Slide 16
Slide 16 text
// The scan function will be called for request/response made via ZAP, excluding some of the automated tools
// Passive scan rules should not make any requests
// Note that new passive scripts will initially be disabled
// Right click the script in the Scripts tree and select "enable"
function scan(ps, msg, src) {
// (1)
if (true) { // Change to a test which detects the vulnerability
uri = msg.getRequestHeader().getURI().toString()
// URI Check
if (uri.indexOf('admin.jsp') > 0) {
//raiseAlert(risk, int confidence, String name, String description, String uri,
// String param, String attack, String otherInfo, String solution, String evidence,
// int cweId, int wascId, HttpMessage msg)
//risk: 0: info, 1: low, 2: medium, 3: high
//confidence: 0: falsePositive, 1: low, 2: medium, 3: high, 4: confirmed
ps.raiseAlert(1, 1, '[URI]admin.jsp!!', 'admin.jsp',
msg.getRequestHeader().getURI().toString(),
'', '', '', '', '', 0, 0, msg);
}
// (2)
body = msg.getResponseBody().toString()
// Body Check
if (body.indexOf('admin.jsp') > 0) {
ps.raiseAlert(1, 1, '[BODY]admin.jsp!!', 'admin.jsp',
msg.getRequestHeader().getURI().toString(),
'', '', '', '', '', 0, 0, msg);
}
}
} https://gist.github.com/ykame/d29027255483e365d695e239948b1174
アラート生成のコメント