ZAP Scripts Limitation
71 views
Skip to first unread message
Shubham Patel
Mar 2, 2022, 7:36:38 AM3/2/22
to OWASP ZAP Scripts
Hello,
Is there any doc that shows all the things you can do with scripts?
In the User Guide, it's mentioned that "ZAP supports scripts that can be embedded within ZAP and can access internal ZAP data structures and classes. These scripts allow you to dynamically enhance ZAP from within ZAP."
Based on this description I think everything is accessible, is there anything that is not accessible with the Scripts or Out of Scope?
Shubham
thc...@gmail.com
Mar 2, 2022, 7:48:16 AM3/2/22
to zaproxy...@googlegroups.com
Hi.
I'm not aware of such doc, if you need examples of what can be done with
scripts there's: https://github.com/zaproxy/community-scripts/
Not everything is accessible (e.g. some parts are not expected to be
changed) but most is, you can always resort to reflection if you really
need to.
Best regards.
On 02/03/2022 12:36, 'Shubham Patel' via OWASP ZAP Scripts wrote:
> Hello,
>
> Is there any doc that shows all the things you can do with scripts?
>
> In the User Guide, it's mentioned that "*ZAP supports scripts that can be
I'm not aware of such doc, if you need examples of what can be done with
scripts there's: https://github.com/zaproxy/community-scripts/
Not everything is accessible (e.g. some parts are not expected to be
changed) but most is, you can always resort to reflection if you really
need to.
Best regards.
On 02/03/2022 12:36, 'Shubham Patel' via OWASP ZAP Scripts wrote:
> Hello,
>
> Is there any doc that shows all the things you can do with scripts?
>
> embedded within ZAP and can access internal ZAP data structures and
> classes. These scripts allow you to dynamically enhance ZAP from within
> ZAP.*"
> classes. These scripts allow you to dynamically enhance ZAP from within
psiinon
Mar 2, 2022, 7:57:20 AM3/2/22
to thc...@gmail.com, OWASP ZAP Scripts
In practice you should be able to do anything you need to with scripts.
If you can't then let us know!
ZAP is open source.
The data is yours.
You should be able to do whatever you like with it :)
Cheers,
Simon
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Scripts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-scrip...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/zaproxy-scripts/a9d876c1-9f8d-9ad7-3a87-410f4a050cb8%40gmail.com.
--
OWASP ZAP Project leader
Shubham Patel
Mar 2, 2022, 8:17:01 AM3/2/22
to OWASP ZAP Scripts
Thank you for the clarification 👍
Ailton Caetano
Mar 3, 2022, 8:15:52 PM3/3/22
to psiinon, thc...@gmail.com, OWASP ZAP Scripts
Hi Shubam,
Take a look into the window creation template (https://github.com/zaproxy/community-scripts/commits/main/standalone/window_creation_template.js) to have an example of how to plug into zap internals. There is also a python example offering the same functionality for a better understanding.
Unfortunately, for now, the only documentation available is zap's source code.
Regards,
Ailton Caetano
To view this discussion on the web, visit https://groups.google.com/d/msgid/zaproxy-scripts/CAORxfg6K_FCz_nCSGsfFa2Va1FJ35c3%2BVmt1r%3Dj0KzLa5iMG1A%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages