How can i capture request and response details of each attack ?
34 views
Skip to first unread message
Salman Lashkarara
Jun 27, 2024, 8:18:13 AM (6 days ago) Jun 27
to ZAP User Group
Hello,
I'm using Zap Proxy within a Docker container defined by this Dockerfile:
I'm intrigued by Zap's capability to inspect both request (headers and body) and response (headers and body) for each attack. For instance, I want to examine the request body of a SQL-Injection attack and analyze how my API responds to it.
Despite setting the logging level to DEBUG, I'm currently unable to capture the HTTP request and response for each attack during an active scan. With the current setup, all I see in the logs are entries like this:
Best regards
I'm using Zap Proxy within a Docker container defined by this Dockerfile:
FROM softwaresecurityproject/zap-bare
ENV ZAP_AUTO_UPDATE=false
EXPOSE 9090
CMD ["sh", "-c", "nohup zap.sh -daemon -port 9090 -config api.disablekey=true -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true -config view.mode=attack -host 0.0.0.0 -config network.localServers.mainProxy.behindNat=true -config network.connection.timeOutInSecs=120 -config network.httpState.timeoutInSecs=120 -config log.level=DEBUG & sleep 60 && curl 'http://localhost:9090/JSON/context/action/newContext/?contextName=ZAP_CONTEXT' && tail -f /dev/null"]
ENV ZAP_AUTO_UPDATE=false
EXPOSE 9090
CMD ["sh", "-c", "nohup zap.sh -daemon -port 9090 -config api.disablekey=true -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true -config view.mode=attack -host 0.0.0.0 -config network.localServers.mainProxy.behindNat=true -config network.connection.timeOutInSecs=120 -config network.httpState.timeoutInSecs=120 -config log.level=DEBUG & sleep 60 && curl 'http://localhost:9090/JSON/context/action/newContext/?contextName=ZAP_CONTEXT' && tail -f /dev/null"]
I'm intrigued by Zap's capability to inspect both request (headers and body) and response (headers and body) for each attack. For instance, I want to examine the request body of a SQL-Injection attack and analyze how my API responds to it.
Despite setting the logging level to DEBUG, I'm currently unable to capture the HTTP request and response for each attack during an active scan. With the current setup, all I see in the logs are entries like this:
2024-06-27 13:09:25 318242 [ZAP-Scanner-1] INFO org.parosproxy.paros.core.scanner.HostProcess - start host https://my-service.com | RemoteFileIncludeScanRule strength MEDIUM threshold MEDIUM
Best regards
Salman Lashkarara
Jul 1, 2024, 7:17:09 AM (yesterday) Jul 1
to ZAP User Group
Update:
Although i am not sure, but i tried the /JSON/core/view/messages/ and it gives me an array of below element.
{
"note": "",
"rtt": "20056",
"responseBody": "Failed to read https://my-service.com/path within 20 seconds, check to see if the site is available and if so consider adjusting ZAP's read time out in the Connection options panel.",
"cookieParams": "",
"requestBody": "my-request-body",
"responseHeader": "my-response-header",
"requestHeader": "My request-header-to https://my-service.com/path",
"id": "1",
"type": "1",
"timestamp": "1719489509000",
"tags": []
}
"note": "",
"rtt": "20056",
"responseBody": "Failed to read https://my-service.com/path within 20 seconds, check to see if the site is available and if so consider adjusting ZAP's read time out in the Connection options panel.",
"cookieParams": "",
"requestBody": "my-request-body",
"responseHeader": "my-response-header",
"requestHeader": "My request-header-to https://my-service.com/path",
"id": "1",
"type": "1",
"timestamp": "1719489509000",
"tags": []
}
This API provides requests and responses, but i need to know each of this request is created during which attack ? For example, what was the request and response while SQL-INJECTION ?
Is there anyway to find the link between the Alerts and Messages ?
Reply all
Reply to author
Forward
0 new messages