How to use zapClientAPI.callApi() in zaproxy to call a ZAP extension
248 views
Skip to first unread message
Prakhash Sivakumar
Sep 13, 2016, 10:12:10āÆAM9/13/16
to OWASP ZAP Developer Group
Hi all,
I'm trying to call a ZAP extension from zaproxy plugin as shown below, createJiraIssues is the method name,
zapClientAPI.callApi("XXX", "action", "createJiraIssues", map);
In the extension, I have created a class extending from ApiImplementor and it has the method call createJiraIssues.
What are the configurations I need to add inside my extension, then the zaproxy will be able to identify the API correctly and execute the operation. PS- I have developed a maven project and I have used artifacctId as the first parameter for zapClientAPI.callApi(), then I'm getting the below error 21359 [ZAP-ProxyThread-52] WARN org.zaproxy.zap.extension.api.API - ApiException while handling API request: No Implementor (no_implementor) at org.zaproxy.zap.extension.api.API.handleApiRequest(Unknown Source) at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown Source) at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source) at java.lang.Thread.run(Thread.java:745) No Implementor
Thanks
thc...@gmail.com
Sep 13, 2016, 10:27:01āÆAM9/13/16
to zaproxy...@googlegroups.com
Hi.
Is the ApiImplementor being added to the API? Something like:
https://github.com/zaproxy/zap-extensions/blob/e10ce3a39cd9a2e6835d2bab09d74a580a01c524/src/org/zaproxy/zap/extension/selenium/ExtensionSelenium.java#L115
The ApiImplementor must implement the "handleApiAction" to handle the
actions:
https://github.com/zaproxy/zap-extensions/blob/0c00d61750279f5f0a6a92994b6a929c5377ebf3/src/org/zaproxy/zap/extension/reveal/RevealAPI.java#L57
The "XXX" should be the value returned by your
ApiImplementor.getPrefix() method.
Best regards.
On 13/09/16 15:12, 'Prakhash Sivakumar' via OWASP ZAP Developer Group wrote:
> Hi all,
>
> I'm trying to call a ZAP extension from zaproxy plugin as shown below,
> createJiraIssues is the method name,
>
>
> zapClientAPI.callApi("XXX", "action", "createJiraIssues", map);
>
>
> In the extension, I have created a class extending from ApiImplementor
> and it has the method call createJiraIssues.
>
>
> What are the configurations I need to add inside my extension, then the
> zaproxy will be able to identify the API correctly and execute the
> operation. *PS- I have developed a maven project and I have used
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP Developer Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-devel...@googlegroups.com
> <mailto:zaproxy-devel...@googlegroups.com>.
> To view this discussion on the web, visit
> https://groups.google.com/d/msgid/zaproxy-develop/f36d6226-9120-4fba-bb02-0256a4dbaec6%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-develop/f36d6226-9120-4fba-bb02-0256a4dbaec6%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
Is the ApiImplementor being added to the API? Something like:
https://github.com/zaproxy/zap-extensions/blob/e10ce3a39cd9a2e6835d2bab09d74a580a01c524/src/org/zaproxy/zap/extension/selenium/ExtensionSelenium.java#L115
The ApiImplementor must implement the "handleApiAction" to handle the
actions:
https://github.com/zaproxy/zap-extensions/blob/0c00d61750279f5f0a6a92994b6a929c5377ebf3/src/org/zaproxy/zap/extension/reveal/RevealAPI.java#L57
The "XXX" should be the value returned by your
ApiImplementor.getPrefix() method.
Best regards.
On 13/09/16 15:12, 'Prakhash Sivakumar' via OWASP ZAP Developer Group wrote:
> Hi all,
>
> I'm trying to call a ZAP extension from zaproxy plugin as shown below,
> createJiraIssues is the method name,
>
>
> zapClientAPI.callApi("XXX", "action", "createJiraIssues", map);
>
>
> In the extension, I have created a class extending from ApiImplementor
> and it has the method call createJiraIssues.
>
>
> What are the configurations I need to add inside my extension, then the
> zaproxy will be able to identify the API correctly and execute the
> artifacctId as the first parameter for zapClientAPI.callApi(), then I'm
> getting the below error* 21359 [ZAP-ProxyThread-52] WARN
> org.zaproxy.zap.extension.api.API - ApiException while handling API
> request: No Implementor (no_implementor) at
> org.zaproxy.zap.extension.api.API.handleApiRequest(Unknown Source) at
> org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown Source)
> at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source) at
> java.lang.Thread.run(Thread.java:745) No Implementor
>
>
>
> Thanks
>
> --
> request: No Implementor (no_implementor) at
> org.zaproxy.zap.extension.api.API.handleApiRequest(Unknown Source) at
> org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown Source)
> at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source) at
> java.lang.Thread.run(Thread.java:745) No Implementor
>
>
>
> Thanks
>
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP Developer Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-devel...@googlegroups.com
> <mailto:zaproxy-devel...@googlegroups.com>.
> To view this discussion on the web, visit
> https://groups.google.com/d/msgid/zaproxy-develop/f36d6226-9120-4fba-bb02-0256a4dbaec6%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-develop/f36d6226-9120-4fba-bb02-0256a4dbaec6%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
psiinon
Sep 13, 2016, 10:32:21āÆAM9/13/16
to OWASP ZAP Developer Group
Is there any particular reason for calling the API?
You might be better off using reflection to find and call the relevant methods.
Its worth remembering that some users might turn off the API.
Cheers,
Simon
You might be better off using reflection to find and call the relevant methods.
Its worth remembering that some users might turn off the API.
Cheers,
Simon
Message has been deleted
Message has been deleted
Prakhash Sivakumar
Sep 14, 2016, 1:44:36āÆAM9/14/16
to OWASP ZAP Developer Group
Hi thc202,
Let's say I'm callingĀ
So here XXX will be the add-on name, right ?
zapClientAPI.callApi("XXX", "action", "setReveal", param);
What is the configuration I need to add in my extension, then zaproxy can identify the add on. I have followed the below scenario
https://github.com/h3xstream/burp-retire-js/blob/master/retirejs-zap-plugin/pom.xml#L46
and added the XXX as retirejs-alpha-2 ,is it correct way to do ?
I have added the mapping of the class where theĀ setRevealĀ exists in ZapAddon.xm file too.
<extension>org.zaproxy.zap.extension.zapwjiraplugin.JiraIssueCreatorExtension</extension>
Thanksthc...@gmail.com
Sep 14, 2016, 5:12:47āÆAM9/14/16
to zaproxy...@googlegroups.com
Hi.
> So here XXX will be the add-on name, right ?
In this case it is, but it might not be always it depends on what the
ApiImplementor returns as prefix.
For example calls of the callApi method you could check the generated
client API classes, in this case the reveal:
https://github.com/zaproxy/zap-api-java/blob/da8e7fd43be9e85686e4d9ecac1c16908f1e9af3/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Reveal.java#L59
The extension entries of the ZapAddOn.xml file are for classes extending
ExtensionAdaptor (if it is then you can add the ApiImplementor in the
hook method and the API endpoints should be available under the prefix
you defined).
Best regards.
> execute the operation. *PS- I have developed a maven project and
> <https://groups.google.com/d/msgid/zaproxy-develop/8b9ebc81-6d73-45b4-b170-8448ab2e9602%40googlegroups.com?utm_medium=email&utm_source=footer>.
> So here XXX will be the add-on name, right ?
ApiImplementor returns as prefix.
For example calls of the callApi method you could check the generated
client API classes, in this case the reveal:
https://github.com/zaproxy/zap-api-java/blob/da8e7fd43be9e85686e4d9ecac1c16908f1e9af3/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Reveal.java#L59
The extension entries of the ZapAddOn.xml file are for classes extending
ExtensionAdaptor (if it is then you can add the ApiImplementor in the
hook method and the API endpoints should be available under the prefix
you defined).
Best regards.
> I have used artifacctId as the first parameter for
> zapClientAPI.callApi(), then I'm getting the below error* 21359
> [ZAP-ProxyThread-52] WARN org.zaproxy.zap.extension.api.API -
> ApiException while handling API request: No Implementor
> (no_implementor) at
> org.zaproxy.zap.extension.api.API.handleApiRequest(Unknown
> Source) at
> org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown
> Source) at
> org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source)
> at java.lang.Thread.run(Thread.java:745) No Implementor
>
>
>
> Thanks
>
> ApiException while handling API request: No Implementor
> (no_implementor) at
> org.zaproxy.zap.extension.api.API.handleApiRequest(Unknown
> Source) at
> org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown
> Source) at
> org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source)
> at java.lang.Thread.run(Thread.java:745) No Implementor
>
>
>
> Thanks
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP Developer Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-devel...@googlegroups.com
> <mailto:zaproxy-devel...@googlegroups.com>.
> To view this discussion on the web, visit
> https://groups.google.com/d/msgid/zaproxy-develop/8b9ebc81-6d73-45b4-b170-8448ab2e9602%40googlegroups.com
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP Developer Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-devel...@googlegroups.com
> <mailto:zaproxy-devel...@googlegroups.com>.
> To view this discussion on the web, visit
> <https://groups.google.com/d/msgid/zaproxy-develop/8b9ebc81-6d73-45b4-b170-8448ab2e9602%40googlegroups.com?utm_medium=email&utm_source=footer>.
Message has been deleted
Prakhash Sivakumar
Sep 14, 2016, 6:03:28āÆAM9/14/16
to OWASP ZAP Developer Group
Hi thc202/simon,
I have added the extension in ZapAddOn.xml here
Here I have implemented the class ExtensionAdapter
This is the method which I'm trying to invoke through the API
I'm trying to call the API like below using this file name
zapClientAPI.callApi("zap-wso2-jira-plugin", "action", "createJiraIssues", map);
but when I'm trying to do this I'm getting the below error. Can you please help me to figure out, where I'm making the mistake
WARN org.zaproxy.zap.extension.api.API - ApiException while handling API request: No Implementor (no_implementor) at org.zaproxy.zap.extension.api.API.handleApiRequest(Unknown Source) at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown Source) at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source) at java.lang.Thread.run(Thread.java:745) No Implementor
thc...@gmail.com
Sep 14, 2016, 6:12:46āÆAM9/14/16
to zaproxy...@googlegroups.com
Hi.
The API prefix is defined as "zapwso2jiraplugin" [1], so you need to use
that when calling the API.
[1]
https://github.com/Prakhash/JiraIssuePlugin/blob/master/src/main/java/org/zaproxy/zap/extension/zapwso2jiraplugin/JiraIssueCreatorAPI.java#L46
Best regards.
> the operation. *PS- I have developed a maven project and I have used
> <https://groups.google.com/d/msgid/zaproxy-develop/cb65b7e1-0fe8-4883-85f2-5840433c8a3a%40googlegroups.com?utm_medium=email&utm_source=footer>.
The API prefix is defined as "zapwso2jiraplugin" [1], so you need to use
that when calling the API.
[1]
https://github.com/Prakhash/JiraIssuePlugin/blob/master/src/main/java/org/zaproxy/zap/extension/zapwso2jiraplugin/JiraIssueCreatorAPI.java#L46
Best regards.
> artifacctId as the first parameter for zapClientAPI.callApi(), then
> I'm getting the below error* 21359 [ZAP-ProxyThread-52] WARN
> org.zaproxy.zap.extension.api.API - ApiException while handling API
> request: No Implementor (no_implementor) at
> org.zaproxy.zap.extension.api.API.handleApiRequest(Unknown Source)
> at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown
> Source) at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown
> Source) at java.lang.Thread.run(Thread.java:745) No Implementor
>
>
>
> Thanks
>
> request: No Implementor (no_implementor) at
> org.zaproxy.zap.extension.api.API.handleApiRequest(Unknown Source)
> at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown
> Source) at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown
> Source) at java.lang.Thread.run(Thread.java:745) No Implementor
>
>
>
> Thanks
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP Developer Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-devel...@googlegroups.com
> <mailto:zaproxy-devel...@googlegroups.com>.
> To view this discussion on the web, visit
> https://groups.google.com/d/msgid/zaproxy-develop/cb65b7e1-0fe8-4883-85f2-5840433c8a3a%40googlegroups.com
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP Developer Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-devel...@googlegroups.com
> <mailto:zaproxy-devel...@googlegroups.com>.
> To view this discussion on the web, visit
> <https://groups.google.com/d/msgid/zaproxy-develop/cb65b7e1-0fe8-4883-85f2-5840433c8a3a%40googlegroups.com?utm_medium=email&utm_source=footer>.
Reply all
Reply to author
Forward
Message has been deleted
Message has been deleted
Message has been deleted
Message has been deleted
0 new messages