Closed Marcio861 closed 2 years ago
Hi @Marcio861 That's a good idea! I haven't used Zap myself yet so I'll have a look at it in more detail and see if I can add a mode to process a Zap file aswell as a Burp file Thanks Xnl
@Marcio861, would you use the Report
-> Export Messages to File...
option to save the traffic you wanted and then want xnLinkFinder to search those requests and responses for links? I'm not too familiar with Owasp ZAP so just trying to figure out what file format and content I'd need to deal with
Format owasp zap .context
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-1
example tool gen scope bugbounty for burp and owasp zap: https://github.com/root4loot/rescope
@Marcio861, would you use the
Report
->Export Messages to File...
option to save the traffic you wanted and then want xnLinkFinder to search those requests and responses for links? I'm not too familiar with Owasp ZAP so just trying to figure out what file format and content I'd need to deal with
Is inverse, xnLinkFinder to owasp zap, or mixed, in owasp zap exist possible mixed tools , tools> options > application
but is possible running with anthentication cookie and header?
I'm not sure if I fully understand everything you are asking for...
When you say Is inverse, xnLinkFinder to owasp zap
, do you mean that when you use -i
argument as a URL (or file of URLs) that you want to proxy the requests to OWASP ZAP too?
You mentioned the tools> options > application
option, but that wouldn't really make sense to do because that just sends request data to an application... you would be making xnLinkFinder make every single request again to search the response. If your project has 100,000 requests and responses, you wouldn't want xnLinkFinder to then make 100,000 requests again to get the responses. You just want xnLinkFinder to search the responses you already have in the OWAPS ZAP project. To do that, you could select all of the history that you want to check, select Report
-> Export Messages to File...
and then use that input file as input for xnLinkFinder. I could certainly do a change to assist with that. It would work in the same way as passing a Burp XML file using -i
.
Lastly, your question but is possible running with anthentication cookie and header?
: yes you can use th -H
argument to add headers
perfect answer thank you very much
I possible version for owasp zap?