URL Encode "Assign variable via String & regex delimiters" in response
173 views
Skip to first unread message
Octavio Ricci
Sep 6, 2022, 12:12:40 PM9/6/22
to OWASP ZAP User Group
Hello there,
I´m creating a zest script that captures the token from the response login.
This token is needed then to authenticate (like a sso) to another site.
I´ve tried to capte this response token with the "Assign variable via String Delimiters" and also with "Assing variable via regex delimiters".
But I´m having two problems when I send this captured token to the other site:
1. It sends with a "new line separator" sign '+'
2. Need to send URL encoded
So, for the 1st problem, how could I transform the token to a one liner string without the new line separator?
,For the 2nd problem is there any standalone script which can URL encode this variable token?. Or is there any other better option to encode?
Thanks a lot !. Really appreciated any help
Below the picture
I´m creating a zest script that captures the token from the response login.
This token is needed then to authenticate (like a sso) to another site.
I´ve tried to capte this response token with the "Assign variable via String Delimiters" and also with "Assing variable via regex delimiters".
But I´m having two problems when I send this captured token to the other site:
1. It sends with a "new line separator" sign '+'
2. Need to send URL encoded
So, for the 1st problem, how could I transform the token to a one liner string without the new line separator?
,For the 2nd problem is there any standalone script which can URL encode this variable token?. Or is there any other better option to encode?
Thanks a lot !. Really appreciated any help
Below the picture
thc...@gmail.com
Sep 7, 2022, 5:08:51 AM9/7/22
to zaprox...@googlegroups.com
Hi.
See:
https://groups.google.com/d/msg/mozilla-zest/Eqsbwj6xN4w/XSvcreN0AQAJ
Best regards.
On 06/09/2022 17:12, Octavio Ricci wrote:
> Hello there,
>
> I´m creating a zest script that captures the token from the response login.
> This token is needed then to authenticate (like a sso) to another site.
>
> I´ve tried to capte this response token with the *"Assign variable via
> String Delimiters"* and also with *"Assing variable via regex delimiters"*.
> * 2. Need to send URL encoded*
See:
https://groups.google.com/d/msg/mozilla-zest/Eqsbwj6xN4w/XSvcreN0AQAJ
Best regards.
On 06/09/2022 17:12, Octavio Ricci wrote:
> Hello there,
>
> I´m creating a zest script that captures the token from the response login.
> This token is needed then to authenticate (like a sso) to another site.
>
> String Delimiters"* and also with *"Assing variable via regex delimiters"*.
>
> But I´m having two problems when I send this captured token to the other
> site:
> * 1. It sends with a "new line separator" sign '+'*
> But I´m having two problems when I send this captured token to the other
> site:
> * 2. Need to send URL encoded*
Octavio Ricci
Sep 7, 2022, 8:15:35 AM9/7/22
to zaprox...@googlegroups.com
Hi, i´m getting "Content No Available"
--
You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/WXCwPV2dkdg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/f270d60b-7dad-0ba4-7e98-f8cae28129fa%40gmail.com.
thc...@gmail.com
Sep 7, 2022, 8:48:28 AM9/7/22
to zaprox...@googlegroups.com
Sorry, this one should work:
https://groups.google.com/g/zaproxy-zest/c/Eqsbwj6xN4w/m/XSvcreN0AQAJ
The list was renamed a while back.
Best regards.
https://groups.google.com/g/zaproxy-zest/c/Eqsbwj6xN4w/m/XSvcreN0AQAJ
The list was renamed a while back.
Best regards.
Octavio Ricci
Sep 8, 2022, 5:57:22 PM9/8/22
to OWASP ZAP User Group
I´m new with Zest scripts, so It´s a bit difficult for my reading directy from the script ,
But I´ve seen the Zap Deep Dive - Scrips
But I´ve seen the Zap Deep Dive - Scrips
So, I create a standalone script called Encode with this code:
(Basically receives a value, and returns it encoded)
(Basically receives a value, and returns it encoded)
Then I create another standalone script2 (let´s call Script2), and I assign the "Encode" Script as a Zest Script action.
Also, in this Script2 i add a parameter called "token" and assign any value
Also, in this Script2 i add a parameter called "token" and assign any value
So, my question is how can I send from Script2 the token value to Encode Script, and received encoded.
Is there like a tutorial for newbies?. Because I can´t find anything from scratch.
Thanks a lot !
Is there like a tutorial for newbies?. Because I can´t find anything from scratch.
Thanks a lot !
Octavio Ricci
Sep 9, 2022, 4:00:22 PM9/9/22
to OWASP ZAP User Group
I try to reformulate the question.
How can I send from my zest script the value I want, to the Encode/Decode function (that url encodes the value it receives), and receive to a Zest Variable?
I´ve tried to add the "Encode/Decode" Script to my Zest standalone Sctipt, with the "Add Zest Action -> Action Script", but It seems that I can´t.
Thanks!
thc...@gmail.com
Sep 9, 2022, 5:05:09 PM9/9/22
to zaprox...@googlegroups.com
The Zest Action Parameters are converted to variables in the called
script, they will have the names/values as defined in the Action.
In your example, you called it "token" you should then use it as "token"
in your script and it will have the value "/?%=ANYTHING".
(If you want to pass dynamic values to the script you need to use a Zest
variable reference in the Value instead, e.g. {{MyZestVar}}.)
The Zest evaluates the provided script, it does not call any function
within it, the result of the evaluation is what will be set into the
Zest variable (as defined in the "Variable Name" field).
Should also note that the evaluation is converted to string (e.g. call
of Java's toString() method).
If you want to use that script you need to call the process function
yourself, e.g. at the end of the script do:
process(token)
but as mentioned above that will result in the toString() being called
on the EncodeDecodeResult object, which is not that helpful.
Best regards.
On 09/09/2022 21:00, Octavio Ricci wrote:
> I try to reformulate the question.
>
> How can I send from my zest script the value I want, to the Encode/Decode
> function (that url encodes the value it receives), and receive to a Zest
> Variable?
>
> I´ve tried to add the "Encode/Decode" Script to my Zest standalone Sctipt,
> with the "Add Zest Action -> Action Script", but It seems that I can´t.
>
> Thanks!
>
> El jueves, 8 de septiembre de 2022 a la(s) 18:57:22 UTC-3, Octavio Ricci
> escribió:
>
>> I´m new with Zest scripts, so It´s a bit difficult for my reading directy
>> from the script ,
>> But I´ve seen the Zap Deep Dive - Scrips
>>
>> So, I create a *standalone scrip*t called *Encode *with this code:
script, they will have the names/values as defined in the Action.
In your example, you called it "token" you should then use it as "token"
in your script and it will have the value "/?%=ANYTHING".
(If you want to pass dynamic values to the script you need to use a Zest
variable reference in the Value instead, e.g. {{MyZestVar}}.)
The Zest evaluates the provided script, it does not call any function
within it, the result of the evaluation is what will be set into the
Zest variable (as defined in the "Variable Name" field).
Should also note that the evaluation is converted to string (e.g. call
of Java's toString() method).
If you want to use that script you need to call the process function
yourself, e.g. at the end of the script do:
process(token)
but as mentioned above that will result in the toString() being called
on the EncodeDecodeResult object, which is not that helpful.
Best regards.
On 09/09/2022 21:00, Octavio Ricci wrote:
> I try to reformulate the question.
>
> How can I send from my zest script the value I want, to the Encode/Decode
> function (that url encodes the value it receives), and receive to a Zest
> Variable?
>
> I´ve tried to add the "Encode/Decode" Script to my Zest standalone Sctipt,
> with the "Add Zest Action -> Action Script", but It seems that I can´t.
>
> Thanks!
>
> El jueves, 8 de septiembre de 2022 a la(s) 18:57:22 UTC-3, Octavio Ricci
> escribió:
>
>> I´m new with Zest scripts, so It´s a bit difficult for my reading directy
>> from the script ,
>> But I´ve seen the Zap Deep Dive - Scrips
>>
>> (Basically receives a value, and returns it encoded)
>> [image: Encode_Script.jpg]
>>
>> Then I create *another standalone *script2 (let´s call *Script2*), and I
>> [image: Encode_Script.jpg]
>>
Octavio Ricci
Sep 11, 2022, 8:14:22 PM9/11/22
to OWASP ZAP User Group
Sorry, I´m very confused, I can´t understand
2. Script1 --> Add Zest Action --> Action Script (and I choose the Encode function)
1. Encode Function
2. Script1 --> Add Zest Action --> Action Script (and I choose the Encode function)
Here I don´t understand what do I have to put in "parameters". So I put in all "token" and in variable name "Encode".
I understand that I´m sending to my "Encode" function the value ({{token}}) and receiving from the "Encode" function the response in the variable name "encode". Am I right?
3. I create A Zest Action print
4. I run my script "Script" and I get this result
5. Do you know how to transform this result to a URL Encode string hash?.
6. The call to the process function could it be from outside of it? Because, I will need to call several times sending different values, not just "token".
Thanks in advance!.
thc...@gmail.com
Sep 12, 2022, 4:33:03 AM9/12/22
to zaprox...@googlegroups.com
2. Yes, that's correct, if you want to encode the value in the Zest
variable "token" and want to assign it to the Zest variable "encode".
5. That was mentioned in the other thread you can simply do, e.g.:
encodeURIComponent(token)
6. If you want to encode other values you just need to add several
Action Script statements with the variables you want.
Note that you can set the result to the variable you are passing in,
rather than create a new one.
Best regards.
On 12/09/2022 01:14, Octavio Ricci wrote:
> Sorry, I´m very confused, I can´t understand
>
> 1. Encode Function
> [image: Encode_Function.jpg]
>
>
> 2. Script1 --> Add Zest Action --> Action Script (and I choose the
> Encode function)
> Here I don´t understand what do I have to put in "parameters". So I put in
> all "token" and in variable name "Encode".
> I understand that I´m sending to my "*Encode*" function the value (
> *{{token}}*) and receiving from the "*Encode*" function the response in the
> variable name "*encode*". Am I right?
variable "token" and want to assign it to the Zest variable "encode".
5. That was mentioned in the other thread you can simply do, e.g.:
encodeURIComponent(token)
6. If you want to encode other values you just need to add several
Action Script statements with the variables you want.
Note that you can set the result to the variable you are passing in,
rather than create a new one.
Best regards.
On 12/09/2022 01:14, Octavio Ricci wrote:
> Sorry, I´m very confused, I can´t understand
>
> 1. Encode Function
> [image: Encode_Function.jpg]
>
>
> 2. Script1 --> Add Zest Action --> Action Script (and I choose the
> Encode function)
> Here I don´t understand what do I have to put in "parameters". So I put in
> all "token" and in variable name "Encode".
> *{{token}}*) and receiving from the "*Encode*" function the response in the
> variable name "*encode*". Am I right?
> [image: Script.jpg]
>
> 3. I create A Zest Action print
> [image: Zest-Action_print.jpg]
>
> 4. I run my script "*Script*" and I get this result
>
> 3. I create A Zest Action print
> [image: Zest-Action_print.jpg]
>
Octavio Ricci
Sep 12, 2022, 12:23:18 PM9/12/22
to OWASP ZAP User Group
REALLY APPRECIATED MATE !!
I made it work thanks to you.
Probable in the future I will have some new doubts, LOL!!
Again, thanks for your quick reply
Reply all
Reply to author
Forward
0 new messages