Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How to create the alert by script of ZAP

How to create the alert by script of ZAP

ZAPで指定文字列をアラート出力
-How to create the alert by script of ZAP-
@YuhoKameda

https://gist.github.com/ykame/d29027255483e365d695e239948b1174

Yuho Kameda

March 31, 2016
Tweet

More Decks by Yuho Kameda

Other Decks in Technology

Transcript

  1. // The scan function will be called for request/response made

    via ZAP, excluding some of the automated tools // Passive scan rules should not make any requests // Note that new passive scripts will initially be disabled // Right click the script in the Scripts tree and select "enable" function scan(ps, msg, src) { // (1) if (true) { // Change to a test which detects the vulnerability uri = msg.getRequestHeader().getURI().toString() // URI Check if (uri.indexOf('admin.jsp') > 0) { //raiseAlert(risk, int confidence, String name, String description, String uri, // String param, String attack, String otherInfo, String solution, String evidence, // int cweId, int wascId, HttpMessage msg) //risk: 0: info, 1: low, 2: medium, 3: high //confidence: 0: falsePositive, 1: low, 2: medium, 3: high, 4: confirmed ps.raiseAlert(1, 1, '[URI]admin.jsp!!', 'admin.jsp', msg.getRequestHeader().getURI().toString(), '', '', '', '', '', 0, 0, msg); } // (2) body = msg.getResponseBody().toString() // Body Check if (body.indexOf('admin.jsp') > 0) { ps.raiseAlert(1, 1, '[BODY]admin.jsp!!', 'admin.jsp', msg.getRequestHeader().getURI().toString(), '', '', '', '', '', 0, 0, msg); } } } https://gist.github.com/ykame/d29027255483e365d695e239948b1174 アラート生成のコメント