Skip to content

Zest Script Recording Functionality

Jump to bottom
dscarson edited this page Aug 16, 2014 · 1 revision

####What is it ?

A functionality to record the transactions while browsing the web 
using OWTF proxy, and creating a Zest script from the recorded transactions. 
Similar to record a zest script functionality in ZAP. 

This is how to use it :

1)Go to zest console and click button ‘Record a Zest Script’ , 
  It will turn to a red button ‘Stop Recording !’

Note : The special thing about zest recording is it applies to all 
       the targets’ zest consoles.
       What I mean is, if you start recording from one target’s zest consoles, 
       the record buttons in all the targets’ zest consoles will turn red.
       In short, this functionality has kinda “global scope”.



2) Now browse the web (after making sure you have configured OWTF proxy ).
When you hit Stop recording , a Zest script called Default.zst will be 
created containing all the transactions from the beginning of the recording.
You can view content of this script from any target’s zest console.

####How it works ?

- This one is tricky but simple.There is transaction_logger in proxy module. 
  Which logs the transactions from the cache files into the database. 
  While logging into database, the function LogTransactions from 
  transaction_manager is called.
- We have a global setting in general profile called “ZEST_RECORDING”
  which is set to False by default.Whenever recording is started it is set to true.
- So, when LogTransactions is called and if ZEST_RECORDING is set to true then 
  these transactions are added to the  list in zest module. 
  (list is called recordedTransactions).
- Each time a new transactions comes it is added as a tuple (target_id,transaction_id) 
  into the list.(list is expanded).
- When the recording is stopped, the list of tuples is passed to method  
  CreateRecordScript, which creates Zest script from the given tuples.

Detailed Pictorial representation of how to record zest scripts can be found here.

This wiki and the OWTF README document contains a lot of information, please take your time and read these instructions carefully.

We provide a CHANGELOG that provides details about almost every OWTF release.

Be sure to read the CONTRIBUTING guidelines before reporting a new OWTF issue or opening a pull request.

If you have any questions about the OWTF usage or want to share some information with the community, please go to one of the following places:

  • IRC channel #owtf (irc.freenode.net)

Google Summer of Code 2018 Guide

Installation

Getting Started

SET usage

Cookbooks (GSoC 2014 Projects UPDATE)

Development

Contact

Clone this wiki locally