How can I exclude POST requests in OWASP ZAP? It is spamming a lot of forms and contact forms and therefore interrupting the normal operations of a website. Can I exclude this with a regex or is there an option build in?
In the Active Scan dialog check the 'Show advanced options' box.
You will then see more tabs - select the 'Input Vectors' ta and then deselect the 'POST Data' target. For help on this dialog click the help button - the help is also online here: https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsAdvascan
You can also create different policies via the Scan Policy Manager :)
Simon (ZAP Project Lead)
Related
When you navigate to https://stackoverflow.com in IE11, it redirects the user to Edge with the following tab open: https://support.microsoft.com/en-us/office/the-website-you-were-trying-to-reach-doesn-t-work-with-internet-explorer-8f5fc675-cd47-414c-9535-12821ddfc554?ui=en-us&rs=en-us&ad=us
How do I implement this in my own site? Is there a meta tag that can enable this?
EDIT: Here's a clip of what it looks like. Tried on Windows 10. https://streamable.com/nwtt22
Ah yes, I wondered this too, and also assumed to be a browser only thing.
Sure enough!
It's the ie_to_edge_bho (Browser Helper Object) DLL file found in the Edge Program files.
I was curious enough to Hex edit the DLL file and found the URL in which it pulls these approved sites from... almost like a master/default list.
Yes, it's built into the BHO, no it's not stored locally from what I can tell.
(Screenshot of Hex editor)
Here is the link: https://go.microsoft.com/fwlink/?linkid=2133855
Which forwards to https://edge.microsoft.com/neededge/v1
I have no idea how you get your own site on this list, but I figured I would add this information. :)
I was wondering this too. After reading Joshua Joppie's answer, I did some Googling and found this webpage.
Turns out, you need to e-mail Microsoft to get your site added to the Edge-only list (how to do so is explained on that page). I'm not sure if they'll take a request from anyone, or whether you need to be a big website, like Stack Overflow. It's worth trying anyway, as the only requirement they give is this:
The IE compatibility list is designed to work with public sites only.
To be honest, I've no idea why they didn't just make a <meta> tag for it. It would be much easier.
If I have time (which I doubt), I plan to make a JS programme that mimics the functionality of a website's presence on this list and I will link to it here. You could always do a user agent check that redirects the user to microsoft-edge:https://example.com (where example.com is your website) if it detects them using Internet Explorer.
Need to add the below script in the head tag to redirect your website in Edge browser
<script>
if(/MSIE \d|Trident.*rv:/.test(navigator.userAgent)) {
window.location = 'microsoft-edge:' + window.location;
setTimeout(function() {
window.open('', '_self', '').close();
// window.location = 'https://support.microsoft.com/en-us/topic/we-recommend-viewing-this-website-in-microsoft-edge-160fa918-d581-4932-9e4e-1075c4713595?ui=en-us&rs=en-us&ad=us';
}, 0);
}
</script>
This is controlled by Edge Chromium group policy not code. You can refer to the steps below to set the group policy to achieve the goal:
1. Send all sites not included in the Enterprise Mode Site List to Microsoft Edge
This setting lets you decide whether to open all sites not included in the Enterprise Mode Site List in Microsoft Edge. If you use this setting, you must also turn on the Administrative Templates\Windows Components\Internet Explorer\Use the Enterprise Mode IE website list policy setting and you must include at least one site in the Enterprise Mode Site List.
Open Group Policy Editor.
Click Computer Configuration > Administrative Tools > Windows Components > Internet Explorer.
Double-click Send all sites not included in the Enterprise Mode Site List to Microsoft Edge.
Select Enabled.
Click OK or Apply to save these settings.
2. Configure which channel of Microsoft Edge to use for opening redirected sites
This policy enables you to configure up to three versions of Microsoft Edge to open a redirected site (in order of preference).
In the same path of Group Policy Editor, double-click Configure which channel of Microsoft Edge to use for opening redirected sites.
Select Enabled.
Under Options, select your top three choices for the channel to use - Internet Explorer will redirect to the highest ranked choice that the user has installed on that device:
Microsoft Edge Stable
Microsoft Edge Beta version 77 or later
Microsoft Edge Dev version 77 or later
Microsoft Edge Canary version 77 or later
Microsoft Edge version 45 or earlier
Click OK or Apply to save these settings.
3. Use the Enterprise Mode IE website list
This policy setting lets you specify where to find the list of websites you want opened using Enterprise Mode IE.
Create or reuse a Site List XML. Sample file is like below:
site.xml:
<site-list version="8">
<created-by>
<tool>EMIESiteListManager</tool>
<version>10.0.14357.1004</version>
<date-created>08/20/2020 07:45:39</date-created>
</created-by>
<site url="www.example.com">
<compat-mode>IE7</compat-mode>
<open-in>IE11</open-in>
</site>
</site-list>
In the same path of Group Policy Editor, double-click Use the Enterprise Mode IE website list.
Select Enabled.
Under Options, type the location of website list. If it's in local, you can set it like this: file://D:/site.xml.
Click OK or Apply to save these settings.
It's quite simple to add your domain to the redirection list.
https://learn.microsoft.com/en-us/microsoft-edge/web-platform/ie-to-microsoft-edge-redirection#request-an-update-to-the-ie-compatibility-list
https://learn.microsoft.com/en-us/deployedge/edge-learnmore-neededge
Request an update to the IE compatibility list The IE compatibility
list is an XML file on microsoft.com. The list is regularly updated in
response to user and website developer requests to have websites added
or removed. Updates to the list are automatically downloaded to user
machines.
Email the following information to ietoedge#microsoft.com for your
website to be added or removed from the IE compatibility list.
Owner name Corporate title Email address Company name Street address
Website address
I'm fairly certain that Microsoft checks its "Enterprise Mode Site List" in order to decide whether to open the webpage or direct users to Edge. You can find more information about it here: https://learn.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode
Is it possible to set starting options in facebook messenger for pages like example bellow:
example of expected result
I figured that similar could be achieved by using messenger BOT with 'start button', multiple BOT replies with 'quick reply' buttons and passing conversation to live chat in required cases.
The problem with this is that after user clicks 'get started' button BOT publish text replay 'Get started' which is not desired.
I wonder if there is an build-in setting to achieve this? If not, how would one solve it?
EDIT: It seems to me, it is not possible to build something like that neither with facebook quick reply neither with templates/buttons
EDIT 2: I also tried doing this in Facebook's page settings with no result. It seems it doesn't have anything to do with Facebook's 'quick replies'
First of all there is no way to set those options from facebook platform itself. Those questions are generated by facebook to give user a head start to a conversation and those are generated based on the type of page you are created. To see the option go to
Your Page's Settings-> Messaging -> General Settings
It is ideal that you will configure the 'Get Started' to initiate conversation with your bot and then show users a bunch of options using various templates like quick replies, carousel, list etc. By this way you have full control over your templates and expected answers.
But then again if you want to use those generated options from facebook then you can look for those option's text in the delivered json to your configured web hook. Here is a sample json:
{"object":"page","entry":[{"id":"","time":1519980744192,"messaging":[{"sender":{"id":""},"recipient":{"id":""},"timestamp":1519980743903,"message":{"mid":"","seq":1,"text":"Could you give me a call? I'd like to speak to someone."}}]}]}
Look at the 'text' attribute. The text is from after clicking one of those options. But again this is not ideal as the options can get changed anytime by facebook's algorithm.
My suggestion is to use 'Get Started' button and then send a list to the user.
The screenshot you posted shows a features that is currently being tested for Pages, so it is not available to every Page. There is no built-in way to do this, other than sending quick replies in response to the get started postback, messaging_optins or messaging_referrals events.
You can create a persistent menu to achieve this.
Here are few video tutorials I created to help you with Facebook integration and sending rich messages in facebook messenger through Dialogflow.
https://www.youtube.com/watch?v=fJ4HoYxoKl8
https://www.youtube.com/watch?v=JC9Y-AmcL6A
I created a workflow as below, i want to send email with the link to the content approvers group when something is submitted? Can someone point me from where should i start with? which is the function that should be overridden ? Any help is appreciated
Thanks,
GT
Here is a good example of how to create a custom workflow email that can be sent to users in a particular Sitecore role (and the user who last edited the content item).
http://techmusingz.wordpress.com/2014/04/25/workflow-notifications-in-sitecore-roles-and-users/
You can link to a specific content item in the Sitecore client using the following method but you need to already be logged in to the Sitecore client for this to work (Otherwise you are just directed to the Sitecore login page and won't be redirected to the item after login).
/sitecore/shell/Applications/Content%20Manager/default.aspx?fo={id}&la={language}&vs={version}&mo=preview
fo - The item to open in the Sitecore client
la - The language to open (optional)
vs - The version to open (optional)
mo - preview
(optional)
I'd like to know how to exclude certain responses from the alert tab?
If there is a way.
Can't find any.
For example if the response page reports "character to number conversion error" I'd like to tell the zap attack proxy that this ain't a vulnerability but a correct response and therefore it shall not appear in the alert tab.
Double click the alert, and then change the "Confidence" to "False positive", it will stay in the Alerts tab but not be included in reports.
Or you can right click the alert and "Delete" it, but it can then be raised again by the active or passive scanner. That why we have the "False positive" setting.
FYI we have a ZAP Users group which is probably more suitable for questions like this (as Stackoverflow is a general forum): http://groups.google.com/group/zaproxy-users
That linked off the ZAP "Online / ZAP User Group" menu item, which is apparently invisible as no one seems to spot it ;)
Simon (ZAP Project lead)
Hello I am using Magento CE 1.7.2 I am trying to edit the customers "My Account" Pages
I cannot find what file to edit to change the layout and design of the following:
My account:
Account Dash Board (got this to work editing customer/account/dashboard.phtml)
Account Information (Tried customer/account/dashboard/info.phtml Didn't work)
Address Book (Tried customer/account/dashboard/address.phtml Didn't Work)
My Orders (No idea)
Newsletter Subscriptions (Tried customer/account/dashboard/newsletter.phtml Didn't Work)
What files do I edit? Please show the directory.... Thanks!
Telling you the exact path would be like "giving you a fish".
Instead, I will "teach you how to fish".
Login to your admin panel in Magento.
Head to System > Configuration. At the bottom of your left menu you will find a Developper link.
Head to this link, then in the upper left of the given page, select a webiste in the dropbox under Current Configuration Scope.
Open the Debug section and set Template Path Hints to Yes.
Reload your customer page in frontend. Tada! You can now see where is every single files you have to edit to change anything in your Magento.