From 84a99b66311ea0219fa7795db08412ba34ead8f7 Mon Sep 17 00:00:00 2001
From: Simon Bennetts <psiinon@gmail.com>
Date: Fri, 22 Nov 2019 15:31:04 +0000
Subject: [PATCH] Handle sites that fail when 'only in scope' switched on

Fixes #316

Signed-off-by: Simon Bennetts <psiinon@gmail.com>
---
 CHANGELOG.md                                  |  1 +
 .../hud/HttpUpgradeProxyListener.java         | 45 +++++++++++--------
 2 files changed, 28 insertions(+), 18 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 30265f9fb..11ec92719 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Fixed
  - Dialogue windows close properly when the Escape key is pressed [#71](https://github.com/zaproxy/zap-hud/issues/71)
+ - Sites upgraded to https fail if 'only in scope' switched on [#316](https://github.com/zaproxy/zap-hud/issues/316)
 
 ## [0.7.0] - 2019-10-07
 
diff --git a/src/main/java/org/zaproxy/zap/extension/hud/HttpUpgradeProxyListener.java b/src/main/java/org/zaproxy/zap/extension/hud/HttpUpgradeProxyListener.java
index cadab4f9a..ae49fe265 100644
--- a/src/main/java/org/zaproxy/zap/extension/hud/HttpUpgradeProxyListener.java
+++ b/src/main/java/org/zaproxy/zap/extension/hud/HttpUpgradeProxyListener.java
@@ -30,6 +30,7 @@
 import org.apache.log4j.Logger;
 import org.parosproxy.paros.core.proxy.OverrideMessageProxyListener;
 import org.parosproxy.paros.network.HttpHeader;
+import org.parosproxy.paros.network.HttpMalformedHeaderException;
 import org.parosproxy.paros.network.HttpMessage;
 import org.parosproxy.paros.network.HttpResponseHeader;
 import org.zaproxy.zap.ZAP;
@@ -55,32 +56,40 @@ public int getArrangeableListenerOrder() {
         return 0;
     }
 
+    private void redirectMessage(HttpMessage msg, String targetUrl)
+            throws HttpMalformedHeaderException {
+        msg.setResponseHeader(
+                HudAPI.getAllowFramingResponseHeader(
+                        "302 OK", "text/html; charset=UTF-8", 0, false));
+        msg.getResponseHeader().addHeader(HttpHeader.LOCATION, targetUrl);
+        // Don't strictly need the body
+        msg.setResponseBody("<html><body>Redirecting to " + targetUrl + "</body></html>");
+        msg.getResponseHeader().setContentLength(msg.getResponseBody().length());
+        LOG.debug("redirectMessage returning a 302 to " + targetUrl);
+    }
+
     @Override
     public boolean onHttpRequestSend(HttpMessage msg) {
         if (this.extHud.isHudEnabled()) {
-            if (this.extHud.getHudParam().isInScopeOnly() && !msg.isInScope()) {
-                return false;
-            }
             try {
+                URI uri = msg.getRequestHeader().getURI();
+                if (this.extHud.getHudParam().isInScopeOnly() && !msg.isInScope()) {
+                    if (this.extHud.isUpgradedHttpsDomain(uri)) {
+                        // 302 to the original http version..
+                        this.extHud.removeUpgradedHttpsDomain(uri);
+                        redirectMessage(
+                                msg, uri.toString().replaceFirst("(?i)https://", "http://"));
+                        return true;
+                    }
+                    return false;
+                }
                 if (!msg.getRequestHeader().isSecure()) {
                     // 302 to the https version..
-                    this.extHud.addUpgradedHttpsDomain(msg.getRequestHeader().getURI());
-                    msg.setResponseHeader(
-                            HudAPI.getAllowFramingResponseHeader(
-                                    "302 OK", "text/html; charset=UTF-8", 0, false));
-                    String url =
-                            msg.getRequestHeader()
-                                    .getURI()
-                                    .toString()
-                                    .replaceFirst("(?i)http://", "https://");
-                    msg.getResponseHeader().addHeader(HttpHeader.LOCATION, url);
-                    // Don't strictly need the body
-                    msg.setResponseBody("<html><body>Redirecting to " + url + "</body></html>");
-                    msg.getResponseHeader().setContentLength(msg.getResponseBody().length());
-                    LOG.debug("onHttpRequestSend returning a 302 to " + url);
+                    this.extHud.addUpgradedHttpsDomain(uri);
+                    redirectMessage(msg, uri.toString().replaceFirst("(?i)http://", "https://"));
                     return true;
                 } else {
-                    if (this.extHud.isUpgradedHttpsDomain(msg.getRequestHeader().getURI())) {
+                    if (this.extHud.isUpgradedHttpsDomain(uri)) {
                         // Switch to using the HTTP version in the background
                         msg.getRequestHeader().setSecure(false);
                     }