Referencing an Extender script
35 views
Skip to first unread message
Ailton Caetano
Nov 28, 2022, 9:46:48 AM11/28/22
to OWASP ZAP Scripts
Hi Folks, how are you?
I've developed a window through an Extender script to store the requests I've made with an active rule script. The problem that I'm facing now is how to reference that same Extender script, so that I can call the function that adds the requests/responses to that window.I've tried using the GlobalVar thing, but it only comes out as a string on the other side and even if I would find a way to typecast it, I'd have to redefine the functions at the local scope, which brings me to the first question again =]
So, is there a way to reference an Extender script that has already been loaded and enabled, along with its internal variables and functions?
Regards,
Ailton Caetano
thc...@gmail.com
Nov 28, 2022, 9:57:06 AM11/28/22
to zaproxy...@googlegroups.com
Hi.
You can use the GlobarVars but set/get it as a custom var.
https://www.zaproxy.org/docs/desktop/addons/script-console/#custom-globalscript-variables
Best regards.
You can use the GlobarVars but set/get it as a custom var.
https://www.zaproxy.org/docs/desktop/addons/script-console/#custom-globalscript-variables
Best regards.
Ailton Caetano
Nov 28, 2022, 10:37:16 AM11/28/22
to OWASP ZAP Scripts
Hi,
I'm trying your recommendation, but it is not working. I've used the GlobalCustomVar one and, although a print is able to display the function code, the var into which it was assigned has an object class of "undefined" and executing it returns a java.lang.NoSuchMethodException exception.
Here is a snippet:
<--- File a.js --->
function addEntry(msg) {
model.addEntry(msg);
}
ScriptVars.setGlobalCustomVar("addEntry", addEntry)
model.addEntry(msg);
}
ScriptVars.setGlobalCustomVar("addEntry", addEntry)
</--- File a.js --->
<--- File b.js --->
var addEntry = ScriptVars.getGlobalCustomVar("addEntry");
print(addEntry)
addEntry(msg)
var addEntry = ScriptVars.getGlobalCustomVar("addEntry");
print(addEntry)
addEntry(msg)
</--- File b.js --->
print(addEntry) displays "function addEntry(msg) { model.addEntry(msg);}" as expected but executing addEntry(msg) returns the mentioned exception.
Any tips?
Regards,
Ailton Caetano
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Scripts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-scrip...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/zaproxy-scripts/f9b554e2-5cb2-1552-fe33-011072615e59%40gmail.com.
thc...@gmail.com
Nov 28, 2022, 10:51:41 AM11/28/22
to zaproxy...@googlegroups.com
Could you provide the whole error/stacktrace?
Which script engine are you using?
Best regards.
Which script engine are you using?
Best regards.
Ailton Caetano
Nov 28, 2022, 1:11:44 PM11/28/22
to OWASP ZAP Scripts
Here it is:
java.lang.RuntimeException: java.lang.NoSuchMethodException: None of the fixed arity signatures [(org.zaproxy.zap.view.table.DefaultHistoryReferencesTableEntry), (org.zaproxy.zap.view.table.HistoryReferencesTableEntry)] of method jdk.nashorn.javaadapters.org_zaproxy_zap_view_table_DefaultHistoryReferencesTableModel.addEntry match the argument types [org.parosproxy.paros.network.HttpMessage]java.lang.RuntimeException: java.lang.NoSuchMethodException: None of the fixed arity signatures [(org.zaproxy.zap.view.table.DefaultHistoryReferencesTableEntry), (org.zaproxy.zap.view.table.HistoryReferencesTableEntry)] of method jdk.nashorn.javaadapters.org_zaproxy_zap_view_table_DefaultHistoryReferencesTableModel.addEntry match the argument types [org.parosproxy.paros.network.HttpMessage]
java.lang.RuntimeException: java.lang.NoSuchMethodException: None of the fixed arity signatures [(org.zaproxy.zap.view.table.DefaultHistoryReferencesTableEntry), (org.zaproxy.zap.view.table.HistoryReferencesTableEntry)] of method jdk.nashorn.javaadapters.org_zaproxy_zap_view_table_DefaultHistoryReferencesTableModel.addEntry match the argument types [org.parosproxy.paros.network.HttpMessage]java.lang.RuntimeException: java.lang.NoSuchMethodException: None of the fixed arity signatures [(org.zaproxy.zap.view.table.DefaultHistoryReferencesTableEntry), (org.zaproxy.zap.view.table.HistoryReferencesTableEntry)] of method jdk.nashorn.javaadapters.org_zaproxy_zap_view_table_DefaultHistoryReferencesTableModel.addEntry match the argument types [org.parosproxy.paros.network.HttpMessage]
So, the addEntry function works if I use it in the original script, but not in the script where it was imported to.
To view this discussion on the web, visit https://groups.google.com/d/msgid/zaproxy-scripts/b342c2de-9501-8877-94c7-d06d4dbaad4e%40gmail.com.
thc...@gmail.com
Nov 29, 2022, 4:36:08 AM11/29/22
to zaproxy...@googlegroups.com
How are you calling it in the original script? That model works with
HistoryReference objects not HttpMessage (and you would have to call
addHistoryReference).
With the evidence provided it seems the error is expected.
Best regards.
HistoryReference objects not HttpMessage (and you would have to call
addHistoryReference).
With the evidence provided it seems the error is expected.
Best regards.
Ailton Caetano
Nov 30, 2022, 10:57:40 AM11/30/22
to OWASP ZAP Scripts
I'm calling it exactly the same way, using an HttpMessage...
I've also tried setting and getting the function as a var in the original script, one right under the other using
ScriptVars.setGlobalCustomVar("addEntry", addEntry)
var test = ScriptVars.getGlobalCustomVar("addEntry");
print(test.class)
but it prints class as "undefined".
Now, coming to think of it, I'll try some different. I'll hook into the panel I've created ".getMainFrame().getWorkbench().getPanels(...)" after making addEntry a method of the Panel object created in the extender script. It could bear some fruits...
Maybe, going high up into the hierarchy of the ActiveScanner object provided by "scanNode()" and "scan()" from the Active Rules script, I'll find a way to plug into the Workbench and get the Panel reference...
Regards,
Ailton Caetano
To view this discussion on the web, visit https://groups.google.com/d/msgid/zaproxy-scripts/d9815642-7969-089d-b5be-862e2a3090af%40gmail.com.
thc...@gmail.com
Nov 30, 2022, 11:19:02 AM11/30/22
to zaproxy...@googlegroups.com
Could you share your actual scripts?
".class" is not valid, ".getClass()" should be.
Best regards.
".class" is not valid, ".getClass()" should be.
Best regards.
Ailton Caetano
Dec 4, 2022, 2:09:45 AM12/4/22
to OWASP ZAP Scripts
Hi thc,
I've found a way to access the method. I've plugged the "addEntry" function into the table model and I'm accessing it through the UI (var model = Java.type(org.parosproxy.paros.model.Model); model.getSingleton().getMainFrame().GetWorkbench()...).
About the ".class", well, surprisingly it works, I'm using it right now in a debug script. This is probably due to some high-tree inheritance. I'll create a PR in the community scripts repo to make it available to everyone. It has been of great help during script debugging sessions.
Regards,
Ailton Caetano
To view this discussion on the web, visit https://groups.google.com/d/msgid/zaproxy-scripts/03ed29a5-2674-a526-2ce6-38b01bc3cc41%40gmail.com.
Ailton Caetano
Dec 4, 2022, 6:47:34 PM12/4/22
to OWASP ZAP Scripts
Ailton Caetano
Simon Bennetts
Dec 5, 2022, 4:28:15 AM12/5/22
to OWASP ZAP Scripts
Many thanks!
Simon
Reply all
Reply to author
Forward
0 new messages