HTTP消息处理器
HTTP Message Processors can access and change the HTTP messages being fuzzed, control the fuzzing process, and interact with the ZAP UI.
内置HTTP消息处理器包括:
Anti-CSRF Token Refresher
允许刷新请求中包含的反CDRF令牌。必须通过ZAP正确检测到反CSRF令牌才能使用此处理器。
有关详情,请参阅帮助页面"入门">"功能">"反CSRF令牌"。
注意: 如果检测到反CSRF令牌,此处理器将自动添加到处理器列表中。
Fuzzer HTTP处理器(脚本)
允许选择启动的Fuzzer HTTP 处理器脚本。脚本允许您:
- 获取有效负载列表
- 停止模糊
- 增加错误计数
- 发送新消息
- 将消息添加到结果选项卡
- 在Fuzzer选项卡中设置自定义"状态"消息
- 引发警报
Scripts can include both Required and Optional parameters the values for which the user will be prompted to provide when the Processor is added to the fuzzer.
The parameter names are defined within the script(s) via the methods getRequiredParamsNames and getOptionalParamsNames, each of which
simply return an array of strings representing the parameters names.
有效负载反射探测器
Indicates in the State column of results table if one of the injected payloads were found in the response, using "
Reflected".
注意: This processor is automatically added to the list of processors.
请求内容长度更新器
Updates (or adds, if not already present) the Content-Length request header with the length of the request body,
for all request methods. No change is done if the size of the request body is zero and the header is not already present.
注意: This processor is automatically added to the list of processors.
Tag Creator
Allows to add custom ‘tags’, based on contents of the response, to the State column of the results table.
用户消息处理器
Allows to fuzz as a user, using one of the users defined in the Contexts that include the HTTP message being fuzzed. Users must
exist to be able to select and add this processor.
其他附件可以定义另外的HTTP消息处理器。
通过访问
另请参阅