???????????校?API ????????? REST ???????????????????????? API ???????????????????????????????? Web ???????????????????????????? Web ?????????????绮�????????? HTTP header????????????? Shell ??????? curl ????? ??????? API ??????????泄?????????? IP ???????? Web ????????????? AppScan Standard?????????????????????????????
??????? Web ????? REST API ?????AppScan Standard ?????????喂??????????? API ???????????????渭????? HTTP ???????????API ??????姹�???? API ??????????????????? AppScan ?????? API ????妫�??????????????
????????泄?????????? IP ????? ??????????????????????????????????? scan ????? Starting URL ???????????????? 1 ?????


????
? 1 .???? Starting URL

?????????????????????????????? AppScan ????????????????????? Web ??????? AppScan ????????????? Manual Explorer ??????????? ????????????? manualExplore_1.exd ??????? AppScan ????????.scan ???????scan ???????? Deflate ????????????????????????????????? scan ???????????????????????????????????????械? File-> Export -> Recorded Manual Explore ????? manualExplore_1.exd ???????????? 2 ?????


????
? 2 .???? manualExplore_1.exd ???

??????????????????????渭?????????????????????????渭???????渭? scan ??????????????????????????? Web ??????????????????? IP ??????????????????????????????????????????????????????????? exd ???????? import ??????????????小?
??????????????????? XML ?????????????????????宓� 1??
?????宓� 1 .exd ?????
????<?xml version="1.0" encoding="utf-16"?>
????<!--Automatically created by AppScan at 1/16/2014 11:20:26 AM-->
????<!--Do NOT Edit!-->
????<requests>
????<request>
????...
????</request>
????...
????</requests>
????<!--Number of Requests in file = 100-->
????????????????????????????????? AppScan ??????????????????????????????????????????? AppScan ???????????? HTTP ??????????????? HTTP ??????????械????????????????????? HTTP ??????
??????些?????????<requests>????? request ???????????????宓� 2??
?????宓� 2 .request ??????
<request scheme="https" host="www.ibm.com" path="/" port="443"
method="GET" SessionRequestType="Login" ordinal="15">
<raw encoding="none">
</raw>
<cookie name="JSESSIONID" value="XXX" path="/" domain="www.ibm.com"
secure="False" expires="1/1/0001 12:00:00 AM" />
<parameter name="XXX" captureIndex="0" value="" type="QUERY" linkParamType="simplelink"
separator="&" operator="=" reportName="XXX" />
<sessionCookies>
<cookie name="JSESSIONID" value="XXX path="/" domain="www.ibm.com" secure="False"
expires="1/1/0001 12:00:00 AM" />
</sessionCookies>
</request>
????????<raw>??????????????????????? HTTP Header ?? body ????????????? ?????????????????????薪??????????些?????????? HTTP ??????????????????????????????? scheme ???????协?椋瑂ession ?? HTTP header ??? session ?????parameter ?? URL ?????????????? ordinal ??? request ???????????????????????
???????????????????????????????????????? HTTP ????????????????????????
????????????????谓?????????????????
????????????????????????????????????????????????????????????????????? parm1 ?? parm2??????????卸???? API ?????? exd ??????锟�?
?????宓� 3 .???械???????
<request scheme="https" host="www.site1.com" path="/test/API1" port="443"
method="POST" SessionRequestType="Login" ordinal="146">
<raw encoding="none">POST /test/API1 HTTP/1.1
Host: www.site1.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0
Accept: text/html??application/xhtml+xml??application/xml;q=0.9??*/*;q=0.8
Accept-Language: en-us??en;q=0.7??ja;q=0.3
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: https://www.site1.com/
Content-Length: 83
Cookie: JSESSIONID=0000F7u3iiCtkF0SIR4G9viBIQr:156f4da9-0cc6-4460-9ac9-f791e0aac903
Pragma: no-cache
Cache-Control: no-cache
parm1=test1&parm2=test2</raw>
<cookie name="JSESSIONID" value="0000F7u3iiCtkF0SIR4G9viBIQr:156f4da9-0cc6-4460-9ac9-f791e0aac903"
path="/" domain="www.site1.com" secure="False" expires="1/1/0001 12:00:00 AM" />
<parameter name="parm1" captureIndex="0" value="test1" type="BODY" linkParamType="simplelink"
separator="&" operator="=" reportName="parm1" />
<parameter name="parm2" captureIndex="0" value="test2" type="BODY" linkParamType="simplelink"
separator="&" operator="=" reportName="parm2" />
<sessionCookies>
<cookie name="JSESSIONID" value="0000F7u3iiCtkF0SIR4G9viBIQr:156f4da9-0cc6-4460-9ac9-f791e0aac903"
path="/" domain="www.site1.com" secure="False" expires="1/1/0001 12:00:00 AM" />
</sessionCookies>
</request>
???????????????????????????????? name ??????? parm1 ????渭? newparm???????????????????????????????????????????????琛�??????????????????????????????????? exd ??????????????宓� 4??
?????宓� 4 .????? exd ???
????<request scheme="https" host="www.site1.com" path="/test/API1" port="443" method="POST"
????SessionRequestType="Login" ordinal="146">
????<raw encoding="none">POST /test/API1 HTTP/1.1
????...
????Content-Length: 23
????newparm=test1&parm2=test2</raw>
????...
????<parameter name="newparm" captureIndex="0" value="test1" type="BODY" linkParamType="simplelink"
????separator="&" operator="=" reportName="newparm" />
????...
????</request>
????????????????????????????????? exd ??????????????????娴�??????????渭????????? IP ??????????????????? scan ??????????????煤????????????娴�?? exd ???????????????械??????? IP ?婊�???渭??????? IP ?????妫�?????????? scan ????????????????????????
?????????????????????????????????????????????????????????????????????
???????
???????? API ???????API ?????????????????????????? AppScan Standard ?? API ????????械???梅????????????????效????????????????? API ???????效???????????????