Import zap session from docker

[Tim]

Hi,

I am looking for a way to export a zap session after scanning a website with the docker scans, so I can have a look at all the send requests and responses to figure out which request caused a specific alert.

So far, I am using a the zap_pre_shutdown hook to save the session at the end and afterwards I call the pre_exit hook to copy the session files just like described at https://github.com/zaproxy/community-scripts/blob/main/scan-hooks/export_session.py

At the end, I receive the following files:

• <session-name>.session
• <session-name>.data
• <session-name>.lck
• <session-name>.log
• <session-name>.properties
• <session-name>.script

But when I open the .session file with owasp zap I can only see the used context but no other informations like any raised alerts or HTTP messages. The "Sites" tree on the left side is also still empty.

I guess the interesting things like HTTP messages history is contained in the <session-name>.data file? How can I import the data of this file in owasp zap?

Thanks in advance,

Tim

[Simon Bennetts]

Hi Tim,

I would have expected that to have worked :/

Do the session files look big enough?

Another alternative is to use the "-newsession <path>" command line option when starting ZAP.

https://www.zaproxy.org/docs/desktop/cmdline/

You wouldnt then need to save the session in zap_pre_shutdown, just copy the files in pre_exit.

Cheers,

Simon

[thc...@gmail.com]

How are you saving the session? I'd not have expected the lck file to
still exist if the session was properly saved/shutdown.

Best regards.

On 12/01/2023 14:23, Tim wrote:
> Hi,
>
> I am looking for a way to export a zap session after scanning a website
> with the docker scans, so I can have a look at all the send requests and
> responses to figure out which request caused a specific alert.
>
> So far, I am using a the zap_pre_shutdown hook to save the session at the
> end and afterwards I call the pre_exit hook to copy the session files just
> like described at
> https://github.com/zaproxy/community-scripts/blob/main/scan-hooks/export_session.py
>
> At the end, I receive the following files:
>

> - <session-name>.session
> - <session-name>.data
> - <session-name>.lck
> - <session-name>.log
> - <session-name>.properties
> - <session-name>.script

[Tim]

Hi,

so I tried a few things and my first approach that I already mentioned in my post seems to be working now. I don't know why it didn't work last week... (maybe I had a typing error somewhere)

That means I'm using hooks to save the session at the end and export it like below:

hook.py:

from shutil import copy2, copytree

import os.path

dev_path = '/home/zap/.ZAP_D'

rel_path = '/home/zap/.ZAP'

def zap_started(zap, target):

   zap.importurls.importurls('/zap/wrk/hooks/allURLs.txt')

def zap_pre_shutdown(zap):

   zap.core.save_session("app")

def pre_exit(fail_count, warn_count, pass_count):

   dir = rel_path

   if os.path.exists(dev_path + '/session'):

     dir = dev_path

   copytree(dir + '/session', '/zap/wrk/session')

   copy2(dir + '/zap.log', '/zap/wrk')

I receive then the following files:

• untitled1.data
• untitled1.properties
• untitled1.script
• app.session
• app.session.data
• app.session.lck
• app.session.log
• app.session.properties
• app.session.script

The "untitled1." files have the same size like the "app." files.

If I open now the app.session with zap it shows the full site tree, alerts and the requests which caused these alerts.

I also tried using the "-newsession <path>" command instead, which created the following files:

• app.session
• app.session.data
• app.session.log
• app.session.properties
• app.session.script

If I open this session file I still don't see any informations. Neither the site tree nor any alerts are displayed, though the size of the files seem to be fine.

Anyways, it works for me now.

Thanks for your help!

Best regards.

[Simon Bennetts]

Glad to hear its working - thanks for letting us know!

Simon