-
-
Notifications
You must be signed in to change notification settings - Fork 4
1.2. Basic Usage
1.2. Basic usage
-
Install add-on file according to the ZAP add-on installation method (example: File menu "Load add-on file").
※ZAP add-on file is here:release page -
To display AutoMacroBuilder (hereinafter, This is called "MacroBuilder") panel,Right-click the + tab on the work panel at the upper right of the application's window and select [MacroBuilder] from the menu.
-
After browsing the site via ZAPROXY, select the URL you want to execute from the tree node of the site map panel or the history panel, and select [AddToMacroBuilder] from the right click menu.
-
The language selection dialog is displayed. Check the displayed language and click the OK button.
-
URL is added to Macro Builder's "Macro Request List" (hereinafter, this is called "RequestList"). Use the ▲UP/▼DOWN buttons to change the order of sequence (ascending order).
-
If you want to delete an unnecessary request, right-click on the request and select [Delete] menu.
-
To configure CSRF parameter tracking, press the [Track] button at the top right of the MacroBuilder panel. The Macros are generated to track CSRF parameters. A save dialog is displayed to save the generated sequence of macros.
-
The parameter list is displayed. A check mark is set for the parameter that is the target of tracking CSRF token. Change the setting if necessary.
-
you can configure autoMacroBuilderMethod in ZAPPROXY Context support here: context support, then You can apply authentication with the autoMacroBuilderMethod.
If you does not configure autoMacroBuilderMethod in Context, MacroBuilder does not work when using the original ZAPROXY menu/buttons in the "Site Map Panel" or "History Panel". The sequence will only be peformed when using the menu/button in the "Macro Builder panel". below sections explain when does not configure Context with autoMacroBuilderMethod.
-
To send only one request manually, select the URL you want to send from the request list in the Macro Builder panel and select "Send Msg" from the right-click menu.The result is displayed in the "Request Response" column (red frame) of the MacroBuilder panel.
-
To execute ActiveScan, select the URL you want to scan from the request list in the MacroBuilder panel and select "Scan.." from the right-click menu.
-
If you want to reassemble the request macro from the beginning, click the clear button to delete all parameters.