request!");
          response.setRequest(request);
        }
        if (_proxy != null && !request.getMethod().equals("CONNECT")) {
          _proxy.gotResponse(id, response);
        }

        keepAlive = response.getHeader("Connection");
        version = response.getVersion();

            _logger.warning("Can't fuzz if there are no parameters or URL");
        }
    }

    private Request constructCurrentFuzzRequest() throws MalformedURLException {
        Request request = new Request();
        request.setMethod(_model.getFuzzMethod());
        request.setVersion(_model.getFuzzVersion());
        int count = _model.getFuzzHeaderCount();
        // _logger.info("Got headers: " + count);
        for (int i=0; i<count; i++) {
            // _logger.info("Header is " + _model.getFuzzHeader(i));
            request.addHeader(_model.getFuzzHeader(i));
        }
//        if (request.getMethod().equals("POST")) {
//            request.setHeader("Content-Type", "application/x-www-form-urlencoded");
//        }
        String url = _model.getFuzzUrl().toString();
        String path = null;
        String fragment = null;
        String query = null;
        String cookie = null;
        ByteArrayOutputStream content = null;
        count = _model.getFuzzParameterCount();
        for (int i=0; i<count; i++) {
            Parameter parameter = _model.getFuzzParameter(i);
            Object value = _model.getFuzzParameterValue(i);
            String location = parameter.getLocation();
            if (location.equals(Parameter.LOCATION_PATH)) {
                if (path == null) {
                    path = (String) value;
                } else {
                    path = path + "/" + (value == null ? "" : (String) value);
                }
            } else if (location.equals(Parameter.LOCATION_FRAGMENT)) {
                String frag = parameter.getName();
                if (frag == null) {
                    frag = (String) value;
                } else if (value == null) {
                    frag = frag + "=" + Encoding.urlEncode((String) value);
                } else {
                    frag = null;
                }
                if (fragment == null) {
                    fragment = frag;
                } else if (frag != null) {
                    fragment = fragment + "&" + frag;
                }
            } else if (location.equals(Parameter.LOCATION_QUERY)) {
                String q = parameter.getName() + "=" + Encoding.urlEncode((String) value);
                if (query == null) {
                    query = q;
                } else {
                    query = query + "&" + q;
                }
            } else if (location.equals(Parameter.LOCATION_COOKIE)) {
                String c = parameter.getName() + "=" + (String) value;
                if (cookie == null) {
                    cookie = c;
                } else {
                    cookie = cookie + "; " + c;
                }
            } else if (location.equals(Parameter.LOCATION_BODY)) {
                // FIXME - Assumes this is normal form data
                String b = parameter.getName() + "=" + Encoding.urlEncode((String) value);
                if (content == null) {
                    content = new ByteArrayOutputStream();
                    try { content.write(b.getBytes()); }
                    catch (IOException ioe) {}
                } else {
                    try { content.write(("&"+b).getBytes()); }
                    catch (IOException ioe) {}
                }
            } else {
                _logger.severe("Skipping unknown parameter location " + location);
            }
        }
        if (path != null) url = url + "/" + path;
        if (fragment != null) url = url + ";" + fragment;
        if (query != null) url = url + "?" + query;
        request.setURL(new HttpUrl(url));
        if (cookie != null) request.addHeader("Cookie", cookie);
        if (content != null) {
            request.setHeader("Content-Length", Integer.toString(content.size()));
            request.setContent(content.toByteArray());
        } else if (request.getMethod().equals("POST")) {
            request.setHeader("Content-Length", "0");
        }
        return request;
    }

    private boolean queueRequests() {
        if (!_model.isBusyFuzzing()) return false;
        if (_fetcherQueue.getRequestsQueued()>=_threads) return false;
        try {
            Request request = constructCurrentFuzzRequest();
            _fetcherQueue.submit(request);
            if (!_model.incrementFuzzer()) {
                _model.setBusyFuzzing(false);
            }
        } catch (Exception e) {

        if (response.getStatus().equals("400")) {
            _logger.warning("Bad request");
            _model.setBusyFuzzing(false);
            return;
        }
        Request request = response.getRequest();
        if (request == null) {
            _logger.warning("Got a null request from the response!");
            return;
        }
        ConversationID id = _framework.addConversation(request, response, "Fuzzer");

    public void loadTemplateFromConversation(ConversationID id) {
        if (_model.isBusyFuzzing()) {
            stopFuzzing();
        }
        Request request = _framework.getModel().getRequest(id);
        HttpUrl url = request.getURL();
        if (url.getParameters()!=null)
            url = url.getParentUrl();
        _model.setFuzzMethod(request.getMethod());
        _model.setFuzzUrl(url.toString());
        _model.setFuzzVersion(request.getVersion());
        while(_model.getFuzzHeaderCount()>0) {
            _model.removeFuzzHeader(0);
        }
        while(_model.getFuzzParameterCount()>0) {
            _model.removeFuzzParameter(0);
        }
        NamedValue[] headers = request.getHeaders();
        if (headers != null) {
            for (int i=0; i<headers.length; i++) {
                if (headers[i].getName().equals("Cookie"))
                    continue;
                _model.addFuzzHeader(_model.getFuzzHeaderCount(), headers[i]);

        initComponents();

        _manualRequest = manualRequest;
        _model = _manualRequest.getModel();

        Request request = new Request();
        request.setMethod("GET");
        request.setVersion("HTTP/1.0");
        _requestPanel = new RequestPanel();
        _requestPanel.setEditable(true);
        _requestPanel.setRequest(request);
        _requestPanel.setBorder(new TitledBorder("Request"));
        conversationSplitPane.setLeftComponent(_requestPanel);

    private void requestComboBoxActionPerformed(java.awt.event.ActionEvent evt) {
        Object o = requestComboBox.getSelectedItem();
        if (o instanceof ConversationID) {
            ConversationID id = (ConversationID) o;
            Request request = _model.getConversationModel().getRequest(id);
            _manualRequest.setRequest(request);
        }
    }

        _manualRequest.updateCookies();
    }//GEN-LAST:event_updateCookiesButtonActionPerformed

    private void getCookieButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_getCookieButtonActionPerformed
        try {
            Request request = _requestPanel.getRequest();
            if (request != null && request.getURL() != null) {
                _manualRequest.setRequest(request);
                _manualRequest.addRequestCookies();
            }
        } catch (MalformedURLException mue) {
            JOptionPane.showMessageDialog(this, new String[] {"The URL requested is malformed", mue.getMessage()}, "Malformed URL", JOptionPane.ERROR_MESSAGE);

            Link link = _model.dequeueLink();
            if (link == null) {
                _logger.warning("Got a null link from the link queue");
                return false;
            }
            Request request = newGetRequest(link);
            if (_model.getCookieSync()) {
                Cookie[] cookies = _model.getCookiesForUrl(request.getURL());
                if (cookies.length>0) {
                    StringBuffer buff = new StringBuffer();
                    buff.append(cookies[0].getName()).append("=").append(cookies[0].getValue());
                    for (int i=1; i<cookies.length; i++) {
                        buff.append("; ").append(cookies[i].getName()).append("=").append(cookies[i].getValue());
                    }
                    request.setHeader("Cookie", buff.toString());
                }
            }
            _fetcherQueue.submit(request);
        }
        return true;

        }
    }//GEN-LAST:event_getCookieButtonActionPerformed

    private void fetchResponseButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_fetchResponseButtonActionPerformed
        try {
            Request request = _requestPanel.getRequest();
            fetchResponse(request);
        } catch (MalformedURLException mue) {
            JOptionPane.showMessageDialog(this, new String[] {"The URL requested is malformed", mue.getMessage()}, "Malformed URL", JOptionPane.ERROR_MESSAGE);
        } catch (ParseException pe) {
            JOptionPane.showMessageDialog(this, new String[] {"The request is malformed", pe.getMessage()}, "Malformed Request", JOptionPane.ERROR_MESSAGE);