It seems to be working, TYVM. Here is what I implemented:
I added the following to the options.prop file:
script.scripts.name=Prevents revoke endpoints to be called
script.scripts.engine=Oracle Nashorn
script.scripts.type=httpsender
script.scripts.enabled=true
script.scripts.file=/zap/wrk/prevent-revoke.jsHere is the content of prevent-revoke.js file:
var URI = Java.type("org.apache.commons.httpclient.URI")
function sendingRequest(msg, initiator, helper) {
var originalRequestUri = msg.getRequestHeader().getURI().toString();
if (originalRequestUri && originalRequestUri.indexOf("revoke") !== -1) {
var requestUri = msg.getRequestHeader().getURI()
requestUri = new URI(requestUri.getScheme(),
requestUri.getUserinfo(),
requestUri.getHost(),
requestUri.getPort(),
"/ping")
msg.getRequestHeader().setURI(requestUri);
print("Calling " + msg.getRequestHeader().getURI().toString() + " instead of " + originalRequestUri);
}
}
function responseReceived(msg, initiator, helper) {
}
Please don't hesitate to let me know if you see any possible performance improvement.
Thanks.