Java tutorial
/* * Zed Attack Proxy (ZAP) and its related class files. * * ZAP is an HTTP/HTTPS proxy for assessing web application security. * * Copyright 2012 The ZAP development team * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.zaproxy.zap.extension.quickstart; import java.awt.BorderLayout; import java.awt.Color; import java.awt.Event; import java.awt.GridBagConstraints; import java.awt.GridBagLayout; import java.awt.Insets; import java.awt.Toolkit; import java.awt.event.KeyEvent; import java.net.URL; import javax.swing.BorderFactory; import javax.swing.ImageIcon; import javax.swing.JButton; import javax.swing.JLabel; import javax.swing.JPanel; import javax.swing.JScrollPane; import javax.swing.KeyStroke; import javax.swing.border.EtchedBorder; import org.apache.commons.httpclient.URI; import org.parosproxy.paros.Constant; import org.parosproxy.paros.control.Control; import org.parosproxy.paros.control.Control.Mode; import org.parosproxy.paros.extension.AbstractPanel; import org.parosproxy.paros.model.Model; import org.parosproxy.paros.model.SiteNode; import org.parosproxy.paros.view.View; import org.zaproxy.zap.extension.alert.ExtensionAlert; import org.zaproxy.zap.extension.api.API; import org.zaproxy.zap.extension.brk.BreakPanel; import org.zaproxy.zap.extension.search.SearchPanel; import org.zaproxy.zap.extension.tab.Tab; import org.zaproxy.zap.utils.DesktopUtils; import org.zaproxy.zap.utils.DisplayUtils; import org.zaproxy.zap.utils.ZapTextField; import org.zaproxy.zap.view.LayoutHelper; import org.zaproxy.zap.view.NodeSelectDialog; public class QuickStartPanel extends AbstractPanel implements Tab { private static final long serialVersionUID = 1L; private ExtensionQuickStart extension; private JButton attackButton = null; private JButton stopButton = null; private JButton confButton = null; private ZapTextField urlField = null; private ZapTextField confField = null; private JLabel progressLabel = null; public QuickStartPanel(ExtensionQuickStart extension) { super(); this.extension = extension; initialize(); } private void initialize() { this.setIcon(new ImageIcon(BreakPanel.class.getResource("/resource/icon/16/147.png"))); // 'lightning' icon this.setDefaultAccelerator(KeyStroke.getKeyStroke(KeyEvent.VK_Q, Toolkit.getDefaultToolkit().getMenuShortcutKeyMask() | Event.SHIFT_MASK, false)); this.setMnemonic(Constant.messages.getChar("quickstart.panel.mnemonic")); this.setLayout(new BorderLayout()); JPanel panelContent = new JPanel(new GridBagLayout()); JScrollPane jScrollPane = new JScrollPane(); jScrollPane.setFont(new java.awt.Font("Dialog", java.awt.Font.PLAIN, 11)); jScrollPane.setHorizontalScrollBarPolicy(javax.swing.JScrollPane.HORIZONTAL_SCROLLBAR_AS_NEEDED); jScrollPane.setViewportView(panelContent); this.add(jScrollPane, BorderLayout.CENTER); panelContent.setBackground(Color.white); panelContent.setBorder(BorderFactory.createEtchedBorder(EtchedBorder.RAISED)); /* * Layout: * Col 0 1 2 3 4 * Row+----------------------+----------------------+----------------------+----------------------+----------------------+ * 0 | Top welcome message | zap128x128.png | * 1 | URL: | [ Url field ] | | * 2 | | [ Attack button ] | [ Stop button ] | padding | | * 3 | Progress: | Progress details | | * | Bottom message | * | Show at start: | [x] | | | | * +----------------------+----------------------+----------------------+----------------------+----------------------+ */ panelContent.add(new JLabel(Constant.messages.getString("quickstart.panel.topmsg")), LayoutHelper.getGBC(0, 0, 4, 1.0D, new Insets(5, 5, 5, 5))); if (Constant.isDevBuild()) { panelContent.add( new JLabel(new ImageIcon(QuickStartPanel.class .getResource("/org/zaproxy/zap/extension/quickstart/resources/zap128x128dark.png"))), LayoutHelper.getGBC(4, 0, 1, 0.0D, 0.0D, GridBagConstraints.NORTH)); } else { panelContent.add( new JLabel(DisplayUtils.getScaledIcon( new ImageIcon(SearchPanel.class.getResource("/resource/zap128x128.png")))), LayoutHelper.getGBC(4, 0, 1, 0.0D, 0.0D, GridBagConstraints.NORTH)); } panelContent.add(new JLabel(Constant.messages.getString("quickstart.label.url")), LayoutHelper.getGBC(0, 1, 1, 0.0D, new Insets(5, 5, 5, 5))); JPanel urlSelectPanel = new JPanel(new GridBagLayout()); JButton selectButton = new JButton(Constant.messages.getString("all.button.select")); selectButton.setIcon( DisplayUtils.getScaledIcon(new ImageIcon(View.class.getResource("/resource/icon/16/094.png")))); // Globe icon selectButton.addActionListener(new java.awt.event.ActionListener() { @Override public void actionPerformed(java.awt.event.ActionEvent e) { NodeSelectDialog nsd = new NodeSelectDialog(View.getSingleton().getMainFrame()); SiteNode node = null; try { node = Model.getSingleton().getSession().getSiteTree() .findNode(new URI(getUrlField().getText(), false)); } catch (Exception e2) { // Ignore } node = nsd.showDialog(node); if (node != null && node.getHistoryReference() != null) { try { getUrlField().setText(node.getHistoryReference().getURI().toString()); } catch (Exception e1) { // Ignore } } } }); urlSelectPanel.add(this.getUrlField(), LayoutHelper.getGBC(0, 0, 1, 1.0D)); urlSelectPanel.add(selectButton, LayoutHelper.getGBC(1, 0, 1, 0.0D)); panelContent.add(urlSelectPanel, LayoutHelper.getGBC(1, 1, 3, 0.25D)); panelContent.add(this.getAttackButton(), LayoutHelper.getGBC(1, 2, 1, 0.0D)); panelContent.add(this.getStopButton(), LayoutHelper.getGBC(2, 2, 1, 0.0D)); panelContent.add(new JLabel(""), LayoutHelper.getGBC(3, 2, 1, 0.75D, 0.0D)); // Padding to right of buttons progressLabel = new JLabel( Constant.messages.getString("quickstart.progress." + AttackThread.Progress.notstarted.name())); panelContent.add(new JLabel(Constant.messages.getString("quickstart.label.progress")), LayoutHelper.getGBC(0, 3, 1, 0.0D, new Insets(5, 5, 5, 5))); panelContent.add(this.progressLabel, LayoutHelper.getGBC(1, 3, 3, 0.0D)); panelContent.add(new JLabel(Constant.messages.getString("quickstart.panel.proxymsg")), LayoutHelper.getGBC(0, 4, 5, 1.0D, new Insets(5, 5, 5, 5))); if (Control.getSingleton().getExtensionLoader().getExtension("ExtensionPlugNHack") != null) { // Plug-n-Hack extension has been installed - this makes configuration much easier :) if (DesktopUtils.canOpenUrlInBrowser()) { panelContent.add(new JLabel(Constant.messages.getString("quickstart.label.mitm")), LayoutHelper.getGBC(0, 6, 1, 0.0D, new Insets(5, 5, 5, 5))); panelContent.add(this.getConfButton(), LayoutHelper.getGBC(1, 6, 1, 0.0D)); panelContent.add(new JLabel(Constant.messages.getString("quickstart.label.mitmalt")), LayoutHelper.getGBC(0, 7, 1, 0.0D, new Insets(5, 5, 5, 5))); } else { panelContent.add(new JLabel(Constant.messages.getString("quickstart.label.mitmurl")), LayoutHelper.getGBC(0, 7, 1, 0.0D, new Insets(5, 5, 5, 5))); } panelContent.add(this.getConfField(), LayoutHelper.getGBC(1, 7, 3, 0.25D)); } else { panelContent.add(new JLabel(Constant.messages.getString("quickstart.panel.helpmsg")), LayoutHelper.getGBC(0, 5, 5, 1.0D, new Insets(5, 5, 5, 5))); } panelContent.add(new JLabel(""), LayoutHelper.getGBC(0, 10, 4, 1.D, 1.0D)); // Padding at bottom this.setMode(Control.getSingleton().getMode()); } protected void setMode(Mode mode) { switch (mode) { case safe: case protect: this.getUrlField().setEditable(false); this.getAttackButton().setEnabled(false); break; case standard: case attack: this.getUrlField().setEditable(true); this.getAttackButton().setEnabled(true); break; } } private ZapTextField getUrlField() { if (urlField == null) { urlField = new ZapTextField(); urlField.setText("http://"); } return urlField; } private JButton getAttackButton() { if (attackButton == null) { attackButton = new JButton(); attackButton.setText(Constant.messages.getString("quickstart.button.label.attack")); attackButton.setIcon(DisplayUtils .getScaledIcon(new ImageIcon(SearchPanel.class.getResource("/resource/icon/16/147.png")))); // 'lightning' icon attackButton.setToolTipText(Constant.messages.getString("quickstart.button.tooltip.attack")); attackButton.addActionListener(new java.awt.event.ActionListener() { @Override public void actionPerformed(java.awt.event.ActionEvent e) { attackUrl(); } }); } return attackButton; } private JButton getStopButton() { if (stopButton == null) { stopButton = new JButton(); stopButton.setText(Constant.messages.getString("quickstart.button.label.stop")); stopButton.setIcon(DisplayUtils .getScaledIcon(new ImageIcon(SearchPanel.class.getResource("/resource/icon/16/142.png")))); // 'stop' icon stopButton.setToolTipText(Constant.messages.getString("quickstart.button.tooltip.stop")); stopButton.setEnabled(false); stopButton.addActionListener(new java.awt.event.ActionListener() { @Override public void actionPerformed(java.awt.event.ActionEvent e) { stopAttack(); } }); } return stopButton; } private String getPlugNHackUrl() { String apiKey = API.getInstance().getApiKey(); String keyStr = ""; if (apiKey != null && apiKey.length() > 0) { keyStr = "?" + API.API_KEY_PARAM + "=" + apiKey; } return "http://" + Model.getSingleton().getOptionsParam().getProxyParam().getProxyIp() + ":" + Model.getSingleton().getOptionsParam().getProxyParam().getProxyPort() + "/pnh/" + keyStr; } private ZapTextField getConfField() { if (confField == null) { confField = new ZapTextField(); confField.setText(getPlugNHackUrl()); confField.setEditable(false); } return confField; } private JButton getConfButton() { if (confButton == null) { confButton = new JButton(); confButton.setText(Constant.messages.getString("quickstart.button.label.mitm")); confButton.setToolTipText(Constant.messages.getString("quickstart.button.tooltip.mitm")); confButton.setIcon(DisplayUtils.getScaledIcon(new ImageIcon(QuickStartPanel.class .getResource("/org/zaproxy/zap/extension/quickstart/resources/plug.png")))); confButton.addActionListener(new java.awt.event.ActionListener() { @Override public void actionPerformed(java.awt.event.ActionEvent e) { DesktopUtils.openUrlInBrowser(getPlugNHackUrl()); } }); } return confButton; } boolean attackUrl() { URL url; try { url = new URL(this.getUrlField().getText()); } catch (Exception e) { extension.getView().showWarningDialog(Constant.messages.getString("quickstart.url.warning.invalid")); this.getUrlField().requestFocusInWindow(); return false; } getAttackButton().setEnabled(false); getStopButton().setEnabled(true); extension.attack(url); return true; } void setAttackUrl(String url) { getUrlField().setText(url); } private void stopAttack() { extension.stopAttack(); stopButton.setEnabled(false); } protected void notifyProgress(AttackThread.Progress progress) { this.notifyProgress(progress, null); } protected void notifyProgress(AttackThread.Progress progress, String msg) { if (msg == null) { progressLabel.setText(Constant.messages.getString("quickstart.progress." + progress.name())); } else { progressLabel.setText(msg); } switch (progress) { case complete: getAttackButton().setEnabled(true); getStopButton().setEnabled(false); ExtensionAlert extAlert = ((ExtensionAlert) Control.getSingleton().getExtensionLoader() .getExtension(ExtensionAlert.NAME)); if (extAlert != null) { extAlert.setAlertTabFocus(); } break; case failed: case stopped: getAttackButton().setEnabled(true); getStopButton().setEnabled(false); break; default: break; } } /** * This should override (or use) the AbstractPanel class but cant do this until the relevant changes are * available in the zap-extensions trunk * @return */ public boolean isShowByDefault() { return true; } }