AppScan??API????????е????????
?????yingchen ???????[ 2017/1/10 10:26:23 ] ?????????????????? Appscan
???????????У?API ????????? REST ???????????????????????? API ???????????????????????????????? Web ???????????????????????????? Web ?????????????粻????????? HTTP header????????????? Shell ??????? curl ????? ??????? API ??????????й?????????? IP ???????? Web ????????????? AppScan Standard?????????????????????????????
??????? Web ????? REST API ?????AppScan Standard ?????????ι??????????? API ???????????????μ????? HTTP ???????????API ??????汾???? API ??????????????????? AppScan ?????? API ????棬??????????????
????????й?????????? IP ????? ??????????????????????????????????? scan ????? Starting URL ???????????????? 1 ?????
????
? 1 .???? Starting URL
?????????????????????????????? AppScan ????????????????????? Web ??????? AppScan ????????????? Manual Explorer ??????????? ????????????? manualExplore_1.exd ??????? AppScan ????????.scan ???????scan ???????? Deflate ????????????????????????????????? scan ???????????????????????????????????????е? File-> Export -> Recorded Manual Explore ????? manualExplore_1.exd ???????????? 2 ?????
????
? 2 .???? manualExplore_1.exd ???
??????????????????????μ?????????????????????????μ???????μ? scan ??????????????????????????? Web ??????????????????? IP ??????????????????????????????????????????????????????????? exd ???????? import ??????????????С?
??????????????????? XML ?????????????????????嵥 1??
?????嵥 1 .exd ?????
????<?xml version="1.0" encoding="utf-16"?>
????<!--Automatically created by AppScan at 1/16/2014 11:20:26 AM-->
????<!--Do NOT Edit!-->
????<requests>
????<request>
????...
????</request>
????...
????</requests>
????<!--Number of Requests in file = 100-->
????????????????????????????????? AppScan ??????????????????????????????????????????? AppScan ???????????? HTTP ??????????????? HTTP ??????????е????????????????????? HTTP ??????
??????Щ?????????<requests>????? request ???????????????嵥 2??
?????嵥 2 .request ??????
<request scheme="https" host="www.ibm.com" path="/" port="443"
method="GET" SessionRequestType="Login" ordinal="15">
<raw encoding="none">
</raw>
<cookie name="JSESSIONID" value="XXX" path="/" domain="www.ibm.com"
secure="False" expires="1/1/0001 12:00:00 AM" />
<parameter name="XXX" captureIndex="0" value="" type="QUERY" linkParamType="simplelink"
separator="&" operator="=" reportName="XXX" />
<sessionCookies>
<cookie name="JSESSIONID" value="XXX path="/" domain="www.ibm.com" secure="False"
expires="1/1/0001 12:00:00 AM" />
</sessionCookies>
</request>
????????<raw>??????????????????????? HTTP Header ?? body ????????????? ?????????????????????н??????????Щ?????????? HTTP ??????????????????????????????? scheme ???????Э?飬session ?? HTTP header ??? session ?????parameter ?? URL ?????????????? ordinal ??? request ???????????????????????
???????????????????????????????????????? HTTP ????????????????????????
????????????????ν?????????????????
????????????????????????????????????????????????????????????????????? parm1 ?? parm2??????????ж???? API ?????? exd ??????£?
?????嵥 3 .???е???????
<request scheme="https" host="www.site1.com" path="/test/API1" port="443"
method="POST" SessionRequestType="Login" ordinal="146">
<raw encoding="none">POST /test/API1 HTTP/1.1
Host: www.site1.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0
Accept: text/html??application/xhtml+xml??application/xml;q=0.9??*/*;q=0.8
Accept-Language: en-us??en;q=0.7??ja;q=0.3
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: https://www.site1.com/
Content-Length: 83
Cookie: JSESSIONID=0000F7u3iiCtkF0SIR4G9viBIQr:156f4da9-0cc6-4460-9ac9-f791e0aac903
Pragma: no-cache
Cache-Control: no-cache
parm1=test1&parm2=test2</raw>
<cookie name="JSESSIONID" value="0000F7u3iiCtkF0SIR4G9viBIQr:156f4da9-0cc6-4460-9ac9-f791e0aac903"
path="/" domain="www.site1.com" secure="False" expires="1/1/0001 12:00:00 AM" />
<parameter name="parm1" captureIndex="0" value="test1" type="BODY" linkParamType="simplelink"
separator="&" operator="=" reportName="parm1" />
<parameter name="parm2" captureIndex="0" value="test2" type="BODY" linkParamType="simplelink"
separator="&" operator="=" reportName="parm2" />
<sessionCookies>
<cookie name="JSESSIONID" value="0000F7u3iiCtkF0SIR4G9viBIQr:156f4da9-0cc6-4460-9ac9-f791e0aac903"
path="/" domain="www.site1.com" secure="False" expires="1/1/0001 12:00:00 AM" />
</sessionCookies>
</request>
???????????????????????????????? name ??????? parm1 ????μ? newparm???????????????????????????????????????????????衣??????????????????????????????????? exd ??????????????嵥 4??
?????嵥 4 .????? exd ???
????<request scheme="https" host="www.site1.com" path="/test/API1" port="443" method="POST"
????SessionRequestType="Login" ordinal="146">
????<raw encoding="none">POST /test/API1 HTTP/1.1
????...
????Content-Length: 23
????newparm=test1&parm2=test2</raw>
????...
????<parameter name="newparm" captureIndex="0" value="test1" type="BODY" linkParamType="simplelink"
????separator="&" operator="=" reportName="newparm" />
????...
????</request>
????????????????????????????????? exd ??????????????????浵??????????μ????????? IP ??????????????????? scan ??????????????ú????????????浵?? exd ???????????????е??????? IP ?滻???μ??????? IP ?????棬?????????? scan ????????????????????????
?????????????????????????????????????????????????????????????????????
???????
???????? API ???????API ?????????????????????????? AppScan Standard ?? API ????????е???÷????????????????Ч????????????????? API ???????Ч???????????????
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11
sales@spasvo.com