{"id":25406039,"url":"https://github.com/gdgd009xcd/RequestRecorder","last_synced_at":"2025-10-31T01:31:57.453Z","repository":{"id":37283540,"uuid":"276077630","full_name":"gdgd009xcd/RequestRecorder","owner":"gdgd009xcd","description":"A  ZAPROXY Add-on that allows testing of web application vulnerabilities by recording complex multi-step sequences.  You can test applications that need to access pages in a specific order, such as shopping carts or registration of member information. ","archived":false,"fork":false,"pushed_at":"2024-12-25T08:16:54.000Z","size":53049,"stargazers_count":22,"open_issues_count":0,"forks_count":4,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-12T16:59:02.408Z","etag":null,"topics":["activescan","addon","authentication","csrf","multistep","multistep-form","security","security-testing","security-tools","vulnerability-scanners","web-security","webcrawler","websecurity","zap-extension","zaproxy"],"latest_commit_sha":null,"homepage":"https://gdgd009xcd.github.io/RequestRecorder/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gdgd009xcd.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"gdgd009xcd","patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":null}},"created_at":"2020-06-30T11:17:30.000Z","updated_at":"2024-12-25T08:12:57.000Z","dependencies_parsed_at":"2023-10-11T02:50:48.026Z","dependency_job_id":"f1835e06-75f4-4626-a7f6-d33ff6f48cd9","html_url":"https://github.com/gdgd009xcd/RequestRecorder","commit_stats":null,"previous_names":["gdgd009xcd/requestrecorder"],"tags_count":34,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gdgd009xcd%2FRequestRecorder","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gdgd009xcd%2FRequestRecorder/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gdgd009xcd%2FRequestRecorder/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gdgd009xcd%2FRequestRecorder/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gdgd009xcd","download_url":"https://codeload.github.com/gdgd009xcd/RequestRecorder/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239088383,"owners_count":19579434,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["activescan","addon","authentication","csrf","multistep","multistep-form","security","security-testing","security-tools","vulnerability-scanners","web-security","webcrawler","websecurity","zap-extension","zaproxy"],"created_at":"2025-02-16T05:05:27.762Z","updated_at":"2025-10-31T01:31:56.318Z","avatar_url":"https://github.com/gdgd009xcd.png","language":"Java","readme":"## RequestRecorder for ZAP. \n\n\nRequestRecorder is an extension of Zed Attack Proxy(ZAP). You can test applications that need to access pages in a specific order, such as shopping carts or registration of member information. This Extension records the http request sequence of the web application, tracks the anti-CSRF token and session cookies, and can tests it by ZAPROXY tools(ActiveScan).  \nTo summarize the above, this addon can build multistep request sequence without scripting,\nand can use them with tool such as scanners or manual request on ZAP.\n\n![LANG](https://img.shields.io/github/languages/top/gdgd009xcd/AutoMacroBuilderForZAP)\n![LICENSE](https://img.shields.io/github/license/gdgd009xcd/AutoMacroBuilderForZAP)\n\n![typical usage](assets/images/typical.gif)\n\n## Prerequisite\n\n* ZAP ver 2.13.0 or later\n* java ver 11 or later\n\n## how to use   \n\nClick here below:　\u003cBR\u003e\n　　\u003cA href=\"https://github.com/gdgd009xcd/RequestRecorder/wiki/1.0.-OverView\"\u003eEnglish manuals\u003c/A\u003e\u003cBR\u003e\n　　\u003cA href=\"https://github.com/gdgd009xcd/RequestRecorder/wiki/2.0.%E6%A6%82%E8%A6%81%EF%BC%88%E6%97%A5%E6%9C%AC%E8%AA%9E%EF%BC%89\"\u003eJapanese manuals\u003c/A\u003e \u003cBR\u003e\n\n\n\n##  a member registration sample web test results.\nI tested member registration my sample page which has CSRF token. below is result:  \n\nTest Environment: \u003cA href=\"https://github.com/gdgd009xcd/WEBSAMPSQLINJ\"\u003eWEBSAMPSQLINJ\u003c/A\u003e Docker image(docker-compose)  \nScantarget: [Modify User] 3.2.moduser.php (See \u003cA href=\"https://github.com/gdgd009xcd/WEBSAMPSQLINJ#sitemap\"\u003eSitemap\u003c/A\u003e)  \nZAPROXY Version: 2.10.0-SNAPSHOT  \nAddon: RequestRecorder ver0.9.6, ActiveScan rule addons(See below).  \nZAPROXY Mode: Standard mode  \n\n\u003ctable style=\"font-size: 70%;\"\u003e\n \u003ctr\u003e\u003cth\u003eurl\u003c/th\u003e\u003cth\u003eparameter\u003c/th\u003e\u003cTH\u003eAdvanced SQLInjection Scanner \u003cBR\u003eVer13 beta\u003c/TH\u003e\u003cTH\u003e\u003cA HREF=\"https://github.com/gdgd009xcd/CustomActiveScanForZAP\"\u003eCustomActiveScan \u003cBR\u003ever0.0.1 alpha\u003c/A\u003e\u003c/TH\u003e\u003c/tr\u003e\n \u003ctr\u003e\u003ctd\u003ehttp://localhost:8110/moduser.php\u003c/td\u003e\u003ctd\u003epassword\u003c/td\u003e\u003cTD\u003eDETECTED\u003cBR\u003e(time based\u003cBR\u003epg_sleep(5))\u003c/TD\u003e\u003cTD\u003eDETECTED(boolean based)\u003c/TD\u003e\u003c/tr\u003e\n  \u003ctr\u003e\u003ctd\u003ehttp://localhost:8110/moduser.php\u003c/td\u003e\u003ctd\u003eage\u003c/td\u003e\u003cTD\u003eDETECTED\u003cBR\u003e(time based\u003cBR\u003epg_sleep(5))\u003c/TD\u003e\u003cTD\u003eDETECTED(boolean based)\u003c/TD\u003e\u003c/tr\u003e\n \u003c/table\u003e\n\n\n\n## Download \u0026 Building in Ubuntu\n\nThe add-on is built with [Gradle]: https://gradle.org/  \n\n### build with command line tools(Ubuntu)\n\nTo download \u0026 build this addon, simply run:  \n\n    $ git clone https://github.com/gdgd009xcd/RequestRecorder.git \n    $ cd RequestRecorder/  \n    $ ./gradlew addOns:requestRecorderForZAP:jarZapAddOn  \n\nThe add-on will be placed in the directory `RequestRecorder/addOns/requestRecorderForZAP/build/zapAddOn/bin`\n\n    $ cd addOns/requestRecorderForZAP/build/zapAddOn/bin  \n    $ ls  \n    requestRecorderForZAP-beta-1.2.1.zap  \n    $   \n\n* Gradle builds may fail due to network connection timeouts for downloading dependencies. If you have such problems, please retry the gradlew command each time. or you can download addon file from [release page](https://github.com/gdgd009xcd/RequestRecorder/releases)\n\n### build with IntelliJ IDEA(Hereafter referred to as IJ)\n\n1. Start IJ, click [Clone Repository]\n1. Specify URL of repository. for example: https://github.com/gdgd009xcd/RequestRecorder.git\n1. Click [Clone]. IJ's IDE is opened.\n1. In the IJ's IDE, To display the Gradle tool window,\u003cbr\u003e select menu:[View-\u003eTool Windows-\u003eGradle] or click [gradle] icon.\u003cbr\u003e It shows a tree of Gradle tasks.\n1. Double click gradle task named:\u003cbr\u003e[zap-extensions-\u003eTasks-\u003ebuild-\u003ejarZapAddon]\n1. The addon zap file will be placed in the directory:\u003cbr\u003e`RequestRecorder/addOns/requestRecorderForZAP/build/zapAddOn/bin`\n\n## install\n\nThis addon is 3rd party addon, so you must add this addon file to ZAPROXY manually. this addon does not have any telemetry feature.\n\n1. get addon file requestRecorderForZAP-xxx-n.n.n.zap on [this release page](https://github.com/gdgd009xcd/RequestRecorder/releases)\n1. Start ZAPROXY in your PC's Desktop.  \n1. Install add-on requestRecorderForZAP-xxx-n.n.n.zap file according to the ZAP add-on installation method (example: File menu \"Load add-on file\").\u003cBR\u003e\n![AddonInstall](https://raw.githubusercontent.com/gdgd009xcd/RELEASES/master/IMG/ZAP/addoninst.png)\u003cBR\u003e    \n1. restart zap(sorry, currently this addon does not work unless restart zap after install it.)\n\n## FAQ\n### FAQ is [here](https://github.com/gdgd009xcd/RequestRecorder/wiki/9.1.-FAQ)\n\n## Author \n### [gdgd009xcd](https://gdgd009xcd.github.io/)\n\n\n\n\n","funding_links":["https://github.com/sponsors/gdgd009xcd"],"categories":["Java"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgdgd009xcd%2FRequestRecorder","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgdgd009xcd%2FRequestRecorder","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgdgd009xcd%2FRequestRecorder/lists"}