ZAP Addon for Project Foxhound

[Tom Barber]

Dear ZAP Developers,

Over the last month or so I have been working on a ZAP Addon for Project Foxhound. Foxhound is an instrumented fork of the Firefox browser which can detect client-side vulnerabilities (like XSS) using dynamic tainting. The project is maintained jointly by the University of Braunschweig and SAP.

Foxhound has been used in a number of academic studies and we are currently preparing to showcase it at Black Hat Europe in a few weeks time. If you want to find out more have a look at the talk from the German OWASP Day 2024 or check out the podcast episode.

In the near future I would like to open a PR for the ZAP Foxhound plugin. Having read through the development guide I think an alpha release will be the most appropriate as the plugin itself is still under development (for the current state see here: https://github.com/tmbrbr/zap-extensions/tree/foxhound/addOns/foxhound).

Does that sound OK? Let me know if you need more info or have any questions!

Many thanks,

Thomas Barber

[psiinon]

Hey Thomas,

This is really great news!

I spotted something about Foxhound on LinkedIn and we immediately decided that we'd love to have integration with ZAP :D

Would you be on for a video call?

We'd really like to get this add-on published ASAP and will definitely support you in any way we can.

Many thanks,

Simon

[Tom Barber]

Hi Simon,

Thanks for the quick and enthusiastic reply!

I also replied to you on LinkedIn, let's set up a call and take it from there.

Regards,

Tom