I am using this command to do full scan on https://www.example.com.
docker run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-stable zap-full-scan.py
-t https://www.example.com -g gen.conf -r testreport.html
I need to add a http parameter for every http request.
Add http parameter like this www.example.com/toto?booking=true&satckoverflow=1.
I know that there is an add-extra-headers.js script inside http sender section of ZAP GUI. But I do not know how to use it when I do docker run zap-full-scan.
I can not do docker zap api scan.
Update:
The second solution proposed down was used and this is my script
var URL_TYPE = org.parosproxy.paros.network.HtmlParameter.Type.url;
var HtmlParameter = Java.type('org.parosproxy.paros.network.HtmlParameter');
var paramName = 'param1';
var paramValue = 'value1';
function sendingRequest(msg, initiator, helper) {
if (!msg.getRequestHeader().getURI().toString().contains(paramName + '=' + paramValue)) {
//You might want to add a check here for the proper domain or path as well..
var urlParams = msg.getUrlParams();
var newParam = new HtmlParameter(URL_TYPE, paramName, paramValue);
urlParams.add(newParam); // you could print this if you need to see what's up
msg.setGetParams(urlParams);
}
return msg;
}
function responseReceived(msg, initiator, helper) {
//Nothing to do here
}
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
