HelpAddonsZestZest

thc202 edited this page Apr 3, 2017 · 2 revisions

Zest

Zest is an experimental specialized scripting language (also known as a domain-specific language) developed by the Mozilla security team and is intended to be used in web oriented security tools.

It is included by default with ZAP.

Creating Zest scripts

There are a variety of ways to create Zest scripts:

Record a new Zest script Button

  • Press the 'Record a new Zest script' button on the main toolbar
  • Type in a suitable name for your script in the 'Add a Zest Script' dialog
  • Select the prefix you want to record requests for, or leave blank to record all requests
  • Press the 'Save' button
  • The 'Record a new Zest script' button will stay pressed, change to 'Recording a new Zest script' and show a red icon.

The new Zest script will be shown in the Scripts tab with a red 'recording' icon. Any requests that you make underneath the specified prefix will be added to the script. Press the 'Recording a new Zest script' again to stop recording the requests. Note that you can only record 'Stand Alone' Zest scripts in this way. If you want to create other types of Zest script you must use another mechanism.

You can also right click any Stand Alone Zest script and use the 'Start recording' and 'Stop recording' buttons.

New Script Button

  • Navigate to the Scripts tree tab
  • Press the 'New Script...' button
  • Type in a suitable name for your script in the 'New Script' dialog
  • Select the script type (see the Scripts add-on help page for more details)
  • Select the Zest script engine
  • Select one of the templates (if relevant)
  • Press the 'Save' button

Any type of Zest script can be created this way.

Right clicking a Zest template

  • Navigate to the Scripts tree tab
  • Expand the 'Templates' node and find a template you want to use
  • Right click on the template and select 'New Script...'
  • Press the 'Save' button

Any type of Zest script can be created this way.

Right clicking requests

  • Navigate to any tab that shows requests, such as the History tab
  • Select one or more requests
  • Right click on them
  • Select the 'Add to Zest Script' menu which allows you to select an existing Stand Alone script or create a new one

Note that you can only add request to 'Stand Alone' Zest scripts.

Plug-n-Hack

If you are using a recent version of Firefox then you can create Zest scripts from within your browser.

  • Press the 'Plug-n-Hack' button on the ZAP 'Quick Start' tab
  • Install the Plug-n-Hack Firefox Add-on and accept all of the dialogs
  • Press 'Shift F2' in Firefox to access the Developer Toolbar
  • Type 'zap record on global' to start recording a new Zest script
  • Any requests you make through ZAP will be added to the script
  • Type 'zap record off global' to stop recording the script

Note that you can only record 'Stand Alone' Zest scripts in this way. If you want to create other types of Zest script you must use another mechanism.

Editing Zest scripts

Zest scripts are edited graphically in the Scripts tree tab. Each statement is a node in the tree - double click nodes to edit the statement properties. You can add, move and remove statements via right clicking the Zest nodes. You can also add requests to 'Stand alone' Zest scripts by right clicking the requests in any of the other tabs. There are also some right click options available when you select text in the Request or Response tabs.

Zest includes a set of 'built in' variables as well as allowing you to declare your own. A right click menu is provided (where relevant) in the edit dialogs to allow you to paste in any of the available variable names.

External links

     https://developer.mozilla.org/en-US/docs/zest Zest overview
     https://github.com/mozilla/zest The Zest github repository, including details of the language
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.