如何使用 OWASP ZAP 的 spiderViewStatus Java API 來獲取 Spider 完成工作的狀態/百分比?
[英]How to use the spiderViewStatus Java API of OWASP ZAP to get the status/percentage of work done by the Spider?
問題描述
我正在關注Using Spider的 API 文檔。 基於 Java 的代碼塊效果很好,我得到了 output。
代碼:
import java.util.List; import org.zaproxy.clientapi.core.ApiResponse; import org.zaproxy.clientapi.core.ApiResponseElement; import org.zaproxy.clientapi.core.ApiResponseList; import org.zaproxy.clientapi.core.ClientApi; public class SpiderViewStatus { private static final String ZAP_ADDRESS = "localhost"; private static final int ZAP_PORT = 8080; // Change to match the API key set in ZAP, or use NULL if the API key is disabled private static final String ZAP_API_KEY = "93tpvc1c5ek2b94arh0e7c8he"; // The URL of the application to be tested private static final String TARGET = "https://public-firing-range.appspot.com"; //private static final String TARGET = "http://localhost:3000"; //Juice Shop public static void main(String[] args) { ClientApi api = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY); try { // Start spidering the target System.out.println("Spidering target: " + TARGET); ApiResponse resp = api.spider.scan(TARGET, null, null, null, null); String scanID; int progress; // The scan returns a scan id to support concurrent scanning scanID = ((ApiResponseElement) resp).getValue(); // Poll the status until it completes while (true) { Thread.sleep(1000); progress = Integer.parseInt(((ApiResponseElement) api.spider.status(scanID)).getValue()); System.out.println("Spider progress: " + progress + "%"); if (progress >= 100) { break; } } System.out.println("Spider completed"); // If required post process the spider results List<ApiResponse> spiderResults = ((ApiResponseList) api.spider.results(scanID)).getItems(); for (ApiResponse spiderResult:spiderResults) System.out.println(spiderResult); // TODO: Explore the Application more with Ajax Spider or Start scanning the application for vulnerabilities } catch (Exception e) { System.out.println("Exception: " + e.getMessage()); e.printStackTrace(); } } }Output:
Spidering target: https://public-firing-range.appspot.com Spider progress: 0% Spider progress: 66% Spider progress: 100% Spider completed https://public-firing-range.appspot.com/sitemap.xml https://public-firing-range.appspot.com/robots.txt https://public-firing-range.appspot.com
在“查看狀態”部分中,還提到執行狀態 API以獲取蜘蛛完成工作的狀態/百分比。 但是,當我 append 的代碼塊spiderViewStatus :
代碼塊:
System.out.println("Spider completed"); // If required post process the spider results //spiderViewStatus: https://www.zaproxy.org/docs/api/#spiderviewstatus URL obj = new URL("http://zap/JSON/spider/view/status/"); HttpURLConnection con = (HttpURLConnection) obj.openConnection(); con.setRequestMethod("GET"); int responseCode = con.getResponseCode(); BufferedReader in = new BufferedReader( new InputStreamReader(con.getInputStream())); String inputLine; StringBuffer response = new StringBuffer(); while ((inputLine = in.readLine()).= null) { response;append(inputLine). } in;close(). System.out.println(response;toString()): // TODO: Explore the Application more with Ajax Spider or Start scanning the application for vulnerabilities
我面臨java.net.UnknownHostException: zap如下:
錯誤堆棧跟蹤:
Spidering target: https://public-firing-range.appspot.com Spider progress: 66% Spider progress: 100% Spider completed Exception: zap java.net.UnknownHostException: zap at java.net.AbstractPlainSocketImpl.connect(Unknown Source) at java.net.PlainSocketImpl.connect(Unknown Source) at java.net.SocksSocketImpl.connect(Unknown Source) at java.net.Socket.connect(Unknown Source) at java.net.Socket.connect(Unknown Source) at sun.net.NetworkClient.doConnect(Unknown Source) at sun.net.www.http.HttpClient.openServer(Unknown Source) at sun.net.www.http.HttpClient.openServer(Unknown Source) at sun.net.www.http.HttpClient.<init>(Unknown Source) at sun.net.www.http.HttpClient.New(Unknown Source) at sun.net.www.http.HttpClient.New(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at java.net.HttpURLConnection.getResponseCode(Unknown Source) at ZAP_tests.SpiderViewStatus.main(SpiderViewStatus.java:52)
我試圖用http://localhost:8080/JSON/spider/view/status/替換http://zap/JSON/spider/view/status/ /view/status/ 仍然是同樣的錯誤。
誰能幫幫我?
1 個解決方案
解決方案1
1 2020-05-19 13:59:17
您已經使用api.spider.status(scanID)在初始代碼中調用該端點
http://zap/主機僅在您通過 ZAP 進行代理時才有效,您的代碼的第二部分中似乎沒有。
如何使用 Chrome webdriver 和 java 啟動 OWASP ZAP 代理?
[英]How to start OWASP ZAP proxy with Chrome webdriver and java?
我如何告訴org.apache.http.impl.client.DefaultHttpClient使用OWASP Zed攻擊代理(ZAP)
[英]How do I tell org.apache.http.impl.client.DefaultHttpClient to use the OWASP Zed Attack Proxy (ZAP)
如何在jsp頁面上使用owasp-java-html-sanitizer的策略
[英]how to use policy of owasp-java-html-sanitizer on a jsp page
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
無法使用 zap-java-api 執行 zap 蜘蛛掃描
使用 OWASP Zap Api 進行掃描
如何使用 Chrome webdriver 和 java 啟動 OWASP ZAP 代理?
JAVA Owasp Zap SOAP XML 注入
owasp zap 如何檢查發布請求的漏洞
OWASP ZAP 代理凍結
使用Java設置硒中的Owasp Zap驅動程序
我如何告訴org.apache.http.impl.client.DefaultHttpClient使用OWASP Zed攻擊代理(ZAP)
如何在jsp頁面上使用owasp-java-html-sanitizer的策略
Java中如何使用org.owasp.encoder.Encode?
相關標簽