标签归档:ZAProxy

编写ZAProxy请求处理(加密、解密)插件

最近遇到个事情,需要给ZAProxy编写请求处理的插件,以便于支持对加密请求扫描的功能。和之前写过的BurpSuite插件类似,ZAProxy也需要实现两个接口来完成,分别是HttpSenderListener和ProxyListener。HttpSenderListener用于处理面向Server的数据,ProxyListener处理代理的数据。相比之下,ZAProxy的接口要比BurpSuite清晰一些:

@Slf4j
public class Demo implements HttpSenderListener, ProxyListener {
  @Override
  public void onHttpRequestSend(HttpMessage msg, int initiator, HttpSender sender) {
    // requestOut
  }

  @Override
  public void onHttpResponseReceive(HttpMessage msg, int initiator, HttpSender sender) {
    // responseIn
  }

  @Override
  public boolean onHttpRequestSend(HttpMessage msg) {
    // requestIn
  }

   @Override
  public boolean onHttpResponseReceive(HttpMessage msg) {
    // responseOut
  }
}

此外,还需要在hook回调中完成注册:

  @Override
  public void hook(ExtensionHook extensionHook) {
    super.hook(extensionHook);

    if (getView() != null) {
      extensionHook.addProxyListener(this);
      extensionHook.addHttpSenderListener(this);
    }
  }