Package org.zaproxy.zap.httputils

Examples of org.zaproxy.zap.httputils.HtmlContextAnalyser


        // Not an error, just means we probably attacked the redirect location
    } catch (Exception e) {
      log.error(e.getMessage(), e);
    }

        HtmlContextAnalyser hca = new HtmlContextAnalyser(msg2);
        if (Plugin.AlertThreshold.HIGH.equals(this.getAlertThreshold())) {
          // High level, so check all results are in the expected context
          return hca.getHtmlContexts(attack, targetContext, ignoreFlags);
        }
        return hca.getHtmlContexts(attack);
    }
View Full Code Here


        // Inject the 'safe' eyecatcher and see where it appears
      boolean attackWorked = false;
      setParameter(msg, param, Constant.getEyeCatcher());
            sendAndReceive(msg);
           
            HtmlContextAnalyser hca = new HtmlContextAnalyser(msg);
            List<HtmlContext> contexts = hca.getHtmlContexts(Constant.getEyeCatcher(), null, 0);
            if (contexts.size() == 0) {
              // Lower case?
                contexts = hca.getHtmlContexts(Constant.getEyeCatcher().toLowerCase(), null, 0);
            }
            if (contexts.size() == 0) {
              // Upper case?
                contexts = hca.getHtmlContexts(Constant.getEyeCatcher().toUpperCase(), null, 0);
            }
            if (contexts.size() == 0) {
              // No luck - try again, appending the eyecatcher to the original value
          setParameter(msg, param, param + Constant.getEyeCatcher());
                sendAndReceive(msg);
                hca = new HtmlContextAnalyser(msg);
              contexts = hca.getHtmlContexts(value + Constant.getEyeCatcher(), null, 0);
            }
            if (contexts.size() == 0) {
              // No luck - lets just try a direct attack
              List<HtmlContext> contexts2 = performAttack (msg, param,
                  "'\"<script>alert(1);</script>", null, 0);
View Full Code Here

      sendAndReceive(sinkMsg2);
    } catch (Exception e) {
      log.error(e.getMessage(), e);
    }

        HtmlContextAnalyser hca = new HtmlContextAnalyser(sinkMsg2);
        if (Plugin.AlertThreshold.HIGH.equals(this.getAlertThreshold())) {
          // High level, so check all results are in the expected context
          return hca.getHtmlContexts(attack, targetContext, ignoreFlags);
        }
        return hca.getHtmlContexts(attack);
    }
View Full Code Here

              // Check each sink
              for (HttpMessage sinkMsg : sinks) {
                sinkMsg = sinkMsg.cloneRequest();
                sendAndReceive(sinkMsg);
               
                HtmlContextAnalyser hca = new HtmlContextAnalyser(sinkMsg);
                List<HtmlContext> contexts = hca.getHtmlContexts(Constant.getEyeCatcher(), null, 0);
               
                for (HtmlContext context : contexts) {
                  // Loop through the returned contexts and lauch targetted attacks
                  if (attackWorked) {
                    break;
View Full Code Here

TOP

Related Classes of org.zaproxy.zap.httputils.HtmlContextAnalyser

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.