1+ // This script appends the full request and response details to a specified file.
2+ // By default it will print out all messages but you can edit it to only print out the ones
3+ // that you are interested in.
4+ // It is a good option when trying to debug issues encountered when running ZAP in automation.
5+ //
6+ // The sendingRequest and responseReceived functions will be called for all requests/responses sent/received by ZAP,
7+ // including automated tools (e.g. active scanner, fuzzer, ...)
8+
9+ // To use this script in the Docker packaged scans use the scan-hook LogRequestsHook.py
10+ // This script can be used outside of docker but if so change the /zap/wrk/ directory to be a valid local directory.
11+
12+ // 'initiator' is the component the initiated the request:
13+ // 1 PROXY_INITIATOR
14+ // 2 ACTIVE_SCANNER_INITIATOR
15+ // 3 SPIDER_INITIATOR
16+ // 4 FUZZER_INITIATOR
17+ // 5 AUTHENTICATION_INITIATOR
18+ // 6 MANUAL_REQUEST_INITIATOR
19+ // 7 CHECK_FOR_UPDATES_INITIATOR
20+ // 8 BEAN_SHELL_INITIATOR
21+ // 9 ACCESS_CONTROL_SCANNER_INITIATOR
22+ // 10 AJAX_SPIDER_INITIATOR
23+ // For the latest list of values see the HttpSender class:
24+ // https://github.com/zaproxy/zaproxy/blob/main/zap/src/main/java/org/parosproxy/paros/network/HttpSender.java
25+ // 'helper' just has one method at the moment: helper.getHttpSender() which returns the HttpSender
26+ // instance used to send the request.
27+
28+ var SEP = '\n ---------------------------------' ;
29+ var Files = Java . type ( 'java.nio.file.Files' ) ;
30+ var Paths = Java . type ( 'java.nio.file.Paths' ) ;
31+ var StandardOpenOption = Java . type ( 'java.nio.file.StandardOpenOption' ) ;
32+
33+ // Change this as required - this works well in Docker as long as a suitable local directory has been mapped to it
34+ var f = Paths . get ( '/zap/wrk/req-resp-log.txt' ) ;
35+
36+ function appendToFile ( str ) {
37+ Files . write ( f , str . toString ( ) . getBytes ( ) , StandardOpenOption . CREATE , StandardOpenOption . APPEND ) ;
38+ }
39+
40+ function sendingRequest ( msg , initiator , helper ) {
41+ // You can change this to print out just the requests you want e.g. by surounding with an 'if' statement like:
42+ // if (msg.getRequestHeader().getURI().toString().startsWith('http://www.example.com'))
43+ // or
44+ // if (initiator == 5)
45+
46+ // Print everything on one line so that threads dont mix the output
47+ appendToFile ( SEP + 'ZAP Request Init=' + initiator + '\n' +
48+ msg . getRequestHeader ( ) . toString ( ) +
49+ SEP + 'ZAP Request Body\n' +
50+ msg . getRequestBody ( ) . toString ( ) +
51+ SEP + 'ZAP Request End' ) ;
52+ }
53+
54+ function responseReceived ( msg , initiator , helper ) {
55+ // Print everything on one line so that threads dont mix the output
56+ appendToFile ( SEP + 'ZAP Response Init=' + initiator + '\n' +
57+ msg . getResponseHeader ( ) . toString ( ) +
58+ SEP + 'ZAP Response Body\n' +
59+ msg . getResponseBody ( ) . toString ( ) +
60+ SEP + 'ZAP Response End' ) ;
61+ }
0 commit comments