OWASP ZAP Developer Group

1–30 of 1799

Welcome to the OWASP Zed Attack Proxy (ZAP) Development Group.
Please use this group for any questions about developing, fixing or extending ZAP.
And if you post spam then it will be deleted and your account blocked.

0 selected

Venkata Subrahmanyam, psiinon7

9:47 AM

Hello Simon, Thank you for your suggestion. So: 1. Run scan 2. Loop through the alerts for that alert

unread,

Hello Simon, Thank you for your suggestion. So: 1. Run scan 2. Loop through the alerts for that alert

9:47 AM

Apr 8

ZAP docker Webswing StealSession not working due to possible incorrect config

Hi, I'm getting the following error when trying to re open a Webswing session, say after

unread,

ZAP docker Webswing StealSession not working due to possible incorrect config

Hi, I'm getting the following error when trying to re open a Webswing session, say after

Apr 8

Matteo Pappadà, thc...@gmail.com3

Apr 7

CouchDB scan rules and Eclipse problem

Thank you, now I'm able to open zap from eclipse. Thank you also for the "CONTRIBUTING.md

unread,

CouchDB scan rules and Eclipse problem

Thank you, now I'm able to open zap from eclipse. Thank you also for the "CONTRIBUTING.md

Apr 7

Apr 6

ZAP Related Job

We aim to keep the ZAP groups free from commercial posts, but I've checked with the rest of the

unread,

ZAP Related Job

We aim to keep the ZAP groups free from commercial posts, but I've checked with the rest of the

Apr 6

Mar 29

Automation Job Outcome Tests

Some of the initial automation jobs have parameters which allow you to warn or fail on specific

unread,

Automation Job Outcome Tests

Some of the initial automation jobs have parameters which allow you to warn or fail on specific

Mar 29

Naveen Rudrappa, thc...@gmail.com2

Mar 25

MYSQL ZAP Question

Hi. That field is not currently used. Best regards. On 25/03/2021 02:51, Naveen Rudrappa wrote: >

unread,

MYSQL ZAP Question

Hi. That field is not currently used. Best regards. On 25/03/2021 02:51, Naveen Rudrappa wrote: >

Mar 25

psiinon, … Eduardo Godoy Vega69

Mar 23

ZAP Evangelists

Can you double check you've submitted it to the right repo? I cant see it here: https://github.

unread,

ZAP Evangelists

Can you double check you've submitted it to the right repo? I cant see it here: https://github.

Mar 23

Venkata Subrahmanyam, … ricekot15

Mar 23

Importing into IntelliJ

This is amazing. I was planning to contribute this. Thank you for this. 😁 On Mon, 22 Mar 2021, 20:01

unread,

Importing into IntelliJ

This is amazing. I was planning to contribute this. Thank you for this. 😁 On Mon, 22 Mar 2021, 20:01

Mar 23

psiinon, … Justin Giannone8

Mar 19

Building ZAP in Eclipse

Interesting. Your workaround was able to resolve my Eclipse issue. I will probably be sticking with

unread,

Building ZAP in Eclipse

Interesting. Your workaround was able to resolve my Eclipse issue. I will probably be sticking with

Mar 19

KHUSHBOO KUMARI, … thc...@gmail.com4

Mar 12

NoHttpResponseException when Proxy scripting is enabled

@thc202, That helped. Thanks a lot. @psiinon, yes, script is exact same and I check zap.log but there

unread,

NoHttpResponseException when Proxy scripting is enabled

@thc202, That helped. Thanks a lot. @psiinon, yes, script is exact same and I check zap.log but there

Mar 12

Javi D R, Karan Preet4

Mar 11

send a list of config arguments to the docker image

Thanks! El jueves, 11 de marzo de 2021 a las 10:22:43 UTC, preetk...@gmail.com escribió: Hi, Please

unread,

send a list of config arguments to the docker image

Thanks! El jueves, 11 de marzo de 2021 a las 10:22:43 UTC, preetk...@gmail.com escribió: Hi, Please

Mar 11

Venkata Subrahmanyam, … Kevin W. Wall6

Mar 11

Domains or URLs

Wow. Okay. Maybe I should start blogging more then. Can't believe someone on Reddit actually

unread,

Domains or URLs

Wow. Okay. Maybe I should start blogging more then. Can't believe someone on Reddit actually

Mar 11

Javi D R, … thc...@gmail.com5

Mar 9

jython scripting - jython.modulepath example

Ah, that makes sense then. So it needs to be a python2 dependency. Thanks! El martes, 9 de marzo de

unread,

jython scripting - jython.modulepath example

Ah, that makes sense then. So it needs to be a python2 dependency. Thanks! El martes, 9 de marzo de

Mar 9

Venkata Subrahmanyam, psiinon2

Mar 9

Hi Venkat, What sort of rules are you looking for? What do you think we should be testing for? ZAP is

unread,

Hi Venkat, What sort of rules are you looking for? What do you think we should be testing for? ZAP is

Mar 9

Naveen Rudrappa, psiinon2

Mar 5

Can you give more information about what you are trying to do? To configure mariadb itself then you

unread,

Can you give more information about what you are trying to do? To configure mariadb itself then you

Mar 5

Javi D R, … psiinon9

Mar 4

how to convert zap script (python) into extension?

I started it but still failing zap | 66 [main] INFO org.parosproxy.paros.common.AbstractParam -

unread,

how to convert zap script (python) into extension?

I started it but still failing zap | 66 [main] INFO org.parosproxy.paros.common.AbstractParam -

Mar 4

Javi D R, … kingthorin+owaspzap14

Mar 2

python supported?

never mind... fixed now El martes, 2 de marzo de 2021 a las 10:25:26 UTC, Javi DR escribió: Hi I have

unread,

python supported?

never mind... fixed now El martes, 2 de marzo de 2021 a las 10:25:26 UTC, Javi DR escribió: Hi I have

Mar 2

Sazid Ali, … kingthorin+owaspzap13

Feb 24

Yes, I have a client certificate. After I set it under options then it will generate Gateway timeout

unread,

Yes, I have a client certificate. After I set it under options then it will generate Gateway timeout

Feb 24

shafi mohammed, psiinon3

Feb 19

Thanks for the quick response , im still wondering is there an option like exclude proxy / exclude

unread,

Thanks for the quick response , im still wondering is there an option like exclude proxy / exclude

Feb 19

Feb 17

Invitation to work on purpleteam

New blog post on the journey of taking purpleteam from PoC to Alpha https://binarymist.io/blog/2021/

unread,

Invitation to work on purpleteam

New blog post on the journey of taking purpleteam from PoC to Alpha https://binarymist.io/blog/2021/

Feb 17

psiinon, bujo taduran2

Feb 14

ZAP Reporting - your input needed!

Hi, Simon! I also sent this to several of my trainees who are using ZAP on an everyday basis. This is

unread,

ZAP Reporting - your input needed!

Hi, Simon! I also sent this to several of my trainees who are using ZAP on an everyday basis. This is

Feb 14

Venkata Subrahmanyam, psiinon8

Feb 11

Sending Auth token via replacer

ZAP scans are not deterministic I'm afraid, these can happen if you just use the desktop or just

unread,

Sending Auth token via replacer

ZAP scans are not deterministic I'm afraid, these can happen if you just use the desktop or just

Feb 11

Aman Rawat, psiinon2

Feb 10

HTTP smuggling active scan rule

The CRLF Injection rule does this: https://www.zaproxy.org/docs/alerts/40003/ But I have no doubt

unread,

HTTP smuggling active scan rule

The CRLF Injection rule does this: https://www.zaproxy.org/docs/alerts/40003/ But I have no doubt

Feb 10

Jatin Khatri, … psiinon9

Feb 4

Setting up Zap Development environment

Great! A new Intellij specific page might be best? We can then add similar pages for other IDEs as

unread,

Setting up Zap Development environment

Great! A new Intellij specific page might be best? We can then add similar pages for other IDEs as

Feb 4

psiinon, Kevin W. Wall5

Feb 3

Announcing the First Ever ZAPCon - Call For Papers

FYI its now public, so I can now confirm that the conference I mentioned is RSA :) https://www.

unread,

Announcing the First Ever ZAPCon - Call For Papers

FYI its now public, so I can now confirm that the conference I mentioned is RSA :) https://www.

Feb 3

psiinon, Sandal Iqbal3

Jan 20

Feedback requested: ZAP Automation Framework

ZAP is a relatively large and complex tool. It has a plugin architecture that allows you to

unread,

Feedback requested: ZAP Automation Framework

ZAP is a relatively large and complex tool. It has a plugin architecture that allows you to

Jan 20

Jan 18

ZAP 2.10.0 - Scanning HTTP - Beyond the CORS

Hello, I have been reviewing it further. I have tried to use Replacer to change the following pattern

unread,

ZAP 2.10.0 - Scanning HTTP - Beyond the CORS

Hello, I have been reviewing it further. I have tried to use Replacer to change the following pattern

Jan 18

John Michael Sales, psiinon2

Jan 18

OWASP ZAP Vulnerabilities List

Here you go :) https://www.zaproxy.org/docs/alerts/ As per the description, thats just the HTTP(S)

unread,

OWASP ZAP Vulnerabilities List

Here you go :) https://www.zaproxy.org/docs/alerts/ As per the description, thats just the HTTP(S)

Jan 18

Eric C, psiinon2

Jan 14

OWASP ZAP - v2.8 - Product Lifecycle

Hi Eric, I'm afraid that due to the fact we are a relatively small team we are only able to

unread,

OWASP ZAP - v2.8 - Product Lifecycle

Hi Eric, I'm afraid that due to the fact we are a relatively small team we are only able to

Jan 14

Alkesh Sirsode, thc...@gmail.com2

Jan 11

Unexpected end of file from server.Getting error on jenkins

Hi. Most likely you are not allowing the remote address to access the API. The ZAP logs should

unread,

Unexpected end of file from server.Getting error on jenkins

Hi. Most likely you are not allowing the remote address to access the API. The ZAP logs should

Jan 11

Search

Clear search

Close search

Google apps

Main menu