Question

我们正在使用zaproxy api，我们正在尝试使用setActiveSession() API调用将会话设置为“有效”，该调用已记录为here并且需要两个参数，site和session。我们遇到的问题是我们不断收到错误：

{
  "code": "illegal_parameter",
  "message": "Provided parameter has illegal or unrecognized value",
  "detail": "session"
}

假设我们有来自sessions() API调用的以下会话

{
  "sessions": [
    {
      "session": [
        "Session 1",
        {
          "JSESSIONID": {
            "comment": "",
            "domain": "localhost",
            "domainAttributeSpecified": false,
            "expired": false,
            "expiryDate": null,
            "name": "JSESSIONID",
            "path": "/",
            "pathAttributeSpecified": false,
            "persistent": false,
            "secure": false,
            "value": "941A60311B3C63C69C5887F531E7090A",
            "version": 0
          }
        },
        "16"
      ]
    }
  ]
}

我们需要在session字段中发送什么价值才能使此API调用成功？我们在“复杂”value对象中尝试了JSESSIONID字段，以及名称“Session 1”和“16”（假设它是某种类型的id），在session数组中。所有这些都返回相同的错误。

[编辑] 我刚看到当我们拨打这些电话时，zap正在将以下内容记入终端：

1055328 [ZAP-ProxyThread-106] WARN org.zaproxy.zap.extension.api.API  - ApiException while handling API request:
Provided parameter has illegal or unrecognized value (illegal_parameter) : session
    at org.zaproxy.zap.extension.httpsessions.HttpSessionsAPI.handleApiAction(Unknown Source)
    at org.zaproxy.zap.extension.api.API.handleApiRequest(Unknown Source)
    at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown Source)
    at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source)
    at java.lang.Thread.run(Thread.java:748)

Answer 1

After a bit more trial and error in the API-Browser, we've discovered that the correct value is indeed "Session 1", but we were sending the name in quotations marks, i.e. "Session 1", but the correct way to send it is without them, i.e. Session 1.

以编程方式在Zed攻击代理中设置活动会话

1 个答案: