-
-
Notifications
You must be signed in to change notification settings - Fork 240
/
Copy pathDjangoAuthentication.js
145 lines (123 loc) · 4.33 KB
/
DjangoAuthentication.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
/*
* A script to provide authentication for Django apps.
*
* First it makes a GET request and obtains the csrfmiddlewaretoken from the response body.
*
* Then it makes a POST request with a body which contains username, password and csrfmiddlewaretoken.
*
* A successful login will result in a 302 redirect. If this happens, a GET request is made to the redirect URL.
*
* Every request made by this script is logged separately to the History tab.
*/
function authenticate(helper, paramsValues, credentials) {
var AuthenticationHelper = Java.type(
"org.zaproxy.zap.authentication.AuthenticationHelper"
);
var HttpRequestHeader = Java.type(
"org.parosproxy.paros.network.HttpRequestHeader"
);
var HttpHeader = Java.type("org.parosproxy.paros.network.HttpHeader");
var URI = Java.type("org.apache.commons.httpclient.URI");
var targetURL = paramsValues.get("Target URL");
var baseURL = targetURL.match(/^(.+?[^\/:](?=[?\/]|$))/i)[1];
//
// First, make a GET request to the login page to get and extract the
// csrfmiddlewaretoken from it.
//
// Build message.
var firstRequestURI = new URI(targetURL, false);
var firstRequestMethod = HttpRequestHeader.GET;
var firstRequestMainHeader = new HttpRequestHeader(
firstRequestMethod,
firstRequestURI,
HttpHeader.HTTP11
);
var firstMsg = helper.prepareMessage();
firstMsg.setRequestHeader(firstRequestMainHeader);
// Send message.
helper.sendAndReceive(firstMsg, false);
// Add message to ZAP history.
AuthenticationHelper.addAuthMessageToHistory(firstMsg);
// Get the csrf token from the response.
var csrfTokenValueRegEx =
/name="csrfmiddlewaretoken"\svalue="([A-Za-z0-9]*)"/i;
var csrfTokenValue = firstMsg
.getResponseBody()
.toString()
.match(csrfTokenValueRegEx)[1];
//
// Now, make a POST request to the login page with user credentials and
// csrfmiddlewaretoken.
//
// Build body.
var secondRequestBody = "csrfmiddlewaretoken=" + csrfTokenValue;
secondRequestBody +=
"&" +
paramsValues.get("Username field") +
"=" +
encodeURIComponent(credentials.getParam("Username"));
secondRequestBody +=
"&" +
paramsValues.get("Password field") +
"=" +
encodeURIComponent(credentials.getParam("Password"));
var extraPostData = paramsValues.get("Extra POST data");
if (extraPostData && extraPostData.trim().length() > 0) {
secondRequestBody += "&" + extraPostData.trim();
}
// Build header.
var secondRequestURI = new URI(targetURL, false);
var secondRequestMethod = HttpRequestHeader.POST;
var secondRequestMainHeader = new HttpRequestHeader(
secondRequestMethod,
secondRequestURI,
HttpHeader.HTTP11
);
// Build message.
var secondMsg = helper.prepareMessage();
secondMsg.setRequestBody(secondRequestBody);
secondMsg.setRequestHeader(secondRequestMainHeader);
secondMsg
.getRequestHeader()
.setContentLength(secondMsg.getRequestBody().length());
secondMsg.getRequestHeader().setHeader(HttpHeader.REFERER, targetURL); // Required by Django for HTTPS connections.
// Send message.
helper.sendAndReceive(secondMsg, false);
// Get the status code of the response.
var secondResponseStatusCode = secondMsg.getResponseHeader().getStatusCode();
//
// If the login is successful, the login page will respond with a 302
// redirect. If it does, follow that redirect.
//
if (secondResponseStatusCode == "302") {
// Add secondMsg to ZAP history
AuthenticationHelper.addAuthMessageToHistory(secondMsg);
// Build the URL to redirect to.
var redirectURL =
baseURL + secondMsg.getResponseHeader().getHeader("Location");
// Build message.
var thirdRequestURI = new URI(redirectURL, false);
var thirdRequestMethod = HttpRequestHeader.GET;
var thirdRequestMainHeader = new HttpRequestHeader(
thirdRequestMethod,
thirdRequestURI,
HttpHeader.HTTP11
);
var thirdMsg = helper.prepareMessage();
thirdMsg.setRequestHeader(thirdRequestMainHeader);
// Send message.
helper.sendAndReceive(thirdMsg, false);
return thirdMsg;
} else {
return secondMsg;
}
}
function getRequiredParamsNames() {
return ["Target URL", "Username field", "Password field"];
}
function getOptionalParamsNames() {
return ["Extra POST data"];
}
function getCredentialsParamsNames() {
return ["Username", "Password"];
}