更正 sendHarRequest 的 HAR 格式
Correct HAR format for sendHarRequest
我正在尝试通过本地提供的 OWASP ZAP API 测试 sendHarRequest 函数,以便通过 ZAP 发送 POST 请求。
我已经尝试使用 ZAP 编码器将我的请求编码为其他格式,但是也没有成功。
{
"request": {
"method": "POST",
"url": "http://service.com/questions/depot?include-backend-answers=false",
"cookies": [],
"headers": [
{
"name": "Accept",
"value": "application/json, text/plain, */*"
},
{
"name": "Content-Type",
"value": "application/json;charset=UTF-8"
}
],
"queryString": [
{
"name": "include-backend-answers",
"value": "true"
}
],
"postData": {
"mimeType": "application/json;charset=UTF-8",
"params": [],
"text": "{\"answerQuestionWrappers\":[{\"questionId\":\"QUESTION_BENEFICIARY\",\"answers\":[{\"optionId\":\"BENEFICIARY_OPTION_1\",\"value\":1}]},{\"questionId\":\"QUESTION_PENSION_PLAN\",\"answers\":[{\"optionId\":\"PENSION_PLAN_OPTION_1\",\"value\":1}]},{\"questionId\":\"QUESTION_PENSION_INFO\",\"answers\":[{\"optionId\":\"PENSION_INFO_OPTION_1\",\"groupId\":null,\"followUp\":null,\"followUpContainsCheckbox\":null,\"followUpOnly\":null,\"value\":1}]}]}"
}
}
我一直收到 {"code":"illegal_parameter","message":"Provided parameter has illegal or unrecognized value"} 作为响应。
另一方面,在 ZAP 的请求编辑器中使用以下代码工作得很好。
POST http://http://service.com/questions/depot?include-backend-answers=false HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 207
Content-Type: application/json
accept: application/json, text/plain, */*
Authorization: Bearer someAuthorizationKey
Host: service.de:12089
{"answerQuestionWrappers":[{"questionId":"QUESTION_BENEFICIARY","answers":[{"optionId":"BENEFICIARY_OPTION_1","groupId":null,"followUp":null,"followUpContainsCheckbox":null,"followUpOnly":null,"value":1}]}]}
我在 OWASP ZAP 用户组 https://groups.google.com/forum/#!msg/zaproxy-users/vNfAfWvrCQ0/a73geZ8NBQAJ;context-place=forum/zaproxy-users 中找到了这个 post
我想我有同样的问题,但对我来说没有明确的解决方案。
您可以通过将浏览器指向 ZAP 的 IP:Port 来浏览 API 网站 UI,例如:http://localhost:8080/(默认)。
sendHarRequest (request* followRedirects ) 端点描述为:
Sends the first HAR request entry, optionally following redirections.
Returns, in HAR format, the request sent and response received and
followed redirections, if any. The Mode is enforced when sending the
request (and following redirections), custom manual requests are not
allowed in 'Safe' mode nor in 'Protected' mode if out of scope.
有关 Http ARchive 格式的说明,请参阅:https://en.wikipedia.org/wiki/HAR_(file_format)
要获得有效示例,您可以通过以下 API 端点从 ZAP 导出它们:
messageHar (id* ) - 以 HAR 格式获取具有给定 ID 的消息
messagesHar (baseurl start count ) - 获取发送给 through/by ZAP 的 HTTP 消息,采用 HAR 格式,可选择按 URL 过滤并使用 'start' 位置分页和'count' 条消息
messagesHarById (ids* ) - 以 HAR 格式获取具有给定 ID 的 HTTP 消息。
如果您要发送 post 数据,则需要对其进行正确的 URL 编码。
引用chau362:
The actual problem was that I was missing the required keys "headersSize" and "bodySize" which can be set to a default of -1 if unknown, and "httpVersion", with the value "http/1.1".
如下:
"request" : {
"method" : "POST",
"url" : "http://service.com/questions/depot?include-backend-answers=false",
"httpVersion" : "HTTP/1.1",
"cookies" : [ ],
"headers" : [
{
"name": "Accept",
"value": "application/json, text/plain, */*"
},
{
"name": "Content-Type",
"value": "application/json;charset=UTF-8"
}
],
"queryString" : [
{
"name": "include-backend-answers",
"value": "true"
}
],
"postData": {
"mimeType": "application/json;charset=UTF-8",
"params": [],
"text": "{\"answerQuestionWrappers\":[{\"questionId\":\"QUESTION_BENEFICIARY\",\"answers\":[{\"optionId\":\"BENEFICIARY_OPTION_1\",\"value\":1}]},{\"questionId\":\"QUESTION_PENSION_PLAN\",\"answers\":[{\"optionId\":\"PENSION_PLAN_OPTION_1\",\"value\":1}]},{\"questionId\":\"QUESTION_PENSION_INFO\",\"answers\":[{\"optionId\":\"PENSION_INFO_OPTION_1\",\"groupId\":null,\"followUp\":null,\"followUpContainsCheckbox\":null,\"followUpOnly\":null,\"value\":1}]}]}"
}
"headersSize" : -1,
"bodySize" : -1
},
我正在尝试通过本地提供的 OWASP ZAP API 测试 sendHarRequest 函数,以便通过 ZAP 发送 POST 请求。
我已经尝试使用 ZAP 编码器将我的请求编码为其他格式,但是也没有成功。
{
"request": {
"method": "POST",
"url": "http://service.com/questions/depot?include-backend-answers=false",
"cookies": [],
"headers": [
{
"name": "Accept",
"value": "application/json, text/plain, */*"
},
{
"name": "Content-Type",
"value": "application/json;charset=UTF-8"
}
],
"queryString": [
{
"name": "include-backend-answers",
"value": "true"
}
],
"postData": {
"mimeType": "application/json;charset=UTF-8",
"params": [],
"text": "{\"answerQuestionWrappers\":[{\"questionId\":\"QUESTION_BENEFICIARY\",\"answers\":[{\"optionId\":\"BENEFICIARY_OPTION_1\",\"value\":1}]},{\"questionId\":\"QUESTION_PENSION_PLAN\",\"answers\":[{\"optionId\":\"PENSION_PLAN_OPTION_1\",\"value\":1}]},{\"questionId\":\"QUESTION_PENSION_INFO\",\"answers\":[{\"optionId\":\"PENSION_INFO_OPTION_1\",\"groupId\":null,\"followUp\":null,\"followUpContainsCheckbox\":null,\"followUpOnly\":null,\"value\":1}]}]}"
}
}
我一直收到 {"code":"illegal_parameter","message":"Provided parameter has illegal or unrecognized value"} 作为响应。
另一方面,在 ZAP 的请求编辑器中使用以下代码工作得很好。
POST http://http://service.com/questions/depot?include-backend-answers=false HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 207
Content-Type: application/json
accept: application/json, text/plain, */*
Authorization: Bearer someAuthorizationKey
Host: service.de:12089
{"answerQuestionWrappers":[{"questionId":"QUESTION_BENEFICIARY","answers":[{"optionId":"BENEFICIARY_OPTION_1","groupId":null,"followUp":null,"followUpContainsCheckbox":null,"followUpOnly":null,"value":1}]}]}
我在 OWASP ZAP 用户组 https://groups.google.com/forum/#!msg/zaproxy-users/vNfAfWvrCQ0/a73geZ8NBQAJ;context-place=forum/zaproxy-users 中找到了这个 post 我想我有同样的问题,但对我来说没有明确的解决方案。
您可以通过将浏览器指向 ZAP 的 IP:Port 来浏览 API 网站 UI,例如:http://localhost:8080/(默认)。
sendHarRequest (request* followRedirects ) 端点描述为:
Sends the first HAR request entry, optionally following redirections. Returns, in HAR format, the request sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and following redirections), custom manual requests are not allowed in 'Safe' mode nor in 'Protected' mode if out of scope.
有关 Http ARchive 格式的说明,请参阅:https://en.wikipedia.org/wiki/HAR_(file_format)
要获得有效示例,您可以通过以下 API 端点从 ZAP 导出它们:
messageHar (id* )- 以 HAR 格式获取具有给定 ID 的消息messagesHar (baseurl start count )- 获取发送给 through/by ZAP 的 HTTP 消息,采用 HAR 格式,可选择按 URL 过滤并使用 'start' 位置分页和'count' 条消息messagesHarById (ids* )- 以 HAR 格式获取具有给定 ID 的 HTTP 消息。
如果您要发送 post 数据,则需要对其进行正确的 URL 编码。
引用chau362:
The actual problem was that I was missing the required keys "headersSize" and "bodySize" which can be set to a default of -1 if unknown, and "httpVersion", with the value "http/1.1".
如下:
"request" : {
"method" : "POST",
"url" : "http://service.com/questions/depot?include-backend-answers=false",
"httpVersion" : "HTTP/1.1",
"cookies" : [ ],
"headers" : [
{
"name": "Accept",
"value": "application/json, text/plain, */*"
},
{
"name": "Content-Type",
"value": "application/json;charset=UTF-8"
}
],
"queryString" : [
{
"name": "include-backend-answers",
"value": "true"
}
],
"postData": {
"mimeType": "application/json;charset=UTF-8",
"params": [],
"text": "{\"answerQuestionWrappers\":[{\"questionId\":\"QUESTION_BENEFICIARY\",\"answers\":[{\"optionId\":\"BENEFICIARY_OPTION_1\",\"value\":1}]},{\"questionId\":\"QUESTION_PENSION_PLAN\",\"answers\":[{\"optionId\":\"PENSION_PLAN_OPTION_1\",\"value\":1}]},{\"questionId\":\"QUESTION_PENSION_INFO\",\"answers\":[{\"optionId\":\"PENSION_INFO_OPTION_1\",\"groupId\":null,\"followUp\":null,\"followUpContainsCheckbox\":null,\"followUpOnly\":null,\"value\":1}]}]}"
}
"headersSize" : -1,
"bodySize" : -1
},