need recursive grep function in Fuzzer

[samcker dodi]

Hello ZAP proxy dev team 

could you please add function to ZAP Fuzzer in the type of payload with recursive grep type that allow ZAP to parsing the response for specific value and use it in the next request in fuzzer like what is in Burp suite . 

OR 

if there is anyway i could do it with ZAP with the current version could you please show me the way to do this 

Thanks in advance 

[thc...@gmail.com]

Hi,

With the Message Processor it should be possible to do that:
https://www.zaproxy.org/docs/desktop/addons/fuzzer/#message-processors

You have access to the response and you can make the values available to
the processor with global variables, depending on what you are doing you
might need to use the empty payload generator.

Best regards.

[samcker dodi]

As i said before there is a parameter in the response which should be parsed and send in the next request in url . How could i do this please in details or give me links or videos for this or how to be done with fuzzer script 

Thanks in advance 

[kingthorin+zap]

We don't have anything pre-packaged for this. Someone would have to go through the scenario and build the bits and bobs.

[samcker dodi]

ok just give me a point to start search with . Do i need a zest script or python script or how to do it .  just the idea without details 

i have already made a standalone python script run in terminal but i need to do it with zap 

please help i need this so much 

thanks in advance 

[thc...@gmail.com]

There are examples in:
https://github.com/zaproxy/community-scripts/tree/main/httpfuzzerprocessor

In the processMessage you would inject the payload, in the processResult
you would extract the payload.

Best regards.