Created
October 9, 2020 11:59
-
-
Save hazcod/a3958bb87ebbd2c4a01a32d41180776b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function sendingRequest(origMsg, initiator, helper) | |
{ | |
// skip if it isn't for the API scope | |
if (! origMsg.getRequestHeader().getHostName().contains("mywebapi")) { return; } | |
var httpRequestHeader = origMsg.cloneAll().getRequestHeader(); | |
// add the Accept header if not exists | |
if (origMsg.getRequestHeader().getHeader("Accept") == null) | |
{ | |
httpRequestHeader.setHeader('Accept', 'bar'); | |
} | |
// inject single use authentication token | |
if (origMsg.getRequestHeader().getHeader("Authorization") == null) | |
{ | |
// Make sure any Java classes used explicitly are imported | |
var HttpRequestHeader = Java.type("org.parosproxy.paros.network.HttpRequestHeader") | |
var HttpHeader = Java.type("org.parosproxy.paros.network.HttpHeader") | |
var URI = Java.type("org.apache.commons.httpclient.URI") | |
var Cookie = Java.type("org.apache.commons.httpclient.Cookie") | |
// Prepare the login request details | |
var loginURL = 'https://example.com/login'; | |
var username = 'user'; | |
var password = 'password'; | |
if (username == "" || password == "") { | |
print("Error: missing credentials!"); | |
return; | |
} | |
var requestUri = new URI(loginURL + "?username=" + username + '&password=' + password, false); | |
var requestMethod = HttpRequestHeader.POST; | |
var requestHeader = new HttpRequestHeader(requestMethod, requestUri, HttpHeader.HTTP10); | |
requestHeader.setHeader('Accept', 'bar'); | |
print("Sending " + requestMethod + " request to " + requestUri + "\n"); | |
var msg = origMsg.cloneAll() | |
msg.setRequestHeader(requestHeader); | |
helper.getHttpSender().sendAndReceive(msg, false); | |
if (msg.getResponseHeader().getStatusCode() != 200) { | |
print("invalid response received: " + msg.getResponseBody().toString()); | |
return; | |
} | |
var jsonMsg = JSON.parse( msg.getResponseBody().toString() ); | |
if (! jsonMsg.data.token) { | |
print("Invalid json response: " + jsonMsg); | |
return; | |
} | |
var token = jsonMsg.data.token; | |
//print("token is: " + token); | |
httpRequestHeader.setHeader("Authorization", 'Bearer ' + token); | |
} | |
origMsg.setRequestHeader(httpRequestHeader); | |
} | |
function responseReceived(msg, initiator, helper) {} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment