OWASP ZAP Developer Group

1–30 of 1963

Welcome to the OWASP Zed Attack Proxy (ZAP) Development Group.
Please use this group for any questions about developing, fixing or extending ZAP.
And if you post spam then it will be deleted and your account blocked.

0 selected

ricekot, psiinon2

May 16

New Database Technologies in ZAP

Thanks Akshath! Although we are just going to use these technologies for the new "permanent

unread,

New Database Technologies in ZAP

Thanks Akshath! Although we are just going to use these technologies for the new "permanent

May 16

Haris Hibic, psiinon2

May 12

Parameter handling and parsing

OK, there actually quite a bit to this ;) Re parameter detection - ZAP relies on you to explore the

unread,

Parameter handling and parsing

OK, there actually quite a bit to this ;) Re parameter detection - ZAP relies on you to explore the

May 12

Gopal Jee, psiinon2

May 11

Hi Gopal, I'm confused. Are you using the baseline scan or the automation framework? Do you want

unread,

Hi Gopal, I'm confused. Are you using the baseline scan or the automation framework? Do you want

May 11

Aleš Répáš, … psiinon18

May 10

Can't build zaproxy/zap-extension files on Windows 11

That would would be better asked in a new thread, this one is going way off the original topic ;) On

unread,

Can't build zaproxy/zap-extension files on Windows 11

That would would be better asked in a new thread, this one is going way off the original topic ;) On

May 10

Omkar Kumbhar, psiinon3

May 9

How to save Active Scan request/responses via ZAP API

Thank you very much Simon for quick help! Regards, Omkar On Monday, May 9, 2022 at 4:05:43 PM UTC+5:

unread,

How to save Active Scan request/responses via ZAP API

Thank you very much Simon for quick help! Regards, Omkar On Monday, May 9, 2022 at 4:05:43 PM UTC+5:

May 9

psiinon, kingthorin+owaspzap7

May 6

Passive Scan Threading

I did some testing with it this morning. Seems like it's in good shape. On Friday, May 6, 2022 at

unread,

Passive Scan Threading

I did some testing with it this morning. Seems like it's in good shape. On Friday, May 6, 2022 at

May 6

May 5

Gitlab CI Integration of ZAP error

Hi Team, when trying to scan using ZAp in gitlab CI/CD getting below error, please suggest what is

unread,

Gitlab CI Integration of ZAP error

Hi Team, when trying to scan using ZAp in gitlab CI/CD getting below error, please suggest what is

May 5

JJMullen_, psiinon2

May 5

Spider throttling implementation

Hiya, I have no problem with this being implemented, but as its the first time I can remember that

unread,

Spider throttling implementation

Hiya, I have no problem with this being implemented, but as its the first time I can remember that

May 5

하훌 HAHWUL, … kingthorin+owaspzap8

May 2

External dependencies in Add-on, does ZAP Core need a declaration?

Wonderful, thank Hahwul! Let us know if you get stuck or need advice :) On Sunday, May 1, 2022 at 10:

unread,

External dependencies in Add-on, does ZAP Core need a declaration?

Wonderful, thank Hahwul! Let us know if you get stuck or need advice :) On Sunday, May 1, 2022 at 10:

May 2

daniel krohn siqveland, … thc...@gmail.com5

Apr 28

FileUpload Add-on - Import files containing URLs not working / option not showing up

It does allow to import the URLs from a file: https://www.zaproxy.org/docs/desktop/addons/import-

unread,

FileUpload Add-on - Import files containing URLs not working / option not showing up

It does allow to import the URLs from a file: https://www.zaproxy.org/docs/desktop/addons/import-

Apr 28

thar...@obc.co.jp, … Diogo Silva4

Apr 28

SSTI(Server Side Template Injection)

Hi, everyone. I know a great blog that describes Razor's SSTI vulnerability. It is below. https:/

unread,

SSTI(Server Side Template Injection)

Hi, everyone. I know a great blog that describes Razor's SSTI vulnerability. It is below. https:/

Apr 28

learn...@gmail.com, psiinon2

Apr 23

Could script console have automatic completion function like IDE?

It already has a form of code completion - see https://www.zaproxy.org/docs/desktop/addons/script-

unread,

Could script console have automatic completion function like IDE?

It already has a form of code completion - see https://www.zaproxy.org/docs/desktop/addons/script-

Apr 23

Venkata Subrahmanyam

Apr 21

Writing new ascan/pscan rules in ZAP

Hey folks, I am trying to write new and latest rules active scan in ZAP in Jython. Request the zap

unread,

Writing new ascan/pscan rules in ZAP

Hey folks, I am trying to write new and latest rules active scan in ZAP in Jython. Request the zap

Apr 21

Vinothini Pandurangan, … Omkar Kumbhar14

Apr 21

Will ZAP Proxy takes HAR file as input for scanning?

cool. Thanks a lot. Best regards, Omkar On Wednesday, April 20, 2022 at 3:12:34 PM UTC+5:30 thc202

unread,

Will ZAP Proxy takes HAR file as input for scanning?

cool. Thanks a lot. Best regards, Omkar On Wednesday, April 20, 2022 at 3:12:34 PM UTC+5:30 thc202

Apr 21

Gopal Jee, psiinon2

Apr 19

ZAP integration in YML file

Hi Gopal, The recommended options for automating ZAP are given on https://www.zaproxy.org/docs/

unread,

ZAP integration in YML file

Hi Gopal, The recommended options for automating ZAP are given on https://www.zaproxy.org/docs/

Apr 19

ZAP User, … kingthorin+owaspzap15

Apr 18

Unable to import HAR into ZAP

FYI I've reached out to the harlib author via email. On Thursday, April 7, 2022 at 11:17:49 AM

unread,

Unable to import HAR into ZAP

FYI I've reached out to the harlib author via email. On Thursday, April 7, 2022 at 11:17:49 AM

Apr 18

Jake Howlett, … kingthorin+owaspzap12

Apr 5

Modifying zaproxy and zap-extensions

No I think regex is used for other rule configs. I just recalled that other PR so I thought I'd

unread,

Modifying zaproxy and zap-extensions

No I think regex is used for other rule configs. I just recalled that other PR so I thought I'd

Apr 5

Venkata Subrahmanyam, … thc...@gmail.com5

Apr 4

Removing a scan rule

That's a passive scan rule: https://www.zaproxy.org/docs/alerts/10096/ You'll have to use the

unread,

Removing a scan rule

That's a passive scan rule: https://www.zaproxy.org/docs/alerts/10096/ You'll have to use the

Apr 4

Vikas Bhandari, … kingthorin+owaspzap4

Mar 31

Need to understand the logic - Ajax Spidering

https://github.com/zaproxy/zap-extensions/tree/main/addOns/spiderAjax Specifically the Web API bits

unread,

Need to understand the logic - Ajax Spidering

https://github.com/zaproxy/zap-extensions/tree/main/addOns/spiderAjax Specifically the Web API bits

Mar 31

Francisco Trillo Garcia

Mar 31

feature request: action-api-scan: add additional options to the docker run command

Hi. We're using the action-api-scan for our pipeline: https://github.com/zaproxy/action-api-scan

unread,

feature request: action-api-scan: add additional options to the docker run command

Hi. We're using the action-api-scan for our pipeline: https://github.com/zaproxy/action-api-scan

Mar 31

psiinon, Julia Rocks6

Mar 23

Hacking on the ZAP Spider - Friday 18th March

Hi Julia, We use git for managing ZAP's source code: https://git-scm.com/ A PR is a Pull Request

unread,

Hacking on the ZAP Spider - Friday 18th March

Hi Julia, We use git for managing ZAP's source code: https://git-scm.com/ A PR is a Pull Request

Mar 23

psiinon, Kevin W. Wall2

Mar 22

ZAP Blog Post: The StackHawk ZAP Fund

Wow. That's awesome. Thanks StackHawk! -kevin On Tue, Mar 22, 2022 at 2:32 PM psiinon <psiinon

unread,

ZAP Blog Post: The StackHawk ZAP Fund

Wow. That's awesome. Thanks StackHawk! -kevin On Tue, Mar 22, 2022 at 2:32 PM psiinon <psiinon

Mar 22

thc...@gmail.com

Mar 21

Re: [zaproxy-develop] Check programmatically that attack was successful?

Hi. That's done through the HtmlContextAnalyser based on the contexts it returns and their state.

unread,

Re: [zaproxy-develop] Check programmatically that attack was successful?

Hi. That's done through the HtmlContextAnalyser based on the contexts it returns and their state.

Mar 21

Ján Ambroz, psiinon2

Mar 18

ZAP-extension debug

We have a tutorial for Eclipse: https://www.zaproxy.org/docs/developer/building-zap-with-eclipse/#

unread,

ZAP-extension debug

We have a tutorial for Eclipse: https://www.zaproxy.org/docs/developer/building-zap-with-eclipse/#

Mar 18

Mar 17

Community Script Naming Conventions

The ZAP Community Scripts https://github.com/zaproxy/community-scripts use a variety of naming

unread,

Community Script Naming Conventions

The ZAP Community Scripts https://github.com/zaproxy/community-scripts use a variety of naming

Mar 17

Ján Ambroz, psiinon3

Mar 10

Run just one scan rule

Hi Simon, I just watched the vide and it answered my question. Thank you Jan On Thu, Mar 10, 2022 at

unread,

Run just one scan rule

Hi Simon, I just watched the vide and it answered my question. Thank you Jan On Thu, Mar 10, 2022 at

Mar 10

Mar 8

Yes, ZAPCon is hapenning today and tomorrow! If you have not registered yet then do so asap: https://

unread,

Yes, ZAPCon is hapenning today and tomorrow! If you have not registered yet then do so asap: https://

Mar 8

Mar 7

OWASP ZAP docker container hostname resolution

Hello, I'm trying to configure OWASP-ZAP using owasp/zap2docker-stable image. I'm able to

unread,

OWASP ZAP docker container hostname resolution

Hello, I'm trying to configure OWASP-ZAP using owasp/zap2docker-stable image. I'm able to

Mar 7

nathan s, psiinon4

Mar 7

History Tab With API

Ah, it looks like thats out of date. For the methods currently available see the JavaDcos, eg https:/

unread,

History Tab With API

Ah, it looks like thats out of date. For the methods currently available see the JavaDcos, eg https:/

Mar 7

Vikas Bhandari, … psiinon19

Mar 7

Need the logic to get the active ZAP session

I still dont understand why you are not starting ZAP via our scripts :) These are the ways we support

unread,

Need the logic to get the active ZAP session

I still dont understand why you are not starting ZAP via our scripts :) These are the ways we support

Mar 7

Search

Clear search

Close search

Google apps

Main menu