ZAP API history
224 views
Skip to first unread message
Javi D R
Sep 19, 2017, 4:34:11 AM9/19/17
to OWASP ZAP User Group
Hi
Question about the history. I can retrieve the urls, sites, etc, but... can i retrieve the requests itself?
Moreover, i want to be able to retrieve the GET and POST requests. I have tried to use session methods in the python API (zap.session.get) but it says that 'ZAPv2' object has no attribute 'session'
The bottom line for this is to create a python script that reads all the requests sent in a navigation and calls sqlmap for each of the requests
Not sure if this has already been built by somebody, if so, please, let me know
Thanks
Simon Bennetts
Sep 19, 2017, 4:45:56 AM9/19/17
to OWASP ZAP User Group
Yes, you can retrieve the requests and responses via the core 'message' and 'messages' endpoints: https://github.com/zaproxy/zaproxy/wiki/ApiGen_core
Cheers,
Simon
Cheers,
Simon
Javi D R
Sep 20, 2017, 4:27:23 AM9/20/17
to OWASP ZAP User Group
Perfect. Thanks!
Last question on this topic. Is there any service that splits what is a resource/page and what is a folder?
It is, if i have in my history www.test.com
It is, if i have in my history www.test.com
Inside www.test.com/css, i have test.com/css/main.css
Is there a service in the ZAP API that returns only the folders?
If not, it would be a good improvement, isnt it?
thanks
thanks
thc...@gmail.com
Sep 20, 2017, 5:53:39 AM9/20/17
to zaprox...@googlegroups.com
Hi.
There's no endpoint that does that, but one could use 'urls' core
endpoint and "manually" check the paths?
Best regards.
There's no endpoint that does that, but one could use 'urls' core
endpoint and "manually" check the paths?
Best regards.
Javi D R
Sep 20, 2017, 5:57:15 AM9/20/17
to zaprox...@googlegroups.com
Yes, I have used a regexp to do it. If you think it would worth to add it to the api let me know and I will share it. Its just 3 lines of code ;)
--
You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/1XPQTdV6sVE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/75d23788-8bb4-4633-8386-f16d87e75d85%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
kingthorin+owaspzap
Sep 20, 2017, 7:49:27 PM9/20/17
to OWASP ZAP User Group
I believe these things are always worth sharing. Go for it!
Javi D R
Sep 21, 2017, 5:18:15 AM9/21/17
to OWASP ZAP User Group
It is just getting into messages and splitting by "/"
def addFolders(self):
for i in range (0,len(self.urls)):
a="/".join(self.urls[i].split("/")[:-1])
if a not in self.folders:
self.folders.append(a)
Reply all
Reply to author
Forward
0 new messages