additional AJAX spider configuration through Python API
60 views
Skip to first unread message
Vojtěch Polášek
Feb 27, 2017, 4:30:31 AM2/27/17
to zaprox...@googlegroups.com
Hi,
firstly, let me thank you for your help with Python API and AJAX spider.
I have noticed that there exist AJAX spider configuration options which
can be configured only through GUI but not through Python API. These
options specify HTML elements which will be accessed by spider. Do you
plan to add this to future API versions?
I am also interested in other features of Crawljax, which I suppose is
used as backend for AJAX spider. It had some interesting features, such
as option to specify URLs to be excluded from spidering, which are not
accessible from within Zaproxy. I could use this feature for example for
excluding the Login page or maybe some other URLs. Do you plan to add
this into Zaproxy/API?
Thank you and best regards,
Vojta
firstly, let me thank you for your help with Python API and AJAX spider.
I have noticed that there exist AJAX spider configuration options which
can be configured only through GUI but not through Python API. These
options specify HTML elements which will be accessed by spider. Do you
plan to add this to future API versions?
I am also interested in other features of Crawljax, which I suppose is
used as backend for AJAX spider. It had some interesting features, such
as option to specify URLs to be excluded from spidering, which are not
accessible from within Zaproxy. I could use this feature for example for
excluding the Login page or maybe some other URLs. Do you plan to add
this into Zaproxy/API?
Thank you and best regards,
Vojta
thc...@gmail.com
Feb 27, 2017, 4:46:24 AM2/27/17
to zaprox...@googlegroups.com
Hi.
> Do you plan to add this to future API versions?
Yes, all options should be accessible through the API. Could you raise
an issue for that? [1] (easier to track the changes)
> Do you plan to add this into Zaproxy/API?
It's already possible to exclude resources from the spiders (AJAX and
"traditional").
In GUI through the Sessions Properties dialogue, panel "Exclude from
Spider". [2]
For the API [3] it can be used:
zap.spider.exclude_from_scan("URL/regex", apikey)
[1] https://github.com/zaproxy/zaproxy/issues/new
[2]
https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsSessionSessprop#exclude-from-spider
[3] https://github.com/zaproxy/zaproxy/wiki/ApiGen_spider
Best regards.
> Do you plan to add this to future API versions?
an issue for that? [1] (easier to track the changes)
> Do you plan to add this into Zaproxy/API?
"traditional").
In GUI through the Sessions Properties dialogue, panel "Exclude from
Spider". [2]
For the API [3] it can be used:
zap.spider.exclude_from_scan("URL/regex", apikey)
[1] https://github.com/zaproxy/zaproxy/issues/new
[2]
https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsSessionSessprop#exclude-from-spider
[3] https://github.com/zaproxy/zaproxy/wiki/ApiGen_spider
Best regards.
Reply all
Reply to author
Forward
0 new messages