Reputation: 509
How to automate fuzzing in ZAP?
We have a requirement as below to automate in ZAP
- Go through POST request in ZAP tool
- Identify values which got posted in Request tab
- Highlight the value passed(for example: to textarea field) and right click > goto Fuzzer
- Choose required injections like SQL Injection or RDF Injection etc.,
- Add payload
- Start fuzzer
Expected result would be to generate a comparison report of request before and after fuzzing is done.
Can this be automated in ZAP?
Upvotes: 0
Views: 531
Answers (1)
Reputation: 1528
Currently the Fuzzer doesn't have a web API. Largely due to the fact that we're lacking user input on how such functionality should work and what their expectations for it might be.
Here's the existing issue you should provide your feedback on: https://github.com/zaproxy/zaproxy/issues/1689
There is an unfinished PR adding an initial implementation, you could pull the PR branch and build the add-on for testing purposes and to potentially encourage the submitting user to complete it: https://github.com/zaproxy/zap-extensions/pull/2222
Upvotes: 0
Related Questions
- How to login and scan with OWASP Zap
- How to run ZAP scan in command line?
- OWASP's ZAP and the Fuzz ability
- zaproxy fuzzing hex payload processor
- ZAP: Mix manual browsing, active scanning and fuzzing for testing a very large Web application?
- OWASP ZAP: Enabling script
- Zap Python - auto generation
- ZAP scanning using different function test tools
- How to automate Fuzz operation in ZAP?
- ZAP: Execute Script