Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Port the watcher passive checks #244

Closed
zapbot opened this issue Jun 4, 2015 · 14 comments
Closed

Port the watcher passive checks #244

zapbot opened this issue Jun 4, 2015 · 14 comments

Comments

@zapbot
Copy link
Contributor

zapbot commented Jun 4, 2015

Watcher is an open source passive scanner: http://websecuritytool.codeplex.com/
It includes loads of useful checks, and has some very useful test pages: http://www.nottrusted.com/watcher/

It would be great if some or all of these could be ported to ZAP, and these could be
a great way to get started for anyone who is new to ZAP development.

So ... have a look at the testpages and update this issue if you are going to try to
implement one of the checks.

Note that these should be implemented as passive scanner rules: http://code.google.com/p/zaproxy/wiki/ScannerRules

If you have any implementation questions please post to the dev forum http://groups.google.com/group/zaproxy-develop
so everyone can benefit, and we'll try to improve the wiki as well.


Original issue reported on code.google.com by psiinon on 2011-11-24 16:55:14

@zapbot
Copy link
Contributor Author

zapbot commented Jun 4, 2015

Just added a wiki page  to cover all of these: https://code.google.com/p/zaproxy/wiki/WatcherRules
- please update this if you are working on any of them

Original issue reported on code.google.com by psiinon on 2011-12-30 15:04:17

@zapbot
Copy link
Contributor Author

zapbot commented Jun 4, 2015

Would like to take the porting of Check.Pasv.Java.ViewState.cs to refresh the JSF knowledge
and get a touch of passive scanning rules development. Should take about a week I guess
having looked briefly at the original CS code, but the updates will follow)

Original issue reported on code.google.com by serge.tsv on 2012-10-06 18:26:33

@zapbot
Copy link
Contributor Author

zapbot commented Jun 4, 2015

Great :)
I've updated the wiki page - let us know if you have any questions.

Many thanks,

Simon

Original issue reported on code.google.com by psiinon on 2012-10-08 09:01:44

@kingthorin
Copy link
Member

@kingthorin kingthorin added add-on enhancement IdealFirstBug An issue ideal for new contributors. Same as label "good first issue", kept for legacy reasons. and removed Type-Enhancement labels Jun 3, 2017
@thc202
Copy link
Member

thc202 commented Jun 3, 2017

That needs to be updated...

@kingthorin
Copy link
Member

Yup, on my list ...

@thc202
Copy link
Member

thc202 commented Jun 3, 2017

OK, I'll remove from mine then ;)

@kingthorin kingthorin added the good first issue An issue ideal for new contributors. label Oct 16, 2017
@kingthorin kingthorin added the HacktoberFest Issues which are good candidates for HacktoberFest: https://hacktoberfest.digitalocean label Oct 3, 2019
@kingthorin kingthorin removed the HacktoberFest Issues which are good candidates for HacktoberFest: https://hacktoberfest.digitalocean label Nov 4, 2019
psiinon added a commit to psiinon/zaproxy that referenced this issue Jun 24, 2020
@kingthorin kingthorin added the HacktoberFest Issues which are good candidates for HacktoberFest: https://hacktoberfest.digitalocean label Oct 1, 2020
@kingthorin kingthorin removed the HacktoberFest Issues which are good candidates for HacktoberFest: https://hacktoberfest.digitalocean label Nov 2, 2020
@kingthorin kingthorin added the HacktoberFest Issues which are good candidates for HacktoberFest: https://hacktoberfest.digitalocean label Oct 1, 2021
@kingthorin kingthorin removed the HacktoberFest Issues which are good candidates for HacktoberFest: https://hacktoberfest.digitalocean label Nov 4, 2021
@andregasser
Copy link

andregasser commented May 9, 2022

Hello everyone, I wanted to dig in a bit into ZAP Proxy to eventually contribute a bit to the project. I had a look at this wiki page here https://github.com/zaproxy/zaproxy/wiki/WatcherRules but unfortunately all the links related to the tool / rules to be ported have become invalid. Nevertheless, I found a .zip file containing the source that looks promising: http://www.java2s.com/Open-Source/CSharp_Free_Code/Security/Download_Watcher_Web_security_testing_tool_and_passive_vulnerability_scanner.htm

This issue was opened back in 2015. Is this still something to be done?

Thanks for an update on this issue 🙂

Cheers,
André

@andregasser
Copy link

@kingthorin @psiinon See my comment before.

@kingthorin
Copy link
Member

Heya, sorry for the delay. I’m not sure what’s left to tackle here. A few of the TLS items can’t actually be done (not easily anyway). For the others we would have to go through and see if there are any rules they map to.

@kingthorin
Copy link
Member

If you see something outstanding that seems at all interesting to you then yes please feel free to put together a PR.

@kingthorin
Copy link
Member

I propose that we close this issue and retire: https://github.com/zaproxy/zaproxy/wiki/WatcherRules. 90% of the rules were ported, and Watcher seems to have died. The majority of the content/links I could find for it lead to servers that no longer exist.

@kingthorin kingthorin added HacktoberFest Issues which are good candidates for HacktoberFest: https://hacktoberfest.digitalocean and removed HacktoberFest Issues which are good candidates for HacktoberFest: https://hacktoberfest.digitalocean labels Sep 23, 2022
@thc202 thc202 removed IdealFirstBug An issue ideal for new contributors. Same as label "good first issue", kept for legacy reasons. good first issue An issue ideal for new contributors. labels Sep 26, 2022
@github-actions
Copy link

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked and limited conversation to collaborators Dec 26, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Development

No branches or pull requests

4 participants