I am having trouble finding out how to use crypto methods via a script in zaproxy. All I want to do is SHA2 a string but I can't find any documentation anywhere that describes how to do this.

Example:

const plain_token = var1 + ":" + var2 + ":" + var3 + ":" + var4;

const token = sha256(plain_token);

At the moment I have included a sha256 JS function taken from here: /

But there has to be a way to do this via zaproxy itself?

I tried this method:

var CryptoJS = Java.type('.zaproxy.zap.extension.script.CryptoJS');

function hashValue(value) {
    return CryptoJS.SHA256(value).toString(CryptoJS.enc.Hex);
}

But this just throws an error as it seems CryptoJS is undefined. And I can't find the documentation that would explain this.

Any help would be appreciated.

I am having trouble finding out how to use crypto methods via a script in zaproxy. All I want to do is SHA2 a string but I can't find any documentation anywhere that describes how to do this.

Example:

const plain_token = var1 + ":" + var2 + ":" + var3 + ":" + var4;

const token = sha256(plain_token);

At the moment I have included a sha256 JS function taken from here: https://geraintluff.github.io/sha256/

But there has to be a way to do this via zaproxy itself?

I tried this method:

var CryptoJS = Java.type('.zaproxy.zap.extension.script.CryptoJS');

function hashValue(value) {
    return CryptoJS.SHA256(value).toString(CryptoJS.enc.Hex);
}

But this just throws an error as it seems CryptoJS is undefined. And I can't find the documentation that would explain this.

Any help would be appreciated.

• zap

1 Answer 1

Where did you get ".zaproxy.zap.extension.script.CryptoJS" from? That class does not appear to be in the ZAP codebase.

ZAP does not provide its own SHA265 implementaion, it uses the standard Java MessageDigest class. Any standard Java class can be accessed via ZAP scripts.