Skip to content

1.2. Basic Usage

Jump to bottom
gdgd009xcd edited this page Dec 6, 2024 · 51 revisions

1.2. Basic usage

  1. Install add-on file according to the ZAP add-on installation method (example: File menu "Load add-on file").
    ※ ZAP add-on file can be found here :release page
    ※ Addon file name is for example : requestRecorderForZAP-beta-1.2.1.zap
    AddonInstall AddonLoad

  2. To display RequestRecorder work panel,Right-click the + tab on the work panel at the upper right of the application's window and select [RequestRecorder] from the menu.
    Show_macrobuilder_panel
    The RequestRecorder work panel and status panel
    RequestRecorderView

  3. After browsing the site via ZAPROXY, select the URL you want to execute from the tree node of the site map panel or the history panel, and select [AddToRequestRecorder] from the right click menu.
    sitemap_panel

  4. The language selection dialog is displayed. Check the displayed language and click the OK button.
    langselectdlog

  5. URL is added to RequestRecorder's "RecordedRequestList" (hereinafter, this is called "RequestList"). Use the ▲UP/▼DOWN buttons to change the order of sequence (ascending order).
    sortAscentorder

  6. If you want to delete an unnecessary request, right-click on the request and select [Delete] menu.
    DeleteURL

  7. To configure CSRF parameter tracking, press the [Track] button at the top right of the RequestRecorder work panel. The Macros are generated to track CSRF parameters. A save dialog is displayed to save the generated sequence of macros.
    TrackSAve

  8. The parameter list is displayed. A check mark is set for the parameter that is the target of tracking CSRF token. Change the setting if necessary.
    TrackTokenselect

  9. you can configure requestRecorderMethod in ZAPPROXY Context support here: context support, then You can apply authentication with the requestRecorderMethod.

    caution

    If you does not configure requestRecorderMethod in Context, RequestRecorder does not work when using the original ZAPROXY menu/buttons in the "Site Map Panel" or "History Panel". The sequence will only be peformed when using the menu/button in the "RequestRecorder" work panel. below sections explain when does not configure Context with requestRecorderMethod.

  10. To send only one request manually, select the URL you want to send from the request list in the RequestRecorder work panel and select "Send Msg" from the right-click menu.The result is displayed in the "Request Response" column (red frame) of the RequestRecorder status panel.

    SendMsg

  11. To execute ActiveScan, select the URL you want to scan from the request list in the RequestRecorder panel and select "Scan.." from the right-click menu.
    ActiveScan

  12. If you want to reassemble the request sequence from the beginning, click the clear button to delete all parameters. clearmacro

Next

    

English manuals

1.2.Basic Usage

1.2.1. User Interface

1.3.Custom Function

1.3.1.Parameter extract with regex

1.3.2.Incremental numeric parameter setting

1.3.3.CSV column parameter setting

1.5 Conditional Parameter

1.6. ZAPROXY Context Support

1.7. Simultaneous multipre sequence scanning

1.8. Encoded Parameter Injector

Japanese manuals

2.1.セットアップ

2.2.基本的な使い方

2.3.カスタム機能

2.3.1. 引継パラメータの正規表現抽出

2.3.2. 数値昇順値パラメータ設定

2.3.3. CSVカラム値パラメータ設定

2.4.baseline/replaceモード

2.5. Conditional Parameter:指定した条件でパラメータ変更(ValidCondRegex)

2.6. ZAPROXY Context support

2.7. 複数httpリクエストシーケンス同時スキャン機能

Clone this wiki locally