kozmic
commented
11 years ago +1 this would be awesome :)
Closed eoftedal closed 9 years ago
kozmic
commented
11 years ago +1 this would be awesome :)
h3xstream
commented
11 years ago I have started a zap plugin that look for "generic" JavaScript vulnerability signatures. Maybe I could integrate the version checks. https://github.com/h3xstream/rhinauditor
psiinon
commented
9 years ago A student (Nikita Mundhada) has now implemented a ZAP retire.js plugin:) The code is currently here: https://github.com/nikmmy/retire/tree/master/src/org/zaproxy/zap/extension/retire although it may get moved to a ZAP repo at some stage. I've published the add-on to the ZAP Marketplace.
eoftedal
commented
9 years ago @psiinon GREAT!
eoftedal
commented
9 years ago @psiinon I'm looking at the code now, but I have some problems compiling. Missing a library /home/nikita/jexcelapi/jxl.jar Also there are loads of empty folders etc. in this repo. What files are actually needed for such a plugin?
psiinon
commented
9 years ago Yeah, the repo is a bit over the top as its a full copy of one of our zap-extensions branches ;) The code for this add-on is actually just the code in the directory I linked to above. I removed the jxl.jar from the project as it doesnt appear to be used. I then ran the 'build-all' ant task in https://github.com/nikmmy/retire/blob/master/build/build.xml and that generated the add-on in the build/zap-exts directory. Let me know if you have any more problems with it.
eoftedal
commented
9 years ago Ok, I'll go through the code. I already see some issues that need to be resolved.
h3xstream
commented
9 years ago Alternative plugin for ZAP : https://github.com/h3xstream/burp-retire-js I focus initially on the Burp version but ZAP support is now included.
Passively scan js-files flying by and report.
Use this as inspiration: https://code.google.com/p/zap-extensions/wiki/AddOn_techDetection
See here for how to get it into the ZAP marketplace: http://code.google.com/p/zaproxy/wiki/RelatedProjects