From 4ab3456de40665b4f5406df3cff6deef85d3b3a8 Mon Sep 17 00:00:00 2001 From: ryo-endo Date: Wed, 8 Feb 2023 09:23:20 +0900 Subject: [PATCH] =?UTF-8?q?ZAP:=E3=82=BB=E3=82=AD=E3=83=A5=E3=83=AA?= =?UTF-8?q?=E3=83=86=E3=82=A3=E7=AE=A1=E7=90=86=E3=81=AE=E3=82=B7=E3=83=BC?= =?UTF-8?q?=E3=82=B1=E3=83=B3=E3=82=B9=E8=BF=BD=E5=8A=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- zap/scripts/admin_security.zst | 122 +++++++++++++++++++++++++++++++++ 1 file changed, 122 insertions(+) create mode 100644 zap/scripts/admin_security.zst diff --git a/zap/scripts/admin_security.zst b/zap/scripts/admin_security.zst new file mode 100644 index 00000000000..ccfd0f97a58 --- /dev/null +++ b/zap/scripts/admin_security.zst @@ -0,0 +1,122 @@ +{ + "about": "This is a Zest script. For more details about Zest visit https://developer.mozilla.org/en-US/docs/Zest", + "zestVersion": "0.6", + "generatedBy": "Sequence Script Template", + "title": "admin_security.zst", + "description": "An example empty sequence script. Add requests to populate the sequence.", + "prefix": "", + "type": "Active", + "parameters": { + "tokenStart": "{{", + "tokenEnd": "}}", + "tokens": {}, + "elementType": "ZestVariables" + }, + "statements": [ + { + "url": "https://ec-cube/admin/setting/system/security", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nsec-ch-ua: \"Not_A Brand\";v\u003d\"99\", \"Google Chrome\";v\u003d\"109\", \"Chromium\";v\u003d\"109\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"macOS\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "response": { + "url": "https://ec-cube/admin/setting/system/security", + "headers": "", + "body": "", + "statusCode": 200, + "responseTimeInMs": 45, + "elementType": "ZestResponse" + }, + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1675775557556, + "cookies": [], + "index": 1, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "fieldDefinition": { + "formIndex": 0, + "fieldName": "admin_security__token", + "elementType": "ZestFieldDefinition" + }, + "variableName": "csrf1", + "index": 2, + "enabled": true, + "elementType": "ZestAssignFieldValue" + }, + { + "url": "https://ec-cube/admin/setting/system/security", + "data": "admin_security%5B_token%5D\u003d{{csrf1}}\u0026admin_security%5Badmin_route_dir%5D\u003dadmin\u0026admin_security%5Badmin_allow_hosts%5D\u003d127.0.0.1%2F28\u0026admin_security%5Badmin_deny_hosts%5D\u003d127.0.0.1%2F28\u0026admin_security%5Bfront_allow_hosts%5D\u003d127.0.0.1%2F28\u0026admin_security%5Bfront_deny_hosts%5D\u003d127.0.0.1%2F28\u0026admin_security%5Btrusted_hosts%5D\u003d%5Eexample%5C.com%24\u0026admin_security%5Bforce_ssl%5D\u003d0", + "method": "POST", + "headers": "Proxy-Connection: keep-alive\r\nContent-Length: 456\r\nsec-ch-ua: \"Not_A Brand\";v\u003d\"99\", \"Google Chrome\";v\u003d\"109\", \"Chromium\";v\u003d\"109\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"macOS\"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ec-cube\r\nContent-Type: application/x-www-form-urlencoded\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\n", + "response": { + "url": "https://ec-cube/admin/setting/system/security", + "headers": "", + "body": "", + "statusCode": 302, + "responseTimeInMs": 2049, + "elementType": "ZestResponse" + }, + "assertions": [ + { + "rootExpression": { + "code": 302, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1675775607604, + "cookies": [], + "index": 3, + "enabled": true, + "elementType": "ZestRequest" + }, + { + "url": "https://ec-cube/admin/setting/system/security", + "data": "", + "method": "GET", + "headers": "Proxy-Connection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nsec-ch-ua: \"Not_A Brand\";v\u003d\"99\", \"Google Chrome\";v\u003d\"109\", \"Chromium\";v\u003d\"109\"\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: \"macOS\"\r\n", + "response": { + "url": "https://ec-cube/admin/setting/system/security", + "headers": "", + "body": "", + "statusCode": 200, + "responseTimeInMs": 4533, + "elementType": "ZestResponse" + }, + "assertions": [ + { + "rootExpression": { + "code": 200, + "not": false, + "elementType": "ZestExpressionStatusCode" + }, + "elementType": "ZestAssertion" + } + ], + "followRedirects": false, + "timestamp": 1675775609657, + "cookies": [], + "index": 4, + "enabled": true, + "elementType": "ZestRequest" + } + ], + "authentication": [], + "index": 0, + "enabled": true, + "elementType": "ZestScript" +} \ No newline at end of file