Groups keyboard shortcuts have been updated
Dismiss
See shortcuts
blocking certain HTTP methods
23 views
Skip to first unread message
Search
Oct 22, 2024, 10:16:19 AM10/22/24
to ZAP User Group
Hi,
function sendingRequest(msg, initiator, helper) {
var method = msg.getRequestHeader().getMethod();
// Block POST requests
if (method.equalsIgnoreCase("POST")) {
print("Blocking POST request: " + msg.getRequestHeader().getURI());
return;
}
}
function responseReceived(msg, initiator, helper) {
// No action required for responses in this case
}
I was exploring the automation framework for my openapi scans. I would like to block zap from sending requests to the DELETE method. I cannot exclude certain endpoints as there can be endpoint that use multiple methods. I turned to HTTP sender script and created a simple script to block POST request. The script console does say it blocked it which show it kinda works but I still see the request in the history and same for the active scan tabs and report.
The automation is as follows
env
The automation is as follows
env
http sender script
openapi
report
The script for blocking POST
The script for blocking POST
function sendingRequest(msg, initiator, helper) {
var method = msg.getRequestHeader().getMethod();
// Block POST requests
if (method.equalsIgnoreCase("POST")) {
print("Blocking POST request: " + msg.getRequestHeader().getURI());
return;
}
}
function responseReceived(msg, initiator, helper) {
// No action required for responses in this case
}
Simon Bennetts
Oct 24, 2024, 11:44:18 AM10/24/24
to ZAP User Group
Unfortunately we can't handle that in a very clean way right now.
I've raised an issue for it: https://github.com/zaproxy/zaproxy/issues/8686
That issue does include a workaround.
Feel free to comment on it, and as always give it a +1 in the first comment if you'd like us to prioritise it.
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages