HttpRequestHeader custom header values
54 views
Skip to first unread message
Xavier Velez
Apr 4, 2022, 5:51:43 PM4/4/22
to OWASP ZAP User Group
Hi,
Is there any way to change the automatic headers added with the constructor HttpRequestHeader(String method, org.apache.commons.httpclient.URI uri, String version)?
I'm specifically looking to change Content-Type and perhaps others like Origin and Referer.
If not, could the HttpRequestHeader(String data) constructor be used to specify custom values? Is there a way to correctly build the headers with string using a JS script? And example would be great since I've tried this and ran into problems with new lines.
Thank you,
thc...@gmail.com
Apr 5, 2022, 2:50:03 AM4/5/22
to zaprox...@googlegroups.com
Hi.
Use setHeader(String, String). There are examples in the Community
Scripts, e.g.:
https://github.com/zaproxy/community-scripts/blob/54fca0ace4ed1618f96567ed85682515c9778b0f/authentication/DjangoAuthentication.js
Best regards.
On 04/04/2022 22:51, Xavier Velez wrote:
> Hi,
>
> Is there any way to change the automatic headers added with the constructor *HttpRequestHeader(String
> method, org.apache.commons.httpclient.URI uri,
> String version)*?
Use setHeader(String, String). There are examples in the Community
Scripts, e.g.:
https://github.com/zaproxy/community-scripts/blob/54fca0ace4ed1618f96567ed85682515c9778b0f/authentication/DjangoAuthentication.js
Best regards.
On 04/04/2022 22:51, Xavier Velez wrote:
> Hi,
>
> method, org.apache.commons.httpclient.URI uri,
> String version)*?
>
> I'm specifically looking to change Content-Type and perhaps others like
> Origin and Referer.
>
> If not, could the *HttpRequestHeader(String data)* constructor be used to
> I'm specifically looking to change Content-Type and perhaps others like
> Origin and Referer.
>
Xavier Velez
Apr 5, 2022, 2:30:19 PM4/5/22
to OWASP ZAP User Group
Thank you so much! It worked as expected.
Just in case people are searching for answers:
I used the following to set these, please note that ORIGIN is a static string part of the HttpRequestHeader class :
authMsg.getRequestHeader().setContentLength(authMsg.getRequestBody().length());
authMsg.getRequestHeader().setHeader(HttpHeader.ACCEPT, "application/json, text/plain, */*");
authMsg.getRequestHeader().setHeader(HttpHeader.CONTENT_TYPE, "application/json");
authMsg.getRequestHeader().setHeader(HttpRequestHeader.ORIGIN, "<REPLACE ME>"); //replace string with IP or location of ORIGIN
authMsg.getRequestHeader().setHeader(HttpHeader.REFERER, " <REPLACE ME> "); //replace string with IP or location of REFERER
authMsg.getRequestHeader().setHeader(HttpHeader.ACCEPT, "application/json, text/plain, */*");
authMsg.getRequestHeader().setHeader(HttpHeader.CONTENT_TYPE, "application/json");
authMsg.getRequestHeader().setHeader(HttpRequestHeader.ORIGIN, "<REPLACE ME>"); //replace string with IP or location of ORIGIN
authMsg.getRequestHeader().setHeader(HttpHeader.REFERER, " <REPLACE ME> "); //replace string with IP or location of REFERER
Again, thank you so much for the help. I went over these templates before posting this question and didn't see it. I'm glad, however, that you could point me to one of them.
Reply all
Reply to author
Forward
0 new messages