Using invalid protocol instead of HTTP in a request
65 views
Skip to first unread message
Blazing Wind
Nov 9, 2020, 3:54:15 AM11/9/20
to OWASP ZAP Scripts
Hi All,
I am writing an active script that sends many malformed requests. One of them uses a protocol that doesn't exist, e.g.:
GET / INVALIDPROTOCOL/1.1
I set it using msg.setRequestHeader("GET " + msg.getRequestHeader().getURI().toString() + " INVALID/1.1")
When trying to send the request I get an error:
Traceback (most recent call last):
File "<script>", line 57, in scanNode
at org.parosproxy.paros.network.HttpRequestHeader.parse(HttpRequestHeader.java:445)
at org.parosproxy.paros.network.HttpRequestHeader.setMessage(HttpRequestHeader.java:284)
at org.parosproxy.paros.network.HttpRequestHeader.setMessage(HttpRequestHeader.java:307)
at org.parosproxy.paros.network.HttpRequestHeader.<init>(HttpRequestHeader.java:179)
at org.parosproxy.paros.network.HttpMessage.setRequestHeader(HttpMessage.java:378)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
org.parosproxy.paros.network.HttpMalformedHeaderException: org.parosproxy.paros.network.HttpMalformedHeaderException: Failed to find pattern (\w+) +([^\r\n]+) +(HTTP/\d+\.\d+) in: GET http://testphp.vulnweb.com/ INVALID/1.1
It seems the regex does not allow for other protocols than HTTP. Is there a way around it? Or another way to set the protocol?
Thank you
thc...@gmail.com
Nov 9, 2020, 2:01:07 PM11/9/20
to zaproxy...@googlegroups.com
Hi.
It's not possible at the moment to send that.
Best regards.
It's not possible at the moment to send that.
Best regards.
Blazing Wind
Nov 10, 2020, 5:30:50 AM11/10/20
to OWASP ZAP Scripts
Hi
Oh, that's a pity. Nevertheless thanks for the quick response.
Best regards
Reply all
Reply to author
Forward
0 new messages