package org.owasp.webscarab.plugin.fuzz;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.logging.Logger;
import org.owasp.webscarab.httpclient.ConversationHandler;
import org.owasp.webscarab.httpclient.FetcherQueue;
import org.owasp.webscarab.model.ConversationID;
import org.owasp.webscarab.model.HttpUrl;
import org.owasp.webscarab.model.NamedValue;
import org.owasp.webscarab.model.Preferences;
import org.owasp.webscarab.model.Request;
import org.owasp.webscarab.model.Response;
import org.owasp.webscarab.model.StoreException;
import org.owasp.webscarab.plugin.Framework;
import org.owasp.webscarab.plugin.Hook;
import org.owasp.webscarab.plugin.Plugin;
import org.owasp.webscarab.util.Encoding;

/* loaded from: input_file:main/main.jar:org/owasp/webscarab/plugin/fuzz/Fuzzer.class */
public class Fuzzer implements Plugin, ConversationHandler {
    private FuzzerModel _model;
    private Framework _framework;
    private FetcherQueue _fetcherQueue;
    private FuzzFactory _fuzzFactory = new FuzzFactory();
    private int _threads = 4;
    private Logger _logger = Logger.getLogger(getClass().getName());

    public Fuzzer(Framework framework) {
        this._model = null;
        this._framework = null;
        this._fetcherQueue = null;
        this._framework = framework;
        this._model = new FuzzerModel(this._framework.getModel());
        loadFuzzStrings();
        this._fetcherQueue = new FetcherQueue("Fuzzer", this, this._threads, 0);
    }

    private void loadFuzzStrings() {
        int i = 0;
        while (true) {
            String preference = Preferences.getPreference("Fuzz." + i + ".description");
            if (preference == null) {
                return;
            }
            String preference2 = Preferences.getPreference("Fuzz." + i + ".location");
            if (preference2 != null && !preference.equals("")) {
                try {
                    this._fuzzFactory.loadFuzzStrings(preference, new URL(preference2).openStream());
                } catch (IOException e) {
                    this._logger.warning("Error loading \"" + preference + "\" from " + preference2 + " : " + e.getMessage());
                }
            }
            i++;
        }
    }

    public FuzzFactory getFuzzFactory() {
        return this._fuzzFactory;
    }

    public FuzzerModel getModel() {
        return this._model;
    }

    @Override // org.owasp.webscarab.plugin.Plugin
    public String getPluginName() {
        return new String("Fuzzer");
    }

    @Override // org.owasp.webscarab.plugin.Plugin, java.lang.Runnable
    public void run() {
        this._model.setStatus("Started");
        this._model.setStopping(false);
        this._model.setRunning(true);
        while (!this._model.isStopping()) {
            if (!queueRequests()) {
                try {
                    Thread.sleep(100L);
                } catch (InterruptedException e) {
                }
            }
        }
        this._fetcherQueue.clearRequestQueue();
        this._model.setRunning(false);
        this._model.setStatus("Stopped");
    }

    public void startFuzzing() {
        if (this._model.getFuzzParameterCount() <= 0 || this._model.getFuzzUrl() == null) {
            this._logger.warning("Can't fuzz if there are no parameters or URL");
        } else {
            this._model.setBusyFuzzing(true);
        }
    }

    private Request constructCurrentFuzzRequest() throws MalformedURLException {
        Request request = new Request();
        request.setMethod(this._model.getFuzzMethod());
        request.setVersion(this._model.getFuzzVersion());
        int fuzzHeaderCount = this._model.getFuzzHeaderCount();
        for (int i = 0; i < fuzzHeaderCount; i++) {
            request.addHeader(this._model.getFuzzHeader(i));
        }
        String str = this._model.getFuzzUrl().toString();
        String str2 = null;
        String str3 = null;
        String str4 = null;
        String str5 = null;
        ByteArrayOutputStream byteArrayOutputStream = null;
        int fuzzParameterCount = this._model.getFuzzParameterCount();
        for (int i2 = 0; i2 < fuzzParameterCount; i2++) {
            Parameter fuzzParameter = this._model.getFuzzParameter(i2);
            Object fuzzParameterValue = this._model.getFuzzParameterValue(i2);
            String location = fuzzParameter.getLocation();
            if (location.equals(Parameter.LOCATION_PATH)) {
                str2 = str2 == null ? (String) fuzzParameterValue : str2 + "/" + (fuzzParameterValue == null ? "" : (String) fuzzParameterValue);
            } else if (location.equals(Parameter.LOCATION_FRAGMENT)) {
                String name = fuzzParameter.getName();
                String str6 = name == null ? (String) fuzzParameterValue : fuzzParameterValue == null ? name + "=" + Encoding.urlEncode((String) fuzzParameterValue) : null;
                if (str3 == null) {
                    str3 = str6;
                } else if (str6 != null) {
                    str3 = str3 + "&" + str6;
                }
            } else if (location.equals(Parameter.LOCATION_QUERY)) {
                String str7 = fuzzParameter.getName() + "=" + Encoding.urlEncode((String) fuzzParameterValue);
                str4 = str4 == null ? str7 : str4 + "&" + str7;
            } else if (location.equals(Parameter.LOCATION_COOKIE)) {
                String str8 = fuzzParameter.getName() + "=" + ((String) fuzzParameterValue);
                str5 = str5 == null ? str8 : str5 + "; " + str8;
            } else if (location.equals(Parameter.LOCATION_BODY)) {
                String str9 = fuzzParameter.getName() + "=" + Encoding.urlEncode((String) fuzzParameterValue);
                if (byteArrayOutputStream == null) {
                    byteArrayOutputStream = new ByteArrayOutputStream();
                    try {
                        byteArrayOutputStream.write(str9.getBytes());
                    } catch (IOException e) {
                    }
                } else {
                    try {
                        byteArrayOutputStream.write(("&" + str9).getBytes());
                    } catch (IOException e2) {
                    }
                }
            } else {
                this._logger.severe("Skipping unknown parameter location " + location);
            }
        }
        if (str2 != null) {
            str = str + "/" + str2;
        }
        if (str3 != null) {
            str = str + ";" + str3;
        }
        if (str4 != null) {
            str = str + "?" + str4;
        }
        request.setURL(new HttpUrl(str));
        if (str5 != null) {
            request.addHeader(Parameter.LOCATION_COOKIE, str5);
        }
        if (byteArrayOutputStream != null) {
            request.setHeader("Content-Length", Integer.toString(byteArrayOutputStream.size()));
            request.setContent(byteArrayOutputStream.toByteArray());
        } else if (request.getMethod().equals("POST")) {
            request.setHeader("Content-Length", "0");
        }
        return request;
    }

    public void pauseFuzzing() {
        this._model.setBusyFuzzing(false);
    }

    public void stopFuzzing() {
        this._model.setBusyFuzzing(false);
    }

    private boolean queueRequests() {
        if (!this._model.isBusyFuzzing() || this._fetcherQueue.getRequestsQueued() >= this._threads) {
            return false;
        }
        try {
            this._fetcherQueue.submit(constructCurrentFuzzRequest());
            if (!this._model.incrementFuzzer()) {
                this._model.setBusyFuzzing(false);
            }
            return true;
        } catch (Exception e) {
            this._model.setBusyFuzzing(false);
            e.printStackTrace();
            return false;
        }
    }

    @Override // org.owasp.webscarab.httpclient.ConversationHandler
    public void requestError(Request request, IOException iOException) {
        this._logger.warning("Caught exception : " + iOException.getMessage());
        this._model.setBusyFuzzing(false);
    }

    @Override // org.owasp.webscarab.httpclient.ConversationHandler
    public void responseReceived(Response response) {
        if (response.getStatus().equals("400")) {
            this._logger.warning("Bad request");
            this._model.setBusyFuzzing(false);
            return;
        }
        Request request = response.getRequest();
        if (request == null) {
            this._logger.warning("Got a null request from the response!");
        } else {
            this._model.addConversation(this._framework.addConversation(request, response, "Fuzzer"));
        }
    }

    @Override // org.owasp.webscarab.plugin.Plugin
    public boolean stop() {
        this._model.setStatus("Stopped");
        this._model.setRunning(false);
        return !this._model.isRunning();
    }

    @Override // org.owasp.webscarab.plugin.Plugin
    public void setSession(String str, Object obj, String str2) throws StoreException {
    }

    @Override // org.owasp.webscarab.plugin.Plugin
    public void flush() throws StoreException {
    }

    @Override // org.owasp.webscarab.plugin.Plugin
    public boolean isBusy() {
        return this._model.isBusy();
    }

    @Override // org.owasp.webscarab.plugin.Plugin
    public boolean isRunning() {
        return this._model.isRunning();
    }

    @Override // org.owasp.webscarab.plugin.Plugin
    public String getStatus() {
        return this._model.getStatus();
    }

    @Override // org.owasp.webscarab.plugin.Plugin
    public boolean isModified() {
        return this._model.isModified();
    }

    @Override // org.owasp.webscarab.plugin.Plugin
    public void analyse(ConversationID conversationID, Request request, Response response, String str) {
        Signature signature = new Signature(request);
        this._model.addSignature(signature);
        if (response.getStatus().equals("304")) {
            return;
        }
        byte[] content = response.getContent();
        if (content == null) {
            content = new byte[0];
        }
        this._model.addChecksum(signature.getUrl(), Encoding.hashMD5(content));
    }

    public void loadTemplateFromConversation(ConversationID conversationID) {
        if (this._model.isBusyFuzzing()) {
            stopFuzzing();
        }
        Request request = this._framework.getModel().getRequest(conversationID);
        HttpUrl url = request.getURL();
        if (url.getParameters() != null) {
            url = url.getParentUrl();
        }
        this._model.setFuzzMethod(request.getMethod());
        this._model.setFuzzUrl(url.toString());
        this._model.setFuzzVersion(request.getVersion());
        while (this._model.getFuzzHeaderCount() > 0) {
            this._model.removeFuzzHeader(0);
        }
        while (this._model.getFuzzParameterCount() > 0) {
            this._model.removeFuzzParameter(0);
        }
        NamedValue[] headers = request.getHeaders();
        if (headers != null) {
            for (int i = 0; i < headers.length; i++) {
                if (!headers[i].getName().equals(Parameter.LOCATION_COOKIE)) {
                    this._model.addFuzzHeader(this._model.getFuzzHeaderCount(), headers[i]);
                }
            }
        }
        Parameter[] parameters = Parameter.getParameters(request);
        for (int i2 = 0; i2 < parameters.length; i2++) {
            this._model.addFuzzParameter(i2, parameters[i2], null, 0);
        }
    }

    @Override // org.owasp.webscarab.plugin.Plugin
    public Object getScriptableObject() {
        return null;
    }

    @Override // org.owasp.webscarab.plugin.Plugin
    public Hook[] getScriptingHooks() {
        return new Hook[0];
    }
}
