Retrieving Requests from ZAP

[Charles Williams]

Hi ZAP Team,

I'm running ZAP via the Automation Framework, and I'm trying to set up some logging infrastructure to show what kinds of requests are being made by ZAP during testing. I know that this was logged in the history tab when I ran ZAP Desktop, I'm having trouble finding this history when running through the AF. I've tried going into the Docker container while it runs to view the log file, and while I see many messages like:

INFO  HostProcess - completed host/plugin http://hcp1:8000 | HtAccessScanRule in 1.74s with 14 message(s) sent and 0 alert(s) raised.

I'm looking for something like the history tab where I can see each request/response during the ZAP scan. How can I get this kind of verbose log from ZAP? I know there are the report types with requests and responses, but I need something that lists out every request, not just the ones that raise alerts.

Thank you!

 

[Simon Bennetts]

Hiya,

For that you'll need to implement a script.

Luckily we have written and documented one: https://www.zaproxy.org/docs/docker/diagnosing-problems/#investigating-non-trivial-issues

The docs dont currently cover enabling it via the Automation Framework by that should be easy via the script job: https://www.zaproxy.org/docs/desktop/addons/script-console/automation/

If you have problems getting it working then let us know.

And if you do get it working do you fancy submitting a PR to the above page with the instructions? :D

Cheers,

Simon

[Charles Williams]

Perfect, thank you! I got it working in my AF plan, here is the PR for the updated documentation: https://github.com/zaproxy/zaproxy-website/pull/926

[Simon Bennetts]

Many thanks!