最近遇到个事情,需要给ZAProxy编写请求处理的插件,以便于支持对加密请求扫描的功能。和之前写过的BurpSuite插件类似,ZAProxy也需要实现两个接口来完成,分别是HttpSenderListener和ProxyListener。HttpSenderListener用于处理面向Server的数据,ProxyListener处理代理的数据。相比之下,ZAProxy的接口要比BurpSuite清晰一些:
@Slf4j
public class Demo implements HttpSenderListener, ProxyListener {
@Override
public void onHttpRequestSend(HttpMessage msg, int initiator, HttpSender sender) {
// requestOut
}
@Override
public void onHttpResponseReceive(HttpMessage msg, int initiator, HttpSender sender) {
// responseIn
}
@Override
public boolean onHttpRequestSend(HttpMessage msg) {
// requestIn
}
@Override
public boolean onHttpResponseReceive(HttpMessage msg) {
// responseOut
}
}
此外,还需要在hook回调中完成注册:
@Override
public void hook(ExtensionHook extensionHook) {
super.hook(extensionHook);
if (getView() != null) {
extensionHook.addProxyListener(this);
extensionHook.addHttpSenderListener(this);
}
}