Real time scan results to webhook
112 views
Skip to first unread message
Karthik Kanthaswamy
Feb 26, 2023, 9:03:38 AM2/26/23
to OWASP ZAP Scripts
Hi Team,
I would like to have a feature in which, when the scan is in progress and as and when the Alerts section is populated. The same details should be able to be fired to a webhook where we can create issue in Jira, Service now or a local webapp.
1. I do understand that there is a script "Loop through alerts.js" But this is a standalone script.
But I would like it to fire the results to a webhook without waiting for the wholescan to complete. Any help or guidance is greatly appreciated..!!
Regards
Karthik.K
thc...@gmail.com
Feb 26, 2023, 11:32:48 AM2/26/23
to zaproxy...@googlegroups.com
Hi.
You could use:
https://github.com/zaproxy/community-scripts/blob/6b0ed32946b01b421c87c71baa43efcd666cf6bc/extender/ZAP%20onEvent%20Handler.js
Listening to alert (added) event:
https://www.zaproxy.org/docs/internal-events/
Best regards.
You could use:
https://github.com/zaproxy/community-scripts/blob/6b0ed32946b01b421c87c71baa43efcd666cf6bc/extender/ZAP%20onEvent%20Handler.js
Listening to alert (added) event:
https://www.zaproxy.org/docs/internal-events/
Best regards.
ricekot
Feb 26, 2023, 9:45:11 PM2/26/23
to OWASP ZAP Scripts
This blog post also has an example which uses the ZAP event bus for sending live alerts to a Discord webhook:
Karthik Kanthaswamy
Mar 1, 2023, 3:59:34 AM3/1/23
to ricekot, OWASP ZAP Scripts
This code is amazing, I have done a bit of tweak as per my need, but my knowledge in development is bit limited. I tried referring to the Javadocs. It didnt work.
Can some help me how to add HTTP Request headers, HTTP Response headers also to the result.??
Code is given below.
var HttpSender = Java.type("org.parosproxy.paros.network.HttpSender")
var HttpMessage = Java.type("org.parosproxy.paros.network.HttpMessage")
var HttpHeader = Java.type("org.parosproxy.paros.network.HttpHeader")
var HttpRequestHeader = Java.type("org.parosproxy.paros.network.HttpRequestHeader")
var URI = Java.type("org.apache.commons.httpclient.URI")
function consumer(event) {
if (event.getEventType() != "alert.added") return
var params = event.getParameters()
alert = {
"fields": [
{ "Alert": params.get("name"),
"URL": "`" + params.get("uri") + "`" ,
"Risk": params.get("riskString"),
"Confidence": params.get("confidenceString"),
// HTTP Request headers
//HTTP Response headers
}
]
}
var body = {"data": [alert] }
body = JSON.stringify(body)
print(body)
}
function install(helper) {
org.zaproxy.zap.ZAP.getEventBus().registerConsumer(consumer, "org.zaproxy.zap.extension.alert.AlertEventPublisher")
}
function uninstall(helper) {
org.zaproxy.zap.ZAP.getEventBus().unregisterConsumer(consumer)
}
Thanks & Regards,
 CodeMax IT Solutions Pvt. Ltd. |
| Email karthik.kanthaswamy@CdMx.in Address Office No A - 201, 202, 2nd Floor, Asian Pinnacle, behind Bank of India, Fatorda, Goa 403602 Mobile +91 776-060-0458 Website CdMx.in |
|
This e-mail may contain privileged and confidential information which is the property of CodeMax IT Solutions Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. CodeMax IT Solutions Pvt. Ltd. does not accept any liability for virus infected e-mails.
--
You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP Scripts" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-scripts/Zk5Hr4i-TOY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-scrip...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/zaproxy-scripts/4cc38c1f-dac3-4029-8d02-a0b1f2b525fcn%40googlegroups.com.
Simon Bennetts
Mar 1, 2023, 4:33:35 AM3/1/23
to OWASP ZAP Scripts
ZAP events are generic - they can refer to lots of things, not just alerts.
The event is of type: https://javadoc.io/doc/org.zaproxy/zap/latest/org/zaproxy/zap/eventBus/Event.html
The alert.added event links to https://github.com/zaproxy/zaproxy/blob/main/zap/src/main/java/org/zaproxy/zap/extension/alert/AlertEventPublisher.java
but the code which actually publishes alert events is here: https://github.com/zaproxy/zaproxy/blob/a61267dac283416c2996e5a215dd4a8ede202a9c/zap/src/main/java/org/zaproxy/zap/extension/alert/ExtensionAlert.java#L313
You'll see that you have access to both the alert Id and the history Id.
This script shows how you can get a HistoryReference from the history Id : https://github.com/zaproxy/community-scripts/blob/main/standalone/Loop%20through%20history%20table.js
The HttpMessage (used by the script) will give you access to the request and response data :)
Cheers,
Simon
Karthik Kanthaswamy
Mar 3, 2023, 1:47:28 PM3/3/23
to Simon Bennetts, OWASP ZAP Scripts
That's great simon, I was able to get the javascript working, Now trying to port it to Python
I'm not able to registerConsumer while installing, I have tried multiple ways, Sometimes it is not throwing an error but when alert.added it is not picking them up.
from org.zaproxy.zap import ZAP
def consumer(event):
if (event.getEventType() == "alert.added"):
print('success')
def install(helper):
print('Installed');
ZAP.getEventBus().registerConsumer(consumer, "org.zaproxy.zap.extension.alert.AlertEventPublisher")
def uninstall(helper):
print('Uninstall called...!');
Thanks & Regards,
CodeMax IT Solutions Pvt. Ltd. |
| Email karthik.kanthaswamy@CdMx.in Address Office No A - 201, 202, 2nd Floor, Asian Pinnacle, behind Bank of India, Fatorda, Goa 403602 Mobile +91 776-060-0458 Website CdMx.in |
|
This e-mail may contain privileged and confidential information which is the property of CodeMax IT Solutions Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. CodeMax IT Solutions Pvt. Ltd. does not accept any liability for virus infected e-mails.
To view this discussion on the web, visit https://groups.google.com/d/msgid/zaproxy-scripts/64b9dc31-2030-4d62-ad79-3647849f93afn%40googlegroups.com.
Simon Bennetts
Mar 6, 2023, 6:51:35 AM3/6/23
to OWASP ZAP Scripts
You'll need to instantiate an EventConsumer.
This js script does it correctly: https://github.com/zaproxy/community-scripts/blob/main/extender/ZAP%20onEvent%20Handler.js
I havnt tried this in jython but it looks like its possible: https://stackoverflow.com/questions/1115451/jython-instantiating-java-class-in-script-as-java-object-not-as-python-object
Cheers,
Simon
Karthik Kanthaswamy
Mar 12, 2023, 3:06:13 AM3/12/23
to Simon Bennetts, OWASP ZAP Scripts
Hi Simon,
I have finally figured out how to do it. Please pass it to whoever is in need :)
# Import the required ZAP classes
from org.zaproxy.zap import ZAP as zap
from org.zaproxy.zap.eventBus import EventConsumer
class MyEventConsumer(EventConsumer):
def eventReceived(self, event):
if event.getEventType() == "alert.added":
params = event.getParameters()
print(params)
def install(helper):
event_consumer = MyEventConsumer()
if zap.getEventBus().registerConsumer(event_consumer, "org.zaproxy.zap.extension.alert.AlertEventPublisher"):
print("Install called")
def uninstall(helper):
event_consumer = MyEventConsumer()
if zap.getEventBus().unregisterConsumer(MyEventConsumer()):
print("Uninstall called")
Regards
Karthik.K
Reply all
Reply to author
Forward
0 new messages