diff --git a/addOns/automacrobuilder/CHANGELOG.md b/addOns/automacrobuilder/CHANGELOG.md index c43f005..7759096 100644 --- a/addOns/automacrobuilder/CHANGELOG.md +++ b/addOns/automacrobuilder/CHANGELOG.md @@ -2,6 +2,12 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## [v1.1.12] - 2023-12-12 +### Added +- improve: Automacrobuilder now tracks cookies in http resposes on "ZAP's proxy". +### Fixed +- bugfix: Fixed incorrect codes in cookie state management. + ## [v1.1.11] - 2023-11-29 ### Changed - bugfix: removed no meaning condition code in CSV column parameter setting. diff --git a/addOns/automacrobuilder/automacrobuilder.gradle.kts b/addOns/automacrobuilder/automacrobuilder.gradle.kts index cf9a5b1..83356e6 100644 --- a/addOns/automacrobuilder/automacrobuilder.gradle.kts +++ b/addOns/automacrobuilder/automacrobuilder.gradle.kts @@ -1,6 +1,6 @@ import org.zaproxy.gradle.addon.AddOnStatus -version = "1.1.11" +version = "1.1.12" description = "AutoMacroBuilder for ZAP" tasks.withType { diff --git a/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/CookieManager.java b/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/CookieManager.java new file mode 100644 index 0000000..3a4e698 --- /dev/null +++ b/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/CookieManager.java @@ -0,0 +1,228 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2020 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.zaproxy.zap.extension.automacrobuilder; + +import java.net.CookiePolicy; +import java.net.CookieStore; +import java.net.HttpCookie; +import java.net.URI; +import java.net.URISyntaxException; +import java.util.ArrayList; +import java.util.HashSet; +import java.util.List; +import java.util.Set; + +/** @author gdgd009xcd */ +public class CookieManager implements DeepClone { + private static final org.apache.logging.log4j.Logger LOGGER4J = + org.apache.logging.log4j.LogManager.getLogger(); + private java.net.CookieManager manager = null; + private CookieStore cookiestore = null; + private Set originalURIs; + + CookieManager() { + init(); + } + + private void init() { + manager = new java.net.CookieManager(); + manager.setCookiePolicy(CookiePolicy.ACCEPT_NONE); + cookiestore = manager.getCookieStore(); + originalURIs = new HashSet<>(); + } + + private URI getURI(String domain, String path, boolean isSSL) { + try { + String url = (isSSL ? "https://" : "http://") + domain + path; + URI uri = new URI(url); + // System.out.println("getURI: [" + uri.toString() + " scheme[" + uri.getScheme() + "] + // host[" + uri.getHost() + "] path[" + uri.getPath() + "]"); + return uri; + } catch (URISyntaxException ex) { + LOGGER4J.error(ex.getMessage(), ex); + } + return null; + } + + + public void removeAll() { + cookiestore.removeAll();originalURIs.clear(); + } + + /** + * Parse Set-Cookie or Set-Cookie2 header and stores it in cookiestore. + * + * @param hostName name or IP address in URI + * @param path pathName in URI + * @param setCookieHeader + * @return parsed List + */ + public List parse(String hostName, String path, String setCookieHeader) { + List parsedcookies = HttpCookie.parse(setCookieHeader); + if (parsedcookies != null && parsedcookies.size() > 0) { + URI uri = + getURI( + hostName, path, + + true); // SSL attribute is ignored when cookie values ​​are added to + String defaultPath = extractDefaultPath(path); + originalURIs.add(uri); + // + // Description of Cookie Attributes + // + // * domain + // specified: + // cookie is sent specified domain or subdomain of it. + // the domain attribute must be a domain containing the + // current host name, so, only same as host or subdomain can be specified. + // (ex: hostname example.com domain=example.com or domain=www.example.com) + // Not specified: + // If domain attribute is not specified, the cookie is sent only to the host that sent Set-Cookie. + // + // * path + // specified: + // cookie is sent to the request path which prefix matches the path value. + // + // Not specified: + // defaultPath is assigned as the path value. defaultPath is directory portion of request-uri. + // ex1. uri=http://test.com/shared/lib/index.php + // defaultPath = /shared/lib + // ex2. uri=http://test.com/index.php + // defaultPath = / + // ex3. uri=http://test.com/ + // defaultPath = / + // + // + for (HttpCookie hc : parsedcookies) { + String pathProp = hc.getPath(); + if (pathProp == null || pathProp.isEmpty()) { + hc.setPath(defaultPath); + } + cookiestore.add(uri, hc); + } + return parsedcookies; + } + return null; + } + + + public List get(String domain, String path, boolean isSSL) { + URI uri = + getURI( + domain, path, + isSSL); // isSSL : secure attribute is ignored in this get method. + return get(uri); + } + + public List get(URI uri) { + String path = uri.getPath(); + try { + // System.out.println("get: domain[" + domain + "] path[" + path + "] SSL:" + + // (isSSL?"TRUE":"FALSE")); + List rawresults = cookiestore.get(uri); + LOGGER4J.debug("rawresults.size=" + rawresults.size()); + // cookiestore.get implementation ignores path attribute. + // so, It is necessary to search the path attribute. + ArrayList results = new ArrayList<>(); + for (HttpCookie hc : rawresults) { + String hc_path = hc.getPath(); + if (hc_path != null && path != null) { + if (path.startsWith(hc_path)) { + results.add(hc); + } + } else { + results.add(hc); + } + } + return results; + } catch (NullPointerException ex) { + LOGGER4J.error(ex.getMessage(), ex); + } + return null; + } + + public List getCookies() { + return cookiestore.getCookies(); + } + + /** + * getURIs always return [http://domain]. protocol always [http], path is "". The value returned + * by the getURIs function is different from when it was added to the store. so I think + * cookiestore's URI is something customized. + * + * @return List + */ + @Deprecated + private List getURIs() { + return cookiestore.getURIs(); + } + + + @Override + public CookieManager clone() { + try { + CookieManager nobj = (CookieManager) super.clone(); + nobj.init(); + nobj.addCookieManager(this); + return nobj; + } catch (CloneNotSupportedException ex) { + LOGGER4J.error(ex.getMessage(), ex); + } + + return null; + } + + + /** + * extract the default-path of Cookie path from request-path + * + * @param requestPath + * @return default-path + */ + public String extractDefaultPath(String requestPath) { + if (requestPath == null || requestPath.isEmpty()) return "/"; + int endPos = requestPath.lastIndexOf("/"); + if (endPos > 0) { + return requestPath.substring(0, endPos); + } + return "/"; + } + + public void addCookieManager(CookieManager cookieManager) { + Set URIs = cookieManager.getOriginalURIs(); + if (URIs != null) { + URIs.forEach( + uri -> { + List cookies = cookieManager.get(uri); + this.originalURIs.add(uri); + cookies.forEach( + cookie -> { + this.cookiestore.add( + uri, + CastUtils.castToType( + cookie.clone())); // uri: immutable, + // cookie has clone() + }); + }); + } + } + + public Set getOriginalURIs() {return this.originalURIs;} +} diff --git a/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/ParmGenCookieManager.java b/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/ParmGenCookieManager.java deleted file mode 100644 index 692f988..0000000 --- a/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/ParmGenCookieManager.java +++ /dev/null @@ -1,200 +0,0 @@ -/* - * Zed Attack Proxy (ZAP) and its related class files. - * - * ZAP is an HTTP/HTTPS proxy for assessing web application security. - * - * Copyright 2020 The ZAP Development Team - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.zaproxy.zap.extension.automacrobuilder; - -import java.net.CookieManager; -import java.net.CookiePolicy; -import java.net.CookieStore; -import java.net.HttpCookie; -import java.net.URI; -import java.net.URISyntaxException; -import java.util.ArrayList; -import java.util.List; -import java.util.logging.Level; -import java.util.logging.Logger; - -/** @author gdgd009xcd */ -public class ParmGenCookieManager implements DeepClone { - private CookieManager manager = null; - private CookieStore cookiestore = null; - - ParmGenCookieManager() { - init(); - } - - private void init() { - manager = new CookieManager(); - manager.setCookiePolicy(CookiePolicy.ACCEPT_NONE); - cookiestore = manager.getCookieStore(); - } - - private URI getURI(String domain, String path, boolean isSSL) { - try { - String url = (isSSL ? "https://" : "http://") + domain + path; - URI uri = new URI(url); - // System.out.println("getURI: [" + uri.toString() + " scheme[" + uri.getScheme() + "] - // host[" + uri.getHost() + "] path[" + uri.getPath() + "]"); - return uri; - } catch (URISyntaxException ex) { - Logger.getLogger(ParmGenCookieManager.class.getName()).log(Level.SEVERE, null, ex); - } - return null; - } - - /** - * add cookie currently no used. - * - * @param domain - * @param path - * @param name - * @param value - * @param isSSL - */ - public void add(String domain, String path, String name, String value, boolean isSSL) { - URI uri = getURI(domain, path, isSSL); - HttpCookie hcookie = new HttpCookie(name, value); - hcookie.setDomain(domain); - hcookie.setPath(path); - hcookie.setSecure(isSSL); - cookiestore.add(uri, hcookie); - } - - public void removeAll() { - cookiestore.removeAll(); - } - - public boolean remove(String domain, String path, String name) { - URI uri = getURI(domain, path, false); - HttpCookie hcookie = new HttpCookie(name, ""); - hcookie.setDomain(domain); - hcookie.setPath(path); - return cookiestore.remove(uri, hcookie); - } - - /** - * Parse Set-Cookie or Set-Cookie2 header and stores it in cookiestore. - * - * @param domain - * @param path - * @param cheader - * @return parsed List - */ - public List parse(String domain, String path, String cheader) { - List parsedcookies = HttpCookie.parse(cheader); - if (parsedcookies != null && parsedcookies.size() > 0) { - URI uri = - getURI( - domain, "/", - true); // SSL attribute is ignored when cookie values ​​are added to - // this cookie store. - // Cookie値がこのCookieストアに追加される際、ここで指定したSSL属性は無視されます。 - // * The domain specified in the domain attribute must be a domain containing the - // current host name, so, only same as host or subdomain can be specified. - // (ex: hostname example.com domain=example.com or domain=www.example.com) - // * Set-Cookieで指定されるドメイン属性は、現在のホスト名をふくんでいなくてはならない。つまりホストと同じかサブドメインのみ指定可能 - // (例: host名 example.com domain=example.com or domain=www.example.com) - // If domain attribute is not specified, the cookie is sent only to the host that sent - // Set-Cookie. - // domain属性無指定の場合は、現在のホストにのみcookieは送信される。 - for (HttpCookie hc : parsedcookies) { - String pathprop = hc.getPath(); - if (pathprop == null || pathprop.length() <= 0) { - hc.setPath(path); - } - cookiestore.add(uri, hc); - } - return parsedcookies; - } - return null; - } - - public List get(URI uri) { - return cookiestore.get(uri); - } - - public List get(String domain, String path, boolean isSSL) { - try { - URI uri = - getURI( - domain, path, - isSSL); // isSSL : secure attribute is ignored in this get method. - // System.out.println("get: domain[" + domain + "] path[" + path + "] SSL:" + - // (isSSL?"TRUE":"FALSE")); - List rawresults = cookiestore.get(uri); - // cookiestore.get implimentation ignores path attribute. - // so, It is necessary to search the path attribute. - ArrayList results = new ArrayList<>(); - for (HttpCookie hc : rawresults) { - String hc_path = hc.getPath(); - if (path.startsWith(hc_path)) { - results.add(hc); - } - } - return results; - } catch (NullPointerException ex) { - Logger.getLogger(ParmGenCookieManager.class.getName()).log(Level.SEVERE, null, ex); - } - return null; - } - - public List getCookies() { - return cookiestore.getCookies(); - } - - /** - * getURIs always return [http://domain]. protocol always [http], path is "". The value returned - * by the getURIs function is different from when it was added to the store. so I think - * cookiestore's URI is something customized. - * - * @return List - */ - public List getURIs() { - return cookiestore.getURIs(); - } - - @Override - public ParmGenCookieManager clone() { - try { - ParmGenCookieManager nobj = (ParmGenCookieManager) super.clone(); - nobj.init(); - - List urilist = this.cookiestore.getURIs(); - if (urilist != null) { - urilist.forEach( - uri -> { - List cookies = this.cookiestore.get(uri); - cookies.forEach( - cookie -> { - nobj.cookiestore.add( - uri, - CastUtils.castToType( - cookie.clone())); // uri: immutable, - // cookie has clone() - }); - }); - } - return nobj; - } catch (CloneNotSupportedException ex) { - Logger.getLogger(ParmGenCookieManager.class.getName()).log(Level.SEVERE, null, ex); - } - - return null; - } -} diff --git a/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/ParmGenMacroTrace.java b/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/ParmGenMacroTrace.java index 172d81e..142a5af 100644 --- a/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/ParmGenMacroTrace.java +++ b/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/ParmGenMacroTrace.java @@ -49,7 +49,7 @@ public class ParmGenMacroTrace extends ClientDependent { private FetchResponseVal fetchResVal = null; // token cache has DeepCloneable - private ParmGenCookieManager cookieMan = null; // cookie manager has DeepCloneable + private CookieManager cookieMan = null; // cookie manager has DeepCloneable PRequestResponse toolbaseline = null; // single shot request tool baseline request // such as Repeater. when mutithread scan, this parameter is null. @@ -207,6 +207,12 @@ public ParmGenMacroTrace createScanRunningInstance( nobj.tabIndex = pmtParams.getTabIndex(); nobj.fetchResVal = this.fetchResVal != null ? this.fetchResVal.clone() : null; // deepclone nobj.cookieMan = this.cookieMan != null ? this.cookieMan.clone() : null; // deepclone + if (pmtProvider.getCBInheritFromCache()) { + if (nobj.cookieMan == null) { + nobj.cookieMan = new CookieManager(); + } + nobj.cookieMan.addCookieManager(pmtProvider.getCookieManagerInAppScope()); + } nobj.savelist = new HashMap<>(); nobj.toolbaseline = this.toolbaseline != null ? this.toolbaseline.clone() : null; nobj.CBInheritFromCache = @@ -1172,7 +1178,7 @@ public void nullfetchResValAndCookieMan() { public boolean initCookieManager() { if (cookieMan == null) { - cookieMan = new ParmGenCookieManager(); + cookieMan = new CookieManager(); return true; } return false; @@ -1185,7 +1191,7 @@ public void parseSetCookie(PRequestResponse pqrs) { for (String headerval : setcookieheaders) { String cheader = "Set-Cookie: " + headerval; String domain = pqrs.request.getHost(); - String path = "/"; // default root path + String path = pqrs.request.getPath(); cookieMan.parse(domain, path, cheader); } } diff --git a/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/ParmGenMacroTraceProvider.java b/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/ParmGenMacroTraceProvider.java index e6a67bb..2bec7c0 100644 --- a/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/ParmGenMacroTraceProvider.java +++ b/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/ParmGenMacroTraceProvider.java @@ -19,13 +19,14 @@ */ package org.zaproxy.zap.extension.automacrobuilder; +import org.apache.commons.httpclient.URI; +import org.parosproxy.paros.network.HtmlParameter; +import org.parosproxy.paros.network.HttpMessage; +import org.parosproxy.paros.network.HttpRequestHeader; +import org.parosproxy.paros.network.HttpResponseHeader; import org.zaproxy.zap.extension.automacrobuilder.view.SwingTimerFakeRunner; -import java.util.ArrayList; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.UUID; +import java.util.*; import java.util.concurrent.ConcurrentHashMap; /** @@ -52,6 +53,7 @@ public class ParmGenMacroTraceProvider { private boolean CBreplaceCookie = false; // == true then overwrite Cookie private boolean CBreplaceTrackingParam = false; // == true then overwrite Tracking Tokens private int waittimer = 0; // wait timer (msec) + private CookieManager cookieManagerInAppScope;//collecting set-Cookie header values except originated from AutoMacroBuilder public void setCBInheritFromCache(boolean b) { CBInheritFromCache = b; @@ -121,6 +123,7 @@ public ParmGenMacroTraceProvider() { pmtList = new ArrayList<>(); pmtList.add(pmt_originalbase); swingRunnerMap = new ConcurrentHashMap<>(); + cookieManagerInAppScope = new CookieManager(); } public void clear() { @@ -233,4 +236,45 @@ public void removeSwingRunner(int tabIndex) { runner.doneRunningInstance(); } } + + public void parseSetCookie(HttpMessage httpMessage) { + HttpResponseHeader responseHeader = httpMessage.getResponseHeader(); + // responseHeader.getCookieParams returns header of "set-cookie" and "set-cookie2" + TreeSet cookies = responseHeader.getCookieParams(); + for(HtmlParameter cookie: cookies) { + // Set-Cookie: PHPSESSID=875cfa8439d7912bfda16b35e5cfa7df; path=/; expires=Fri, 08-Dec-23 16:51:00 GMT;domain=localhost; HttpOnly; Secure; + // cookieName = "PHPSESSID"; + // cookieValue = "875cfa8439d7912bfda16b35e5cfa7df"; + // cookieAttrs = new HashSet(); stored entire [name=value] string like following. + // cookieAttrs.add("path=/"); + // cookieAttrs.add("expires=Fri, 08-Dec-23 16:51:00 GMT"); + // cookieAttrs.add("domain=localhost"); + // cookieAttrs.add("HttpOnly"); + // cookieAttrs.add("Secure"); + + String cookieName = cookie.getName(); + String cookieValue = cookie.getValue(); + Set cookieAttrs = cookie.getFlags(); + StringBuffer setCookieLine = new StringBuffer(); + setCookieLine.append("Set-Cookie: "); + setCookieLine.append(cookieName + "=" + cookieValue + ";"); + for(String cookieAttr: cookieAttrs) { + setCookieLine.append(" " + cookieAttr + ";"); + } + HttpRequestHeader requestHeader = httpMessage.getRequestHeader(); + URI uri = requestHeader.getURI(); + try { + String hostName = uri.getHost(); + String path = uri.getPath(); + LOGGER4J.debug("domain[" + hostName + "] path[" + path + "] line[" + setCookieLine.toString() + "]"); + this.cookieManagerInAppScope.parse(hostName, path, setCookieLine.toString()); + }catch (Exception ex) { + + } + } + } + + public CookieManager getCookieManagerInAppScope() { + return this.cookieManagerInAppScope; + } } diff --git a/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/ParseHTTPHeaders.java b/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/ParseHTTPHeaders.java index 66ddbce..6be202b 100644 --- a/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/ParseHTTPHeaders.java +++ b/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/ParseHTTPHeaders.java @@ -52,7 +52,7 @@ class ParseHTTPHeaders implements DeepClone { String url; boolean isSSL; // ==true then ssl String path; - String path_pref_url; + private String scheme; String protocol; String status; String reason; @@ -173,7 +173,7 @@ private void init() { formdata = false; content_length = -1; bytebody = null; - path_pref_url = ""; + scheme = ""; parsedheaderlength = 0; isHeaderModified = true; } @@ -206,7 +206,7 @@ private void deepcopy(ParseHTTPHeaders pheaders) { url = pheaders.url; isSSL = pheaders.isSSL; path = pheaders.path; - path_pref_url = pheaders.path_pref_url; + scheme = pheaders.scheme; protocol = pheaders.protocol; status = pheaders.status; reason = pheaders.reason; @@ -314,8 +314,8 @@ public boolean isSSL() { return isSSL; } - public String getPathPrefURL() { - return path_pref_url; + public String getScheme() { + return scheme; } public boolean isFormData() { @@ -422,10 +422,10 @@ private ArrayList Parse(String httpmessage) { // request or response path = parms[0]; String lowerpath = path.toLowerCase(); if (lowerpath.startsWith("http")) { - path_pref_url = "http"; + scheme = "http"; isSSL = false; if (lowerpath.startsWith("https")) { - path_pref_url = "https"; + scheme = "https"; isSSL = true; } String[] actualpaths = path.split("[/]"); @@ -839,7 +839,7 @@ boolean setCookies( return false; } - public boolean setCookiesFromCookieMan(ParmGenCookieManager cookieman) { + public boolean setCookiesFromCookieMan(CookieManager cookieman) { List hcookies = cookieman.get(host, path, isSSL); return setCookies(hcookies); } @@ -1692,6 +1692,10 @@ public ParmGenMacroTraceParams getParamsCustomHeader() { return pmtParams; } + public String getPath() { + return this.path; + } + @Override public ParseHTTPHeaders clone() { try { diff --git a/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/generated/ParmGenNew.java b/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/generated/ParmGenNew.java index 67fcbb3..c6ea4d3 100644 --- a/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/generated/ParmGenNew.java +++ b/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/generated/ParmGenNew.java @@ -21,19 +21,18 @@ import org.zaproxy.zap.extension.automacrobuilder.*; import org.zaproxy.zap.extension.automacrobuilder.view.JTextPaneContents; import org.zaproxy.zap.extension.automacrobuilder.view.TextPaneLineWrapper; +import org.zaproxy.zap.extension.automacrobuilder.zap.ZapUtil; /** * - * @author tms783 + * @author gdgd009xcd */ @SuppressWarnings("serial") public class ParmGenNew extends javax.swing.JFrame implements InterfaceRegex, interfaceParmGenWin { private static org.apache.logging.log4j.Logger LOGGER4J = org.apache.logging.log4j.LogManager.getLogger(); - // 下記定数P_XXXは、ModelTabsの各タブの出現順序と一致しなければならない。 - // ModelTabsStateChangedでタブ切り替えた場合に、切り替えたタブの番号ModelTabs.getSelectedIndex()の返値と下記定数は - // 対応している。 + // below P_XXX variables are tabIndex number of ModelTabs. public final static int P_NUMBERMODEL = 0; final static int P_CSVMODEL = 1; final static int P_TRACKMODEL = 2; @@ -41,7 +40,7 @@ public class ParmGenNew extends javax.swing.JFrame implements InterfaceRegex, in final static int P_RANDOMMODEL = 4;//NOP - // + // below P_XXX variables are tabIndex number of ResReqTabs. public final static int P_REQUESTTAB = 0; public final static int P_RESPONSETAB = 1; private static final ResourceBundle bundle = ResourceBundle.getBundle("burp/Bundle"); @@ -99,17 +98,19 @@ public ParmGenNew(CustomTrackingParamterConfigMain _parentwin, AppParmsIni _rec) String _url = mess.request.getURL(); selected_requestURL.setText(_url); - - SwingUtilities.invokeLater(() -> { - try { - JTextPaneContents reqdoc = new JTextPaneContents(RequestArea); - reqdoc.setRequestChunks(mess.request); - } catch (Exception ex) { - Logger.getLogger(ParmGenNew.class.getName()).log(Level.SEVERE, null, ex); + + ZapUtil.SwingInvokeLaterIfNeeded(new Runnable() { + @Override + public void run() { + try { + JTextPaneContents reqdoc = new JTextPaneContents(RequestArea); + reqdoc.setRequestChunks(mess.request); + } catch (Exception ex) { + LOGGER4J.error(ex.getMessage(), ex); + } } - }); - + current_model = P_NUMBERMODEL; if(_rec!=null){ @@ -143,6 +144,9 @@ public ParmGenNew(CustomTrackingParamterConfigMain _parentwin, AppParmsIni _rec) addrec = rec; CSVrewind.setSelected(true); NumberRewind.setSelected(true); + if (ParmGenGSONSaveV2.proxy_messages.size() > 1) { + current_model = P_TRACKMODEL; + } } setAppParmsIni(); diff --git a/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/zap/MyFirstSenderListener.java b/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/zap/MyFirstSenderListener.java index e3a8306..8455b20 100644 --- a/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/zap/MyFirstSenderListener.java +++ b/addOns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/zap/MyFirstSenderListener.java @@ -24,6 +24,8 @@ import org.parosproxy.paros.network.HttpRequestHeader; import org.parosproxy.paros.network.HttpSender; import org.zaproxy.zap.extension.ascan.ExtensionActiveScan; +import org.zaproxy.zap.extension.automacrobuilder.ParmGenMacroTrace; +import org.zaproxy.zap.extension.automacrobuilder.ParmGenMacroTraceProvider; import org.zaproxy.zap.extension.automacrobuilder.ThreadManagerProvider; import org.zaproxy.zap.extension.forceduser.ExtensionForcedUser; import org.zaproxy.zap.network.HttpSenderListener; @@ -122,6 +124,17 @@ public void onHttpResponseReceive(HttpMessage arg0, int arg1, HttpSender arg2) { "onHttpRequestReceive Sender is originated from StartedActiveScan. HttpSender:" + arg2); } else { + switch(arg1) { + // tracking cookies only in proxy/manual request. + case HttpSender.PROXY_INITIATOR: + case HttpSender.MANUAL_REQUEST_INITIATOR: + ParmGenMacroTraceProvider pmtProvider = this.startedcon.getPmtProvider(); + pmtProvider.parseSetCookie(arg0); + break; + default: + break; + } + LOGGER4J.debug("onHttpResponseReceive: no action. sender is not created by ExtensionActiveScanWrapper"); } } finally {