Change user-agent for each request??
1,751 views
Skip to first unread message
tzoun
Nov 24, 2013, 12:35:46 PM11/24/13
to zaprox...@googlegroups.com
Hi guyz!!!
I am testing a forum and my problem is that I can not run multiple requests at the same time ( 30 sec have to wait if I send 5 or more at the same time ).
This happens based on your user-agent, so I try to figure out if it is possible change my user-agent automatically every 3 requests for example. I have a list
with many user agents and i want to pass through them.
I try to make it with a script in ZAP but I don't think that I can make it to read my list.
Another solution besides the list is to have a user agent and add a number at the end of it, maybe it will work too...
Anyway every help is appreciated!!!
Thank you all :D
thc202
Nov 24, 2013, 9:16:53 PM11/24/13
to zaprox...@googlegroups.com
Hi.
An example script that loads the user-agent strings from a file and changes the "User-Agent" request header field of the messages sent by ZAP:
Steps to add the script to ZAP:
1. Run ZAP (with "Script Console" add-on installed);
2. Select the "Scripts" tab and press the "New Script..." button;
3. Choose a name for the script, select the type "Stand Alone", select the script engine "ECMAScript : Rhino" and press "OK" (if you need to use the script several times you might want to select the option "Load on start" and use the same ZAP session);
4. Paste the above example script to the "Script Console" text area, change the path to the file that contains the user-agent strings and press the "Run script" button;
5. It should output something like this (using the file "UserAgents.fuzz.txt" bundled with "Fuzzdb files" add-on):
Tested with:
ZAP version 2.2.2;
"Script Console" add-on version 9.
Best regards.
An example script that loads the user-agent strings from a file and changes the "User-Agent" request header field of the messages sent by ZAP:
// Loads user-agent strings, separated by end-of-line character(s), from a file
function loadUserAgents(filePath) {
var reader = new java.io.BufferedReader(new java.io.FileReader(filePath));
var userAgents = new java.util.ArrayList();
var userAgent = null;
while((userAgent = reader.readLine()) != null) {
userAgents.add(userAgent);
}
reader.close();
return userAgents;
}
var ZAP = JavaImporter(org.parosproxy.paros.network, org.zaproxy.zap.network);
with (ZAP) {
var userAgents = loadUserAgents("/path/to/file/with/user-agent/strings");
println("Read " + userAgents.size() + " user-agents.");
if (userAgents.size() < 2) {
println("Listener not added, expected at least 2 user-agents.");
} else {
println("Adding listener responsible for changing the user-agent...");
HttpSender.addListener(new HttpSenderListener() {
userAgentIdx:0,
numberRequests:0,
getUserAgent: sync(function() {
// Change user-agent after 3 messages sent.
if (this.numberRequests >= 3) {
this.numberRequests = 1;
++this.userAgentIdx;
if (this.userAgentIdx >= userAgents.size()) {
this.userAgentIdx = 0;
}
} else {
++this.numberRequests;
}
return userAgents.get(this.userAgentIdx);
}),
onHttpRequestSend: function(msg, initiator) {
// The user-agent is changed on all the messages sent by ZAP (proxied, active scanner, fuzzer...)
msg.getRequestHeader().setHeader(HttpHeader.USER_AGENT, this.getUserAgent());
// You can use the variable "initiator" to only change the messages sent by specific ZAP extensions.
// For what values it can have see the *_INITIATOR constants:
// https://code.google.com/p/zaproxy/source/browse/trunk/src/org/parosproxy/paros/network/HttpSender.java#75
// Example:
// if (initiator == 3) { // Change only spider messages
// msg.getRequestHeader().setHeader(HttpHeader.USER_AGENT, this.getUserAgent());
// }
},
onHttpResponseReceive: function(msg, initiator) {
},
getListenerOrder: function() {
return 200;
}
});
println("Listener added.");
}
}
Steps to add the script to ZAP:
1. Run ZAP (with "Script Console" add-on installed);
2. Select the "Scripts" tab and press the "New Script..." button;
3. Choose a name for the script, select the type "Stand Alone", select the script engine "ECMAScript : Rhino" and press "OK" (if you need to use the script several times you might want to select the option "Load on start" and use the same ZAP session);
4. Paste the above example script to the "Script Console" text area, change the path to the file that contains the user-agent strings and press the "Run script" button;
5. It should output something like this (using the file "UserAgents.fuzz.txt" bundled with "Fuzzdb files" add-on):
Read 2463 user-agents.6. New requests sent by ZAP will have the "User-Agent" request header field changed.
Adding listener responsible for changing the user-agent...
Listener added.
Tested with:
ZAP version 2.2.2;
"Script Console" add-on version 9.
Best regards.
Simon Bennetts
Nov 25, 2013, 3:49:04 AM11/25/13
to zaprox...@googlegroups.com
Very nice!
I was going to say scripting would be the way to go.
We should include this in the templates - its a great example of the sort of things that can be achieved!
Simon
I was going to say scripting would be the way to go.
We should include this in the templates - its a great example of the sort of things that can be achieved!
Simon
Message has been deleted
tzoun
Nov 25, 2013, 11:39:15 AM11/25/13
to zaprox...@googlegroups.com
Thank you Simon for the answer !!!!
tzoun
Nov 25, 2013, 11:56:26 AM11/25/13
to zaprox...@googlegroups.com
Thank you very much thc202 you rock !!!!!!!!!!!!!!!!!!!!!!!
I am from Greece if you ever come here we can go for a coffee !!
<3 <3 <3 <3
Freddie Ventura
Oct 15, 2024, 9:50:53 AM10/15/24
to ZAP User Group
Hi guys,
Thanks for the resource and the effort.
I am trying to use the above resource, but I believe ECMA Script: Rhino is no longer supported by ZAPROXY.
Without me having much knowledge yet on how it works all of this. Is there any translation of the above code to Graal? or any other script that may do the same functionality in ZAP?
Thank you!!
Thanks for the resource and the effort.
I am trying to use the above resource, but I believe ECMA Script: Rhino is no longer supported by ZAPROXY.
Without me having much knowledge yet on how it works all of this. Is there any translation of the above code to Graal? or any other script that may do the same functionality in ZAP?
Thank you!!
Simon Bennetts
Oct 17, 2024, 6:39:51 AM10/17/24
to ZAP User Group
Hi Freddie,
Well, that was from 2013 so its not too surprising ;)
However I dont think it will require many changes.
Try changing all of the "println"s to just "print".
Does that help?
Any more errors once you've done that?
Cheers,
Simon
Freddie Ventura
Oct 22, 2024, 4:02:07 AM10/22/24
to zaprox...@googlegroups.com
Hi Simon,
Thanks for your help.--
ZAP by Checkmarx: https://www.zaproxy.org/
---
You received this message because you are subscribed to a topic in the Google Groups "ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/kQQOcKk4ca4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/901ee9e1-aa5e-4d0e-b8a8-75157b8eff52n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages