-
-
Notifications
You must be signed in to change notification settings - Fork 4
1.0. OverView
gdgd009xcd edited this page Jul 3, 2020
·
23 revisions
AutoMacroBuilder Extension for OWASP ZAP
1.0. Overview
AutoMacroBuilder provides various functions for vulnerability tests of multi-step sequence of request.
For details, refer to the sidebar menu on the right.
-
Basic usage
- record and play back the sequence of requests as Macro. You can test each request in Macro with ZAPROXY 's ActiveScan tool(Currently, Spider is not supported).
- The anti-CSRF token parameter is extracted from the sequence response. Click the [Track] button to display the parameter list, and the setting is completed simply by selecting the parameter to be tracked.
-
Custom function
-
Parameter extract with regex
if Parameters that are difficult to extract with the basic functions, they can be extracted from the response with the regular expressions. -
Incremental numeric parameter setting
You can embed the incremental numeric value to the request parameter. It can be used when it is necessary to set a unique value for each running. -
CSV column parameter setting
You can embed the value of the specified column in the CSV file to the request parameter. By saving value such as the registration code of a gift campaign site in the CSV file,It can be used when a unique registered value is required for each page crawling.
-
Parameter extract with regex
- [Scan Macro]Automatically scan each request in MacroBuilder's "Macro Request List" with scanner.