in dusty/scanners/dast/zap/data/zap-selenium-login.js [63:149]
function authenticate(helper, paramsValues, credentials) {
// Create HtmlUnit driver
var capabilities = new DesiredCapabilities();
capabilities.setCapability(CapabilityType.BROWSER_NAME, "htmlunit");
var driver = new HtmlUnitDriver(capabilities);
// Enable JS
driver.setJavascriptEnabled(true);
// Disable JS errors
var webClientField = driver.getClass().getDeclaredField("webClient");
webClientField.setAccessible(true);
var webClient = webClientField.get(driver);
webClient.getOptions().setThrowExceptionOnScriptError(false);
// Set options, such as timeout
driver.manage().window().maximize();
driver.manage().timeouts().implicitlyWait(15, TimeUnit.SECONDS);
// Decode authentication script
var auth_script = JSON.parse(
new JavaString(
Base64.getDecoder().decode(
paramsValues.get("Script")
)
)
);
// Command interpreter
var interpreter = {
"open": function(driver, target, value) {
driver.get(target);
},
"waitForElementPresent": function(driver, target, value) {
var selector = _makeSeleniumSelector(target);
var wait = new WebDriverWait(driver, 15);
wait.until(ExpectedConditions.presenceOfElementLocated(selector));
},
"sendKeys": function(driver, target, value) {
var selector = _makeSeleniumSelector(target);
var element = driver.findElement(selector);
element.sendKeys(value);
},
"type": function(driver, target, value) {
var selector = _makeSeleniumSelector(target);
var element = driver.findElement(selector);
element.sendKeys(value);
},
"click": function(driver, target, value) {
var selector = _makeSeleniumSelector(target);
var element = driver.findElement(selector);
element.click();
},
"clickAndWait": function(driver, target, value) {
var selector = _makeSeleniumSelector(target);
var element = driver.findElement(selector);
element.click();
var wait = new WebDriverWait(driver, 15);
wait.until(ExpectedConditions.stalenessOf(element));
}
};
// Interpret authentication script
auth_script.forEach(function(item) {
command = item.command;
target = item.target;
target = target.replace(/%Target%/g, paramsValues.get("Target"));
target = target.replace(/%Username%/g, credentials.getParam("Username"));
target = target.replace(/%Password%/g, credentials.getParam("Password"));
value = item.value
value = value.replace(/%Target%/g, paramsValues.get("Target"));
value = value.replace(/%Username%/g, credentials.getParam("Username"));
value = value.replace(/%Password%/g, credentials.getParam("Password"));
interpreter[command](driver, target, value);
});
print("=AUTH=> Final URL: " + driver.getCurrentUrl()); // TODO: Check final URL?
// Make final request via ZAP
driver.manage().getCookies().forEach(function(cookie) {
helper.getCorrespondingHttpState().addCookie(new Cookie(
cookie.getDomain(),
cookie.getName(),
cookie.getValue(),
cookie.getPath(),
cookie.getExpiry(),
cookie.isSecure()
));
});
msg = helper.prepareMessage();
msg.setRequestHeader(new HttpRequestHeader(HttpRequestHeader.GET, new URI(driver.getCurrentUrl(), false), HttpHeader.HTTP11));
msg.getRequestHeader().setContentLength(msg.getRequestBody().length());
helper.sendAndReceive(msg, true);
return msg;
}