Howto import requests and responses from external source

19 views
Skip to first unread message

Eddy Vanlerberghe

unread,
Jun 21, 2026, 12:54:56 AM (12 days ago) Jun 21
to ZAP Developer Group
Hello,

Currently I am trying to test a website that really does not like MITM proxies like ZAP so I am planning to use a browser extension that will intercept all requests and responses in the browser. The plan is to send all that information to a running ZAP instance so that the imported data is shown in the history of ZAP.

My first attempt was to use the browser client addon but that does not seem to work well. In the available documentation I noticed that the addon can be configured (e.g. for specifying the API key) but in my setup I only see one button ("Log HTTP Requests") and ZAP history remains empty (no sign of the messages that were sent/received by the browser)

Next I was trying to use the exising addon "Request Interceptor" as it claims to be some sort of in-browser equivalent of ZAP or Burpsuite. However, I would prefer to use all assistance features that are already available in ZAP rather than extend this addon.

The addon currently does not report request or response bodies, but I already added that functionality (firefox only: will probably not work on chrome-based browsers because the extension requires manifest version 2)

I looked in the ZAP API documentation and the closest thing that I found for uploading messages to ZAP seems to be "eximActionImportHar" (not sure if this feature supports request/response bodies though) However, that API call needs a local file and I would prefer to POST (instead of GET) the data directly from browser to ZAP without intermediate temporary file.

Presumably this will not require too big a change in ZAP to implement?

Or can you suggest alternative approaches instead of hacking this API call?

Regards,

Eddy.

psiinon

unread,
Jun 22, 2026, 4:53:31 AM (11 days ago) Jun 22
to ZAP Developer Group
Hiya Eddy,

Thia is really a question about using ZAP, so in future please ask these sort of questions on the ZAP User Group: https://groups.google.com/group/zaproxy-users

If your website _really_ does not like MitM proxies, then you can still use the ZAP Browser Recorder: https://github.com/zaproxy/browser-extension#the-recorder-extension
No need for proxying through ZAP, just install this add-on in Firefox, Chrome or Edge, record and download your script and then run it in ZAP as a standalone Zest script.

Importing HAR files will also work.
To upload a file instead of using a local file see https://www.zaproxy.org/docs/desktop/start/features/api/#filexfer

Cheers,

Simon

Eddy Vanlerberghe

unread,
Jun 22, 2026, 5:22:37 AM (11 days ago) Jun 22
to ZAP Developer Group
Thank you for the information.

Regarding the choice of group: the question was about changing Zaproxy (add uploading HAR files via POST) so I thought this was the right group. My excuses if it was not.
Reply all
Reply to author
Forward
0 new messages