I wrote a script (js - follow Nashorn JS engine and jsoup for parsing) to use with OWASP Zap passive scan (put the script under Passive Rules). Now I have a problem, when ZAP process a request, it load the whole js file not only scan function, so I can't use variable as a flag to detect some status I set before. And also, script in passive rules not support window object, localstorage ... so can't use.
Any idea for this case ?
Thanks,
You can pass values between ZAP scripts using Global Variables: https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsScriptsScripts#global-variables
Variables can be shared between separate invocations of the same script via the same org.zaproxy.zap.extension.script.ScriptVars class. For example in Javascript you can use this class as follows:
org.zaproxy.zap.extension.script.ScriptVars.setScriptVar(this.context, "var.name","value")
org.zaproxy.zap.extension.script.ScriptVars.getScriptVar(this.context, "var.name")
Note that these methods are only usable from scripting languages that provide access to the ScriptContext (like Javascript).