From 1851bbd940cb4671d590f050c4508ef112e21bc4 Mon Sep 17 00:00:00 2001
From: Simon Bennetts <psiinon@gmail.com>
Date: Tue, 20 Aug 2024 14:31:28 +0100
Subject: [PATCH] Added variant/AddUrlParams.js

I was going to add this to the core, then realised this would be much
easier and more flexible :D

Signed-off-by: Simon Bennetts <psiinon@gmail.com>
---
 CHANGELOG.md            |  1 +
 variant/AddUrlParams.js | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+)
 create mode 100644 variant/AddUrlParams.js

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d884770c..6465774a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ## [Unreleased]
 ### Added
 - Standalone script 'PrivateMethodAccess.js'
+- Variant script 'AddUrlParams.js'
 ### Changed
 - Add cautionary note to help and readme.
 ### Fixed 
diff --git a/variant/AddUrlParams.js b/variant/AddUrlParams.js
new file mode 100644
index 00000000..b0887ca7
--- /dev/null
+++ b/variant/AddUrlParams.js
@@ -0,0 +1,38 @@
+// The parseParameter function will typically be called for every page and
+// the setParameter function is called by each active plugin to bundle specific attacks
+
+// Note that new custom input vector scripts will initially be disabled
+// Right click the script in the Scripts tree and select "enable"
+
+/*
+This variant script adds arbitrary URL queries to all requests.
+It can be used if you know (or suspect) that the target uses these parameters in some cases
+and you want to make sure you test them on all pages, whether or not ZAP sees them being used.
+*/
+
+var URI = Java.type("org.apache.commons.httpclient.URI");
+var AbstractPlugin = Java.type("org.parosproxy.paros.core.scanner.AbstractPlugin");
+
+function parseParameters(helper, msg) {
+  // Add whichever parameters you need here, first is the name, the second is the default value
+  // In this case they will be appended to all requests, but you can choose to only add
+  // them to specific requests (like GETs) if you like by adding the relevant conditionals.
+  helper.addParamQuery("q", "r");
+  helper.addParamQuery("s", "t");
+}
+
+function setParameter(helper, msg, param, value, escaped) {
+  var uri = msg.getRequestHeader().getURI();
+  var query = uri.getEscapedQuery();
+  if (query == null) {
+    query = "";
+  } else {
+    query += "&";
+  }
+  query += param + "=";
+  if (value == null) {
+    value = ""
+  }
+  query += escaped ? value : AbstractPlugin.getURLEncode(value);
+  msg.getRequestHeader().getURI().setEscapedQuery(query);
+}