Package org.parosproxy.paros.network

Examples of org.parosproxy.paros.network.HttpMessage


  public void scan(HttpMessage msg, String param, String value) {

    String bingoQuery = null;

    // always try normal query first
    HttpMessage normalMsg = getNewMsg();

    try {
      sendAndReceive(normalMsg);
    } catch (Exception e) {
      // ZAP: Log exceptions
          log.warn(e.getMessage(), e);
      return;
    }

    if (normalMsg.getResponseHeader().getStatusCode() != HttpStatusCode.OK) {
      return;
    }

    for (int i = 0; i < PARAM_LIST.length; i++) {
      msg = getNewMsg();
      if (i == 0) {
        // remove entire parameter when i=0;
        bingoQuery = setParameter(msg, null, null);
      } else {
        bingoQuery = setParameter(msg, param, PARAM_LIST[i]);

      }
      try {
        sendAndReceive(msg);
        if (checkResult(msg, bingoQuery, normalMsg.getResponseBody()
            .toString())) {
          return;
        }

      } catch (Exception e) {
View Full Code Here


  }

  public void scan() {

    HttpMessage msg = getBaseMsg();
    String txtBody = msg.getResponseBody().toString();
    String txtForm = null;
    String txtInputs = null;
    Matcher matcherForm = patternForm.matcher(txtBody);
    Matcher matcherAutocomplete = null;
    Matcher matcherInput = null;
View Full Code Here

   *            true = replace the suffix for checking. false = append the
   *            suffix.
   */
  private void testSuffix(String suffix, boolean replaceSuffix)
      throws IOException {
    HttpMessage msg = getNewMsg();
    URI uri = msg.getRequestHeader().getURI();
    String path = uri.getPath();

    if (path == null || path.equals("")) {
      return;
    }

    if (replaceSuffix) {
      int pos = path.lastIndexOf(".");
      if (pos > -1) {
        path = path.substring(0, pos);
      }
    }

    path = path + suffix;

    uri.setPath(path);
    msg.getRequestHeader().setURI(uri);

    sendAndReceive(msg);

    if (!isFileExist(msg)) {
      return;
View Full Code Here

      if (originalAlert != null) {
        alert.setAlertId(originalAlert.getAlertId());
      }
     
      String uri = null;
      HttpMessage msg = null;
      if (historyRef != null) {
        try {
          uri = historyRef.getHttpMessage().getRequestHeader().getURI().toString();
          msg = historyRef.getHttpMessage();
        } catch (Exception e) {
View Full Code Here

  }

  public void scan() {

    boolean result = false;
    HttpMessage msg = getNewMsg();
    int reliability = Alert.WARNING;

    try {
      checkIfDirectory(msg);
      writeProgress(msg.getRequestHeader().getURI().toString());
      sendAndReceive(msg);

      if (msg.getResponseHeader().getStatusCode() != HttpStatusCode.OK) {
        return;
      }

      if (matchBodyPattern(msg, patternIIS, null)) {
        result = true;
      } else if (matchBodyPattern(msg, patternApache, null)) {
        result = true;
      } else if (matchBodyPattern(msg, patternGeneralParent, null)) {
        result = true;
        reliability = Alert.SUSPICIOUS;
      } else if (matchBodyPattern(msg, patternGeneralDir1, null)) {
        if (matchBodyPattern(msg, patternGeneralDir2, null)) {
          result = true;
          reliability = Alert.SUSPICIOUS;
        }
      }

    } catch (IOException e) {
    }

    if (result) {
      bingo(Alert.RISK_MEDIUM, reliability, msg.getRequestHeader()
          .getURI().toString(), "", "", msg);
    }
  }
View Full Code Here

   *            . If node == null, run for server level plugin
   */
  private void scanSingleNode(Plugin plugin, SiteNode node) {
    Thread thread = null;
    Plugin test = null;
    HttpMessage msg = null;

    // do not poll for isStop here to allow every plugin to run but
    // terminate immediately.
    // if (isStop()) return;

    try {
      if (node == null) {
        return;
      }
      msg = node.getHistoryReference().getHttpMessage();

      test = (Plugin) plugin.getClass().newInstance();
      test.setConfig(plugin.getConfig());
      test.init(msg, this);
      notifyHostProgress(plugin.getName() + ": " + msg.getRequestHeader().getURI().toString());

    } catch (Exception e) {
      e.printStackTrace();
      return;
    }
View Full Code Here

                if (treeSite != null) {
                SiteNode node = (SiteNode) treeSite.getLastSelectedPathComponent();

                  ManualRequestEditorDialog dialog = extension.getResendDialog();
                  HistoryReference ref = node.getHistoryReference();
                  HttpMessage msg = null;
                  try {
                        msg = ref.getHttpMessage().cloneRequest();
                        dialog.setMessage(msg);
                        dialog.setVisible(true);
                    } catch (HttpMalformedHeaderException e1) {
View Full Code Here

        ManualRequestEditorDialog dialog = extension.getResendDialog();

        JList listLog = extension.getLogPanel().getListLog();
        HistoryReference ref = (HistoryReference) listLog.getSelectedValue();
        HttpMessage msg = null;
        try {
          msg = ref.getHttpMessage().cloneRequest();
          dialog.setMessage(msg);
          dialog.setVisible(true);
        } catch (HttpMalformedHeaderException e1) {
View Full Code Here

    String resBodyANDErr = null;
    String resBodyOR = null;

    long defaultTimeUsed = 0;

    HttpMessage msg = getNewMsg();

    // always try normal query first
    sendAndReceive(msg);
    defaultTimeUsed = msg.getTimeElapsedMillis();
    if (msg.getResponseHeader().getStatusCode() != HttpStatusCode.OK) {
      return;
    }

    mResBodyNormal = msg.getResponseBody().toString();

    // 2nd try an always error SQL query

    newQuery = setParameter(msg, param, value + SQL_CHECK_ERR);
    sendAndReceive(msg);

    if (checkANDResult(msg, newQuery)) {
      return;
    }

    // blind sql injections

    for (int i = 0; i < SQL_AND.length; i++) {
      bingoQuery = setParameter(msg, param, value + SQL_AND[i]);
      sendAndReceive(msg);

      displayURI = msg.getRequestHeader().getURI().toString();

      if (checkANDResult(msg, bingoQuery)) {
        return;
      }

      if (msg.getResponseHeader().getStatusCode() == HttpStatusCode.OK) {

        resBodyAND = stripOff(msg.getResponseBody().toString(), SQL_AND[i]);

        if (resBodyAND.compareTo(mResBodyNormal) == 0) {

          newQuery = setParameter(msg, param, value + SQL_AND_ERR[i]);
          sendAndReceive(msg);
          resBodyANDErr = stripOff(msg.getResponseBody().toString(), SQL_AND_ERR[i]);

          // build a always false AND query. Result should be
          // different to prove the SQL works.
          if (resBodyANDErr.compareTo(mResBodyNormal) != 0) {
            getKb().add(msg.getRequestHeader().getURI(), "sql/and", new Boolean(true));
            bingo(Alert.RISK_HIGH, Alert.WARNING, displayURI, bingoQuery, "", msg);
            return;
          } else {
            // OR check is used to figure out if there is any
            // diffrence if a AND query return nothing
            newQuery = setParameter(msg, param, value + SQL_OR[i]);
            sendAndReceive(msg);
            resBodyOR = stripOff(msg.getResponseBody().toString(), SQL_OR[i]);

            if (resBodyOR.compareTo(mResBodyNormal) != 0) {
              getKb().add(msg.getRequestHeader().getURI(), "sql/or", new Boolean(true));
              bingo(Alert.RISK_HIGH, Alert.WARNING, displayURI, newQuery, "", msg);
              return;
            }
          }
        }

      }
    }

    if (getKb().getBoolean(msg.getRequestHeader().getURI(), "sql/mssql")) {
      return;
    }

    // try BLIND SQL SELECT using timing
    newQuery = setParameter(msg, param, value + SQL_DELAY_1);
    sendAndReceive(msg);

    if (checkTimeResult(msg, newQuery, defaultTimeUsed, msg.getTimeElapsedMillis())) {
      return;
    }

    newQuery = setParameter(msg, param, value + SQL_DELAY_2);
    sendAndReceive(msg);

    if (checkTimeResult(msg, newQuery, defaultTimeUsed, msg.getTimeElapsedMillis())) {
      return;
    }

    // try BLIND MSSQL INSERT using timing
View Full Code Here

    }
  }

 
  public void scanSQL(HttpMessage baseMsg, String param, String value) throws HttpException, IOException {
    HttpMessage msg = getNewMsg();

    // always try normal query first
    sendAndReceive(msg);
    if (msg.getResponseHeader().getStatusCode() != HttpStatusCode.OK) {
      return;
    }

    mResBodyNormal = msg.getResponseBody().toString();

    if (getKb().getBoolean(msg.getRequestHeader().getURI(), "sql/and")) {
      if (getKb().getString("sql/mssql/username") != null) {
        checkDBUserName(msg, param, value);
      }

      if (getKb().getString("sql/mssql/tablename") != null) {
View Full Code Here

TOP

Related Classes of org.parosproxy.paros.network.HttpMessage

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.