tag:blogger.com,1999:blog-5696563284753666742.post6323422341388082717..comments2023-12-01T23:54:48.780-05:00Comments on h3xStream's blog: New Burp/ZAP plugin : Script GeneratorPhilippe Arteauhttp://www.blogger.com/profile/12830184811509526452noreply@blogger.comBlogger10125tag:blogger.com,1999:blog-5696563284753666742.post-8203630194264948172014-01-20T15:00:23.642-05:002014-01-20T15:00:23.642-05:00Doh! Thanks :)Doh! Thanks :)Matthew Sullivanhttps://www.blogger.com/profile/08833807313251105320noreply@blogger.comtag:blogger.com,1999:blog-5696563284753666742.post-64283745864723961242014-01-17T21:55:54.544-05:002014-01-17T21:55:54.544-05:00I think you are using the first version.
Get the l...I think you are using the first version.<br />Get the latest version : https://github.com/h3xstream/http-script-generator<br /><br />Fix: https://github.com/h3xstream/http-script-generator/issues/2Philippe Arteauhttps://www.blogger.com/profile/12830184811509526452noreply@blogger.comtag:blogger.com,1999:blog-5696563284753666742.post-1190499970582506222014-01-16T14:12:36.312-05:002014-01-16T14:12:36.312-05:00Fantastic plugin, thanks for making it! I have on...Fantastic plugin, thanks for making it! I have one small bug to report: for the Python script generation, a variable 'headers' is generated, but not actually used in the subsequent request. For example:<br /><br />import requests<br /><br />session = requests.Session()<br /><br />headers = {"Accept-Encoding":"gzip, deflate","Accept-Language":"en-US,en;q=0.5","User-Agent":"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Connection":"keep-alive"}<br />response = session.get("http://www.example.org/")<br /><br />The session.get() method would need to be written as:<br />response = session.get("http://www.example.org/", headers=headers)<br /><br />Thanks!Matthew Sullivanhttps://www.blogger.com/profile/08833807313251105320noreply@blogger.comtag:blogger.com,1999:blog-5696563284753666742.post-82703762624920916082013-12-09T13:07:52.001-05:002013-12-09T13:07:52.001-05:00I'm not familiar with the marketplace publishi...I'm not familiar with the marketplace publishing. I have just post few questions on the mailing-list.<br /><br />I don't think editing and executing scripts within the proxy is a perfect approach. It's a big goal to replace powerful editors or IDE.<br />I have played with the scripting engine before (Javascript). I see few interesting use-cases including searching through the proxy request/response history.<br /><br />The Jython support is probably ok but again I need to stay away from my editor of choice (PyCharm) when writing scripts. Also, I don't think it is possible to divide a script in multiple files.Philippe Arteauhttps://www.blogger.com/profile/12830184811509526452noreply@blogger.comtag:blogger.com,1999:blog-5696563284753666742.post-80949196778042241562013-12-09T07:23:36.196-05:002013-12-09T07:23:36.196-05:00Very nice :)
Would you like this add-on to be adde...Very nice :)<br />Would you like this add-on to be added to the ZAP marketplace?<br />That way people could find and install it from within ZAP.<br />Have you thought about creating a new script within ZAP including the code you generate?<br />ZAP supports Ruby and Python with templates, and all JSR 223 compatible languages if you add the right jars to ZAP.<br /><br />Simon (ZAP Project Lead)Simon Bennettshttps://www.blogger.com/profile/04432171854745527524noreply@blogger.comtag:blogger.com,1999:blog-5696563284753666742.post-64447027671935494632013-12-08T18:14:15.619-05:002013-12-08T18:14:15.619-05:00Good catch. I'll include this fix next time I ...Good catch. I'll include this fix next time I do changes.Philippe Arteauhttps://www.blogger.com/profile/12830184811509526452noreply@blogger.comtag:blogger.com,1999:blog-5696563284753666742.post-8487874764735930172013-12-08T18:13:39.630-05:002013-12-08T18:13:39.630-05:00I didn't know about the tool. I will definitel...I didn't know about the tool. I will definitely try it!Philippe Arteauhttps://www.blogger.com/profile/12830184811509526452noreply@blogger.comtag:blogger.com,1999:blog-5696563284753666742.post-18631895055129681742013-12-06T20:30:58.976-05:002013-12-06T20:30:58.976-05:00A small improvement could be done: handle when the...A small improvement could be done: handle when the HTTP port is not standard :)Anonymoushttps://www.blogger.com/profile/02604104917909526531noreply@blogger.comtag:blogger.com,1999:blog-5696563284753666742.post-32221934716482035702013-12-06T12:28:41.102-05:002013-12-06T12:28:41.102-05:00Great work. A little off topic but I have solved t...Great work. A little off topic but I have solved the problem of accessing logs from Python and Ruby in a different way in IronWASP by embedding the scripting engines directly in to the tool and giving them complete access to the logs through an API.<br /><br />To pick log id 12 the code would be:<br />req = Request.FromProxyLog(12)<br /><br />To get both the request and response:<br />s = Session.FromProxyLog(12)<br />print s.Request.Url<br />print s.Response..Code<br /><br />You can find more details about the scripting from this blog post - http://blog.ironwasp.org/2013/10/solving-pentester-academy-web.html<br /><br />Give the tool a shot if you find some time, would love to hear your feedback on its scripting support!<br /><br />Cheers,<br />LavaIronWASPhttps://www.blogger.com/profile/09093073594939570479noreply@blogger.comtag:blogger.com,1999:blog-5696563284753666742.post-49025243398358694022013-12-06T10:48:24.948-05:002013-12-06T10:48:24.948-05:00Awesome tool. More usefull than Copy as curl comma...Awesome tool. More usefull than Copy as curl command. A nice to have is a save option in the extension. Good work!Cláudio Andréhttps://www.blogger.com/profile/14421182605198754906noreply@blogger.com