Need to understand the logic - Ajax Spidering
32 views
Skip to first unread message
Vikas Bhandari
Mar 31, 2022, 8:58:34 AM3/31/22
to OWASP ZAP Developer Group
Hi Team
I am using Ajax Spidering logic which is -
In this resp value is not being used. Can I know where it is being used?
I am trying to execute the code but not able to run the same - Can I know the solution for the same?
public class AjaxSpider {
private static final int ZAP_PORT = 8080;
private static final String ZAP_API_KEY = null;
private static final String ZAP_ADDRESS = "localhost";
private static final String TARGET = "https://public-firing-range.appspot.com";
public static void main(String[] args) {
// Create the ZAP Client
ClientApi api = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY);
try {
// Start spidering the target
System.out.println("Ajax Spider target : " + TARGET);
ApiResponse resp = api.ajaxSpider.scan(TARGET, null, null, null);
String status;
long startTime = System.currentTimeMillis();
long timeout = TimeUnit.MINUTES.toMillis(2); // Two minutes in milli seconds
// Loop until the ajax spider has finished or the timeout has exceeded
while (true) {
Thread.sleep(2000);
status = (((ApiResponseElement) api.ajaxSpider.status()).getValue());
System.out.println("Spider status : " + status);
if (!("stopped".equals(status)) || (System.currentTimeMillis() - startTime) < timeout) {
break;
}
}
System.out.println("Ajax Spider completed");
// Perform additional operations with the Ajax Spider results
List<ApiResponse> ajaxSpiderResponse = ((ApiResponseList) api.ajaxSpider.results("0", "10")).getItems();
// TODO: Start scanning(passive/active scan) the application to find vulnerabilities
} catch (Exception e) {
System.out.println("Exception : " + e.getMessage());
e.printStackTrace();
}
}
}
private static final int ZAP_PORT = 8080;
private static final String ZAP_API_KEY = null;
private static final String ZAP_ADDRESS = "localhost";
private static final String TARGET = "https://public-firing-range.appspot.com";
public static void main(String[] args) {
// Create the ZAP Client
ClientApi api = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY);
try {
// Start spidering the target
System.out.println("Ajax Spider target : " + TARGET);
ApiResponse resp = api.ajaxSpider.scan(TARGET, null, null, null);
String status;
long startTime = System.currentTimeMillis();
long timeout = TimeUnit.MINUTES.toMillis(2); // Two minutes in milli seconds
// Loop until the ajax spider has finished or the timeout has exceeded
while (true) {
Thread.sleep(2000);
status = (((ApiResponseElement) api.ajaxSpider.status()).getValue());
System.out.println("Spider status : " + status);
if (!("stopped".equals(status)) || (System.currentTimeMillis() - startTime) < timeout) {
break;
}
}
System.out.println("Ajax Spider completed");
// Perform additional operations with the Ajax Spider results
List<ApiResponse> ajaxSpiderResponse = ((ApiResponseList) api.ajaxSpider.results("0", "10")).getItems();
// TODO: Start scanning(passive/active scan) the application to find vulnerabilities
} catch (Exception e) {
System.out.println("Exception : " + e.getMessage());
e.printStackTrace();
}
}
}
thc...@gmail.com
Mar 31, 2022, 9:23:19 AM3/31/22
to zaproxy...@googlegroups.com
Hi.
It's not used in the example, it just returns OK.
We should remove that.
Best regards.
On 31/03/2022 13:58, Vikas Bhandari wrote:
> Hi Team
>
> I am using Ajax Spidering logic which is -
>
> https://www.zaproxy.org/docs/api/?java#using-ajax-spider
>
> In this *resp *value is not being used. Can I know where it is being used?
It's not used in the example, it just returns OK.
We should remove that.
Best regards.
On 31/03/2022 13:58, Vikas Bhandari wrote:
> Hi Team
>
> I am using Ajax Spidering logic which is -
>
> https://www.zaproxy.org/docs/api/?java#using-ajax-spider
>
>
> I am trying to execute the code but not able to run the same - Can I know
> the solution for the same?
>
> public class AjaxSpider {
> private static final int ZAP_PORT = 8080;
> private static final String ZAP_API_KEY = null;
> private static final String ZAP_ADDRESS = "localhost";
> private static final String TARGET =
> "https://public-firing-range.appspot.com";
> public static void main(String[] args) {
> // Create the ZAP Client
> ClientApi api = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY);
>
> try {
> // Start spidering the target
> System.out.println("Ajax Spider target : " + TARGET);
> ApiResponse *resp *= api.ajaxSpider.scan(TARGET, null, null,
> I am trying to execute the code but not able to run the same - Can I know
> the solution for the same?
>
> public class AjaxSpider {
> private static final int ZAP_PORT = 8080;
> private static final String ZAP_API_KEY = null;
> private static final String ZAP_ADDRESS = "localhost";
> private static final String TARGET =
> "https://public-firing-range.appspot.com";
> public static void main(String[] args) {
> // Create the ZAP Client
> ClientApi api = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY);
>
> try {
> // Start spidering the target
> System.out.println("Ajax Spider target : " + TARGET);
Vikas Bhandari
Mar 31, 2022, 11:04:58 AM3/31/22
to OWASP ZAP Developer Group
Hi Team
I tried using the code but on running it in eclipse it is not invoking the UI mode. Can you let me know from where I can get the latest code for the Ajax Spidering
Appreciate your help
Thanks!!
kingthorin+owaspzap
Mar 31, 2022, 3:57:08 PM3/31/22
to OWASP ZAP Developer Group
Specifically the Web API bits are in: https://github.com/zaproxy/zap-extensions/blob/main/addOns/spiderAjax/src/main/java/org/zaproxy/zap/extension/spiderAjax/AjaxSpiderAPI.java
Reply all
Reply to author
Forward
0 new messages