Resume aborted passive scan

51 views
Skip to first unread message

allej

unread,
Nov 29, 2021, 4:45:05 AM11/29/21
to OWASP ZAP User Group
Hi all

Just wondering if there is a way to resume processing of the passive scan queue after its interruption.
It would be usefull too to redo a passive scan on a persisted session, based on changed scan rules.

Any hints welcome...

Regards,
Jürg

Simon Bennetts

unread,
Nov 29, 2021, 4:48:12 AM11/29/21
to OWASP ZAP User Group
Hi Jürg,

What do you mean by an "interuption"?
Passive scanning should always happen.
If you want to rescan a request just make that request again, after you've changed the scan rules.
We currently dont have a way to re-scan historical requests without making them again.

Cheers,

Simon

allej

unread,
Nov 30, 2021, 9:04:50 AM11/30/21
to OWASP ZAP User Group
Hi Simon

Thanks for the reply. By interruption i meant closing ZAP - and confirming the dialog that working on the passive scan queue will be canceled. It would be great if processing the scan queue could be resumed after loading a persisted session.

Of course i could redo the request again, but in some cases that means a lot of work. And, if one thinks of the captured traffic as valuable data, i would like to work on this data later on, maybe with new and/or changed rules.

Regards,
Jürg

Simon Bennetts

unread,
Nov 30, 2021, 9:23:24 AM11/30/21
to OWASP ZAP User Group
Hi Jürg,

Hum ...
The passive scan queue is in fact just an integer which points to the relevant place in the History table: https://github.com/zaproxy/zaproxy/blob/87d026c3e669245d9e936000514e21a572d657a0/zap/src/main/java/org/zaproxy/zap/extension/pscan/PassiveScanThread.java#L67
Theres currently no way to control this outside of the relevant class ... but we could change that.
Setting it to -1 would cause the pssive scanning to restart, and setting it to the current end of the history table would skip passive scanning.
How would you like to be able to control this?
Via a script and/or the API?

Cheers,

Simon

allej

unread,
Nov 30, 2021, 9:40:02 AM11/30/21
to OWASP ZAP User Group
Hi

I see... I could definitely live with both approaches. Via API would be easier, i guess?

Regards,
Jürg

Simon Bennetts

unread,
Nov 30, 2021, 9:57:32 AM11/30/21
to OWASP ZAP User Group
Strictly speaking the script option is easier - we just have to expose a public setter (and getter) and then scripts will be able to change it.
But its not that much more work to add an API end point and its good practice to do so :)

Cheers,

Simon
Reply all
Reply to author
Forward
0 new messages