Issue Accessing gRPC Features After Installing gRPC Plugin in ZAP 2.16.1

24 views
Skip to first unread message

Rahul Srivastava

unread,
Jun 17, 2025, 11:11:39 AMJun 17
to ZAP Developer Group

Hi ZAP Developer Team,

I’m currently evaluating ZAP for gRPC security testing and I’m running into an issue.

Setup Details:

  • ZAP Version: 2.16.1

  • gRPC Support Add-on: Version 0.2.0 (Status: Alpha)

  • gRPC WebSocket Support: Enabled

  • Screenshot attached for reference.

My Use Case:
I have a gRPC application (written in Go) running locally on port 8000, and I would like to leverage ZAP for:

  • Decoding gRPC requests

  • Editing and resending gRPC requests

  • Fuzzing gRPC endpoints

Also, apart from localhost, I also have an endpoint which is pointing to AWS Route53, can we test on it as well?

After installing the plugin and restarting ZAP:

  • In the Requestor tab, I can see the "gRPC" option available under the "Body" dropdown in both Request and Response panels.

  • However, I cannot find any UI option to import a .proto file, which several tutorials and documentation mention should be available via the Tools or Import menus.

Request:
Could you please clarify the expected steps to:

  1. Import .proto files for my gRPC service

  2. Create and send gRPC requests

  3. Use features like fuzzing on gRPC endpoints using the ZAP plugin

I would appreciate your guidance on how best to proceed with gRPC testing using ZAP for my local Go-based gRPC service.

Thanks in advance!

Best regards,
Rahul Srivastava

Screenshot 2025-06-17 at 8.24.06 PM.png
Screenshot 2025-06-17 at 8.23.12 PM.png

psiinon

unread,
Jun 17, 2025, 11:52:04 AMJun 17
to ZAP Developer Group
For info this was answered on the ZAP Slack.
Reply all
Reply to author
Forward
0 new messages