How do you pull out response headers from a msg response in Active scan scripts?

[JustG]

Hi All.

I have been trying all day to extract the data from a response in order to check whether a certain value exists for a certain header. Specifically, if Content-Type: contains "'application/x-java-serialized-object ".

I cannot see other avenues to explore in the active scan scripting interface so I am asking my question here. I hope someone can please help :-/

Example:

I am wondering what I should be placing instead of the "**********" so I can check the value of the Content-Type in Python.

cloneMsg = msg.getResponseHeader()**********.toString()
print(cloneMsg)

Warm regards

[thc...@gmail.com]

Hi.

You can put:
.hasContentType("application/x-java-serialized-object")


You can check which methods are available in the JavaDocs, e.g.:
https://javadoc.io/doc/org.zaproxy/zap

For the response header:
https://javadoc.io/static/org.zaproxy/zap/2.11.1/org/parosproxy/paros/network/HttpResponseHeader.html

Best regards.

On 15/01/2022 15:41, 'JustG' via OWASP ZAP User Group wrote:
> Hi All.
>
> I have been trying all day to extract the data from a response in order to
> check whether a certain value exists for a certain header. Specifically, if

> *Content-Type:* contains *"'application/x-java-serialized-object ".*

>
> I cannot see other avenues to explore in the active scan scripting
> interface so I am asking my question here. I hope someone can please help
> :-/
>

> *Example:*