save the request and response data for ZAP spider and scan

[aad...@gmail.com]

Using the ZAP project for automation of scanning. 

Post run I dont see the request and response data saved as part of report generation or in any logs. 

I want to save all spider and scan executed request and response data. Also the vulnerability assessment data post scan success. 

Please let me know how to do that. 

Versions used:

OSWAP ZAP 2.6.0

ZAP client:   zap-api-1.2.0.jar,   zap-clientapi-1.2.0.jar

Selenium-2.43.0

Fireforx 31

Ant target for recording and running scan is as below: 

<target name="ZAPDemo">

<antcall target="build" />

<antcall target="startZap" />

<antcall target="startZapDaemon" />

<NewZAPSession zapAddress="${zapaddr}" zapPort="${zapport}" apikey="3pnlsbku8j5fonvfa9vff5o2bq" debug="true" />

<antcall target="clean" />

<AccessURL zapAddress="${zapaddr}" zapPort="${zapport}" url="${targetHost}" debug="true"/>

        

<SpiderURL zapAddress="${zapaddr}" zapPort="${zapport}" url="${targetHost}" apikey="3pnlsbku8j5fonvfa9vff5o2bq" debug="true"/>

<record name="Report.txt" action="start" append="true" />

<antcall target="run" />

<record name="Report.txt" action="stop" />

<ActiveScanURL zapAddress="${zapaddr}" zapPort="${zapport}" url="${targetHost}"  apikey="3pnlsbku8j5fonvfa9vff5o2bq" debug="true"/>

<sleep seconds="10"/>

        

<ActiveScanSite zapAddress="${zapaddr}" zapPort="${zapport}" url="${targetHost}"  apikey="3pnlsbku8j5fonvfa9vff5o2bq" debug="true"/>

        

<tstamp>

        <format property="timestamp" pattern="MM-dd-yyyy HH-mm-ss"/>

        </tstamp>

        <SaveZAPSession zapAddress="${zapaddr}" zapPort="${zapport}" name="${user.dir}/test ${timestamp}"  apikey="3pnlsbku8j5fonvfa9vff5o2bq"  debug="true"/>

<record name="Report.txt" action="start" append="true" />

<record name="Report.txt" action="stop" />

        <stopZapTask zapAddress="${zapaddr}"  apikey="3pnlsbku8j5fonvfa9vff5o2bq" zapPort="${zapport}"/>

</target>

Regards,

Aadi

[aad...@gmail.com]

Hi 

Can anyone suggest me how to save the request and response and vulnerability data in ZAP java automation project. 

I have used BodgeITTest project and customized it to run for my web application. 

I see that all ant tasks succeeded. 

Report session and session properties files generated. 

But I wanted vulnerability check report which is not there in zap home or in my project path. 

[thc...@gmail.com]

Hi.

The report is not created automatically and there's currently no Ant
task for that, one would have to call an API endpoint or use the command
line. [1] [2] [3]

Feel free to raise an issue. [4]


[1] https://github.com/zaproxy/zap-core-help/wiki/HelpCmdline
[2] https://github.com/zaproxy/zaproxy/wiki/ApiGen_core
[3]
https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsExportreportExportreport
[4] https://github.com/zaproxy/zaproxy/issues/new

Best regards.

On 15/06/17 08:22, aad...@gmail.com wrote:
> Hi
>
> Can anyone suggest me how to save the request and response and
> vulnerability data in ZAP java automation project.
>
> I have used BodgeITTest project and customized it to run for my web
> application.
>
> I see that all ant tasks succeeded.
>
> Report session and session properties files generated.
>
> But I wanted vulnerability check report which is not there in zap home or
> in my project path.
>
>
>
>
> On Wednesday, June 14, 2017 at 4:40:27 PM UTC+5:30, aad...@gmail.com wrote:
>>
>> Using the ZAP project for automation of scanning.
>> Post run I dont see the request and response data saved as part of report
>> generation or in any logs.
>>
>> I want to save all spider and scan executed request and response data.
>> Also the vulnerability assessment data post scan success.
>> Please let me know how to do that.
>>
>>

>> *Versions used:*

[aad...@gmail.com]

Hi, 

I downloaded the latest version from:

ZAP_WEEKLY_D-2016-09-05.zip - https://github.com/JordanGS/workspace/tree/master/zap-download

Using above version of ZAP I crated the session and did spider and active scan. 

There is no export report option in ZAP menu. How to launch export report ?

This wiki is also not so clear. 

https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsExportreportExportreport

Thanks,
Aadi

[thc...@gmail.com]

Hi.

You need to install the add-on "Export Report". [1]
Once installed the menu should be available.

Probably better to use a newer weekly release (that one is too old,
older than 2.6.0):
https://github.com/zaproxy/zaproxy/wiki/Downloads#zap-weekly


[1] https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsManageaddons

Best regards.

On 21/06/17 11:15, aad...@gmail.com wrote:
> Hi,
>
>
> I downloaded the latest version from:
> ZAP_WEEKLY_D-2016-09-05.zip

> <https://github.com/JordanGS/workspace/blob/master/zap-download/ZAP_WEEKLY_D-2016-09-05.zip> -

> https://github.com/JordanGS/workspace/tree/master/zap-download
>
> Using above version of ZAP I crated the session and did spider and active
> scan.
>
> There is no export report option in ZAP menu. How to launch export report ?
>
>
> This wiki is also not so clear.
> https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsExportreportExportreport
>
>
>
> Thanks,
> Aadi
>
> On Friday, June 16, 2017 at 1:47:26 PM UTC+5:30, thc202 wrote:
>>
>> Hi.
>>
>> The report is not created automatically and there's currently no Ant
>> task for that, one would have to call an API endpoint or use the command
>> line. [1] [2] [3]
>>
>> Feel free to raise an issue. [4]
>>
>>
>> [1] https://github.com/zaproxy/zap-core-help/wiki/HelpCmdline
>> [2] https://github.com/zaproxy/zaproxy/wiki/ApiGen_core
>> [3]
>>
>> https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsExportreportExportreport
>> [4] https://github.com/zaproxy/zaproxy/issues/new
>>
>> Best regards.
>>