英文:
How to use the spiderViewStatus Java API of OWASP ZAP to get the status/percentage of work done by the Spider?
问题
以下是您提供的内容的翻译:
我正在遵循 [使用 Spider](https://www.zaproxy.org/docs/api/#using-spider) 的 API 文档。基于 Java 的代码块效果很好,我获得了输出。
- 代码:
import java.util.List;
import org.zaproxy.clientapi.core.ApiResponse;
import org.zaproxy.clientapi.core.ApiResponseElement;
import org.zaproxy.clientapi.core.ApiResponseList;
import org.zaproxy.clientapi.core.ClientApi;
public class SpiderViewStatus {
private static final String ZAP_ADDRESS = "localhost";
private static final int ZAP_PORT = 8080;
// 根据 ZAP 中设置的 API 密钥进行更改,如果 API 密钥已禁用,则使用 NULL
private static final String ZAP_API_KEY = "93tpvc1c5ek2b94arh0e7c8he";
// 要测试的应用程序的 URL
private static final String TARGET = "https://public-firing-range.appspot.com";
//private static final String TARGET = "http://localhost:3000"; //Juice Shop
public static void main(String[] args) {
ClientApi api = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY);
try {
// 开始对目标进行爬行
System.out.println("Spidering target : " + TARGET);
ApiResponse resp = api.spider.scan(TARGET, null, null, null, null);
String scanID;
int progress;
// 扫描返回一个扫描 ID 以支持并发扫描
scanID = ((ApiResponseElement) resp).getValue();
// 轮询状态直到完成
while (true) {
Thread.sleep(1000);
progress = Integer.parseInt(((ApiResponseElement) api.spider.status(scanID)).getValue());
System.out.println("Spider progress : " + progress + "%");
if (progress >= 100) {
break;
}
}
System.out.println("Spider completed");
// 如有必要,对爬虫结果进行后处理
List<ApiResponse> spiderResults = ((ApiResponseList)
api.spider.results(scanID)).getItems();
for (ApiResponse spiderResult : spiderResults)
System.out.println(spiderResult);
// TODO: 使用 Ajax Spider 进一步探索应用程序,或开始扫描应用程序以查找漏洞
} catch (Exception e) {
System.out.println("Exception : " + e.getMessage());
e.printStackTrace();
}
}
}
- 输出:
Spidering target : https://public-firing-range.appspot.com
Spider progress : 0%
Spider progress : 66%
Spider progress : 100%
Spider completed
https://public-firing-range.appspot.com/sitemap.xml
https://public-firing-range.appspot.com/robots.txt
https://public-firing-range.appspot.com
在“查看状态”部分中,还提到要执行 [status API](https://www.zaproxy.org/docs/api/#spiderviewstatus) 来获取 Spider 完成的工作状态/百分比。然而,当我附加 [spiderViewStatus](https://www.zaproxy.org/docs/api/#spiderviewstatus) 的代码块:
- 代码块:
System.out.println("Spider completed");
// 如有必要,对爬虫结果进行后处理
//spiderViewStatus: https://www.zaproxy.org/docs/api/#spiderviewstatus
URL obj = new URL("http://zap/JSON/spider/view/status/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
// TODO: 使用 Ajax Spider 进一步探索应用程序,或开始扫描应用程序以查找漏洞
我遇到了 `java.net.UnknownHostException: zap` 错误,如下所示:
- 错误堆栈跟踪:
Spidering target : https://public-firing-range.appspot.com
Spider progress : 66%
Spider progress : 100%
Spider completed
Exception : zap
java.net.UnknownHostException: zap
at java.net.AbstractPlainSocketImpl.connect(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.SocksSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at sun.net.NetworkClient.doConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.<init>(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at ZAP_tests.SpiderViewStatus.main(SpiderViewStatus.java:52)
我已尝试将 `http://zap/JSON/spider/view/status/` 替换为 `http://localhost:8080/JSON/spider/view/status/`,但仍然出现相同的错误。
有谁可以帮帮我吗?
英文:
I was following the API documentation of Using Spider. The Java based code block works great and I get an output.
-
Code:
import java.util.List; import org.zaproxy.clientapi.core.ApiResponse; import org.zaproxy.clientapi.core.ApiResponseElement; import org.zaproxy.clientapi.core.ApiResponseList; import org.zaproxy.clientapi.core.ClientApi; public class SpiderViewStatus { private static final String ZAP_ADDRESS = "localhost"; private static final int ZAP_PORT = 8080; // Change to match the API key set in ZAP, or use NULL if the API key is disabled private static final String ZAP_API_KEY = "93tpvc1c5ek2b94arh0e7c8he"; // The URL of the application to be tested private static final String TARGET = "https://public-firing-range.appspot.com"; //private static final String TARGET = "http://localhost:3000"; //Juice Shop public static void main(String[] args) { ClientApi api = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY); try { // Start spidering the target System.out.println("Spidering target : " + TARGET); ApiResponse resp = api.spider.scan(TARGET, null, null, null, null); String scanID; int progress; // The scan returns a scan id to support concurrent scanning scanID = ((ApiResponseElement) resp).getValue(); // Poll the status until it completes while (true) { Thread.sleep(1000); progress = Integer.parseInt(((ApiResponseElement) api.spider.status(scanID)).getValue()); System.out.println("Spider progress : " + progress + "%"); if (progress >= 100) { break; } } System.out.println("Spider completed"); // If required post process the spider results List<ApiResponse> spiderResults = ((ApiResponseList) api.spider.results(scanID)).getItems(); for (ApiResponse spiderResult:spiderResults) System.out.println(spiderResult); // TODO: Explore the Application more with Ajax Spider or Start scanning the application for vulnerabilities } catch (Exception e) { System.out.println("Exception : " + e.getMessage()); e.printStackTrace(); } } }
-
Output:
Spidering target : https://public-firing-range.appspot.com Spider progress : 0% Spider progress : 66% Spider progress : 100% Spider completed https://public-firing-range.appspot.com/sitemap.xml https://public-firing-range.appspot.com/robots.txt https://public-firing-range.appspot.com
Within the View Status section it is also mentions to execute the status API to get the status/percentage of work done by the Spider. However when I append the code block of spiderViewStatus :
-
Code Block:
System.out.println("Spider completed"); // If required post process the spider results //spiderViewStatus: https://www.zaproxy.org/docs/api/#spiderviewstatus URL obj = new URL("http://zap/JSON/spider/view/status/"); HttpURLConnection con = (HttpURLConnection) obj.openConnection(); con.setRequestMethod("GET"); int responseCode = con.getResponseCode(); BufferedReader in = new BufferedReader( new InputStreamReader(con.getInputStream())); String inputLine; StringBuffer response = new StringBuffer(); while ((inputLine = in.readLine()) != null) { response.append(inputLine); } in.close(); System.out.println(response.toString()); // TODO: Explore the Application more with Ajax Spider or Start scanning the application for vulnerabilities
I am facing java.net.UnknownHostException: zap
as follows:
-
Error stacktrace:
Spidering target : https://public-firing-range.appspot.com Spider progress : 66% Spider progress : 100% Spider completed Exception : zap java.net.UnknownHostException: zap at java.net.AbstractPlainSocketImpl.connect(Unknown Source) at java.net.PlainSocketImpl.connect(Unknown Source) at java.net.SocksSocketImpl.connect(Unknown Source) at java.net.Socket.connect(Unknown Source) at java.net.Socket.connect(Unknown Source) at sun.net.NetworkClient.doConnect(Unknown Source) at sun.net.www.http.HttpClient.openServer(Unknown Source) at sun.net.www.http.HttpClient.openServer(Unknown Source) at sun.net.www.http.HttpClient.<init>(Unknown Source) at sun.net.www.http.HttpClient.New(Unknown Source) at sun.net.www.http.HttpClient.New(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at java.net.HttpURLConnection.getResponseCode(Unknown Source) at ZAP_tests.SpiderViewStatus.main(SpiderViewStatus.java:52)
I have tried to replace http://zap/JSON/spider/view/status/
with http://localhost:8080/JSON/spider/view/status/
still the same error.
Can anyone help me out please?
答案1
得分: 1
你已经在初始代码中使用api.spider.status(scanID)
调用了那个端点。
http://zap/
主机只在你通过ZAP代理时才起作用,而在你的第二段代码中似乎没有这样做。
英文:
You are already calling that endpoint in your initial code using api.spider.status(scanID)
The http://zap/
host only works if you are proxying through ZAP, which you don't appear to be in your second section of code.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论