Recording Zest Scripts
289 views
Skip to first unread message
Mitch Hall
Mar 16, 2021, 5:11:41 PM3/16/21
to OWASP ZAP User Group
I am new to Zap, but have experience with IBM AppScan.
I would like to record Zest Scripts that would traverse different sections of my Web App.
I ran a trial test and attempted to use the Zap Zest Record feature .
1) After starting the Zest recorder I opened the browser (Chrome), pasted in the URL for my Web App and launched it.
2) I logged in to the App.
3) I navigated the Web App to add a new Customer Sales order.
4) I logged off the Web App and then closed the browser.
5) I clicked on the Zest toolbar icon to stop the recording.
6) I reviewed the Zest Script URLs in the Script Tab and they looked good.
7) I selected the Zest Script, Clicked on Run, but the Browser was never opened
8) The URLS played back, but the Browser never loaded?
9) I also tried starting the Zest Recorder and used the 'Manual Explore' Quick Start, but got identical results, no Chrome Browser Session was loaded. It acted like it was running with a Chrome Headless setting.
10) what do you have to do to get the browser to load and have the recorded Zest Script play back in the browser?
I saw a video on the Persona Create Account.zst script and it did open the browser and play back the script in the browser session.
Ideally I want to record Zest Scripts for different elements of my Web App and test each separately for security vulnerabilities.
Any insight/help would be greatly appreciated!
Simon Bennetts
Mar 17, 2021, 5:27:53 AM3/17/21
to OWASP ZAP User Group
Right now you can only record server side Zest scripts.
This means that ZAP records the requests proxied through ZAP. When you run the script then ZAP will replay then from ZAP not via a browser.
You can write Zest scripts that control a browser but that is a manual process right now, we do not support client side Zest script recording.
Cheers,
Simon
mhallnh
Mar 17, 2021, 10:21:33 AM3/17/21
to zaprox...@googlegroups.com
Thank sir!
Sent from my Verizon 4G LTE smartphone
--
You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/-iwo7X1Dces/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/f53bc9e4-cb2f-4ee7-a748-f98a5f136b13n%40googlegroups.com.
You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/-iwo7X1Dces/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/f53bc9e4-cb2f-4ee7-a748-f98a5f136b13n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages