deep crawling by zap
367 views
Skip to first unread message
Mitra Alidoosti
Oct 23, 2017, 7:49:13 AM10/23/17
to OWASP ZAP Developer Group
Hi,
until which level ZAP can crawl the web application? I have a web application that has a 5 step process but zap can not go deep in the web application, How can I force ZAP to go deep in web application?
thc...@gmail.com
Oct 23, 2017, 8:05:30 AM10/23/17
to zaproxy...@googlegroups.com
Hi.
That can be controlled with Options > Spider > Maximum depth to crawl [1]
The maximum is currently 20 (in the UI, that can be changed to a higher
value through the API).
[1]
https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsOptionsSpider#maximum-depth-to-crawl
Best regards.
That can be controlled with Options > Spider > Maximum depth to crawl [1]
The maximum is currently 20 (in the UI, that can be changed to a higher
value through the API).
[1]
https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsOptionsSpider#maximum-depth-to-crawl
Best regards.
psiinon
Oct 23, 2017, 8:06:21 AM10/23/17
to OWASP ZAP Developer Group
Just change the Maximum depth to crawl in the Spider Options: https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsOptionsSpider#maximum-depth-to-crawl
I think the default is 5, but it can go up to 19.
Not really sure why we limit to 19, theres no reason I'm aware of why we couldnt make that (much) bigger.
Does that solve your problem?
Cheers,
Simon
I think the default is 5, but it can go up to 19.
Not really sure why we limit to 19, theres no reason I'm aware of why we couldnt make that (much) bigger.
Does that solve your problem?
Cheers,
Simon
Mitra Alidoosti
Oct 23, 2017, 8:20:41 AM10/23/17
to OWASP ZAP Developer Group
Thanks for your reply, but I have a web application that has a button in level 2, but zap can not go deeper and do not any action in that button, How can I force ZAP to click that button and go deeper. I set the " maximum children to crawl" to 20 but it does not solve my problem.
Do you have any suggestion?
psiinon
Oct 23, 2017, 8:29:19 AM10/23/17
to OWASP ZAP Developer Group
Is that button generated (or make use of) JavaScript?
If so then you'll need to use the Ajax Spider.
The standard spider examines the HTML for links, but it cant understand JavaScript. The Ajax Spider launches browsers to crawl your application - its slower but it does handle JavaScript.
Cheers,
Simon
If so then you'll need to use the Ajax Spider.
The standard spider examines the HTML for links, but it cant understand JavaScript. The Ajax Spider launches browsers to crawl your application - its slower but it does handle JavaScript.
Cheers,
Simon
Mitra Alidoosti
Oct 23, 2017, 1:24:24 PM10/23/17
to zaproxy...@googlegroups.com
it is not ajax, my web application name is WackoPicko, in WackoPicko
1- login
2- in Recent Tab select one picture
3- bottom of page you can write comment and click preview
ZAP can not write comment in this section and click preview.
is there any solution that ZAP can do it?
Thanks,
--
You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP Developer Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-develop/ydLRVBUwa30/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-develop+unsubscribe@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/zaproxy-develop/2a55d3d9-3e03-4fdf-ac82-f41bf44a9418%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Sincerely,
M.Alidoosti
M.Alidoosti
kingthorin+owaspzap
Oct 23, 2017, 3:57:30 PM10/23/17
to OWASP ZAP Developer Group
Checkout the Sequence addon.
To unsubscribe from this group and all its topics, send an email to zaproxy-devel...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/zaproxy-develop/2a55d3d9-3e03-4fdf-ac82-f41bf44a9418%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Sincerely,
M.Alidoosti
Reply all
Reply to author
Forward
0 new messages