Automation Framework OpenAPI Formhandler

[Harald Kuchen]

Hey sorry if this question seems dumb but i couldnt find any information about this topic. 

Is it currently possible to use the form handler while using the automation framework and OpenAPI?

My reasoning is we have a endpoint with a form which needs specific input parameters. (For example creditcard infos or ids) 

Zap usally fills these empty text with John Doe or something similar. 

{"id":10,"clientId":"John Doe".......}

I think the form handler is exactly what i need to manipulate the input so i can use very specific parameters to fill in these endpoints forms.

Any ideas how to do that with the automation framework?

[thc...@gmail.com]

Hi.

The Form Handler add-on does not yet provide an Automation job:
https://github.com/zaproxy/zaproxy/issues/6461

You would have to define the values through the configs, e.g.:
https://www.zaproxy.org/faq/how-do-you-find-out-what-key-to-use-to-set-a-config-value-on-the-command-line/

Best regards.

[Harald Kuchen]

Wow thank you for the quick reply. So using the -config should work?

 I am using the docker container and tried now with multiple command varriations but cant quite get it to work.

docker pull owasp/zap2docker-stable && docker run -v $(pwd):/zap/wrk/:rw --rm -v -t owasp/zap2docker-stable bash -c "zap.sh -cmd -autorun /zap/wrk/api.yaml" -z \
"-config formhandler.fields.field\(0\).fieldId= clientId  \
-config formhandler.fields.field\(0\).value=REPLACEDVALUE \
-config formhandler.fields.field\(0\).enabled=true"

After executing it seems like nothing happend.

Is it possible that you can provide an example?