How to set "OOB service used in active scan" from an addon
18 views
Skip to first unread message
Aakhash Ganesh
Dec 28, 2022, 9:49:12 PM12/28/22
to OWASP ZAP Developer Group
Hello,
I'm writing an active scan addon that needs zap to use interactsh for the scan. I'm running zap as a headless instance, so I don't have access to the options panel. I was able to set the Interactsh value such as the server url and token in my addon file, but I don't see how I can set the "OOB service used in active scan" in the oast general tab to interactsh.
I've tried to set the value by doing
getConfig().setProperty("oast.activeScanService", "interactsh");
in my init, and by trying to modify the value through the class. I don't see how to change the value. I would appreciate any help on the matter.
I'm writing an active scan addon that needs zap to use interactsh for the scan. I'm running zap as a headless instance, so I don't have access to the options panel. I was able to set the Interactsh value such as the server url and token in my addon file, but I don't see how I can set the "OOB service used in active scan" in the oast general tab to interactsh.
I've tried to set the value by doing
getConfig().setProperty("oast.activeScanService", "interactsh");
in my init, and by trying to modify the value through the class. I don't see how to change the value. I would appreciate any help on the matter.
psiinon
Dec 29, 2022, 4:13:00 AM12/29/22
to OWASP ZAP Developer Group
You should be able to change any of the config values via the "-config" command line option (or the -configfile one)
Cheers,
Simon
Aakhash Ganesh
Jan 6, 2023, 6:14:10 PM1/6/23
to OWASP ZAP Developer Group
Thank you so much, I have a follow up question if you don't mind.
public void init() {
final ExtensionOast extOast = Control.getSingleton().getExtensionLoader().getExtension(ExtensionOast.class);
final InteractshService interact = extOast.getInteractshService();
interact.getParam().setServerUrl(interactshURL);
interact.getParam().setAuthToken(interactshToken);
interact.getParam().setPollingFrequency(10);
try {
final String payload = interact.getNewPayload();
} catch (final Exception e1) {
e1.printStackTrace();
}
I'm trying to initialize the interactsh values from what I found in the developer site and the index. So I have the following:
final ExtensionOast extOast = Control.getSingleton().getExtensionLoader().getExtension(ExtensionOast.class);
final InteractshService interact = extOast.getInteractshService();
interact.getParam().setServerUrl(interactshURL);
interact.getParam().setAuthToken(interactshToken);
interact.getParam().setPollingFrequency(10);
try {
final String payload = interact.getNewPayload();
} catch (final Exception e1) {
e1.printStackTrace();
}
}
What is the best way for me to get the values for interactshURL, and interactshToken if I need to get them from an API call? I can't hardcode the information into the addon. So I need to reach out to an api to get the proper url and token values. This might just be more of a java question than a zap but trying to emulate the curl functionality in java through HttpURLConnection did not work for me.
Reply all
Reply to author
Forward
0 new messages