zaproxy Port the watcher passive checks

Watcher is an open source passive scanner: http://websecuritytool.codeplex.com/
It includes loads of useful checks, and has some very useful test pages: http://www.nottrusted.com/watcher/

It would be great if some or all of these could be ported to ZAP, and these could be
a great way to get started for anyone who is new to ZAP development.

So ... have a look at the testpages and update this issue if you are going to try to
implement one of the checks.

Note that these should be implemented as passive scanner rules: http://code.google.com/p/zaproxy/wiki/ScannerRules

If you have any implementation questions please post to the dev forum http://groups.google.com/group/zaproxy-develop
so everyone can benefit, and we'll try to improve the wiki as well.

Original issue reported on code.google.com by psiinon on 2011-11-24 16:55:14

Jun 04 '15 15:06 zapbot

Just added a wiki page  to cover all of these: https://code.google.com/p/zaproxy/wiki/WatcherRules
- please update this if you are working on any of them

Original issue reported on code.google.com by psiinon on 2011-12-30 15:04:17

Jun 04 '15 15:06 zapbot

Would like to take the porting of Check.Pasv.Java.ViewState.cs to refresh the JSF knowledge
and get a touch of passive scanning rules development. Should take about a week I guess
having looked briefly at the original CS code, but the updates will follow)

Original issue reported on code.google.com by serge.tsv on 2012-10-06 18:26:33

Jun 04 '15 15:06 zapbot

Great :)
I've updated the wiki page - let us know if you have any questions.

Many thanks,

Simon

Original issue reported on code.google.com by psiinon on 2012-10-08 09:01:44

Jun 04 '15 15:06 zapbot

Updated wiki ref: https://github.com/zaproxy/zaproxy/wiki/WatcherRules

Jun 03 '17 02:06 kingthorin

That needs to be updated...

Jun 03 '17 11:06 thc202

Yup, on my list ...

Jun 03 '17 12:06 kingthorin

OK, I'll remove from mine then ;)

Jun 03 '17 12:06 thc202

Updated in: https://github.com/zaproxy/zaproxy/wiki/WatcherRules/_compare/6552935%5E...6552935

https://github.com/zaproxy/zaproxy/wiki/WatcherRules

Jun 04 '17 02:06 kingthorin

Hello everyone, I wanted to dig in a bit into ZAP Proxy to eventually contribute a bit to the project. I had a look at this wiki page here https://github.com/zaproxy/zaproxy/wiki/WatcherRules but unfortunately all the links related to the tool / rules to be ported have become invalid. Nevertheless, I found a .zip file containing the source that looks promising: http://www.java2s.com/Open-Source/CSharp_Free_Code/Security/Download_Watcher_Web_security_testing_tool_and_passive_vulnerability_scanner.htm

This issue was opened back in 2015. Is this still something to be done?

Thanks for an update on this issue 🙂

Cheers, André

May 09 '22 14:05 andregasser

@kingthorin @psiinon See my comment before.

May 15 '22 19:05 andregasser

Heya, sorry for the delay. I’m not sure what’s left to tackle here. A few of the TLS items can’t actually be done (not easily anyway). For the others we would have to go through and see if there are any rules they map to.

May 15 '22 20:05 kingthorin

If you see something outstanding that seems at all interesting to you then yes please feel free to put together a PR.

May 15 '22 20:05 kingthorin

I propose that we close this issue and retire: https://github.com/zaproxy/zaproxy/wiki/WatcherRules. 90% of the rules were ported, and Watcher seems to have died. The majority of the content/links I could find for it lead to servers that no longer exist.

Sep 23 '22 10:09 kingthorin

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

Dec 26 '22 01:12 github-actions[bot]