正确的sendHarRequest HAR格式
我试图通过本地提供的OWASP测试sendHarRequest函数,以便通过ZAP发送POST请求。
我已经尝试用ZAP编码器将我的请求编码成其他格式,但是也没有成功。
{
"request": {
"method": "POST",
"url": "http://service.com/questions/depot?include-backend-answers=false",
"cookies": [],
"headers": [
{
"name": "Accept",
"value": "application/json, text/plain, */*"
},
{
"name": "Content-Type",
"value": "application/json;charset=UTF-8"
}
],
"queryString": [
{
"name": "include-backend-answers",
"value": "true"
}
],
"postData": {
"mimeType": "application/json;charset=UTF-8",
"params": [],
"text": "{\"answerQuestionWrappers\":[{\"questionId\":\"QUESTION_BENEFICIARY\",\"answers\":[{\"optionId\":\"BENEFICIARY_OPTION_1\",\"value\":1}]},{\"questionId\":\"QUESTION_PENSION_PLAN\",\"answers\":[{\"optionId\":\"PENSION_PLAN_OPTION_1\",\"value\":1}]},{\"questionId\":\"QUESTION_PENSION_INFO\",\"answers\":[{\"optionId\":\"PENSION_INFO_OPTION_1\",\"groupId\":null,\"followUp\":null,\"followUpContainsCheckbox\":null,\"followUpOnly\":null,\"value\":1}]}]}"
}
}我一直得到{“代码”:“illegal_parameter”,“message”:“提供的参数具有非法或不可识别的值”}作为响应。
另一方面,在ZAP的Request中使用下面的代码可以很好地工作。
POST http://http://service.com/questions/depot?include-backend-answers=false HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 207
Content-Type: application/json
accept: application/json, text/plain, */*
Authorization: Bearer someAuthorizationKey
Host: service.de:12089
{"answerQuestionWrappers":[{"questionId":"QUESTION_BENEFICIARY","answers":[{"optionId":"BENEFICIARY_OPTION_1","groupId":null,"followUp":null,"followUpContainsCheckbox":null,"followUpOnly":null,"value":1}]}]}我在OWASP用户组https://groups.google.com/forum/#!msg/zaproxy-users/vNfAfWvrCQ0/a73geZ8NBQAJ;context-place=forum/zaproxy-users中找到了这篇文章,我认为我也有同样的问题,但是对于我来说,没有明确的解决方案。
回答 1
Stack Overflow用户
发布于 2019-08-16 18:51:19
您可以通过将浏览器指向ZAP的IP:Port,ex:http://localhost:8080/ (默认情况下)浏览API。
sendHarRequest (request* followRedirects )端点被描述为:
发送第一个HAR请求条目,可选择遵循重定向。以HAR格式返回所发送的请求和收到的响应,并遵循重定向(如果有的话)。此模式在发送请求时强制执行(并遵循重定向),如果超出范围,则不允许在“安全”模式或“受保护”模式下使用自定义手动请求。
有关Http ARchive格式的说明,请参阅:format)
要获得有效的示例,可以通过以下API端点从ZAP导出它们:
messageHar (id* )-以HAR格式获取具有给定ID的消息messagesHar (baseurl start count )-以HAR格式获取通过ZAP /由ZAP发送的HTTP消息,可选地按URL过滤,并按“开始”位置和消息的“计数”分页messagesHarById (ids* )-以HAR格式获取具有给定ID的HTTP。
如果您要发送post数据,则需要正确地对URL进行编码。
报价chau362
实际的问题是,我缺少了所需的键"headersSize“和"bodySize”,如果未知,可以设置为-1的默认值,以及值为"http/1.1“的"httpVersion”。
详情如下:
"request" : {
"method" : "POST",
"url" : "http://service.com/questions/depot?include-backend-answers=false",
"httpVersion" : "HTTP/1.1",
"cookies" : [ ],
"headers" : [
{
"name": "Accept",
"value": "application/json, text/plain, */*"
},
{
"name": "Content-Type",
"value": "application/json;charset=UTF-8"
}
],
"queryString" : [
{
"name": "include-backend-answers",
"value": "true"
}
],
"postData": {
"mimeType": "application/json;charset=UTF-8",
"params": [],
"text": "{\"answerQuestionWrappers\":[{\"questionId\":\"QUESTION_BENEFICIARY\",\"answers\":[{\"optionId\":\"BENEFICIARY_OPTION_1\",\"value\":1}]},{\"questionId\":\"QUESTION_PENSION_PLAN\",\"answers\":[{\"optionId\":\"PENSION_PLAN_OPTION_1\",\"value\":1}]},{\"questionId\":\"QUESTION_PENSION_INFO\",\"answers\":[{\"optionId\":\"PENSION_INFO_OPTION_1\",\"groupId\":null,\"followUp\":null,\"followUpContainsCheckbox\":null,\"followUpOnly\":null,\"value\":1}]}]}"
}
"headersSize" : -1,
"bodySize" : -1
},https://stackoverflow.com/questions/57525427
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号