extract all parameters in request before scanner starts
I need to extract all parameters in request before scanner starts.
I know that "doActiveScan" of IScannerCheck interface finds parameters, but parameter names can be extracted after active the scanner starts working.
but I need parameter names before scanner starts, so I can select which parameters to scan.
I think it can be done with IScannerInsertionPointProvider, but I don't know how to do it.
Yes, you can do this with IScannerInsertionPointProvider. Have a look at the following sample extension for more details:
but I want to extract "ALL" parameters of any unknown request.
I don't have pre-knowledge about the request and parameters.
You can use the following API to analyze a request and obtain its parameters:
if you give a POST request to it, it just returns POST parameters in data segment.
if you give a GET request, it just returns cookie parameters.
but active scanner also uses these parameters:
*referrer, user Agent, Name_URL, Name_BODY
I want all these parameters.
The analyzeRequest API does handle all parameters in the URL query string, cookies, and message body (if URL-encoded format).
It doesn’t give you the additional insertion points that the scanner uses, such as Referer header, or additional parameter name.