context checking strategy - poll headers is getting set to poll data information
72 views
Skip to first unread message
Avani Shah
Oct 3, 2024, 12:27:35 PM10/3/24
to ZAP User Group
Hi,
I am attempting to use the set context checking strategy to set the strategy as POLL_URL and setting polling data and additional polling headers. When setting the polling data and headers the pollHeader in the context is being set as the pollData value. Below is the information put through the context in the UI and the result when getting the context with the API.
Getting the context with the API:
{ "context": { "pollFrequencyUnits": "REQUESTS", "pollHeaders": "{data=test}", "excludeRegexs": "[]", "loggedInPattern": "\"Logged in\"", "urlParameterParserClass": "org.zaproxy.zap.model.StandardParameterParser", "description": "", "includeRegexs": "[]", "checkingStrategy": "POLL_URL", "pollFrequency": "60", "inScope": "true", "authenticationDetectionMethodId": "0", "loggedOutPattern": "\"Logged out\"", "postParameterParserConfig": "{\"kvps\":\"&\",\"kvs\":\"=\",\"struct\":[]}", "excludedTechnologies": [], "name": "Default Context", "pollUrl": "https://example.com/", "includedTechnologies": [ "Db", "Db.CouchDB", "Db.Firebird", "Db.HypersonicSQL", "Db.IBM DB2", "Db.MariaDB", "Db.Microsoft Access", "Db.Microsoft SQL Server", "Db.MongoDB", "Db.MySQL", "Db.Oracle", "Db.PostgreSQL", "Db.SAP MaxDB", "Db.SQLite", "Db.Sybase", "Language", "Language.ASP", "Language.C", "Language.JSP/Servlet", "Language.Java", "Language.Java.Spring", "Language.JavaScript", "Language.PHP", "Language.Python", "Language.Ruby", "Language.XML", "OS", "OS.Linux", "OS.MacOS", "OS.Windows", "SCM", "SCM.Git", "SCM.SVN", "WS", "WS.Apache", "WS.IIS", "WS.Tomcat" ], "urlParameterParserConfig": "{\"kvps\":\"&\",\"kvs\":\"=\",\"struct\":[]}", "id": "1", "authType": "Manual Authentication", "pollData": "{data=test}", "postParameterParserClass": "org.zaproxy.zap.model.StandardParameterParser" } }
A screenshot is attached of how it was being set in the UI.
Is there a reason why pollHeaders is being set to the pollData value - how would I go about fixing this.
I am attempting to use the set context checking strategy to set the strategy as POLL_URL and setting polling data and additional polling headers. When setting the polling data and headers the pollHeader in the context is being set as the pollData value. Below is the information put through the context in the UI and the result when getting the context with the API.
Getting the context with the API:
{ "context": { "pollFrequencyUnits": "REQUESTS", "pollHeaders": "{data=test}", "excludeRegexs": "[]", "loggedInPattern": "\"Logged in\"", "urlParameterParserClass": "org.zaproxy.zap.model.StandardParameterParser", "description": "", "includeRegexs": "[]", "checkingStrategy": "POLL_URL", "pollFrequency": "60", "inScope": "true", "authenticationDetectionMethodId": "0", "loggedOutPattern": "\"Logged out\"", "postParameterParserConfig": "{\"kvps\":\"&\",\"kvs\":\"=\",\"struct\":[]}", "excludedTechnologies": [], "name": "Default Context", "pollUrl": "https://example.com/", "includedTechnologies": [ "Db", "Db.CouchDB", "Db.Firebird", "Db.HypersonicSQL", "Db.IBM DB2", "Db.MariaDB", "Db.Microsoft Access", "Db.Microsoft SQL Server", "Db.MongoDB", "Db.MySQL", "Db.Oracle", "Db.PostgreSQL", "Db.SAP MaxDB", "Db.SQLite", "Db.Sybase", "Language", "Language.ASP", "Language.C", "Language.JSP/Servlet", "Language.Java", "Language.Java.Spring", "Language.JavaScript", "Language.PHP", "Language.Python", "Language.Ruby", "Language.XML", "OS", "OS.Linux", "OS.MacOS", "OS.Windows", "SCM", "SCM.Git", "SCM.SVN", "WS", "WS.Apache", "WS.IIS", "WS.Tomcat" ], "urlParameterParserConfig": "{\"kvps\":\"&\",\"kvs\":\"=\",\"struct\":[]}", "id": "1", "authType": "Manual Authentication", "pollData": "{data=test}", "postParameterParserClass": "org.zaproxy.zap.model.StandardParameterParser" } }
A screenshot is attached of how it was being set in the UI.
Is there a reason why pollHeaders is being set to the pollData value - how would I go about fixing this.
kingthorin+zap
Oct 3, 2024, 6:51:13 PM10/3/24
to ZAP User Group
The post data should be properly encoded, I believe
Avani Shah
Oct 4, 2024, 11:30:45 AM10/4/24
to ZAP User Group
Properly encoding it didn't change that the pollHeaders afterwards was still set to the value that I put for pollData when getting the context via the API
Here are the values I put in for pollData and PollHeaders
Here are the values I put in for pollData and PollHeaders
pollData: "{\"data\":\"test\"}"
pollHeaders: "Authentication:Bearer12345"
This is also happening if I use the set context strategy ZAP api.
This is also happening if I use the set context strategy ZAP api.
Avani Shah
Oct 7, 2024, 10:21:06 AM10/7/24
to ZAP User Group
Hi,
Also is there any restrictions on the format of the pollData for the setContextCheckingStrategy API, how is ZAP expecting the pollData to be sent? Are there any example that you have that we could follow?
Thank you in advance,
Also is there any restrictions on the format of the pollData for the setContextCheckingStrategy API, how is ZAP expecting the pollData to be sent? Are there any example that you have that we could follow?
Thank you in advance,
Avani Shah
thc...@gmail.com
Oct 7, 2024, 11:37:39 AM10/7/24
to zaprox...@googlegroups.com
Hi,
This is a bug in ZAP, it's returning the wrong data, it will be fixed in
the next weekly release.
Best regards.
This is a bug in ZAP, it's returning the wrong data, it will be fixed in
the next weekly release.
Best regards.
Reply all
Reply to author
Forward
0 new messages