Hi Simon,
Thanks for your reply. :)
there are few things listed below.
I don't know how to use tomcat, I learnt it because of you,Same way to use ANT / Maven also I am learning. Probably that will hep me to follow the exactly steps to get to the build.xml file which u shared.
What I did was I downloaded the tomcat, bodgetit.war and ZAP-API.zip
in the ..apache-tomcat-8.0.11\webapps\ROOT I unzipped the contents of the bodgetit.war
in the ..\apache-tomcat-8.0.11\webapps\ROOT\WEB-INF\lib I placed all the jar's of ZAP-API.zip
Then I changed the port number for tomcat server.xml to 6060.
Next I started the ZAP in Command line, the command I gave was
$>zap.bat -daemon -newsession D:\session_ZAP\
next I checked if the session is created, in that particular location,It was created,
but in the command line I was getting this error,
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1.Please let me know how to fix this, this exception was displayed several times and then new session was started.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[ZAP-daemon] ERROR org.zaproxy.zap.control.AddOnLoader - error in opening zip file
.util.zip.ZipException: error in opening zip file
at java.util.zip.ZipFile.open(Native Method)
at java.util.zip.ZipFile.<init>(Unknown Source)
at java.util.zip.ZipFile.<init>(Unknown Source)
at java.util.jar.JarFile.<init>(Unknown Source)
at java.util.jar.JarFile.<init>(Unknown Source)
at org.zaproxy.zap.control.AddOnLoader.getJarClassNames(Unknown Source)
at org.zaproxy.zap.control.AddOnLoader.getClassNames(Unknown Source)
at org.zaproxy.zap.control.AddOnLoader.getImplementors(Unknown Source)
at org.zaproxy.zap.control.AddOnLoader.getImplementors(Unknown Source)
at org.zaproxy.zap.extension.authentication.ExtensionAuthentication.loadAuthenticationMethodTypes(Unknown Source)
at org.zaproxy.zap.extension.authentication.ExtensionAuthentication.hook(Unknown Source)
at org.parosproxy.paros.extension.ExtensionLoader.hookAllExtension(Unknown Source)
at org.parosproxy.paros.extension.ExtensionLoader.startLifeCycle(Unknown Source)
at org.parosproxy.paros.control.AbstractControl.loadExtension(Unknown Source)
at org.parosproxy.paros.control.Control.init(Unknown Source)
at org.parosproxy.paros.control.Control.initSingletonWithoutView(Unknown Source)
at org.zaproxy.zap.ZAP$2.run(Unknown Source)
-------------------------------------------------------------------------------
2.Command for saving the session I would like to know
--------------------------------------------------------------------------------
Next the command which I used was
I got the report as well.
I am happy with this output which I got with your help. :-)
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
3.Next step is could you please let me know the following:
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
a. Command to be used to scan with the authentication,
b .Command to fuzz a part of the request (Like how we do in ZAP UI)
c. Command to Attack a Tree/Sub-Tree (I don't know How to find the tree and sub-tree by just seeing the session.log, that also I need your guidance)
Thanks and Regards
Jailaxmi