thc202
commented
1 year ago I thought the browser extension would send the (raw) events to the add-on which would then process them to Zest statements.
Closed aryangupta701 closed 1 year ago
thc202
commented
1 year ago I thought the browser extension would send the (raw) events to the add-on which would then process them to Zest statements.
aryangupta701
commented
1 year ago We can use stringify operation to convert these class objects into strings and pass through reportObjects/reportEvents. What do you think about it ?
aryangupta701
commented
1 year ago Also doing these stuff in the browser extension side and then sending to ZAP will be more easier than to pass raw events IMO.
aryangupta701
commented
1 year ago Also, we only don't want the user to use our browser extension along with ZAP. The user can also record the zest script, save it and then upload it in ZAP. So in that case also we need to process everything in the browser extension side.
thc202
commented
1 year ago That's a good point but it also means we'll need to replicate the Zest script and statements here.
aryangupta701
commented
1 year ago yes
Pamplemousse
commented
1 year ago FYI, I had started https://github.com/Pamplemousse/interactions_compiler with a similar idea in mind: create some kind of "compiler" that would transform "representation of events collected in the browser" to Zest scripts.
The representation of events was based on what was collected using https://github.com/zaproxy/front-end-tracker , but it could be updated to be a serialized RecordedEvent[]...
I picked rust because it could be compiled to web-assembly and embedded into JS, or extensions, or even maybe ZAP itself.
added classes to report zest events such as mouseover, clicks, sendkeys etc.