[英]How do I tell org.apache.http.impl.client.DefaultHttpClient to use the OWASP Zed Attack Proxy (ZAP)
我有一个正在运行的REST服务,现在我想使用OWASP ZAP代理进行自动测试。 为HTTPS配置DefaultHttpCient如下:
public DefaultHttpClient getSSLClient(final String user, final String pwd)
throws KeyManagementException, UnrecoverableKeyException,
NoSuchAlgorithmException, KeyStoreException {
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, new TrustManager[] { new CustomX509TrustManager() },
null);
HttpClient client = new DefaultHttpClient();
SSLSocketFactory ssf = new CustomSSLSocketFactory(ctx, hostVerifier);
ClientConnectionManager ccm = client.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", port, ssf));
DefaultHttpClient sslClient = new DefaultHttpClient(ccm,
client.getParams());
sslClient.getCredentialsProvider().setCredentials(
new AuthScope(host, port),
new UsernamePasswordCredentials(user, pwd));
/*
* Those two lines are new and should force the client to use the ZAP proxy!
*/
HttpHost proxy = new HttpHost("192.168.2.100", 8444, "https");
sslClient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxy);
return sslClient;
}
和TrustManager:
public class CustomX509TrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] certs,
String authType) throws CertificateException {
/*
* Don't validate server's certificate. There is no need for.
*/
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}
以及ZAP的代理配置:
通过使用Web浏览器,代理可以正常工作,但是JUnit测试用例给出了以下错误:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:437)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:643)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
at org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.execute(ApacheHttpClient4Executor.java:109)
at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:39)
at org.jboss.resteasy.plugins.interceptors.encoding.AcceptEncodingGZIPInterceptor.execute(AcceptEncodingGZIPInterceptor.java:40)
at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45)
at org.jboss.resteasy.client.ClientRequest.execute(ClientRequest.java:443)
at org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:674)
at org.jboss.resteasy.client.ClientRequest.post(ClientRequest.java:565)
at org.jboss.resteasy.client.ClientRequest.post(ClientRequest.java:570)
at at.fhj.ase.business.ServiceAddressImplTest.a100_insertAddressTest(ServiceAddressImplTest.java:70)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.rules.ExpectedException$ExpectedExceptionStatement.evaluate(ExpectedException.java:168)
at org.junit.rules.RunRules.evaluate(RunRules.java:20)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)
似乎该请求从未到达服务器,因为没有请求被记录。
我更新了主机,该主机应将getSSLClient(...)方法中的凭据从localhost应用到192.168.2.100 ,现在可以使用了。
public DefaultHttpClient getSSLClient(final String user, final String pwd)
throws KeyManagementException, UnrecoverableKeyException,
NoSuchAlgorithmException, KeyStoreException {
...
sslClient.getCredentialsProvider().setCredentials(
new AuthScope("192.168.2.100", port),
new UsernamePasswordCredentials(user, pwd));
...
}
配置org.apache.http.impl.client.DefaultHttpClient使用默认的Authenticator
[英]Configuring org.apache.http.impl.client.DefaultHttpClient to use the default Authenticator
org.apache.http.impl.client.CloseableHttpClient代理验证
[英]org.apache.http.impl.client.CloseableHttpClient Proxy Authentication
具有PHP,MySQL的Android登录注册系统,错误为“ java.lang.NoSuchMethodError:org.apache.http.impl.client.DefaultHttpClient.execute”
[英]Android Login Registration System with PHP, MySQL with error 'java.lang.NoSuchMethodError: org.apache.http.impl.client.DefaultHttpClient.execute'
使用org.apache.http.impl.client.ProxyClient通过代理隧道访问HTTPS Web服务
[英]Accessing HTTPS web services through proxy tunnel using org.apache.http.impl.client.ProxyClient
如何使用 Chrome webdriver 和 java 启动 OWASP ZAP 代理?
[英]How to start OWASP ZAP proxy with Chrome webdriver and java?
如何在Jersey和Apache Http客户端上使用代理身份验证?
[英]How to use Proxy authentication with Jersey and Apache Http client?
如何配置async apache http client 5使用SOCKS代理?
[英]How to configure async apache http client 5 to use SOCKS proxy?
org.apache.http.client-4.3.6:java.lang.NoClassDefFoundError:org.apache.http.impl.conn.PoolingHttpClientConnectionManager
[英]org.apache.http.client-4.3.6: java.lang.NoClassDefFoundError: org.apache.http.impl.conn.PoolingHttpClientConnectionManager
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.