How it works

dscarson edited this page Aug 16, 2014 · 6 revisions

Basic working:

Technical Details:

The main class is

input arguments :  total 7 arguments (all paths must be absolute)
- Root owtf directory - Output Directory (owtf_review) for recorded scripts : owtf_review/misc/recorded_scripts for target scripts : owtf_review/targets/target_dir/zest - target config db (owtf_review/db/target_config.db) - Zest script - Target IDs - Transactions IDs - record true or false for e.g. If owtf root directory is /root/owtf, then above arguments will be, "/root/owtf" "/root/owtf/owtf_review/targets" "/root/owtf-ui/owtf_review/db/target_config.db" "/root/owtf-ui/owtf_review/misc/recorded_scripts/test.zst" "1 2" "2 3" "True" takes the arguments, parses them and separates them. Then converts string of target IDs and transaction IDs into integer lists . Creates object of class. (This class takes the template file and Creates a ZestScriptWrapper and ZestScript from it.Explained in detail later) Then creates the DBHandler object and passes the transaction IDs and Targets IDs to that object. And at last, object of class creates the final zest script and outputs it. Now Lets go through each module in order of their use. :

Simplest module. Created to facilitate the process of creating ZestScriptWrapper and ZestScript from the template.
Another simple and self-explanatory module called is used to read from the file. 
Basic ScriptWrapper is created and ZestScriptWrapper is inherited from the ScriptWrapper. :

 This is the main module of the project.It has mainly two methods :
        - CreateRecordScript 
        - CreateTargetScript 
General idea in both of them is ,

And then at the end Convert_to_http() is called :

This method converts list of CustomObject to HttpMessage list. 
Converting transaction to HttpMessage is the easiest way to create Zest script as ZAP already does that.

So, final list of HttpMessage is stored as http_list. :

This module adds HttpMessage to ZestScript as a ZestRequest. (For this ZestZapUtils has been imported as it already provides such functionality.)
Then,  two assertions are added.
   -Status code assertion
   -Response body length assertion 
(These are basic assertions to check request failed or passed.)

and then script is written in the actual file using FileWrtr module.

This is the explanation of core modules of zest-owtf project. Most of the other minor details are self-explanatory. But if you still need help, you can mail me at

Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.