Skip to content

1.2. Basic Usage

gdgd009xcd edited this page Sep 7, 2020 · 47 revisions

1.2. Basic usage

  1. Install add-on file according to the ZAP add-on installation method (example: File menu "Load add-on file").
    ※ZAP add-on file is here:release page AddonInstall

  2. To display AutoMacroBuilder (hereinafter, This is called "MacroBuilder") panel,Right-click the + tab on the work panel at the upper right of the application's window and select [MacroBuilder] from the menu.
    Show_macrobuilder_panel

  3. After browsing the site via ZAPROXY, select the URL you want to execute from the tree node of the site map panel or the history panel, and select [AddToMacroBuilder] from the right click menu.
    sitemap_panel

  4. The language selection dialog is displayed. Check the displayed language and click the OK button.
    langselectdlog

  5. URL is added to Macro Builder's "Macro Request List" (hereinafter, this is called "RequestList"). Use the ▲UP/▼DOWN buttons to change the order of sequence (ascending order).
    sortAscentorder

  6. If you want to delete an unnecessary request, right-click on the request and select [Delete] menu.
    DeleteURL

  7. To configure CSRF parameter tracking, press the [Track] button at the top right of the MacroBuilder panel. The Macros are generated to track CSRF parameters. A save dialog is displayed to save the generated sequence of macros.
    TrackSAve

  8. The parameter list is displayed. A check mark is set for the parameter that is the target of tracking CSRF token. Change the setting if necessary.
    TrackTokenselect

  9. To send only one request manually, select the URL you want to send from the request list in the Macro Builder panel and select "Send Msg" from the right-click menu.The result is displayed in the "Request Response" column (red frame) of the MacroBuilder panel.
    ※Caution:MacroBuilder does not work when using the original ZAPROXY menu/buttons in the "Site Map Panel" or "History Panel". The sequence will only be peformed when using the menu/button in the "Macro Builder panel".
    SendMsg

  10. To execute ActiveScan, select the URL you want to scan from the request list in the MacroBuilder panel and select "Scan.." from the right-click menu.
    ActiveScan

  11. If you want to reassemble the request macro from the beginning, click the clear button to delete all parameters. clearmacro

Next

    

Clone this wiki locally