Skip to content

How it works

Jump to bottom Edit New page
dscarson edited this page Aug 16, 2014 · 6 revisions

Basic working:

Technical Details:

The main class is Tester.java:

input arguments :  total 7 arguments (all paths must be absolute)

                      - Root owtf directory
                      - Output Directory (owtf_review)  
                          for recorded scripts : owtf_review/misc/recorded_scripts
                          for target scripts : owtf_review/targets/target_dir/zest
                      - target config db (owtf_review/db/target_config.db)
                      - Zest script 
                      - Target IDs
                      - Transactions IDs
                      - record true or false

for e.g. If owtf root directory is /root/owtf, then above arguments will be,

"/root/owtf" "/root/owtf/owtf_review/targets" 
"/root/owtf-ui/owtf_review/db/target_config.db" 
"/root/owtf-ui/owtf_review/misc/recorded_scripts/test.zst" 
"1 2" "2 3" "True"
        
Tester.java takes the arguments, parses them and separates them. 
https://github.com/dscarson/zest-owtf/blob/master/src/org/zest_owtf/mainclass/Tester.java#L34

Then converts string of target IDs and transaction IDs into integer lists .
https://github.com/dscarson/zest-owtf/blob/master/src/org/zest_owtf/mainclass/Tester.java#L44

Creates object of ScriptPrepare.java class. (This class takes the template file and 
Creates a ZestScriptWrapper and ZestScript from it.Explained in detail later)
https://github.com/dscarson/zest-owtf/blob/master/src/org/zest_owtf/mainclass/Tester.java#L44

Then creates the DBHandler object and passes the transaction IDs and Targets IDs to that object.
https://github.com/dscarson/zest-owtf/blob/master/src/org/zest_owtf/mainclass/Tester.java#L64

And at last, object of Creator.java class creates the final zest script and outputs it.

Now Lets go through each module in order of their use.

ScriptPrepare.java :

Simplest module. Created to facilitate the process of creating ZestScriptWrapper and ZestScript from the template.
Another simple and self-explanatory module called FileReader.java is used to read from the file. 
Basic ScriptWrapper is created and ZestScriptWrapper is inherited from the ScriptWrapper.

DBHandler.java :

 This is the main module of the project.It has mainly two methods :
        - CreateRecordScript 
        - CreateTargetScript 
    
General idea in both of them is ,


And then at the end Convert_to_http() is called : 
https://github.com/dscarson/zest-owtf/blob/master/src/org/zest_owtf/mainclass/DBHandler.java#L119

This method converts list of CustomObject to HttpMessage list. 
Converting transaction to HttpMessage is the easiest way to create Zest script as ZAP already does that.

So, final list of HttpMessage is stored as http_list.

Creator.java :

This module adds HttpMessage to ZestScript as a ZestRequest. (For this ZestZapUtils has been imported as it already provides such functionality.)
Then,  two assertions are added.
   -Status code assertion
   -Response body length assertion 
(These are basic assertions to check request failed or passed.)
https://github.com/dscarson/zest-owtf/blob/master/src/org/zest_owtf/mainclass/Creator.java#L55

and then script is written in the actual file using FileWrtr module.

This is the explanation of core modules of zest-owtf project. Most of the other minor details are self-explanatory. But if you still need help, you can mail me at deepshah146@gmail.com.

Add a custom footer
Add a custom sidebar
Clone this wiki locally