Can Spider get URLs available in the frontend when using some libraries like Ziggy?

[Abdelkhalek BERAOUD (letmewin)]

When I was testing a Laravel application that had Ziggy to export Laravel routes in the frontend, I thought that ZAP spider would get them but it did not, is there a configuration or an add on to do that ?

If not, I will be happy to contribute with this.

[psiinon]

Hiya,

I'm not really familiar with Laravel routes - can you explain a bit more about how this could work?

Would it just be Laravel specific?

FYI we are working in this area, but on exploring all modern web apps better, not just specific technologies.

Many thanks,

Simon

[Abdelkhalek BERAOUD (letmewin)]

It will be something like this:

Inside a script tag in the HTML and it contains all the routes of the app, with methods and path parameters for each route.

Many thanks.

[psiinon]

OK, that looks very useful :D

Is it included as standard in all Laravel apps?

Do you know of any working examples we can easily access?

Many thanks,

Simon

[Abdelkhalek BERAOUD (letmewin)]

No, it is included by default, but it is used with some web architectures especially when using Laravel with inertia js as a linker between Laravel and a Js frontend framework.

Here is the example that I was working on:  https://www.glyc.dz/

You can use dev tools to inspect HTML and look for "Ziggy" javascript variable. 

[BERAOUD Abdelkhalek]

I mean it is not included by default.

[psiinon]

Thank you - that is very helpful!

[BERAOUD Abdelkhalek]

Hello, should I open an issue for this?

--
ZAP by Checkmarx: https://www.zaproxy.org/
---
You received this message because you are subscribed to the Google Groups "ZAP Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.
To view this discussion, visit https://groups.google.com/d/msgid/zaproxy-develop/dae2b0b0-253e-4024-b902-5557cac9f1cfn%40googlegroups.com.

[psiinon]

Yeah, that would be good.

Many thanks,

Simon