ZAP Developer Group

1–30 of 2340

Welcome to the Zed Attack Proxy (ZAP) Development Group.

Please use this group for any questions about developing, fixing or extending ZAP.

Don't ask the same question on multiple ZAP forums - the ZAP Core Team monitors all of them.

And if you post spam then it will be deleted and your account blocked.

0 selected

Eddy Vanlerberghe, thc2023

Sep 17

Multiselect in history pane

Thanks. On Tuesday, September 16, 2025 at 4:40:35 PM UTC+7 thc202 wrote: Hi. Call the constructor `

unread,

Multiselect in history pane

Thanks. On Tuesday, September 16, 2025 at 4:40:35 PM UTC+7 thc202 wrote: Hi. Call the constructor `

Sep 17

alejandro ar

Sep 16

Error in active scanner “Content-Type: multipart/form-data” -> "java.lang.IndexOutOfBoundsException: Index -1 out of bounds for length 3"

hi I have an error in the active scanner. An error is generated when the content is “Content-Type:

unread,

Error in active scanner “Content-Type: multipart/form-data” -> "java.lang.IndexOutOfBoundsException: Index -1 out of bounds for length 3"

hi I have an error in the active scanner. An error is generated when the content is “Content-Type:

Sep 16

Eddy Vanlerberghe, … thc2025

Sep 4

Classpath during compilation of Zaproxy and Zap-extensions

Makes sense but I'd suggest use of an IDE, you can debug core code and add-ons at the same time (

unread,

Classpath during compilation of Zaproxy and Zap-extensions

Makes sense but I'd suggest use of an IDE, you can debug core code and add-ons at the same time (

Sep 4

Naresh Varshney, psiinon2

Aug 29

Unable to Generate ZAP Report due to Proxy Request Rejection

Naresh, Please only ask a question in one place. The ZAP User Group is the right place for this sort

unread,

Unable to Generate ZAP Report due to Proxy Request Rejection

Naresh, Please only ask a question in one place. The ZAP User Group is the right place for this sort

Aug 29

Mukund Kedia, kingthorin+zap3

Aug 24

First pull request error

Thank you. It is resolved. On Sunday, 24 August 2025 at 20:55:38 UTC+5:30 kingthorin+zap wrote: It

unread,

First pull request error

Thank you. It is resolved. On Sunday, 24 August 2025 at 20:55:38 UTC+5:30 kingthorin+zap wrote: It

Aug 24

Soumya Naidu, psiinon2

Aug 13

Authentication Tester Issue

This group is for questions about developing ZAP. Your question is about using ZAP, so please as it

unread,

Authentication Tester Issue

This group is for questions about developing ZAP. Your question is about using ZAP, so please as it

Aug 13

Md Niaz Morshed

Aug 11

equest to participate and Share the Survey with your Software Developers and Code Reviewers

Dear Sir, I hope this message finds you well. My name is Md Niaz Morshed, and I am leading a team

unread,

equest to participate and Share the Survey with your Software Developers and Code Reviewers

Dear Sir, I hope this message finds you well. My name is Md Niaz Morshed, and I am leading a team

Aug 11

Md Niaz Morshed

Aug 11

Request to Share the Survey with your Software Developers and Code Reviewers

Dear Sir, I hope this message finds you well. My name is Md Niaz Morshed, and I am leading a team

unread,

Request to Share the Survey with your Software Developers and Code Reviewers

Dear Sir, I hope this message finds you well. My name is Md Niaz Morshed, and I am leading a team

Aug 11

Boss Chen, thc2022

Aug 4

Unable Attack on old router ?

Hi, As the error message says your JRE does not have TLS 1.0 enabled (that's disabled by default

unread,

Unable Attack on old router ?

Hi, As the error message says your JRE does not have TLS 1.0 enabled (that's disabled by default

Aug 4

Matteo Simionato, … thc2025

Jul 31

HarUtils deprecated from ZAP 2.16.0

Sure, I can give you more context. The main files involved are // Communication.java package org.

unread,

HarUtils deprecated from ZAP 2.16.0

Sure, I can give you more context. The main files involved are // Communication.java package org.

Jul 31

Md Niaz Morshed

Jul 21

Request permission to share a survey on code review in OSS security

Dear Sir/Madam, I hope you are doing well. I am a Ph.D. student at the University of Alabama

unread,

Request permission to share a survey on code review in OSS security

Dear Sir/Madam, I hope you are doing well. I am a Ph.D. student at the University of Alabama

Jul 21

Rahul Srivastava, psiinon2

Jun 17

Issue Accessing gRPC Features After Installing gRPC Plugin in ZAP 2.16.1

For info this was answered on the ZAP Slack. On Tuesday, 17 June 2025 at 16:11:39 UTC+1 rahulsriv...@

unread,

Issue Accessing gRPC Features After Installing gRPC Plugin in ZAP 2.16.1

For info this was answered on the ZAP Slack. On Tuesday, 17 June 2025 at 16:11:39 UTC+1 rahulsriv...@

Jun 17

Nikhilesh Singh, psiinon3

Jun 11

[Bug]: Persistent "Artifact name is not valid" (400 Bad Request) from GitHub API despite valid name & token

Okay, for sure. This was in measure to report the issue. On Wed, Jun 11, 2025, 16:28 psiinon <

unread,

[Bug]: Persistent "Artifact name is not valid" (400 Bad Request) from GitHub API despite valid name & token

Okay, for sure. This was in measure to report the issue. On Wed, Jun 11, 2025, 16:28 psiinon <

Jun 11

MPR GTR, psiinon2

May 27

ZAP False Positive for 40018 SQL Injection

No its not. Did you get that from an LLM? If so you should be aware that LLMs are bad at technical

unread,

ZAP False Positive for 40018 SQL Injection

No its not. Did you get that from an LLM? If so you should be aware that LLMs are bad at technical

May 27

Alex Mayfield, kingthorin+zap2

Apr 24

Insecure Deserialization Add-On Inquiry

DNS is almost universally allowed outbound. ICMP ping may not be. HTTP/HTTPS to non-standard ports

unread,

Insecure Deserialization Add-On Inquiry

DNS is almost universally allowed outbound. ICMP ping may not be. HTTP/HTTPS to non-standard ports

Apr 24

Kirthika Krishnan, psiinon2

Apr 17

Not able to use the Firefox browser

Hi Kirthika, This is really a question about using ZAP rather than developing it, so in future please

unread,

Not able to use the Firefox browser

Hi Kirthika, This is really a question about using ZAP rather than developing it, so in future please

Apr 17

Tomasz Nowak, … kingthorin+zap3

Apr 10

Feature Request: "Duplicate" Button for Replacer Addon

This seems like: https://github.com/zaproxy/zaproxy/issues/7767 And the fix/feature that was started:

unread,

Feature Request: "Duplicate" Button for Replacer Addon

This seems like: https://github.com/zaproxy/zaproxy/issues/7767 And the fix/feature that was started:

Apr 10

Nick, psiinon8

Apr 10

Add-on debug

Thanks for letting us know! On Thursday, 10 April 2025 at 07:49:29 UTC+1 niccolol...@gmail.com wrote:

unread,

Add-on debug

Thanks for letting us know! On Thursday, 10 April 2025 at 07:49:29 UTC+1 niccolol...@gmail.com wrote:

Apr 10

zinw elzl, … Satish Verma3

Apr 3

Will you add ZAP MCP server?

Dear ZAP Team, I recently came across the discussion regarding the ZAP MCP server, and I am

unread,

Will you add ZAP MCP server?

Dear ZAP Team, I recently came across the discussion regarding the ZAP MCP server, and I am

Apr 3

psiinon

Mar 26

ZAP 2.16.1

ZAP by Checkmarx 2.16.1 has just been released! This is a bug fix release, along with some minor

unread,

ZAP 2.16.1

ZAP by Checkmarx 2.16.1 has just been released! This is a bug fix release, along with some minor

Mar 26

Mar 3

Question About Multiple Alerts with the Same Name but Different Alert IDs

I noticed that in ZAP Proxy, there are multiple alerts with the same name, (eg, Path Traversal,

unread,

Question About Multiple Alerts with the Same Name but Different Alert IDs

I noticed that in ZAP Proxy, there are multiple alerts with the same name, (eg, Path Traversal,

Mar 3

psiinon

Feb 24

ZAP Slack

We have a dedicated Slack for ZAP which is now open to all. You can get an invite via https://www.

unread,

ZAP Slack

We have a dedicated Slack for ZAP which is now open to all. You can get an invite via https://www.

Feb 24

Raphael Carvalho, … thc2025

Feb 19

An error occurred with the script: CustomScript. Error: Read timed out

Will do that, thanks @thc202 and Simon! On Tuesday, February 18, 2025 at 2:26:39 PM UTC-3 thc202

unread,

An error occurred with the script: CustomScript. Error: Read timed out

Will do that, thanks @thc202 and Simon! On Tuesday, February 18, 2025 at 2:26:39 PM UTC-3 thc202

Feb 19

Thoni A, thc2022

Feb 14

After loading a certificate, in browser certificate viewer is still showing the zap community cert info instead of custom cert info

Hi, I plan to look at this in the following days (no ETA yet). Best regards. On 12/02/2025 20:57,

unread,

After loading a certificate, in browser certificate viewer is still showing the zap community cert info instead of custom cert info

Hi, I plan to look at this in the following days (no ETA yet). Best regards. On 12/02/2025 20:57,

Feb 14

Defia Orca, thc...@gmail.com2

Feb 6

Request of Polishing (Coloring) the request and response headers

Hi, This is already being tracked/requested: https://github.com/zaproxy/zaproxy/issues/1907 Note that

unread,

Request of Polishing (Coloring) the request and response headers

Hi, This is already being tracked/requested: https://github.com/zaproxy/zaproxy/issues/1907 Note that

Feb 6

Arpit Thool, psiinon2

Jan 29

Seeking guidance on implementing ZAP security scanning pipeline

Hi Arpit, This question is about how to use ZAP - please ask them on the ZAP User Group: https://

unread,

Seeking guidance on implementing ZAP security scanning pipeline

Hi Arpit, This question is about how to use ZAP - please ask them on the ZAP User Group: https://

Jan 29

ozzy ozbourne, psiinon2

Jan 29

Tips on how to debug the add-on code

Hiya, Have you seen the ZAP Developer Guide? https://www.zaproxy.org/docs/developer/ Let us know if

unread,

Tips on how to debug the add-on code

Hiya, Have you seen the ZAP Developer Guide? https://www.zaproxy.org/docs/developer/ Let us know if

Jan 29

Ryan Mueller2

Jan 21

Issues Building from Source

I switched my java version to 21 and it runs good as new. Sorry for the commotion. Sincerely, Ryan

unread,

Issues Building from Source

I switched my java version to 21 and it runs good as new. Sorry for the commotion. Sincerely, Ryan

Jan 21

Rashmi Mehta, psiinon2

Jan 16

Curl command is not working

Hi Rasmi, This question is about how to use ZAP - please ask them on the ZAP User Group: https://

unread,

Curl command is not working

Hi Rasmi, This question is about how to use ZAP - please ask them on the ZAP User Group: https://

Jan 16

C PQ, psiinon2

Jan 16

To check the session is valid before doing the active scan

Hi Pei Qi, You dont need to check if the session is valid - ZAP does that for you. If theres no

unread,

To check the session is valid before doing the active scan

Hi Pei Qi, You dont need to check if the session is valid - ZAP does that for you. If theres no

Jan 16