org.owasp.jbrofuzz.fuzz.Connection Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of jbrofuzz-encoder Show documentation
Show all versions of jbrofuzz-encoder Show documentation
JBroFuzz is a stateless web application fuzzer for requests
being made over HTTP and/or HTTPS. Its purpose is to provide a single,
portable application that offers stable web protocol fuzzing capabilities.
As a tool, it emerged from the needs of penetration testing.
/**
* JbroFuzz 2.5
*
* JBroFuzz - A stateless network protocol fuzzer for web applications.
*
* Copyright (C) 2007 - 2010 [email protected]
*
* This file is part of JBroFuzz.
*
* JBroFuzz is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* JBroFuzz is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with JBroFuzz. If not, see
* This class gets used to establish each connection being made on a given
* address, port and for a given request.
*
*
* @author [email protected]
* @version 2.2
* @since 0.1
*/
public class Connection {
private final SocketConnection mainConnection;
public Connection(final String urlString, final String message)
throws ConnectionException {
URL url;
try {
url = new URL(urlString);
} catch (final MalformedURLException e1) {
throw new ConnectionException("Malformed URL : " + e1.getMessage() + "\n");
}
final String protocol = url.getProtocol();
final String host = url.getHost();
int port = url.getPort();
// Allow only HTTP/S as protocols
if ((!protocol.equalsIgnoreCase("http"))
&& (!protocol.equalsIgnoreCase("https"))) {
throw new ConnectionException("Protocol is not http://, nor is it https://\n");
}
// Set default ports
if (protocol.equalsIgnoreCase("https") && (port == -1)) {
port = 443;
}
if (protocol.equalsIgnoreCase("http") && (port == -1)) {
port = 80;
}
mainConnection = new SocketConnection(protocol, host, port, message);
}
public String getMessage() {
return mainConnection.getMessage();
}
public String getPort() {
return mainConnection.getPort();
}
public String getReply() {
return mainConnection.getReply();
}
public String getStatus() {
return mainConnection.getStatus();
}
/**
*
* Returns a SSL factory instance that trusts all server certificates.
*
*
*
* Used by the Connection constructor for the SSL socket.
*
*
*
* In the event of an exception, the factory method defaults to a normal
* SSLSocketFactory.
*
*
* @return SSLSocketFactory an SSL socket factory
*
* @since 1.3
*/
protected static final SSLSocketFactory getSocketFactory() throws ConnectionException {
try {
final TrustManager[] tManager = new TrustManager[] {
new FullyTrustingManager()
};
final SSLContext context = SSLContext.getInstance("SSL");
context.init(new KeyManager[0], tManager, new SecureRandom());
return context.getSocketFactory();
} catch (final KeyManagementException e) {
throw new ConnectionException("No SSL algorithm support.");
} catch (final NoSuchAlgorithmException e) {
throw new ConnectionException("Exception when setting up the Naive key management.");
}
}
}