API Scanning - HTTPSender Script
28 views
Skip to first unread message
sonawan...@gmail.com
Sep 8, 2022, 12:04:29 PM9/8/22
to OWASP ZAP User Group
Hello,
I made one custom HTTPSender script which is working like expected but i am facing one other challenge now
I am trying to hit API and not passing any payload to it using Automated Scan (Attack Mode)
When i first start Attack -
- HTTPSender Scripts get triggered and it successfully inserts the API Key - result of this i get authenticated HTTP 400 status (as payload not supplied) - (i confirmed API logs - i am getting API Key from HTTPSender script) (I also i am echoing few lines in Script console)
- Now with all things as it is - when i again HIT the attack button - HTTPSender script is not getting triggered - but i am able to see 400 status message on UI (I am not able to see the echos in script console all though script is enabled)
i short if i get 400 response instead of 200 (Failed to Attack URL : received 400 response code, expected 200) - my httpsender script is failing to echo things in second attempt
even nothing is getting logged in zap.log
But i reload the entire session again - then only for first - HTTPSender script echo things correctly and again on second clicks on attack button - dont do anything
thc...@gmail.com
Sep 10, 2022, 7:08:44 AM9/10/22
to zaprox...@googlegroups.com
Hi.
The script not printing is:
https://github.com/zaproxy/zaproxy/issues/7435
It still prints but to the standard output instead of the Script Console.
Best regards.
On 08/09/2022 17:04, sonawan...@gmail.com wrote:
> Hello,
>
> I made one custom HTTPSender script which is working like expected but i am
> facing one other challenge now
>
> I am trying to hit API and not passing any payload to it using Automated
> Scan (Attack Mode)
> When i first start Attack -
>
> 1. HTTPSender Scripts get triggered and it successfully inserts the API
> all though script is enabled)*
>
> *i short if i get 400 response instead of 200 (Failed to Attack URL :
>
> *even nothing is getting logged in zap.log*
>
> *But i reload the entire session again - then only for first - HTTPSender
>
>
The script not printing is:
https://github.com/zaproxy/zaproxy/issues/7435
It still prints but to the standard output instead of the Script Console.
Best regards.
On 08/09/2022 17:04, sonawan...@gmail.com wrote:
> Hello,
>
> I made one custom HTTPSender script which is working like expected but i am
> facing one other challenge now
>
> I am trying to hit API and not passing any payload to it using Automated
> Scan (Attack Mode)
> When i first start Attack -
>
> Key - result of this i get authenticated HTTP 400 status (as payload not
> supplied) - (i confirmed API logs - i am getting API Key from HTTPSender
> script) (I also i am echoing few lines in Script console)
> 2. Now with all things as it is - when i again HIT the attack button -
> supplied) - (i confirmed API logs - i am getting API Key from HTTPSender
> script) (I also i am echoing few lines in Script console)
> HTTPSender script is not getting triggered - but i am able to see 400
> status message on UI *(I am not able to see the echos in script console
> all though script is enabled)*
>
> *i short if i get 400 response instead of 200 (Failed to Attack URL :
> received 400 response code, expected 200) - my httpsender script is failing
> to echo things in second attempt *
>
> *even nothing is getting logged in zap.log*
>
> *But i reload the entire session again - then only for first - HTTPSender
> script echo things correctly and again on second clicks on attack button -
> dont do anything*
>
>
sonawan...@gmail.com
Sep 11, 2022, 4:32:47 AM9/11/22
to OWASP ZAP User Group
Hello thc202
Thank you for help, i thought there is problem with my script :)
Reply all
Reply to author
Forward
0 new messages