Child node problem

[JP]

Hello,

I have an application where thousands of child nodes are generated when I run our e2e tests though zap. Because of these child nodes, active scanning phase takes too much time(20h).

These problematic child nodes are like this:

...

action

POST:searchbyid()({"criteria":{"id":{"value":1000}}})

POST:searchbyid()({"criteria":{"id":{"value":1001}}})

POST:searchbyid()({"criteria":{"id":{"value":1002}}})

POST:searchbyid()({"criteria":{"id":{"value":1003}}})

...

How to make zap attack this http://../api/action/searchbyid only once and not thousands times?

Br, JP

[kingthorin+zap]

Check these docs: https://www.zaproxy.org/docs/desktop/start/features/structmods/

[JP]

Hi,

Yes I have allready checked those docs and tried to figure out how I could utilise data driven nodes but without success. Problem is that all those thousands of nodes are "lowest" on hierarchy and they have one common parent. So those thousands of POST nodes are lowest and have one common parent node "action". How to make ZAP see those POST nodes as one?

Br, JP

[JP]

Here was similar problem but no solution mentioned: https://groups.google.com/g/zaproxy-users/c/wRbXkXWOk1Y

[kingthorin+zap]

So you have different action(s) but not every ID for an action needs to be tried?

[JP]

I have and endpoint  ../api/action/searchbyid the problem is that each request to it (where only the request body json payload is different) is seen by ZAP as unique nodes creating hundreds of nodes. How to make zap attack this endpoint only once?

So hundreds of nodes like this under the same "action" parent:

POST:searchbyid()({"criteria":{"id":{"value":1000}}})