Using HttpSender script with apiscan in docker

[youness megane]

Hello everyone

I am willing to use an HttpSender script along the apiscan in docker here is my situation:

I have recorded a zest script from wich I retrieve 3 headers in 3 global variables.

I also wrote a httpsender.js script wich will add those 3 headers to every request send to the api.

Everything works perfectly in the UI.

Now I wanted to use those two scripts with zap-api-scan.py in docker image?

how can I run and enable httpsender.js

and how can I run th zest script to get credentials.

by the way the zest script is a loop that runs every 10min since the tokens in the headers change every 15mins or so.

also I already have the files in the docker container no problem with that 

I only need to know how to run those two scripts so that the the zest script and zap-api-scan.py will be subjected to the httpsender

Please I'm really in need of an answer

[thc...@gmail.com]

Hi.

You can use scan hooks to call the ZAP API, to add and run the scripts.

https://www.zaproxy.org/docs/docker/scan-hooks/
https://www.zaproxy.org/docs/api/#zap-api-script
https://github.com/zaproxy/zap-api-python/blob/fbc0fa235dde329485655e3afd902691ef620199/src/examples/zap_example_api_script.py

Best regards.

[youness megane]

the attribute run is not defined do u have an idea what attribute to use not to enable but to run this is my hook 'example' def zap_started(zap, target):
	zap.script.load('script.zst', 'authentication', 'Mozilla Zest', '/zap/wrk/script.zst')
	zap.script.run('script.zst')

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/8f6fffcb-baba-cde8-3a77-9c5af0b4deca%40gmail.com.

[youness megane]

thank u for your help

Le lun. 19 sept. 2022 à 10:47, <thc...@gmail.com> a écrit :

[youness megane]

another thing that might help is to know how to run a script uzing zap-cli or how to run it on the current opened session

[kingthorin+owaspzap]

You'd have to followup with the maintainers of zap-cli, it isn't the core team.

[youness megane]

what about running it from the hook? is there a way what attribute should I use zap.script.what?

or running the script from the cmd line but associating it to the current running zapsession

You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/PydcNKP4qXY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/5daaf3b4-376a-4618-86e2-fcd53045bcacn%40googlegroups.com.

[thc...@gmail.com]

The linked resources show that.

You can load/enable scripts with:
https://github.com/zaproxy/zap-api-python/blob/fbc0fa235dde329485655e3afd902691ef620199/src/examples/zap_example_api_script.py#L251-L258

Adjusting for the script types you need.

To run a standalone call:
zap.script.run_stand_alone_script("name of the script")

https://www.zaproxy.org/docs/api/#scriptactionrunstandalonescript


Best regards.

>> <https://groups.google.com/d/msgid/zaproxy-users/5daaf3b4-376a-4618-86e2-fcd53045bcacn%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>