Skip to content

Commit

Permalink
Merge pull request #36 from gdgd009xcd/ARCADIUS240326
Browse files Browse the repository at this point in the history
## [v1.1.19] - 2024-03-28
  • Loading branch information
gdgd009xcd authored Mar 28, 2024
2 parents 1e846ea + d96d497 commit a20c3a6
Show file tree
Hide file tree
Showing 5 changed files with 56 additions and 14 deletions.
4 changes: 4 additions & 0 deletions addOns/automacrobuilder/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@
All notable changes to this add-on will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
## [v1.1.19] - 2024-03-28
### Changed
- bugfix: Changed to correctly encode and decode the HttpRequest body based on Content-Encoding.

## [v1.1.18] - 2024-03-12
### Changed
- bugfix: Changed ActiveScan behavior when scan is started again.
Expand Down
2 changes: 1 addition & 1 deletion addOns/automacrobuilder/automacrobuilder.gradle.kts
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import org.zaproxy.gradle.addon.AddOnStatus

version = "1.1.18"
version = "1.1.19"
description = "AutoMacroBuilder for ZAP"

tasks.withType<JavaCompile> {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,8 @@ public byte[] getRequestByte() {
.getRequestHeader()
.toString(); // getPrimeHeader() + mLineDelimiter + mMsgHeader +
// mLineDelimiter;
byte[] bodybin = this.href.getHttpMessage().getRequestBody().getBytes();
// get body bytes with applying properly decoding which is based on Content-Encoding
byte[] bodybin = this.href.getHttpMessage().getRequestBody().getContent();
ParmGenBinUtil pbinutil = new ParmGenBinUtil(reqheader.getBytes());
pbinutil.concat(bodybin);
return pbinutil.getBytes();
Expand All @@ -129,7 +130,8 @@ public byte[] getResponseByte() {
.getResponseHeader()
.toString(); // getPrimeHeader() + mLineDelimiter + mMsgHeader +
// mLineDelimiter;
byte[] bodybin = this.href.getHttpMessage().getResponseBody().getBytes();
// get body bytes with applying properly decoding which is base on Content-Encoding
byte[] bodybin = this.href.getHttpMessage().getResponseBody().getContent();
ParmGenBinUtil pbinutil = new ParmGenBinUtil(resheader.getBytes());
pbinutil.concat(bodybin);
return pbinutil.getBytes();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,9 @@ public PRequestResponse clientRequest(ParmGenMacroTrace pmt, PRequest request) {
HttpRequestBody requestbody = htmess.getRequestBody();

ParmGenBinUtil requestbin = new ParmGenBinUtil(requestheader.toString().getBytes());
requestbin.concat(requestbody.getBytes());
//requestbin.concat(requestbody.getBytes());
// must use getContent method which can get properly decoded value.
requestbin.concat(requestbody.getContent());
HttpResponseHeader responseheader = htmess.getResponseHeader();
HttpResponseBody responsebody = htmess.getResponseBody();
String responseHeaderString =
Expand All @@ -77,7 +79,9 @@ public PRequestResponse clientRequest(ParmGenMacroTrace pmt, PRequest request) {
responseEncode = Encode.getEnum(responseHttpContentType.getCharSetName());
}
ParmGenBinUtil responsebin = new ParmGenBinUtil(responseHeaderString.getBytes());
responsebin.concat(responsebody.getBytes());
//responsebin.concat(responsebody.getBytes());
// must use getContent method which get body bytes with applying properly decoding which is based on Content-Encoding
responsebin.concat(responsebody.getContent());
if (responsebin.length() < 1) {
responsebin.clear();
responsebin.concat(
Expand Down Expand Up @@ -189,7 +193,9 @@ public void updateCurrentResponseWithFinalResponse(
if (responsebody == null || responsebody.length < 1) {
responsebody = "".getBytes(); // not null zero length bytes.
}
currentmessage.setResponseBody(responsebody);
//currentmessage.setResponseBody(responsebody);
// set body bytes with applying properly encoding which is based on Content-Encoding
currentmessage.getResponseBody().setContent(responsebody);
} catch (HttpMalformedHeaderException e) {
LOGGER4J.error("", e);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,7 @@

import org.parosproxy.paros.control.Control;
import org.parosproxy.paros.extension.Extension;
import org.parosproxy.paros.network.HttpMalformedHeaderException;
import org.parosproxy.paros.network.HttpMessage;
import org.parosproxy.paros.network.HttpRequestHeader;
import org.parosproxy.paros.network.HttpResponseHeader;
import org.parosproxy.paros.network.*;
import org.zaproxy.zap.control.AddOn;
import org.zaproxy.zap.extension.automacrobuilder.*;
import org.zaproxy.zap.extension.automacrobuilder.view.StyledDocumentWithChunk;
Expand Down Expand Up @@ -86,10 +83,13 @@ public static HttpMessage getHttpMessage(PRequest preq) {
try {
HttpRequestHeader httpReqHeader = new HttpRequestHeader(reqhstr, isSSL);
HttpRequestBody mReqBody = new HttpRequestBody();
mReqBody.setBody(preq.getBodyBytes());
// set PRequest Encoding Charset to request Body Charset
mReqBody.setCharset(preq.getPageEnc().getIANACharsetName());
// setup Content-Encoding handlers(gzip,deflate).
HttpMessage.setContentEncodings(httpReqHeader, mReqBody);
htmess = new HttpMessage(httpReqHeader, mReqBody);
// update request body and apply properly encodings(based on Content-Encoding) to it.
updateRequestContent(htmess, preq.getBodyBytes());
} catch (HttpMalformedHeaderException e) {
LOGGER4J.error("reqhstr:" + reqhstr, e);
}
Expand Down Expand Up @@ -153,15 +153,19 @@ public static PRequestResponse getPRequestResponse(HttpMessage htmess, Encode se
requestBodyEncode = sequenceEncode;
}
ParmGenBinUtil requestbin = new ParmGenBinUtil(requestheader.toString().getBytes());
requestbin.concat(requestbody.getBytes());
//requestbin.concat(requestbody.getBytes());
// must use getContent method. it can apply properly decoding which is based on Content-Encoding
requestbin.concat(requestbody.getContent());
HttpResponseHeader responseheader = htmess.getResponseHeader();
HttpResponseBody responsebody = htmess.getResponseBody();
Encode responseBodyEncode = Encode.getEnum(responsebody.getCharset());
if (responseBodyEncode == null) {
responseBodyEncode = sequenceEncode;
}
ParmGenBinUtil responsebin = new ParmGenBinUtil(responseheader.toString().getBytes());
responsebin.concat(responsebody.getBytes());
//responsebin.concat(responsebody.getBytes());
// must use getContent method which can get properly decoded value which is based on Content-Encoding
responsebin.concat(responsebody.getContent());
if (responsebin.length() < 1) {
responsebin.clear();
Encode enc_iso8859_1 = Encode.ISO_8859_1;
Expand Down Expand Up @@ -200,7 +204,9 @@ public static PRequest getPRequest(HttpMessage htmess, Encode lastResponseEncode
+ lastResponseEncode.getIANACharsetName()
+ "]");
ParmGenBinUtil requestbin = new ParmGenBinUtil(requestheader.toString().getBytes());
requestbin.concat(requestbody.getBytes());
//requestbin.concat(requestbody.getBytes());
// must use getContent method which apply properly decoding based on Content-Encoding
requestbin.concat(requestbody.getContent());
String host = requestheader.getHostName();
int port = requestheader.getHostPort();
boolean isSSL = requestheader.isSecure();
Expand Down Expand Up @@ -365,4 +371,28 @@ public static void SwingInvokeLaterIfNeeded(Runnable runnable) {
runnable.run();
}
}

/**
* update request body with bodyBytes and update Content-Length with bodyBytes.length
*
* @param message
* @param bodyBytes
*/
public static void updateRequestContent(HttpMessage message, byte[] bodyBytes) {
// set request body bytes and apply properly encodings(based on Content-Encoding).
message.getRequestBody().setContent(bodyBytes);
// update Content-Length with bodyBytes.length
int bodyLength = message.getRequestBody().length();
String method = message.getRequestHeader().getMethod();
if (bodyLength == 0
&& (HttpRequestHeader.GET.equalsIgnoreCase(method)
|| HttpRequestHeader.CONNECT.equalsIgnoreCase(method)
|| HttpRequestHeader.DELETE.equalsIgnoreCase(method)
|| HttpRequestHeader.HEAD.equalsIgnoreCase(method)
|| HttpRequestHeader.TRACE.equalsIgnoreCase(method))) {
message.getRequestHeader().setHeader(HttpHeader.CONTENT_LENGTH, null);
return;
}
message.getRequestHeader().setContentLength(bodyLength);
}
}

0 comments on commit a20c3a6

Please sign in to comment.