Prosesor pesan HTTP

HTTP Message Processors can access and change the HTTP messages being fuzzed, control the fuzzing process, and interact with the ZAP UI.

Built-in HTTP Message Processors include:

Token anti-CSRF refresh

Memungkinkan untuk menyegarkan token anti-CSRF yang terdapat dalam permintaan. Token anti-CSRF harus benar terdeteksi oleh ZAP untuk dapat gunakan prosesor ini.
Untuk informasi lebih lanjut berkonsultasi halaman bantuan "Memulai" > "Fitur" > "Anti CSRF Token".
Catatan: Prosesor ini otomatis ditambahkan ke daftar prosesor, jika bukti anti-CSRF terdeteksi.

Fuzzer HTTP Processor (Script)

Memungkinkan untuk memilih naskah prosesor fuzzer HTTP yang diaktifkan. Naskah memungkinkan kamu untuk:

Mendapatkan daftar muatan
Hentikan fuzzing
Menambah hitungan kesalahan
Kirim pesan baru
Tambahkan pesan ke tab hasil
Set custom ‘state’ messages in the Fuzzer tab
Raise alerts

Scripts can include both Required and Optional parameters the values for which the user will be prompted to provide when the Processor is added to the fuzzer. The parameter names are defined within the script(s) via the methods getRequiredParamsNames and getOptionalParamsNames, each of which simply return an array of strings representing the parameters names.

Muatan Refleksi Detector

Indicates in the State column of results table if one of the injected payloads were found in the response, using "

Reflected".
Catatan: This processor is automatically added to the list of processors.

Request Content-Length Updater

Updates (or adds, if not already present) the Content-Length request header with the length of the request body, for all request methods. No change is done if the size of the request body is zero and the header is not already present.
Catatan: This processor is automatically added to the list of processors.

Tag Creator

Allows to add custom ‘tags’, based on contents of the response, to the State column of the results table.

Prosesor Pesan Pengguna

Allows to fuzz as a user, using one of the users defined in the Contexts that include the HTTP message being fuzzed. Users must exist to be able to select and add this processor.

Tambahan lainnya dapat mendefinisikan tambahan pesan prosesor HTTP.

Diakses melalui

Fuzzer dialog under Message Processors tab

Lihat juga

Fuzzer concepts