We will parse the target url to get the hostname and the port. However,
we will continue to honor user's decision should they give the plugin
the hostname and port explicilty. This is useful IF the plugin is incapable of
getting the right port or hostname. Some sites are known to have non-standard ports.
Currently this zap plugin uses the default base class implementation of get_site_info
so we don't recongize non-standard ports other than 80 and 443 for http and https,
respectively.
Update 3
We have to create an empty session, then we also need to ensure the session created for the site is named hostname:port rather than hostname.
If user wants to use basic auth, the user must supply the following information as part of configuration.
We need to write config.xml before the start of the zap server because we do not have API to configure authentication in ZAP after it is started up.
The session-based auth should work sites like wordpress, which rely on session tokens to determine whether a use ris logged in or not.
Update 1
This method is thought to be useful for many plugins and thus we have moved
get_site_infomethod to the base class.See https://github.com/mozilla/minion-backend/pull/164
Update 2
We will parse the target url to get the hostname and the port. However, we will continue to honor user's decision should they give the plugin the hostname and port explicilty. This is useful IF the plugin is incapable of getting the right port or hostname. Some sites are known to have non-standard ports. Currently this zap plugin uses the default base class implementation of
get_site_infoso we don't recongize non-standard ports other than 80 and 443 for http and https, respectively.Update 3
We have to create an empty session, then we also need to ensure the session created for the site is named
hostname:portrather thanhostname.