Proposal to Develop a Comprehensive Fuzzer API for ZAP
18 views
Skip to first unread message
Volkan Kutal
Oct 21, 2023, 4:58:24 PM10/21/23
to ZAP User Group
Hello ZAP Community,
I've been working with the ZAP Fuzzer, specifically using the jbrofuzz injection dataset targeting the login feature of Juice Shop. Throughout this process, I've identified certain areas where we could enhance the capabilities of our toolset.
While ZAP offers an export feature to CSV which is commendable, it doesn't include the 'Response' field, a crucial element that I believe would add significant depth to our data.
To further the capabilities of ZAP and streamline our workflow, I propose the development of a comprehensive API that can not only provide the above-mentioned structured information but also accommodate the automated inclusion of the 'Response' field.
With a strong belief in the potential of this enhancement, I'm ready to spearhead its development. I'm able to commit approximately 2 hours, 6 times a week, and while my hours may vary, my dedication to this project will remain unwavering. I'm aiming to fully automate this process, but I'm aware of the challenges that might arise and would greatly benefit from the collective wisdom of our community.
Your insights, guidance, and feedback would be invaluable to me as I take on this initiative. Together, we can elevate ZAP to new heights, offering even more versatile and comprehensive tools for our community.
Thank you for considering my proposal. I look forward to hearing your thoughts and suggestions.
Best regards,
Volkan
I've been working with the ZAP Fuzzer, specifically using the jbrofuzz injection dataset targeting the login feature of Juice Shop. Throughout this process, I've identified certain areas where we could enhance the capabilities of our toolset.
While ZAP offers an export feature to CSV which is commendable, it doesn't include the 'Response' field, a crucial element that I believe would add significant depth to our data.
To further the capabilities of ZAP and streamline our workflow, I propose the development of a comprehensive API that can not only provide the above-mentioned structured information but also accommodate the automated inclusion of the 'Response' field.
With a strong belief in the potential of this enhancement, I'm ready to spearhead its development. I'm able to commit approximately 2 hours, 6 times a week, and while my hours may vary, my dedication to this project will remain unwavering. I'm aiming to fully automate this process, but I'm aware of the challenges that might arise and would greatly benefit from the collective wisdom of our community.
Your insights, guidance, and feedback would be invaluable to me as I take on this initiative. Together, we can elevate ZAP to new heights, offering even more versatile and comprehensive tools for our community.
Thank you for considering my proposal. I look forward to hearing your thoughts and suggestions.
Best regards,
Volkan
Volkan Kutal
Oct 21, 2023, 5:09:06 PM10/21/23
to ZAP User Group
I'd like to point out that in black box testing scenarios, the detailed response body might not always be accessible. This nature of black box testing might limit the feasibility or usefulness of having the 'Response' field in certain contexts. Hence, while the idea has potential, it might be more appropriate to categorize it between "must-have" and "nice-to-have".
thc...@gmail.com
Oct 22, 2023, 4:11:49 AM10/22/23
to zaprox...@googlegroups.com
Hi,
Use the developer group for dev related subjects:
https://groups.google.com/group/zaproxy-develop
It's not clear to me what you are actually proposing. Enhance the export?
(Better continue in the developer group.)
Best regards.
Use the developer group for dev related subjects:
https://groups.google.com/group/zaproxy-develop
It's not clear to me what you are actually proposing. Enhance the export?
(Better continue in the developer group.)
Best regards.
Reply all
Reply to author
Forward
0 new messages